--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P><HR>
+AFS<BR>
+Administration Guide<BR>
+<P>Version 3.6
+<P>Document Number GC09-4563-00
+<P>
+<BR>
+<P><B>First Edition (April 2000)</B>
+<P>This edition applies to:
+<DL COMPACT>
+<DD>IBM AFS for AIX, Version 3.6
+<DD>IBM AFS for Digital Unix, Version 3.6
+<DD>IBM AFS for HP-UX, Version 3.6
+<DD>IBM AFS for Linux, Version 3.6
+<DD>IBM AFS for SGI IRIX, Version 3.6
+<DD>IBM AFS for Solaris, Version 3.6
+</DL>
+<P>and to all subsequent releases and modifications until otherwise indicated
+in new editions.
+<P>This softcopy version is based on the printed edition of this book.
+Some formatting amendments have been made to make this information more
+suitable for softcopy.
+<P>Order publications through your IBM representative or through the IBM
+branch office serving your locality.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<H2><A NAME="ToC">Table of Contents</A></H2>
+<P><B><A NAME="ToC_1" HREF="auagd003.htm#HDRFIGLIST_START">Figures</A></B><BR>
+<P><B><A NAME="ToC_2" HREF="auagd004.htm#HDRTLIST_START">Tables</A></B><BR>
+<P><B><A NAME="ToC_3" HREF="auagd005.htm#Header_3">About This Guide</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_4" HREF="auagd005.htm#HDRWQ1">Audience and Purpose</A>
+<LI><A NAME="ToC_5" HREF="auagd005.htm#HDRWQ2">Document Organization</A>
+<LI><A NAME="ToC_6" HREF="auagd005.htm#HDRWQ3">How to Use This Document</A>
+<LI><A NAME="ToC_7" HREF="auagd005.htm#HDRWQ4">Related Documents</A>
+<LI><A NAME="ToC_8" HREF="auagd005.htm#HDRTYPO_CONV">Typographical Conventions</A>
+</MENU>
+<P><B><A NAME="ToC_9" HREF="auagd006.htm#HDRWQ5">An Overview of AFS Administration</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_10" HREF="auagd006.htm#HDRWQ6">A Broad Overview of AFS</A>
+<LI><A NAME="ToC_11" HREF="auagd006.htm#HDRWQ7">More Detailed Discussions of Some Basic Concepts</A>
+<MENU>
+<LI><A NAME="ToC_12" HREF="auagd006.htm#HDRWQ8">Networks</A>
+<LI><A NAME="ToC_13" HREF="auagd006.htm#HDRWQ9">Distributed File Systems</A>
+<LI><A NAME="ToC_14" HREF="auagd006.htm#HDRWQ10">Servers and Clients</A>
+<LI><A NAME="ToC_15" HREF="auagd006.htm#HDRWQ11">Cells</A>
+<LI><A NAME="ToC_16" HREF="auagd006.htm#HDRWQ12">The Uniform Namespace and Transparent Access</A>
+<LI><A NAME="ToC_17" HREF="auagd006.htm#HDRWQ13">Volumes</A>
+<LI><A NAME="ToC_18" HREF="auagd006.htm#HDRWQ14">Mount Points</A>
+<LI><A NAME="ToC_19" HREF="auagd006.htm#HDRWQ15">Replication</A>
+<LI><A NAME="ToC_20" HREF="auagd006.htm#HDRWQ16">Caching and Callbacks</A>
+</MENU>
+<LI><A NAME="ToC_21" HREF="auagd006.htm#HDRWQ17">AFS Server Processes and the Cache Manager</A>
+<MENU>
+<LI><A NAME="ToC_22" HREF="auagd006.htm#HDRWQ18">The File Server</A>
+<LI><A NAME="ToC_23" HREF="auagd006.htm#HDRWQ19">The Basic OverSeer Server</A>
+<LI><A NAME="ToC_24" HREF="auagd006.htm#HDRWQ20">The Authentication Server</A>
+<LI><A NAME="ToC_25" HREF="auagd006.htm#HDRWQ21">The Protection Server</A>
+<LI><A NAME="ToC_26" HREF="auagd006.htm#HDRWQ22">The Volume Server</A>
+<LI><A NAME="ToC_27" HREF="auagd006.htm#HDRWQ23">The Volume Location (VL) Server</A>
+<LI><A NAME="ToC_28" HREF="auagd006.htm#HDRWQ24">The Update Server</A>
+<LI><A NAME="ToC_29" HREF="auagd006.htm#HDRWQ25">The Backup Server</A>
+<LI><A NAME="ToC_30" HREF="auagd006.htm#HDRWQ26">The Salvager</A>
+<LI><A NAME="ToC_31" HREF="auagd006.htm#HDRWQ27">The Network Time Protocol Daemon</A>
+<LI><A NAME="ToC_32" HREF="auagd006.htm#HDRWQ28">The Cache Manager</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_33" HREF="auagd007.htm#HDRWQ29">Issues in Cell Configuration and Administration</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_34" HREF="auagd007.htm#HDRWQ30">Differences between AFS and UNIX: A Summary</A>
+<MENU>
+<LI><A NAME="ToC_35" HREF="auagd007.htm#Header_35">Differences in File and Directory Protection</A>
+<LI><A NAME="ToC_36" HREF="auagd007.htm#HDRWQ31">Differences in Authentication</A>
+<LI><A NAME="ToC_37" HREF="auagd007.htm#Header_37">Differences in the Semantics of Standard UNIX Commands</A>
+<LI><A NAME="ToC_38" HREF="auagd007.htm#Header_38">The AFS version of the fsck Command</A>
+<LI><A NAME="ToC_39" HREF="auagd007.htm#HDRWQ32">Creating Hard Links</A>
+<LI><A NAME="ToC_40" HREF="auagd007.htm#HDRWQ33">AFS Implements Save on Close</A>
+<LI><A NAME="ToC_41" HREF="auagd007.htm#Header_41">Setuid Programs</A>
+</MENU>
+<LI><A NAME="ToC_42" HREF="auagd007.htm#HDRWQ34">Choosing a Cell Name</A>
+<MENU>
+<LI><A NAME="ToC_43" HREF="auagd007.htm#Header_43">How to Set the Cell Name</A>
+<LI><A NAME="ToC_44" HREF="auagd007.htm#HDRWQ35">Why Choosing the Appropriate Cell Name is Important</A>
+</MENU>
+<LI><A NAME="ToC_45" HREF="auagd007.htm#HDRWQ36">Participating in the AFS Global Namespace</A>
+<MENU>
+<LI><A NAME="ToC_46" HREF="auagd007.htm#HDRWQ37">What the Global Namespace Looks Like</A>
+<LI><A NAME="ToC_47" HREF="auagd007.htm#HDRWQ38">Making Your Cell Visible to Others</A>
+<LI><A NAME="ToC_48" HREF="auagd007.htm#HDRWQ39">Making Other Cells Visible in Your Cell</A>
+<LI><A NAME="ToC_49" HREF="auagd007.htm#HDRWQ40">Granting and Denying Foreign Users Access to Your Cell</A>
+</MENU>
+<LI><A NAME="ToC_50" HREF="auagd007.htm#HDRWQ41">Configuring Your AFS Filespace</A>
+<MENU>
+<LI><A NAME="ToC_51" HREF="auagd007.htm#Header_51">The Top /afs Level</A>
+<LI><A NAME="ToC_52" HREF="auagd007.htm#HDRWQ42">The Second (Cellname) Level</A>
+<LI><A NAME="ToC_53" HREF="auagd007.htm#HDRWQ43">The Third Level</A>
+</MENU>
+<LI><A NAME="ToC_54" HREF="auagd007.htm#HDRWQ44">Creating Volumes to Simplify Administration</A>
+<MENU>
+<LI><A NAME="ToC_55" HREF="auagd007.htm#Header_55">Assigning Volume Names</A>
+<LI><A NAME="ToC_56" HREF="auagd007.htm#HDRWQ49">Grouping Related Volumes on a Partition</A>
+<LI><A NAME="ToC_57" HREF="auagd007.htm#HDRWQ50">When to Replicate Volumes</A>
+<LI><A NAME="ToC_58" HREF="auagd007.htm#Header_58">The Default Quota and ACL on a New Volume</A>
+</MENU>
+<LI><A NAME="ToC_59" HREF="auagd007.htm#HDRWQ51">Configuring Server Machines</A>
+<MENU>
+<LI><A NAME="ToC_60" HREF="auagd007.htm#HDRWQ52">Replicating the AFS Administrative Databases</A>
+<LI><A NAME="ToC_61" HREF="auagd007.htm#HDRWQ53">AFS Files on the Local Disk</A>
+<LI><A NAME="ToC_62" HREF="auagd007.htm#Header_62">Configuring Partitions to Store AFS Data</A>
+<LI><A NAME="ToC_63" HREF="auagd007.htm#Header_63">Monitoring, Rebooting and Automatic Process Restarts</A>
+</MENU>
+<LI><A NAME="ToC_64" HREF="auagd007.htm#HDRWQ54">Configuring Client Machines</A>
+<MENU>
+<LI><A NAME="ToC_65" HREF="auagd007.htm#HDRWQ55">Configuring the Local Disk</A>
+<LI><A NAME="ToC_66" HREF="auagd007.htm#Header_66">Enabling Access to Foreign Cells</A>
+<LI><A NAME="ToC_67" HREF="auagd007.htm#HDRWQ56">Using the @sys Variable in Pathnames</A>
+<LI><A NAME="ToC_68" HREF="auagd007.htm#Header_68">Setting Server Preferences</A>
+</MENU>
+<LI><A NAME="ToC_69" HREF="auagd007.htm#HDRWQ57">Configuring AFS User Accounts</A>
+<MENU>
+<LI><A NAME="ToC_70" HREF="auagd007.htm#HDRWQ58">Choosing Usernames and Naming Other Account Components</A>
+<LI><A NAME="ToC_71" HREF="auagd007.htm#HDRWQ59">Grouping Home Directories</A>
+<LI><A NAME="ToC_72" HREF="auagd007.htm#Header_72">Making a Backup Version of User Volumes Available</A>
+<LI><A NAME="ToC_73" HREF="auagd007.htm#HDRWQ60">Creating Standard Files in New AFS Accounts</A>
+</MENU>
+<LI><A NAME="ToC_74" HREF="auagd007.htm#HDRWQ61">Using AFS Protection Groups</A>
+<MENU>
+<LI><A NAME="ToC_75" HREF="auagd007.htm#Header_75">The Three System Groups</A>
+<LI><A NAME="ToC_76" HREF="auagd007.htm#HDRWQ62">The Two Types of User-Defined Groups</A>
+</MENU>
+<LI><A NAME="ToC_77" HREF="auagd007.htm#HDRWQ63">Login and Authentication in AFS</A>
+<MENU>
+<LI><A NAME="ToC_78" HREF="auagd007.htm#HDRWQ64">Identifying AFS Tokens by PAG</A>
+<LI><A NAME="ToC_79" HREF="auagd007.htm#HDRWQ65">Using an AFS-modified login Utility</A>
+<LI><A NAME="ToC_80" HREF="auagd007.htm#HDRWQ69">Using Two-Step Login and Authentication</A>
+<LI><A NAME="ToC_81" HREF="auagd007.htm#Header_81">Obtaining, Displaying, and Discarding Tokens</A>
+<LI><A NAME="ToC_82" HREF="auagd007.htm#Header_82">Setting Default Token Lifetimes for Users</A>
+<LI><A NAME="ToC_83" HREF="auagd007.htm#Header_83">Changing Passwords</A>
+<LI><A NAME="ToC_84" HREF="auagd007.htm#Header_84">Imposing Restrictions on Passwords and Authentication Attempts</A>
+<LI><A NAME="ToC_85" HREF="auagd007.htm#HDRWQ70">Support for Kerberos Authentication</A>
+</MENU>
+<LI><A NAME="ToC_86" HREF="auagd007.htm#HDRWQ71">Security and Authorization in AFS</A>
+<MENU>
+<LI><A NAME="ToC_87" HREF="auagd007.htm#HDRWQ72">Some Important Security Features</A>
+<LI><A NAME="ToC_88" HREF="auagd007.htm#HDRWQ73">Three Types of Privilege</A>
+<LI><A NAME="ToC_89" HREF="auagd007.htm#Header_89">Authorization Checking versus Authentication</A>
+<LI><A NAME="ToC_90" HREF="auagd007.htm#HDRWQ74">Improving Security in Your Cell</A>
+<LI><A NAME="ToC_91" HREF="auagd007.htm#HDRWQ75">A More Detailed Look at Mutual Authentication</A>
+</MENU>
+<LI><A NAME="ToC_94" HREF="auagd007.htm#HDRWQ77">Backing Up AFS Data</A>
+<MENU>
+<LI><A NAME="ToC_95" HREF="auagd007.htm#Header_95">Backup Volumes</A>
+<LI><A NAME="ToC_96" HREF="auagd007.htm#Header_96">The AFS Backup System</A>
+</MENU>
+<LI><A NAME="ToC_97" HREF="auagd007.htm#HDRWQ78">Using UNIX Remote Services in the AFS Environment</A>
+<LI><A NAME="ToC_98" HREF="auagd007.htm#HDRWQ79">Accessing AFS through NFS</A>
+</MENU>
+<P><B><A NAME="ToC_99" HREF="auagd008.htm#HDRWQ80">Administering Server Machines</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_100" HREF="auagd008.htm#HDRWQ81">Summary of Instructions</A>
+<LI><A NAME="ToC_101" HREF="auagd008.htm#HDRWQ83">Local Disk Files on a Server Machine</A>
+<MENU>
+<LI><A NAME="ToC_102" HREF="auagd008.htm#HDRWQ84">Binaries in the /usr/afs/bin Directory</A>
+<LI><A NAME="ToC_103" HREF="auagd008.htm#HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</A>
+<LI><A NAME="ToC_104" HREF="auagd008.htm#HDRWQ86">Local Configuration Files in the /usr/afs/local Directory</A>
+<LI><A NAME="ToC_105" HREF="auagd008.htm#HDRWQ87">Replicated Database Files in the /usr/afs/db Directory</A>
+<LI><A NAME="ToC_106" HREF="auagd008.htm#HDRWQ88">Log Files in the /usr/afs/logs Directory</A>
+<LI><A NAME="ToC_107" HREF="auagd008.htm#HDRWQ89">Volume Headers on Server Partitions</A>
+</MENU>
+<LI><A NAME="ToC_108" HREF="auagd008.htm#HDRWQ90">The Four Roles for File Server Machines</A>
+<MENU>
+<LI><A NAME="ToC_109" HREF="auagd008.htm#HDRWQ91">Simple File Server Machines</A>
+<LI><A NAME="ToC_110" HREF="auagd008.htm#HDRWQ92">Database Server Machines</A>
+<LI><A NAME="ToC_111" HREF="auagd008.htm#HDRWQ93">Binary Distribution Machines</A>
+<LI><A NAME="ToC_112" HREF="auagd008.htm#HDRWQ94">The System Control Machine</A>
+<LI><A NAME="ToC_113" HREF="auagd008.htm#HDRWQ95">To locate database server machines</A>
+<LI><A NAME="ToC_114" HREF="auagd008.htm#HDRWQ96">To locate the system control machine</A>
+<LI><A NAME="ToC_115" HREF="auagd008.htm#HDRWQ97">To locate the binary distribution machine for a system type</A>
+<LI><A NAME="ToC_116" HREF="auagd008.htm#HDRWQ98">Interpreting the Output from the bos status Command</A>
+</MENU>
+<LI><A NAME="ToC_119" HREF="auagd008.htm#HDRWQ101">Administering Database Server Machines</A>
+<MENU>
+<LI><A NAME="ToC_120" HREF="auagd008.htm#HDRWQ102">Replicating the AFS Administrative Databases</A>
+<LI><A NAME="ToC_125" HREF="auagd008.htm#HDRWQ107">Backing Up and Restoring the Administrative Databases</A>
+<LI><A NAME="ToC_126" HREF="auagd008.htm#HDRWQ108">To back up the administrative databases</A>
+<LI><A NAME="ToC_127" HREF="auagd008.htm#HDRWQ109">To restore an administrative database</A>
+</MENU>
+<LI><A NAME="ToC_128" HREF="auagd008.htm#HDRWQ110">Installing Server Process Software</A>
+<MENU>
+<LI><A NAME="ToC_129" HREF="auagd008.htm#HDRWQ111">Installing New Binaries</A>
+<LI><A NAME="ToC_130" HREF="auagd008.htm#Header_130">To install new server binaries</A>
+<LI><A NAME="ToC_131" HREF="auagd008.htm#HDRWQ113">Reverting to the Previous Version of Binaries</A>
+<LI><A NAME="ToC_132" HREF="auagd008.htm#Header_132">To revert to the previous version of binaries</A>
+<LI><A NAME="ToC_133" HREF="auagd008.htm#HDRWQ115">Displaying Binary Version Dates</A>
+<LI><A NAME="ToC_134" HREF="auagd008.htm#Header_134">To display binary version dates</A>
+<LI><A NAME="ToC_135" HREF="auagd008.htm#HDRWQ116">Removing Obsolete Binary Files</A>
+<LI><A NAME="ToC_136" HREF="auagd008.htm#Header_136">To remove obsolete binaries</A>
+<LI><A NAME="ToC_137" HREF="auagd008.htm#HDRWQ117">Displaying A Binary File's Build Level</A>
+<LI><A NAME="ToC_138" HREF="auagd008.htm#Header_138">To display an AFS binary's build level</A>
+</MENU>
+<LI><A NAME="ToC_139" HREF="auagd008.htm#HDRWQ118">Maintaining the Server CellServDB File</A>
+<MENU>
+<LI><A NAME="ToC_140" HREF="auagd008.htm#HDRWQ119">Distributing the Server CellServDB File</A>
+<LI><A NAME="ToC_141" HREF="auagd008.htm#HDRWQ120">To display a cell's database server machines</A>
+<LI><A NAME="ToC_142" HREF="auagd008.htm#HDRWQ121">To add a database server machine to the CellServDB file</A>
+<LI><A NAME="ToC_143" HREF="auagd008.htm#HDRWQ122">To remove a database server machine from the CellServDB file</A>
+</MENU>
+<LI><A NAME="ToC_144" HREF="auagd008.htm#HDRWQ123">Managing Authentication and Authorization Requirements</A>
+<MENU>
+<LI><A NAME="ToC_145" HREF="auagd008.htm#HDRWQ124">Authentication versus Authorization</A>
+<LI><A NAME="ToC_146" HREF="auagd008.htm#HDRWQ125">Controlling Authorization Checking on a Server Machine</A>
+<LI><A NAME="ToC_147" HREF="auagd008.htm#HDRWQ126">To disable authorization checking on a server machine</A>
+<LI><A NAME="ToC_148" HREF="auagd008.htm#HDRWQ127">To enable authorization checking on a server machine</A>
+<LI><A NAME="ToC_149" HREF="auagd008.htm#HDRWQ128">Bypassing Mutual Authentication for an Individual Command</A>
+<LI><A NAME="ToC_150" HREF="auagd008.htm#HDRWQ129">To bypass mutual authentication for bos, kas, pts, and vos commands</A>
+<LI><A NAME="ToC_151" HREF="auagd008.htm#Header_151">To bypass mutual authentication for fs commands</A>
+</MENU>
+<LI><A NAME="ToC_152" HREF="auagd008.htm#HDRWQ130">Adding or Removing Disks and Partitions</A>
+<MENU>
+<LI><A NAME="ToC_153" HREF="auagd008.htm#HDRWQ131">To add and mount a new disk to house AFS volumes</A>
+<LI><A NAME="ToC_154" HREF="auagd008.htm#HDRWQ135">To unmount and remove a disk housing AFS volumes</A>
+</MENU>
+<LI><A NAME="ToC_155" HREF="auagd008.htm#HDRWQ138">Managing Server IP Addresses and VLDB Server Entries</A>
+<MENU>
+<LI><A NAME="ToC_156" HREF="auagd008.htm#Header_156">To create or edit the server NetInfo file</A>
+<LI><A NAME="ToC_157" HREF="auagd008.htm#Header_157">To create or edit the server NetRestrict file</A>
+<LI><A NAME="ToC_158" HREF="auagd008.htm#Header_158">To display all server entries from the VLDB</A>
+<LI><A NAME="ToC_159" HREF="auagd008.htm#Header_159">To remove obsolete server entries from the VLDB</A>
+<LI><A NAME="ToC_160" HREF="auagd008.htm#Header_160">To change a server machine's IP addresses</A>
+</MENU>
+<LI><A NAME="ToC_161" HREF="auagd008.htm#HDRWQ139">Rebooting a Server Machine</A>
+<MENU>
+<LI><A NAME="ToC_162" HREF="auagd008.htm#HDRWQ140">To reboot a file server machine from its console</A>
+<LI><A NAME="ToC_163" HREF="auagd008.htm#HDRWQ141">To reboot a file server machine remotely</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_164" HREF="auagd009.htm#HDRWQ142">Monitoring and Controlling Server Processes</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_165" HREF="auagd009.htm#HDRWQ143">Summary of Instructions</A>
+<LI><A NAME="ToC_166" HREF="auagd009.htm#HDRWQ145">Brief Descriptions of the AFS Server Processes</A>
+<MENU>
+<LI><A NAME="ToC_167" HREF="auagd009.htm#HDRWQ146">The bosserver Process: the Basic OverSeer Server</A>
+<LI><A NAME="ToC_168" HREF="auagd009.htm#HDRWQ147">The buserver Process: the Backup Server</A>
+<LI><A NAME="ToC_169" HREF="auagd009.htm#HDRWQ148">The fs Collection of Processes: the File Server, Volume Server and Salvager</A>
+<LI><A NAME="ToC_170" HREF="auagd009.htm#HDRWQ149">The kaserver Process: the Authentication Server</A>
+<LI><A NAME="ToC_171" HREF="auagd009.htm#HDRWQ150">The ptserver Process: the Protection Server</A>
+<LI><A NAME="ToC_172" HREF="auagd009.htm#HDRWQ151">The runntp Process</A>
+<LI><A NAME="ToC_173" HREF="auagd009.htm#HDRWQ152">The upserver and upclient Processes: the Update Server</A>
+<LI><A NAME="ToC_174" HREF="auagd009.htm#HDRWQ153">The vlserver Process: the Volume Location Server</A>
+</MENU>
+<LI><A NAME="ToC_175" HREF="auagd009.htm#HDRWQ154">Controlling and Checking Process Status</A>
+<MENU>
+<LI><A NAME="ToC_176" HREF="auagd009.htm#Header_176">The Information in the BosConfig File</A>
+<LI><A NAME="ToC_177" HREF="auagd009.htm#HDRWQ155">How the BOS Server Uses the Information in the BosConfig File</A>
+<LI><A NAME="ToC_178" HREF="auagd009.htm#HDRWQ156">About Starting and Stopping the Database Server Processes</A>
+<LI><A NAME="ToC_179" HREF="auagd009.htm#HDRWQ157">About Starting and Stopping the Update Server</A>
+</MENU>
+<LI><A NAME="ToC_180" HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>
+<MENU>
+<LI><A NAME="ToC_181" HREF="auagd009.htm#HDRWQ159">To display the status of server processes and their BosConfig entries</A>
+</MENU>
+<LI><A NAME="ToC_182" HREF="auagd009.htm#HDRWQ161">Creating and Removing Processes</A>
+<MENU>
+<LI><A NAME="ToC_183" HREF="auagd009.htm#HDRWQ162">To create and start a new process</A>
+<LI><A NAME="ToC_184" HREF="auagd009.htm#Header_184">To stop a process and remove it from the BosConfig file</A>
+</MENU>
+<LI><A NAME="ToC_185" HREF="auagd009.htm#HDRWQ164">Stopping and Starting Processes Permanently</A>
+<MENU>
+<LI><A NAME="ToC_186" HREF="auagd009.htm#HDRWQ165">To stop a process by changing its status to NotRun</A>
+<LI><A NAME="ToC_187" HREF="auagd009.htm#HDRWQ166">To start processes by changing their status flags to Run</A>
+</MENU>
+<LI><A NAME="ToC_188" HREF="auagd009.htm#HDRWQ167">Stopping and Starting Processes Temporarily</A>
+<MENU>
+<LI><A NAME="ToC_189" HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>
+<LI><A NAME="ToC_190" HREF="auagd009.htm#Header_190">To start all stopped processes that have status flag Run in the BosConfig file</A>
+<LI><A NAME="ToC_191" HREF="auagd009.htm#Header_191">To start specific processes</A>
+</MENU>
+<LI><A NAME="ToC_192" HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>
+<MENU>
+<LI><A NAME="ToC_193" HREF="auagd009.htm#Header_193">To stop and restart all processes including the BOS Server</A>
+<LI><A NAME="ToC_194" HREF="auagd009.htm#Header_194">To stop and immediately restart all processes except the BOS Server</A>
+<LI><A NAME="ToC_195" HREF="auagd009.htm#Header_195">To stop and immediately restart specific processes</A>
+</MENU>
+<LI><A NAME="ToC_196" HREF="auagd009.htm#HDRWQ171">Setting the BOS Server's Restart Times</A>
+<MENU>
+<LI><A NAME="ToC_197" HREF="auagd009.htm#Header_197">To display the BOS Server restart times</A>
+<LI><A NAME="ToC_198" HREF="auagd009.htm#HDRWQ172">To set the general or binary restart time</A>
+</MENU>
+<LI><A NAME="ToC_199" HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A>
+<MENU>
+<LI><A NAME="ToC_200" HREF="auagd009.htm#Header_200">To examine a server process log file</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_201" HREF="auagd010.htm#HDRWQ174">Managing Volumes</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_202" HREF="auagd010.htm#HDRWQ175">Summary of Instructions</A>
+<LI><A NAME="ToC_203" HREF="auagd010.htm#HDRWQ177">About Volumes</A>
+<MENU>
+<LI><A NAME="ToC_204" HREF="auagd010.htm#HDRWQ178">The Three Types of Volumes</A>
+<LI><A NAME="ToC_205" HREF="auagd010.htm#HDRWQ179">How Volumes Improve AFS Efficiency</A>
+<LI><A NAME="ToC_206" HREF="auagd010.htm#HDRWQ180">Volume Information in the VLDB</A>
+<LI><A NAME="ToC_207" HREF="auagd010.htm#HDRWQ181">The Information in Volume Headers</A>
+<LI><A NAME="ToC_208" HREF="auagd010.htm#HDRWQ182">Keeping the VLDB and Volume Headers Synchronized</A>
+<LI><A NAME="ToC_209" HREF="auagd010.htm#HDRWQ183">About Mounting Volumes</A>
+<LI><A NAME="ToC_210" HREF="auagd010.htm#HDRWQ184">About Volume Names</A>
+</MENU>
+<LI><A NAME="ToC_211" HREF="auagd010.htm#HDRWQ185">Creating Read/write Volumes</A>
+<MENU>
+<LI><A NAME="ToC_212" HREF="auagd010.htm#Header_212">To create (and mount) a read/write volume</A>
+</MENU>
+<LI><A NAME="ToC_213" HREF="auagd010.htm#HDRWQ190">About Clones and Cloning</A>
+<LI><A NAME="ToC_214" HREF="auagd010.htm#HDRWQ192">Replicating Volumes (Creating Read-only Volumes)</A>
+<MENU>
+<LI><A NAME="ToC_215" HREF="auagd010.htm#HDRWQ193">Using Read-only Volumes Effectively</A>
+<LI><A NAME="ToC_216" HREF="auagd010.htm#Header_216">Replication Scenarios</A>
+<LI><A NAME="ToC_217" HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>
+</MENU>
+<LI><A NAME="ToC_218" HREF="auagd010.htm#HDRWQ201">Creating Backup Volumes</A>
+<MENU>
+<LI><A NAME="ToC_219" HREF="auagd010.htm#HDRWQ202">Backing Up Multiple Volumes at Once</A>
+<LI><A NAME="ToC_220" HREF="auagd010.htm#HDRWQ203">Automating Creation of Backup Volumes</A>
+<LI><A NAME="ToC_221" HREF="auagd010.htm#HDRWQ204">Making the Contents of Backup Volumes Available to Users</A>
+<LI><A NAME="ToC_222" HREF="auagd010.htm#HDRWQ205">To create and mount a backup volume</A>
+<LI><A NAME="ToC_223" HREF="auagd010.htm#Header_223">To create multiple backup volumes at once</A>
+</MENU>
+<LI><A NAME="ToC_224" HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>
+<MENU>
+<LI><A NAME="ToC_225" HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>
+<LI><A NAME="ToC_226" HREF="auagd010.htm#HDRWQ210">The Three Types of Mount Points</A>
+<LI><A NAME="ToC_227" HREF="auagd010.htm#Header_227">Creating a mount point in a foreign cell</A>
+<LI><A NAME="ToC_228" HREF="auagd010.htm#HDRWQ211">To display a mount point</A>
+<LI><A NAME="ToC_229" HREF="auagd010.htm#HDRWQ212">To create a regular or read/write mount point</A>
+<LI><A NAME="ToC_230" HREF="auagd010.htm#HDRWQ213">To create a cellular mount point</A>
+<LI><A NAME="ToC_231" HREF="auagd010.htm#HDRWQ215">To remove a mount point</A>
+</MENU>
+<LI><A NAME="ToC_232" HREF="auagd010.htm#HDRWQ216">Displaying Information About Volumes</A>
+<MENU>
+<LI><A NAME="ToC_233" HREF="auagd010.htm#HDRWQ217">Displaying VLDB Entries</A>
+<LI><A NAME="ToC_234" HREF="auagd010.htm#HDRWQ218">To display VLDB entries</A>
+<LI><A NAME="ToC_235" HREF="auagd010.htm#HDRWQ219">Displaying Volume Headers</A>
+<LI><A NAME="ToC_236" HREF="auagd010.htm#HDRWQ220">To display volume headers</A>
+<LI><A NAME="ToC_237" HREF="auagd010.htm#HDRWQ221">Displaying One Volume's VLDB Entry and Volume Header</A>
+<LI><A NAME="ToC_238" HREF="auagd010.htm#HDRWQ222">To display one volume's VLDB entry and volume header</A>
+<LI><A NAME="ToC_239" HREF="auagd010.htm#HDRWQ223">Displaying the Name or Location of the Volume that Contains a File</A>
+</MENU>
+<LI><A NAME="ToC_243" HREF="auagd010.htm#HDRWQ226">Moving Volumes</A>
+<MENU>
+<LI><A NAME="ToC_244" HREF="auagd010.htm#Header_244">To move a read/write volume</A>
+</MENU>
+<LI><A NAME="ToC_245" HREF="auagd010.htm#HDRWQ227">Synchronizing the VLDB and Volume Headers</A>
+<MENU>
+<LI><A NAME="ToC_246" HREF="auagd010.htm#Header_246">To synchronize the VLDB with volume headers</A>
+</MENU>
+<LI><A NAME="ToC_247" HREF="auagd010.htm#HDRWQ232">Salvaging Volumes</A>
+<MENU>
+<LI><A NAME="ToC_248" HREF="auagd010.htm#HDRWQ233">To salvage volumes</A>
+</MENU>
+<LI><A NAME="ToC_249" HREF="auagd010.htm#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>
+<MENU>
+<LI><A NAME="ToC_250" HREF="auagd010.htm#Header_250">To set quota for a single volume</A>
+<LI><A NAME="ToC_251" HREF="auagd010.htm#Header_251">To set maximum quota on one or more volumes</A>
+<LI><A NAME="ToC_252" HREF="auagd010.htm#Header_252">To display percent quota used</A>
+<LI><A NAME="ToC_253" HREF="auagd010.htm#Header_253">To display quota, current size, and other information</A>
+<LI><A NAME="ToC_254" HREF="auagd010.htm#Header_254">To display quota, current size, and more partition information</A>
+</MENU>
+<LI><A NAME="ToC_255" HREF="auagd010.htm#HDRWQ235">Removing Volumes and their Mount Points</A>
+<MENU>
+<LI><A NAME="ToC_256" HREF="auagd010.htm#Header_256">Other Removal Commands</A>
+<LI><A NAME="ToC_257" HREF="auagd010.htm#HDRWQ236">To remove a volume and unmount it</A>
+</MENU>
+<LI><A NAME="ToC_258" HREF="auagd010.htm#HDRWQ240">Dumping and Restoring Volumes</A>
+<MENU>
+<LI><A NAME="ToC_259" HREF="auagd010.htm#Header_259">About Dumping Volumes</A>
+<LI><A NAME="ToC_260" HREF="auagd010.htm#Header_260">To dump a volume</A>
+<LI><A NAME="ToC_261" HREF="auagd010.htm#Header_261">About Restoring Volumes</A>
+<LI><A NAME="ToC_262" HREF="auagd010.htm#HDRWQ242">To restore a dump into a new volume and mount it</A>
+<LI><A NAME="ToC_263" HREF="auagd010.htm#HDRWQ244">To restore a dump file, overwriting an existing volume</A>
+</MENU>
+<LI><A NAME="ToC_264" HREF="auagd010.htm#HDRWQ245">Renaming Volumes</A>
+<MENU>
+<LI><A NAME="ToC_265" HREF="auagd010.htm#HDRWQ246">To rename a volume</A>
+</MENU>
+<LI><A NAME="ToC_266" HREF="auagd010.htm#HDRWQ247">Unlocking and Locking VLDB Entries</A>
+<MENU>
+<LI><A NAME="ToC_267" HREF="auagd010.htm#Header_267">To lock a VLDB entry</A>
+<LI><A NAME="ToC_268" HREF="auagd010.htm#Header_268">To unlock a single VLDB entry</A>
+<LI><A NAME="ToC_269" HREF="auagd010.htm#Header_269">To unlock multiple VLDB entries</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_270" HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_271" HREF="auagd011.htm#HDRWQ249">Summary of Instructions</A>
+<LI><A NAME="ToC_272" HREF="auagd011.htm#HDRWQ251">Introduction to Backup System Features</A>
+<MENU>
+<LI><A NAME="ToC_273" HREF="auagd011.htm#HDRWQ252">Volume Sets and Volume Entries</A>
+<LI><A NAME="ToC_274" HREF="auagd011.htm#Header_274">Dumps and Dump Sets</A>
+<LI><A NAME="ToC_275" HREF="auagd011.htm#Header_275">Dump Hierarchies, Dump Levels and Expiration Dates</A>
+<LI><A NAME="ToC_276" HREF="auagd011.htm#HDRWQ253">Dump Names and Tape Names</A>
+<LI><A NAME="ToC_277" HREF="auagd011.htm#HDRWQ254">Tape Labels, Dump Labels, and EOF Markers</A>
+<LI><A NAME="ToC_278" HREF="auagd011.htm#HDRWQ255">Tape Coordinator Machines, Port Offsets, and Backup Data Files</A>
+<LI><A NAME="ToC_279" HREF="auagd011.htm#HDRWQ256">The Backup Database and Backup Server Process</A>
+<LI><A NAME="ToC_280" HREF="auagd011.htm#Header_280">Interfaces to the Backup System</A>
+</MENU>
+<LI><A NAME="ToC_281" HREF="auagd011.htm#HDRWQ257">Overview of Backup System Configuration</A>
+<LI><A NAME="ToC_282" HREF="auagd011.htm#HDRWQ258">Configuring the tapeconfig File</A>
+<MENU>
+<LI><A NAME="ToC_283" HREF="auagd011.htm#HDRWQ259">To run the fms command on a noncompressing tape device</A>
+</MENU>
+<LI><A NAME="ToC_284" HREF="auagd011.htm#HDRWQ260">Granting Administrative Privilege to Backup Operators</A>
+<LI><A NAME="ToC_285" HREF="auagd011.htm#HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</A>
+<MENU>
+<LI><A NAME="ToC_286" HREF="auagd011.htm#HDRWQ262">To configure a Tape Coordinator machine</A>
+<LI><A NAME="ToC_287" HREF="auagd011.htm#Header_287">To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A>
+<LI><A NAME="ToC_288" HREF="auagd011.htm#Header_288">To unconfigure a Tape Coordinator</A>
+<LI><A NAME="ToC_289" HREF="auagd011.htm#HDRWQ264">To display the list of configured Tape Coordinators</A>
+</MENU>
+<LI><A NAME="ToC_290" HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>
+<MENU>
+<LI><A NAME="ToC_291" HREF="auagd011.htm#Header_291">To create a volume set</A>
+<LI><A NAME="ToC_292" HREF="auagd011.htm#Header_292">To add a volume entry to a volume set</A>
+<LI><A NAME="ToC_293" HREF="auagd011.htm#HDRWQ266">To display volume sets and volume entries</A>
+<LI><A NAME="ToC_294" HREF="auagd011.htm#Header_294">To delete a volume set</A>
+<LI><A NAME="ToC_295" HREF="auagd011.htm#Header_295">To delete a volume entry from a volume set</A>
+</MENU>
+<LI><A NAME="ToC_296" HREF="auagd011.htm#HDRWQ267">Defining and Displaying the Dump Hierarchy</A>
+<MENU>
+<LI><A NAME="ToC_297" HREF="auagd011.htm#HDRWQ268">Creating a Tape Recycling Schedule</A>
+<LI><A NAME="ToC_298" HREF="auagd011.htm#HDRWQ269">Archiving Tapes</A>
+<LI><A NAME="ToC_299" HREF="auagd011.htm#HDRWQ270">Defining Expiration Dates</A>
+<LI><A NAME="ToC_300" HREF="auagd011.htm#Header_300">To add a dump level to the dump hierarchy</A>
+<LI><A NAME="ToC_301" HREF="auagd011.htm#Header_301">To change a dump level's expiration date</A>
+<LI><A NAME="ToC_302" HREF="auagd011.htm#Header_302">To delete a dump level from the dump hierarchy</A>
+<LI><A NAME="ToC_303" HREF="auagd011.htm#HDRWQ271">To display the dump hierarchy</A>
+</MENU>
+<LI><A NAME="ToC_304" HREF="auagd011.htm#HDRWQ272">Writing and Reading Tape Labels</A>
+<MENU>
+<LI><A NAME="ToC_305" HREF="auagd011.htm#Header_305">Recording a Name on the Label</A>
+<LI><A NAME="ToC_306" HREF="auagd011.htm#Header_306">Recording a Capacity on the Label</A>
+<LI><A NAME="ToC_307" HREF="auagd011.htm#HDRWQ273">To label a tape</A>
+<LI><A NAME="ToC_308" HREF="auagd011.htm#HDRWQ274">To read the label on a tape</A>
+</MENU>
+<LI><A NAME="ToC_309" HREF="auagd011.htm#HDRWQ275">Automating and Increasing the Efficiency of the Backup Process</A>
+<MENU>
+<LI><A NAME="ToC_310" HREF="auagd011.htm#HDRWQ276">Creating a Device Configuration File</A>
+<LI><A NAME="ToC_311" HREF="auagd011.htm#HDRWQ277">Invoking a Device's Tape Mounting and Unmounting Routines</A>
+<LI><A NAME="ToC_314" HREF="auagd011.htm#HDRWQ278">Eliminating the Search or Prompt for the Initial Tape</A>
+<LI><A NAME="ToC_315" HREF="auagd011.htm#HDRWQ279">Enabling Default Responses to Error Conditions</A>
+<LI><A NAME="ToC_316" HREF="auagd011.htm#HDRWQ280">Eliminating the AFS Tape Name Check</A>
+<LI><A NAME="ToC_317" HREF="auagd011.htm#HDRWQ281">Setting the Memory Buffer Size to Promote Tape Streaming</A>
+<LI><A NAME="ToC_318" HREF="auagd011.htm#HDRWQ282">Dumping Data to a Backup Data File</A>
+<LI><A NAME="ToC_319" HREF="auagd011.htm#Header_319">To configure a backup data file</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_320" HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_321" HREF="auagd012.htm#HDRWQ284">Summary of Instructions</A>
+<LI><A NAME="ToC_322" HREF="auagd012.htm#HDRWQ286">Using the Backup System's Interfaces</A>
+<MENU>
+<LI><A NAME="ToC_323" HREF="auagd012.htm#HDRWQ287">Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A>
+<LI><A NAME="ToC_324" HREF="auagd012.htm#HDRWQ288">Using Interactive and Regular Command Mode</A>
+<LI><A NAME="ToC_325" HREF="auagd012.htm#Header_325">To enter interactive mode</A>
+<LI><A NAME="ToC_326" HREF="auagd012.htm#Header_326">To exit interactive mode</A>
+<LI><A NAME="ToC_327" HREF="auagd012.htm#HDRWQ289">To display pending or running jobs in interactive mode</A>
+<LI><A NAME="ToC_328" HREF="auagd012.htm#HDRWQ290">To cancel operations in interactive mode</A>
+<LI><A NAME="ToC_329" HREF="auagd012.htm#HDRWQ291">Starting and Stopping the Tape Coordinator Process</A>
+<LI><A NAME="ToC_330" HREF="auagd012.htm#HDRWQ292">To start a Tape Coordinator process</A>
+<LI><A NAME="ToC_331" HREF="auagd012.htm#Header_331">To stop a Tape Coordinator process</A>
+<LI><A NAME="ToC_332" HREF="auagd012.htm#HDRWQ295">To check the status of a Tape Coordinator process</A>
+</MENU>
+<LI><A NAME="ToC_333" HREF="auagd012.htm#HDRWQ296">Backing Up Data</A>
+<MENU>
+<LI><A NAME="ToC_334" HREF="auagd012.htm#HDRWQ297">Making Backup Operations More Efficient</A>
+<LI><A NAME="ToC_335" HREF="auagd012.htm#HDRWQ298">How Your Configuration Choices Influence the Dump Process</A>
+<LI><A NAME="ToC_336" HREF="auagd012.htm#HDRWQ299">Appending Dumps to an Existing Dump Set</A>
+<LI><A NAME="ToC_337" HREF="auagd012.htm#HDRWQ300">Scheduling Dumps</A>
+<LI><A NAME="ToC_338" HREF="auagd012.htm#HDRWQ301">To create a dump</A>
+</MENU>
+<LI><A NAME="ToC_339" HREF="auagd012.htm#HDRWQ302">Displaying Backup Dump Records</A>
+<MENU>
+<LI><A NAME="ToC_340" HREF="auagd012.htm#HDRWQ303">To display dump records</A>
+<LI><A NAME="ToC_341" HREF="auagd012.htm#HDRWQ304">To display a volume's dump history</A>
+<LI><A NAME="ToC_342" HREF="auagd012.htm#HDRWQ305">To scan the contents of a tape</A>
+</MENU>
+<LI><A NAME="ToC_343" HREF="auagd012.htm#HDRWQ306">Restoring and Recovering Data</A>
+<MENU>
+<LI><A NAME="ToC_344" HREF="auagd012.htm#HDRWQ307">Making Restore Operations More Efficient</A>
+<LI><A NAME="ToC_345" HREF="auagd012.htm#HDRWQ308">Using the backup volrestore Command</A>
+<LI><A NAME="ToC_346" HREF="auagd012.htm#HDRWQ309">To restore volumes with the backup volrestore command</A>
+<LI><A NAME="ToC_347" HREF="auagd012.htm#HDRWQ310">Using the backup diskrestore Command</A>
+<LI><A NAME="ToC_348" HREF="auagd012.htm#HDRWQ311">To restore a partition with the backup diskrestore command</A>
+<LI><A NAME="ToC_349" HREF="auagd012.htm#HDRWQ312">Using the backup volsetrestore Command</A>
+<LI><A NAME="ToC_352" HREF="auagd012.htm#HDRWQ315">To restore a group of volumes with the backup volsetrestore command</A>
+</MENU>
+<LI><A NAME="ToC_353" HREF="auagd012.htm#HDRWQ316">Maintaining the Backup Database</A>
+<MENU>
+<LI><A NAME="ToC_354" HREF="auagd012.htm#HDRWQ317">Backing Up and Restoring the Backup Database</A>
+<LI><A NAME="ToC_355" HREF="auagd012.htm#HDRWQ318">Checking for and Repairing Corruption in the Backup Database</A>
+<LI><A NAME="ToC_356" HREF="auagd012.htm#HDRWQ319">To verify the integrity of the Backup Database</A>
+<LI><A NAME="ToC_357" HREF="auagd012.htm#HDRWQ320">To repair corruption in the Backup Database</A>
+<LI><A NAME="ToC_358" HREF="auagd012.htm#HDRWQ321">Removing Obsolete Records from the Backup Database</A>
+<LI><A NAME="ToC_359" HREF="auagd012.htm#HDRWQ322">To delete dump records from the Backup Database</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_360" HREF="auagd013.htm#HDRWQ323">Monitoring and Auditing AFS Performance</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_361" HREF="auagd013.htm#HDRWQ324">Summary of Instructions</A>
+<LI><A NAME="ToC_362" HREF="auagd013.htm#HDRWQ326">Using the scout Program</A>
+<MENU>
+<LI><A NAME="ToC_363" HREF="auagd013.htm#HDRWQ327">System Requirements</A>
+<LI><A NAME="ToC_364" HREF="auagd013.htm#HDRWQ328">Using the -basename argument to Specify a Domain Name</A>
+<LI><A NAME="ToC_365" HREF="auagd013.htm#HDRWQ329">The Layout of the scout Display</A>
+<LI><A NAME="ToC_369" HREF="auagd013.htm#HDRWQ332">Highlighting Significant Statistics</A>
+<LI><A NAME="ToC_372" HREF="auagd013.htm#HDRWQ334">Resizing the scout Display</A>
+<LI><A NAME="ToC_373" HREF="auagd013.htm#HDRWQ335">To start the scout program</A>
+<LI><A NAME="ToC_374" HREF="auagd013.htm#Header_374">To stop the scout program</A>
+<LI><A NAME="ToC_375" HREF="auagd013.htm#HDRWQ336">Example Commands and Displays</A>
+</MENU>
+<LI><A NAME="ToC_376" HREF="auagd013.htm#HDRWQ341">Using the fstrace Command Suite</A>
+<MENU>
+<LI><A NAME="ToC_377" HREF="auagd013.htm#HDRWQ342">About the fstrace Command Suite</A>
+<LI><A NAME="ToC_378" HREF="auagd013.htm#HDRWQ343">Requirements for Using the fstrace Command Suite</A>
+<LI><A NAME="ToC_379" HREF="auagd013.htm#Header_379">Using fstrace Commands Effectively</A>
+<LI><A NAME="ToC_380" HREF="auagd013.htm#HDRWQ344">Activating the Trace Log</A>
+<LI><A NAME="ToC_381" HREF="auagd013.htm#Header_381">To configure the trace log</A>
+<LI><A NAME="ToC_382" HREF="auagd013.htm#HDRWQ345">To set the event set</A>
+<LI><A NAME="ToC_383" HREF="auagd013.htm#HDRWQ346">Displaying the State of a Trace Log or Event Set</A>
+<LI><A NAME="ToC_384" HREF="auagd013.htm#Header_384">To display the state of an event set</A>
+<LI><A NAME="ToC_385" HREF="auagd013.htm#Header_385">To display the log size</A>
+<LI><A NAME="ToC_386" HREF="auagd013.htm#HDRWQ347">Dumping and Clearing the Trace Log</A>
+<LI><A NAME="ToC_387" HREF="auagd013.htm#Header_387">To dump the contents of a trace log</A>
+<LI><A NAME="ToC_388" HREF="auagd013.htm#Header_388">To clear the contents of a trace log</A>
+<LI><A NAME="ToC_389" HREF="auagd013.htm#HDRWQ348">Examples of fstrace Commands</A>
+</MENU>
+<LI><A NAME="ToC_390" HREF="auagd013.htm#HDRWQ349">Using the afsmonitor Program</A>
+<MENU>
+<LI><A NAME="ToC_391" HREF="auagd013.htm#HDRWQ350">Requirements for running the afsmonitor program</A>
+<LI><A NAME="ToC_392" HREF="auagd013.htm#Header_392">The afsmonitor Output Screens</A>
+<LI><A NAME="ToC_393" HREF="auagd013.htm#Header_393">The System Overview Screen</A>
+<LI><A NAME="ToC_394" HREF="auagd013.htm#Header_394">The File Servers Screen</A>
+<LI><A NAME="ToC_395" HREF="auagd013.htm#Header_395">The Cache Managers Screen</A>
+</MENU>
+<LI><A NAME="ToC_396" HREF="auagd013.htm#HDRWQ351">Configuring the afsmonitor Program</A>
+<LI><A NAME="ToC_397" HREF="auagd013.htm#HDRWQ352">Writing afsmonitor Statistics to a File</A>
+<LI><A NAME="ToC_398" HREF="auagd013.htm#Header_398">To start the afsmonitor Program</A>
+<LI><A NAME="ToC_399" HREF="auagd013.htm#Header_399">To stop the afsmonitor program</A>
+<LI><A NAME="ToC_400" HREF="auagd013.htm#HDRWQ353">The xstat Data Collection Facility</A>
+<MENU>
+<LI><A NAME="ToC_401" HREF="auagd013.htm#Header_401">The libxstat Libraries</A>
+<LI><A NAME="ToC_402" HREF="auagd013.htm#Header_402">Example xstat Commands</A>
+</MENU>
+<LI><A NAME="ToC_405" HREF="auagd013.htm#HDRWQ354">Auditing AFS Events on AIX File Servers</A>
+<MENU>
+<LI><A NAME="ToC_406" HREF="auagd013.htm#Header_406">Configuring AFS Auditing on AIX File Servers</A>
+<LI><A NAME="ToC_407" HREF="auagd013.htm#Header_407">To enable AFS auditing</A>
+<LI><A NAME="ToC_408" HREF="auagd013.htm#Header_408">To disable AFS auditing</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_409" HREF="auagd014.htm#HDRWQ355">Managing Server Encryption Keys</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_410" HREF="auagd014.htm#HDRWQ356">Summary of Instructions</A>
+<LI><A NAME="ToC_411" HREF="auagd014.htm#HDRWQ358">About Server Encryption Keys</A>
+<MENU>
+<LI><A NAME="ToC_412" HREF="auagd014.htm#Header_412">Keys and Mutual Authentication: A Review</A>
+<LI><A NAME="ToC_413" HREF="auagd014.htm#Header_413">Maintaining AFS Server Encryption Keys</A>
+</MENU>
+<LI><A NAME="ToC_414" HREF="auagd014.htm#HDRWQ359">Displaying Server Encryption Keys</A>
+<MENU>
+<LI><A NAME="ToC_415" HREF="auagd014.htm#HDRWQ360">To display the KeyFile file</A>
+<LI><A NAME="ToC_416" HREF="auagd014.htm#HDRWQ361">To display the afs key from the Authentication Database</A>
+</MENU>
+<LI><A NAME="ToC_417" HREF="auagd014.htm#HDRWQ362">Adding Server Encryption Keys</A>
+<MENU>
+<LI><A NAME="ToC_418" HREF="auagd014.htm#HDRWQ363">To add a new server encryption key</A>
+</MENU>
+<LI><A NAME="ToC_419" HREF="auagd014.htm#HDRWQ368">Removing Server Encryption Keys</A>
+<MENU>
+<LI><A NAME="ToC_420" HREF="auagd014.htm#HDRWQ369">To remove a key from the KeyFile file</A>
+</MENU>
+<LI><A NAME="ToC_421" HREF="auagd014.htm#HDRWQ370">Handling Server Encryption Key Emergencies</A>
+<MENU>
+<LI><A NAME="ToC_422" HREF="auagd014.htm#HDRWQ371">Prevent Mutual Authentication</A>
+<LI><A NAME="ToC_423" HREF="auagd014.htm#Header_423">Disable Authorization Checking by Hand</A>
+<LI><A NAME="ToC_424" HREF="auagd014.htm#Header_424">Work Quickly on Each Machine</A>
+<LI><A NAME="ToC_425" HREF="auagd014.htm#Header_425">Work at the Console</A>
+<LI><A NAME="ToC_426" HREF="auagd014.htm#HDRWQ372">Change Individual KeyFile Files</A>
+<LI><A NAME="ToC_427" HREF="auagd014.htm#Header_427">Two Component Procedures</A>
+<LI><A NAME="ToC_430" HREF="auagd014.htm#Header_430">To create a new server encryption key in emergencies</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_431" HREF="auagd015.htm#HDRWQ387">Administering Client Machines and the Cache Manager</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_432" HREF="auagd015.htm#HDRWQ388">Summary of Instructions</A>
+<LI><A NAME="ToC_433" HREF="auagd015.htm#HDRWQ390">Overview of Cache Manager Customization</A>
+<LI><A NAME="ToC_434" HREF="auagd015.htm#HDRWQ391">Configuration and Cache-Related Files on the Local Disk</A>
+<MENU>
+<LI><A NAME="ToC_435" HREF="auagd015.htm#HDRWQ392">Configuration Files in the /usr/vice/etc Directory</A>
+<LI><A NAME="ToC_436" HREF="auagd015.htm#HDRWQ393">Cache-Related Files</A>
+</MENU>
+<LI><A NAME="ToC_437" HREF="auagd015.htm#HDRWQ394">Determining the Cache Type, Size, and Location</A>
+<MENU>
+<LI><A NAME="ToC_438" HREF="auagd015.htm#Header_438">Choosing the Cache Size</A>
+<LI><A NAME="ToC_439" HREF="auagd015.htm#HDRWQ395">Displaying and Setting the Cache Size and Location</A>
+<LI><A NAME="ToC_440" HREF="auagd015.htm#HDRWQ396">To display the cache size set at reboot</A>
+<LI><A NAME="ToC_441" HREF="auagd015.htm#HDRWQ397">To display the current cache size</A>
+<LI><A NAME="ToC_442" HREF="auagd015.htm#HDRWQ398">To edit the cacheinfo file</A>
+<LI><A NAME="ToC_443" HREF="auagd015.htm#HDRWQ399">To change the disk cache size without rebooting</A>
+<LI><A NAME="ToC_444" HREF="auagd015.htm#Header_444">To reset the disk cache size to the default without rebooting</A>
+<LI><A NAME="ToC_445" HREF="auagd015.htm#HDRWQ401">How the Cache Manager Chooses Data to Discard</A>
+</MENU>
+<LI><A NAME="ToC_446" HREF="auagd015.htm#HDRWQ402">Setting Other Cache Parameters with the afsd program</A>
+<MENU>
+<LI><A NAME="ToC_447" HREF="auagd015.htm#HDRWQ403">Setting Cache Configuration Parameters</A>
+<LI><A NAME="ToC_448" HREF="auagd015.htm#HDRWQ404">Configuring a Disk Cache</A>
+<LI><A NAME="ToC_449" HREF="auagd015.htm#HDRWQ405">Controlling Memory Cache Configuration</A>
+</MENU>
+<LI><A NAME="ToC_450" HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>
+<MENU>
+<LI><A NAME="ToC_451" HREF="auagd015.htm#Header_451">How Clients Use the List of Database Server Machines</A>
+<LI><A NAME="ToC_452" HREF="auagd015.htm#HDRWQ407">The Format of the CellServDB file</A>
+<LI><A NAME="ToC_453" HREF="auagd015.htm#HDRWQ408">Maintaining the Client CellServDB File</A>
+<LI><A NAME="ToC_454" HREF="auagd015.htm#Header_454">To display the /usr/vice/etc/CellServDB file</A>
+<LI><A NAME="ToC_455" HREF="auagd015.htm#Header_455">To display the list of database server machines in kernel memory</A>
+<LI><A NAME="ToC_456" HREF="auagd015.htm#Header_456">To change the list of a cell's database server machines in kernel memory</A>
+</MENU>
+<LI><A NAME="ToC_457" HREF="auagd015.htm#HDRWQ409">Determining if a Client Can Run Setuid Programs</A>
+<MENU>
+<LI><A NAME="ToC_458" HREF="auagd015.htm#Header_458">To determine a cell's setuid status</A>
+<LI><A NAME="ToC_459" HREF="auagd015.htm#Header_459">To change a cell's setuid status</A>
+</MENU>
+<LI><A NAME="ToC_460" HREF="auagd015.htm#HDRWQ410">Setting the File Server Probe Interval</A>
+<MENU>
+<LI><A NAME="ToC_461" HREF="auagd015.htm#Header_461">To set a client's file server probe interval</A>
+</MENU>
+<LI><A NAME="ToC_462" HREF="auagd015.htm#HDRWQ411">Setting a Client Machine's Cell Membership</A>
+<MENU>
+<LI><A NAME="ToC_463" HREF="auagd015.htm#Header_463">To display a client machine's cell membership</A>
+<LI><A NAME="ToC_464" HREF="auagd015.htm#Header_464">To set a client machine's cell membership</A>
+</MENU>
+<LI><A NAME="ToC_465" HREF="auagd015.htm#HDRWQ412">Forcing the Update of Cached Data</A>
+<MENU>
+<LI><A NAME="ToC_466" HREF="auagd015.htm#Header_466">To flush certain files or directories</A>
+<LI><A NAME="ToC_467" HREF="auagd015.htm#Header_467">To flush all data from a volume</A>
+<LI><A NAME="ToC_468" HREF="auagd015.htm#Header_468">To force the Cache Manager to notice other volume changes</A>
+<LI><A NAME="ToC_469" HREF="auagd015.htm#HDRWQ413">To flush one or more mount points</A>
+</MENU>
+<LI><A NAME="ToC_470" HREF="auagd015.htm#HDRWQ414">Maintaining Server Preference Ranks</A>
+<MENU>
+<LI><A NAME="ToC_471" HREF="auagd015.htm#Header_471">How the Cache Manager Sets Default Ranks</A>
+<LI><A NAME="ToC_472" HREF="auagd015.htm#Header_472">How the Cache Manager Uses Preference Ranks</A>
+<LI><A NAME="ToC_473" HREF="auagd015.htm#Header_473">Displaying and Setting Preference Ranks</A>
+<LI><A NAME="ToC_474" HREF="auagd015.htm#Header_474">To display server preference ranks</A>
+<LI><A NAME="ToC_475" HREF="auagd015.htm#Header_475">To set server preference ranks</A>
+</MENU>
+<LI><A NAME="ToC_476" HREF="auagd015.htm#HDRWQ415">Managing Multihomed Client Machines</A>
+<MENU>
+<LI><A NAME="ToC_477" HREF="auagd015.htm#Header_477">To create or edit the client NetInfo file</A>
+<LI><A NAME="ToC_478" HREF="auagd015.htm#Header_478">To create or edit the client NetRestrict file</A>
+<LI><A NAME="ToC_479" HREF="auagd015.htm#Header_479">To display the list of addresses from kernel memory</A>
+<LI><A NAME="ToC_480" HREF="auagd015.htm#Header_480">To set the list of addresses in kernel memory</A>
+</MENU>
+<LI><A NAME="ToC_481" HREF="auagd015.htm#HDRWQ416">Controlling the Display of Warning and Informational Messages</A>
+<MENU>
+<LI><A NAME="ToC_482" HREF="auagd015.htm#Header_482">To control the display of warning and status messages</A>
+</MENU>
+<LI><A NAME="ToC_483" HREF="auagd015.htm#HDRWQ417">Displaying and Setting the System Type Name</A>
+<MENU>
+<LI><A NAME="ToC_484" HREF="auagd015.htm#Header_484">To display the system type name</A>
+<LI><A NAME="ToC_485" HREF="auagd015.htm#Header_485">To change the system type name</A>
+</MENU>
+<LI><A NAME="ToC_486" HREF="auagd015.htm#HDRWQ418">Enabling Asynchronous Writes</A>
+<MENU>
+<LI><A NAME="ToC_487" HREF="auagd015.htm#Header_487">To set the default store asynchrony</A>
+<LI><A NAME="ToC_488" HREF="auagd015.htm#Header_488">To set the store asynchrony for one or more files</A>
+<LI><A NAME="ToC_489" HREF="auagd015.htm#Header_489">To display the default store asynchrony</A>
+<LI><A NAME="ToC_490" HREF="auagd015.htm#Header_490">To display the store asynchrony for one or more files</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_491" HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_492" HREF="auagd016.htm#HDRWQ420">Summary of Instructions</A>
+<LI><A NAME="ToC_493" HREF="auagd016.htm#HDRWQ422">Using the package Program</A>
+<MENU>
+<LI><A NAME="ToC_494" HREF="auagd016.htm#Header_494">Using Package on File Server Machines</A>
+</MENU>
+<LI><A NAME="ToC_495" HREF="auagd016.htm#HDRWQ423">Package Overview</A>
+<MENU>
+<LI><A NAME="ToC_496" HREF="auagd016.htm#Header_496">Preparing Prototype Files</A>
+<LI><A NAME="ToC_497" HREF="auagd016.htm#HDRWQ424">Compiling Prototype Files</A>
+<LI><A NAME="ToC_498" HREF="auagd016.htm#Header_498">Preparing Clients</A>
+</MENU>
+<LI><A NAME="ToC_499" HREF="auagd016.htm#HDRWQ425">The package Directory Structure</A>
+<MENU>
+<LI><A NAME="ToC_500" HREF="auagd016.htm#HDRWQ426">The src directory</A>
+<LI><A NAME="ToC_501" HREF="auagd016.htm#Header_501">The lib directory</A>
+<LI><A NAME="ToC_502" HREF="auagd016.htm#Header_502">The etc directory</A>
+</MENU>
+<LI><A NAME="ToC_503" HREF="auagd016.htm#HDRWQ427">Example Prototype and Library Files</A>
+<MENU>
+<LI><A NAME="ToC_504" HREF="auagd016.htm#HDRWQ428">An Example Prototype File</A>
+<LI><A NAME="ToC_505" HREF="auagd016.htm#Header_505">Example Library File</A>
+</MENU>
+<LI><A NAME="ToC_506" HREF="auagd016.htm#HDRWQ429">Package Configuration File Instruction Syntax</A>
+<MENU>
+<LI><A NAME="ToC_507" HREF="auagd016.htm#HDRWQ430">Local Files versus Symbolic Links</A>
+<LI><A NAME="ToC_508" HREF="auagd016.htm#HDRWQ431">Defining a Directory</A>
+<LI><A NAME="ToC_509" HREF="auagd016.htm#HDRWQ432">Defining a File</A>
+<LI><A NAME="ToC_510" HREF="auagd016.htm#HDRWQ433">Defining a Symbolic Link</A>
+<LI><A NAME="ToC_511" HREF="auagd016.htm#HDRWQ434">Defining a Block Special Device</A>
+<LI><A NAME="ToC_512" HREF="auagd016.htm#HDRWQ435">Defining a Character Special Device</A>
+<LI><A NAME="ToC_513" HREF="auagd016.htm#HDRWQ436">Defining a Socket</A>
+</MENU>
+<LI><A NAME="ToC_514" HREF="auagd016.htm#HDRWQ437">Constructing Prototype and Library Files</A>
+<MENU>
+<LI><A NAME="ToC_515" HREF="auagd016.htm#Header_515">To construct a prototype file and its component library files</A>
+</MENU>
+<LI><A NAME="ToC_516" HREF="auagd016.htm#HDRWQ438">The Package Makefile File</A>
+<MENU>
+<LI><A NAME="ToC_517" HREF="auagd016.htm#Header_517">Overview</A>
+<LI><A NAME="ToC_518" HREF="auagd016.htm#HDRWQ439">The CONFIG Section</A>
+<LI><A NAME="ToC_519" HREF="auagd016.htm#HDRWQ440">The BASE_LIBS Section</A>
+<LI><A NAME="ToC_520" HREF="auagd016.htm#HDRWQ441">The MACHINE_LIBS Section</A>
+<LI><A NAME="ToC_521" HREF="auagd016.htm#HDRWQ442">The LIBS Section</A>
+<LI><A NAME="ToC_522" HREF="auagd016.htm#HDRWQ443">The .SUFFIXES Section</A>
+<LI><A NAME="ToC_523" HREF="auagd016.htm#HDRWQ444">The Makefile Instructions Section</A>
+</MENU>
+<LI><A NAME="ToC_524" HREF="auagd016.htm#HDRWQ445">Modifying the Makefile</A>
+<MENU>
+<LI><A NAME="ToC_525" HREF="auagd016.htm#Header_525">Adding a New Prototype File</A>
+<LI><A NAME="ToC_526" HREF="auagd016.htm#Header_526">Adding a New System Type</A>
+<LI><A NAME="ToC_527" HREF="auagd016.htm#Header_527">Adding New Library Files</A>
+</MENU>
+<LI><A NAME="ToC_528" HREF="auagd016.htm#HDRWQ446">Compiling Prototype Files</A>
+<MENU>
+<LI><A NAME="ToC_529" HREF="auagd016.htm#Header_529">To compile prototype files</A>
+</MENU>
+<LI><A NAME="ToC_530" HREF="auagd016.htm#HDRWQ447">Modifying Client Machines</A>
+<MENU>
+<LI><A NAME="ToC_531" HREF="auagd016.htm#Header_531">To prepare a client machine to run the package program</A>
+</MENU>
+<LI><A NAME="ToC_532" HREF="auagd016.htm#HDRWQ448">Running the package program</A>
+<MENU>
+<LI><A NAME="ToC_533" HREF="auagd016.htm#Header_533">To invoke the package program by rebooting</A>
+<LI><A NAME="ToC_534" HREF="auagd016.htm#Header_534">To invoke the package program directly (without rebooting)</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_535" HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_536" HREF="auagd017.htm#HDRWQ450">Summary of Instructions</A>
+<LI><A NAME="ToC_537" HREF="auagd017.htm#HDRWQ452">Overview of the uss Command Suite</A>
+<MENU>
+<LI><A NAME="ToC_538" HREF="auagd017.htm#Header_538">The Components of an AFS User Account</A>
+<LI><A NAME="ToC_539" HREF="auagd017.htm#HDRWQ453">Privilege Requirements for the uss Commands</A>
+<LI><A NAME="ToC_540" HREF="auagd017.htm#HDRWQ454">Avoiding and Recovering from Errors and Interrupted Operations</A>
+</MENU>
+<LI><A NAME="ToC_541" HREF="auagd017.htm#HDRWQ455">Creating Local Password File Entries with uss</A>
+<MENU>
+<LI><A NAME="ToC_542" HREF="auagd017.htm#HDRWQ456">Assigning AFS and UNIX UIDs that Match</A>
+<LI><A NAME="ToC_543" HREF="auagd017.htm#HDRWQ457">Specifying Passwords in the Local Password File</A>
+<LI><A NAME="ToC_544" HREF="auagd017.htm#HDRWQ458">Creating a Common Source Password File</A>
+</MENU>
+<LI><A NAME="ToC_545" HREF="auagd017.htm#HDRWQ459">Converting Existing UNIX Accounts with uss</A>
+<MENU>
+<LI><A NAME="ToC_546" HREF="auagd017.htm#HDRWQ460">Making UNIX and AFS UIDs Match</A>
+<LI><A NAME="ToC_547" HREF="auagd017.htm#HDRWQ461">Setting the Password Field Appropriately</A>
+<LI><A NAME="ToC_548" HREF="auagd017.htm#HDRWQ462">Moving Local Files into AFS</A>
+</MENU>
+<LI><A NAME="ToC_549" HREF="auagd017.htm#HDRWQ463">Constructing a uss Template File</A>
+<MENU>
+<LI><A NAME="ToC_550" HREF="auagd017.htm#HDRWQ464">Creating the Three Types of User Accounts</A>
+<LI><A NAME="ToC_551" HREF="auagd017.htm#HDRWQ465">Using Constants and Variables in the Template File</A>
+<LI><A NAME="ToC_552" HREF="auagd017.htm#HDRWQ468">Where to Place Template Files</A>
+<LI><A NAME="ToC_553" HREF="auagd017.htm#HDRWQ469">Some General Rules for Constructing a Template</A>
+<LI><A NAME="ToC_554" HREF="auagd017.htm#HDRWQ470">About Creating Local Disk Directories and Files</A>
+<LI><A NAME="ToC_555" HREF="auagd017.htm#HDRWQ471">Example uss Templates</A>
+<LI><A NAME="ToC_556" HREF="auagd017.htm#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A>
+<LI><A NAME="ToC_557" HREF="auagd017.htm#HDRWQ473">Creating a Volume with the V Instruction</A>
+<LI><A NAME="ToC_558" HREF="auagd017.htm#HDRWQ474">Creating a Directory with the D Instruction</A>
+<LI><A NAME="ToC_559" HREF="auagd017.htm#HDRWQ475">Creating a File from a Prototype with the F Instruction</A>
+<LI><A NAME="ToC_560" HREF="auagd017.htm#HDRWQ476">Creating One-Line Files with the E Instruction</A>
+<LI><A NAME="ToC_561" HREF="auagd017.htm#HDRWQ477">Creating Links with the L and S Instructions</A>
+<LI><A NAME="ToC_562" HREF="auagd017.htm#HDRWQ478">Increasing Account Security with the A Instruction</A>
+<LI><A NAME="ToC_563" HREF="auagd017.htm#HDRWQ479">Executing Commands with the X Instruction</A>
+</MENU>
+<LI><A NAME="ToC_564" HREF="auagd017.htm#HDRWQ480">Creating Individual Accounts with the uss add Command</A>
+<MENU>
+<LI><A NAME="ToC_565" HREF="auagd017.htm#HDRWQ483">To create an AFS account with the uss add command</A>
+</MENU>
+<LI><A NAME="ToC_566" HREF="auagd017.htm#HDRWQ486">Deleting Individual Accounts with the uss delete Command</A>
+<MENU>
+<LI><A NAME="ToC_567" HREF="auagd017.htm#HDRWQ487">To delete an AFS account</A>
+</MENU>
+<LI><A NAME="ToC_568" HREF="auagd017.htm#HDRWQ488">Creating and Deleting Multiple Accounts with the uss bulk Command</A>
+<MENU>
+<LI><A NAME="ToC_569" HREF="auagd017.htm#HDRWQ489">Constructing a Bulk Input File</A>
+<LI><A NAME="ToC_570" HREF="auagd017.htm#Header_570">Example Bulk Input File Instructions</A>
+<LI><A NAME="ToC_571" HREF="auagd017.htm#Header_571">To create and delete multiple AFS user accounts</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_572" HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_573" HREF="auagd018.htm#HDRWQ492">Summary of Instructions</A>
+<LI><A NAME="ToC_574" HREF="auagd018.htm#HDRWQ494">The Components of an AFS User Account</A>
+<LI><A NAME="ToC_575" HREF="auagd018.htm#HDRWQ495">Creating Local Password File Entries</A>
+<MENU>
+<LI><A NAME="ToC_576" HREF="auagd018.htm#HDRWQ496">Assigning AFS and UNIX UIDs that Match</A>
+<LI><A NAME="ToC_577" HREF="auagd018.htm#HDRWQ497">Specifying Passwords in the Local Password File</A>
+</MENU>
+<LI><A NAME="ToC_578" HREF="auagd018.htm#HDRWQ498">Converting Existing UNIX Accounts</A>
+<MENU>
+<LI><A NAME="ToC_579" HREF="auagd018.htm#HDRWQ499">Making UNIX and AFS UIDs Match</A>
+<LI><A NAME="ToC_580" HREF="auagd018.htm#HDRWQ500">Setting the Password Field Appropriately</A>
+<LI><A NAME="ToC_581" HREF="auagd018.htm#HDRWQ501">Moving Local Files into AFS</A>
+</MENU>
+<LI><A NAME="ToC_582" HREF="auagd018.htm#HDRWQ502">Creating AFS User Accounts</A>
+<MENU>
+<LI><A NAME="ToC_583" HREF="auagd018.htm#HDRWQ503">To create one user account with individual commands</A>
+</MENU>
+<LI><A NAME="ToC_584" HREF="auagd018.htm#HDRWQ515">Improving Password and Authentication Security</A>
+<MENU>
+<LI><A NAME="ToC_585" HREF="auagd018.htm#Header_585">To limit the number of consecutive failed authentication attempts</A>
+<LI><A NAME="ToC_586" HREF="auagd018.htm#Header_586">To unlock a locked user account</A>
+<LI><A NAME="ToC_587" HREF="auagd018.htm#Header_587">To set password lifetime</A>
+<LI><A NAME="ToC_588" HREF="auagd018.htm#Header_588">To prohibit reuse of passwords</A>
+</MENU>
+<LI><A NAME="ToC_589" HREF="auagd018.htm#HDRWQ516">Changing AFS Passwords</A>
+<MENU>
+<LI><A NAME="ToC_590" HREF="auagd018.htm#Header_590">To change an AFS password</A>
+</MENU>
+<LI><A NAME="ToC_591" HREF="auagd018.htm#HDRWQ517">Displaying and Setting the Quota on User Volumes</A>
+<LI><A NAME="ToC_592" HREF="auagd018.htm#HDRWQ518">Changing Usernames</A>
+<MENU>
+<LI><A NAME="ToC_593" HREF="auagd018.htm#Header_593">To change a username</A>
+</MENU>
+<LI><A NAME="ToC_594" HREF="auagd018.htm#HDRWQ524">Removing a User Account</A>
+<MENU>
+<LI><A NAME="ToC_595" HREF="auagd018.htm#Header_595">To remove a user account</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_596" HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_597" HREF="auagd019.htm#HDRWQ532">Summary of Instructions</A>
+<LI><A NAME="ToC_598" HREF="auagd019.htm#HDRWQ534">About the Protection Database</A>
+<MENU>
+<LI><A NAME="ToC_599" HREF="auagd019.htm#HDRWQ535">The System Groups</A>
+</MENU>
+<LI><A NAME="ToC_600" HREF="auagd019.htm#HDRWQ536">Displaying Information from the Protection Database</A>
+<MENU>
+<LI><A NAME="ToC_601" HREF="auagd019.htm#HDRWQ537">To display a Protection Database entry</A>
+<LI><A NAME="ToC_602" HREF="auagd019.htm#HDRWQ538">To display group membership</A>
+<LI><A NAME="ToC_603" HREF="auagd019.htm#HDRWQ540">To list the groups that a user or group owns</A>
+<LI><A NAME="ToC_604" HREF="auagd019.htm#HDRWQ541">To display all Protection Database entries</A>
+</MENU>
+<LI><A NAME="ToC_605" HREF="auagd019.htm#HDRWQ542">Creating User and Machine Entries</A>
+<MENU>
+<LI><A NAME="ToC_606" HREF="auagd019.htm#HDRWQ543">To create machine entries in the Protection Database</A>
+</MENU>
+<LI><A NAME="ToC_607" HREF="auagd019.htm#HDRWQ544">Creating Groups</A>
+<MENU>
+<LI><A NAME="ToC_608" HREF="auagd019.htm#HDRWQ545">Using Groups Effectively</A>
+<LI><A NAME="ToC_609" HREF="auagd019.htm#HDRWQ546">To create groups</A>
+<LI><A NAME="ToC_610" HREF="auagd019.htm#HDRWQ547">To create a self-owned group</A>
+<LI><A NAME="ToC_611" HREF="auagd019.htm#HDRWQ548">Using Prefix-Less Groups</A>
+</MENU>
+<LI><A NAME="ToC_612" HREF="auagd019.htm#HDRWQ549">Adding and Removing Group Members</A>
+<MENU>
+<LI><A NAME="ToC_613" HREF="auagd019.htm#HDRWQ550">To add users and machines to groups</A>
+<LI><A NAME="ToC_614" HREF="auagd019.htm#HDRWQ551">To remove users and machines from groups</A>
+</MENU>
+<LI><A NAME="ToC_615" HREF="auagd019.htm#HDRWQ552">Deleting Protection Database Entries</A>
+<MENU>
+<LI><A NAME="ToC_616" HREF="auagd019.htm#HDRWQ553">To delete Protection Database entries</A>
+</MENU>
+<LI><A NAME="ToC_617" HREF="auagd019.htm#HDRWQ554">Changing a Group's Owner</A>
+<MENU>
+<LI><A NAME="ToC_618" HREF="auagd019.htm#HDRWQ555">To change a group's owner</A>
+</MENU>
+<LI><A NAME="ToC_619" HREF="auagd019.htm#HDRWQ556">Changing a Protection Database Entry's Name</A>
+<MENU>
+<LI><A NAME="ToC_620" HREF="auagd019.htm#HDRWQ557">To change the name of a machine or group entry</A>
+</MENU>
+<LI><A NAME="ToC_621" HREF="auagd019.htm#HDRWQ558">Setting Group-Creation Quota</A>
+<MENU>
+<LI><A NAME="ToC_622" HREF="auagd019.htm#Header_622">To set group-creation quota</A>
+</MENU>
+<LI><A NAME="ToC_623" HREF="auagd019.htm#HDRWQ559">Setting the Privacy Flags on Database Entries</A>
+<MENU>
+<LI><A NAME="ToC_624" HREF="auagd019.htm#Header_624">To set a Protection Database entry's privacy flags</A>
+</MENU>
+<LI><A NAME="ToC_625" HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>
+<MENU>
+<LI><A NAME="ToC_626" HREF="auagd019.htm#HDRWQ561">To display the AFS ID counters</A>
+<LI><A NAME="ToC_627" HREF="auagd019.htm#Header_627">To set the AFS ID counters</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_628" HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_629" HREF="auagd020.htm#HDRWQ563">Summary of Instructions</A>
+<LI><A NAME="ToC_630" HREF="auagd020.htm#HDRWQ565">Protecting Data in AFS</A>
+<MENU>
+<LI><A NAME="ToC_631" HREF="auagd020.htm#HDRWQ566">Differences Between UFS and AFS Data Protection</A>
+<LI><A NAME="ToC_632" HREF="auagd020.htm#HDRWQ567">The AFS ACL Permissions</A>
+<LI><A NAME="ToC_637" HREF="auagd020.htm#HDRWQ570">Using Normal and Negative Permissions</A>
+<LI><A NAME="ToC_638" HREF="auagd020.htm#HDRWQ571">Using Groups on ACLs</A>
+</MENU>
+<LI><A NAME="ToC_639" HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>
+<MENU>
+<LI><A NAME="ToC_640" HREF="auagd020.htm#Header_640">To display an ACL</A>
+</MENU>
+<LI><A NAME="ToC_641" HREF="auagd020.htm#HDRWQ573">Setting ACL Entries</A>
+<MENU>
+<LI><A NAME="ToC_642" HREF="auagd020.htm#HDRWQ574">To add, remove, or edit normal ACL permissions</A>
+<LI><A NAME="ToC_643" HREF="auagd020.htm#HDRWQ575">To add, remove, or edit negative ACL permissions</A>
+</MENU>
+<LI><A NAME="ToC_644" HREF="auagd020.htm#HDRWQ576">Completely Replacing an ACL</A>
+<MENU>
+<LI><A NAME="ToC_645" HREF="auagd020.htm#Header_645">To replace an ACL completely</A>
+</MENU>
+<LI><A NAME="ToC_646" HREF="auagd020.htm#HDRWQ577">Copying ACLs Between Directories</A>
+<MENU>
+<LI><A NAME="ToC_647" HREF="auagd020.htm#Header_647">To copy an ACL between directories</A>
+</MENU>
+<LI><A NAME="ToC_648" HREF="auagd020.htm#HDRWQ579">Removing Obsolete AFS IDs from ACLs</A>
+<MENU>
+<LI><A NAME="ToC_649" HREF="auagd020.htm#Header_649">To clean obsolete AFS IDs from an ACL</A>
+</MENU>
+<LI><A NAME="ToC_650" HREF="auagd020.htm#HDRWQ580">How AFS Interprets the UNIX Mode Bits</A>
+</MENU>
+<P><B><A NAME="ToC_651" HREF="auagd021.htm#HDRWQ581">Managing Administrative Privilege</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_652" HREF="auagd021.htm#HDRWQ582">Summary of Instructions</A>
+<LI><A NAME="ToC_653" HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>
+<MENU>
+<LI><A NAME="ToC_654" HREF="auagd021.htm#HDRWQ585">The Reason for Separate Privileges</A>
+</MENU>
+<LI><A NAME="ToC_655" HREF="auagd021.htm#HDRWQ586">Administering the system:administrators Group</A>
+<MENU>
+<LI><A NAME="ToC_656" HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>
+<LI><A NAME="ToC_657" HREF="auagd021.htm#Header_657">To add users to the system:administrators group</A>
+<LI><A NAME="ToC_658" HREF="auagd021.htm#HDRWQ588">To remove users from the system:administrators group</A>
+</MENU>
+<LI><A NAME="ToC_659" HREF="auagd021.htm#HDRWQ589">Granting Privilege for kas Commands: the ADMIN Flag</A>
+<MENU>
+<LI><A NAME="ToC_660" HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>
+<LI><A NAME="ToC_661" HREF="auagd021.htm#Header_661">To set or remove the ADMIN flag</A>
+</MENU>
+<LI><A NAME="ToC_662" HREF="auagd021.htm#HDRWQ592">Administering the UserList File</A>
+<MENU>
+<LI><A NAME="ToC_663" HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>
+<LI><A NAME="ToC_664" HREF="auagd021.htm#HDRWQ594">To add users to the UserList file</A>
+<LI><A NAME="ToC_665" HREF="auagd021.htm#Header_665">To remove users from the UserList file</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_666" HREF="auagd022.htm#HDRWQ595">Appendix A. Managing the NFS/AFS Translator</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_667" HREF="auagd022.htm#HDRWQ596">Summary of Instructions</A>
+<LI><A NAME="ToC_668" HREF="auagd022.htm#HDRWQ598">Overview</A>
+<MENU>
+<LI><A NAME="ToC_669" HREF="auagd022.htm#HDRWQ599">Enabling Unauthenticated or Authenticated AFS Access</A>
+<LI><A NAME="ToC_670" HREF="auagd022.htm#HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</A>
+<LI><A NAME="ToC_674" HREF="auagd022.htm#HDRWQ602">Delayed Writes for Files Saved on NFS Client Machines</A>
+</MENU>
+<LI><A NAME="ToC_675" HREF="auagd022.htm#HDRWQ603">Configuring NFS/AFS Translator Machines</A>
+<MENU>
+<LI><A NAME="ToC_676" HREF="auagd022.htm#Header_676">Loading NFS and AFS Kernel Extensions</A>
+<LI><A NAME="ToC_677" HREF="auagd022.htm#HDRRMTSYS">Configuring the Translator Machine to Accept AFS Commands</A>
+<LI><A NAME="ToC_678" HREF="auagd022.htm#HDRWQ604">Controlling Optional Translator Features</A>
+<LI><A NAME="ToC_679" HREF="auagd022.htm#Header_679">To configure an NFS/AFS translator machine</A>
+<LI><A NAME="ToC_680" HREF="auagd022.htm#Header_680">To disable or enable Translator functionality, or set optional features</A>
+</MENU>
+<LI><A NAME="ToC_681" HREF="auagd022.htm#HDRWQ606">Configuring NFS Client Machines</A>
+<MENU>
+<LI><A NAME="ToC_682" HREF="auagd022.htm#Header_682">To configure an NFS client machine to access AFS</A>
+</MENU>
+<LI><A NAME="ToC_683" HREF="auagd022.htm#HDRWQ610">Configuring User Accounts</A>
+<MENU>
+<LI><A NAME="ToC_684" HREF="auagd022.htm#Header_684">To configure a user account for issuing AFS commands</A>
+</MENU>
+<LI><A NAME="ToC_685" HREF="auagd022.htm#HDRWQ612">Authenticating on Unsupported NFS Client Machines</A>
+<MENU>
+<LI><A NAME="ToC_686" HREF="auagd022.htm#Header_686">To authenticate using the knfs command</A>
+<LI><A NAME="ToC_687" HREF="auagd022.htm#Header_687">To display tokens using the knfs command</A>
+<LI><A NAME="ToC_688" HREF="auagd022.htm#Header_688">To discard tokens using the knfs command</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_689" HREF="auagd023.htm#HDRCOMMANDS">Appendix B. Using AFS Commands</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_690" HREF="auagd023.htm#HDRWQ613">AFS Command Syntax</A>
+<MENU>
+<LI><A NAME="ToC_691" HREF="auagd023.htm#Header_691">Command Names</A>
+<LI><A NAME="ToC_692" HREF="auagd023.htm#Header_692">Options</A>
+<LI><A NAME="ToC_693" HREF="auagd023.htm#Header_693">Arguments</A>
+<LI><A NAME="ToC_694" HREF="auagd023.htm#Header_694">Flags</A>
+<LI><A NAME="ToC_695" HREF="auagd023.htm#HDRCOMMAND-EX">An Example Command</A>
+<LI><A NAME="ToC_696" HREF="auagd023.htm#HDRWQ614">Rules for Entering AFS Commands</A>
+<LI><A NAME="ToC_699" HREF="auagd023.htm#HDRWQ615">Rules for Using Abbreviations and Aliases</A>
+<LI><A NAME="ToC_705" HREF="auagd023.htm#HDRWQ616">Displaying Online Help for AFS Commands</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_706" HREF="auagd024.htm#HDRWQ617">Appendix C. The afsmonitor Program Statistics</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_707" HREF="auagd024.htm#HDRWQ618">The Cache Manager Statistics</A>
+<MENU>
+<LI><A NAME="ToC_708" HREF="auagd024.htm#Header_708">Performance Statistics Section (PerfStats_section)</A>
+<LI><A NAME="ToC_709" HREF="auagd024.htm#Header_709">Server Up/Down Statistics Section (Server_UpDown_section)</A>
+<LI><A NAME="ToC_710" HREF="auagd024.htm#Header_710">RPC Operation Measurements Section (RPCop_section)</A>
+<LI><A NAME="ToC_711" HREF="auagd024.htm#Header_711">Authentication and Replicated File Access Section (Auth_Access_section)</A>
+</MENU>
+<LI><A NAME="ToC_712" HREF="auagd024.htm#HDRWQ619">The File Server Statistics</A>
+<MENU>
+<LI><A NAME="ToC_713" HREF="auagd024.htm#Header_713">Performance Statistics Section (PerfStats_section)</A>
+<LI><A NAME="ToC_714" HREF="auagd024.htm#Header_714">RPC Operations Section (RPCop_section)</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_715" HREF="auagd025.htm#HDRWQ620">Appendix D. AIX Audit Events</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_716" HREF="auagd025.htm#HDRWQ621">Introduction</A>
+<LI><A NAME="ToC_717" HREF="auagd025.htm#HDRWQ622">Audit-Specific Events</A>
+<LI><A NAME="ToC_718" HREF="auagd025.htm#HDRWQ627">Volume Server Events</A>
+<LI><A NAME="ToC_719" HREF="auagd025.htm#HDRWQ630">Backup Server Events</A>
+<LI><A NAME="ToC_720" HREF="auagd025.htm#HDRWQ633">Protection Server Events</A>
+<LI><A NAME="ToC_721" HREF="auagd025.htm#HDRWQ636">Authentication Events</A>
+<LI><A NAME="ToC_722" HREF="auagd025.htm#HDRWQ639">File Server and Cache Manager Interface Events</A>
+<LI><A NAME="ToC_723" HREF="auagd025.htm#HDRWQ642">BOS Server Events</A>
+<LI><A NAME="ToC_724" HREF="auagd025.htm#HDRWQ645">Volume Location Server Events</A>
+</MENU>
+<P><B><A NAME="ToC_725" HREF="auagd026.htm#HDRINDEX">Index</A></B><BR>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRFIGLIST_START" HREF="auagd002.htm#ToC_1">Figures</A></H1>
+<OL>
+<LI><A NAME="FT_FIGWQ191" HREF="auagd010.htm#FIGWQ191" >File Sharing Between the Read/write Source and a Clone Volume</A></LI>
+<LI><A NAME="FT_FIGWQ337" HREF="auagd013.htm#FIGWQ337" >First example scout display</A></LI>
+<LI><A NAME="FT_FIGWQ338" HREF="auagd013.htm#FIGWQ338" >Second example scout display</A></LI>
+<LI><A NAME="FT_FIGWQ339" HREF="auagd013.htm#FIGWQ339" >Third example scout display</A></LI>
+<LI><A NAME="FT_FIGWQ340" HREF="auagd013.htm#FIGWQ340" >Fourth example scout display</A></LI>
+<LI><A NAME="FT_Figure_6" HREF="auagd013.htm#Figure_6" >The afsmonitor System Overview Screen</A></LI>
+<LI><A NAME="FT_Figure_7" HREF="auagd013.htm#Figure_7" >The afsmonitor File Servers Screen</A></LI>
+<LI><A NAME="FT_Figure_8" HREF="auagd013.htm#Figure_8" >The afsmonitor File Servers Screen Shifted One Page to the Right</A></LI>
+<LI><A NAME="FT_Figure_9" HREF="auagd013.htm#Figure_9" >The afsmonitor Cache Managers Screen</A></LI>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRTLIST_START" HREF="auagd002.htm#ToC_2">Tables</A></H1>
+<OL>
+<LI><A NAME="FT_TBLVOL-PREFIX" HREF="auagd007.htm#TBLVOL-PREFIX" >Suggested volume prefixes</A></LI>
+<LI><A NAME="FT_TBLPREFIX-EXAMPLE" HREF="auagd007.htm#TBLPREFIX-EXAMPLE" >Example volume-prefixing scheme</A></LI>
+<LI><A NAME="FT_TBLWQ466" HREF="auagd017.htm#TBLWQ466" >Source for values of uss template variables</A></LI>
+<LI><A NAME="FT_TBLWQ481" HREF="auagd017.htm#TBLWQ481" >Command-line argument sources for uss template variables</A></LI>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="Header_3" HREF="auagd002.htm#ToC_3">About This Guide</A></H1>
+<P>This section describes the purpose, organization, and conventions of this
+document.
+<HR><H2><A NAME="HDRWQ1" HREF="auagd002.htm#ToC_4">Audience and Purpose</A></H2>
+<P>This guide describes the concepts and procedures that an
+AFS<SUP><SUP>(R)</SUP></SUP> system administrator needs to know. It assumes
+familiarity with UNIX<SUP><SUP>(R)</SUP></SUP> administration, but no previous
+knowledge of AFS.
+<P>This document describes AFS commands in the context of specific
+tasks. Thus, it does not describe all commands in detail. Refer
+to the <I>IBM AFS Administration Reference</I> for detailed command
+descriptions.
+<HR><H2><A NAME="HDRWQ2" HREF="auagd002.htm#ToC_5">Document Organization</A></H2>
+<P>This document groups AFS administrative tasks into the
+following conceptual sections:
+<UL>
+<P><LI>Concepts and Configuration Issues
+<P><LI>Managing File Server Machines
+<P><LI>Managing Client Machines
+<P><LI>Managing Users and Groups
+</UL>
+<P>The individual chapters in each section contain the following:
+<UL>
+<P><LI>A chapter overview
+<P><LI>A quick reference list of the tasks and commands described in the chapter
+<P><LI>An introduction to concepts that pertain to all of the tasks described in
+the chapter
+<P><LI>A set of sections devoted to specific tasks. Each section begins
+with a discussion of concepts specific to that task, followed by step-by-step
+instructions for performing the task. The instructions are as specific
+as has been judged practical. If two related procedures differ from one
+another in important details, separate sets of instructions are usually
+provided.
+</UL>
+<HR><H2><A NAME="HDRWQ3" HREF="auagd002.htm#ToC_6">How to Use This Document</A></H2>
+<P>When you need to perform a specific administrative task,
+follow these steps:
+<OL TYPE=1>
+<P><LI>Determine if the task concerns file server machines, client machines, or
+users and groups. Turn to the appropriate section in this document and
+then to the appropriate chapter.
+<P><LI>Read or review the general introductory material at the beginning of the
+chapter.
+<P><LI>Read or review the introductory material concerning the specific task you
+wish to perform.
+<P><LI>Follow the step-by-step instructions for the task.
+<P><LI>If necessary, refer to the <I>IBM AFS Administration Reference</I> for
+more detailed information about the commands.
+</OL>
+<HR><H2><A NAME="HDRWQ4" HREF="auagd002.htm#ToC_7">Related Documents</A></H2>
+<P>The following documents are also included in the AFS
+documentation set.
+<P><I>IBM AFS Administration Reference</I>
+<P>This reference manual details the syntax and effect of each AFS
+command. It is intended for the experienced AFS administrator,
+programmer, or user.
+<P>The <I>IBM AFS Administration Reference</I> lists AFS files and
+commands in alphabetical order. The reference page for each command
+specifies its syntax, including the acceptable aliases and
+abbreviations. It then describes the command's function,
+arguments, and output if any. Examples and a list of related commands
+are provided, as are warnings where appropriate.
+<P>This manual complements the <I>IBM AFS Administration Guide</I>:
+it does not include procedural information, but describes commands in more
+detail than the <I>IBM AFS Administration Guide</I>.
+<P><I>IBM AFS Quick Beginnings</I>
+<P>This guide provides instructions for installing AFS server and client
+machines. It is assumed that the installer is an experienced UNIX<SUP>
+<SUP>(R)</SUP></SUP> system administrator.
+<P>For predictable performance, machines must be installed and configured in
+accordance with the instructions in this guide.
+<P><I>IBM AFS Release Notes</I>
+<P>This document provides information specific to each release of AFS, such as
+a list of new features and commands, a list of requirements and limitations,
+and instructions for upgrading server and client machines.
+<P><I>IBM AFS User Guide</I>
+<P>This guide presents the basic concepts and procedures necessary for using
+AFS effectively. It assumes that the reader has some experience with
+UNIX, but does not require familiarity with networking or AFS.
+<P>The guide explains how to perform basic functions, including
+authenticating, changing a password, protecting AFS data, creating groups, and
+troubleshooting. It provides illustrative examples for each function
+and describes some of the differences between the UNIX file system and
+AFS.
+<HR><H2><A NAME="HDRTYPO_CONV" HREF="auagd002.htm#ToC_8">Typographical Conventions</A></H2>
+<P>This document uses the following typographical
+conventions:
+<UL>
+<P><LI>Command and option names appear in <B>bold type</B> in syntax
+definitions, examples, and running text. Names of directories, files,
+machines, partitions, volumes, and users also appear in <B>bold
+type</B>.
+<P><LI>Variable information appears in <I>italic type</I>. This
+includes user-supplied information on command lines and the parts of prompts
+that differ depending on who issues the command. New terms also appear
+in <I>italic type</I>.
+<P><LI>Examples of screen output and file contents appear in <TT>monospace
+type</TT>.
+</UL>
+<P>In addition, the following symbols appear in command syntax definitions,
+both in the documentation and in AFS online help statements. When
+issuing a command, do not type these symbols.
+<UL>
+<P><LI>Square brackets <B>[ ]</B> surround optional items.
+<P><LI>Angle brackets <B>< ></B> surround user-supplied values in AFS
+commands.
+<P><LI>A superscripted plus sign <B>+</B> follows an argument that accepts
+more than one value.
+<P><LI>The percent sign <TT>%</TT> represents the regular command shell
+prompt. Some operating systems possibly use a different character for
+this prompt.
+<P><LI>The number sign <TT>#</TT> represents the command shell prompt for the
+local superuser <B>root</B>. Some operating systems possibly use a
+different character for this prompt.
+<P><LI>The pipe symbol <B> |</B> in a command syntax statement separates
+mutually exclusive values for an argument.
+</UL>
+<P>For additional information on AFS commands, including a description of
+command string components, acceptable abbreviations and aliases, and how to
+get online help for commands, see <A HREF="auagd023.htm#HDRCOMMANDS">Appendix B, Using AFS Commands</A>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ5" HREF="auagd002.htm#ToC_9">An Overview of AFS Administration</A></H1>
+<P>This chapter provides a broad overview of the concepts and
+organization of AFS. It is strongly recommended that anyone involved in
+administering an AFS cell read this chapter before beginning to issue
+commands.
+<HR><H2><A NAME="HDRWQ6" HREF="auagd002.htm#ToC_10">A Broad Overview of AFS</A></H2>
+<P>This section introduces most of the key terms and concepts
+necessary for a basic understanding of AFS. For a more detailed
+discussion, see <A HREF="#HDRWQ7">More Detailed Discussions of Some Basic Concepts</A>.
+<P><B>AFS: A Distributed File System</B>
+<P>AFS is a <I>distributed file system</I> that enables users to share and
+access all of the files stored in a network of computers as easily as they
+access the files stored on their local machines. The file system is
+called distributed for this exact reason: files can reside on many
+different machines (be distributed across them), but are available to users on
+every machine.
+<P><B>Servers and Clients</B>
+<P>In fact, AFS stores files on a subset of the machines in a network, called
+<I>file server machines</I>. File server machines provide file
+storage and delivery service, along with other specialized services, to the
+other subset of machines in the network, the <I>client
+machines</I>. These machines are called clients because they make use
+of the servers' services while doing their own work. In a standard
+AFS configuration, clients provide computational power, access to the files in
+AFS and other "general purpose" tools to the users seated at their
+consoles. There are generally many more client workstations than file
+server machines.
+<P>AFS file server machines run a number of <I>server processes</I>, so
+called because each provides a distinct specialized service: one handles
+file requests, another tracks file location, a third manages security, and so
+on. To avoid confusion, AFS documentation always refers to <I>server
+machines</I> and <I>server processes</I>, not simply to
+<I>servers</I>. For a more detailed description of the server
+processes, see <A HREF="#HDRWQ17">AFS Server Processes and the Cache Manager</A>.
+<P><B>Cells</B>
+<P>A <I>cell</I> is an administratively independent site running
+AFS. As a cell's system administrator, you make many decisions
+about configuring and maintaining your cell in the way that best serves its
+users, without having to consult the administrators in other cells. For
+example, you determine how many clients and servers to have, where to put
+files, and how to allocate client machines to users.
+<P><B>Transparent Access and the Uniform Namespace</B>
+<P>Although your AFS cell is administratively independent, you probably want
+to organize the local collection of files (your <I>filespace</I> or
+<I>tree</I>) so that users from other cells can also access the
+information in it. AFS enables cells to combine their local filespaces
+into a <I>global filespace</I>, and does so in such a way that file access
+is <I>transparent</I>--users do not need to know anything about a
+file's location in order to access it. All they need to know is
+the pathname of the file, which looks the same in every cell. Thus
+every user at every machine sees the collection of files in the same way,
+meaning that AFS provides a <I>uniform namespace</I> to its users.
+<P><B>Volumes</B>
+<P>AFS groups files into <I>volumes</I>, making it possible to distribute
+files across many machines and yet maintain a uniform namespace. A
+volume is a unit of disk space that functions like a container for a set of
+related files, keeping them all together on one partition. Volumes can
+vary in size, but are (by definition) smaller than a partition.
+<P>Volumes are important to system administrators and users for several
+reasons. Their small size makes them easy to move from one partition to
+another, or even between machines. The system administrator can
+maintain maximum efficiency by moving volumes to keep the load balanced
+evenly. In addition, volumes correspond to directories in the
+filespace--most cells store the contents of each user home directory in a
+separate volume. Thus the complete contents of the directory move
+together when the volume moves, making it easy for AFS to keep track of where
+a file is at a certain time. Volume moves are recorded automatically,
+so users do not have to keep track of file locations.
+<P><B>Efficiency Boosters: Replication and Caching</B>
+<P>AFS incorporates special features on server machines and client machines
+that help make it efficient and reliable.
+<P>On server machines, AFS enables administrators to <I>replicate</I>
+commonly-used volumes, such as those containing binaries for popular
+programs. Replication means putting an identical read-only copy
+(sometimes called a <I>clone</I>) of a volume on more than one file server
+machine. The failure of one file server machine housing the volume does
+not interrupt users' work, because the volume's contents are still
+available from other machines. Replication also means that one machine
+does not become overburdened with requests for files from a popular
+volume.
+<P>On client machines, AFS uses <I>caching</I> to improve
+efficiency. When a user on a client workstation requests a file, the
+<I>Cache Manager</I> on the client sends a request for the data to the
+File Server process running on the proper file server machine. The user
+does not need to know which machine this is; the Cache Manager determines
+file location automatically. The Cache Manager receives the file from
+the File Server process and puts it into the <I>cache</I>, an area of the
+client machine's local disk or memory dedicated to temporary file
+storage. Caching improves efficiency because the client does not need
+to send a request across the network every time the user wants the same
+file. Network traffic is minimized, and subsequent access to the file
+is especially fast because the file is stored locally. AFS has a way of
+ensuring that the cached file stays up-to-date, called a
+<I>callback</I>.
+<P><B>Security: Mutual Authentication and Access Control Lists</B>
+<P>Even in a cell where file sharing is especially frequent and widespread, it
+is not desirable that every user have equal access to every file. One
+way AFS provides adequate security is by requiring that servers and clients
+prove their identities to one another before they exchange information.
+This procedure, called <I>mutual authentication</I>, requires that both
+server and client demonstrate knowledge of a "shared secret" (like a password)
+known only to the two of them. Mutual authentication guarantees that
+servers provide information only to authorized clients and that clients
+receive information only from legitimate servers.
+<P>Users themselves control another aspect of AFS security, by determining who
+has access to the directories they own. For any directory a user owns,
+he or she can build an <I>access control list</I> (ACL) that grants or
+denies access to the contents of the directory. An access control list
+pairs specific users with specific types of access privileges. There
+are seven separate permissions and up to twenty different people or groups of
+people can appear on an access control list.
+<P>For a more detailed description of AFS's mutual authentication
+procedure, see <A HREF="auagd007.htm#HDRWQ75">A More Detailed Look at Mutual Authentication</A>. For further discussion of ACLs, see <A HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A>.
+<HR><H2><A NAME="HDRWQ7" HREF="auagd002.htm#ToC_11">More Detailed Discussions of Some Basic Concepts</A></H2>
+<P>The previous section offered a brief overview of the many
+concepts that an AFS system administrator needs to understand. The
+following sections examine some important concepts in more detail.
+Although not all concepts are new to an experienced administrator, reading
+this section helps ensure a common understanding of term and concepts.
+<P><H3><A NAME="HDRWQ8" HREF="auagd002.htm#ToC_12">Networks</A></H3>
+<A NAME="IDX5538"></A>
+<P>A <I>network</I> is a collection of interconnected computers able to
+communicate with each other and transfer information back and forth.
+<P>A networked computing environment contrasts with two types of computing
+environments: <I>mainframe</I> and <I>personal</I>.
+<A NAME="IDX5539"></A>
+<A NAME="IDX5540"></A>
+<UL>
+<P><LI>A <I>mainframe</I> computing environment is the most
+traditional. It uses a single powerful computer (the mainframe) to do
+the majority of the work in the system, both file storage and
+computation. It serves many users, who access their files and issue
+commands to the mainframe via <I>terminals</I>, which generally have only
+enough computing power to accept input from a keyboard and to display data on
+the screen.
+<A NAME="IDX5541"></A>
+<P><LI>A <I>personal</I> computing environment is a single small computer
+that serves one (or, at the most, a few) users. Like a mainframe
+computer, the single computer stores all the files and performs all
+computation. Like a terminal, the personal computer provides access to
+the computer through a keyboard and screen.
+<A NAME="IDX5542"></A>
+</UL>
+<P>A network can connect computers of any kind, but the typical network
+running AFS connects high-function personal workstations. Each
+workstation has some computing power and local disk space, usually more than a
+personal computer or terminal, but less than a mainframe. For more
+about the classes of machines used in an AFS environment, see <A HREF="#HDRWQ10">Servers and Clients</A>.
+<P><H3><A NAME="HDRWQ9" HREF="auagd002.htm#ToC_13">Distributed File Systems</A></H3>
+<A NAME="IDX5543"></A>
+<A NAME="IDX5544"></A>
+<P>A <I>file system</I> is a collection of files and the facilities
+(programs and commands) that enable users to access the information in the
+files. All computing environments have file systems. In a
+mainframe environment, the file system consists of all the files on the
+mainframe's storage disks, whereas in a personal computing environment it
+consists of the files on the computer's local disk.
+<P>Networked computing environments often use <I>distributed file
+systems</I> like AFS. A distributed file system takes advantage of
+the interconnected nature of the network by storing files on more than one
+computer in the network and making them accessible to all of them. In
+other words, the responsibility for file storage and delivery is "distributed"
+among multiple machines instead of relying on only one. Despite the
+distribution of responsibility, a distributed file system like AFS creates the
+illusion that there is a single filespace.
+<P><H3><A NAME="HDRWQ10" HREF="auagd002.htm#ToC_14">Servers and Clients</A></H3>
+<A NAME="IDX5545"></A>
+<A NAME="IDX5546"></A>
+<A NAME="IDX5547"></A>
+<P>AFS uses a server/client model. In general, a <I>server</I> is a
+machine, or a process running on a machine, that provides specialized services
+to other machines. A <I>client</I> is a machine or process that
+makes use of a server's specialized service during the course of its own
+work, which is often of a more general nature than the server's.
+The functional distinction between clients and server is not always strict,
+however--a server can be considered the client of another server whose
+service it is using.
+<P>AFS divides the machines on a network into two basic classes, <I>file
+server machines</I> and <I>client machines</I>, and assigns different
+tasks and responsibilities to each.
+<P><B>File Server Machines</B>
+<A NAME="IDX5548"></A>
+<A NAME="IDX5549"></A>
+<P><I>File server machines</I> store the files in the distributed file
+system, and a <I>server process</I> running on the file server machine
+delivers and receives files. AFS file server machines run a number of
+<I>server processes</I>. Each process has a special function, such
+as maintaining databases important to AFS administration, managing security or
+handling volumes. This modular design enables each server process to
+specialize in one area, and thus perform more efficiently. For a
+description of the function of each AFS server process, see <A HREF="#HDRWQ17">AFS Server Processes and the Cache Manager</A>.
+<P>Not all AFS server machines must run all of the server processes.
+Some processes run on only a few machines because the demand for their
+services is low. Other processes run on only one machine in order to
+act as a synchronization site. See <A HREF="auagd008.htm#HDRWQ90">The Four Roles for File Server Machines</A>.
+<P><B>Client Machines</B>
+<A NAME="IDX5550"></A>
+<P>The other class of machines are the <I>client machines</I>, which
+generally work directly for users, providing computational power and other
+general purpose tools. Clients also provide users with access to the
+files stored on the file server machines. Clients do not run any
+special processes per se, but do use a modified kernel that enables them to
+communicate with the AFS server processes running on the file server machines
+and to cache files. This collection of kernel modifications is referred
+to as the <I>Cache Manager</I>; see <A HREF="#HDRWQ28">The Cache Manager</A>. There are usually many more client machines in a
+cell than file server machines.
+<P><B>Client and Server Configuration</B>
+<P>In the most typical AFS configuration, both file server machines and client
+machines are high-function workstations with disk drives. While this
+configuration is not required, it does have some advantages.
+<A NAME="IDX5551"></A>
+<P>There are several advantages to using personal workstations as file server
+machines. One is that it is easy to expand the network by adding
+another file server machine. It is also easy to increase storage space
+by adding disks to existing machines. Using workstations rather than
+more powerful mainframes makes it more economical to use multiple file server
+machines rather than one. Multiple file server machines provide an
+increase in system availability and reliability if popular files are available
+on more than one machine.
+<P>The advantage of using workstations as clients is that <I>caching</I>
+on the local disk speeds the delivery of files to application programs.
+(For an explanation of caching, see <A HREF="#HDRWQ16">Caching and Callbacks</A>.) Diskless machines can access AFS if they are
+running NFS<SUP>(R)</SUP> and the NFS/AFS Translator, an optional component of the
+AFS distribution.
+<P><H3><A NAME="HDRWQ11" HREF="auagd002.htm#ToC_15">Cells</A></H3>
+<A NAME="IDX5552"></A>
+<P>A <I>cell</I> is an independently administered site running AFS.
+In terms of hardware, it consists of a collection of file server machines and
+client machines defined as belonging to the cell; a machine can only
+belong to one cell at a time. Users also belong to a cell in the sense
+of having an account in it, but unlike machines can belong to (have an account
+in) multiple cells. To say that a cell is administratively independent
+means that its administrators determine many details of its configuration
+without having to consult administrators in other cells or a central
+authority. For example, a cell administrator determines how many
+machines of different types to run, where to put files in the local tree, how
+to associate volumes and directories, and how much space to allocate to each
+user.
+<P>The terms <I>local cell</I> and <I>home cell</I> are equivalent,
+and refer to the cell in which a user has initially authenticated during a
+session, by logging onto a machine that belongs to that cell. All other
+cells are referred to as <I>foreign</I> from the user's
+perspective. In other words, throughout a login session, a user is
+accessing the filespace through a single Cache Manager--the one on the
+machine to which he or she initially logged in--whose cell membership
+defines the local cell. All other cells are considered foreign during
+that login session, even if the user authenticates in additional cells or uses
+the <B>cd</B> command to change directories into their file trees.
+<A NAME="IDX5553"></A>
+<A NAME="IDX5554"></A>
+<A NAME="IDX5555"></A>
+<A NAME="IDX5556"></A>
+<P>It is possible to maintain more than one cell at a single geographical
+location. For instance, separate departments on a university campus or
+in a corporation can choose to administer their own cells. It is also
+possible to have machines at geographically distant sites belong to the same
+cell; only limits on the speed of network communication determine how
+practical this is.
+<P>Despite their independence, AFS cells generally agree to make their local
+filespace visible to other AFS cells, so that users in different cells can
+share files if they choose. If your cell is to participate in the
+"global" AFS namespace, it must comply with a few basic conventions governing
+how the local filespace is configured and how the addresses of certain file
+server machines are advertised to the outside world.
+<P><H3><A NAME="HDRWQ12" HREF="auagd002.htm#ToC_16">The Uniform Namespace and Transparent Access</A></H3>
+<A NAME="IDX5557"></A>
+<A NAME="IDX5558"></A>
+<P>One of the features that makes AFS easy to use is that it provides
+<I>transparent access</I> to the files in a cell's filespace.
+Users do not have to know which file server machine stores a file in order to
+access it; they simply provide the file's pathname, which AFS
+automatically translates into a machine location.
+<P>In addition to transparent access, AFS also creates a <I>uniform
+namespace</I>--a file's pathname is identical regardless of which
+client machine the user is working on. The cell's file tree looks
+the same when viewed from any client because the cell's file server
+machines store all the files centrally and present them in an identical manner
+to all clients.
+<P>To enable the transparent access and the uniform namespace features, the
+system administrator must follow a few simple conventions in configuring
+client machines and file trees. For details, see <A HREF="auagd007.htm#HDRWQ39">Making Other Cells Visible in Your Cell</A>.
+<P><H3><A NAME="HDRWQ13" HREF="auagd002.htm#ToC_17">Volumes</A></H3>
+<A NAME="IDX5559"></A>
+<P>A <I>volume</I> is a conceptual container for a set of related files
+that keeps them all together on one file server machine partition.
+Volumes can vary in size, but are (by definition) smaller than a
+partition. Volumes are the main administrative unit in AFS, and have
+several characteristics that make administrative tasks easier and help improve
+overall system performance.
+<UL>
+<P><LI>The relatively small size of volumes makes them easy to move from one
+partition to another, or even between machines.
+<P><LI>You can maintain maximum system efficiency by moving volumes to keep the
+load balanced evenly among the different machines. If a partition
+becomes full, the small size of individual volumes makes it easy to find
+enough room on other machines for them.
+<A NAME="IDX5560"></A>
+<P><LI>Each volume corresponds logically to a directory in the file tree and
+keeps together, on a single partition, all the data that makes up the files in
+the directory. By maintaining (for example) a separate volume for each
+user's home directory, you keep all of the user's files together,
+but separate from those of other users. This is an administrative
+convenience that is impossible if the partition is the smallest unit of
+storage.
+<A NAME="IDX5561"></A>
+<P>
+<A NAME="IDX5562"></A>
+<P>
+<A NAME="IDX5563"></A>
+<P><LI>The directory/volume correspondence also makes transparent file access
+possible, because it simplifies the process of file location. All files
+in a directory reside together in one volume and in order to find a file, a
+file server process need only know the name of the file's parent
+directory, information which is included in the file's pathname.
+AFS knows how to translate the directory name into a volume name, and
+automatically tracks every volume's location, even when a volume is moved
+from machine to machine. For more about the directory/volume
+correspondence, see <A HREF="#HDRWQ14">Mount Points</A>.
+<P><LI>Volumes increase file availability through replication and backup.
+<A NAME="IDX5564"></A>
+<P>
+<A NAME="IDX5565"></A>
+<P><LI>Replication (placing copies of a volume on more than one file server
+machine) makes the contents more reliably available; for details, see <A HREF="#HDRWQ15">Replication</A>. Entire sets of volumes can be backed up to tape and
+restored to the file system; see <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>. In AFS, backup also refers to
+recording the state of a volume at a certain time and then storing it (either
+on tape or elsewhere in the file system) for recovery in the event files in it
+are accidentally deleted or changed. See <A HREF="auagd010.htm#HDRWQ201">Creating Backup Volumes</A>.
+<P><LI>Volumes are the unit of resource management. A space quota
+associated with each volume sets a limit on the maximum volume size.
+See <A HREF="auagd010.htm#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>.
+<A NAME="IDX5566"></A>
+</UL>
+<P><H3><A NAME="HDRWQ14" HREF="auagd002.htm#ToC_18">Mount Points</A></H3>
+<A NAME="IDX5567"></A>
+<P>The previous section discussed how each volume corresponds logically to a
+directory in the file system: the volume keeps together on one partition
+all the data in the files residing in the directory. The directory that
+corresponds to a volume is called its <I>root directory</I>, and the
+mechanism that associates the directory and volume is called a <I>mount
+point</I>. A mount point is similar to a symbolic link in the file
+tree that specifies which volume contains the files kept in a
+directory. A mount point is not an actual symbolic link; its
+internal structure is different.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You must not create a symbolic link to a file whose name begins with the
+number sign (#) or the percent sign (%), because the Cache Manager interprets
+such a link as a mount point to a regular or read/write volume,
+respectively.
+</TD></TR></TABLE>
+<P>
+<A NAME="IDX5568"></A>
+<A NAME="IDX5569"></A>
+<A NAME="IDX5570"></A>
+<A NAME="IDX5571"></A>
+<P>The use of mount points means that many of the elements in an AFS file tree
+that look and function just like standard UNIX file system directories are
+actually mount points. In form, a mount point is a one-line file that
+names the volume containing the data for files in the directory. When
+the Cache Manager (see <A HREF="#HDRWQ28">The Cache Manager</A>) encounters a mount point--for example, in the course
+of interpreting a pathname--it looks in the volume named in the mount
+point. In the volume the Cache Manager finds an actual UNIX-style
+directory element--the volume's root directory--that lists the
+files contained in the directory/volume. The next element in the
+pathname appears in that list.
+<P>A volume is said to be <I>mounted</I> at the point in the file tree
+where there is a mount point pointing to the volume. A volume's
+contents are not visible or accessible unless it is mounted.
+<P><H3><A NAME="HDRWQ15" HREF="auagd002.htm#ToC_19">Replication</A></H3>
+<A NAME="IDX5572"></A>
+<A NAME="IDX5573"></A>
+<P><I>Replication</I> refers to making a copy, or <I>clone</I>, of a
+source read/write volume and then placing the copy on one or more additional
+file server machines in a cell. One benefit of replicating a volume is
+that it increases the availability of the contents. If one file server
+machine housing the volume fails, users can still access the volume on a
+different machine. No one machine need become overburdened with
+requests for a popular file, either, because the file is available from
+several machines.
+<P>Replication is not necessarily appropriate for cells with limited disk
+space, nor are all types of volumes equally suitable for replication
+(replication is most appropriate for volumes that contain popular files that
+do not change very often). For more details, see <A HREF="auagd007.htm#HDRWQ50">When to Replicate Volumes</A>.
+<P><H3><A NAME="HDRWQ16" HREF="auagd002.htm#ToC_20">Caching and Callbacks</A></H3>
+<A NAME="IDX5574"></A>
+<P>Just as replication increases system availability, <I>caching</I>
+increases the speed and efficiency of file access in AFS. Each AFS
+client machine dedicates a portion of its local disk or memory to a
+<I>cache</I> where it stores data temporarily. Whenever an
+application program (such as a text editor) running on a client machine
+requests data from an AFS file, the request passes through the Cache
+Manager. The Cache Manager is a portion of the client machine's
+kernel that translates file requests from local application programs into
+cross-network requests to the <I>File Server process</I> running on the
+file server machine storing the file. When the Cache Manager receives
+the requested data from the File Server, it stores it in the cache and then
+passes it on to the application program.
+<P>Caching improves the speed of data delivery to application programs in the
+following ways:
+<UL>
+<P><LI>When the application program repeatedly asks for data from the same file,
+it is already on the local disk. The application does not have to wait
+for the Cache Manager to request and receive the data from the File
+Server.
+<P><LI>Caching data eliminates the need for repeated request and transfer of the
+same data, so network traffic is reduced. Thus, initial requests and
+other traffic can get through more quickly.
+<A NAME="IDX5575"></A>
+<A NAME="IDX5576"></A>
+<P>
+<A NAME="IDX5577"></A>
+</UL>
+<P>
+<A NAME="IDX5578"></A>
+<P>
+<A NAME="IDX5579"></A>
+ While caching provides many advantages, it also creates the problem of
+maintaining consistency among the many cached copies of a file and the source
+version of a file. This problem is solved using a mechanism referred to
+as a <I>callback</I>.
+<P>A callback is a promise by a File Server to a Cache Manager to inform the
+latter when a change is made to any of the data delivered by the File
+Server. Callbacks are used differently based on the type of file
+delivered by the File Server:
+<UL>
+<P><LI>When a File Server delivers a writable copy of a file (from a read/write
+volume) to the Cache Manager, the File Server sends along a callback with that
+file. If the source version of the file is changed by another user, the
+File Server breaks the callback associated with the cached version of that
+file--indicating to the Cache Manager that it needs to update the cached
+copy.
+<P><LI>When a File Server delivers a file from a read-only volume to the Cache
+Manager, the File Server sends along a callback associated with the entire
+volume (so it does not need to send any more callbacks when it delivers
+additional files from the volume). Only a single callback is required
+per accessed read-only volume because files in a read-only volume can change
+only when a new version of the complete volume is released. All
+callbacks associated with the old version of the volume are broken at release
+time.
+</UL>
+<P>The callback mechanism ensures that the Cache Manager always requests the
+most up-to-date version of a file. However, it does not ensure that the
+user necessarily notices the most current version as soon as the Cache Manager
+has it. That depends on how often the application program requests
+additional data from the File System or how often it checks with the Cache
+Manager.
+<HR><H2><A NAME="HDRWQ17" HREF="auagd002.htm#ToC_21">AFS Server Processes and the Cache Manager</A></H2>
+<A NAME="IDX5580"></A>
+<A NAME="IDX5581"></A>
+<P>As mentioned in <A HREF="#HDRWQ10">Servers and Clients</A>, AFS file server machines run a number of processes, each
+with a specialized function. One of the main responsibilities of a
+system administrator is to make sure that processes are running correctly as
+much of the time as possible, using the administrative services that the
+server processes provide.
+<P>The following list briefly describes the function of each server process
+and the Cache Manager; the following sections then discuss the important
+features in more detail.
+<P>The <I>File Server</I>, the most fundamental of the servers, delivers
+data files from the file server machine to local workstations as requested,
+and stores the files again when the user saves any changes to the
+files.
+<P>The <I>Basic OverSeer Server (BOS Server)</I> ensures that the other
+server processes on its server machine are running correctly as much of the
+time as possible, since a server is useful only if it is available. The
+BOS Server relieves system administrators of much of the responsibility for
+overseeing system operations.
+<P>The <I>Authentication Server</I> helps ensure that communications on
+the network are secure. It verifies user identities at login and
+provides the facilities through which participants in transactions prove their
+identities to one another (mutually authenticate). It maintains the
+Authentication Database.
+<P>The <I>Protection Server</I> helps users control who has access to
+their files and directories. Users can grant access to several other
+users at once by putting them all in a group entry in the Protection Database
+maintained by the Protection Server.
+<P>The <I>Volume Server</I> performs all types of volume
+manipulation. It helps the administrator move volumes from one server
+machine to another to balance the workload among the various machines.
+<P>The <I>Volume Location Server (VL Server)</I> maintains the Volume
+Location Database (VLDB), in which it records the location of volumes as they
+move from file server machine to file server machine. This service is
+the key to transparent file access for users.
+<P>The <I>Update Server</I> distributes new versions of AFS server process
+software and configuration information to all file server machines. It
+is crucial to stable system performance that all server machines run the same
+software.
+<P>The <I>Backup Server</I> maintains the Backup Database, in which it
+stores information related to the Backup System. It enables the
+administrator to back up data from volumes to tape. The data can then
+be restored from tape in the event that it is lost from the file
+system.
+<P>The <I>Salvager</I> is not a server in the sense that others
+are. It runs only after the File Server or Volume Server fails; it
+repairs any inconsistencies caused by the failure. The system
+administrator can invoke it directly if necessary.
+<P>The <I>Network Time Protocol Daemon (NTPD)</I> is not an AFS server
+process per se, but plays a vital role nonetheless. It synchronizes the
+internal clock on a file server machine with those on other machines.
+Synchronized clocks are particularly important for correct functioning of the
+AFS distributed database technology (known as <I>Ubik</I>); see <A HREF="auagd008.htm#HDRWQ103">Configuring the Cell for Proper Ubik Operation</A>. The NTPD is controlled by the <B>runntp</B>
+process.
+<P>The <I>Cache Manager</I> is the one component in this list that resides
+on AFS client rather than file server machines. It not a process per
+se, but rather a part of the kernel on AFS client machines that communicates
+with AFS server processes. Its main responsibilities are to retrieve
+files for application programs running on the client and to maintain the files
+in the cache.
+<P><H3><A NAME="HDRWQ18" HREF="auagd002.htm#ToC_22">The File Server</A></H3>
+<A NAME="IDX5582"></A>
+<P>The <I>File Server</I> is the most fundamental of the AFS server
+processes and runs on each file server machine. It provides the same
+services across the network that the UNIX file system provides on the local
+disk:
+<UL>
+<P><LI>Delivering programs and data files to client workstations as requested and
+storing them again when the client workstation finishes with them.
+<P><LI>Maintaining the hierarchical directory structure that users create to
+organize their files.
+<P><LI>Handling requests for copying, moving, creating, and deleting files and
+directories.
+<P><LI>Keeping track of status information about each file and directory
+(including its size and latest modification time).
+<P><LI>Making sure that users are authorized to perform the actions they request
+on particular files or directories.
+<P><LI>Creating symbolic and hard links between files.
+<P><LI>Granting advisory locks (corresponding to UNIX locks) on request.
+</UL>
+<P><H3><A NAME="HDRWQ19" HREF="auagd002.htm#ToC_23">The Basic OverSeer Server</A></H3>
+<A NAME="IDX5583"></A>
+<P>The <I>Basic OverSeer Server (BOS Server)</I> reduces the demands on
+system administrators by constantly monitoring the processes running on its
+file server machine. It can restart failed processes automatically and
+provides a convenient interface for administrative tasks.
+<P>The BOS Server runs on every file server machine. Its primary
+function is to minimize system outages. It also
+<UL>
+<P><LI>Constantly monitors the other server processes (on the local machine) to
+make sure they are running correctly.
+<P><LI>Automatically restarts failed processes, without contacting a human
+operator. When restarting multiple server processes simultaneously, the
+BOS server takes interdependencies into account and initiates restarts in the
+correct order.
+<A NAME="IDX5584"></A>
+<P>
+<A NAME="IDX5585"></A>
+<P><LI>Accepts requests from the system administrator. Common reasons to
+contact BOS are to verify the status of server processes on file server
+machines, install and start new processes, stop processes either temporarily
+or permanently, and restart dead processes manually.
+<P><LI>Helps system administrators to manage system configuration
+information. The BOS server automates the process of adding and
+changing <I>server encryption keys</I>, which are important in mutual
+authentication. The BOS Server also provides a simple interface for
+modifying two files that contain information about privileged users and
+certain special file server machines. For more details about these
+configuration files, see <A HREF="auagd008.htm#HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</A>.
+</UL>
+<P><H3><A NAME="HDRWQ20" HREF="auagd002.htm#ToC_24">The Authentication Server</A></H3>
+<A NAME="IDX5586"></A>
+<P>The <I>Authentication Server</I> performs two main functions related to
+network security:
+<UL>
+<P><LI>Verifying the identity of users as they log into the system by requiring
+that they provide a password. The Authentication Server grants the user
+a <I>token</I> as proof to AFS server processes that the user has
+authenticated. For more on tokens, see <A HREF="auagd007.htm#HDRWQ76">Complex Mutual Authentication</A>.
+<P><LI>Providing the means through which server and client processes prove their
+identities to each other (mutually authenticate). This helps to create
+a secure environment in which to send cross-network messages.
+</UL>
+<P>In fulfilling these duties, the Authentication Server utilizes algorithms
+and other procedures known as <I>Kerberos</I> (which is why many commands
+used to contact the Authentication Server begin with the letter
+<B>k</B>). This technology was originally developed by the
+Massachusetts Institute of Technology's Project Athena.
+<P>The Authentication Server also maintains the <I>Authentication
+Database</I>, in which it stores user passwords converted into encryption
+key form as well as the AFS server encryption key. To learn more about
+the procedures AFS uses to verify user identity and during mutual
+authentication, see <A HREF="auagd007.htm#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.
+<A NAME="IDX5587"></A>
+<A NAME="IDX5588"></A>
+<A NAME="IDX5589"></A>
+<A NAME="IDX5590"></A>
+<P><H3><A NAME="HDRWQ21" HREF="auagd002.htm#ToC_25">The Protection Server</A></H3>
+<A NAME="IDX5591"></A>
+<A NAME="IDX5592"></A>
+<A NAME="IDX5593"></A>
+<P>The <I>Protection Server</I> is the key to AFS's refinement of the
+normal UNIX methods for protecting files and directories from unauthorized
+use. The refinements include the following:
+<UL>
+<P><LI>Defining seven access permissions rather than the standard UNIX file
+system's three. In conjunction with the UNIX mode bits associated
+with each file and directory element, AFS associates an <I>access control
+list (ACL)</I> with each directory. The ACL specifies which users
+have which of the seven specific permissions for the directory and all the
+files it contains. For a definition of AFS's seven access
+permissions and how users can set them on access control lists, see <A HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A>.
+<A NAME="IDX5594"></A>
+<P><LI>Enabling users to grant permissions to numerous individual users--a
+different combination to each individual if desired. UNIX protection
+distinguishes only between three user or groups: the owner of the file,
+members of a single specified group, and everyone who can access the local
+file system.
+<P><LI>Enabling users to define their own groups of users, recorded in the
+<I>Protection Database</I> maintained by the Protection Server. The
+groups then appear on directories' access control lists as though they
+were individuals, which enables the granting of permissions to many users
+simultaneously.
+<P><LI>Enabling system administrators to create groups containing client machine
+IP addresses to permit access when it originates from the specified client
+machines. These types of groups are useful when it is necessary to
+adhere to machine-based licensing restrictions.
+</UL>
+<A NAME="IDX5595"></A>
+<A NAME="IDX5596"></A>
+<P>The Protection Server's main duty is to help the File Server determine
+if a user is authorized to access a file in the requested manner. The
+Protection Server creates a list of all the groups to which the user
+belongs. The File Server then compares this list to the ACL associated
+with the file's parent directory. A user thus acquires access both
+as an individual and as a member of any groups.
+<P>The Protection Server also maps <I>usernames</I> (the name typed at the
+login prompt) to <I>AFS user ID</I> numbers (<I>AFS UIDs</I>).
+These UIDs are functionally equivalent to UNIX UIDs, but operate in the domain
+of AFS rather than in the UNIX file system on a machine's local
+disk. This conversion service is essential because the tokens that the
+Authentication Server grants to authenticated users are stamped with usernames
+(to comply with Kerberos standards). The AFS server processes identify
+users by AFS UID, not by username. Before they can understand whom the
+token represents, they need the Protection Server to translate the username
+into an AFS UID. For further discussion of tokens, see <A HREF="auagd007.htm#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.
+<P><H3><A NAME="HDRWQ22" HREF="auagd002.htm#ToC_26">The Volume Server</A></H3>
+<A NAME="IDX5597"></A>
+<P>The <I>Volume Server</I> provides the interface through which you
+create, delete, move, and replicate volumes, as well as prepare them for
+archiving to tape or other media (backing up). <A HREF="#HDRWQ13">Volumes</A> explained the advantages gained by storing files in
+volumes. Creating and deleting volumes are necessary when adding and
+removing users from the system; volume moves are done for load
+balancing; and replication enables volume placement on multiple file
+server machines (for more on replication, see <A HREF="#HDRWQ15">Replication</A>).
+<P><H3><A NAME="HDRWQ23" HREF="auagd002.htm#ToC_27">The Volume Location (VL) Server</A></H3>
+<A NAME="IDX5598"></A>
+<A NAME="IDX5599"></A>
+<P>The <I>VL Server</I> maintains a complete list of volume locations in
+the <I>Volume Location Database (VLDB)</I>. When the Cache Manager
+(see <A HREF="#HDRWQ28">The Cache Manager</A>) begins to fill a file request from an application program,
+it first contacts the VL Server in order to learn which file server machine
+currently houses the volume containing the file. The Cache Manager then
+requests the file from the File Server process running on that file server
+machine.
+<P>The VLDB and VL Server make it possible for AFS to take advantage of the
+increased system availability gained by using multiple file server machines,
+because the Cache Manager knows where to find a particular file.
+Indeed, in a certain sense the VL Server is the keystone of the entire file
+system--when the information in the VLDB is inaccessible, the Cache
+Manager cannot retrieve files, even if the File Server processes are working
+properly. A list of the information stored in the VLDB about each
+volume is provided in <A HREF="auagd010.htm#HDRWQ180">Volume Information in the VLDB</A>.
+<A NAME="IDX5600"></A>
+<P><H3><A NAME="HDRWQ24" HREF="auagd002.htm#ToC_28">The Update Server</A></H3>
+<A NAME="IDX5601"></A>
+<P>The <I>Update Server</I> helps guarantee that all file server machines
+are running the same version of a server process. System performance
+can be inconsistent if some machines are running one version of the BOS Server
+(for example) and other machines were running another version.
+<P>To ensure that all machines run the same version of a process, install new
+software on a single file server machine of each system type, called the
+<I>binary distribution machine</I> for that type. The binary
+distribution machine runs the <I>server portion</I> of the Update Server,
+whereas all the other machines of that type run the <I>client portion</I>
+of the Update Server. The client portions check frequently with the
+server portion to see if they are running the right version of every
+process; if not, the client portion retrieves the right version from the
+binary distribution machine and installs it locally. The system
+administrator does not need to remember to install new software individually
+on all the file server machines: the Update Server does it
+automatically. For more on binary distribution machines, see <A HREF="auagd008.htm#HDRWQ93">Binary Distribution Machines</A>.
+<A NAME="IDX5602"></A>
+<P>
+<A NAME="IDX5603"></A>
+<P>In cells that run the United States edition of AFS, the Update Server also
+distributes configuration files that all file server machines need to store on
+their local disks (for a description of the contents and purpose of these
+files, see <A HREF="auagd008.htm#HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</A>). As with server process software, the need for
+consistent system performance demands that all the machines have the same
+version of these files. With the United States edition, the system
+administrator needs to make changes to these files on one machine only, the
+cell's <I>system control machine</I>, which runs a server portion of
+the Update Server. All other machines in the cell run a client portion
+that accesses the correct versions of these configuration files from the
+system control machine. Cells running the international edition of AFS
+do not use a system control machine to distribute configuration files.
+For more information, see <A HREF="auagd008.htm#HDRWQ94">The System Control Machine</A>.
+<P><H3><A NAME="HDRWQ25" HREF="auagd002.htm#ToC_29">The Backup Server</A></H3>
+<A NAME="IDX5604"></A>
+<A NAME="IDX5605"></A>
+<P>The <I>Backup Server</I> maintains the information in the <I>Backup
+Database</I>. The Backup Server and the Backup Database enable
+administrators to back up data from AFS volumes to tape and restore it from
+tape to the file system if necessary. The server and database together
+are referred to as the <I>Backup System</I>.
+<P>Administrators initially configure the Backup System by defining sets of
+volumes to be dumped together and the schedule by which the sets are to be
+dumped. They also install the system's tape drives and define the
+drives' <I>Tape Coordinators</I>, which are the processes that
+control the tape drives.
+<P>Once the Backup System is configured, user and system data can be dumped
+from volumes to tape. In the event that data is ever lost from the
+system (for example, if a system or disk failure causes data to be lost),
+administrators can restore the data from tape. If tapes are
+periodically archived, or saved, data can also be restored to its state at a
+specific time. Additionally, because Backup System data is difficult to
+reproduce, the Backup Database itself can be backed up to tape and restored if
+it ever becomes corrupted. For more information on configuring and
+using the Backup System, see <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<P><H3><A NAME="HDRWQ26" HREF="auagd002.htm#ToC_30">The Salvager</A></H3>
+<A NAME="IDX5606"></A>
+<P>The <I>Salvager</I> differs from other AFS Servers in that it runs only
+at selected times. The BOS Server invokes the Salvager when the File
+Server, Volume Server, or both fail. The Salvager attempts to repair
+disk corruption that can result from a failure.
+<P>As a system administrator, you can also invoke the Salvager as necessary,
+even if the File Server or Volume Server has not failed. See <A HREF="auagd010.htm#HDRWQ232">Salvaging Volumes</A>.
+<P><H3><A NAME="HDRWQ27" HREF="auagd002.htm#ToC_31">The Network Time Protocol Daemon</A></H3>
+<A NAME="IDX5607"></A>
+<P>The <I>Network Time Protocol Daemon (NTPD)</I> is not an AFS server
+process per se, but plays an important role. It helps guarantee that
+all of the file server machines agree on the time. The NTPD on one file
+server machine acts as a synchronization site, generally learning the correct
+time from a source outside the cell. The NTPDs on the other file server
+machines refer to the synchronization site to set the internal clocks on their
+machines.
+<P>Keeping clocks synchronized is particularly important to the correct
+operation of AFS's distributed database technology, which coordinates the
+copies of the Authentication, Backup, Protection, and Volume Location
+Databases; see <A HREF="auagd007.htm#HDRWQ52">Replicating the AFS Administrative Databases</A>. Client machines also refer to these clocks for the
+correct time; therefore, it is less confusing if all file server machines
+have the same time. For more technical detail about the NTPD, see <A HREF="auagd009.htm#HDRWQ151">The runntp Process</A>.
+<P><H3><A NAME="HDRWQ28" HREF="auagd002.htm#ToC_32">The Cache Manager</A></H3>
+<A NAME="IDX5608"></A>
+<P>As already mentioned in <A HREF="#HDRWQ16">Caching and Callbacks</A>, the <I>Cache Manager</I> is the one component in this
+section that resides on client machines rather than on file server
+machines. It is not technically a stand-alone process, but rather a set
+of extensions or modifications in the client machine's kernel that enable
+communication with the server processes running on server machines. Its
+main duty is to translate file requests (made by application programs on
+client machines) into remote procedure calls (RPCs) to the File Server.
+(The Cache Manager first contacts the VL Server to find out which File Server
+currently houses the volume that contains a requested file, as mentioned in <A HREF="#HDRWQ23">The Volume Location (VL) Server</A>). When the Cache Manager receives the requested file,
+it caches it before passing data on to the application program.
+<P>The Cache Manager also tracks the state of files in its cache compared to
+the version at the File Server by storing the callbacks sent by the File
+Server. When the File Server breaks a callback, indicating that a file
+or volume changed, the Cache Manager requests a copy of the new version before
+providing more data to application programs.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ29" HREF="auagd002.htm#ToC_33">Issues in Cell Configuration and Administration</A></H1>
+<P>This chapter discusses many of the issues to consider when
+configuring and administering a cell, and directs you to detailed related
+information available elsewhere in this guide. It is assumed you are
+already familiar with the material in <A HREF="auagd006.htm#HDRWQ5">An Overview of AFS Administration</A>.
+<P>It is best to read this chapter before installing your cell's first
+file server machine or performing any other administrative task.
+<A NAME="IDX5609"></A>
+<A NAME="IDX5610"></A>
+<A NAME="IDX5611"></A>
+<HR><H2><A NAME="HDRWQ30" HREF="auagd002.htm#ToC_34">Differences between AFS and UNIX: A Summary</A></H2>
+<P>AFS behaves like a standard UNIX file system in most
+respects, while also making file sharing easy within and between cells.
+This section describes some differences between AFS and the UNIX file system,
+referring you to more detailed information as appropriate.
+<A NAME="IDX5612"></A>
+<P><H3><A NAME="Header_35" HREF="auagd002.htm#ToC_35">Differences in File and Directory Protection</A></H3>
+<P>AFS augments the standard UNIX file protection mechanism in two
+ways: it associates an <I>access control list</I> (<I>ACL</I>)
+with each directory, and it enables users to define a large number of their
+own groups, which can be placed on ACLs.
+<P>AFS uses ACLs to protect files and directories, rather than relying
+exclusively on the mode bits. This has several implications, which are
+discussed further in the indicated sections:
+<UL>
+<P><LI>AFS ACLs use seven access permissions rather than the three UNIX mode
+bits. See <A HREF="auagd020.htm#HDRWQ567">The AFS ACL Permissions</A>.
+<P><LI>For directories, AFS ignores the UNIX mode bits. For files, AFS
+uses only the first set of mode bits (the <B>owner</B> bits) , and their
+meaning interacts with permissions on the directory's ACL. See <A HREF="auagd020.htm#HDRWQ580">How AFS Interprets the UNIX Mode Bits</A>.
+<P><LI>A directory's ACL protects all of the files in a directory in the
+same manner. To apply a more restrictive set of AFS permissions to
+certain file, place it in directory with a different ACL.
+<P><LI>Moving a file to a different directory changes its protection. See <A HREF="auagd020.htm#HDRWQ566">Differences Between UFS and AFS Data Protection</A>.
+<P><LI>An ACL can include about 20 entries granting different combinations of
+permissions to different users or groups, rather than only the three UNIX
+entities represented by the three sets of mode bits. See <A HREF="auagd020.htm#HDRWQ566">Differences Between UFS and AFS Data Protection</A>.
+<P><LI>You can designate an AFS file as write-only as in the UNIX file system, by
+setting only the <B>w</B> (<B>write</B>) mode bit. You cannot
+designate an AFS directory as write-only, because AFS ignores the mode bits on
+a directory. See <A HREF="auagd020.htm#HDRWQ580">How AFS Interprets the UNIX Mode Bits</A>.
+</UL>
+<P>AFS enables users to define the groups of other users. Placing these
+groups on ACLs extends the same permissions to a number of exactly specified
+users at the same time, which is much more convenient than placing the
+individuals on the ACLs directly. See <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P>There are also system-defined groups, <B>system:anyuser</B> and
+<B>system:authuser</B>, whose presence on an ACL extends access to a
+wide range of users at once. See <A HREF="auagd019.htm#HDRWQ535">The System Groups</A> and <A HREF="auagd020.htm#HDRWQ571">Using Groups on ACLs</A>.
+<A NAME="IDX5613"></A>
+<A NAME="IDX5614"></A>
+<P><H3><A NAME="HDRWQ31" HREF="auagd002.htm#ToC_36">Differences in Authentication</A></H3>
+<P>Just as the AFS filespace is distinct from each
+machine's local file system, AFS authentication is separate from local
+login. This has two practical implications, which are discussed further
+in <A HREF="#HDRWQ65">Using an AFS-modified login Utility</A>.
+<UL>
+<P><LI>To access AFS files, users must both log into the local machine's
+UNIX file system and authenticate with the AFS authentication service.
+(Logging into the local UNIX file system is necessary because the AFS
+filespace is accessed through the Cache Manager, which resides in the local
+machine's kernel.)
+<P>AFS provides a modified login utility for each system type that
+accomplishes both local login and AFS authentication in one step, based on a
+single password. If you choose not to use the AFS-modified login
+utility, your users must login and authenticate in separate steps, as detailed
+in the <I>IBM AFS User Guide</I>.
+<P><LI>Passwords are stored in two separate places: the Authentication
+Database for AFS and each machine's local password file
+(<B>/etc/passwd</B> or equivalent) for the UNIX file system. A
+user's passwords in the two places can differ if desired, though the
+resulting behavior depends on whether and how the cell is using an
+AFS-modified login utility.
+</UL>
+<P><H3><A NAME="Header_37" HREF="auagd002.htm#ToC_37">Differences in the Semantics of Standard UNIX Commands</A></H3>
+<P>This section summarizes how AFS modifies the functionality of some UNIX
+commands.
+<DL>
+<A NAME="IDX5615"></A>
+<A NAME="IDX5616"></A>
+<A NAME="IDX5617"></A>
+<P><DT><B>The chmod command
+</B><DD>Only members of the <B>system:administrators</B> group can use
+this command to turn on the setuid, setgid or sticky mode bits on AFS
+files. For more information, see <A HREF="auagd015.htm#HDRWQ409">Determining if a Client Can Run Setuid Programs</A>.
+<A NAME="IDX5618"></A>
+<A NAME="IDX5619"></A>
+<P><DT><B>The chown command
+</B><DD>Only members of the <B>system:administrators</B> group can issue
+this command on AFS files.
+<A NAME="IDX5620"></A>
+<A NAME="IDX5621"></A>
+<P><DT><B>The chgrp command
+</B><DD>Only members of the <B>system:administrators</B> can issue this
+command on AFS files and directories.
+<A NAME="IDX5622"></A>
+<A NAME="IDX5623"></A>
+<P><DT><B>The ftpd daemon
+</B><DD>The AFS-modified version of this daemon attempts to authenticate remote
+issuers of the <B>ftp</B> command with the local AFS authentication
+service. See <A HREF="#HDRWQ78">Using UNIX Remote Services in the AFS Environment</A>.
+<A NAME="IDX5624"></A>
+<A NAME="IDX5625"></A>
+<P><DT><B>The groups command
+</B><DD>If the user's AFS tokens are associated with a process authentication
+group (PAG), the output of this command sometimes includes two large
+numbers. To learn about PAGs, see <A HREF="#HDRWQ64">Identifying AFS Tokens by PAG</A>.
+<A NAME="IDX5626"></A>
+<A NAME="IDX5627"></A>
+<P><DT><B>The inetd daemon
+</B><DD>The AFS-modified version of this daemon authenticates remote issuers of
+the AFS-modified <B>rcp</B> and <B>rsh</B> commands with the local AFS
+authentication service. See <A HREF="#HDRWQ78">Using UNIX Remote Services in the AFS Environment</A>.
+<P><DT><B>The login utility
+</B><DD>AFS-modified login utilities both log the issuer into the local file
+system and authenticate the user with the AFS authentication service.
+See <A HREF="#HDRWQ65">Using an AFS-modified login Utility</A>.
+<A NAME="IDX5628"></A>
+<A NAME="IDX5629"></A>
+<P><DT><B>The ln command
+</B><DD>This command cannot create hard links between files in different AFS
+directories. See <A HREF="#HDRWQ32">Creating Hard Links</A>.
+<A NAME="IDX5630"></A>
+<A NAME="IDX5631"></A>
+<P><DT><B>The rcp command
+</B><DD>The AFS-modified version of this command enables the issuer to access
+files on the remote machine as an authenticated AFS user. See <A HREF="#HDRWQ78">Using UNIX Remote Services in the AFS Environment</A>.
+<A NAME="IDX5632"></A>
+<A NAME="IDX5633"></A>
+<P><DT><B>The rlogind daemon
+</B><DD>The AFS-modified version of this daemon authenticates remote issuers of
+the <B>rlogin</B> command with the local AFS authentication
+service. See <A HREF="#HDRWQ78">Using UNIX Remote Services in the AFS Environment</A>.
+<P>The AFS distribution for some system types possibly does not include a
+modified <B>rlogind</B> program. See the <I>IBM AFS Release
+Notes</I>.
+<A NAME="IDX5634"></A>
+<A NAME="IDX5635"></A>
+<P><DT><B>The remsh or rsh command
+</B><DD>The AFS-modified version of this command enables the issuer to execute
+commands on the remote machine as an authenticated AFS user. See <A HREF="#HDRWQ78">Using UNIX Remote Services in the AFS Environment</A>.
+</DL>
+<A NAME="IDX5636"></A>
+<A NAME="IDX5637"></A>
+<A NAME="IDX5638"></A>
+<A NAME="IDX5639"></A>
+<A NAME="IDX5640"></A>
+<A NAME="IDX5641"></A>
+<P><H3><A NAME="Header_38" HREF="auagd002.htm#ToC_38">The AFS version of the fsck Command</A></H3>
+<P>Never run the standard UNIX <B>fsck</B> command on an AFS file
+server machine. It does not understand how the File Server organizes
+volume data on disk, and so moves all AFS data into the <B>lost+found</B>
+directory on the partition.
+<P>Instead, use the version of the <B>fsck</B> program that is included in
+the AFS distribution. The <I>IBM AFS Quick Beginnings</I> explains
+how to replace the vendor-supplied <B>fsck</B> program with the AFS
+version as you install each server machine.
+<P>The AFS version functions like the standard <B>fsck</B> program on data
+stored on both UFS and AFS partitions. The appearance of a banner like
+the following as the <B>fsck</B> program initializes confirms that you are
+running the correct one:
+<PRE> --- AFS (R) <VAR>version</VAR> fsck---
+</PRE>
+<P>where <VAR>version</VAR> is the AFS version. For correct results, it
+must match the AFS version of the server binaries in use on the
+machine.
+<P>If you ever accidentally run the standard version of the program, contact
+AFS Product Support immediately. It is sometimes possible to recover
+volume data from the <B>lost+found</B> directory.
+<A NAME="IDX5642"></A>
+<A NAME="IDX5643"></A>
+<P><H3><A NAME="HDRWQ32" HREF="auagd002.htm#ToC_39">Creating Hard Links</A></H3>
+<P>AFS does not allow hard links (created with the UNIX
+<B>ln</B> command) between files that reside in different directories,
+because in that case it is unclear which of the directory's ACLs to
+associate with the link.
+<P>AFS also does not allow hard links to directories, in order to keep the
+file system organized as a tree.
+<P>It is possible to create symbolic links (with the UNIX <B>ln -s</B>
+command) between elements in two different AFS directories, or even between an
+element in AFS and one in a machine's local UNIX file system. Do
+not create a symbolic link to a file whose name begins with either a number
+sign (<B>#</B>) or a percent sign (<B>%</B>), however. The
+Cache Manager interprets such links as a mount point to a regular or
+read/write volume, respectively.
+<A NAME="IDX5644"></A>
+<A NAME="IDX5645"></A>
+<A NAME="IDX5646"></A>
+<P><H3><A NAME="HDRWQ33" HREF="auagd002.htm#ToC_40">AFS Implements Save on Close</A></H3>
+<P>When an application issues the UNIX <B>close</B> system
+call on a file, the Cache Manager performs a synchronous write of the data to
+the File Server that maintains the central copy of the file. It does
+not return control to the application until the File Server has acknowledged
+receipt of the data. For the <B>fsync</B> system call, control does
+not return to the application until the File Server indicates that it has
+written the data to non-volatile storage on the file server machine.
+<P>When an application issues the UNIX <B>write</B> system call, the Cache
+Manager writes modifications to the local AFS client cache only. If the
+local machine crashes or an application program exits without issuing the
+<B>close</B> system call, it is possible that the modifications are not
+recorded in the central copy of the file maintained by the File Server.
+The Cache Manager does sometimes write this type of modified data from the
+cache to the File Server without receiving the <B>close</B> or
+<B>fsync</B> system call, for example if it needs to free cache chunks for
+new data. However, it is not generally possible to predict when the
+Cache Manager transfers modified data to the File Server in this way.
+<P>The implication is that if an application's <B>Save</B> option
+invokes the <B>write</B> system call rather than <B>close</B> or
+<B>fsync</B>, the changes are not necessarily stored permanently on the
+File Server machine. Most application programs issue the
+<B>close</B> system call for save operations, as well as when they finish
+handling a file and when they exit.
+<P><H3><A NAME="Header_41" HREF="auagd002.htm#ToC_41">Setuid Programs</A></H3>
+<A NAME="IDX5647"></A>
+<P>Set the UNIX setuid bit only for the local superuser <B>root</B>;
+this does not present an automatic security risk: the local superuser
+has no special privilege in AFS, but only in the local machine's UNIX
+file system and kernel.
+<P>Any file can be marked with the setuid bit, but only members of the
+<B>system:administrators</B> group can issue the <B>chown</B>
+system call or the <B>/etc/chown</B> command.
+<P>The <B>fs setcell</B> command determines whether setuid programs that
+originate in a foreign cell can run on a given client machine. See <A HREF="auagd015.htm#HDRWQ409">Determining if a Client Can Run Setuid Programs</A>.
+<A NAME="IDX5648"></A>
+<A NAME="IDX5649"></A>
+<A NAME="IDX5650"></A>
+<A NAME="IDX5651"></A>
+<HR><H2><A NAME="HDRWQ34" HREF="auagd002.htm#ToC_42">Choosing a Cell Name</A></H2>
+<P>This section explains how to choose a cell name and explains
+why choosing an appropriate cell name is important.
+<P>Your cell name must distinguish your cell from all others in the AFS global
+namespace. By conventions, the cell name is the second element in any
+AFS pathname; therefore, a unique cell name guarantees that every AFS
+pathname uniquely identifies a file, even if cells use the same directory
+names at lower levels in their local AFS filespace. For example, both
+the ABC Corporation cell and the State University cell can have a home
+directory for the user <B>pat</B>, because the pathnames are
+distinct: <B>/afs/abc.com/usr/pat</B> and
+<B>/afs/stateu.edu/usr/pat</B>.
+<P>By convention, cell names follow the ARPA Internet Domain System
+conventions for site names. If you are already an Internet site, then
+it is simplest to choose your Internet domain name as the cellname.
+<P>If you are not an Internet site, it is best to choose a unique
+Internet-style name, particularly if you plan to connect to the Internet in
+the future. AFS Product Support is available for help in selecting an
+appropriate name. There are a few constraints on AFS cell names:
+<UL>
+<P><LI>It can contain as many as 64 characters, but shorter names are better
+because the cell name frequently is part of machine and file names. If
+your cell name is long, you can reduce pathname length by creating a symbolic
+link to the complete cell name, at the second level in your file tree.
+See <A HREF="#HDRWQ42">The Second (Cellname) Level</A>.
+<P><LI>To guarantee it is suitable for different operating system types, the cell
+name can contain only lowercase characters, numbers, underscores, dashes, and
+periods. Do not include command shell metacharacters.
+<P><LI>It can include any number of fields, which are conventionally separated by
+periods (see the examples below).
+<P><LI>It must end in a suffix that indicates the type of institution it is, or
+the country in which it is situated. The following are some of the
+standard suffixes:
+<DL>
+<P><DT><B>.com
+</B><DD>For businesses and other commercial organizations. Example:
+<B>abc.com</B> for the ABC Corporation cell.
+<P><DT><B>.edu
+</B><DD>For educational institutions such as universities. Example:
+<B>stateu.edu</B> for the State University cell.
+<P><DT><B>.gov
+</B><DD>For United States government institutions.
+<P><DT><B>.mil
+</B><DD>For United States military installations.
+</DL>
+</UL>
+<P>Other suffixes are available if none of these are appropriate.
+<A NAME="IDX5652"></A>
+<A NAME="IDX5653"></A>
+You can learn about suffixes by calling the Defense Data Network [Internet]
+Network Information Center in the United States at (800) 235-3155. The
+NIC can also provide you with the forms necessary for registering your cell
+name as an Internet domain name. Registering your name prevents another
+Internet site from adopting the name later.
+<A NAME="IDX5654"></A>
+<A NAME="IDX5655"></A>
+<A NAME="IDX5656"></A>
+<A NAME="IDX5657"></A>
+<P><H3><A NAME="Header_43" HREF="auagd002.htm#ToC_43">How to Set the Cell Name</A></H3>
+<P>The cell name is recorded in two files on the local disk of each file
+server and client machine. Among other functions, these files define
+the machine's cell membership and so affect how programs and processes
+run on the machine; see <A HREF="#HDRWQ35">Why Choosing the Appropriate Cell Name is Important</A>. The procedure for setting the cell name is different
+for the two types of machines.
+<P>For file server machines, the two files that record the cell name are the
+<B>/usr/afs/etc/ThisCell</B> and <B>/usr/afs/etc/CellServDB</B>
+files. As described more explicitly in the <I>IBM AFS Quick
+Beginnings</I>, you set the cell name in both by issuing the <B>bos
+setcellname</B> command on the first file server machine you install in your
+cell. It is not usually necessary to issue the command again. If
+you run the United States edition of AFS and use the Update Server, it
+distributes its copy of the <B>ThisCell</B> and <B>CellServDB</B>
+files to additional server machines that you install. If you use the
+international edition of AFS, the <I>IBM AFS Quick Beginnings</I> explains
+how to copy the files manually.
+<P>For client machines, the two files that record the cell name are the
+<B>/usr/vice/etc/ThisCell</B> and <B>/usr/vice/etc/CellServDB</B>
+files. You create these files on a per-client basis, either with a text
+editor or by copying them onto the machine from a central source in
+AFS. See <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A> for details.
+<P>Change the cell name in these files only when you want to transfer the
+machine to a different cell (it can only belong to one cell at a time).
+If the machine is a file server, follow the complete set of instructions in
+the <I>IBM AFS Quick Beginnings</I> for configuring a new cell. If
+the machine is a client, all you need to do is change the files appropriately
+and reboot the machine. The next section explains further the negative
+consequences of changing the name of an existing cell.
+<P>To set the default cell name used by most AFS commands without changing the
+local <B>/usr/vice/etc/ThisCell</B> file, set the AFSCELL environment
+variable in the command shell. It is worth setting this variable if you
+need to complete significant administrative work in a foreign cell.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The <B>fs checkservers</B> and <B>fs mkmount</B> commands do not use
+the AFSCELL variable. The <B>fs checkservers</B> command always
+defaults to the cell named in the <B>ThisCell</B> file, unless the
+<B>-cell</B> argument is used. The <B>fs mkmount</B> command
+defaults to the cell in which the parent directory of the new mount point
+resides.
+</TD></TR></TABLE>
+<A NAME="IDX5658"></A>
+<P><H3><A NAME="HDRWQ35" HREF="auagd002.htm#ToC_44">Why Choosing the Appropriate Cell Name is Important</A></H3>
+<P>Take care to select a cell name that is suitable for
+long-term use. Changing a cell name later is complicated. An
+appropriate cell name is important because it is the second element in the
+pathname of all files in a cell's file tree. Because each cell
+name is unique, its presence in an AFS pathname makes the pathname unique in
+the AFS global namespace, even if multiple cells use similar filespace
+organization at lower levels. For instance, it means that every cell
+can have a home directory called <B>/afs/<VAR>cellname</VAR>/usr/pat</B>
+without causing a conflict. The presence of the cell name in pathnames
+also means that users in every cell use the same pathname to access a file,
+whether the file resides in their local cell or in a foreign cell.
+<P>Another reason to choose the correct cell name early in the process of
+installing your cell is that the cell membership defined in each
+machine's <B>ThisCell</B> file affects the performance of many
+programs and processes running on the machine. For instance, AFS
+commands (<B>fs</B>, <B>kas</B>, <B>pts</B> and <B>vos</B>
+commands) by default execute in the cell of the machine on which they are
+issued. The command interpreters check the <B>ThisCell</B> file on
+the local disk and then contact the database server machines listed in the
+<B>CellServDB</B> file for the indicated cell (the <B>bos</B> commands
+work differently because the issuer always has to name of the machine on which
+to run the command).
+<P>The <B>ThisCell</B> file also determines the cell for which a user
+receives an AFS token when he or she logs in to a machine. The cell
+name also plays a role in security. As it converts a user password into
+an encryption key for storage in the Authentication Database, the
+Authentication Server combines the password with the cell name found in the
+<B>ThisCell</B> file. AFS-modified login utilities use the same
+algorithm to convert the user's password into an encryption key before
+contacting the Authentication Server to obtain a token for the user.
+(For a description of how AFS's security system uses encryption keys, see
+<A HREF="#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.)
+<P>This method of converting passwords into encryption keys means that the
+same password results in different keys in different cells. Even if a
+user uses the same password in multiple cells, obtaining a user's token
+from one cell does not enable unauthorized access to the user's account
+in another cell.
+<P>If you change the cell name, you must change the <B>ThisCell</B> and
+<B>CellServDB</B> files on every server and client machine. Failure
+to change them all can prevent login, because the encryption keys produced by
+the login utility do not match the keys stored in the Authentication
+Database. In addition, many commands from the AFS suites do not work as
+expected.
+<A NAME="IDX5659"></A>
+<A NAME="IDX5660"></A>
+<A NAME="IDX5661"></A>
+<HR><H2><A NAME="HDRWQ36" HREF="auagd002.htm#ToC_45">Participating in the AFS Global Namespace</A></H2>
+<P>Participating in the AFS global namespace makes your
+cell's local file tree visible to AFS users in foreign cells and makes
+other cells' file trees visible to your local users. It makes file
+sharing across cells just as easy as sharing within a cell. This
+section outlines the procedures necessary for participating in the global
+namespace.
+<UL>
+<P><LI>Participation in the global namespace is not mandatory. Some cells
+use AFS primarily to facilitate file sharing within the cell, and are not
+interested in providing their users with access to foreign cells.
+<P><LI>Making your file tree visible does not mean making it vulnerable.
+You control how foreign users access your cell using the same protection
+mechanisms that control local users' access. See <A HREF="#HDRWQ40">Granting and Denying Foreign Users Access to Your Cell</A>.
+<P><LI>The two aspects of participation are independent. A cell can make
+its file tree visible without allowing its users to see foreign cells'
+file trees, or can enable its users to see other file trees without
+advertising its own.
+<P><LI>You make your cell visible to others by advertising your database server
+machines. See <A HREF="#HDRWQ38">Making Your Cell Visible to Others</A>.
+<P><LI>You control access to foreign cells on a per-client machine basis.
+In other words, it is possible to make a foreign cell accessible from one
+client machine in your cell but not another. See <A HREF="#HDRWQ39">Making Other Cells Visible in Your Cell</A>.
+</UL>
+<A NAME="IDX5662"></A>
+<A NAME="IDX5663"></A>
+<A NAME="IDX5664"></A>
+<A NAME="IDX5665"></A>
+<A NAME="IDX5666"></A>
+<A NAME="IDX5667"></A>
+<P><H3><A NAME="HDRWQ37" HREF="auagd002.htm#ToC_46">What the Global Namespace Looks Like</A></H3>
+<P>The AFS global namespace appears the same to all AFS cells
+that participate in it, because they all agree to follow a small set of
+conventions in constructing pathnames.
+<P>The first convention is that all AFS pathnames begin with the string
+<B>/afs</B> to indicate that they belong to the AFS global
+namespace.
+<P>The second convention is that the cell name is the second element in an AFS
+pathname; it indicates where the file resides (that is, the cell in which
+a file server machine houses the file). As noted, the presence of a
+cell name in pathnames makes the global namespace possible, because it
+guarantees that all AFS pathnames are unique even if cells use the same
+directory names at lower levels in their AFS filespace.
+<P>What appears at the third and lower levels in an AFS pathname depends on
+how a cell has chosen to arrange its filespace. There are some
+suggested conventional directories at the third level; see <A HREF="#HDRWQ43">The Third Level</A>.
+<A NAME="IDX5668"></A>
+<A NAME="IDX5669"></A>
+<A NAME="IDX5670"></A>
+<P><H3><A NAME="HDRWQ38" HREF="auagd002.htm#ToC_47">Making Your Cell Visible to Others</A></H3>
+<P>You make your cell visible to others by advertising your cell
+name and database server machines. Just like client machines in the
+local cell, the Cache Manager on machines in foreign cells use the information
+to reach your cell's Volume Location (VL) Servers when they need volume
+and file location information. Similarly, client-side authentication
+programs running in foreign cells use the information to contact your
+cell's authentication service.
+<P>There are two places you can make this information available:
+<UL>
+<A NAME="IDX5671"></A>
+<A NAME="IDX5672"></A>
+<P><LI>In the global <B>CellServDB</B> file maintained by the AFS Product
+Support group. This file lists the name and database server machines of
+every cell that has agreed to make this information available to other
+cells.
+<P>To add or change your cell's listing in this file, have the official
+support contact at your site call or write to AFS Product Support.
+Changes to the file are frequent enough that AFS Product Support does not
+announce each one. It is a good policy to check the file for changes on
+a regular schedule.
+<A NAME="IDX5673"></A>
+<A NAME="IDX5674"></A>
+<P><LI>A file called <B>CellServDB.local</B> in the
+<B>/afs/</B><VAR>cellname</VAR><B>/service/etc</B> directory of your
+cell's filespace. List only your cell's database server
+machines.
+</UL>
+<P>Update the files whenever you change the identity of your cell's
+database server machines. Also update the copies of the
+<B>CellServDB</B> files on all of your server machines (in the
+<B>/usr/afs/etc</B> directory) and client machines (in the
+<B>/usr/vice/etc</B> directory). For instructions, see <A HREF="auagd008.htm#HDRWQ118">Maintaining the Server CellServDB File</A> and <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P>Once you have advertised your database server machines, it can be difficult
+to make your cell invisible again. You can remove the
+<B>CellServDB.local</B> file and ask AFS Product Support to remove
+your entry from the global <B>CellServDB</B> file, but other cells
+probably have an entry for your cell in their local <B>CellServDB</B>
+files already. To make those entries invalid, you must change the names
+or IP addresses of your database server machines.
+<P>Your cell does not have to be invisible to be inaccessible, however.
+To make your cell completely inaccessible to foreign users, remove the
+<B>system:anyuser</B> group from all ACLs at the top three levels of
+your filespace; see <A HREF="#HDRWQ40">Granting and Denying Foreign Users Access to Your Cell</A>.
+<A NAME="IDX5675"></A>
+<A NAME="IDX5676"></A>
+<A NAME="IDX5677"></A>
+<A NAME="IDX5678"></A>
+<P><H3><A NAME="HDRWQ39" HREF="auagd002.htm#ToC_48">Making Other Cells Visible in Your Cell</A></H3>
+<P>To make a foreign cell's filespace visible on a client
+machine in your cell, perform the following three steps:
+<OL TYPE=1>
+<P><LI>Mount the cell's <B>root.cell</B> volume at the second
+level in your cell's filespace just below the <B>/afs</B>
+directory. Use the <B>fs mkmount</B> command with the
+<B>-cell</B> argument as instructed in <A HREF="auagd010.htm#HDRWQ213">To create a cellular mount point</A>.
+<P><LI>Mount AFS at the <B>/afs</B> directory on the client machine.
+The <B>afsd</B> program, which initializes the Cache Manager, performs the
+mount automatically at the directory named in the first field of the local
+<B>/usr/vice/etc/cacheinfo</B> file or by the command's
+<B>-mountdir</B> argument. Mounting AFS at an alternate location
+makes it impossible to reach the filespace of any cell that mounts its
+<B>root.afs</B> and <B>root.cell</B> volumes at the
+conventional locations. See <A HREF="auagd015.htm#HDRWQ395">Displaying and Setting the Cache Size and Location</A>.
+<P><LI>Create an entry for the cell in the list of database server machines which
+the Cache Manager maintains in kernel memory.
+<P>The <B>/usr/vice/etc/CellServDB</B> file on every client machine's
+local disk lists the database server machines for the local and foreign
+cells. The <B>afsd</B> program reads the contents of the
+<B>CellServDB</B> file into kernel memory as it initializes the Cache
+Manager. You can also use the <B>fs newcell</B> command to add or
+alter entries in kernel memory directly between reboots of the machine.
+See <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+</OL>
+<P>Note that making a foreign cell visible to client machines does not
+guarantee that your users can access its filespace. The ACLs in the
+foreign cell must also grant them the necessary permissions.
+<A NAME="IDX5679"></A>
+<A NAME="IDX5680"></A>
+<P><H3><A NAME="HDRWQ40" HREF="auagd002.htm#ToC_49">Granting and Denying Foreign Users Access to Your Cell</A></H3>
+<P>Making your cell visible in the AFS global namespace does not
+take away your control over the way in which users from foreign cells access
+your file tree.
+<P>By default, foreign users access your cell as the user
+<B>anonymous</B>, which means they have only the permissions granted to
+the <B>system:anyuser</B> group on each directory's ACL.
+Normally these permissions are limited to the <B>l</B> (<B>lookup</B>)
+and <B>r</B> (<B>read</B>) permissions.
+<P>There are two ways to grant wider access to foreign users:
+<UL>
+<P><LI>Grant additional permissions to the <B>system:anyuser</B> group
+on certain ACLs. Keep in mind, however, that all users can then access
+that directory in the indicated way (not just specific foreign users you have
+in mind).
+<P><LI>Create a local authentication account for specific foreign users, by
+creating entries in the Protection and Authentication Databases and local
+password file. It is not possible to place foreign usernames on ACLs,
+nor to authenticate in a foreign cell without having an account in it.
+</UL>
+<A NAME="IDX5681"></A>
+<A NAME="IDX5682"></A>
+<A NAME="IDX5683"></A>
+<HR><H2><A NAME="HDRWQ41" HREF="auagd002.htm#ToC_50">Configuring Your AFS Filespace</A></H2>
+<P>This section summarizes the issues to consider when
+configuring your AFS filespace. For a discussion of creating volumes
+that correspond most efficiently to the filespace's directory structure,
+see <A HREF="#HDRWQ44">Creating Volumes to Simplify Administration</A>.
+<P><B>Note for Windows users:</B> Windows uses a backslash
+( <B>\</B> ) rather than a forward slash
+( <B>/</B> ) to separate the elements in a
+pathname. The hierarchical organization of the filespace is however the
+same as on a UNIX machine.
+<P>AFS pathnames must follow a few conventions so the AFS global namespace
+looks the same from any AFS client machine. There are corresponding
+conventions to follow in building your file tree, not just because pathnames
+reflect the structure of a file tree, but also because the AFS Cache Manager
+expects a certain configuration.
+<A NAME="IDX5684"></A>
+<A NAME="IDX5685"></A>
+<P><H3><A NAME="Header_51" HREF="auagd002.htm#ToC_51">The Top /afs Level</A></H3>
+<P>The first convention is that the top level in your file tree be called
+the <B>/afs</B> directory. If you name it something else, then you
+must use the <B>-mountdir</B> argument with the <B>afsd</B> program to
+get Cache Managers to mount AFS properly. You cannot participate in the
+AFS global namespace in that case.
+<A NAME="IDX5686"></A>
+<A NAME="IDX5687"></A>
+<A NAME="IDX5688"></A>
+<P><H3><A NAME="HDRWQ42" HREF="auagd002.htm#ToC_52">The Second (Cellname) Level</A></H3>
+<P>The second convention is that just below the <B>/afs</B>
+directory you place directories corresponding to each cell whose file tree is
+visible and accessible from the local cell. Minimally, there must be a
+directory for the local cell. Each such directory is a mount point to
+the indicated cell's <B>root.cell</B> volume. For
+example, in the ABC Corporation cell, <B>/afs/abc.com</B> is a
+mount point for the cell's own <B>root.cell</B> volume and
+<B>stateu.edu</B> is a mount point for the State University
+cell's <B>root.cell</B> volume. The <B>fs
+lsmount</B> command displays the mount points.
+<PRE> % <B>fs lsmount /afs/abc.com</B>
+ '/afs/abc.com' is a mount point for volume '#root.cell'
+ % <B>fs lsmount /afs/stateu.edu</B>
+ '/afs/stateu.edu' is a mount point for volume '#stateu.edu:root.cell'
+</PRE>
+<P>To reduce the amount of typing necessary in pathnames, you can create a
+symbolic link with an abbreviated name to the mount point of each cell your
+users frequently access (particularly the home cell). In the ABC
+Corporation cell, for instance, <B>/afs/abc</B> is a symbolic link to the
+<B>/afs/abc.com</B> mount point, as the <B>fs lsmount</B>
+command reveals.
+<PRE> % <B>fs lsmount /afs/abc</B>
+ '/afs/abc' is a symbolic link, leading to a mount point for volume '#root.cell'
+</PRE>
+<A NAME="IDX5689"></A>
+<A NAME="IDX5690"></A>
+<P><H3><A NAME="HDRWQ43" HREF="auagd002.htm#ToC_53">The Third Level</A></H3>
+<P>You can organize the third level of your cell's file
+tree any way you wish. The following list describes directories that
+appear at this level in the conventional configuration:
+<DL>
+<P><DT><B>common
+</B><DD>This directory contains programs and files needed by users working on
+machines of all system types, such as text editors, online documentation
+files, and so on. Its <B>/etc</B> subdirectory is a logical place
+to keep the central update sources for files used on all of your cell's
+client machines, such as the <B>ThisCell</B> and <B>CellServDB</B>
+files.
+<P><DT><B>public
+</B><DD>A directory accessible to anyone who can access your filespace, because
+its ACL grants the <B>l</B> (<B>lookup</B>) and <B>r</B>
+(<B>read</B>) permissions to the <B>system:anyuser</B>
+group. It is useful if you want to enable your users to make selected
+information available to everyone, but do not want to grant foreign users
+access to the contents of the <B>usr</B> directory which houses user home
+directories ( and is also at this level). It is conventional to create
+a subdirectory for each of your cell's users.
+<P><DT><B>service
+</B><DD>This directory contains files and subdirectories that help cells
+coordinate resource sharing. For a list of the proposed standard files
+and subdirectories to create, call or write to AFS Product Support.
+<P>As an example, files that other cells expect to find in this
+directory's <B>etc</B> subdirectory can include the following:
+<UL>
+<P><LI><B>CellServDB.export</B>, a list of database server machines
+for many cells
+<P><LI><B>CellServDB.local</B>, a list of the cell's own database
+server machines
+<P><LI><B>passwd</B>, a copy of the local password file
+(<B>/etc/passwd</B> or equivalent) kept on the local disk of the
+cell's client machines
+<P><LI><B>group</B>, a copy of the local groups file (<B>/etc/group</B>
+or equivalent) kept on the local disk of the cell's client machines
+</UL>
+<P><DT><B><VAR>sys_type</VAR>
+</B><DD>A separate directory for storing the server and client binaries for each
+system type you use in the cell. Configuration is simplest if you use
+the system type names assigned in the AFS distribution, particularly if you
+wish to use the <B>@sys</B> variable in pathnames (see <A HREF="#HDRWQ56">Using the @sys Variable in Pathnames</A>). The <I>IBM AFS Release Notes</I> lists the
+conventional name for each supported system type.
+<P>Within each such directory, create directories named <B>bin</B>,
+<B>etc</B>, <B>usr</B>, and so on, to store the programs normally kept
+in the <B>/bin</B>, <B>/etc</B> and <B>/usr</B> directories on a
+local disk. Then create symbolic links from the local directories on
+client machines into AFS; see <A HREF="#HDRWQ55">Configuring the Local Disk</A>. Even if you do not choose to use symbolic links in
+this way, it can be convenient to have central copies of system binaries in
+AFS. If binaries are accidentally removed from a machine, you can
+recopy them onto the local disk from AFS rather than having to recover them
+from tape
+<P><DT><B>usr
+</B><DD>This directory contains home directories for your local users. As
+discussed in the previous entry for the <B>public</B> directory, it is
+often practical to protect this directory so that only locally authenticated
+users can access it. This keeps the contents of your user's home
+directories as secure as possible.
+<P>If your cell is quite large, directory lookup can be slowed if you put all
+home directories in a single <B>usr</B> directory. For suggestions
+on distributing user home directories among multiple grouping directories, see
+<A HREF="#HDRWQ59">Grouping Home Directories</A>.
+<P><DT><B>wsadmin
+</B><DD>This directory contains prototype, configuration and library files for use
+with the <B>package</B> program. See <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.
+</DL>
+<A NAME="IDX5691"></A>
+<A NAME="IDX5692"></A>
+<A NAME="IDX5693"></A>
+<A NAME="IDX5694"></A>
+<HR><H2><A NAME="HDRWQ44" HREF="auagd002.htm#ToC_54">Creating Volumes to Simplify Administration</A></H2>
+<P>This section discusses how to create volumes in ways that
+make administering your system easier.
+<P>At the top levels of your file tree (at least through the third level),
+each directory generally corresponds to a separate volume. Some cells
+also configure the subdirectories of some third level directories as separate
+volumes. Common examples are the
+<B>/afs/</B><VAR>cellname</VAR><B>/common</B> and
+<B>/afs/</B><VAR>cellname</VAR><B>/usr</B> directories.
+<P>You do not have to create a separate volume for every directory level in a
+tree, but the advantage is that each volume tends to be smaller and easier to
+move for load balancing. The overhead for a mount point is no greater
+than for a standard directory, nor does the volume structure itself require
+much disk space. Most cells find that below the fourth level in the
+tree, using a separate volume for each directory is no longer
+efficient. For instance, while each user's home directory (at the
+fourth level in the tree) corresponds to a separate volume, all of the
+subdirectories in the home directory normally reside in the same
+volume.
+<P>Keep in mind that only one volume can be mounted at a given directory
+location in the tree. In contrast, a volume can be mounted at several
+locations, though this is not recommended because it distorts the hierarchical
+nature of the file tree, potentially causing confusion.
+<A NAME="IDX5695"></A>
+<A NAME="IDX5696"></A>
+<A NAME="IDX5697"></A>
+<A NAME="IDX5698"></A>
+<A NAME="IDX5699"></A>
+<P><H3><A NAME="Header_55" HREF="auagd002.htm#ToC_55">Assigning Volume Names</A></H3>
+<P>You can name your volumes anything you choose, subject to a few
+restrictions:
+<UL>
+<P><LI>Read/write volume names can be up to 22 characters in length. The
+maximum length for volume names is 31 characters, and there must be room to
+add the <B>.readonly</B> extension on read-only volumes.
+<P><LI>Do not add the <B>.readonly</B> and <B>.backup</B>
+extensions to volume names yourself, even if they are appropriate. The
+Volume Server adds them automatically as it creates a read-only or backup
+version of a volume.
+<P><LI>There must be volumes named <B>root.afs</B> and
+<B>root.cell</B>, mounted respectively at the top (<B>/afs</B>)
+level in the filespace and just below that level, at the cell's name (for
+example, at <B>/afs/abc.com</B> in the ABC Corporation
+cell).
+<P>Deviating from these names only creates confusion and extra work.
+Changing the name of the <B>root.afs</B> volume, for instance,
+means that you must use the <B>-rootvol</B> argument to the
+<B>afsd</B> program on every client machine, to name the alternate
+volume.
+<P>Similarly, changing the <B>root.cell</B> volume name prevents
+users in foreign cells from accessing your filespace, if the mount point for
+your cell in their filespace refers to the conventional
+<B>root.cell</B> name. Of course, this is one way to make
+your cell invisible to other cells.
+</UL>
+<P>It is best to assign volume names that indicate the type of data they
+contain, and to use similar names for volumes with similar contents. It
+is also helpful if the volume name is similar to (or at least has elements in
+common with) the name of the directory at which it is mounted.
+Understanding the pattern then enables you accurately to guess what a volume
+contains and where it is mounted.
+<P>Many cells find that the most effective volume naming scheme puts a common
+prefix on the names of all related volumes. <A HREF="#TBLVOL-PREFIX">Table 1</A> describes the recommended prefixing scheme.
+<BR>
+<P><B><A NAME="TBLVOL-PREFIX" HREF="auagd004.htm#FT_TBLVOL-PREFIX">Table 1. Suggested volume prefixes</A></B><BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="14%"><B>Prefix</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Contents</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="22%"><B>Example Name</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="36%"><B>Example Mount Point</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="14%"><B>common.</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">popular programs and files
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="22%"><B>common.etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="36%"><B>/afs/</B><VAR>cellname</VAR><B>/common/etc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="14%"><B>src.</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">source code
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="22%"><B>src.afs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="36%"><B>/afs/</B><VAR>cellname</VAR><B>/src/afs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="14%"><B>proj.</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">project data
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="22%"><B>proj.portafs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="36%"><B>/afs/</B><VAR>cellname</VAR><B>/proj/portafs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="14%"><B>test.</B><TT></TT>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">testing or other temporary data
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="22%"><B>test.smith</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="36%"><B>/afs/</B><VAR>cellname</VAR><B>/usr/smith/test</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="14%"><B>user.</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">user home directory data
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="22%"><B>user.terry</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="36%"><B>/afs/</B><VAR>cellname</VAR><B>/usr/terry</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="14%"><VAR>sys_type</VAR><B>.</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">programs compiled for an operating system type
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="22%"><B>rs_aix42.bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="36%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/bin</B>
+</TD></TR></TABLE>
+<P><A HREF="#TBLPREFIX-EXAMPLE">Table 2</A> is a more specific example for a cell's
+<B>rs_aix42</B> system volumes and directories:
+<BR>
+<P><B><A NAME="TBLPREFIX-EXAMPLE" HREF="auagd004.htm#FT_TBLPREFIX-EXAMPLE">Table 2. Example volume-prefixing scheme</A></B><BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="35%"><B><B>Example Name</B></B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="65%"><B><B>Example Mount Point</B></B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/bin</B><B>/afs/<B>cell</B>/rs_aix42/bin</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/etc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.afsws</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/afsws</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.lib</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/lib</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/bin</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/etc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.inc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/inc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.man</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/man</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.sys</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/sys</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="35%"><B>rs_aix42.usr.local</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="65%"><B>/afs/</B><VAR>cellname</VAR><B>/rs_aix42/usr/local</B>
+</TD></TR></TABLE>
+<P>There are several advantages to this scheme:
+<UL>
+<P><LI>The volume name is similar to the mount point name in the
+filespace. In all of the entries in <A HREF="#TBLPREFIX-EXAMPLE">Table 2</A>, for example, the only difference between the
+volume and mount point name is that the former uses periods as separators and
+the latter uses slashes. Another advantage is that the volume name
+indicates the contents, or at least suggests the directory on which to issue
+the <B>ls</B> command to learn the contents.
+<P><LI>It makes it easy to manipulate groups of related volumes at one
+time. In particular, the <B>vos backupsys</B> command's
+<B>-prefix</B> argument enables you to create a backup version of every
+volume whose name starts with the same string of characters. Making a
+backup version of each volume is one of the first steps in backing up a volume
+with the AFS Backup System, and doing it for many volumes with one command
+saves you a good deal of typing. For instructions for creating backup
+volumes, see <A HREF="auagd010.htm#HDRWQ201">Creating Backup Volumes</A>, For information on the AFS Backup System, see <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<P><LI>It makes it easy to group related volumes together on a partition.
+Grouping related volumes together has several advantages of its own, discussed
+in <A HREF="#HDRWQ49">Grouping Related Volumes on a Partition</A>.
+</UL>
+<A NAME="IDX5700"></A>
+<A NAME="IDX5701"></A>
+<P><H3><A NAME="HDRWQ49" HREF="auagd002.htm#ToC_56">Grouping Related Volumes on a Partition</A></H3>
+<P>If your cell is large enough to make it practical, consider
+grouping related volumes together on a partition. In general, you need
+at least three file server machines for volume grouping to be
+effective. Grouping has several advantages, which are most obvious when
+the file server machine becomes inaccessible:
+<UL>
+<P><LI>If you keep a hardcopy record of the volumes on a partition, you know
+which volumes are unavailable. You can keep such a record without
+grouping related volumes, but a list composed of unrelated volumes is much
+harder to maintain. Note that the record must be on paper, because the
+outage can prevent you from accessing an online copy or from issuing the
+<B>vos listvol</B> command, which gives you the same information.
+<P><LI>The effect of an outage is more localized. For example, if all of
+the binaries for a given system type are on one partition, then only users of
+that system type are affected. If a partition houses binary volumes
+from several system types, then an outage can affect more people, particularly
+if the binaries that remain available are interdependent with those that are
+not available.
+</UL>
+<P>The advantages of grouping related volumes on a partition do not
+necessarily extend to the grouping of all related volumes on one file server
+machine. For instance, it is probably unwise in a cell with two file
+server machines to put all system volumes on one machine and all user volumes
+on the other. An outage of either machine probably affects
+everyone.
+<P>Admittedly, the need to move volumes for load balancing purposes can limit
+the practicality of grouping related volumes. You need to weigh the
+complementary advantages case by case.
+<A NAME="IDX5702"></A>
+<A NAME="IDX5703"></A>
+<A NAME="IDX5704"></A>
+<A NAME="IDX5705"></A>
+<P><H3><A NAME="HDRWQ50" HREF="auagd002.htm#ToC_57">When to Replicate Volumes</A></H3>
+<P>As discussed in <A HREF="auagd006.htm#HDRWQ15">Replication</A>, replication refers to making a copy, or
+clone, of a read/write source volume and then placing the copy on one or more
+additional file server machines. Replicating a volume can increase the
+availability of the contents. If one file server machine housing the
+volume becomes inaccessible, users can still access the copy of the volume
+stored on a different machine. No one machine is likely to become
+overburdened with requests for a popular file, either, because the file is
+available from several machines.
+<P>However, replication is not appropriate for all cells. If a cell
+does not have much disk space, replication can be unduly expensive, because
+each clone not on the same partition as the read/write source takes up as much
+disk space as its source volume did at the time the clone was made.
+Also, if you have only one file server machine, replication uses up disk space
+without increasing availability.
+<P>Replication is also not appropriate for volumes that change
+frequently. You must issue the <B>vos release</B> command every
+time you need to update a read-only volume to reflect changes in its
+read/write source.
+<P>For both of these reasons, replication is appropriate only for popular
+volumes whose contents do not change very often, such as system binaries and
+other volumes mounted at the upper levels of your filespace. User
+volumes usually exist only in a read/write version since they change so
+often.
+<P>If you are replicating any volumes, you must replicate the
+<B>root.afs</B> and <B>root.cell</B> volumes, preferably
+at two or three sites each (even if your cell only has two or three file
+server machines). The Cache Manager needs to pass through the
+directories corresponding to the <B>root.afs</B> and
+<B>root.cell</B> volumes as it interprets any pathname. The
+unavailability of these volumes makes all other volumes unavailable too, even
+if the file server machines storing the other volumes are still
+functioning.
+<P>Another reason to replicate the <B>root.afs</B> volume is that
+it can lessen the load on the File Server machine. The Cache Manager
+has a bias to access a read-only version of the <B>root.afs</B>
+volume if it is replicate, which puts the Cache Manager onto the
+<I>read-only path</I> through the AFS filespace. While on the
+read-only path, the Cache Manager attempts to access a read-only copy of
+replicated volumes. The File Server needs to track only one callback
+per Cache Manager for all of the data in a read-only volume, rather than the
+one callback per file it must track for read/write volumes. Fewer
+callbacks translate into a smaller load on the File Server.
+<P>If the <B>root.afs</B> volume is not replicated, the Cache
+Manager follows a read/write path through the filespace, accessing the
+read/write version of each volume. The File Server distributes and
+tracks a separate callback for each file in a read/write volume, imposing a
+greater load on it.
+<P>For more on read/write and read-only paths, see <A HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P>It also makes sense to replicate system binary volumes in many cases, as
+well as the volume corresponding to the
+<B>/afs/</B><VAR>cellname</VAR><B>/usr</B> directory and the volumes
+corresponding to the <B>/afs/</B><VAR>cellname</VAR><B>/common</B>
+directory and its subdirectories.
+<P>It is a good idea to place a replica on the same partition as the
+read/write source. In this case, the read-only volume is a clone (like
+a backup volume): it is a copy of the source volume's <VAR>vnode
+index</VAR>, rather than a full copy of the volume contents. Only if the
+read/write volume moves to another partition or changes substantially does the
+read-only volume consume significant disk space. Read-only volumes kept
+on other partitions always consume the full amount of disk space that the
+read/write source consumed when the read-only volume was created.
+<P><H3><A NAME="Header_58" HREF="auagd002.htm#ToC_58">The Default Quota and ACL on a New Volume</A></H3>
+<P>Every AFS volume has associated with it a quota that limits the amount
+of disk space the volume is allowed to use. To set and change quota,
+use the commands described in <A HREF="auagd010.htm#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>.
+<P>By default, every new volume is assigned a space quota of 5000 KB blocks
+unless you include the <B>-maxquota</B> argument to the <B>vos
+create</B> command. Also by default, the ACL on the root directory of
+every new volume grants all permissions to the members of the
+<B>system:administrators</B> group. To learn how to change
+these values when creating an account with individual commands, see <A HREF="auagd018.htm#HDRWQ503">To create one user account with individual commands</A>. When using <B>uss</B> commands to create
+accounts, you can specify alternate ACL and quota values in the template
+file's <B>V</B> instruction; see <A HREF="auagd017.htm#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<A NAME="IDX5706"></A>
+<A NAME="IDX5707"></A>
+<A NAME="IDX5708"></A>
+<A NAME="IDX5709"></A>
+<A NAME="IDX5710"></A>
+<HR><H2><A NAME="HDRWQ51" HREF="auagd002.htm#ToC_59">Configuring Server Machines</A></H2>
+<P>This section discusses some issues to consider when
+configuring server machines, which store AFS data, transfer it to client
+machines on request, and house the AFS administrative databases. To
+learn about client machines, see <A HREF="#HDRWQ54">Configuring Client Machines</A>.
+<P>If your cell has more than one AFS server machine, you can configure them
+to perform specialized functions. A machine can assume one or more of
+the roles described in the following list. For more details, see <A HREF="auagd008.htm#HDRWQ90">The Four Roles for File Server Machines</A>.
+<UL>
+<P><LI>A <I>simple file server machine</I> runs only the processes that store
+and deliver AFS files to client machines. You can run as many simple
+file server machines as you need to satisfy your cell's performance and
+disk space requirements.
+<P><LI>A <I>database server machine</I> runs the four database server
+processes that maintain AFS's replicated administrative databases:
+the Authentication, Backup, Protection, and Volume Location (VL) Server
+processes.
+<P><LI>A <I>binary distribution machine</I> distributes the AFS server
+binaries for its system type to all other server machines of that system
+type.
+<P><LI>The single <I>system control machine</I> distributes common server
+configuration files to all other server machines in the cell, in a cell that
+runs the United States edition of AFS (cells that use the international
+edition of AFS must not use the system control machine for this
+purpose). The machine conventionally also serves as the time
+synchronization source for the cell, adjusting its clock according to a time
+source outside the cell.
+</UL>
+<P>The <I>IBM AFS Quick Beginnings</I> explains how to configure your
+cell's first file server machine to assume all four roles. The
+<I>IBM AFS Quick Beginnings</I> chapter on installing additional server
+machines also explains how to configure them to perform one or more
+roles.
+<A NAME="IDX5711"></A>
+<A NAME="IDX5712"></A>
+<A NAME="IDX5713"></A>
+<A NAME="IDX5714"></A>
+<P><H3><A NAME="HDRWQ52" HREF="auagd002.htm#ToC_60">Replicating the AFS Administrative Databases</A></H3>
+<P>The AFS administrative databases are housed on database
+server machines and store information that is crucial for correct cell
+functioning. Both server processes and Cache Managers access the
+information frequently:
+<UL>
+<P><LI>Every time a Cache Manager fetches a file from a directory that it has not
+previously accessed, it must look up the file's location in the Volume
+Location Database (VLDB).
+<P><LI>Every time a user obtains an AFS token from the Authentication Server, the
+server looks up the user's password in the Authentication
+Database.
+<P><LI>The first time that a user accesses a volume housed on a specific file
+server machine, the File Server contacts the Protection Server for a list of
+the user's group memberships as recorded in the Protection
+Database.
+<P><LI>Every time you back up a volume using the AFS Backup System, the Backup
+Server creates records for it in the Backup Database.
+</UL>
+<P>Maintaining your cell is simplest if the first machine has the lowest IP
+address of any machine you plan to use as a database server machine. If
+you later decide to use a machine with a lower IP address as a database server
+machine, you must update the <B>CellServDB</B> file on all clients before
+introducing the new machine.
+<P>If your cell has more than one server machine, it is best to run more than
+one as a database server machine (but more than three are rarely
+necessary). Replicating the administrative databases in this way yields
+the same benefits as replicating volumes: increased availability and
+reliability. If one database server machine or process stops
+functioning, the information in the database is still available from
+others. The load of requests for database information is spread across
+multiple machines, preventing any one from becoming overloaded.
+<P>Unlike replicated volumes, however, replicated databases do change
+frequently. Consistent system performance demands that all copies of
+the database always be identical, so it is not acceptable to record changes in
+only some of them. To synchronize the copies of a database, the
+database server processes use AFS's distributed database technology,
+Ubik. See <A HREF="auagd008.htm#HDRWQ102">Replicating the AFS Administrative Databases</A>.
+<P>If your cell has only one file server machine, it must also serve as a
+database server machine. If you cell has two file server machines, it
+is not always advantageous to run both as database server machines. If
+a server, process, or network failure interrupts communications between the
+database server processes on the two machines, it can become impossible to
+update the information in the database because neither of them can alone elect
+itself as the synchronization site.
+<A NAME="IDX5715"></A>
+<A NAME="IDX5716"></A>
+<P><H3><A NAME="HDRWQ53" HREF="auagd002.htm#ToC_61">AFS Files on the Local Disk</A></H3>
+<P>It is generally simplest to store the binaries for all AFS
+server processes in the <B>/usr/afs/bin</B> directory on every file server
+machine, even if some processes do not actively run on the machine.
+This makes it easier to reconfigure a machine to fill a new role.
+<P>For security reasons, the <B>/usr/afs</B> directory on a file server
+machine and all of its subdirectories and files must be owned by the local
+superuser <B>root</B> and have only the first <B>w</B>
+(<B>write</B>) mode bit turned on. Some files even have only the
+first <B>r</B> (<B>read</B>) mode bit turned on (for example, the
+<B>/usr/afs/etc/KeyFile</B> file, which lists the AFS server encryption
+keys). Each time the BOS Server starts, it checks that the mode bits on
+certain files and directories match the expected values. For a list,
+see the <I>IBM AFS Quick Beginnings</I> section about protecting sensitive
+AFS directories, or the discussion of the output from the <B>bos
+status</B> command in <A HREF="auagd009.htm#HDRWQ159">To display the status of server processes and their BosConfig entries</A>.
+<P>For a description of the contents of all AFS directories on a file server
+machine's local disk, see <A HREF="auagd008.htm#HDRWQ80">Administering Server Machines</A>.
+<P><H3><A NAME="Header_62" HREF="auagd002.htm#ToC_62">Configuring Partitions to Store AFS Data</A></H3>
+<P>The partitions that house AFS volumes on a file server machine must be
+mounted at directories named
+<P><B>/vicep<VAR>index</VAR></B>
+<P>where <VAR>index</VAR> is one or two lowercase letters. By convention,
+the first AFS partition created is mounted at the <B>/vicepa</B>
+directory, the second at the <B>/vicepb</B> directory, and so on through
+the <B>/vicepz</B> directory. The names then continue with
+<B>/vicepaa</B> through <B>/vicepaz</B>, <B>/vicepba</B> through
+<B>/vicepbz</B>, and so on, up to the maximum supported number of server
+partitions, which is specified in the <I>IBM AFS Release Notes</I>.
+<P>Each <B>/vicep</B><VAR>x</VAR> directory must correspond to an entire
+partition or logical volume, and must be a subdirectory of the root directory
+( / ). It is not acceptable to configure part of (for example) the
+<B>/usr</B> partition as an AFS server partition and mount it on a
+directory called <B>/usr/vicepa</B>.
+<P>Also, do not store non-AFS files on AFS server partitions. The File
+Server and Volume Server expect to have available all of the space on the
+partition. Sharing space also creates competition between AFS and the
+local UNIX file system for access to the partition, particularly if the UNIX
+files are frequently used.
+<A NAME="IDX5717"></A>
+<A NAME="IDX5718"></A>
+<A NAME="IDX5719"></A>
+<A NAME="IDX5720"></A>
+<A NAME="IDX5721"></A>
+<P><H3><A NAME="Header_63" HREF="auagd002.htm#ToC_63">Monitoring, Rebooting and Automatic Process Restarts</A></H3>
+<P>AFS provides several tools for monitoring the File Server, including
+the <B>scout</B> and <B>afsmonitor</B> programs. You can
+configure them to alert you when certain threshold values are exceeded, for
+example when a server partition is more than 95% full. See <A HREF="auagd013.htm#HDRWQ323">Monitoring and Auditing AFS Performance</A>.
+<P>Rebooting a file server machine requires shutting down the AFS processes
+and so inevitably causes a service outage. Reboot file server machines
+as infrequently as possible. For instructions, see <A HREF="auagd008.htm#HDRWQ139">Rebooting a Server Machine</A>.
+<P>By default, the BOS Server on each file server machine stops and
+immediately restarts all AFS server processes on the machine (including
+itself) once a week, at 4:00 a.m. on Sunday. This
+reduces the potential for the core leaks that can develop as any process runs
+for an extended time.
+<P>The BOS Server also checks each morning at 5:00 a.m.
+for any newly installed binary files in the <B>/usr/afs/bin</B>
+directory. It compares the timestamp on each binary file to the time at
+which the corresponding process last restarted. If the timestamp on the
+binary is later, the BOS Server restarts the corresponding process to start
+using it.
+<P>The default times are in the early morning hours when the outage that
+results from restarting a process is likely to disturb the fewest number of
+people. You can display the restart times for each machine with the
+<B>bos getrestart</B> command, and set them with the <B>bos
+setrestart</B> command. The latter command enables you to disable
+automatic restarts entirely, by setting the time to <B>never</B>.
+See <A HREF="auagd009.htm#HDRWQ171">Setting the BOS Server's Restart Times</A>.
+<A NAME="IDX5722"></A>
+<A NAME="IDX5723"></A>
+<HR><H2><A NAME="HDRWQ54" HREF="auagd002.htm#ToC_64">Configuring Client Machines</A></H2>
+<P>This section summarizes issues to consider as you install and
+configure client machines in your cell.
+<A NAME="IDX5724"></A>
+<A NAME="IDX5725"></A>
+<A NAME="IDX5726"></A>
+<P><H3><A NAME="HDRWQ55" HREF="auagd002.htm#ToC_65">Configuring the Local Disk</A></H3>
+<P>You can often free up significant amounts of local disk space
+on AFS client machines by storing standard UNIX files in AFS and creating
+symbolic links to them from the local disk. The <B>@sys</B>
+pathname variable can be useful in links to system-specific files; see <A HREF="#HDRWQ56">Using the @sys Variable in Pathnames</A>.
+<P>There are two types of files that must actually reside on the local
+disk: boot sequence files needed before the <B>afsd</B> program is
+invoked, and files that can be helpful during file server machine
+outages.
+<P>During a reboot, AFS is inaccessible until the <B>afsd</B> program
+executes and initializes the Cache Manager. (In the conventional
+configuration, the AFS initialization file is included in the machine's
+initialization sequence and invokes the <B>afsd</B> program.) Files
+needed during reboot prior to that point must reside on the local disk.
+They include the following, but this list is not necessarily
+exhaustive.
+<UL>
+<P><LI>Standard UNIX utilities including the following or their
+equivalents:
+<UL>
+<P><LI>Machine initialization files (stored in the <B>/etc</B> or
+<B>/sbin</B> directory on many system types)
+<P><LI>The <B>fstab</B> file
+<P><LI>The <B>mount</B> command binary
+<P><LI>The <B>umount</B> command binary
+</UL>
+<P><LI>All subdirectories and files in the <B>/usr/vice</B> directory,
+including the following:
+<UL>
+<P><LI>The <B>/usr/vice/cache</B> directory
+<P><LI>The <B>/usr/vice/etc/afsd</B> command binary
+<P><LI>The <B>/usr/vice/etc/cacheinfo</B> file
+<P><LI>The <B>/usr/vice/etc/CellServDB</B> file
+<P><LI>The <B>/usr/vice/etc/ThisCell</B> file
+</UL>
+<P>For more information on these files, see <A HREF="auagd015.htm#HDRWQ391">Configuration and Cache-Related Files on the Local Disk</A>.
+</UL>
+<P>The other type of files and programs to retain on the local disk are those
+you need when diagnosing and fixing problems caused by a file server outage,
+because the outage can make inaccessible the copies stored in AFS.
+Examples include the binaries for a text editor (such as <B>ed</B> or
+<B>vi</B>) and for the <B>fs</B> and <B>bos</B> commands.
+Store copies of AFS command binaries in the <B>/usr/vice/etc</B> directory
+as well as including them in the <B>/usr/afsws</B> directory, which is
+normally a link into AFS. Then place the <B>/usr/afsws</B>
+directory before the <B>/usr/vice/etc</B> directory in users'
+<TT>PATH</TT> environment variable definition. When AFS is
+functioning normally, users access the copy in the <B>/usr/afsws</B>
+directory, which is more likely to be current than a local copy.
+<P>You can automate the configuration of client machine local disks by using
+the <B>package</B> program, which updates the contents of the local disk
+to match a configuration file. See <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.
+<A NAME="IDX5727"></A>
+<P><H3><A NAME="Header_66" HREF="auagd002.htm#ToC_66">Enabling Access to Foreign Cells</A></H3>
+<P>As detailed in <A HREF="#HDRWQ39">Making Other Cells Visible in Your Cell</A>, you enable the Cache Manager to access a cell's
+AFS filespace by storing a list of the cell's database server machines in
+the local <B>/usr/vice/etc/CellServDB</B> file. The Cache Manager
+reads the list into kernel memory at reboot for faster retrieval. You
+can change the list in kernel memory between reboots by using the <B>fs
+newcell</B> command. It is often practical to store a central version
+of the <B>CellServDB</B> file in AFS and use the <B>package</B>
+program periodically to update each client's version with the source
+copy. See <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P>Because each client machine maintains its own copy of the
+<B>CellServDB</B> file, you can in theory enable access to different
+foreign cells on different client machines. This is not usually
+practical, however, especially if users do not always work on the same
+machine.
+<A NAME="IDX5728"></A>
+<A NAME="IDX5729"></A>
+<A NAME="IDX5730"></A>
+<P><H3><A NAME="HDRWQ56" HREF="auagd002.htm#ToC_67">Using the @sys Variable in Pathnames</A></H3>
+<P>When creating symbolic links into AFS on the local disk, it
+is often practical to use the <VAR>@sys</VAR> variable in pathnames. The
+Cache Manager automatically substitutes the local machine's AFS system
+name (CPU/operating system type) for the <VAR>@sys</VAR> variable. This
+means you can place the same links on machines of various system types and
+still have each machine access the binaries for its system type. For
+example, the Cache Manager on a machine running AIX 4.2 converts
+<B>/afs/abc.com/@sys</B> to
+<B>/afs/abc.com/rs_aix42</B>, whereas a machine running Solaris 7
+converts it to <B>/afs/abc.com/sun4x_57</B>.
+<P>If you want to use the <VAR>@sys</VAR> variable, it is simplest to use the
+conventional AFS system type names as specified in the <I>IBM AFS Release
+Notes</I>. The Cache Manager records the local machine's system
+type name in kernel memory during initialization. If you do not use the
+conventional names, you must use the <B>fs sysname</B> command to change
+the value in kernel memory from its default just after Cache Manager
+initialization, on every client machine of the relevant system type.
+The <B>fs sysname</B> command also displays the current value; see <A HREF="auagd015.htm#HDRWQ417">Displaying and Setting the System Type Name</A>.
+<P>In pathnames in the AFS filespace itself, use the <VAR>@sys</VAR> variable
+carefully and sparingly, because it can lead to unexpected results. It
+is generally best to restrict its use to only one level in the
+filespace. The third level is a common choice, because that is where
+many cells store the binaries for different machine types.
+<P>Multiple instances of the <VAR>@sys</VAR> variable in a pathname are
+especially dangerous to people who must explicitly change directories (with
+the <B>cd</B> command, for example) into directories that store binaries
+for system types other than the machine on which they are working, such as
+administrators or developers who maintain those directories. After
+changing directories, it is recommended that such people verify they are in
+the desired directory.
+<P><H3><A NAME="Header_68" HREF="auagd002.htm#ToC_68">Setting Server Preferences</A></H3>
+<P>The Cache Manager stores a table of preferences for file server
+machines in kernel memory. A preference rank pairs a file server
+machine interface's IP address with an integer in the range from 1 to
+65,534. When it needs to access a file, the Cache Manager compares the
+ranks for the interfaces of all machines that house the file, and first
+attempts to access the file via the interface with the best rank. As it
+initializes, the Cache Manager sets default ranks that bias it to access files
+via interfaces that are close to it in terms of network topology. You
+can adjust the preference ranks to improve performance if you wish.
+<P>The Cache Manager also uses similar preferences for Volume Location (VL)
+Server machines. Use the <B>fs getserverprefs</B> command to
+display preference ranks and the <B>fs setserverprefs</B> command to set
+them. See <A HREF="auagd015.htm#HDRWQ414">Maintaining Server Preference Ranks</A>.
+<A NAME="IDX5731"></A>
+<HR><H2><A NAME="HDRWQ57" HREF="auagd002.htm#ToC_69">Configuring AFS User Accounts</A></H2>
+<P>This section discusses some of the issues to consider when
+configuring AFS user accounts. Because AFS is separate from the UNIX
+file system, a user's AFS account is separate from her UNIX
+account.
+<P>The preferred method for creating a user account is with the <B>uss</B>
+suite of commands. With a single command, you can create all the
+components of one or many accounts, after you have prepared a template file
+that guides the account creation. See <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A>.
+<P>Alternatively, you can issue the individual commands that create each
+component of an account. For instructions, along with instructions for
+removing user accounts and changing user passwords, user volume quotas and
+usernames, see <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>.
+<P>When users leave your system, it is often good policy to remove their
+accounts. Instructions appear in <A HREF="auagd017.htm#HDRWQ486">Deleting Individual Accounts with the uss delete Command</A> and <A HREF="auagd018.htm#HDRWQ524">Removing a User Account</A>.
+<P>An AFS user account consists of the following components, which are
+described in greater detail in <A HREF="auagd018.htm#HDRWQ494">The Components of an AFS User Account</A>.
+<UL>
+<P><LI>A Protection Database entry
+<P><LI>An Authentication Database entry
+<P><LI>A volume
+<P><LI>A home directory at which the volume is mounted
+<P><LI>Ownership of the home directory and full permissions on its ACL
+<P><LI>An entry in the local password file (<B>/etc/passwd</B> or equivalent)
+of each machine the user needs to log into
+<P><LI>Optionally, standard files and subdirectories that make the account more
+useful
+</UL>
+<P>By creating some components but not others, you can create accounts at
+different levels of functionality, using either <B>uss</B> commands as
+described in <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A> or individual commands as described in <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>. The levels of functionality include
+the following
+<UL>
+<P><LI>An <I>authentication-only account</I> enables the user to obtain AFS
+tokens and so to access protected AFS data and to issue privileged
+commands. It consists only of entries in the Authentication and
+Protection Database. This type of account is suitable for
+administrative accounts and for users from foreign cells who need to access
+protected data. Local users generally also need a volume and home
+directory.
+<P><LI>A <I>basic user account</I> includes a volume for the user, in
+addition to Authentication and Protection Database entries. The volume
+is mounted in the AFS filespace as the user's home directory, and
+provides a repository for the user's personal files.
+<P><LI>A <I>full account</I> adds configuration files for basic functions
+such as logging in, printing, and mail delivery to a basic account, making it
+more convenient and useful. For a discussion of some useful types of
+configuration files, see <A HREF="#HDRWQ60">Creating Standard Files in New AFS Accounts</A>.
+</UL>
+<P>If your users have UNIX user accounts that predate the introduction of AFS
+in the cell, you possibly want to convert them into AFS accounts. There
+are three main issues to consider:
+<UL>
+<P><LI>Making UNIX and AFS UIDs match
+<P><LI>Setting the password field in the local password file appropriately
+<P><LI>Moving files from the UNIX file system into AFS
+</UL>
+<P>For further discussion, see <A HREF="auagd017.htm#HDRWQ459">Converting Existing UNIX Accounts with uss</A> or <A HREF="auagd018.htm#HDRWQ498">Converting Existing UNIX Accounts</A>.
+<A NAME="IDX5732"></A>
+<A NAME="IDX5733"></A>
+<A NAME="IDX5734"></A>
+<A NAME="IDX5735"></A>
+<A NAME="IDX5736"></A>
+<P><H3><A NAME="HDRWQ58" HREF="auagd002.htm#ToC_70">Choosing Usernames and Naming Other Account Components</A></H3>
+<P>This section suggests schemes for choosing usernames, AFS
+UIDs, user volume names and mount point names, and also outlines some
+restrictions on your choices.
+<P><B>Usernames</B>
+<P>AFS imposes very few restrictions on the form of usernames. It is
+best to keep usernames short, both because many utilities and applications can
+handle usernames of no more than eight characters and because by convention
+many components of and AFS account incorporate the name. These include
+the entries in the Protection and Authentication Databases, the volume, and
+the mount point. Depending on your electronic mail delivery system, the
+username can become part of the user's mailing address. The
+username is also the string that the user types when logging in to a client
+machine.
+<P>Some common choices for usernames are last names, first names, initials, or
+a combination, with numbers sometimes added. It is also best to avoid
+using the following characters, many of which have special meanings to the
+command shell.
+<UL>
+<P><LI>The comma ( <B>,</B> )
+<P><LI>The colon ( <B>:</B> ), because AFS reserves it as a field
+separator in protection group names; see <A HREF="#HDRWQ62">The Two Types of User-Defined Groups</A>
+<P><LI>The semicolon ( <B>;</B> )
+<P><LI>The "at-sign" ( <B>@</B> ); this character is reserved for
+Internet mailing addresses
+<P><LI>Spaces
+<P><LI>The newline character
+<P><LI>The period ( <B>.</B> ); it is conventional to use this
+character only in the special username that an administrator adopts while
+performing privileged tasks, such as <B>pat.admin</B>
+</UL>
+<P><B>AFS UIDs and UNIX UIDs</B>
+<P>AFS associates a unique identification number, the <I>AFS UID</I>, with
+every username, recording the mapping in the user's Protection Database
+entry. The AFS UID functions within AFS much as the UNIX UID does in
+the local file system: the AFS server processes and the Cache Manager
+use it internally to identify a user, rather than the username.
+<P>Every AFS user also must have a UNIX UID recorded in the local password
+file (<B>/etc/passwd</B> or equivalent) of each client machine they log
+onto. Both administration and a user's AFS access are simplest if
+the AFS UID and UNIX UID match. One important consequence of matching
+UIDs is that the owner reported by the <B>ls -l</B> command matches the
+AFS username.
+<P>It is usually best to allow the Protection Server to allocate the AFS UID
+as it creates the Protection Database entry. However, both the <B>pts
+createuser</B> command and the <B>uss</B> commands that create user
+accounts enable you to assign AFS UIDs explicitly. This is appropriate
+in two cases:
+<UL>
+<P><LI>You wish to group together the AFS UIDs of related users
+<P><LI>You are converting an existing UNIX account into an AFS account and want
+to make the AFS UID match the existing UNIX UID
+</UL>
+<P>After the Protection Server initializes for the first time on a cell's
+first file server machine, it starts assigning AFS UIDs at a default
+value. To change the default before creating any user accounts, or at
+any time, use the <B>pts setmax</B> command to reset the <TT>max user
+id</TT> counter. To display the counter, use the <B>pts
+listmax</B> command. See <A HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<P>AFS reserves one AFS UID, 32766, for the user <B>anonymous</B>.
+The AFS server processes assign this identity and AFS UID to any user who does
+not possess a token for the local cell. Do not assign this AFS UID to
+any other user or hardcode its current value into any programs or a
+file's owner field, because it is subject to change in future
+releases.
+<A NAME="IDX5737"></A>
+<A NAME="IDX5738"></A>
+<P><B>User Volume Names</B>
+<P>Like any volume name, a user volume's base (read/write) name cannot
+exceed 22 characters in length or include the <B>.readonly</B> or
+<B>.backup</B> extension. See <A HREF="#HDRWQ44">Creating Volumes to Simplify Administration</A>. By convention, user volume names have the format
+<B>user.</B><VAR>username</VAR>. Using the
+<B>user.</B> prefix not only makes it easy to identify the
+volume's contents, but also to create a backup version of all user
+volumes by issuing a single <B>vos backupsys</B> command.
+<A NAME="IDX5739"></A>
+<A NAME="IDX5740"></A>
+<P><B>Mount Point Names</B>
+<P>By convention, the mount point for a user's volume is named after the
+username. Many cells follow the convention of mounting user volumes in
+the <B>/afs/</B><VAR>cellname</VAR><B>/usr</B> directory, as discussed
+in <A HREF="#HDRWQ43">The Third Level</A>. Very large cells sometimes find that mounting all
+user volumes in the same directory slows directory lookup, however; for
+suggested alternatives, see the following section.
+<A NAME="IDX5741"></A>
+<A NAME="IDX5742"></A>
+<P><H3><A NAME="HDRWQ59" HREF="auagd002.htm#ToC_71">Grouping Home Directories</A></H3>
+<P>Mounting user volumes in the
+<B>/afs/</B><VAR>cellname</VAR><B>/usr</B> directory is an
+AFS-appropriate variation on the standard UNIX practice of putting user home
+directories under the <B>/usr</B> subdirectory. However, cells with
+more than a few hundred users sometimes find that mounting all user volumes in
+a single directory results in slow directory lookup. The solution is to
+distribute user volume mount points into several directories; there are a
+number of alternative methods to accomplish this.
+<UL>
+<P><LI>Distribute user home directories into multiple directories that reflect
+organizational divisions, such as academic or corporate departments.
+For example, a company can create group directories called
+<B>usr/marketing</B>, <B>usr/research</B>,
+<B>usr/finance</B>. A good feature of this scheme is that knowing a
+user's department is enough to find the user's home
+directory. Also, it makes it easy to set the ACL to limit access to
+members of the department only. A potential drawback arises if
+departments are of sufficiently unequal size that users in large departments
+experience slower lookup than users in small departments. This scheme
+is also not appropriate in cells where users frequently change between
+divisions.
+<P><LI>Distribute home directories into alphabetic subdirectories of the
+<B>usr</B> directory (the <B>usr/a</B> subdirectory, the
+<B>usr/b</B> subdirectory, and so on), based on the first letter of the
+username. If the cell is very large, create subdirectories under each
+letter that correspond to the second letter in the user name. This
+scheme has the same advantages and disadvantages of a department-based
+scheme. Anyone who knows the user's username can find the
+user's home directory, but users with names that begin with popular
+letters sometimes experience slower lookup.
+<P><LI>Distribute home directories randomly but evenly into more than one
+grouping directory. One cell that uses this scheme has over twenty such
+directories called the <B>usr1</B> directory, the <B>usr2</B>
+directory, and so on. This scheme is especially appropriate in cells
+where the other two schemes do not seem feasible. It eliminates the
+potential problem of differences in lookup speed, because all directories are
+about the same size. Its disadvantage is that there is no way to guess
+which directory a given user's volume is mounted in, but a solution is to
+create a symbolic link in the regular <B>usr</B> directory that references
+the actual mount point. For example, if user <B>smith</B>'s
+volume is mounted at the <B>/afs/bigcell.com/usr17/smith</B>
+directory, then the <B>/afs/bigcell.com/usr/smith</B> directory is
+a symbolic link to the <B>../usr17/smith</B>
+directory. This way, if someone does not know which directory the user
+<B>smith</B> is in, he or she can access it through the link called
+<B>usr/smith</B>; people who do know the appropriate directory save
+lookup time by specifying it.
+</UL>
+<P>For instructions on how to implement the various schemes when using the
+<B>uss</B> program to create user accounts, see <A HREF="auagd017.htm#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A> and <A HREF="auagd017.htm#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P><H3><A NAME="Header_72" HREF="auagd002.htm#ToC_72">Making a Backup Version of User Volumes Available</A></H3>
+<P>Mounting the backup version of a user's volume is a simple way to
+enable users themselves to restore data they have accidentally removed or
+deleted. It is conventional to mount the backup version at a
+subdirectory of the user's home directory (called perhaps the
+<B>OldFiles</B> subdirectory), but other schemes are possible. Once
+per day you create a new backup version to capture the changes made that day,
+overwriting the previous day's backup version with the new one.
+Users can always retrieve the previous day's copy of a file without your
+assistance, freeing you to deal with more pressing tasks.
+<P>Users sometimes want to delete the mount point to their backup volume,
+because they erroneously believe that the backup volume's contents count
+against their quota. Remind them that the backup volume is separate, so
+the only space it uses in the user volume is the amount needed for the mount
+point.
+<P>For further discussion of backup volumes, see <A HREF="#HDRWQ77">Backing Up AFS Data</A> and <A HREF="auagd010.htm#HDRWQ201">Creating Backup Volumes</A>.
+<A NAME="IDX5743"></A>
+<A NAME="IDX5744"></A>
+<A NAME="IDX5745"></A>
+<P><H3><A NAME="HDRWQ60" HREF="auagd002.htm#ToC_73">Creating Standard Files in New AFS Accounts</A></H3>
+<P>From your experience as a UNIX administrator, you are
+probably familiar with the use of login and shell initialization files (such
+as the <B>.login</B> and <B>.cshrc</B> files) to make an
+account easier to use.
+<P>It is often practical to add some AFS-specific directories to the
+definition of the user's <TT>PATH</TT> environment variable, including
+the following:
+<UL>
+<P><LI>The path to a <B>bin</B> subdirectory in the user's home
+directory for binaries the user has created (that is,
+<B>/afs/<VAR>cellname</VAR><B>/usr/</B>
+<VAR>username</VAR><B>/bin</B>)</B>
+<P><LI>The <B>/usr/afsws/bin</B> path, which conventionally includes programs
+like <B>fs</B>, <B>klog</B>, <B>kpasswd</B>, <B>pts</B>,
+<B>tokens</B>, and <B>unlog</B>
+<P><LI>The <B>/usr/afsws/etc</B> path, if the user is an administrator;
+it usually houses the AFS command suites that require privilege (the
+<B>backup</B>, <B>butc</B>, <B>kas</B>, <B>uss</B>,
+<B>vos</B> commands), the <B>package</B> program, and others
+</UL>
+<P>If you are not using an AFS-modified login utility, it can be helpful to
+users to invoke the <B>klog</B> command in their <B>.login</B>
+file so that they obtain AFS tokens as part of logging in. In the
+following example command sequence, the first line echoes the string
+<TT>klog</TT> to the standard output stream, so that the user understands
+the purpose of the <TT>Password:</TT> prompt that appears when the
+second line is executed. The <B>-setpag</B> flag associates the new
+tokens with a process authentication group (PAG), which is discussed further
+in <A HREF="#HDRWQ64">Identifying AFS Tokens by PAG</A>.
+<PRE> echo -n "klog "
+ klog -setpag
+</PRE>
+<P>The following sequence of commands has a similar effect, except that the
+<B>pagsh</B> command forks a new shell with which the PAG and tokens are
+associated.
+<PRE> pagsh
+ echo -n "klog "
+ klog
+</PRE>
+<P>If you use an AFS-modified login utility, this sequence is not necessary,
+because such utilities both log a user in locally and obtain AFS
+tokens.
+<A NAME="IDX5746"></A>
+<A NAME="IDX5747"></A>
+<A NAME="IDX5748"></A>
+<A NAME="IDX5749"></A>
+<HR><H2><A NAME="HDRWQ61" HREF="auagd002.htm#ToC_74">Using AFS Protection Groups</A></H2>
+<P>AFS enables users to define their own <I>groups</I> of
+other users or machines. The groups are placed on ACLs to grant the
+same permissions to many users without listing each user individually.
+For group creation instructions, see <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P>Groups have AFS ID numbers, just as users do, but an AFS group ID (GID) is
+a negative integer whereas a user's AFS UID is a positive integer.
+By default, the Protection Server allocates a new group's AFS GID
+automatically, but members of the <B>system:administrators</B> group
+can assign a GID when issuing the <B>pts creategroup</B> command.
+Before explicitly assigning a GID, it is best to verify that it is not already
+in use.
+<P>A group cannot belong to another group, but it can own another group or
+even itself as long as it (the owning group) has at least one member.
+The current owner of a group can transfer ownership of the group to another
+user or group, even without the new owner's permission. At that
+point the former owner loses administrative control over the group.
+<P>By default, each user can create 20 groups. A system administrator
+can increase or decrease this group creation quota with the <B>pts
+setfields</B> command.
+<P>Each Protection Database entry (group or user) is protected by a set of
+five <I>privacy flags</I>which limit who can administer the entry and what
+they can do. The default privacy flags are fairly restrictive,
+especially for user entries. See <A HREF="auagd019.htm#HDRWQ559">Setting the Privacy Flags on Database Entries</A>.
+<A NAME="IDX5750"></A>
+<A NAME="IDX5751"></A>
+<A NAME="IDX5752"></A>
+<A NAME="IDX5753"></A>
+<P><H3><A NAME="Header_75" HREF="auagd002.htm#ToC_75">The Three System Groups</A></H3>
+<P>As the Protection Server initializes for the first time on a
+cell's first database server machine, it automatically creates three
+group entries: the <B>system:anyuser</B>,
+<B>system:authuser</B>, and <B>system:administrators</B>
+groups.
+<A NAME="IDX5754"></A>
+<P>The first two system groups are unlike any other groups in the Protection
+Database in that they do not have a stable membership:
+<UL>
+<P><LI>The <B>system:anyuser</B> group includes everyone who can access
+a cell's AFS filespace: users who have tokens for the local cell,
+users who have logged in on a local AFS client machine but not obtained tokens
+(such as the local superuser <B>root</B>), and users who have connected to
+a local machine from outside the cell. Placing the
+<B>system:anyuser</B> group on an ACL grants access to the widest
+possible range of users. It is the only way to extend access to users
+from foreign AFS cells that do not have local accounts.
+<P><LI>The <B>system:authuser</B> group includes everyone who has a
+valid token obtained from the cell's AFS authentication service.
+</UL>
+<P>Because the groups do not have a stable membership, the <B>pts
+membership</B> command produces no output for them. Similarly, they
+do not appear in the list of groups to which a user belongs.
+<P>The <B>system:administrators</B> group does have a stable
+membership, consisting of the cell's privileged administrators.
+Members of this group can issue any <B>pts</B> command, and are the only
+ones who can issue several other restricted commands (such as the
+<B>chown</B> command on AFS files). By default, they also
+implicitly have the <B>a</B> (<B>administer</B>) and <B>l</B>
+(<B>lookup</B>) permissions on every ACL in the filespace. For
+information about changing this default, see <A HREF="auagd021.htm#HDRWQ586">Administering the system:administrators Group</A>.
+<P>For a discussion of how to use system groups effectively on ACLs, see <A HREF="auagd020.htm#HDRWQ571">Using Groups on ACLs</A>.
+<P><H3><A NAME="HDRWQ62" HREF="auagd002.htm#ToC_76">The Two Types of User-Defined Groups</A></H3>
+<P>All users can create <I>regular</I> groups. A
+regular group name has two fields separated by a colon, the first of which
+must indicate the group's ownership. The Protection Server refuses
+to create or change the name of a group if the result does not accurately
+indicate the ownership.
+<P>Members of the <B>system:administrators</B> group can create
+<I>prefix-less</I> groups whose names do not have the first field that
+indicates ownership. For suggestions on using the two types of groups
+effectively, see <A HREF="auagd019.htm#HDRWQ545">Using Groups Effectively</A>.
+<A NAME="IDX5755"></A>
+<A NAME="IDX5756"></A>
+<HR><H2><A NAME="HDRWQ63" HREF="auagd002.htm#ToC_77">Login and Authentication in AFS</A></H2>
+<P>As explained in <A HREF="#HDRWQ31">Differences in Authentication</A>, AFS authentication is separate from UNIX
+authentication because the two file systems are separate. The
+separation has two practical implications:
+<UL>
+<P><LI>To access AFS files, users must both log into the local file system and
+authenticate with the AFS authentication service. (Logging into the
+local file system is necessary because the only way to access the AFS
+filespace is through a Cache Manager, which resides in the local
+machine's kernel.)
+<P><LI>Passwords are stored in two separate places: in the Authentication
+Database for AFS and in the each machine's local password file (the
+<B>/etc/passwd</B> file or equivalent) for the local file system.
+</UL>
+<P>When a user successfully authenticates, the AFS authentication service
+passes a <I>token</I> to the user's Cache Manager. The token
+is a small collection of data that certifies that the user has correctly
+provided the password associated with a particular AFS identity. The
+Cache Manager presents the token to AFS server processes along with service
+requests, as proof that the user is genuine. To learn about the mutual
+authentication procedure they use to establish identity, see <A HREF="#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.
+<P>The Cache Manager stores tokens in the user's credential structure in
+kernel memory. To distinguish one user's credential structure from
+another's, the Cache Manager identifies each one either by the
+user's UNIX UID or by a <I>process authentication group</I>
+(<I>PAG</I>), which is an identification number guaranteed to be unique in
+the cell. For further discussion, see <A HREF="#HDRWQ64">Identifying AFS Tokens by PAG</A>.
+<A NAME="IDX5757"></A>
+<P>A user can have only one token per cell in each separately identified
+credential structure. To obtain a second token for the same cell, the
+user must either log into a different machine or obtain another credential
+structure with a different identifier than any existing credential structure,
+which is most easily accomplished by issuing the <B>pagsh</B> command (see
+<A HREF="#HDRWQ64">Identifying AFS Tokens by PAG</A>). In a single credential structure, a user can have
+one token for each of many cells at the same time. As this implies,
+authentication status on one machine or PAG is independent of authentication
+status on another machine or PAG, which can be very useful to a user or system
+administrator.
+<P>The AFS distribution includes library files that enable each system
+type's login utility to authenticate users with AFS and log them into the
+local file system in one step. If you do not configure an AFS-modified
+login utility on a client machine, its users must issue the <B>klog</B>
+command to authenticate with AFS after logging in.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The AFS-modified libraries do not necessarily support all features available
+in an operating system's proprietary login utility. In some cases,
+it is not possible to support a utility at all. For more information
+about the supported utilities in each AFS version, see the <I>IBM AFS
+Release Notes</I>.
+</TD></TR></TABLE>
+<A NAME="IDX5758"></A>
+<A NAME="IDX5759"></A>
+<A NAME="IDX5760"></A>
+<A NAME="IDX5761"></A>
+<A NAME="IDX5762"></A>
+<A NAME="IDX5763"></A>
+<A NAME="IDX5764"></A>
+<P><H3><A NAME="HDRWQ64" HREF="auagd002.htm#ToC_78">Identifying AFS Tokens by PAG</A></H3>
+<P>As noted, the Cache Manager identifies user credential
+structures either by UNIX UID or by PAG. Using a PAG is preferable
+because it guaranteed to be unique: the Cache Manager allocates it based
+on a counter that increments with each use. In contrast, multiple users
+on a machine can share or assume the same UNIX UID, which creates potential
+security problems. The following are two common such situations:
+<UL>
+<P><LI>The local superuser <B>root</B> can always assume any other
+user's UNIX UID simply by issuing the <B>su</B> command, without
+providing the user's password. If the credential structure is
+associated with the user's UNIX UID, then assuming the UID means
+inheriting the AFS tokens.
+<P><LI>Two users working on different NFS client machines can have the same UNIX
+UID in their respective local file systems. If they both access the
+same NFS/AFS Translator machine, and the Cache Manager there identifies them
+by their UNIX UID, they become indistinguishable. To eliminate this
+problem, the Cache Manager on a translator machine automatically generates a
+PAG for each user and uses it, rather than the UNIX UID, to tell users
+apart.
+</UL>
+<P>Yet another advantage of PAGs over UIDs is that processes spawned by the
+user inherit the PAG and so share the token; thus they gain access to AFS
+as the authenticated user. In many environments, for example, printer
+and other daemons run under identities (such as the local superuser
+<B>root</B>) that the AFS server processes recognize only as the
+<B>anonymous</B> user. Unless PAGs are used, such daemons cannot
+access files for which the <B>system:anyuser</B> group does not have
+the necessary ACL permissions.
+<P>Once a user has a PAG, any new tokens the user obtains are associated with
+the PAG. The PAG expires two hours after any associated tokens expire
+or are discarded. If the user issues the <B>klog</B> command before
+the PAG expires, the new token is associated with the existing PAG (the PAG is
+said to be <I>recycled</I> in this case).
+<P>AFS-modified login utilities automatically generate a PAG, as described in
+the following section. If you use a standard login utility, your users
+must issue the <B>pagsh</B> command before the <B>klog</B> command, or
+include the latter command's <B>-setpag</B> flag. For
+instructions, see <A HREF="#HDRWQ69">Using Two-Step Login and Authentication</A>.
+<P>Users can also use either command at any time to create a new PAG.
+The difference between the two commands is that the <B>klog</B> command
+replaces the PAG associated with the current command shell and tokens.
+The <B>pagsh</B> command initializes a new command shell before creating a
+new PAG. If the user already had a PAG, any running processes or jobs
+continue to use the tokens associated with the old PAG whereas any new jobs or
+processes use the new PAG and its associated tokens. When you exit the
+new shell (by pressing <<B>Ctrl-d</B>>, for example), you return to the
+original PAG and shell. By default, the <B>pagsh</B> command
+initializes a Bourne shell, but you can include the <B>-c</B> argument to
+initialize a C shell (the <B>/bin/csh</B> program on many system types) or
+Korn shell (the <B>/bin/ksh</B> program) instead.
+<A NAME="IDX5765"></A>
+<P><H3><A NAME="HDRWQ65" HREF="auagd002.htm#ToC_79">Using an AFS-modified login Utility</A></H3>
+<P>As previously mentioned, an AFS-modified login utility
+simultaneously obtains an AFS token and logs the user into the local file
+system. This section outlines the login and authentication process and
+its interaction with the value in the password field of the local password
+file.
+<P>An AFS-modified login utility performs a sequence of steps similar to the
+following; details can vary for different operating systems:
+<OL TYPE=1>
+<P><LI>It checks the user's entry in the local password file (the
+<B>/etc/passwd</B> file or equivalent).
+<P><LI>If no entry exists, or if an asterisk ( <TT>*</TT> ) appears in the
+entry's password field, the login attempt fails. If the entry
+exists, the attempt proceeds to the next step.
+<P><LI><A NAME="LIWQ66"></A>The utility obtains a PAG.
+<P><LI><A NAME="LIWQ67"></A>The utility converts the password provided by the user into an
+encryption key and encrypts a packet of data with the key. It sends the
+packet to the AFS authentication service (the AFS Authentication Server in the
+conventional configuration).
+<P><LI>The authentication service decrypts the packet and, depending on the
+success of the decryption, judges the password to be correct or
+incorrect. (For more details, see <A HREF="#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.)
+<UL>
+<P><LI>If the authentication service judges the password incorrect, the user does
+not receive an AFS token. The PAG is retained, ready to be associated
+with any tokens obtained later. The attempt proceeds to Step <A HREF="#LIWQ68">6</A>.
+<P><LI>If the authentication service judges the password correct, it issues a
+token to the user as proof of AFS authentication. The login utility
+logs the user into the local UNIX file system. Some login utilities
+echo the following banner to the screen to alert the user to authentication
+with AFS. Step <A HREF="#LIWQ68">6</A> is skipped.
+<PRE> AFS(R) <VAR>version</VAR> Login
+</PRE>
+</UL>
+<P><LI><A NAME="LIWQ68"></A>If no AFS token was granted in Step <A HREF="#LIWQ67">4</A>, the login utility attempts to log the user into the local
+file system, by comparing the password provided to the local password
+file.
+<UL>
+<P><LI>If the password is incorrect or any value other than an encrypted
+13-character string appears in the password field, the login attempt
+fails.
+<P><LI>If the password is correct, the user is logged into the local file system
+only.
+</UL>
+</OL>
+<A NAME="IDX5766"></A>
+<A NAME="IDX5767"></A>
+<A NAME="IDX5768"></A>
+<P>As indicated, when you use an AFS-modified login utility, the password
+field in the local password file is no longer the primary gate for access to
+your system. If the user provides the correct AFS password, then the
+program never consults the local password file. However, you can still
+use the password field to control access, in the following way:
+<UL>
+<P><LI>To prevent both local login and AFS authentication, place an asterisk (
+<B>*</B> ) in the field. This is useful mainly in emergencies, when
+you want to prevent a certain user from logging into the machine.
+<P><LI>To prevent login to the local file system if the user does not provide the
+correct AFS password, place a character string of any length other than the
+standard thirteen characters in the field. This is appropriate if you
+want to permit only people with local AFS accounts to login on your
+machines. A single <B>X</B> or other character is the most easily
+recognizable way to do this.
+<P><LI>To enable a user to log into the local file system even after providing an
+incorrect AFS password, record a standard UNIX encrypted password in the field
+by issuing the standard UNIX password-setting command (<B>passwd</B> or
+equivalent).
+</UL>
+<P>Systems that use a Pluggable Authentication Module (PAM) for login and AFS
+authentication do not necessarily consult the local password file at all, in
+which case they do not use the password field to control authentication and
+login attempts. Instead, instructions in the PAM configuration file (on
+many system types, <B>/etc/pam.conf</B>) fill the same
+function. See the instructions in the <I>IBM AFS Quick
+Beginnings</I> for installing AFS-modified login utilities.
+<A NAME="IDX5769"></A>
+<P><H3><A NAME="HDRWQ69" HREF="auagd002.htm#ToC_80">Using Two-Step Login and Authentication</A></H3>
+<P>In cells that do not use an AFS-modified login utility, users
+must issue separate commands to login and authenticate, as detailed in the
+<I>IBM AFS User Guide</I>:
+<OL TYPE=1>
+<P><LI>They use the standard <B>login</B> program to login to the local file
+system, providing the password listed in the local password file (the
+<B>/etc/passwd</B> file or equivalent).
+<P><LI>They must issue the <B>klog</B> command to authenticate with the AFS
+authentication service, including its <B>-setpag</B> flag to associate the
+new tokens with a process authentication group (PAG).
+</OL>
+<P>As mentioned in <A HREF="#HDRWQ60">Creating Standard Files in New AFS Accounts</A>, you can invoke the <B>klog -setpag</B> command in a
+user's <B>.login</B> file (or equivalent) so that the user
+does not have to remember to issue the command after logging in. The
+user still must type a password twice, once at the prompt generated by the
+login utility and once at the <B>klog</B> command's prompt.
+This implies that the two passwords can differ, but it is less confusing if
+they do not.
+<P>Another effect of not using an AFS-modified login utility is that the AFS
+servers recognize the standard <B>login</B> program as the
+<B>anonymous</B> user. If the <B>login</B> program needs to
+access any AFS files (such as the <B>.login</B> file in a
+user's home directory), then the ACL that protects the file must include
+an entry granting the <B>l</B> (<B>lookup</B>) and <B>r</B>
+(<B>read</B>) permissions to the <B>system:anyuser</B>
+group.
+<P>When you do not use an AFS-modified login utility, an actual (scrambled)
+password must appear in the local password file for each user. Use the
+<B>/bin/passwd</B> file to insert or change these passwords. It is
+simpler if the password in the local password file matches the AFS password,
+but it is not required.
+<A NAME="IDX5770"></A>
+<A NAME="IDX5771"></A>
+<A NAME="IDX5772"></A>
+<A NAME="IDX5773"></A>
+<A NAME="IDX5774"></A>
+<A NAME="IDX5775"></A>
+<A NAME="IDX5776"></A>
+<A NAME="IDX5777"></A>
+<A NAME="IDX5778"></A>
+<A NAME="IDX5779"></A>
+<A NAME="IDX5780"></A>
+<A NAME="IDX5781"></A>
+<A NAME="IDX5782"></A>
+<A NAME="IDX5783"></A>
+<P><H3><A NAME="Header_81" HREF="auagd002.htm#ToC_81">Obtaining, Displaying, and Discarding Tokens</A></H3>
+<P>Once logged in, a user can obtain a token at any time with the
+<B>klog</B> command. If a valid token already exists, the new one
+overwrites it. If a PAG already exists, the new token is associated
+with it.
+<P>By default, the <B>klog</B> command authenticates the issuer using the
+identity currently logged in to the local file system. To authenticate
+as a different identity, use the <B>-principal</B> argument. To
+obtain a token for a foreign cell, use the <B>-cell</B> argument (it can
+be combined with the <B>-principal</B> argument). See the <I>IBM
+AFS User Guide</I> and the entry for the <B>klog</B> command in the
+<I>IBM AFS Administration Reference</I>.
+<P>To discard either all tokens or the token for a particular cell, issue the
+<B>unlog</B> command. The command affects only the tokens
+associated with the current command shell. See the <I>IBM AFS User
+Guide</I>and the entry for the <B>unlog</B> command in the <I>IBM AFS
+Administration Reference</I>.
+<P>To display the tokens associated with the current command shell, issue the
+<B>tokens</B> command. The following examples illustrate its output
+in various situations.
+<P>If the issuer is not authenticated in any cell:
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ --End of list--
+</PRE>
+<P>The following shows the output for a user with AFS UID 1000 in the ABC
+Corporation cell:
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00]
+ --End of list--
+</PRE>
+<P>The following shows the output for a user who is authenticated in ABC
+Corporation cell, the State University cell and the DEF Company cell.
+The user has different AFS UIDs in the three cells. Tokens for the last
+cell are expired:
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00]
+ User's (AFS ID 4286) tokens for afs@stateu.edu [Expires Jun 3 1:34]
+ User's (AFS ID 22) tokens for afs@def.com [>>Expired<<]
+ --End of list--
+</PRE>
+<P>The Kerberos version of the <B>tokens</B> command (the
+<B>tokens.krb</B> command), also reports information on the
+ticket-granting ticket, including the ticket's owner, the ticket-granting
+service, and the expiration date, as in the following example. Also see
+<A HREF="#HDRWQ70">Support for Kerberos Authentication</A>.
+<PRE> % <B>tokens.krb</B>
+ Tokens held by the Cache Manager:
+ User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00]
+ User smith's tokens for krbtgt.ABC.COM@abc.com [Expires Jun 2 10:00]
+ --End of list--
+</PRE>
+<P><H3><A NAME="Header_82" HREF="auagd002.htm#ToC_82">Setting Default Token Lifetimes for Users</A></H3>
+<A NAME="IDX5784"></A>
+<P>The maximum lifetime of a user token is the smallest of the <I>ticket
+lifetimes</I> recorded in the following three Authentication Database
+entries. The <B>kas examine</B> command reports the lifetime as
+<TT>Max ticket lifetime</TT>. Administrators who have the
+<TT>ADMIN</TT> flag on their Authentication Database entry can use the
+<B>-lifetime</B> argument to the <B>kas setfields</B> command to set
+an entry's ticket lifetime.
+<UL>
+<P><LI>The <B>afs</B> entry, which corresponds to the AFS server
+processes. The default is 100 hours.
+<P><LI>The <B>krbtgt</B>.<VAR>cellname</VAR> entry, which corresponds to
+the ticket-granting ticket used internally in generating the token. The
+default is 720 hours (30 days).
+<P><LI>The entry for the user of the AFS-modified login utility or issuer of the
+<B>klog</B> command. The default is 25 hours for user entries
+created using the AFS 3.1 or later version of the Authentication
+Server, and 100 hours for user entries created using the AFS 3.0
+version of the Authentication Server. A user can use the <B>kas
+examine</B> command to display his or her own Authentication Database
+entry.
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">An AFS-modified login utility always grants a token with a lifetime
+calculated from the previously described three values. When issuing the
+<B>klog</B> command, a user can request a lifetime shorter than the
+default by using the <B>-lifetime</B> argument. For further
+information, see the <I>IBM AFS User Guide</I> and the <B>klog</B>
+reference page in the <I>IBM AFS Administration Reference</I>.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_83" HREF="auagd002.htm#ToC_83">Changing Passwords</A></H3>
+<A NAME="IDX5785"></A>
+<A NAME="IDX5786"></A>
+<A NAME="IDX5787"></A>
+<A NAME="IDX5788"></A>
+<A NAME="IDX5789"></A>
+<P>Regular AFS users can change their own passwords by using either the
+<B>kpasswd</B> or <B>kas setpassword</B> command. The commands
+prompt for the current password and then twice for the new password, to screen
+out typing errors.
+<P>Administrators who have the <TT>ADMIN</TT> flag on their Authentication
+Database entries can change any user's password, either by using the
+<B>kpasswd</B> command (which requires knowing the current password) or
+the <B>kas setpassword</B> command.
+<P>If your cell does not use an AFS-modified login utility, remember also to
+change the local password, using the operating system's password-changing
+command. For more instructions on changing passwords, see <A HREF="auagd018.htm#HDRWQ516">Changing AFS Passwords</A>.
+<P><H3><A NAME="Header_84" HREF="auagd002.htm#ToC_84">Imposing Restrictions on Passwords and Authentication Attempts</A></H3>
+<P>You can help to make your cell more secure by imposing restrictions on
+user passwords and authentication attempts. To impose the restrictions
+as you create an account, use the <B>A</B> instruction in the
+<B>uss</B> template file as described in <A HREF="auagd017.htm#HDRWQ478">Increasing Account Security with the A Instruction</A>. To set or change the values on an existing
+account, use the <B>kas setfields</B> command as described in <A HREF="auagd018.htm#HDRWQ515">Improving Password and Authentication Security</A>.
+<A NAME="IDX5790"></A>
+<A NAME="IDX5791"></A>
+<A NAME="IDX5792"></A>
+<A NAME="IDX5793"></A>
+<A NAME="IDX5794"></A>
+<A NAME="IDX5795"></A>
+<P>By default, AFS passwords never expire. Limiting password lifetime
+can help improve security by decreasing the time the password is subject to
+cracking attempts. You can choose an lifetime from 1 to 254 days after
+the password was last changed. It automatically applies to each new
+password as it is set. When the user changes passwords, you can also
+insist that the new password is not similar to any of the 20 passwords
+previously used.
+<A NAME="IDX5796"></A>
+<A NAME="IDX5797"></A>
+<A NAME="IDX5798"></A>
+<A NAME="IDX5799"></A>
+<P>Unscrupulous users can try to gain access to your AFS cell by guessing an
+authorized user's password. To protect against this type of
+attack, you can limit the number of times that a user can consecutively fail
+to provide the correct password. When the limit is exceeded, the
+authentication service refuses further authentication attempts for a specified
+period of time (the <I>lockout time</I>). To reenable
+authentication attempts before the lockout time expires, an administrator must
+issue the <B>kas unlock</B> command.
+<A NAME="IDX5800"></A>
+<A NAME="IDX5801"></A>
+<A NAME="IDX5802"></A>
+<A NAME="IDX5803"></A>
+<A NAME="IDX5804"></A>
+<A NAME="IDX5805"></A>
+<P>In addition to settings on user's authentication accounts, you can
+improve security by automatically checking the quality of new user
+passwords. The <B>kpasswd</B> and <B>kas setpassword</B>
+commands pass the proposed password to a program or script called
+<B>kpwvalid</B>, if it exists. The <B>kpwvalid</B> performs
+quality checks and returns a code to indicate whether the password is
+acceptable. You can create your own program or modified the sample
+program included in the AFS distribution. See the <B>kpwvalid</B>
+reference page in the <I>IBM AFS Administration Reference</I>.
+<P>There are several types of quality checks that can improve password
+quality.
+<UL>
+<P><LI>The password is a minimum length
+<P><LI>The password is not a word
+<P><LI>The password contains both numbers and letters
+</UL>
+<P><H3><A NAME="HDRWQ70" HREF="auagd002.htm#ToC_85">Support for Kerberos Authentication</A></H3>
+<A NAME="IDX5806"></A>
+<A NAME="IDX5807"></A>
+<A NAME="IDX5808"></A>
+<A NAME="IDX5809"></A>
+<A NAME="IDX5810"></A>
+<A NAME="IDX5811"></A>
+<A NAME="IDX5812"></A>
+<P>If your site is using standard Kerberos authentication rather than the AFS
+Authentication Server, use the modified versions of the <B>klog</B>,
+<B>pagsh</B>, and <B>tokens</B> commands that support Kerberos
+authentication. The binaries for the modified version of these commands
+have the same name as the standard binaries with the addition of a
+<B>.krb</B> extension.
+<P>Use either the Kerberos version or the standard command throughout the
+cell; do not mix the two versions. AFS Product Support can provide
+instructions on installing the Kerberos version of these four commands.
+For information on the differences between the two versions of these commands,
+see the <I>IBM AFS Administration Reference</I>.
+<HR><H2><A NAME="HDRWQ71" HREF="auagd002.htm#ToC_86">Security and Authorization in AFS</A></H2>
+<P>AFS incorporates several features to ensure that only
+authorized users gain access to data. This section summarizes the most
+important of them and suggests methods for improving security in your
+cell.
+<P><H3><A NAME="HDRWQ72" HREF="auagd002.htm#ToC_87">Some Important Security Features</A></H3>
+<A NAME="IDX5813"></A>
+<A NAME="IDX5814"></A>
+<P><B>ACLs on Directories</B>
+<P>Files in AFS are protected by the access control list (ACL) associated with
+their parent directory. The ACL defines which users or groups can
+access the data in the directory, and in what way. See <A HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A>.
+<P><B>Mutual Authentication Between Client and Server</B>
+<P>When an AFS client and server process communicate, each requires the other
+to prove its identity during mutual authentication, which involves the
+exchange of encrypted information that only valid parties can decrypt and
+respond to. For a detailed description of the mutual authentication
+process, see <A HREF="#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.
+<P>AFS server processes mutually authenticate both with one another and with
+processes that represent human users. After mutual authentication is
+complete, the server and client have established an authenticated connection,
+across which they can communicate repeatedly without having to authenticate
+again until the connection expires or one of the parties closes it.
+Authenticated connections have varying lifetimes.
+<P><B>Tokens</B>
+<P>In order to access AFS files, users must prove their identities to the AFS
+authentication service by providing the correct AFS password. If the
+password is correct, the authentication service sends the user a
+<I>token</I> as evidence of authenticated status. See <A HREF="#HDRWQ63">Login and Authentication in AFS</A>.
+<P>Servers assign the user identity <B>anonymous</B> to users and
+processes that do not have a valid token. The <B>anonymous</B>
+identity has only the access granted to the <B>system:anyuser</B>
+group on ACLs.
+<P><B>Authorization Checking</B>
+<P>Mutual authentication establishes that two parties communicating with one
+another are actually who they claim to be. For many functions, AFS
+server processes also check that the client whose identity they have verified
+is also authorized to make the request. Different requests require
+different kinds of privilege. See <A HREF="#HDRWQ73">Three Types of Privilege</A>.
+<P><B>Encrypted Network Communications</B>
+<A NAME="IDX5815"></A>
+<A NAME="IDX5816"></A>
+<A NAME="IDX5817"></A>
+<P>The AFS server processes encrypt particularly sensitive information before
+sending it back to clients. Even if an unauthorized party is able to
+eavesdrop on an authenticated connection, they cannot decipher encrypted data
+without the proper key.
+<P>The following AFS commands encrypt data because they involve server
+encryption keys and passwords:
+<UL>
+<P><LI>The <B>bos addkey</B> command, which adds a server encryption key to
+the <B>/usr/afs/etc/KeyFile</B> file
+<P><LI>The <B>bos listkeys</B> command, which lists the server encryption
+keys from the <B>/usr/afs/etc/KeyFile</B> file
+<P><LI>The <B>kpasswd</B> command, which changes a password in the
+Authentication Database
+<P><LI>Most commands in the <B>kas</B> command suite
+</UL>
+<P>In addition, the United States edition of the Update Server encrypts
+sensitive information (such as the contents of <B>KeyFile</B>) when
+distributing it. Other commands in the <B>bos</B> suite and the
+commands in the <B>fs</B>, <B>pts</B> and <B>vos</B> suites do not
+encrypt data before transmitting it.
+<P><H3><A NAME="HDRWQ73" HREF="auagd002.htm#ToC_88">Three Types of Privilege</A></H3>
+<P>AFS uses three separate types of privilege for the reasons
+discussed in <A HREF="auagd021.htm#HDRWQ585">The Reason for Separate Privileges</A>.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group.
+Members are entitled to issue any <B>pts</B> command and those
+<B>fs</B> commands that set volume quota. By default, they also
+implicitly have the <B>a</B> (<B>administer</B>) and <B>l</B>
+(<B>lookup</B>) permissions on every ACL in the file tree even if the ACL
+does not include an entry for them.
+<P><LI>The <TT>ADMIN</TT> flag on the Authentication Database entry. An
+administrator with this flag can issue any <B>kas</B> command.
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. An
+administrator whose username appears in this file can issue any
+<B>bos</B>, <B>vos</B>, or <B>backup</B> command (although some
+<B>backup</B> commands require additional privilege as described in <A HREF="auagd011.htm#HDRWQ260">Granting Administrative Privilege to Backup Operators</A>).
+</UL>
+<P><H3><A NAME="Header_89" HREF="auagd002.htm#ToC_89">Authorization Checking versus Authentication</A></H3>
+<P>AFS distinguishes between authentication and authorization
+checking. <I>Authentication</I> refers to the process of proving
+identity. <I>Authorization checking</I> refers to the process of
+verifying that an authenticated identity is allowed to perform a certain
+action.
+<P>AFS implements authentication at the level of connections. Each time
+two parties establish a new connection, they mutually authenticate. In
+general, each issue of an AFS command establishes a new connection between AFS
+server process and client.
+<P>AFS implements authorization checking at the level of server
+machines. If authorization checking is enabled on a server machine,
+then all of the server processes running on it provide services only to
+authorized users. If authorization checking is disabled on a server
+machine, then all of the server processes perform any action for
+anyone. Obviously, disabling authorization checking is an extreme
+security exposure. For more information, see <A HREF="auagd008.htm#HDRWQ123">Managing Authentication and Authorization Requirements</A>.
+<P><H3><A NAME="HDRWQ74" HREF="auagd002.htm#ToC_90">Improving Security in Your Cell</A></H3>
+<A NAME="IDX5818"></A>
+<P>You can improve the level of security in your cell by configuring user
+accounts, server machines, and system administrator accounts in the indicated
+way.
+<P><B>User Accounts</B>
+<UL>
+<P><LI>Use an AFS-modified login utility, or include the <B>-setpag</B> flag
+to the <B>klog</B> command, to associate the credential structure that
+houses tokens with a PAG rather than a UNIX UID. This prevents users
+from inheriting someone else's tokens by assuming their UNIX
+identity. For further discussion, see <A HREF="#HDRWQ64">Identifying AFS Tokens by PAG</A>.
+<P><LI>Encourage users to issue the <B>unlog</B> command to destroy their
+tokens before logging out. This forestalls attempts to access tokens
+left behind kernel memory. Consider including the <B>unlog</B>
+command in every user's <B>.logout</B> file or
+equivalent.
+</UL>
+<P><B>Server Machines</B>
+<UL>
+<P><LI>Disable authorization checking only in emergencies or for very brief
+periods of time. It is best to work at the console of the affected
+machine during this time, to prevent anyone else from accessing the machine
+through the keyboard.
+<P><LI>Change the AFS server encryption key on a frequent and regular
+schedule. Make it difficult to guess (a long string including
+nonalphabetic characters, for instance). Unlike user passwords, the
+password from which the AFS key is derived can be longer than eight
+characters, because it is never used during login. The <B>kas
+setpassword</B> command accepts a password hundreds of characters
+long. For instructions, see <A HREF="auagd014.htm#HDRWQ355">Managing Server Encryption Keys</A>.
+<P><LI>As much as possible, limit the number of people who can login at a server
+machine's console or remotely. Imposing this limit is an extra
+security precaution rather than a necessity. The machine cannot serve
+as an AFS client in this case.
+<P><LI>Particularly limit access to the local superuser <B>root</B> account
+on a server machine. The local superuser <B>root</B> has free
+access to important administrative subdirectories of the <B>/usr/afs</B>
+directory, as described in <A HREF="#HDRWQ53">AFS Files on the Local Disk</A>.
+<A NAME="IDX5819"></A>
+<P><LI>As in any computing environment, server machines must be located in a
+secured area. Any other security measures are effectively worthless if
+unauthorized people can access the computer hardware.
+</UL>
+<P><B>System Administrators</B>
+<UL>
+<P><LI>Limit the number of system administrators in your cell. Limit the
+use of system administrator accounts on publicly accessible
+workstations. Such machines are not secure, so unscrupulous users can
+install programs that try to steal tokens or passwords. If
+administrators must use publicly accessible workstations at times, they must
+issue the <B>unlog</B> command before leaving the machine.
+<P><LI>Create an administrative account for each administrator separate from the
+personal account, and assign AFS privileges only to the administrative
+account. The administrators must authenticate to the administrative
+accounts to perform duties that require privilege, which provides a useful
+audit trail as well.
+<P><LI>Administrators must not leave a machine unattended while they have valid
+tokens. Issue the <B>unlog</B> command before leaving.
+<P><LI>Use the <B>-lifetime</B> argument to the <B>kas setfields</B>
+command to set the token lifetime for administrative accounts to a fairly
+short amount of time. The default lifetime for AFS tokens is 25 hours,
+but 30 or 60 minutes is possibly a more reasonable lifetime for administrative
+tokens. The tokens for administrators who initiate AFS Backup System
+operations must last somewhat longer, because it can take several hours to
+complete some dump operations, depending on the speed of the tape device and
+the network connecting it to the file server machines that house the volumes
+is it accessing.
+<P><LI>Limit administrators' use of the <B>telnet</B> program. It
+sends unencrypted passwords across the network. Similarly, limit use of
+other remote programs such as <B>rsh</B> and <B>rcp</B>, which send
+unencrypted tokens across the network.
+</UL>
+<A NAME="IDX5820"></A>
+<A NAME="IDX5821"></A>
+<A NAME="IDX5822"></A>
+<A NAME="IDX5823"></A>
+<P><H3><A NAME="HDRWQ75" HREF="auagd002.htm#ToC_91">A More Detailed Look at Mutual Authentication</A></H3>
+<P>As in any file system, security is a prime concern in
+AFS. A file system that makes file sharing easy is not useful if it
+makes file sharing mandatory, so AFS incorporates several features that
+prevent unauthorized users from accessing data. Security in a networked
+environment is difficult because almost all procedures require transmission of
+information across wires that almost anyone can tap into. Also, many
+machines on networks are powerful enough that unscrupulous users can monitor
+transactions or even intercept transmissions and fake the identity of one of
+the participants.
+<P>The most effective precaution against eavesdropping and information theft
+or fakery is for servers and clients to accept the claimed identity of the
+other party only with sufficient proof. In other words, the nature of
+the network forces all parties on the network to assume that the other party
+in a transaction is not genuine until proven so. <I>Mutual
+authentication</I> is the means through which parties prove their
+genuineness.
+<P>Because the measures needed to prevent fakery must be quite sophisticated,
+the implementation of mutual authentication procedures is complex. The
+underlying concept is simple, however: parties prove their identities by
+demonstrating knowledge of a <I>shared secret</I>. A shared secret
+is a piece of information known only to the parties who are mutually
+authenticating (they can sometimes learn it in the first place from a trusted
+third party or some other source). The party who originates the
+transaction presents the shared secret and refuses to accept the other party
+as valid until it shows that it knows the secret too.
+<P>The most common form of shared secret in AFS transactions is the
+<I>encryption key</I>, also referred to simply as a <I>key</I>.
+The two parties use their shared key to encrypt the packets of information
+they send and to decrypt the ones they receive. Encryption using keys
+actually serves two related purposes. First, it protects messages as
+they cross the network, preventing anyone who does not know the key from
+eavesdropping. Second, ability to encrypt and decrypt messages
+successfully indicates that the parties are using the key (it is their shared
+secret). If they are using different keys, messages remain scrambled
+and unintelligible after decryption.
+<P>The following sections describe AFS's mutual authentication procedures
+in more detail. Feel free to skip these sections if you are not
+interested in the mutual authentication process.
+<P><H4><A NAME="Header_92">Simple Mutual Authentication</A></H4>
+<P>Simple mutual authentication involves only one encryption key and two
+parties, generally a client and server. The client contacts the server
+by sending a <I>challenge</I> message encrypted with a key known only to
+the two of them. The server decrypts the message using its key, which
+is the same as the client's if they really do share the same
+secret. The server responds to the challenge and uses its key to
+encrypt its response. The client uses its key to decrypt the
+server's response, and if it is correct, then the client can be sure that
+the server is genuine: only someone who knows the same key as the client
+can decrypt the challenge and answer it correctly. On its side, the
+server concludes that the client is genuine because the challenge message made
+sense when the server decrypted it.
+<P>AFS uses simple mutual authentication to verify user identities during the
+first part of the login procedure. In that case, the key is based on
+the user's password.
+<P><H4><A NAME="HDRWQ76">Complex Mutual Authentication</A></H4>
+<P>Complex mutual authentication involves three encryption keys
+and three parties. All secure AFS transactions (except the first part
+of the login process) employ complex mutual authentication.
+<A NAME="IDX5824"></A>
+<A NAME="IDX5825"></A>
+<A NAME="IDX5826"></A>
+<P>When a client wishes to communicate with a server, it first contacts a
+third party called a <I>ticket-granter</I>. The ticket-granter and
+the client mutually authenticate using the simple procedure. When they
+finish, the ticket-granter gives the client a <I>server ticket</I> (or
+simply <I>ticket</I>) as proof that it (the ticket-granter) has
+preverified the identity of the client. The ticket-granter encrypts the
+ticket with the first of the three keys, called the <I>server encryption
+key</I> because it is known only to the ticket-granter and the server the
+client wants to contact. The client does not know this key.
+<P>The ticket-granter sends several other pieces of information along with the
+ticket. They enable the client to use the ticket effectively despite
+being unable to decrypt the ticket itself. Along with the ticket, the
+items constitute a <I>token</I>:
+<UL>
+<A NAME="IDX5827"></A>
+<P><LI>A <I>session key</I>, which is the second encryption key involved in
+mutual authentication. The ticket-granter invents the session key at
+random as the shared secret between client and server. For reasons
+explained further below, the ticket-granter also puts a copy of the session
+key inside the ticket. The client and server use the session key to
+encrypt messages they send to one another during their transactions.
+The ticket-granter invents a different session key for each connection between
+a client and a server (there can be several transactions during a single
+connection).
+<P><LI>The name of the server for which the ticket is valid (and so which server
+encryption key encrypts the ticket itself).
+<P><LI>A ticket lifetime indicator. The default lifetime of AFS server
+tickets is 100 hours. If the client wants to contact the server again
+after the ticket expires, it must contact the ticket-granter to get a new
+ticket.
+</UL>
+<P>The ticket-granter seals the entire token with the third key involved in
+complex mutual authentication--the key known only to it (the
+ticket-granter) and the client. In some cases, this third key is
+derived from the password of the human user whom the client represents.
+<P>Now that the client has a valid server ticket, it is ready to contact the
+server. It sends the server two things:
+<UL>
+<P><LI>The server ticket. This is encrypted with the server encryption
+key.
+<P><LI>Its request message, encrypted with the session key. Encrypting the
+message protects it as it crosses the network, since only the server/client
+pair for whom the ticket-granter invented the session key know it.
+</UL>
+<P>At this point, the server does not know the session key, because the
+ticket-granter just created it. However, the ticket-granter put a copy
+of the session key inside the ticket. The server uses the server
+encryption key to decrypts the ticket and learns the session key. It
+then uses the session key to decrypt the client's request message.
+It generates a response and sends it to the client. It encrypts the
+response with the session key to protect it as it crosses the network.
+<P>This step is the heart of mutual authentication between client and server,
+because it proves to both parties that they know the same secret:
+<UL>
+<P><LI>The server concludes that the client is authorized to make a request
+because the request message makes sense when the server decrypts it using the
+session key. If the client uses a different session key than the one
+the server finds inside the ticket, then the request message remains
+unintelligible even after decryption. The two copies of the session key
+(the one inside the ticket and the one the client used) can only be the same
+if they both came from the ticket-granter. The client cannot fake
+knowledge of the session key because it cannot look inside the ticket, sealed
+as it is with the server encryption key known only to the server and the
+ticket-granter. The server trusts the ticket-granter to give tokens
+only to clients with whom it (the ticket-granter) has authenticated, so the
+server decides the client is legitimate.
+<P>(Note that there is no direct communication between the ticket-granter and
+the server, even though their relationship is central to ticket-based mutual
+authentication. They interact only indirectly, via the client's
+possession of a ticket sealed with their shared secret.)
+<P><LI>The client concludes that the server is genuine and trusts the response it
+gets back from the server, because the response makes sense after the client
+decrypts it using the session key. This indicates that the server
+encrypted the response with the same session key as the client knows.
+The only way for the server to learn that matching session key is to decrypt
+the ticket first. The server can only decrypt the ticket because it
+shares the secret of the server encryption key with the ticket-granter.
+The client trusts the ticket-granter to give out tickets only for legitimate
+servers, so the client accepts a server that can decrypt the ticket as
+genuine, and accepts its response.
+</UL>
+<HR><H2><A NAME="HDRWQ77" HREF="auagd002.htm#ToC_94">Backing Up AFS Data</A></H2>
+<P>AFS provides two related facilities that help the
+administrator back up AFS data: backup volumes and the AFS Backup
+System.
+<P><H3><A NAME="Header_95" HREF="auagd002.htm#ToC_95">Backup Volumes</A></H3>
+<P>The first facility is the backup volume, which you create by cloning a
+read/write volume. The backup volume is read-only and so preserves the
+state of the read/write volume at the time the clone is made.
+<P>Backup volumes can ease administration if you mount them in the file system
+and make their contents available to users. For example, it often makes
+sense to mount the backup version of each user volume as a subdirectory of the
+user's home directory. A conventional name for this mount point is
+<B>OldFiles</B>. Create a new version of the backup volume (that
+is, reclone the read/write) once a day to capture any changes that were made
+since the previous backup. If a user accidentally removes or changes
+data, the user can restore it from the backup volume, rather than having to
+ask you to restore it.
+<P>The <I>IBM AFS User Guide</I> does not mention backup volumes, so
+regular users do not know about them if you decide not to use them.
+This implies that if you <B>do</B> make backup versions of user volumes,
+you need to tell your users about how the backup works and where you have
+mounted it.
+<P>Users are often concerned that the data in a backup volume counts against
+their volume quota and some of them even want to remove the
+<B>OldFiles</B> mount point. It does not, because the backup volume
+is a separate volume. The only amount of space it uses in the
+user's volume is the amount needed for the mount point, which is about
+the same as the amount needed for a standard directory element.
+<P>Backup volumes are discussed in detail in <A HREF="auagd010.htm#HDRWQ201">Creating Backup Volumes</A>.
+<P><H3><A NAME="Header_96" HREF="auagd002.htm#ToC_96">The AFS Backup System</A></H3>
+<P>Backup volumes can reduce restoration requests, but they reside on disk
+and so do not protect data from loss due to hardware failure. Like any
+file system, AFS is vulnerable to this sort of data loss.
+<P>To protect your cell's users from permanent loss of data, you are
+strongly urged to back up your file system to tape on a regular and frequent
+schedule. The AFS Backup System is available to ease the administration
+and performance of backups. For detailed information about the AFS
+Backup System, see <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<A NAME="IDX5828"></A>
+<A NAME="IDX5829"></A>
+<A NAME="IDX5830"></A>
+<A NAME="IDX5831"></A>
+<A NAME="IDX5832"></A>
+<A NAME="IDX5833"></A>
+<A NAME="IDX5834"></A>
+<A NAME="IDX5835"></A>
+<A NAME="IDX5836"></A>
+<A NAME="IDX5837"></A>
+<A NAME="IDX5838"></A>
+<A NAME="IDX5839"></A>
+<HR><H2><A NAME="HDRWQ78" HREF="auagd002.htm#ToC_97">Using UNIX Remote Services in the AFS Environment</A></H2>
+<P>The AFS distribution includes modified versions of several
+standard UNIX commands, daemons and programs that provide remote services,
+including the following:
+<UL>
+<P><LI>The <B>ftpd</B> program
+<P><LI>The <B>inetd</B> daemon
+<P><LI>The <B>rcp</B> program
+<P><LI>The <B>rlogind</B> daemon
+<P><LI>The <B>rsh</B> command
+</UL>
+<P>These modifications enable the commands to handle AFS authentication
+information (tokens). This enables issuers to be recognized on the
+remote machine as an authenticated AFS user.
+<P>Replacing the standard versions of these programs in your file tree with
+the AFS-modified versions is optional. It is likely that AFS's
+transparent access reduces the need for some of the programs anyway,
+especially those involved in transferring files from machine to machine, like
+the <B>ftpd</B> and <B>rcp</B> programs.
+<P>If you decide to use the AFS versions of these commands, be aware that
+several of them are interdependent. For example, the passing of AFS
+authentication information works correctly with the <B>rcp</B> command
+only if you are using the AFS version of both the <B>rcp</B> and
+<B>inetd</B> commands.
+<P>The conventional installation location for the modified remote commands are
+the <B>/usr/afsws/bin</B> and <B>/usr/afsws/etc</B>
+directories. To learn more about commands' functionality, see
+their reference pages in the <I>IBM AFS Administration
+Reference</I>.
+<HR><H2><A NAME="HDRWQ79" HREF="auagd002.htm#ToC_98">Accessing AFS through NFS</A></H2>
+<P>Users of NFS client machines can access the AFS filespace by
+mounting the <B>/afs</B> directory of an AFS client machine that is
+running the <I>NFS/AFS Translator</I>. This is a particular
+advantage in cells already running NFS who want to access AFS using client
+machines for which AFS is not available. See <A HREF="auagd022.htm#HDRWQ595">Appendix A, Managing the NFS/AFS Translator</A>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX5840"></A>
+<A NAME="IDX5841"></A>
+<HR><H1><A NAME="HDRWQ80" HREF="auagd002.htm#ToC_99">Administering Server Machines</A></H1>
+<P>This chapter describes how to administer an AFS server
+machine. It describes the following configuration information and
+administrative tasks:
+<UL>
+<P><LI>The binary and configuration files that must reside in the subdirectories
+of the <B>/usr/afs</B> directory on every server machine's local
+disk; see <A HREF="#HDRWQ83">Local Disk Files on a Server Machine</A>.
+<P><LI>The various <I>roles</I> or functions that an AFS server machine can
+perform, and how to determine which machines are taking a role; see <A HREF="#HDRWQ90">The Four Roles for File Server Machines</A>.
+<P><LI>How to maintain database server machines; see <A HREF="#HDRWQ101">Administering Database Server Machines</A>.
+<P><LI>How to maintain the list of database server machines in the
+<B>/usr/afs/etc/CellServDB</B> file; see <A HREF="#HDRWQ118">Maintaining the Server CellServDB File</A>.
+<P><LI>How to control authorization checking on a server machine; see <A HREF="#HDRWQ123">Managing Authentication and Authorization Requirements</A>.
+<P><LI>How to install new disks or partitions on a file server machine; see <A HREF="#HDRWQ130">Adding or Removing Disks and Partitions</A>.
+<P><LI>How to change a server machine's IP addresses and manager VLDB server
+entries; see <A HREF="#HDRWQ138">Managing Server IP Addresses and VLDB Server Entries</A>.
+<P><LI>How to reboot a file server machine; see <A HREF="#HDRWQ139">Rebooting a Server Machine</A>.
+</UL>
+<P>To learn how to install and configure a new server machine, see the
+<I>IBM AFS Quick Beginnings</I>.
+<P>To learn how to administer the server processes themselves, see <A HREF="auagd009.htm#HDRWQ142">Monitoring and Controlling Server Processes</A>.
+<P>To learn how to administer volumes, see <A HREF="auagd010.htm#HDRWQ174">Managing Volumes</A>.
+<HR><H2><A NAME="HDRWQ81" HREF="auagd002.htm#ToC_100">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Install new binaries
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos install</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Examine binary check-and-restart time
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos getrestart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set binary check-and-restart time
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos setrestart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Examine compilation dates on binary files
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos getdate</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Restart a process to use new binaries
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos restart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Revert to old version of binaries
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos uninstall</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove obsolete <B>.BAK</B> and <B>.OLD</B>
+versions
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos prune</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">List partitions on a file server machine
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>vos listpart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Shutdown AFS server processes
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos shutdown</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">List volumes on a partition
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>vos listvldb</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Move read/write volumes
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>vos move</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">List a cell's database server machines
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos listhosts</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Add a database server machine to server <B>CellServDB</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos addhost</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove a database server machine from server <B>CellServDB</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos removehost</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set authorization checking requirements
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos setauth</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Prevent authentication for <B>bos</B>, <B>pts</B>, and
+<B>vos</B> commands
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%">Include <B>-noauth</B> flag
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Prevent authentication for kas commands
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%">Include <B>-noauth</B> flag on some commands or issue
+<B>noauthentication</B> while in interactive mode
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display all VLDB server entries
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>vos listaddrs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove a VLDB server entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>vos changeaddr</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Reboot a server machine remotely
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos exec</B> <I>reboot_command</I>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ83" HREF="auagd002.htm#ToC_101">Local Disk Files on a Server Machine</A></H2>
+<P>Several types of files must reside in the subdirectories of
+the <B>/usr/afs</B> directory on an AFS server machine's local
+disk. They include binaries, configuration files, the administrative
+database files (on database server machines), log files, and volume header
+files.
+<P><B>Note for Windows users:</B> Some files described in this
+document possibly do not exist on machines that run a Windows operating
+system. Also, Windows uses a backslash
+( <B>\</B> ) rather than a forward slash
+( <B>/</B> ) to separate the elements in a
+pathname.
+<A NAME="IDX5842"></A>
+<A NAME="IDX5843"></A>
+<A NAME="IDX5844"></A>
+<P><H3><A NAME="HDRWQ84" HREF="auagd002.htm#ToC_102">Binaries in the /usr/afs/bin Directory</A></H3>
+<P>The <B>/usr/afs/bin</B> directory stores the AFS server
+process and command suite binaries appropriate for the machine's system
+(CPU and operating system) type. If a process has both a server portion
+and a client portion (as with the Update Server) or if it has separate
+components (as with the <B>fs</B> process), each component resides in a
+separate file.
+<P>To ensure predictable system performance, all file server machines must run
+the same AFS build version of a given process. To maintain consistency
+easily, use the Update Server process to distribute binaries from a
+<I>binary distribution machine</I> of each system type, as described
+further in <A HREF="#HDRWQ93">Binary Distribution Machines</A>.
+<P>It is best to keep the binaries for all processes in the
+<B>/usr/afs/bin</B> directory, even if you do not run the process actively
+on the machine. It simplifies the process of reconfiguring machines
+(for example, adding database server functionality to an existing file server
+machine). Similarly, it is best to keep the command suite binaries in
+the directory, even if you do not often issue commands while working on the
+server machine. It enables you to issue commands during recovery from
+server and machine outages.
+<P>The following lists the binary files in the <B>/usr/afs/bin</B>
+directory that are directly related to the AFS server processes or command
+suites. Other binaries (for example, for the <B>klog</B> command)
+sometimes appear in this directory on a particular file server machine's
+disk or in an AFS distribution.
+<DL>
+<A NAME="IDX5845"></A>
+<A NAME="IDX5846"></A>
+<P><DT><B>backup
+</B><DD>The command suite for the AFS Backup System (the binary for the Backup
+Server is <B>buserver</B>).
+<A NAME="IDX5847"></A>
+<A NAME="IDX5848"></A>
+<P><DT><B>bos
+</B><DD>The command suite for communicating with the Basic OverSeer (BOS) Server
+(the binary for the BOS Server is <B>bosserver</B>).
+<A NAME="IDX5849"></A>
+<A NAME="IDX5850"></A>
+<A NAME="IDX5851"></A>
+<A NAME="IDX5852"></A>
+<A NAME="IDX5853"></A>
+<A NAME="IDX5854"></A>
+<P><DT><B>bosserver
+</B><DD>The binary for the Basic OverSeer (BOS) Server process.
+<A NAME="IDX5855"></A>
+<A NAME="IDX5856"></A>
+<A NAME="IDX5857"></A>
+<A NAME="IDX5858"></A>
+<A NAME="IDX5859"></A>
+<A NAME="IDX5860"></A>
+<P><DT><B>buserver
+</B><DD>The binary for the Backup Server process.
+<A NAME="IDX5861"></A>
+<A NAME="IDX5862"></A>
+<A NAME="IDX5863"></A>
+<A NAME="IDX5864"></A>
+<A NAME="IDX5865"></A>
+<A NAME="IDX5866"></A>
+<P><DT><B>fileserver
+</B><DD>The binary for the File Server component of the <B>fs</B>
+process.
+<A NAME="IDX5867"></A>
+<A NAME="IDX5868"></A>
+<P><DT><B>kas
+</B><DD>The command suite for communicating with the Authentication Server (the
+binary for the Authentication Server is <B>kaserver</B>).
+<A NAME="IDX5869"></A>
+<A NAME="IDX5870"></A>
+<A NAME="IDX5871"></A>
+<A NAME="IDX5872"></A>
+<A NAME="IDX5873"></A>
+<A NAME="IDX5874"></A>
+<P><DT><B>kaserver
+</B><DD>The binary for the Authentication Server process.
+<A NAME="IDX5875"></A>
+<A NAME="IDX5876"></A>
+<A NAME="IDX5877"></A>
+<A NAME="IDX5878"></A>
+<A NAME="IDX5879"></A>
+<A NAME="IDX5880"></A>
+<P><DT><B>ntpd
+</B><DD>The binary for the Network Time Protocol Daemon (NTPD). AFS
+redistributes this binary and uses the <B>runntp</B> program to configure
+and initialize the NTPD process.
+<A NAME="IDX5881"></A>
+<A NAME="IDX5882"></A>
+<A NAME="IDX5883"></A>
+<P><DT><B>ntpdc
+</B><DD>A debugging utility furnished with the <B>ntpd</B> program.
+<A NAME="IDX5884"></A>
+<A NAME="IDX5885"></A>
+<P><DT><B>pts
+</B><DD>The command suite for communicating with the Protection Server process
+(the binary for the Protection Server is <B>ptserver</B>).
+<A NAME="IDX5886"></A>
+<A NAME="IDX5887"></A>
+<A NAME="IDX5888"></A>
+<A NAME="IDX5889"></A>
+<A NAME="IDX5890"></A>
+<A NAME="IDX5891"></A>
+<P><DT><B>ptserver
+</B><DD>The binary for the Protection Server process.
+<A NAME="IDX5892"></A>
+<A NAME="IDX5893"></A>
+<A NAME="IDX5894"></A>
+<A NAME="IDX5895"></A>
+<P><DT><B>runntp
+</B><DD>The binary for the program used to configure NTPD most appropriately for
+use with AFS.
+<A NAME="IDX5896"></A>
+<A NAME="IDX5897"></A>
+<A NAME="IDX5898"></A>
+<A NAME="IDX5899"></A>
+<A NAME="IDX5900"></A>
+<A NAME="IDX5901"></A>
+<P><DT><B>salvager
+</B><DD>The binary for the Salvager component of the <B>fs</B> process.
+<A NAME="IDX5902"></A>
+<A NAME="IDX5903"></A>
+<A NAME="IDX5904"></A>
+<A NAME="IDX5905"></A>
+<P><DT><B>udebug
+</B><DD>The binary for a program that reports the status of AFS's distributed
+database technology, Ubik.
+<A NAME="IDX5906"></A>
+<A NAME="IDX5907"></A>
+<A NAME="IDX5908"></A>
+<A NAME="IDX5909"></A>
+<A NAME="IDX5910"></A>
+<A NAME="IDX5911"></A>
+<P><DT><B>upclient
+</B><DD>The binary for the client portion of the Update Server process.
+<A NAME="IDX5912"></A>
+<A NAME="IDX5913"></A>
+<A NAME="IDX5914"></A>
+<A NAME="IDX5915"></A>
+<P><DT><B>upserver
+</B><DD>The binary for the server portion of the Update Server process.
+<A NAME="IDX5916"></A>
+<A NAME="IDX5917"></A>
+<A NAME="IDX5918"></A>
+<A NAME="IDX5919"></A>
+<A NAME="IDX5920"></A>
+<A NAME="IDX5921"></A>
+<A NAME="IDX5922"></A>
+<P><DT><B>vlserver
+</B><DD>The binary for the Volume Location (VL) Server process.
+<A NAME="IDX5923"></A>
+<A NAME="IDX5924"></A>
+<A NAME="IDX5925"></A>
+<A NAME="IDX5926"></A>
+<A NAME="IDX5927"></A>
+<A NAME="IDX5928"></A>
+<P><DT><B>volserver
+</B><DD>The binary for the Volume Server component of the <B>fs</B>
+process.
+<A NAME="IDX5929"></A>
+<A NAME="IDX5930"></A>
+<P><DT><B>vos
+</B><DD>The command suite for communicating with the Volume and VL Server
+processes (the binaries for the servers are <B>volserver</B> and
+<B>vlserver</B>, respectively).
+</DL>
+<A NAME="IDX5931"></A>
+<A NAME="IDX5932"></A>
+<A NAME="IDX5933"></A>
+<A NAME="IDX5934"></A>
+<A NAME="IDX5935"></A>
+<P><H3><A NAME="HDRWQ85" HREF="auagd002.htm#ToC_103">Common Configuration Files in the /usr/afs/etc Directory</A></H3>
+<P>The directory <B>/usr/afs/etc</B> on every file server
+machine's local disk contains configuration files in ASCII and
+machine-independent binary format. For predictable AFS performance
+throughout a cell, all server machines must have the same version of each
+configuration file:
+<UL>
+<A NAME="IDX5936"></A>
+<P><LI>Cells that run the United States edition of AFS conventionally use the
+Update Server to distribute a common version of each file from the cell's
+system control machine to other server machines (for more on the system
+control machine, see <A HREF="#HDRWQ94">The System Control Machine</A>). Run the Update Server's server portion on the
+system control machine, and the client portion on all other server
+machines. Update the files on the system control machine only, except
+as directed by instructions for dealing with emergencies.
+<P><LI>Cells that run the international edition of AFS must not use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B>
+directory. Due to United States government regulations, the data
+encryption routines that AFS uses to protect the files in this directory as
+they cross the network are not available to the Update Server in the
+international edition of AFS. You must instead update the files on each
+server machine individually, taking extra care to issue exactly the same
+<B>bos</B> command for each machine. The necessary data encryption
+routines are available to the <B>bos</B> commands, so information is safe
+as it crosses the network from the machine where the <B>bos</B> command is
+issued to the server machines.
+</UL>
+<P>Never directly edit any of the files in the <B>/usr/afs/etc</B>
+directory, except as directed by instructions for dealing with
+emergencies. In normal circumstances, use the appropriate
+<B>bos</B> commands to change the files. The following list
+includes pointers to instructions.
+<P>The files in this directory include:
+<DL>
+<A NAME="IDX5937"></A>
+<A NAME="IDX5938"></A>
+<P><DT><B>CellServDB
+</B><DD>An ASCII file that names the cell's database server machines, which
+run the Authentication, Backup, Protection, and VL Server processes.
+You create the initial version of this file by issuing the <B>bos
+setcellname</B> command while installing your cell's first server
+machine. It is very important to update this file when you change the
+identity of your cell's database server machines.
+<P>The server <B>CellServDB</B> file is not the same as the
+<B>CellServDB</B> file stored in the <B>/usr/vice/etc</B> directory on
+client machines. The client version lists the database server machines
+for every AFS cell that you choose to make accessible from the client
+machine. The server <B>CellServDB</B> file lists only the local
+cell's database server machines, because server processes never contact
+processes in other cells.
+<P>For instructions on maintaining this file, see <A HREF="#HDRWQ118">Maintaining the Server CellServDB File</A>.
+<A NAME="IDX5939"></A>
+<A NAME="IDX5940"></A>
+<A NAME="IDX5941"></A>
+<P><DT><B>KeyFile
+</B><DD>A machine-independent, binary-format file that lists the server encryption
+keys the AFS server processes use to encrypt and decrypt tickets. The
+information in this file is the basis for secure communication in the cell,
+and so is extremely sensitive. The file is specially protected so that
+only privileged users can read or change it.
+<P>For instructions on maintaining this file, see <A HREF="auagd014.htm#HDRWQ355">Managing Server Encryption Keys</A>.
+<A NAME="IDX5942"></A>
+<A NAME="IDX5943"></A>
+<P><DT><B>ThisCell
+</B><DD>An ASCII file that consists of a single line defining the complete
+Internet domain-style name of the cell (such as
+<TT>abc.com</TT>). You create this file with the <B>bos
+setcellname</B> command during the installation of your cell's first
+file server machine, as instructed in the <I>IBM AFS Quick
+Beginnings</I>.
+<P>Note that changing this file is only one step in changing your cell's
+name. For discussion, see <A HREF="auagd007.htm#HDRWQ34">Choosing a Cell Name</A>.
+<A NAME="IDX5944"></A>
+<A NAME="IDX5945"></A>
+<P><DT><B>UserList
+</B><DD>An ASCII file that lists the usernames of the system administrators
+authorized to issue privileged <B>bos</B>, <B>vos</B>, and
+<B>backup</B> commands. For instructions on maintaining the file,
+see <A HREF="auagd021.htm#HDRWQ592">Administering the UserList File</A>.
+</DL>
+<A NAME="IDX5946"></A>
+<A NAME="IDX5947"></A>
+<A NAME="IDX5948"></A>
+<A NAME="IDX5949"></A>
+<P><H3><A NAME="HDRWQ86" HREF="auagd002.htm#ToC_104">Local Configuration Files in the /usr/afs/local Directory</A></H3>
+<P>The directory <B>/usr/afs/local</B> contains
+configuration files that are different for each file server machine in a
+cell. Thus, they are not updated automatically from a central source
+like the files in <B>/usr/afs/bin</B> and <B>/usr/afs/etc</B>
+directories. The most important file is the <B>BosConfig</B>
+file; it defines which server processes are to run on that
+machine.
+<P>As with the common configuration files in <B>/usr/afs/etc</B>, you must
+not edit these files directly. Use commands from the <B>bos</B>
+command suite where appropriate; some files never need to be
+altered.
+<P>The files in this directory include the following:
+<DL>
+<A NAME="IDX5950"></A>
+<A NAME="IDX5951"></A>
+<P><DT><B>BosConfig
+</B><DD>This file lists the server processes to run on the server machine, by
+defining which processes the BOS Server monitors and what it does if the
+process fails. It also defines the times at which the BOS Server
+automatically restarts processes for maintenance purposes.
+<P>As you create server processes during a file server machine's
+installation, their entries are defined in this file automatically. The
+<I>IBM AFS Quick Beginnings</I> outlines the <B>bos</B> commands to
+use. For a more complete description of the file, and instructions for
+controlling process status by editing the file with commands from the
+<B>bos</B> suite, see <A HREF="auagd009.htm#HDRWQ142">Monitoring and Controlling Server Processes</A>.
+<A NAME="IDX5952"></A>
+<A NAME="IDX5953"></A>
+<P><DT><B>NetInfo
+</B><DD>This optional ASCII file lists one or more of the network interface
+addresses on the server machine. If it exists when the File Server
+initializes, the File Server uses it as the basis for the list of interfaces
+that it registers in its Volume Location Database (VLDB) server entry.
+See <A HREF="#HDRWQ138">Managing Server IP Addresses and VLDB Server Entries</A>.
+<A NAME="IDX5954"></A>
+<A NAME="IDX5955"></A>
+<P><DT><B>NetRestrict
+</B><DD>This optional ASCII file lists one or more network interface
+addresses. If it exists when the File Server initializes, the File
+Server removes the specified addresses from the list of interfaces that it
+registers in its VLDB server entry. See <A HREF="#HDRWQ138">Managing Server IP Addresses and VLDB Server Entries</A>.
+<A NAME="IDX5956"></A>
+<A NAME="IDX5957"></A>
+<P><DT><B>NoAuth
+</B><DD>This zero-length file instructs all AFS server processes running on the
+machine not to perform authorization checking. Thus, they perform any
+action for any user, even <B>anonymous</B>. This very insecure
+state is useful only in rare instances, mainly during the installation of the
+machine.
+<P>The file is created automatically when you start the initial
+<B>bosserver</B> process with the <B>-noauth</B> flag, or issue the
+<B>bos setauth</B> command to turn off authentication requirements.
+When you use the <B>bos setauth</B> command to turn on authentication, the
+BOS Server removes this file. For more information, see <A HREF="#HDRWQ123">Managing Authentication and Authorization Requirements</A>.
+<A NAME="IDX5958"></A>
+<A NAME="IDX5959"></A>
+<P><DT><B>SALVAGE.fs
+</B><DD>This zero-length file controls how the BOS Server handles a crash of the
+File Server component of the <B>fs</B> process. The BOS Server
+creates this file each time it starts or restarts the <B>fs</B>
+process. If the file is present when the File Server crashes, then the
+BOS Server runs the Salvager before restarting the File Server and Volume
+Server again. When the File Server exits normally, the BOS Server
+removes the file so that the Salvager does not run.
+<P>Do not create or remove this file yourself; the BOS Server does so
+automatically. If necessary, you can salvage a volume or partition by
+using the <B>bos salvage</B> command; see <A HREF="auagd010.htm#HDRWQ232">Salvaging Volumes</A>.
+<A NAME="IDX5960"></A>
+<A NAME="IDX5961"></A>
+<P><DT><B>salvage.lock
+</B><DD>This file guarantees that only one Salvager process runs on a file server
+machine at a time (the single process can fork multiple subprocesses to
+salvage multiple partitions in parallel). As the Salvager initiates
+(when invoked by the BOS Server or by issue of the <B>bos salvage</B>
+command), it creates this zero-length file and issues the <B>flock</B>
+system call on it. It removes the file when it completes the salvage
+operation. Because the Salvager must lock the file in order to run,
+only one Salvager can run at a time.
+<A NAME="IDX5962"></A>
+<A NAME="IDX5963"></A>
+<A NAME="IDX5964"></A>
+<A NAME="IDX5965"></A>
+<P><DT><B>sysid
+</B><DD>This file records the network interface addresses that the File Server
+(<B>fileserver</B> process) registers in its VLDB server entry.
+When the Cache Manager requests volume location information, the Volume
+Location (VL) Server provides all of the interfaces registered for each server
+machine that houses the volume. This enables the Cache Manager to make
+use of multiple addresses when accessing AFS data stored on a multihomed file
+server machine. For further information, see <A HREF="#HDRWQ138">Managing Server IP Addresses and VLDB Server Entries</A>.
+</DL>
+<A NAME="IDX5966"></A>
+<A NAME="IDX5967"></A>
+<A NAME="IDX5968"></A>
+<A NAME="IDX5969"></A>
+<A NAME="IDX5970"></A>
+<A NAME="IDX5971"></A>
+<P><H3><A NAME="HDRWQ87" HREF="auagd002.htm#ToC_105">Replicated Database Files in the /usr/afs/db Directory</A></H3>
+<P>The directory <B>/usr/afs/db</B> contains two types of
+files pertaining to the four replicated databases in the cell--the
+Authentication Database, Backup Database, Protection Database, and Volume
+Location Database (VLDB):
+<UL>
+<P><LI>A file that contains each database, with a <B>.DB0</B>
+extension.
+<P><LI>A log file for each database, with a <B>.DBSYS1</B>
+extension. The database server process logs each database operation in
+this file before performing it. If the operation is interrupted, the
+process consults this file to learn how to finish it.
+</UL>
+<P>Each database server process (Authentication, Backup, Protection, or VL
+Server) maintains its own database and log files. The database files
+are in binary format, so you must always access or alter them using commands
+from the <B>kas</B> suite (for the Authentication Database),
+<B>backup</B> suite (for the Backup Database), <B>pts</B> suite (for
+the Protection Database), or <B>vos</B> suite (for the VLDB).
+<P>If a cell runs more than one database server machine, each database server
+process keeps its own copy of its database on its machine's hard
+disk. However, it is important that all the copies of a given database
+are the same. To synchronize them, the database server processes call
+on AFS's distributed database technology, Ubik, as described in <A HREF="#HDRWQ102">Replicating the AFS Administrative Databases</A>.
+<P>The files listed here appear in this directory only on database server
+machines. On non-database server machines, this directory is
+empty.
+<DL>
+<A NAME="IDX5972"></A>
+<A NAME="IDX5973"></A>
+<P><DT><B>bdb.DB0
+</B><DD>The Backup Database file.
+<A NAME="IDX5974"></A>
+<A NAME="IDX5975"></A>
+<P><DT><B>bdb.DBSYS1
+</B><DD>The Backup Database log file.
+<A NAME="IDX5976"></A>
+<A NAME="IDX5977"></A>
+<P><DT><B>kaserver.DB0
+</B><DD>The Authentication Database file.
+<A NAME="IDX5978"></A>
+<A NAME="IDX5979"></A>
+<P><DT><B>kaserver.DBSYS1
+</B><DD>The Authentication Database log file.
+<A NAME="IDX5980"></A>
+<A NAME="IDX5981"></A>
+<P><DT><B>prdb.DB0
+</B><DD>The Protection Database file.
+<A NAME="IDX5982"></A>
+<A NAME="IDX5983"></A>
+<P><DT><B>prdb.DBSYS1
+</B><DD>The Protection Database log file.
+<A NAME="IDX5984"></A>
+<A NAME="IDX5985"></A>
+<P><DT><B>vldb.DB0
+</B><DD>The Volume Location Database file.
+<A NAME="IDX5986"></A>
+<A NAME="IDX5987"></A>
+<P><DT><B>vldb.DBSYS1
+</B><DD>The Volume Location Database log file.
+</DL>
+<A NAME="IDX5988"></A>
+<A NAME="IDX5989"></A>
+<A NAME="IDX5990"></A>
+<A NAME="IDX5991"></A>
+<A NAME="IDX5992"></A>
+<A NAME="IDX5993"></A>
+<P><H3><A NAME="HDRWQ88" HREF="auagd002.htm#ToC_106">Log Files in the /usr/afs/logs Directory</A></H3>
+<P>The <B>/usr/afs/logs</B> directory contains log files
+from various server processes. The files detail interesting events that
+occur during normal operations. For instance, the Volume Server can
+record volume moves in the <B>VolserLog</B> file. Events are
+recorded at completion, so the server processes do not use these files to
+reconstruct failed operations unlike the ones in the <B>/usr/afs/db</B>
+directory.
+<P>The information in log files can be very useful as you evaluate process
+failures and other problems. For instance, if you receive a timeout
+message when you try to access a volume, checking the <B>FileLog</B> file
+possibly provides an explanation, showing that the File Server was unable to
+attach the volume. To examine a log file remotely, use the <B>bos
+getlog</B> command as described in <A HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A>.
+<P>This directory also contains the core image files generated if a process
+being monitored by the BOS Server crashes. The BOS Server attempts to
+add an extension to the standard <B>core</B> name to indicate which
+process generated the core file (for example, naming a core file generated by
+the Protection Server <B>core.ptserver</B>). The BOS Server
+cannot always assign the correct extension if two processes fail at about the
+same time, so it is not guaranteed to be correct.
+<P>The directory contains the following files:
+<DL>
+<A NAME="IDX5994"></A>
+<A NAME="IDX5995"></A>
+<P><DT><B>AuthLog
+</B><DD>The Authentication Server's log file.
+<A NAME="IDX5996"></A>
+<A NAME="IDX5997"></A>
+<P><DT><B><B>BackupLog</B>
+</B><DD>The Backup Server's log file.
+<A NAME="IDX5998"></A>
+<A NAME="IDX5999"></A>
+<P><DT><B><B>BosLog</B>
+</B><DD>The BOS Server's log file.
+<A NAME="IDX6000"></A>
+<A NAME="IDX6001"></A>
+<P><DT><B><B>FileLog</B>
+</B><DD>The File Server's log file.
+<A NAME="IDX6002"></A>
+<A NAME="IDX6003"></A>
+<P><DT><B><B>SalvageLog</B>
+</B><DD>The Salvager's log file.
+<A NAME="IDX6004"></A>
+<A NAME="IDX6005"></A>
+<P><DT><B><B>VLLog</B>
+</B><DD>The Volume Location (VL) Server's log file.
+<A NAME="IDX6006"></A>
+<A NAME="IDX6007"></A>
+<P><DT><B><B>VolserLog</B>
+</B><DD>The Volume Server's log file.
+<P><DT><B><B>core</B>.<VAR>process</VAR>
+</B><DD>If present, a core image file produced as an AFS server process on the
+machine crashed (probably the process named by <VAR>process</VAR>).
+</DL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To prevent log files from growing unmanageably large, restart the server
+processes periodically, particularly the database server processes. To
+avoid restarting the processes, use the UNIX <B>rm</B> command to remove
+the file as the process runs; it re-creates it automatically.
+</TD></TR></TABLE>
+<A NAME="IDX6008"></A>
+<A NAME="IDX6009"></A>
+<A NAME="IDX6010"></A>
+<A NAME="IDX6011"></A>
+<A NAME="IDX6012"></A>
+<P><H3><A NAME="HDRWQ89" HREF="auagd002.htm#ToC_107">Volume Headers on Server Partitions</A></H3>
+<P>A partition that houses AFS volumes must be mounted at a
+subdirectory of the machine's root ( / ) directory (not, for instance
+under the <B>/usr</B> directory). The file server machine's
+file system registry file (<B>/etc/fstab</B> or equivalent) must correctly
+map the directory name and the partition's device name. The
+directory name is of the form <B>/vicep</B><VAR>index</VAR>, where each
+<VAR>index</VAR> is one or two lowercase letters. By convention, the
+first AFS partition on a machine is mounted at <B>/vicepa</B>, the second
+at <B>/vicepb</B>, and so on. If there are more than 26 partitions,
+continue with <B>/vicepaa</B>, <B>/vicepab</B> and so on. The
+<I>IBM AFS Release Notes</I> specifies the number of supported partitions
+per server machine.
+<P>Do not store non-AFS files on AFS partitions. The File Server and
+Volume Server expect to have available all of the space on the
+partition.
+<P>The <B>/vicep</B> directories contain two types of files:
+<DL>
+<A NAME="IDX6013"></A>
+<A NAME="IDX6014"></A>
+<P><DT><B>V<VAR>vol_ID</VAR>.vol
+</B><DD>Each such file is a volume header. The <VAR>vol_ID</VAR> corresponds
+to the volume ID number displayed in the output from the <B>vos
+examine</B>, <B>vos listvldb</B>, and <B>vos listvol</B>
+commands.
+<A NAME="IDX6015"></A>
+<A NAME="IDX6016"></A>
+<P><DT><B>FORCESALVAGE
+</B><DD>This zero-length file triggers the Salvager to salvage the entire
+partition. The AFS-modified version of the <B>fsck</B> program
+creates this file if it discovers corruption.
+</DL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">For most system types, it is important never to run the standard
+<B>fsck</B> program provided with the operating system on an AFS file
+server machine. It removes all AFS volume data from server partitions
+because it does not recognize their format.
+</TD></TR></TABLE>
+<A NAME="IDX6017"></A>
+<A NAME="IDX6018"></A>
+<HR><H2><A NAME="HDRWQ90" HREF="auagd002.htm#ToC_108">The Four Roles for File Server Machines</A></H2>
+<P>In cells that have more than one server machine, not all
+server machines have to perform exactly the same functions. The are
+four possible <I>roles</I> a machine can assume, determined by which
+server processes it is running. A machine can assume more than one role
+by running all of the relevant processes. The following list summarizes
+the four roles, which are described more completely in subsequent
+sections.
+<UL>
+<P><LI>A <I>simple file server machine</I> runs only the processes that store
+and deliver AFS files to client machines. You can run as many simple
+file server machines as you need to satisfy your cell's performance and
+disk space requirements.
+<P><LI>A <I>database server machine</I> runs the four database server
+processes that maintain AFS's replicated administrative databases:
+the Authentication, Backup, Protection, and Volume Location (VL) Server
+processes.
+<P><LI>A <I>binary distribution machine</I> distributes the AFS server
+binaries for its system type to all other server machines of that system
+type.
+<P><LI>The single <I>system control machine</I> distributes common server
+configuration files to all other server machines in the cell, in a cell that
+runs the United States edition of AFS (cells that use the international
+edition of AFS must not use the system control machine for this
+purpose). The machine conventionally also serves as the time
+synchronization source for the cell, adjusting its clock according to a time
+source outside the cell.
+</UL>
+<P>If a cell has a single server machine, it assumes the simple file server
+and database server roles. The instructions in the <I>IBM AFS Quick
+Beginnings</I> also have you configure it as the system control machine and
+binary distribution machine for its system type, but it does not actually
+perform those functions until you install another server machine.
+<P>It is best to keep the binaries for all of the AFS server processes in the
+<B>/usr/afs/bin</B> directory, even if not all processes are
+running. You can then change which roles a machine assumes simply by
+starting or stopping the processes that define the role.
+<A NAME="IDX6019"></A>
+<A NAME="IDX6020"></A>
+<P><H3><A NAME="HDRWQ91" HREF="auagd002.htm#ToC_109">Simple File Server Machines</A></H3>
+<P>A <I>simple file server machine</I> runs only the server
+processes that store and deliver AFS files to client machines, monitor process
+status, and pick up binaries and configuration files from the cell's
+binary distribution and system control machines.
+<P>In general, only cells with more than three server machines need to run
+simple file server machines. In cells with three or fewer machines, all
+of them are usually database server machines (to benefit from replicating the
+administrative databases); see <A HREF="#HDRWQ92">Database Server Machines</A>.
+<P>The following processes run on a simple file server machine:
+<UL>
+<P><LI>The BOS Server (<B>bosserver</B> process)
+<P><LI>The <B>fs</B> process, which combines the File Server, Volume Server,
+and Salvager processes so that they can coordinate their operations on the
+data in volumes and avoid the inconsistencies that can result from multiple
+simultaneous operations on the same data
+<P><LI>The NTP coordinator (<B>runntp</B> process), which helps keep the
+machine's clock synchronized with the clocks on the other server machines
+in the cell
+<P><LI>A client portion of the Update Server that picks up binary files from the
+binary distribution machine of its AFS system type (the <B>upclientbin</B>
+process)
+<P><LI>A client portion of the Update Server that picks up common configuration
+files from the system control machine, in cells running the United States
+edition of AFS (the <B>upclientetc</B> process)
+</UL>
+<A NAME="IDX6021"></A>
+<A NAME="IDX6022"></A>
+<A NAME="IDX6023"></A>
+<A NAME="IDX6024"></A>
+<A NAME="IDX6025"></A>
+<A NAME="IDX6026"></A>
+<P><H3><A NAME="HDRWQ92" HREF="auagd002.htm#ToC_110">Database Server Machines</A></H3>
+<P>A <I>database server machine</I> runs the four processes
+that maintain the AFS replicated administrative databases: the
+Authentication Server, Backup Server, Protection Server, and Volume Location
+(VL) Server, which maintain the Authentication Database, Backup Database,
+Protection Database, and Volume Location Database (VLDB), respectively.
+To review the functions of these server processes and their databases, see <A HREF="auagd006.htm#HDRWQ17">AFS Server Processes and the Cache Manager</A>.
+<P>If a cell has more than one server machine, it is best to run more than one
+database server machine, but more than three are rarely necessary.
+Replicating the databases in this way yields the same benefits as replicating
+volumes: increased availability and reliability of information.
+If one database server machine or process goes down, the information in the
+database is still available from others. The load of requests for
+database information is spread across multiple machines, preventing any one
+from becoming overloaded.
+<P>Unlike replicated volumes, however, replicated databases do change
+frequently. Consistent system performance demands that all copies of
+the database always be identical, so it is not possible to record changes in
+only some of them. To synchronize the copies of a database, the
+database server processes use AFS's distributed database technology,
+Ubik. See <A HREF="#HDRWQ102">Replicating the AFS Administrative Databases</A>.
+<P>It is critical that the AFS server processes on every server machine in a
+cell know which machines are the database server machines. The database
+server processes in particular must maintain constant contact with their peers
+in order to coordinate the copies of the database. The other server
+processes often need information from the databases. Every file server
+machine keeps a list of its cell's database server machines in its local
+<B>/usr/afs/etc/CellServDB</B> file. Cells that use the States
+edition of AFS can use the system control machine to distribute this file (see
+<A HREF="#HDRWQ94">The System Control Machine</A>).
+<P>The following processes define a database server machine:
+<UL>
+<P><LI>The Authentication Server (<B>kaserver</B> process)
+<P><LI>The Backup Server (<B>buserver</B> process)
+<P><LI>The Protection Server (<B>ptserver</B> process)
+<P><LI>The VL Server (<B>vlserver</B> process)
+</UL>
+<P>Database server machines can also run the processes that define a simple
+file server machine, as listed in <A HREF="#HDRWQ91">Simple File Server Machines</A>. One database server machine can act as the
+cell's system control machine, and any database server machine can serve
+as the binary distribution machine for its system type; see <A HREF="#HDRWQ94">The System Control Machine</A> and <A HREF="#HDRWQ93">Binary Distribution Machines</A>.
+<A NAME="IDX6027"></A>
+<A NAME="IDX6028"></A>
+<A NAME="IDX6029"></A>
+<A NAME="IDX6030"></A>
+<P><H3><A NAME="HDRWQ93" HREF="auagd002.htm#ToC_111">Binary Distribution Machines</A></H3>
+<P>A <I>binary distribution machine</I> stores and
+distributes the binary files for the AFS processes and command suites to all
+other server machines of its system type. Each file server machine
+keeps its own copy of AFS server process binaries on its local disk, by
+convention in the <B>/usr/afs/bin</B> directory. For consistent
+system performance, however, all server machines must run the same version
+(build level) of a process. For instructions for checking a
+binary's build level, see <A HREF="#HDRWQ117">Displaying A Binary File's Build Level</A>. The easiest way to keep the binaries
+consistent is to have a binary distribution machine of each system type
+distribute them to its system-type peers.
+<P>The process that defines a binary distribution machine is the server
+portion of the Update Server (<B>upserver</B> process). The client
+portion of the Update Server (<B>upclientbin</B> process) runs on the
+other server machines of that system type and references the binary
+distribution machine.
+<P>Binary distribution machines usually also run the processes that define a
+simple file server machine, as listed in <A HREF="#HDRWQ91">Simple File Server Machines</A>. One binary distribution machine can act as the
+cell's system control machine, and any binary distribution machine can
+serve as a database server machine; see <A HREF="#HDRWQ94">The System Control Machine</A> and <A HREF="#HDRWQ92">Database Server Machines</A>.
+<A NAME="IDX6031"></A>
+<A NAME="IDX6032"></A>
+<A NAME="IDX6033"></A>
+<P><H3><A NAME="HDRWQ94" HREF="auagd002.htm#ToC_112">The System Control Machine</A></H3>
+<P>In cells that run the United States edition of AFS, the
+<I>system control machine</I> stores and distributes system configuration
+files shared by all of the server machines in the cell. Each file
+server machine keeps its own copy of the configuration files on its local
+disk, by convention in the <B>/usr/afs/etc</B> directory. For
+consistent system performance, however, all server machines must use the same
+files. The easiest way to keep the files consistent is to have the
+system control machine distribute them. You make changes only to the
+copy stored on the system control machine, as directed by the instructions in
+this document. The United States edition of AFS is available to cells
+in the United States and Canada and to selected institutions in other
+countries, as determined by United States government regulations.
+<P>Cells that run the international version of AFS do not use the system
+control machine to distribute system configuration files. Some of the
+files contain information that is too sensitive to cross the network
+unencrypted, and United States government regulations forbid the export of the
+necessary encryption routines in the form that the Update Server uses.
+You must instead update the configuration files on each file server machine
+individually. The <B>bos</B> commands that you use to update the
+files encrypt the information using an exportable form of the encryption
+routines.
+<P>For a list of the configuration files stored in the <B>/usr/afs/etc</B>
+directory, see <A HREF="#HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</A>.
+<P>The <I>IBM AFS Quick Beginnings</I> configures a cell's first
+server machine as the system control machine. If you wish, you can
+reassign the role to a different machine that you install later, but you must
+then change the client portion of the Update Server (<B>upclientetc</B>)
+process running on all other server machines to refer to the new system
+control machine.
+<P>The following processes define the system control machine:
+<UL>
+<A NAME="IDX6034"></A>
+<A NAME="IDX6035"></A>
+<P><LI>The server portion of the Update Server (<B>upserver</B>) process, in
+cells using the United States edition of AFS. The client portion of the
+Update Server (<B>upclientetc</B> process) runs on the other server
+machines and references the system control machine.
+<P><LI>The NTP coordinator (<B>runntp</B> process) which points to a time
+source outside the cell, if the cell uses NTPD to synchronize its
+clocks. The <B>runntp</B> process on other machines reference the
+system control machine as their main time source.
+</UL>
+<P>The system control machine can also run the processes that define a simple
+file server machine, as listed in <A HREF="#HDRWQ91">Simple File Server Machines</A>. It can also server as a database server machine, and
+by convention acts as the binary distribution machine for its system
+type. A single <B>upserver</B> process can distribute both
+configuration files and binaries. See <A HREF="#HDRWQ92">Database Server Machines</A> and <A HREF="#HDRWQ93">Binary Distribution Machines</A>.
+<A NAME="IDX6036"></A>
+<A NAME="IDX6037"></A>
+<A NAME="IDX6038"></A>
+<A NAME="IDX6039"></A>
+<A NAME="IDX6040"></A>
+<A NAME="IDX6041"></A>
+<A NAME="IDX6042"></A>
+<P><H3><A NAME="HDRWQ95" HREF="auagd002.htm#ToC_113">To locate database server machines</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos listhosts</B> command.
+<PRE> % <B>bos listhosts</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>The machines listed in the output are the cell's database server
+machines. For complete instructions and example output, see <A HREF="#HDRWQ120">To display a cell's database server machines</A>.
+<P><LI><B>(Optional)</B> Issue the <B>bos status</B> command to verify
+that a machine listed in the output of the <B>bos listhosts</B> command is
+actually running the processes that define it as a database server
+machine. For complete instructions, see <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<PRE> % <B>bos status</B> <<VAR>machine name</VAR>> <B>buserver kaserver ptserver vlserver</B>
+</PRE>
+<P>If the specified machine is a database server machine, the output from the
+<B> bos status</B> command includes the following lines:
+<PRE> Instance buserver, currently running normally.
+ Instance kaserver, currently running normally.
+ Instance ptserver, currently running normally.
+ Instance vlserver, currently running normally.
+</PRE>
+</OL>
+<A NAME="IDX6043"></A>
+<A NAME="IDX6044"></A>
+<A NAME="IDX6045"></A>
+<P><H3><A NAME="HDRWQ96" HREF="auagd002.htm#ToC_114">To locate the system control machine</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos status</B> command for any server machine.
+Complete instructions appear in <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<PRE> % <B>bos status</B> <<VAR>machine name</VAR>> <B>upserver upclientbin upclientetc</B> <B>-long</B>
+</PRE>
+<P>The output you see depends on the machine you have contacted: a
+simple file server machine, the system control machine, or a binary
+distribution machine. See <A HREF="#HDRWQ98">Interpreting the Output from the bos status Command</A>.
+</OL>
+<A NAME="IDX6046"></A>
+<A NAME="IDX6047"></A>
+<A NAME="IDX6048"></A>
+<P><H3><A NAME="HDRWQ97" HREF="auagd002.htm#ToC_115">To locate the binary distribution machine for a system type</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos status</B> command for a file server machine of the
+system type you are checking (to determine a machine's system type, issue
+the <B>fs sysname</B> or <B>sys</B> command as described in <A HREF="auagd015.htm#HDRWQ417">Displaying and Setting the System Type Name</A>. Complete instructions for the <B>bos status</B>
+command appear in <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<PRE> % <B>bos status</B> <<VAR>machine name</VAR>> <B>upserver upclientbin upclientetc -long</B>
+</PRE>
+<P>The output you see depends on the machine you have contacted: a
+simple file server machine, the system control machine, or a binary
+distribution machine. See <A HREF="#HDRWQ98">Interpreting the Output from the bos status Command</A>.
+</OL>
+<A NAME="IDX6049"></A>
+<A NAME="IDX6050"></A>
+<A NAME="IDX6051"></A>
+<P><H3><A NAME="HDRWQ98" HREF="auagd002.htm#ToC_116">Interpreting the Output from the bos status Command</A></H3>
+<P>Interpreting the output of the <B>bos status</B> command
+is most straightforward for a simple file server machine. There is no
+<B>upserver</B> process, so the output includes the following
+message:
+<PRE> bos: failed to get instance info for 'upserver' (no such entity)
+</PRE>
+<P>A simple file server machine runs the <B>upclientbin</B> process, so
+the output includes a message like the following. It indicates that
+<B>fs7.abc.com</B> is the binary distribution machine for
+this system type.
+<PRE> Instance upclientbin, (type is simple) currently running normally.
+ Process last started at Wed Mar 10 23:37:09 1999 (1 proc start)
+ Command 1 is '/usr/afs/bin/upclient fs7.abc.com -t 60 /usr/afs/bin'
+</PRE>
+<P>If you run the United States edition of AFS, a simple file server machine
+also runs the <B>upclientetc</B> process, so the output includes a message
+like the following. It indicates that
+<B>fs1.abc.com</B> is the system control machine.
+<PRE> Instance upclientetc, (type is simple) currently running normally.
+ Process last started at Mon Mar 22 05:23:49 1999 (1 proc start)
+ Command 1 is '/usr/afs/bin/upclient fs1.abc.com -t 60 /usr/afs/etc'
+</PRE>
+<P><H4><A NAME="HDRWQ99">The Output on the System Control Machine</A></H4>
+<P>If you run the United States edition of AFS and have issued
+the <B>bos status</B> command for the system control machine, the output
+includes an entry for the <B>upserver</B> process similar to the
+following:
+<PRE> Instance upserver, (type is simple) currently running normally.
+ Process last started at Mon Mar 22 05:23:54 1999 (1 proc start)
+ Command 1 is '/usr/afs/bin/upserver'
+</PRE>
+<P>If you are using the default configuration recommended in the <I>IBM AFS
+Quick Beginnings</I>, the system control machine is also the binary
+distribution machine for its system type, and a single <B>upserver</B>
+process distributes both kinds of updates. In that case, the output
+includes the following messages:
+<PRE> bos: failed to get instance info for 'upclientbin' (no such entity)
+ bos: failed to get instance info for 'upclientetc' (no such entity)
+</PRE>
+<P>If the system control machine is not a binary distribution machine, the
+output includes an error message for the <B>upclientetc</B> process, but a
+complete a listing for the <B>upclientbin</B> process (in this case it
+refers to the machine <B>fs5.abc.com</B> as the binary
+distribution machine):
+<PRE> Instance upclientbin, (type is simple) currently running normally.
+ Process last started at Mon Mar 22 05:23:49 1999 (1 proc start)
+ Command 1 is '/usr/afs/bin/upclient fs5.abc.com -t 60 /usr/afs/bin'
+ bos: failed to get instance info for 'upclientetc' (no such entity)
+</PRE>
+<P><H4><A NAME="HDRWQ100">The Output on a Binary Distribution Machine</A></H4>
+<P>If you have issued the <B>bos status</B> command for a
+binary distribution machine, the output includes an entry for the
+<B>upserver</B> process similar to the following and error message for the
+<B>upclientbin</B> process:
+<PRE> Instance upserver, (type is simple) currently running normally.
+ Process last started at Mon Apr 5 05:23:54 1999 (1 proc start)
+ Command 1 is '/usr/afs/bin/upserver'
+ bos: failed to get instance info for 'upclientbin' (no such entity)
+</PRE>
+<P>Unless this machine also happens to be the system control machine, a
+message like the following references the system control machine (in this
+case, <B>fs3.abc.com</B>):
+<PRE> Instance upclientetc, (type is simple) currently running normally.
+ Process last started at Mon Apr 5 05:23:49 1999 (1 proc start)
+ Command 1 is '/usr/afs/bin/upclient fs3.abc.com -t 60 /usr/afs/etc'
+</PRE>
+<HR><H2><A NAME="HDRWQ101" HREF="auagd002.htm#ToC_119">Administering Database Server Machines</A></H2>
+<P>This section explains how to administer database server
+machines. For installation instructions, see the <I>IBM AFS Quick
+Beginnings</I>.
+<A NAME="IDX6052"></A>
+<A NAME="IDX6053"></A>
+<A NAME="IDX6054"></A>
+<A NAME="IDX6055"></A>
+<A NAME="IDX6056"></A>
+<A NAME="IDX6057"></A>
+<A NAME="IDX6058"></A>
+<A NAME="IDX6059"></A>
+<A NAME="IDX6060"></A>
+<A NAME="IDX6061"></A>
+<A NAME="IDX6062"></A>
+<P><H3><A NAME="HDRWQ102" HREF="auagd002.htm#ToC_120">Replicating the AFS Administrative Databases</A></H3>
+<P>There are several benefits to replicating the AFS
+administrative databases (the Authentication, Backup, Protection, and Volume
+Location Databases), as discussed in <A HREF="auagd007.htm#HDRWQ52">Replicating the AFS Administrative Databases</A>. For correct cell functioning, the copies of each
+database must be identical at all times. To keep the databases
+synchronized, AFS uses library of utilities called <I>Ubik</I>.
+Each database server process runs an associated lightweight Ubik process, and
+client-side programs call Ubik's client-side subroutines when they submit
+requests to read and change the databases.
+<P>Ubik is designed to work with minimal administrator intervention, but there
+are several configuration requirements, as detailed in <A HREF="#HDRWQ103">Configuring the Cell for Proper Ubik Operation</A>. The following brief overview of Ubik's
+operation is helpful for understanding the requirements. For more
+details, see <A HREF="#HDRWQ104">How Ubik Operates Automatically</A>.
+<P>Ubik is designed to distribute changes made in an AFS administrative
+database to all copies as quickly as possible. Only one copy of the
+database, the <I>synchronization site</I>, accepts change requests from
+clients; the lightweight Ubik process running there is the <I>Ubik
+coordinator</I>. To maintain maximum availability, there is a
+separate Ubik coordinator for each database, and the synchronization site for
+each of the four databases can be on a different machine. The
+synchronization site for a database can also move from machine to machine in
+response to process, machine, or network outages.
+<P>The other copies of a database, and the Ubik processes that maintain them,
+are termed <I>secondary</I>. The secondary sites do not accept
+database changes directly from client-side programs, but only from the
+synchronization site.
+<P>After the Ubik coordinator records a change in its copy of a database, it
+immediately sends the change to the secondary sites. During the brief
+distribution period, clients cannot access any of the copies of the database,
+even for reading. If the coordinator cannot reach a majority of the
+secondary sites, it halts the distribution and informs the client that the
+attempted change failed.
+<P>To avoid distribution failures, the Ubik processes maintain constant
+contact by exchanging time-stamped messages. As long as a majority of
+the secondary sites respond to the coordinator's messages, there is a
+<I>quorum</I> of sites that are synchronized with the coordinator.
+If a process, machine, or network outage breaks the quorum, the Ubik processes
+attempt to elect a new coordinator in order to establish a new quorum among
+the highest possible number of sites. See <A HREF="#HDRWQ106">A Flexible Coordinator Boosts Availability</A>.
+<A NAME="IDX6063"></A>
+<A NAME="IDX6064"></A>
+<A NAME="IDX6065"></A>
+<P><H4><A NAME="HDRWQ103">Configuring the Cell for Proper Ubik Operation</A></H4>
+<P>This section describes how to configure your cell to
+maintain proper Ubik operation.
+<UL>
+<P><LI>Run all four database server processes--Authentication Server, Backup
+Server, Protection Server, and VL Server--on all database server
+machines.
+<P>Both the client and server portions of Ubik expect that all the database
+server machines listed in the <B>CellServDB</B> file are running all of
+the database server processes. There is no mechanism for indicating
+that only some database server processes are running on a machine.
+<P><LI>Maintain correct information in the <B>/usr/afs/etc/CellServDB</B>
+file at all times.
+<P>Ubik consults the <B>/usr/afs/etc/CellServDB</B> file to determine the
+sites with which to establish and maintain a quorum. Incorrect
+information can result in unsynchronized databases or election of a
+coordinator in each of several subgroups of machines, because the Ubik
+processes on various machines do not agree on which machines need to
+participate in the quorum.
+<P>If you run the United States version of AFS and use the Update Server, it
+is simplest to maintain the <B>/usr/afs/etc/CellServDB</B> file on the
+system control machine, which distributes its copy to all other server
+machines. The <I>IBM AFS Quick Beginnings</I> explains how to
+configure the Update Server. If you run the international version of
+AFS, you must update the file on each machine individually.
+<P>The only reason to alter the file is when configuring or decommissioning a
+database server machine. Use the appropriate <B>bos</B> commands
+rather than editing the file by hand. For instructions, see <A HREF="#HDRWQ118">Maintaining the Server CellServDB File</A>. The instructions in <A HREF="auagd009.htm#HDRWQ142">Monitoring and Controlling Server Processes</A> for stopping and starting processes remind
+you to alter the <B>CellServDB</B> file when appropriate, as do the
+instructions in the <I>IBM AFS Quick Beginnings</I> for installing or
+decommissioning a database server machine.
+<P>(Client processes and the server processes that do not maintain databases
+also rely on correct information in the <B>CellServDB</B> file for proper
+operation, but their use of the information does not affect Ubik's
+operation. See <A HREF="#HDRWQ118">Maintaining the Server CellServDB File</A> and <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.)
+<A NAME="IDX6066"></A>
+<P><LI>Keep the clocks synchronized on all machines in the cell, especially the
+database server machines.
+<P>In the conventional configuration specified in the <I>IBM AFS Quick
+Beginnings</I>, you run the <B>runntp</B> process to supervise the local
+Network Time Protocol Daemon (NTPD) on every AFS server machine. The
+NTPD on the system control machine synchronizes its clock with a reliable
+source outside the cell and broadcasts the time to the NTPDs on the other
+server machines. You can choose to run a different time synchronization
+protocol if you wish.
+<P>Keeping clocks synchronized is important because the Ubik processes at a
+database's sites timestamp the messages which they exchange to maintain
+constant contact. Timestamping the messages is necessary because in a
+networked environment it is not safe to assume that a message reaches its
+destination instantly. Ubik compares the timestamp on an incoming
+message with the current time. If the difference is too great, it is
+possible that an outage is preventing reliable communication between the Ubik
+sites, which can possibly result in unsynchronized databases. Ubik
+considers the message invalid, which can prompt it to attempt election of a
+different coordinator.
+<P>Electing a new coordinator is appropriate if a timestamped message is
+expired due to actual interruption of communication, but not if a message
+appears expired only because the sender and recipient do not share the same
+time. For detailed examples of how unsynchronized clocks can
+destabilize Ubik operation, see <A HREF="#HDRWQ105">How Ubik Uses Timestamped Messages</A>.
+</UL>
+<A NAME="IDX6067"></A>
+<A NAME="IDX6068"></A>
+<A NAME="IDX6069"></A>
+<P><H4><A NAME="HDRWQ104">How Ubik Operates Automatically</A></H4>
+<P>The following Ubik features help keep its maintenance
+requirements to a minimum:
+<UL>
+<P><LI>Ubik's server and client portions operate automatically.
+<P>Each database server process runs a lightweight process to call on the
+server portion of the Ubik library. It is common to refer to this
+lightweight process itself as Ubik. Because it is lightweight, the Ubik
+process does not appear in process listings such as those generated by the
+UNIX <B>ps</B> command. Client-side programs that need to read and
+change the databases directly call the subroutines in the Ubik library's
+client portion, rather than running a separate lightweight process.
+Examples of such programs are the <B>klog</B> command and the commands in
+the <B>pts</B> suite.
+<P><LI>Ubik tracks database version numbers.
+<P>As the coordinator records a change to a database, it increments the
+database's version number. The version number makes it easy for
+the coordinator to determine if a site has the most recent version or
+not. The version number speeds the return to normal functioning after
+election of a new coordinator or when communication is restored after an
+outage, because it makes it easy to determine which site has the most current
+database and which need to be updated.
+<P><LI>Ubik's use of timestamped messages guarantees that database copies
+are always synchronized during normal operation.
+<P>Replicating a database to increase data availability is pointless if all
+copies of the database are not the same. Inconsistent performance can
+result if clients receive different information depending on which copy of the
+database they access. As previously noted, Ubik sites constantly track
+the status of their peers by exchanging timestamped messages. For a
+detailed description, see <A HREF="#HDRWQ105">How Ubik Uses Timestamped Messages</A>.
+<P><LI>The ability to move the coordinator maximizes database
+availability.
+<P>Suppose, for example, that in a cell with three database server machines a
+network partition separates the two secondary sites from the
+coordinator. The coordinator retires because it is no longer in contact
+with a majority of the sites listed in the <B>CellServDB</B> file.
+The two sites on the other side of the partition can elect a new coordinator
+among themselves, and it can then accept database changes from clients.
+If the coordinator cannot move in this way, the database has to be read-only
+until the network partition is repaired. For a detailed description of
+Ubik's election procedure, see <A HREF="#HDRWQ106">A Flexible Coordinator Boosts Availability</A>.
+</UL>
+<A NAME="IDX6070"></A>
+<A NAME="IDX6071"></A>
+<P><H5><A NAME="HDRWQ105">How Ubik Uses Timestamped Messages</A></H5>
+<P>Ubik synchronizes the copies of a database by maintaining
+constant contact between the synchronization site and the secondary
+sites. The Ubik coordinator frequently sends a time-stamped
+<I>guarantee</I> message to each of the secondary sites. When the
+secondary site receives the message, it concludes that it is in contact with
+the coordinator. It considers its copy of the database to be valid
+until time <I>T</I>, which is usually 60 seconds from the time the
+coordinator sent the message. In response, the secondary site returns a
+<I>vote</I> message that acknowledges the coordinator as valid until a
+certain time X, which is usually 120 seconds in the future.
+<P>The coordinator sends guarantee messages more frequently than every
+<I>T</I> seconds, so that the expiration periods overlap. There is
+no danger of expiration unless a network partition or other outage actually
+interrupts communication. If the guarantee expires, the secondary
+site's copy of the database it not necessarily current.
+Nonetheless, the database server continues to service client requests.
+It is considered better for overall cell functioning that a secondary site
+remains accessible even if the information it is distributing is possibly out
+of date. Most of the AFS administrative databases do not change that
+frequently, in any case, and making a database inaccessible causes a timeout
+for clients that happen to access that copy.
+<P>As previously mentioned, Ubik's use of timestamped messages makes it
+vital to synchronize the clocks on database server machines. There are
+two ways that skewed clocks can interrupt normal Ubik functioning, depending
+on which clock is ahead of the others.
+<P>Suppose, for example, that the Ubik coordinator's clock is ahead of
+the secondary sites: the coordinator's clock says
+9:35:30, but the secondary clocks say 9:31:30.
+The secondary sites send votes messages that acknowledge the coordinator as
+valid until 9:33:30. This is two minutes in the future
+according to the secondary clocks, but is already in the past from the
+coordinator's perspective. The coordinator concludes that it no
+longer has enough support to remain coordinator and forces election of a new
+coordinator. Election takes about three minutes, during which time no
+copy of the database accepts changes.
+<P>The opposite possibility is that a secondary site's clock
+(14:50:00) is ahead of the coordinator's
+(14:46:30). When the coordinator sends a guarantee message
+good until 14:47:30), it has already expired according to the
+secondary clock. Believing that it is out of contact with the
+coordinator, the secondary site stops sending votes for the coordinator and
+tries get itself elected as coordinator. This is appropriate if the
+coordinator has actually failed, but is inappropriate when there is no actual
+outage.
+<P>The attempt of a single secondary site to get elected as the new
+coordinator usually does not affect the performance of the other sites.
+As long as their clocks agree with the coordinator's, they ignore the
+other secondary site's request for votes and continue voting for the
+current coordinator. However, if enough of the secondary sites's
+clocks get ahead of the coordinator's, they can force election of a new
+coordinator even though the current one is actually working fine.
+<A NAME="IDX6072"></A>
+<A NAME="IDX6073"></A>
+<A NAME="IDX6074"></A>
+<A NAME="IDX6075"></A>
+<A NAME="IDX6076"></A>
+<A NAME="IDX6077"></A>
+<A NAME="IDX6078"></A>
+<A NAME="IDX6079"></A>
+<A NAME="IDX6080"></A>
+<P><H5><A NAME="HDRWQ106">A Flexible Coordinator Boosts Availability</A></H5>
+<P>Ubik uses timestamped messages to determine when coordinator
+election is necessary, just as it does to keep the database copies
+synchronized. As long as the coordinator receives vote messages from a
+majority of the sites (it implicitly votes for itself), it is appropriate for
+it to continue as coordinator because it is successfully distributing database
+changes. A majority is defined as more than 50% of all database sites
+when there are an odd number of sites; with an even number of sites, the
+site with the lowest Internet address has an extra vote for breaking ties as
+necessary.If the coordinator is not receiving sufficient votes, it
+retires and the Ubik sites elect a new coordinator. This does not
+happen spontaneously, but only when the coordinator really fails or stops
+receiving a majority of the votes. The secondary sites have a built-in
+bias to continue voting for an existing coordinator, which prevents undue
+elections.
+<P>The election of the new coordinator is by majority vote. The Ubik
+subprocesses have a bias to vote for the site with the lowest Internet
+address, which helps it gather the necessary majority quicker than if all the
+sites were competing to receive votes themselves. During the election
+(which normally lasts less than three minutes), clients can read information
+from the database, but cannot make any changes.
+<P>Ubik's election procedure makes it possible for each database server
+process's coordinator to be on a different machine. For example,
+if the Ubik coordinators for all four processes start out on machine A and the
+Protection Server on machine A fails for some reason, then a different site
+(say machine B) must be elected as the new Protection Database Ubik
+coordinator. Machine B remains the coordinator for the Protection
+Database even after the Protection Server on machine A is working
+again. The failure of the Protection Server has no effect on the
+Authentication, Backup, or VL Servers, so their coordinators remain on machine
+A.
+<P><H3><A NAME="HDRWQ107" HREF="auagd002.htm#ToC_125">Backing Up and Restoring the Administrative Databases</A></H3>
+<P>The AFS administrative databases store information that is
+critical for AFS operation in your cell. If a database becomes
+corrupted due to a hardware failure or other problem on a database server
+machine, it likely to be difficult and time-consuming to recreate all of the
+information from scratch. To protect yourself against loss of data,
+back up the administrative databases to a permanent media, such as tape, on a
+regular basis. The recommended method is to use a standard local disk
+backup utility such as the UNIX <B>tar</B> command.
+<P>When deciding how often to back up a database, consider the amount of data
+that you are willing to recreate by hand if it becomes necessary to restore
+the database from a backup copy. In most cells, the databases differ
+quite a bit in how often and how much they change. Changes to the
+Authentication Database are probably the least frequent, and consist mostly of
+changed user passwords. Protection Database and VLDB changes are
+probably more frequent, as users add or delete groups and change group
+memberships, and as you and other administrators create or move
+volumes. The number and frequency of changes is probably greatest in
+the Backup Database, particularly if you perform backups every day.
+<P>The ease with which you can recapture lost changes also differs for the
+different databases:
+<UL>
+<P><LI>If regular users make a large proportion of the changes to the
+Authentication Database and Protection Database in your cell, then recovering
+them possibly requires a large amount of detective work and interviewing of
+users, assuming that they can even remember what changes they made at what
+time.
+<P><LI>Recovering lost changes to the VLDB is more straightforward, because you
+can use the <B>vos syncserv</B> and <B>vos syncvldb</B> commands to
+correct any discrepancies between the VLDB and the actual state of volumes on
+server machines. Running these commands can be time-consuming,
+however.
+<P><LI>The configuration information in the Backup Database (Tape Coordinator
+port offsets, volume sets and entries, the dump hierarchy, and so on) probably
+does not change that often, in which case it is not that hard to recover a few
+recent changes. In contrast, there are likely to be a large number of
+new dump records resulting from dump operations. You can recover these
+records by using the <B>-dbadd</B> argument to the <B>backup
+scantape</B> command, reading in information from the backup tapes
+themselves. This can take a long time and require numerous tape
+changes, however, depending on how much data you back up in your cell and how
+you append dumps. Furthermore, the <B>backup scantape</B> command
+is subject to several restrictions. The most basic is that it halts if
+it finds that an existing dump record in the database has the same dump ID
+number as a dump on the tape it is scanning. If you want to continue
+with the scanning operation, you must locate and remove the existing record
+from the database. For further discussion, see the <B>backup
+scantape</B> command's reference page in the <I>IBM AFS
+Administration Reference</I>.
+</UL>
+<P>These differences between the databases possibly suggest backing up the
+database at different frequencies, ranging from every few days or weekly for
+the Backup Database to every few weeks for the Authentication Database.
+On the other hand, it is probably simpler from a logistical standpoint to back
+them all up at the same time (and frequently), particularly if tape
+consumption is not a major concern. Also, it is not generally necessary
+to keep backup copies of the databases for a long time, so you can recycle the
+tapes fairly frequently.
+<A NAME="IDX6081"></A>
+<A NAME="IDX6082"></A>
+<P><H3><A NAME="HDRWQ108" HREF="auagd002.htm#ToC_126">To back up the administrative databases</A></H3>
+<OL TYPE=1>
+<P><LI>Log in as the local superuser <B>root</B> on a database server machine
+that is not the synchronization site. The machine with the highest IP
+address is normally the best choice, since it is least likely to become the
+synchronization site in an election.
+<P><LI><A NAME="LIDBBK_SHUTDOWN"></A>Issue the <B>bos shutdown</B> command to shut down
+the relevant server process on the local machine. For a complete
+description of the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<P>For the <B>-instance</B> argument, specify one or more database server
+process names (<B>buserver</B> for the Backup Server, <B>kaserver</B>
+for the Authentication Server, <B>ptserver</B> for the Protection Server,
+or <B>vlserver</B> for the Volume Location Server. Include the
+<B>-localauth</B> flag because you are logged in as the local superuser
+<B>root</B> but do not necessarily have administrative tokens.
+<PRE> # <B>bos shutdown</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>instances</VAR>><SUP>+</SUP> <B>-localauth</B> [<B>-wait</B>]
+</PRE>
+<P><LI>Use a local disk backup utility, such as the UNIX <B>tar</B> command,
+to transfer one or more database files to tape. If the local database
+server machine does not have a tape device attached, use a remote copy command
+to transfer the file to a machine with a tape device, then use the
+<B>tar</B> command there.
+<P>The following command sequence backs up the complete contents of the
+<B>/usr/afs/db</B> directory
+<PRE> # <B>cd /usr/afs/db</B>
+ # <B>tar cvf</B> <VAR>tape_device</VAR> <B> .</B>
+</PRE>
+<P>To back up individual database files, substitute their names for the period
+in the preceding <B>tar</B> command:
+<UL>
+<P><LI><B>bdb.DB0</B> for the Backup Database
+<P><LI><B>kaserver.DB0</B> for the Authentication Database
+<P><LI><B>prdb.DB0</B> for the Protection Database
+<P><LI><B>vldb.DB0</B> for the VLDB
+</UL>
+<P><LI>Issue the <B>bos start</B> command to restart the server processes on
+the local machine. For a complete description of the command, see <A HREF="auagd009.htm#HDRWQ166">To start processes by changing their status flags to Run</A>. Provide the same values for the <B>-instance</B>
+argument as in Step <A HREF="#LIDBBK_SHUTDOWN">2</A>, and the <B>-localauth</B> flag for the same
+reason.
+<PRE> # <B>bos start</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>server process name</VAR>><SUP>+</SUP> <B>-localauth</B>
+</PRE>
+</OL>
+<A NAME="IDX6083"></A>
+<A NAME="IDX6084"></A>
+<P><H3><A NAME="HDRWQ109" HREF="auagd002.htm#ToC_127">To restore an administrative database</A></H3>
+<OL TYPE=1>
+<P><LI>Log in as the local superuser <B>root</B> on each database server
+machine in the cell.
+<P><LI><A NAME="LIDBREST_SHUTDOWN"></A>Working on one of the machines, issue the <B>bos
+shutdown</B> command once for each database server machine, to shut down the
+relevant server process on all of them. For a complete description of
+the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<P>For the <B>-instance</B> argument, specify one or more database server
+process names (<B>buserver</B> for the Backup Server, <B>kaserver</B>
+for the Authentication Server, <B>ptserver</B> for the Protection Server,
+or <B>vlserver</B> for the Volume Location Server. Include the
+<B>-localauth</B> flag because you are logged in as the local superuser
+<B>root</B> but do not necessarily have administrative tokens.
+<PRE> # <B>bos shutdown</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>instances</VAR>><SUP>+</SUP> <B>-localauth</B> [<B>-wait</B>]
+</PRE>
+<P><LI>Remove the database from each database server machine, by issuing the
+following commands on each one.
+<PRE> # <B>cd /usr/afs/db</B>
+</PRE>
+<P>For the Backup Database:
+<PRE> # <B>rm bdb.DB0</B>
+ # <B>rm bdb.DBSYS1</B>
+</PRE>
+<P>For the Authentication Database:
+<PRE> # <B>rm kaserver.DB0</B>
+ # <B>rm kaserver.DBSYS1</B>
+</PRE>
+<P>For the Protection Database:
+<PRE> # <B>rm prdb.DB0</B>
+ # <B>rm prdb.DBSYS1</B>
+</PRE>
+<P>For the VLDB:
+<PRE> # <B>rm vldb.DB0</B>
+ # <B>rm vldb.DBSYS1</B>
+</PRE>
+<P><LI>Using the local disk backup utility that you used to back up the database,
+copy the most recently backed-up version of it to the appropriate file on the
+database server machine with the lowest IP address. The following is an
+appropriate <B>tar</B> command if the synchronization site has a tape
+device attached:
+<PRE> # <B>cd /usr/afs/db</B>
+ # <B>tar xvf</B> <VAR>tape_device database_file</VAR>
+</PRE>
+<P>where <I>database_file</I> is one of the following:
+<UL>
+<P><LI><B>bdb.DB0</B> for the Backup Database
+<P><LI><B>kaserver.DB0</B> for the Authentication Database
+<P><LI><B>prdb.DB0</B> for the Protection Database
+<P><LI><B>vldb.DB0</B> for the VLDB
+</UL>
+<P><LI>Working on one of the machines, issue the <B>bos start</B> command to
+restart the server process on each of the database server machines in
+turn. Start with the machine with the lowest IP address, which becomes
+the synchronization site for the Backup Database. Wait for it to
+establish itself as the synchronization site before repeating the command to
+restart the process on the other database server machines. For a
+complete description of the command, see <A HREF="auagd009.htm#HDRWQ166">To start processes by changing their status flags to Run</A>. Provide the same values for the <B>-instance</B>
+argument as in Step <A HREF="#LIDBREST_SHUTDOWN">2</A>, and the <B>-localauth</B> flag for the same
+reason.
+<PRE> # <B>bos start</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>server process name</VAR>><SUP>+</SUP> <B>-localauth</B>
+</PRE>
+<P><LI>If the database has changed since you last backed it up, issue the
+appropriate commands from the instructions in the indicated sections to
+recreate the information in the restored database. If issuing
+<B>pts</B> commands, you must first obtain administrative tokens.
+The <B>backup</B> and <B>vos</B> commands accept the
+<B>-localauth</B> flag if you are logged in as the local superuser
+<B>root</B>, so you do not need administrative tokens. The
+Authentication Server always performs a separate authentication anyway, so you
+only need to include the <B>-admin</B> argument if issuing <B>kas</B>
+commands.
+<UL>
+<P><LI>To define or remove volume sets and volume entries in the Backup Database,
+see <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>.
+<P><LI>To edit the dump hierarchy in the Backup Database, see <A HREF="auagd011.htm#HDRWQ267">Defining and Displaying the Dump Hierarchy</A>.
+<P><LI>To define or remove Tape Coordinator port offset entries in the Backup
+Database, see <A HREF="auagd011.htm#HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</A>.
+<P><LI>To restore dump records in the Backup Database, see <A HREF="auagd012.htm#HDRWQ305">To scan the contents of a tape</A>.
+<P><LI>To recreate Authentication Database entries or password changes for users,
+see the appropriate section of <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>.
+<P><LI>To recreate Protection Database entries or group membership information,
+see the appropriate section of <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P><LI>To synchronize the VLDB with volume headers, see <A HREF="auagd010.htm#HDRWQ227">Synchronizing the VLDB and Volume Headers</A>.
+</UL>
+</OL>
+<A NAME="IDX6085"></A>
+<A NAME="IDX6086"></A>
+<A NAME="IDX6087"></A>
+<A NAME="IDX6088"></A>
+<A NAME="IDX6089"></A>
+<A NAME="IDX6090"></A>
+<HR><H2><A NAME="HDRWQ110" HREF="auagd002.htm#ToC_128">Installing Server Process Software</A></H2>
+<P>This section explains how to install new server process
+binaries on file server machines, how to revert to a previous version if the
+current version is not working properly, and how to install new disks to house
+AFS volumes on a file server machine.
+<P>The most frequent reason to replace a server process's binaries is to
+upgrade AFS to a new version. In general, installation instructions
+accompany the updated software, but this chapter provides an additional
+reference.
+<P>Each AFS server machine must store the server process binaries in a local
+disk directory, called <B>/usr/afs/bin</B> by convention. For
+predictable system performance, it is best that all server machines run the
+same build level, or at least the same version, of the server software.
+For instructions on checking AFS build level, see <A HREF="#HDRWQ117">Displaying A Binary File's Build Level</A>.
+<P>The Update Server makes it easy to distribute a consistent version of
+software to all server machines. You designate one server machine of
+each system type as the <I>binary distribution machine</I> by running the
+server portion of the Update Server (<B>upserver</B> process) on
+it. All other server machines of that system type run the client
+portion of the Update Server (<B>upclientbin</B> process) to retrieve
+updated software from the binary distribution machine. The <I>IBM AFS
+Quick Beginnings</I> explains how to install the appropriate
+processes. For more on binary distribution machines, see <A HREF="#HDRWQ93">Binary Distribution Machines</A>.
+<P>When you use the Update Server, you install new binaries on binary
+distribution machines only. If you install binaries directly on a
+machine that is running the <B>upclientbin</B> process, they are
+overwritten the next time the process compares the contents of the local
+<B>/usr/afs/bin</B> directory to the contents on the system control
+machine, by default within five minutes.
+<P>The following instructions explain how to use the appropriate commands from
+the <B>bos</B> suite to install and uninstall server binaries.
+<A NAME="IDX6091"></A>
+<A NAME="IDX6092"></A>
+<A NAME="IDX6093"></A>
+<A NAME="IDX6094"></A>
+<A NAME="IDX6095"></A>
+<P><H3><A NAME="HDRWQ111" HREF="auagd002.htm#ToC_129">Installing New Binaries</A></H3>
+<P>An AFS server process does not automatically switch to a new
+process binary file as soon as it is installed in the <B>/usr/afs/bin</B>
+directory. The process continues to use the previous version of the
+binary file until it (the process) next restarts. By default, the BOS
+Server restarts processes for which there are new binary files every day at
+5:00 a.m., as specified in the
+<B>/usr/afs/local/BosConfig</B> file. To display or change this
+<I>binary restart time</I>, use the <B>bos getrestart</B> and <B>bos
+setrestart</B> commands, as described in <A HREF="auagd009.htm#HDRWQ171">Setting the BOS Server's Restart Times</A>.
+<P>You can force the server machine to start using new server process binaries
+immediately by issuing the <B>bos restart</B> command as described in the
+following instructions.
+<P>You do not need to restart processes when you install new command suite
+binaries. The new binary is invoked automatically the next time a
+command from the suite is issued.
+<A NAME="IDX6096"></A>
+<A NAME="IDX6097"></A>
+<A NAME="IDX6098"></A>
+<A NAME="IDX6099"></A>
+<A NAME="IDX6100"></A>
+<P>When you use the <B>bos install</B> command, the BOS Server
+automatically saves the current version of a binary file by adding a
+<B>.BAK</B> extension to its name. It renames the current
+<B>.BAK</B> version, if any, to the <B>.OLD</B> version,
+if there is no <B>.OLD</B> version already. If there is a
+current <B>.OLD</B> version, the current <B>.BAK</B>
+version must be at least seven days old to replace it.
+<P>It is best to store AFS binaries in the <B>/usr/afs/bin</B> directory,
+because that is the only directory the BOS Server automatically checks for new
+binaries. You can, however, use the <B>bos install</B>
+command's <B>-dir</B> argument to install non-AFS binaries into other
+directories on a server machine's local disk. See the
+command's reference page in the <I>IBM AFS Administration
+Reference</I> for further information.
+<A NAME="IDX6101"></A>
+<A NAME="IDX6102"></A>
+<P><H3><A NAME="Header_130" HREF="auagd002.htm#ToC_130">To install new server binaries</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that the binaries are available in the source directory from which
+you are installing them. If the machine is also an AFS client, you can
+retrieve the binaries from a central directory in AFS. Otherwise, you
+can obtain them directly from the AFS distribution media, from a local disk
+directory where you previously installed them, or from a remote machine using
+a transfer utility such as the <B>ftp</B> command.
+<P><LI><A NAME="LIWQ112"></A>Issue the <B>bos install</B> command for the binary
+distribution machine. (If you have forgotten which machine is
+performing that role, see <A HREF="#HDRWQ97">To locate the binary distribution machine for a system type</A>.)
+<PRE> % <B>bos install</B> <<VAR>machine name</VAR>> <<VAR>files to install</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>i
+</B><DD>Is the shortest acceptable abbreviation of <B>install</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the binary distribution machine.
+<P><DT><B><VAR>files to install</VAR>
+</B><DD>Names each binary file to install into the local <B>/usr/afs/bin</B>
+directory. Partial pathnames are interpreted relative to the current
+working directory. The last element in each pathname (the filename
+itself) matches the name of the file it is replacing, such as
+<B>bosserver</B> or <B>volserver</B> for server processes,
+<B>bos</B> or <B>vos</B> for commands.
+<P>Each AFS server process other than the <B>fs</B> process uses a single
+binary file. The <B>fs</B> process uses three binary files:
+<B>fileserver</B>, <B>volserver</B>, and <B>salvager</B>.
+Installing a new version of one component does not necessarily mean that you
+need to replace all three.
+</DL>
+<P><LI>Repeat Step <A HREF="#LIWQ112">3</A> for each binary distribution machine.
+<P><LI><B>(Optional)</B> If you want to restart processes to use the new
+binaries immediately, wait until the <B>upclientbin</B> process retrieves
+them from the binary distribution machine. You can verify the
+timestamps on binary files by using the <B>bos getdate</B> command as
+described in <A HREF="#HDRWQ115">Displaying Binary Version Dates</A>. When the binary files are available on each server
+machine, issue the <B>bos restart</B> command, for which complete
+instructions appear in <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<P>If you are working on an AFS client machine, it is a wise precaution to
+have a copy of the <B>bos</B> command suite binaries on the local disk
+before restarting server processes. In the conventional configuration,
+the <B>/usr/afsws/bin</B> directory that houses the <B>bos</B> command
+binary on client machines is a symbolic link into AFS, which conserves local
+disk space. However, restarting certain processes (particularly the
+database server processes) can make the AFS filespace inaccessible,
+particularly if a problem arises during the restart. Having a local
+copy of the <B>bos</B> binary enables you to uninstall or reinstall
+process binaries or restart processes even in this case. Use the
+<B>cp</B> command to copy the <B>bos</B> command binary from the
+<B>/usr/afsws/bin</B> directory to a local directory such as
+<B>/tmp</B>.
+<P>Restarting a process causes a service outage. It is best to perform
+the restart at times of low system usage if possible.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <<VAR>instances</VAR>><SUP>+</SUP>
+</PRE>
+</OL>
+<A NAME="IDX6103"></A>
+<A NAME="IDX6104"></A>
+<A NAME="IDX6105"></A>
+<A NAME="IDX6106"></A>
+<A NAME="IDX6107"></A>
+<A NAME="IDX6108"></A>
+<A NAME="IDX6109"></A>
+<A NAME="IDX6110"></A>
+<P><H3><A NAME="HDRWQ113" HREF="auagd002.htm#ToC_131">Reverting to the Previous Version of Binaries</A></H3>
+<P>In rare cases, installing a new binary can cause problems
+serious enough to require reverting to the previous version. Just as
+with installing binaries, consistent system performance requires reverting
+every server machine back to the same version. Issue the <B>bos
+uninstall</B> command described here on each binary distribution
+machine.
+<P>When you use the <B>bos uninstall</B> command, the BOS Server discards
+the current version of a binary file and promotes the <B>.BAK</B>
+version of the file by removing the extension. It renames the current
+<B>.OLD</B> version, if any, to <B>.BAK</B>.
+<P>If there is no current <B>.BAK</B> version, the <B>bos
+uninstall</B> command operation fails and generates an error message.
+If a <B>.OLD</B> version still exists, issue the <B>mv</B>
+command to rename it to <B>.BAK</B> before reissuing the <B>bos
+uninstall</B> command.
+<P>Just as when you install new binaries, the server processes do not start
+using a reverted version immediately. Presumably you are reverting
+because the current binaries do not work, so the following instructions have
+you restart the relevant processes.
+<A NAME="IDX6111"></A>
+<A NAME="IDX6112"></A>
+<P><H3><A NAME="Header_132" HREF="auagd002.htm#ToC_132">To revert to the previous version of binaries</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that the <B>.BAK</B> version of each relevant binary is
+available in the <B>/usr/afs/bin</B> directory on each binary distribution
+machine. If necessary, you can use the <B>bos getdate</B> command
+as described in <A HREF="#HDRWQ115">Displaying Binary Version Dates</A>. If necessary, rename the <B>.OLD</B>
+version to <B>.BAK</B>
+<P><LI><A NAME="LIWQ114"></A>Issue the <B>bos uninstall</B> command for a binary
+distribution machine. (If you have forgotten which machine is
+performing that role, see <A HREF="#HDRWQ97">To locate the binary distribution machine for a system type</A>.)
+<PRE> % <B>bos uninstall</B> <<VAR>machine name</VAR>> <<VAR>files to uninstall</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>u
+</B><DD>Is the shortest acceptable abbreviation of <B>uninstall</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the binary distribution machine.
+<P><DT><B><VAR>files to uninstall</VAR>
+</B><DD>Names each binary file in the <B>/usr/afs/bin</B> directory to replace
+with its <B>.BAK</B> version. The file name alone is
+sufficient, because the <B>/usr/afs/bin</B> directory is assumed.
+</DL>
+<P><LI>Repeat Step <A HREF="#LIWQ114">3</A> for each binary distribution machine.
+<P><LI>Wait until the <B>upclientbin</B> process on each server machine
+retrieves the reverted from the binary distribution machine. You can
+verify the timestamps on binary files by using the <B>bos getdate</B>
+command as described in <A HREF="#HDRWQ115">Displaying Binary Version Dates</A>. When the binary files are available on each server
+machine, issue the <B>bos restart</B> command, for which complete
+instructions appear in <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<P>If you are working on an AFS client machine, it is a wise precaution to
+have a copy of the <B>bos</B> command suite binaries on the local disk
+before restarting server processes. In the conventional configuration,
+the <B>/usr/afsws/bin</B> directory that houses the <B>bos</B> command
+binary on client machines is a symbolic link into AFS, which conserves local
+disk space. However, restarting certain processes (particularly the
+database server processes) can make the AFS filespace inaccessible,
+particularly if a problem arises during the restart. Having a local
+copy of the <B>bos</B> binary enables you to uninstall or reinstall
+process binaries or restart processes even in this case. Use the
+<B>cp</B> command to copy the <B>bos</B> command binary from the
+<B>/usr/afsws/bin</B> directory to a local directory such as
+<B>/tmp</B>.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <<VAR>instances</VAR>><SUP>+</SUP>
+</PRE>
+</OL>
+<A NAME="IDX6113"></A>
+<A NAME="IDX6114"></A>
+<A NAME="IDX6115"></A>
+<A NAME="IDX6116"></A>
+<A NAME="IDX6117"></A>
+<A NAME="IDX6118"></A>
+<P><H3><A NAME="HDRWQ115" HREF="auagd002.htm#ToC_133">Displaying Binary Version Dates</A></H3>
+<P>You can check the compilation dates for all three versions
+of a binary file in the <B>/usr/afs/bin</B> directory--the current,
+<B>.BAK</B> and .<B>OLD</B> versions. This is
+useful for verifying that new binaries have been copied to a file server
+machine from its binary distribution machine before restarting a server
+process to use the new binaries.
+<P>To check dates on binaries in a directory other than <B>
+/usr/afs/bin</B>, add the <B>-dir</B> argument. See the <I>IBM
+AFS Administration Reference</I>.
+<A NAME="IDX6119"></A>
+<A NAME="IDX6120"></A>
+<P><H3><A NAME="Header_134" HREF="auagd002.htm#ToC_134">To display binary version dates</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos getdate</B> command.
+<PRE> % <B>bos getdate</B> <<VAR>machine name</VAR>> <<VAR>files to check</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>getd
+</B><DD>Is the shortest acceptable abbreviation of <B>getdate</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Name the file server machine for which to display binary dates.
+<P><DT><B><VAR>files to check</VAR>
+</B><DD>Names each binary file to display.
+</DL>
+</OL>
+<A NAME="IDX6121"></A>
+<A NAME="IDX6122"></A>
+<A NAME="IDX6123"></A>
+<A NAME="IDX6124"></A>
+<A NAME="IDX6125"></A>
+<A NAME="IDX6126"></A>
+<A NAME="IDX6127"></A>
+<A NAME="IDX6128"></A>
+<P><H3><A NAME="HDRWQ116" HREF="auagd002.htm#ToC_135">Removing Obsolete Binary Files</A></H3>
+<P>When processes with new binaries have been running without
+problems for a number of days, it is generally safe to remove the
+<B>.BAK</B> and <B>.OLD</B> versions from the
+<B>/usr/afs/bin</B> directory, both to reduce clutter and to free space on
+the file server machine's local disk.
+<P>You can use the <B>bos prune</B> command's flags to remove the
+following types of files:
+<UL>
+<P><LI>To remove files in the <B>/usr/afs/bin</B> directory with a
+<B>.BAK</B> extension, use the <B>-bak</B> flag.
+<P><LI>To remove files in the <B>/usr/afs/bin</B> directory with a
+<B>.OLD</B> extension, use the <B>-old</B> flag.
+<P><LI>To remove files in the <B>/usr/afs/logs</B> directory called
+<B>core</B>, with any extension, use the <B>-core</B> flag.
+<P><LI>To remove all three types of files, use the <B>-all</B> flag.
+</UL>
+<A NAME="IDX6129"></A>
+<A NAME="IDX6130"></A>
+<P><H3><A NAME="Header_136" HREF="auagd002.htm#ToC_136">To remove obsolete binaries</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos prune</B> command with one or more of its
+flags.
+<PRE> % <B>bos prune</B> <<VAR>machine name</VAR>> [<B>-bak</B>] [<B>-old</B>] [<B>-core</B>] [<B>-all</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>p
+</B><DD>Is the shortest acceptable abbreviation of <B>prune</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine on which to remove obsolete files.
+<P><DT><B>-bak
+</B><DD>Removes all the files with a <B>.BAK</B> extension from the
+<B>/usr/afs/bin</B> directory. Do not combine this flag with the
+<B>-all</B> flag.
+<P><DT><B>-old
+</B><DD>Removes all the files a .<B>OLD</B> extension from the
+<B>/usr/afs/bin</B> directory. Do not combine this flag with the
+<B>-all</B> flag.
+<P><DT><B>-core
+</B><DD>Removes all core files from the <B>/usr/afs/logs</B> directory.
+Do not combine this flag with the <B>-all</B> flag
+<P><DT><B>-all
+</B><DD>Combines the effect of the other three flags. Do not combine it
+with the other three flags.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ117" HREF="auagd002.htm#ToC_137">Displaying A Binary File's Build Level</A></H3>
+<P>For the most consistent performance on a server machine, and
+cell-wide, it is best for all server processes to come from the same AFS
+distribution. Every AFS binary includes an ASCII string that specifies
+its version, or <I>build level</I>. To display it, use the
+<B>strings</B> and <B>grep</B> commands, which are included in most
+UNIX distributions.
+<A NAME="IDX6131"></A>
+<A NAME="IDX6132"></A>
+<A NAME="IDX6133"></A>
+<A NAME="IDX6134"></A>
+<P><H3><A NAME="Header_138" HREF="auagd002.htm#ToC_138">To display an AFS binary's build level</A></H3>
+<OL TYPE=1>
+<P><LI>Change to the directory that houses the binary file . If you are
+not sure where the binary resides, issue the <B>which</B> command.
+<PRE> % <B>which</B> <VAR>binary_file</VAR>
+ /<VAR>bin_dir_path</VAR>/<VAR>binary_file</VAR>
+ % <B>cd</B> <VAR>bin_dir_path</VAR>
+</PRE>
+<P><LI>Issue the <B>strings</B> command to extract all ASCII strings from the
+binary file. Pipe the output to the <B>grep</B> command to locate
+the relevant line.
+<PRE> % <B>strings ./</B><VAR>binary_file</VAR> <B>| grep Base</B>
+</PRE>
+<P>The output reports the AFS build level in a format like the
+following:
+<PRE> @(#)Base configuration afs<VAR>version</VAR> <VAR>build_level</VAR>
+</PRE>
+<P>For example, the following string indicates the binary is from AFS
+3.6 build 3.0:
+<PRE> @(#)Base configuration afs3.6 3.0
+</PRE>
+</OL>
+<A NAME="IDX6135"></A>
+<A NAME="IDX6136"></A>
+<A NAME="IDX6137"></A>
+<A NAME="IDX6138"></A>
+<A NAME="IDX6139"></A>
+<HR><H2><A NAME="HDRWQ118" HREF="auagd002.htm#ToC_139">Maintaining the Server CellServDB File</A></H2>
+<P>Every file server machine maintains a list of its home
+cell's database server machines in the local disk file
+<B>/usr/afs/etc/CellServDB</B> on its local disk. Both database
+server processes and non-database server processes consult the file:
+<UL>
+<P><LI>The database server processes (the Authentication, Backup, Protection, and
+Volume Location Servers) maintain constant contact with their peers in order
+to keep their copies of the replicated administrative databases
+synchronized.
+<P>As detailed in <A HREF="#HDRWQ102">Replicating the AFS Administrative Databases</A>, the database server processes use the Ubik utility to
+synchronize the information in the databases they maintain. The Ubik
+coordinator at the synchronization site for each database maintains the single
+read/write copy of the database and distributes changes to the secondary sites
+as necessary. It must maintain contact with a majority of the secondary
+sites to remain the coordinator, and consults the <B>CellServDB</B> file
+to learn how many peers it has and on which machines they are running.
+<P>If the coordinator loses contact with the majority of its peers, they all
+cooperate to elect a new coordinator by majority vote. During the
+election, all of the Ubik processes consult the <B>CellServDB</B> file to
+learn where to send their votes, and what number constitutes a
+majority.
+<P><LI>The non-database server processes must know which machines are running the
+database server processes in order to retrieve information from the
+databases. For example, the first time that a user accesses an AFS
+file, the File Server that houses it contacts the Protection Server to obtain
+a list of the user's group memberships (the list is called a current
+protection subgroup, or CPS). The File Server uses the CPS as it
+determines if the access control list (ACL) protecting the file grants the
+required permissions to the user (for more details, see <A HREF="auagd019.htm#HDRWQ534">About the Protection Database</A>).
+</UL>
+<A NAME="IDX6140"></A>
+<P>The consequences of missing or incorrect information in the
+<B>CellServDB</B> file are as follows:
+<UL>
+<P><LI>If the file does not list a machine, then it is effectively not a database
+server machine even if the database server processes are running. The
+Ubik coordinator does not send it database updates or include it in the count
+that establishes a majority. It does not participate in Ubik elections,
+and so refuses to distribute database information to any client machines that
+happen to contact it (which they can do if their
+<B>/usr/vice/etc/CellServDB</B> file lists it). Users of the client
+machine must wait for a timeout before they can contact a correctly
+functioning database server machine.
+<P><LI>If the file lists a machine that is not running the database server
+processes, the consequences can be serious. The Ubik coordinator cannot
+send it database updates, but includes it in the count that establishes a
+majority. If valid secondary sites go down and stop sending their votes
+to the coordinator, it can wrongly appear that the coordinator no longer has
+the majority it needs. The resulting election of a new coordinator
+causes a service outage during which information from the database becomes
+unavailable. Furthermore, the lack of a vote from the incorrectly
+listed site can disturb the election, if it makes the other sites believe that
+a majority of sites are not voting for the new coordinator.
+<P>A more minor consequence is that non-database server processes attempt to
+contact the database server processes on the machine. They experience a
+timeout delay because the processes are not running.
+</UL>
+<P>Note that the <B>/usr/afs/etc/CellServDB</B> file on a server machine
+is not the same as the <B>/usr/vice/etc/CellServDB</B> file on client
+machine. The client version includes entries for foreign cells as well
+as the local cell. However, it is important to update both versions of
+the file whenever you change your cell's database server machines.
+A server machine that is also a client needs to have both files, and you need
+to update them both. For more information on maintaining the client
+version of the <B>CellServDB</B> file, see <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<A NAME="IDX6141"></A>
+<A NAME="IDX6142"></A>
+<A NAME="IDX6143"></A>
+<P><H3><A NAME="HDRWQ119" HREF="auagd002.htm#ToC_140">Distributing the Server CellServDB File</A></H3>
+<P>To avoid the negative consequences of incorrect information
+in the <B>/usr/afs/etc/CellServDB</B> file, you must update it on all of
+your cell's server machines every time you add or remove a database
+server machine. The <I>IBM AFS Quick Beginnings</I> provides
+complete instructions for installing or removing a database server machine and
+for updating the <B>CellServDB</B> file in that context. This
+section explains how to distribute the file to your server machines and how to
+make other cells aware of the changes if you participate in the AFS global
+name space.
+<P>If you use the United States edition of AFS, use the Update Server to
+distribute the central copy of the server <B>CellServDB</B> file stored on
+the cell's system control machine. If you use the international
+edition of AFS, instead change the file on each server machine
+individually. For further discussion of the system control machine and
+why international cells must not use it for files in the
+<B>/usr/afs/etc</B> directory, see <A HREF="#HDRWQ94">The System Control Machine</A>. For instructions on configuring
+the Update Server when using the United States version of AFS, see the
+<I>IBM AFS Quick Beginnings</I>.
+<P>To avoid formatting errors that can cause errors, always use the <B>bos
+addhost</B> and <B>bos removehost</B> commands, rather than editing the
+file directly. You must also restart the database server processes
+running on the machine, to initiate a coordinator election among the new set
+of database server machines. This step is included in the instructions
+that appear in <A HREF="#HDRWQ121">To add a database server machine to the CellServDB file</A> and <A HREF="#HDRWQ122">To remove a database server machine from the CellServDB file</A>. For instructions on displaying the
+contents of the file, see <A HREF="#HDRWQ120">To display a cell's database server machines</A>.
+<P>If you make your cell accessible to foreign users as part of the AFS global
+name space, you also need to inform other cells when you change your
+cell's database server machines. The AFS Support group maintains a
+<B>CellServDB</B> file that lists all cells that participate in the AFS
+global name space, and can change your cell's entry at your
+request. For further details, see <A HREF="auagd007.htm#HDRWQ38">Making Your Cell Visible to Others</A>.
+<P>Another way to advertise your cell's database server machines is to
+maintain a copy of the file at the conventional location in your AFS
+filespace,
+<B>/afs/</B><VAR>cell_name</VAR><B>/service/etc/CellServDB.local</B>.
+For further discussion, see <A HREF="auagd007.htm#HDRWQ43">The Third Level</A>.
+<A NAME="IDX6144"></A>
+<A NAME="IDX6145"></A>
+<A NAME="IDX6146"></A>
+<A NAME="IDX6147"></A>
+<A NAME="IDX6148"></A>
+<A NAME="IDX6149"></A>
+<P><H3><A NAME="HDRWQ120" HREF="auagd002.htm#ToC_141">To display a cell's database server machines</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos listhosts</B> command. If you have maintained
+the file properly, the output is the same on every server machine, but the
+<I>machine name</I> argument enables you to check various machines if you
+wish.
+<PRE> % <B>bos listhosts</B> <<VAR>machine name</VAR>> [<<VAR>cell name</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listh
+</B><DD>Is the shortest acceptable abbreviation of <B>listhosts</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine from which to display the
+<B>/usr/afs/etc/CellServDB</B> file.
+<P><DT><B><VAR>cell name</VAR>
+</B><DD>Specifies the complete Internet domain name of a foreign cell. You
+must already know the name of at least one server machine in the cell, to
+provide as the <B>machine name</B> argument.
+</DL>
+</OL>
+<P>The output lists the machines in the order they appear in the
+<B>CellServDB</B> file on the specified server machine. It assigns
+each one a <TT>Host</TT> index number, as in the following example.
+There is no implied relationship between the index and a machine's IP
+address, name, or role as Ubik coordinator or secondary site.
+<PRE> % <B>bos listhosts fs1.abc.com</B>
+ Cell name is abc.com
+ Host 1 is fs1.abc.com
+ Host 2 is fs7.abc.com
+ Host 3 is fs4.abc.com
+</PRE>
+<P>The output lists machines by name rather than IP address as long as the
+naming service (such as the Domain Name Service or local host table) is
+functioning properly. To display IP addresses, login to a server
+machine as the local superuser <B>root</B> and use a text editor or
+display command, such as the <B>cat</B> command, to view the
+<B>/usr/afs/etc/CellServDB</B> file.
+<A NAME="IDX6150"></A>
+<A NAME="IDX6151"></A>
+<A NAME="IDX6152"></A>
+<A NAME="IDX6153"></A>
+<A NAME="IDX6154"></A>
+<A NAME="IDX6155"></A>
+<A NAME="IDX6156"></A>
+<A NAME="IDX6157"></A>
+<A NAME="IDX6158"></A>
+<A NAME="IDX6159"></A>
+<A NAME="IDX6160"></A>
+<A NAME="IDX6161"></A>
+<P><H3><A NAME="HDRWQ121" HREF="auagd002.htm#ToC_142">To add a database server machine to the CellServDB file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos addhost</B> command to add each new database server
+machine to the <B>CellServDB</B> file. If you use the United States
+edition of AFS, specify the system control machine as <I>machine
+name</I>. (If you have forgotten which machine is the system control
+machine, see <A HREF="#HDRWQ99">The Output on the System Control Machine</A>.) If you use the international edition of AFS, repeat
+the command on each or your cell's server machines in turn by
+substituting its name for <I>machine name</I>.
+<PRE> % <B>bos addhost </B> <<VAR>machine name</VAR>> <<VAR>host name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addh
+</B><DD>Is the shortest acceptable abbreviation of <B>addhost</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the system control machine, if you are using the United States
+edition of AFS. If you are using the international edition of AFS, it
+names each of your server machines in turn.
+<P><DT><B><VAR>host name</VAR>
+</B><DD>Specifies the fully qualified hostname of each database server machine to
+add to the <B>CellServDB</B> file (for example:
+<B>fs4.abc.com</B>). The BOS Server uses the
+<B>gethostbyname( )</B> routine to obtain each machine's IP
+address and records both the name and address automatically.
+</DL>
+<P><LI>Restart the Authentication Server, Backup Server, Protection Server, and
+VL Server on every database server machine, so that the new set of machines
+participate in the election of a new Ubik coordinator. The instruction
+uses the conventional names for the processes; make the appropriate
+substitution if you use different process names. For complete syntax,
+see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<P><B>Important:</B> Repeat the following command in quick
+succession on all of the database server machines.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>buserver kaserver ptserver vlserver</B>
+</PRE>
+<P><LI>Edit the <B>/usr/vice/etc/CellServDB</B> file on each of your
+cell's client machines. For instructions, see <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P><LI>If you participate in the AFS global name space, please have one of your
+cell's designated site contacts register the changes you have made with
+the AFS Product Support group.
+<P>If you maintain a central copy of your cell's server
+<B>CellServDB</B> file in the conventional location
+(<B>/afs/</B><I>cell_name</I><B>/service/etc/CellServDB.local</B>),
+edit the file to reflect the change.
+</OL>
+<A NAME="IDX6162"></A>
+<A NAME="IDX6163"></A>
+<A NAME="IDX6164"></A>
+<A NAME="IDX6165"></A>
+<A NAME="IDX6166"></A>
+<A NAME="IDX6167"></A>
+<A NAME="IDX6168"></A>
+<A NAME="IDX6169"></A>
+<A NAME="IDX6170"></A>
+<A NAME="IDX6171"></A>
+<A NAME="IDX6172"></A>
+<P><H3><A NAME="HDRWQ122" HREF="auagd002.htm#ToC_143">To remove a database server machine from the CellServDB file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos removehost</B> command to remove each database server
+machine from the <B>CellServDB</B> file. If you use the United
+States edition of AFS, specify the system control machine as <I>machine
+name</I>. (If you have forgotten which machine is the system control
+machine, see <A HREF="#HDRWQ99">The Output on the System Control Machine</A>.) If you use the international edition of AFS, repeat
+the command on each or your cell's server machines in turn by
+substituting its name for <I>machine name</I>.
+<PRE> % <B>bos removehost</B> <<VAR>machine name</VAR>> <<VAR>host name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>removeh
+</B><DD>Is the shortest acceptable abbreviation of <B>removehost</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the system control machine, if you are using the United States
+edition of AFS. If you are using the international edition of AFS, it
+names each of your server machines in turn.
+<P><DT><B><VAR>host name</VAR>
+</B><DD>Specifies the fully qualified hostname of each database server machine to
+remove from the <B>CellServDB</B> file (for example:
+<B>fs4.abc.com</B>).
+</DL>
+<P><LI>Restart the Authentication Server, Backup Server, Protection Server, and
+VL Server on every database server machine, so that the new set of machines
+participate in the election of a new Ubik coordinator. The instruction
+uses the conventional names for the processes; make the appropriate
+substitution if you use different process names. For complete syntax,
+see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<P><B>Important:</B> Repeat the following command in quick
+succession on all of the database server machines.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>buserver kaserver ptserver vlserver</B>
+</PRE>
+<P><LI>Edit the <B>/usr/vice/etc/CellServDB</B> file on each of your
+cell's client machines. For instructions, see <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P><LI>If you participate in the AFS global name space, please have one of your
+cell's designated site contacts register the changes you have made with
+the AFS Product Support group.
+<P>If you maintain a central copy of your cell's server
+<B>CellServDB</B> file in the conventional location
+(<B>/afs/</B><I>cell_name</I><B>/service/etc/CellServDB.local</B>),
+edit the file to reflect the change.
+</OL>
+<HR><H2><A NAME="HDRWQ123" HREF="auagd002.htm#ToC_144">Managing Authentication and Authorization Requirements</A></H2>
+<P>This section describes how the AFS server processes
+guarantee that only properly authorized users perform privileged commands, by
+checking authorization checking and mutually authenticating with their
+clients. It explains how you can control authorization checking
+requirements on a per-machine or per-cell basis, and how to bypass mutual
+authentication when issuing commands.
+<A NAME="IDX6173"></A>
+<A NAME="IDX6174"></A>
+<A NAME="IDX6175"></A>
+<A NAME="IDX6176"></A>
+<A NAME="IDX6177"></A>
+<A NAME="IDX6178"></A>
+<P><H3><A NAME="HDRWQ124" HREF="auagd002.htm#ToC_145">Authentication versus Authorization</A></H3>
+<P>Many AFS commands are <I>privileged</I> in that the AFS
+server process invoked by the command performs it only for a properly
+authorized user. The server process performs the following two tests to
+determine if someone is properly authorized:
+<UL>
+<P><LI>In the <I>authentication</I> test, the server process mutually
+authenticates with the command interpreter, Cache Manager, or other client
+process that is acting on behalf of a user or application. The goal of
+this test is to determine who is issuing the command. The server
+process verifies that the issuer really is who he or she claims to be, by
+examining the server ticket and other components of the issuer's
+token. (Secondarily, it allows the client process to verify that the
+server process is genuine.) If the issuer has no token or otherwise
+fails the test, the server process assigns him or her the identity
+<B>anonymous</B>, a completely unprivileged user. For a more
+complete description of mutual authentication, see <A HREF="auagd007.htm#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.
+<P>Many individual commands enable you to bypass the authentication test by
+assuming the <B>anonymous</B> identity without even attempting to mutually
+authenticate. Note, however, that this is futile if the command is
+privileged and the server process is still performing the authorization test,
+because in that case the process refuses to execute privileged commands for
+the <B>anonymous</B> user.
+<P><LI>In the <I>authorization</I> test, the server process determines if the
+issuer is authorized to use the command by consulting a list of privileged
+users. The goal of this test is to determine what the issuer is allowed
+to do. Different server processes consult different lists of users, as
+described in <A HREF="auagd021.htm#HDRWQ581">Managing Administrative Privilege</A>. The server process refuses to execute any privileged
+command for an unauthorized issuer. If a command has no privilege
+requirements, the server process skips this step and executes and
+immediately.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Never place the <B>anonymous</B> user or the
+<B>system:anyuser</B> group on a privilege list; it makes
+authorization checking meaningless.
+<P>You can use the <B>bos setauth</B> command to control whether the
+server processes on a server machine check for authorization. Other
+server machines are not affected. Keep in mind that turning off
+authorization checking is a grave security risk, because the server processes
+on that machine perform any action for any user.
+</TD></TR></TABLE>
+</UL>
+<A NAME="IDX6179"></A>
+<A NAME="IDX6180"></A>
+<A NAME="IDX6181"></A>
+<A NAME="IDX6182"></A>
+<P><H3><A NAME="HDRWQ125" HREF="auagd002.htm#ToC_146">Controlling Authorization Checking on a Server Machine</A></H3>
+<P>Disabling authorization checking is a serious breach of
+security because it means that the AFS server processes on a file server
+machine performs any action for any user, even the <B>anonymous</B>
+user.
+<P>The only time it is common to disable authorization checking is when
+installing a new file server machine (see the <I>IBM AFS Quick
+Beginnings</I>). It is necessary then because it is not possible to
+configure all of the necessary security mechanisms before performing other
+actions that normally make use of them. For greatest security, work at
+the console of the machine you are installing and enable authorization
+checking as soon as possible.
+<P>During normal operation, the only reason to disable authorization checking
+is if an error occurs with the server encryption keys, leaving the servers
+unable to authenticate users properly. For instructions on handling
+key-related emergencies, see <A HREF="auagd014.htm#HDRWQ370">Handling Server Encryption Key Emergencies</A>.
+<P>You control authorization checking on each file server machine
+separately; turning it on or off on one machine does not affect the
+others. Because client machines generally choose a server process at
+random, it is hard to predict what authorization checking conditions prevail
+for a given command unless you make the requirement the same on all
+machines. To turn authorization checking on or off for the entire cell,
+you must repeat the appropriate command on every file server machine.
+<P>The server processes constantly monitor the directory
+<B>/usr/afs/local</B> on their local disks to determine if they need to
+check for authorization. If the file called <B>NoAuth</B> appears
+in that directory, then the servers do not check for authorization.
+When it is not present (the usual case), they perform authorization
+checking.
+<P>Control the presence of the <B>NoAuth</B> file through the BOS
+Server. When you disable authorization checking with the <B>bos
+setauth</B> command (or, during installation, by putting the
+<B>-noauth</B> flag on the command that starts up the BOS Server), the BOS
+Server creates the zero-length <B>NoAuth</B> file. When you
+reenable authorization checking, the BOS Server removes the file.
+<A NAME="IDX6183"></A>
+<A NAME="IDX6184"></A>
+<A NAME="IDX6185"></A>
+<A NAME="IDX6186"></A>
+<A NAME="IDX6187"></A>
+<P><H3><A NAME="HDRWQ126" HREF="auagd002.htm#ToC_147">To disable authorization checking on a server machine</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos setauth</B> command to disable authorization
+checking.
+<PRE> % <B>bos setauth</B> <<VAR>machine name</VAR>> <B>off</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>seta
+</B><DD>Is the shortest acceptable abbreviation of <B>setauth</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the file server machine on which server processes do not check
+for authorization.
+</DL>
+</OL>
+<A NAME="IDX6188"></A>
+<A NAME="IDX6189"></A>
+<A NAME="IDX6190"></A>
+<P><H3><A NAME="HDRWQ127" HREF="auagd002.htm#ToC_148">To enable authorization checking on a server machine</A></H3>
+<OL TYPE=1>
+<P><LI>Reenable authorization checking. (No privilege is required because
+the machine is not currently checking for authorization.) For detailed
+syntax information, see the preceding section.
+<PRE> % <B>bos setauth</B> <<VAR>machine name</VAR>> <B>on</B>
+</PRE>
+</OL>
+<A NAME="IDX6191"></A>
+<A NAME="IDX6192"></A>
+<P><H3><A NAME="HDRWQ128" HREF="auagd002.htm#ToC_149">Bypassing Mutual Authentication for an Individual Command</A></H3>
+<P>Several of the server processes allow any user (not just
+system administrators) to disable mutual authentication when issuing a
+command. The server process treats the issuer as the unauthenticated
+user <B>anonymous</B>.
+<P>The facilities for preventing mutual authentication are provided for use in
+emergencies (such as the key emergency discussed in <A HREF="auagd014.htm#HDRWQ370">Handling Server Encryption Key Emergencies</A>). During normal circumstances, authorization checking
+is turned on, making it useless to prevent authentication: the server
+processes refuse to perform privileged commands for the user
+<B>anonymous</B>.
+<P>It can be useful to prevent authentication when authorization checking is
+turned off. The very act of trying to authenticate can cause problems
+if the server cannot understand a particular encryption key, as is likely to
+happen in a key emergency.
+<A NAME="IDX6193"></A>
+<A NAME="IDX6194"></A>
+<A NAME="IDX6195"></A>
+<A NAME="IDX6196"></A>
+<A NAME="IDX6197"></A>
+<A NAME="IDX6198"></A>
+<A NAME="IDX6199"></A>
+<A NAME="IDX6200"></A>
+<P><H3><A NAME="HDRWQ129" HREF="auagd002.htm#ToC_150">To bypass mutual authentication for bos, kas, pts, and vos commands</A></H3>
+<P>Provide the <B>-noauth</B> flag which is available on
+many of the commands in the suites. To verify that a command accepts
+the flag, issue the <B>help</B> command in its suite, or consult the
+command's reference page in the <I>IBM AFS Administration
+Reference</I> (the reference page also specifies the shortest acceptable
+abbreviation for the flag on each command). The suites'
+<B>apropos</B> and <B>help</B> commands do not themselves accept the
+flag.
+<P>You can bypass mutual authentication for all <B>kas</B> commands issued
+during an interactive session by including the <B>-noauth</B> flag on the
+<B>kas interactive</B> command. If you have already entered
+interactive mode with an authenticated identity, issue the <B>(kas)
+noauthentication</B> command to assume the <B>anonymous</B>
+identity.
+<A NAME="IDX6201"></A>
+<P><H3><A NAME="Header_151" HREF="auagd002.htm#ToC_151">To bypass mutual authentication for fs commands</A></H3>
+<P>This is not possible, except by issuing the <B>unlog</B> command to
+discard your tokens before issuing the <B>fs</B> command.
+<HR><H2><A NAME="HDRWQ130" HREF="auagd002.htm#ToC_152">Adding or Removing Disks and Partitions</A></H2>
+<P>AFS makes it very easy to add storage space to your cell,
+just by adding disks to existing file server machines. This section
+explains how to install or remove a disk used to store AFS volumes.
+(Another way to add storage space is to install additional server machines, as
+instructed in the <I>IBM AFS Quick Beginnings</I>.)
+<P>Both adding and removing a disk cause at least a brief file system outage,
+because you must restart the <B>fs</B> process to have it recognize the
+new set of server partitions. Some operating systems require that you
+shut the machine off before adding or removing a disk, in which case you must
+shut down all of the AFS server processes first. Otherwise, the
+AFS-related aspects of adding or removing a disk are not complicated, so the
+duration of the outage depends mostly on how long it takes to install or
+remove the disk itself.
+<P>The following instructions for installing a new disk completely prepare it
+to house AFS volumes. You can then use the <B>vos create</B>
+command to create new volumes, or the <B>vos move</B> command to move
+existing ones from other partitions. For instructions, see <A HREF="auagd010.htm#HDRWQ185">Creating Read/write Volumes</A> and <A HREF="auagd010.htm#HDRWQ226">Moving Volumes</A>. The instructions for removing a
+disk are basically the reverse of the installation instructions, but include
+extra steps that protect against data loss.
+<P>A server machines can house 256 AFS server partitions, each one mounted at
+a directory with a name of the form <B>/vicep</B><I>index</I>, where
+<I>index</I> is one or two lowercase letters. By convention, the
+first partition on a machine is mounted at <B>/vicepa</B>, the second at
+<B>/vicepb</B>, and so on to the twenty-sixth at
+<B>/vicepz</B>. Additional partitions are mounted at
+<B>/vicepaa</B> through <B>/vicepaz</B> and so on up to
+<B>/vicepiv</B>. Using the letters consecutively is not required,
+but is simpler.
+<P>Mount each <B>/vicep</B> directory directly under the local file
+system's root directory ( <B>/</B> ), not as a subdirectory of any
+other directory; for example, <B>/usr/vicepa</B> is not an acceptable
+location. You must also map the directory to the partition's
+device name in the file server machine's file systems registry file
+(<B>/etc/fstab</B> or equivalent).
+<P>These instructions assume that the machine's AFS initialization file
+includes the following command to restart the BOS Server after each
+reboot. The BOS Server starts the other AFS server processes listed in
+the local <B>/usr/afs/local/BosConfig</B> file. For information on
+the <B>bosserver</B> command's optional arguments, see its reference
+page in the <I>IBM AFS Administration Reference</I>.
+<PRE> /usr/afs/bin/bosserver &
+</PRE>
+<A NAME="IDX6202"></A>
+<A NAME="IDX6203"></A>
+<A NAME="IDX6204"></A>
+<A NAME="IDX6205"></A>
+<A NAME="IDX6206"></A>
+<A NAME="IDX6207"></A>
+<A NAME="IDX6208"></A>
+<P><H3><A NAME="HDRWQ131" HREF="auagd002.htm#ToC_153">To add and mount a new disk to house AFS volumes</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Decide how many AFS partitions to divide the new disk into and the names
+of the directories at which to mount them (the introduction to this section
+describes the naming conventions). To display the names of the existing
+server partitions on the machine, issue the <B>vos listpart</B>
+command. Include the <B>-localauth</B> flag because you are logged
+in as the local superuser <B>root</B> but do not necessarily have
+administrative tokens.
+<PRE> # <B>vos listpart</B> <<VAR>machine name</VAR>> <B>-localauth</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listp
+</B><DD>Is the shortest acceptable abbreviation of <B>listpart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the local file server machine.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents it to the BOS Server during mutual authentication.
+</DL>
+<P><LI>Create each directory at which to mount a partition.
+<PRE> # <B>mkdir /vicep</B><VAR>x</VAR>[<VAR>x</VAR>]
+</PRE>
+<A NAME="IDX6209"></A>
+<A NAME="IDX6210"></A>
+<A NAME="IDX6211"></A>
+<A NAME="IDX6212"></A>
+<P><LI><A NAME="LIWQ132"></A>Using a text editor, create an entry in the machine's file
+systems registry file (<B>/etc/fstab</B> or equivalent) for each new disk
+partition, mapping its device name to the directory you created in the
+previous step. Refer to existing entries in the file to learn the
+proper format, which varies for different operating systems.
+<P><LI><A NAME="LIWQ133"></A>If the operating system requires that you shut off the machine
+to install a new disk, issue the <B>bos shutdown</B> command to shut down
+all AFS server processes other than the BOS Server (it terminates safely when
+you shut off the machine). Include the <B>-localauth</B> flag
+because you are logged in as the local superuser <B>root</B> but do not
+necessarily have administrative tokens. For a complete description of
+the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<PRE> # <B>bos shutdown</B> <<VAR>machine name</VAR>> <B>-localauth</B> [<B>-wait</B>]
+</PRE>
+<P><LI><A NAME="LIWQ134"></A>If necessary, shut off the machine. Install and format
+the new disk according to the instructions provided by the disk and operating
+system vendors. If necessary, edit the disk's partition table to
+reflect the changes you made to the files system registry file in step <A HREF="#LIWQ132">4</A>; consult the operating system documentation for
+instructions.
+<P><LI>If you shut off the machine down in step <A HREF="#LIWQ134">6</A>, turn it on. Otherwise, issue the <B>bos
+restart</B> command to restart the <B>fs</B> process, forcing it to
+recognize the new set of server partitions. Include the
+<B>-localauth</B> flag because you are logged in as the local superuser
+<B>root</B> but do not necessarily have administrative tokens. For
+complete instructions for the <B>bos restart</B> command, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<PRE> # <B>bos restart</B> <<VAR>machine name</VAR>> <B>fs -localauth</B>
+</PRE>
+<P><LI>Issue the <B>bos status</B> command to verify that all server
+processes are running correctly. For more detailed instructions, see <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<PRE> # <B>bos status</B> <<VAR>machine name</VAR>>
+</PRE>
+</OL>
+<A NAME="IDX6213"></A>
+<A NAME="IDX6214"></A>
+<A NAME="IDX6215"></A>
+<A NAME="IDX6216"></A>
+<A NAME="IDX6217"></A>
+<P><H3><A NAME="HDRWQ135" HREF="auagd002.htm#ToC_154">To unmount and remove a disk housing AFS volumes</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos listvol</B> command to list the volumes housed on
+each partition of each disk you are about to remove, in preparation for
+removing them or moving them to other partitions. For detailed
+instructions, see <A HREF="auagd010.htm#HDRWQ219">Displaying Volume Headers</A>.
+<PRE> % <B>vos listvol</B> <<VAR>machine name</VAR>> [<<VAR>partition name</VAR>>]
+</PRE>
+<P><LI>Move any volume you wish to retain in the file system to another
+partition. You can move only read/write volumes. For more
+detailed instructions, and for instructions on moving read-only and backup
+volumes, see <A HREF="auagd010.htm#HDRWQ226">Moving Volumes</A>.
+<PRE> % <B>vos move</B> <<VAR>volume name or ID</VAR>> \
+ <<VAR>machine name on source</VAR>> <<VAR>partition name on source</VAR>> \
+ <<VAR>machine name on destination</VAR>> <<VAR>partition name on destination</VAR>>
+</PRE>
+<P><LI><B>(Optional)</B> If there are any volumes you do not wish to retain,
+back them up using the <B>vos dump</B> command or the AFS Backup
+System. See <A HREF="auagd010.htm#HDRWQ240">Dumping and Restoring Volumes</A> or <A HREF="auagd012.htm#HDRWQ296">Backing Up Data</A>, respectively.
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<A NAME="IDX6218"></A>
+<A NAME="IDX6219"></A>
+<P><LI>Issue the <B>umount</B> command, repeating it for each partition on
+the disk to be removed.
+<PRE> # <B>cd /</B>
+ # <B>umount /dev/</B><<VAR>partition_block_device_name</VAR>>
+</PRE>
+<A NAME="IDX6220"></A>
+<P><LI><A NAME="LIWQ136"></A>Using a text editor, remove or comment out each
+partition's entry from the machine's file systems registry file
+(<B>/etc/fstab</B> or equivalent).
+<P><LI>Remove the <B>/vicep</B> directory associated with each
+partition.
+<PRE> # <B>rmdir /vicep</B><VAR>xx</VAR>
+</PRE>
+<P><LI>If the operating system requires that you shut off the machine to remove a
+disk, issue the <B>bos shutdown</B> command to shut down all AFS server
+processes other than the BOS Server (it terminates safely when you shut off
+the machine). Include the <B>-localauth</B> flag because you are
+logged in as the local superuser <B>root</B> but do not necessarily have
+administrative tokens. For a complete description of the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<PRE> # <B>bos shutdown</B> <<VAR>machine name</VAR>> <B>-localauth</B> [<B>-wait</B>]
+</PRE>
+<P><LI><A NAME="LIWQ137"></A>If necessary, shut off the machine. Remove the disk
+according to the instructions provided by the disk and operating system
+vendors. If necessary, edit the disk's partition table to reflect
+the changes you made to the files system registry file in step <A HREF="#LIWQ136">7</A>; consult the operating system documentation for
+instructions.
+<P><LI>If you shut off the machine down in step <A HREF="#LIWQ137">10</A>, turn it on. Otherwise, issue the <B>bos
+restart</B> command to restart the <B>fs</B> process, forcing it to
+recognize the new set of server partitions. Include the
+<B>-localauth</B> flag because you are logged in as the local superuser
+<B>root</B> but do not necessarily have administrative tokens. For
+complete instructions for the <B>bos restart</B> command, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<PRE> # <B>bos restart</B> <<VAR>machine name</VAR>> <B>fs -localauth</B>
+</PRE>
+<P><LI>Issue the <B>bos status</B> command to verify that all server
+processes are running correctly. For more detailed instructions, see <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<PRE> # <B>bos status</B> <<VAR>machine name</VAR>>
+</PRE>
+</OL>
+<A NAME="IDX6221"></A>
+<A NAME="IDX6222"></A>
+<A NAME="IDX6223"></A>
+<A NAME="IDX6224"></A>
+<A NAME="IDX6225"></A>
+<A NAME="IDX6226"></A>
+<A NAME="IDX6227"></A>
+<A NAME="IDX6228"></A>
+<A NAME="IDX6229"></A>
+<A NAME="IDX6230"></A>
+<A NAME="IDX6231"></A>
+<HR><H2><A NAME="HDRWQ138" HREF="auagd002.htm#ToC_155">Managing Server IP Addresses and VLDB Server Entries</A></H2>
+<P>The AFS support for multihomed file server machines is
+largely automatic. The File Server process records the IP addresses of
+its file server machine's network interfaces in the local
+<B>/usr/afs/local/sysid</B> file and also registers them in a <I>server
+entry</I> in the Volume Location Database (VLDB). The
+<B>sysid</B> file and server entry are identified by the same unique
+number, which creates an association between them.
+<P>When the Cache Manager requests volume location information, the Volume
+Location (VL) Server provides all of the interfaces registered for each server
+machine that houses the volume. This enables the Cache Manager to make
+use of multiple addresses when accessing AFS data stored on a multihomed file
+server machine.
+<P>If you wish, you can control which interfaces the File Server registers in
+its VLDB server entry by creating two files in the local
+<B>/usr/afs/local</B> directory: <B>NetInfo</B> and
+<B>NetRestrict</B>. Each time the File Server restarts, it builds a
+list of the local machine's interfaces by reading the <B>NetInfo</B>
+file, if it exists. If you do not create the file, the File Server uses
+the list of network interfaces configured with the operating system. It
+then removes from the list any addresses that appear in the
+<B>NetRestrict</B> file, if it exists. The File Server records the
+resulting list in the <B>sysid</B> file and registers the interfaces in
+the VLDB server entry that has the same unique identifier.
+<P>On database server machines, the <B>NetInfo</B> and
+<B>NetRestrict</B> files also determine which interfaces the Ubik database
+synchronization library uses when communicating with the database server
+processes running on other database server machines.
+<P>There is a maximum number of IP addresses in each server entry, as
+documented in the <I>IBM AFS Release Notes</I>. If a multihomed
+file server machine has more interfaces than the maximum, AFS simply ignores
+the excess ones. It is probably appropriate for such machines to use
+the <B>NetInfo</B> and <B>NetRestrict</B> files to control which
+interfaces are registered.
+<P>If for some reason the <B>sysid</B> file no longer exists, the File
+Server creates a new one with a new unique identifier. When the File
+Server registers the contents of the new file, the Volume Location (VL) Server
+normally recognizes automatically that the new file corresponds to an existing
+server entry, and overwrites the existing server entry with the new file
+contents and identifier. However, it is best not to remove the
+<B>sysid</B> file if that can be avoided.
+<P>Similarly, it is important not to copy the <B>sysid</B> file from one
+file server machine to another. If you commonly copy the contents of
+the <B>/usr/afs</B> directory from an existing machine as part of
+installing a new file server machine, be sure to remove the <B>sysid</B>
+file from the <B>/usr/afs/local</B> directory on the new machine before
+starting the File Server.
+<P>There are certain cases where the VL Server cannot determine whether it is
+appropriate to overwrite an existing server entry with a new <B>sysid</B>
+file's contents and identifier. It then refuses to allow the File
+Server to register the interfaces, which prevents the File Server from
+starting. This can happen if, for example, a new <B>sysid</B> file
+includes two interfaces that currently are registered by themselves in
+separate server entries. In such cases, error messages in the
+<B>/usr/afs/log/VLLog</B> file on the VL Server machine and in the
+<B>/usr/afs/log/FileLog</B> file on the file server machine indicate that
+you need to use the <B>vos changeaddr</B> command to resolve the
+problem. Contact the AFS Product Support group for instructions and
+assistance.
+<P>Except in this type of rare error case, the only appropriate use of the
+<B>vos changeaddr</B> command is to remove a VLDB server entry completely
+when you remove a file server machine from service. The VLDB can
+accommodate a maximum number of server entries, as specified in the <I>IBM
+AFS Release Notes</I>. Removing obsolete entries makes it possible to
+allocate server entries for new file server machines as required. See
+the instructions that follow.
+<P>Do not use the <B>vos changeaddr</B> command to change the list of
+interfaces registered in a VLDB server entry. To change a file server
+machine's IP addresses and server entry, see the instructions that
+follow.
+<A NAME="IDX6232"></A>
+<A NAME="IDX6233"></A>
+<A NAME="IDX6234"></A>
+<P><H3><A NAME="Header_156" HREF="auagd002.htm#ToC_156">To create or edit the server NetInfo file</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Using a text editor, open the <B>/usr/afs/local/NetInfo</B>
+file. Place one IP address in dotted decimal format (for example,
+<TT>192.12.107.33</TT>) on each line. The order
+of entries is not significant.
+<P><LI>If you want the File Server to start using the revised list immediately,
+use the <B>bos restart</B> command to restart the <B>fs</B>
+process. For instructions, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+</OL>
+<A NAME="IDX6235"></A>
+<A NAME="IDX6236"></A>
+<A NAME="IDX6237"></A>
+<P><H3><A NAME="Header_157" HREF="auagd002.htm#ToC_157">To create or edit the server NetRestrict file</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Using a text editor, open the <B>/usr/afs/local/NetRestrict</B>
+file. Place one IP address in dotted decimal format on each
+line. The order of the addresses is not significant. Use the
+value <B>255</B> as a wildcard that represents all possible addresses in
+that field. For example, the entry
+<TT>192.12.105.255</TT> indicates that the Cache
+Manager does not register any of the addresses in the 192.12.105
+subnet.
+<P><LI>If you want the File Server to start using the revised list immediately,
+use the <B>bos restart</B> command to restart the <B>fs</B>
+process. For instructions, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+</OL>
+<A NAME="IDX6238"></A>
+<A NAME="IDX6239"></A>
+<P><H3><A NAME="Header_158" HREF="auagd002.htm#ToC_158">To display all server entries from the VLDB</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>vos listaddrs</B> command to display all server entries
+from the VLDB.
+<PRE> % <B>vos listaddrs</B>
+</PRE>
+<P>where <B>lista</B> is the shortest acceptable abbreviation of
+<B>listaddrs</B>.
+<P>The output displays all server entries from the VLDB, each on its own
+line. If a file server machine is multihomed, all of its registered
+addresses appear on the line. The first one is the one reported as a
+volume's site in the output from the <B>vos examine</B> and <B>vos
+listvldb</B> commands.
+<P>VLDB server entries record IP addresses, and the command interpreter has
+the local name service (either a process like the Domain Name Service or a
+local host table) translate them to hostnames before displaying them.
+If an IP address appears in the output, it is not possible to translate
+it.
+<P>The existence of an entry does not necessarily indicate that the machine
+that is still an active file server machine. To remove obsolete server
+entries, see the following instructions.
+</OL>
+<A NAME="IDX6240"></A>
+<A NAME="IDX6241"></A>
+<P><H3><A NAME="Header_159" HREF="auagd002.htm#ToC_159">To remove obsolete server entries from the VLDB</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos changeaddr</B> command to remove a server entry from
+the VLDB.
+<PRE> % <B>vos changeaddr</B> <<VAR>original IP address</VAR>> <B>-remove</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ch
+</B><DD>Is the shortest acceptable abbreviation of <B>changeaddr</B>.
+<P><DT><B><VAR>original IP address</VAR>
+</B><DD>Specifies one of the IP addresses currently registered for the file server
+machine in the VLDB. Any of a multihomed file server machine's
+addresses are acceptable to identify it.
+<P><DT><B>-remove
+</B><DD>Removes the server entry.
+</DL>
+</OL>
+<P><H3><A NAME="Header_160" HREF="auagd002.htm#ToC_160">To change a server machine's IP addresses</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the machine is the system control machine or a binary distribution
+machine, and you are also changing its hostname, redefine all relevant
+<B>upclient</B> processes on other server machines to refer to the new
+hostname. Use the <B>bos delete</B> and <B>bos create</B>
+commands as instructed in <A HREF="auagd009.htm#HDRWQ161">Creating and Removing Processes</A>.
+<P><LI>If the machine is a database server machine, edit its entry in the
+<B>/usr/afs/etc/CellServDB</B> file on every server machine in the cell to
+list one of the new IP addresses. If you use the United States edition
+of AFS, you can edit the file on the system control machine and wait the
+required time (by default, five minutes) for the Update Server to distribute
+the changed file to all server machines.
+<P><LI>If the machine is a database server machine, issue the <B>bos
+shutdown</B> command to stop all server processes. If the machine is
+also a file server, the volumes on it are inaccessible during this
+time. For a complete description of the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<PRE> % <B>bos shutdown</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Use the utilities provided with the operating system to change one or more
+of the machine's IP addresses.
+<P><LI>If appropriate, edit the <B>/usr/afs/local/NetInfo</B> file, the
+<B>/usr/afs/local/NetRestrict</B> file, or both, to reflect the changed
+addresses. Instructions appear earlier in this section.
+<P><LI>If the machine is a database server machine, issue the <B>bos
+restart</B> command to restart all server processes on the machine.
+For complete instructions for the <B>bos restart</B> command, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>-all</B>
+</PRE>
+<P>At the same time, issue the <B>bos restart</B> command on all other
+database server machines in the cell to restart the database server processes
+only (the Authentication, Backup, Protection, and Volume Location
+Servers). Issue the commands in quick succession so that all of the
+database server processes vote in the quorum election.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>kaserver buserver ptserver vlserver</B>
+</PRE>
+<P>If you are changing IP addresses on every database server machine in the
+cell, you must also issue the <B>bos restart</B> command on every file
+server machine in the cell to restart the <B>fs</B> process.
+<P><LI>If the machine is not a database server machine, issue the <B>bos
+restart</B> command to restart the <B>fs</B> process (if the machine is
+a database server, you already restarted the process in the previous
+step). The File Server automatically compiles a new list of interfaces,
+records them in the <B>/usr/afs/local/sysid</B> file, and registers them
+in its VLDB server entry.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>fs</B>
+</PRE>
+<P><LI>If the machine is a database server machine, edit its entry in the
+<B>/usr/vice/etc/CellServDB</B> file on every client machine in the cell
+to list one of the new IP addresses. Instructions appear in <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P><LI>If there are machine entries in the Protection Database for the
+machine's previous IP addresses, use the <B>pts rename</B> command to
+change them to the new addresses. For instructions, see <A HREF="auagd019.htm#HDRWQ556">Changing a Protection Database Entry's Name</A>.
+</OL>
+<A NAME="IDX6242"></A>
+<A NAME="IDX6243"></A>
+<A NAME="IDX6244"></A>
+<HR><H2><A NAME="HDRWQ139" HREF="auagd002.htm#ToC_161">Rebooting a Server Machine</A></H2>
+<P>You can reboot a server machine either by typing the
+appropriate commands at its console or by issuing the <B>bos exec</B>
+command on a remote machine. Remote rebooting can be more convenient,
+because you do not need to leave your present location, but you cannot track
+the progress of the reboot as you can at the console. Remote rebooting
+is possible because the server machine's operating system recognizes the
+BOS Server, which executes the <B>bos exec</B> command, as the local
+superuser <B>root</B>.
+<P>Rebooting server machines is part of routine maintenance in some cells, and
+some instructions in the AFS documentation include it as a step. It is
+certainly not intended to be the standard method for recovering from
+AFS-related problems, however, but only a last resort when the machine is
+unresponsive and you have tried all other reasonable options.
+<P>Rebooting causes a service outage. If the machine stores volumes,
+they are all inaccessible until the reboot completes and the File Server
+reattaches them. If the machine is a database server machine,
+information from the databases can become unavailable during the reelection of
+the synchronization site for each database server process; the VL Server
+outage generally has the greatest impact, because the Cache Manager must be
+able to access the VLDB to fetch AFS data.
+<P>By convention, a server machine's AFS initialization file includes the
+following command to restart the BOS Server after each reboot. It
+starts the other AFS server processes listed in the local
+<B>/usr/afs/local/BosConfig</B> file. These instructions assume
+that the initialization file includes the command.
+<PRE> /usr/afs/bin/bosserver &
+</PRE>
+<P><H3><A NAME="HDRWQ140" HREF="auagd002.htm#ToC_162">To reboot a file server machine from its console</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>bos shutdown</B> command to shut down all AFS server
+processes other than the BOS Server, which terminates safely when you reboot
+the machine. Include the <B>-localauth</B> flag because you are
+logged in as the local superuser <B>root</B> but do not necessarily have
+administrative tokens. For a complete description of the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<PRE> # <B>bos shutdown</B> <<VAR>machine name</VAR>> <B>-localauth</B> [<B>-wait</B>]
+</PRE>
+<P><LI>Reboot the machine. On many system types, the appropriate command
+is <B>shutdown</B>, but the appropriate options vary; consult your
+UNIX administrator's guide.
+<PRE> # <B>shutdown</B>
+</PRE>
+</OL>
+<A NAME="IDX6245"></A>
+<A NAME="IDX6246"></A>
+<P><H3><A NAME="HDRWQ141" HREF="auagd002.htm#ToC_163">To reboot a file server machine remotely</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine you are rebooting. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos shutdown</B> to halt AFS server processes other than
+the BOS Server, which terminates safely when you turn off the machine.
+For a complete description of the command, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<PRE> % <B>bos shutdown</B> <<VAR>machine name</VAR>> [<B>-wait</B>]
+</PRE>
+<P><LI>Issue the <B>bos exec</B> command to reboot the machine
+remotely.
+<PRE> % <B>bos exec</B> <<VAR>machine name</VAR>> <VAR>reboot_command</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine to reboot.
+<P><DT><B><VAR>reboot_command</VAR>
+</B><DD>Is the rebooting command for the machine's operating system.
+The <B>shutdown</B> command is appropriate on many system types, but
+consult your operating system documentation.
+</DL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd010.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ142" HREF="auagd002.htm#ToC_164">Monitoring and Controlling Server Processes</A></H1>
+<A NAME="IDX6247"></A>
+<A NAME="IDX6248"></A>
+<P>One of your most important responsibilities as a system administrator is
+ensuring that the processes on file server machines are running
+correctly. The BOS Server, which runs on every file server machine,
+relieves you of much of the responsibility by constantly monitoring the other
+AFS server processes on its machine. It can automatically restart
+processes that have failed, ordering the restarts to take interdependencies
+into account.
+<P>Because different file server machines run different combinations of
+processes, you must define which processes the BOS Server on each file server
+machine is to monitor (to learn how, see <A HREF="#HDRWQ154">Controlling and Checking Process Status</A>).
+<P>It is sometimes necessary to take direct control of server process status
+before performing routine maintenance or correcting problems that the BOS
+Server cannot correct (such as problems with database replication or mutual
+authentication). At those times, you control process status through the
+BOS Server by issuing <B>bos</B> commands.
+<HR><H2><A NAME="HDRWQ143" HREF="auagd002.htm#ToC_165">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine process status
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos status</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine information from the <B>BosConfig file</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos status</B> with <B>-long</B> flag
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Create a process instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos create</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Stop a process
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos stop</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Start a stopped process
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos start</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Stop a process temporarily
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos shutdown</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Start a temporarily stopped process
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos startup</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Stop and immediately restart a process
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos restart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Stop and immediately restart all processes
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos restart</B> with <B>-bosserver</B> flag
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine BOS Server's restart times
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos getrestart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Set BOS Server's restart times
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos setrestart</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine a log file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos getlog</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Execute a command remotely
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>bos exec</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ145" HREF="auagd002.htm#ToC_166">Brief Descriptions of the AFS Server Processes</A></H2>
+<P>This section briefly describes the different server
+processes that can run on an AFS server machine. In cells with multiple
+server machines, not all processes necessarily run on all machines.
+<P>An AFS server process is referred to in one of three ways, depending on the
+context:
+<A NAME="IDX6249"></A>
+<UL>
+<P><LI>The output from the <B>bos status</B> command refers to a process by
+the name assigned when the <B>bos create</B> command creates its entry in
+the <B>/usr/afs/local/BosConfig</B> file. The name can differ from
+machine to machine, but it is easiest to maintain the cell if you assign the
+same name on all machines. The <I>IBM AFS Quick Beginnings</I> and
+the reference page for the <B>bos create</B> command list the conventional
+names. Examples are <B>bosserver</B>, <B>kaserver</B>, and
+<B>vlserver</B>.
+<P><LI>The process listing produced by the standard <B>ps</B> command
+generally matches the process's binary file. Examples of process
+binary files are <B>/usr/afs/bin/bosserver</B>,
+<B>/usr/afs/bin/kaserver</B>, and <B>/usr/afs/bin/vlserver</B>.
+<P><LI>In most contexts, including most references in the documentation, a
+process is referred to as (for example) the <B>Basic OverSeer (BOS)
+Server</B>, the <B>Authentication Server</B>, or the <B>Volume
+Location Server</B>.
+</UL>
+<P>The following sections specify each name for the process as well as some of
+the administrative tasks in which you use the process. For a more
+general description of the servers, see <A HREF="auagd006.htm#HDRWQ17">AFS Server Processes and the Cache Manager</A>.
+<P><H3><A NAME="HDRWQ146" HREF="auagd002.htm#ToC_167">The bosserver Process: the Basic OverSeer Server</A></H3>
+<A NAME="IDX6250"></A>
+<A NAME="IDX6251"></A>
+<P>The <B>bosserver</B> process, which runs on every AFS server machine,
+is the Basic OverSeer (BOS) Server responsible for monitoring the other AFS
+server processes running on its machine. If a process fails, the BOS
+Server can restart it automatically, without human intervention. It
+takes interdependencies into account when restarting a process that has
+multiple component processes (such as the <B>fs</B> process described in <A HREF="#HDRWQ148">The fs Collection of Processes: the File Server, Volume Server and Salvager</A>).
+<A NAME="IDX6252"></A>
+<P>Because the BOS Server does not monitor or restart itself, it does not
+appear in the output from the <B>bos status</B> command. It appears
+in the <B>ps</B> command's output as
+<TT>/usr/afs/bin/bosserver</TT>.
+<A NAME="IDX6253"></A>
+<A NAME="IDX6254"></A>
+<P>As a system administrator, you contact the BOS Server when you issue
+<B>bos</B> commands to perform the following kinds of tasks.
+<A NAME="IDX6255"></A>
+<UL>
+<P><LI>Defining the processes for the BOS Server to monitor by creating entries
+in the <B>/usr/afs/local/BosConfig</B> file as described in <A HREF="#HDRWQ154">Controlling and Checking Process Status</A>
+<P><LI>Stopping and starting processes on the file server machines according to
+subsequent instructions in this chapter
+<P><LI>Defining your cell's database server machines in the
+<B>/usr/afs/etc/CellServDB</B> file as described in <A HREF="auagd008.htm#HDRWQ118">Maintaining the Server CellServDB File</A>
+<P><LI>Defining AFS server encryption keys in the <B>/usr/afs/etc/KeyFile</B>
+file as described in <A HREF="auagd014.htm#HDRWQ355">Managing Server Encryption Keys</A>.
+<P><LI>Granting system administrator privileges with respect to BOS Server,
+Volume Server, and Backup Server operations, by adding a user to the
+<B>/usr/afs/etc/UserList</B> file as described in <A HREF="auagd021.htm#HDRWQ592">Administering the UserList File</A>
+<P><LI>Setting authorization checking requirements on a server machine as
+described in <A HREF="auagd008.htm#HDRWQ123">Managing Authentication and Authorization Requirements</A>
+</UL>
+<P><H3><A NAME="HDRWQ147" HREF="auagd002.htm#ToC_168">The buserver Process: the Backup Server</A></H3>
+<A NAME="IDX6256"></A>
+<A NAME="IDX6257"></A>
+<P>The <B>buserver</B> process, which runs on database server machines, is
+the Backup Server. It maintains information about Backup System
+configuration and operations in the Backup Database.
+<P>The process appears as <TT>buserver</TT> in the <B>bos status</B>
+command's output, if the conventional name is assigned. It appears
+in the <B>ps</B> command's output as
+<TT>/usr/afs/bin/buserver</TT>.
+<A NAME="IDX6258"></A>
+<A NAME="IDX6259"></A>
+<P>As a system administrator, you contact the Backup Server when you issue any
+<B>backup</B> command that manipulates information in the Backup Database,
+including those that change Backup System configuration information, that dump
+data from volumes to permanent storage, or that restore data to AFS.
+See <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<P><H3><A NAME="HDRWQ148" HREF="auagd002.htm#ToC_169">The fs Collection of Processes: the File Server, Volume Server and Salvager</A></H3>
+<A NAME="IDX6260"></A>
+<A NAME="IDX6261"></A>
+<P>The <B>fs</B> process, which runs on every file server machine,
+combines three component processes: File Server, Volume Server and
+Salvager. The three components perform independent functions, but are
+controlled as a single process for the following reasons.
+<UL>
+<P><LI>They all operate on the same data, namely files and directories stored in
+AFS volumes. Combining them as a single process enables them to
+coordinate their actions, never attempting simultaneous operations on the same
+data that can possibly corrupt it.
+<P><LI>It enables the BOS Server to stop and restart the processes in the
+required order. When the File Server fails, the BOS Server stops the
+Volume Server and runs the Salvager to correct any corruption that resulted
+from the failure. (The Salvager runs only in this special circumstance
+or when you invoke it yourself by issuing the <B>bos salvage</B> command
+as instructed in <A HREF="auagd010.htm#HDRWQ232">Salvaging Volumes</A>.) If only the Volume Server fails, the BOS Server can
+restart it without affecting the File Server or Salvager.
+</UL>
+<P>The File Server component handles AFS data at the level of files and
+directories, manipulating file system elements as requested by application
+programs and the standard operating system commands. Its main duty is
+to deliver requested files to client machines and store them again on the
+server machine when the client is finished. It also maintains status
+and protection information about each file and directory. It runs
+continuously during normal operation.
+<A NAME="IDX6262"></A>
+<P>The Volume Server component handles AFS data at the level of complete
+volumes rather than files and directories. In response to
+<B>vos</B> commands, it creates, removes, moves, dumps and restores entire
+volumes, among other actions. It runs continuously during normal
+operation.
+<A NAME="IDX6263"></A>
+<P>The Salvager component runs only after the failure of one of the other two
+processes. It checks the file system for internal consistency and
+repairs any errors it finds.
+<A NAME="IDX6264"></A>
+<A NAME="IDX6265"></A>
+<P>The process appears as <TT>fs</TT> in the <B>bos status</B>
+command's output, if the conventional name is assigned. An
+auxiliary message reports the status of the File Server or Salvager
+component. See <A HREF="#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<P>The component processes of the <B>fs</B> process appear individually in
+the <B>ps</B> command's output, as follows. There is no entry
+for the <TT>fs</TT> process itself.
+<UL>
+<P><LI><TT>/usr/afs/bin/fileserver</TT>
+<P><LI><TT>/usr/afs/bin/volserver</TT>
+<P><LI><TT>/usr/afs/bin/salvager</TT>
+</UL>
+<P>The Cache Manager contacts the File Server component on your behalf
+whenever you access data or status information in an AFS file or directory or
+issue file manipulation commands such as the UNIX <B>cp</B> and
+<B>ls</B> commands. You can contact the File Server directly by
+issuing <B>fs</B> commands that perform the following functions
+<A NAME="IDX6266"></A>
+<A NAME="IDX6267"></A>
+<UL>
+<P><LI>Administering the ACL of any directory in the file system as described in <A HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A>
+<P><LI>Installing new partitions for housing AFS volumes, in which case you must
+restart the <B>fs</B> process for it to recognize the new partition;
+for instructions, see <A HREF="auagd008.htm#HDRWQ130">Adding or Removing Disks and Partitions</A>
+<P><LI>Creating and deleting volume mount points in the AFS filespace as
+described in <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>
+<P><LI>Setting volume quota and displaying information about the space used and
+available in a volume or partition as described in <A HREF="auagd010.htm#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>
+</UL>
+<A NAME="IDX6268"></A>
+<A NAME="IDX6269"></A>
+<P>You contact the Volume Server component when you issue <B>vos</B>
+commands that manipulate volumes in any way--creating, removing,
+replicating, moving, renaming, converting to different formats, and
+salvaging. For instructions, see <A HREF="auagd010.htm#HDRWQ174">Managing Volumes</A>.
+<P>The Salvager normally runs automatically in case of a failure. You
+can also start it with the <B>bos salvage</B> command as described in <A HREF="auagd010.htm#HDRWQ232">Salvaging Volumes</A>.
+<A NAME="IDX6270"></A>
+<A NAME="IDX6271"></A>
+<P><H3><A NAME="HDRWQ149" HREF="auagd002.htm#ToC_170">The kaserver Process: the Authentication Server</A></H3>
+<A NAME="IDX6272"></A>
+<A NAME="IDX6273"></A>
+<P>The <B>kaserver</B> process, which runs on database server machines, is
+the Authentication Server responsible for several aspects of AFS
+security. It verifies AFS user identity by requiring a password.
+It maintains all AFS server encryption keys and user passwords in the
+Authentication Database. The Authentication Server's Ticket
+Granting Service (TGS) module creates the shared secrets that AFS client and
+server processes use when establishing secure connections.
+<P>The process appears as <TT>kaserver</TT> in the <B>bos status</B>
+command's output, if the conventional name is assigned. The
+<B>ka</B> string stands for <I>Kerberos Authentication</I>, reflecting
+the fact that AFS's authentication protocols are based on Kerberos, which
+was originally developed at the Massachusetts Institute of Technology's
+Project Athena.
+<P>It appears in the <B>ps</B> command's output as
+<TT>/usr/afs/bin/kaserver</TT>.
+<A NAME="IDX6274"></A>
+<A NAME="IDX6275"></A>
+<P>As a system administrator, you contact the Authentication Server when you
+issue <B>kas</B> commands to perform the following kinds of tasks.
+<UL>
+<P><LI>Setting a user's password. Users normally change their own
+passwords, so you probably perform this task only creating a new user account
+as described in <A HREF="auagd018.htm#HDRWQ502">Creating AFS User Accounts</A> and <A HREF="auagd018.htm#HDRWQ516">Changing AFS Passwords</A>.
+<P><LI>Setting the AFS server encryption key in the Authentication Database,
+which the TGS uses to seal server tickets; see <A HREF="auagd014.htm#HDRWQ355">Managing Server Encryption Keys</A>.
+<P><LI>Granting or revoking system administrator privileges with respect to the
+Authentication Server as described in <A HREF="auagd021.htm#HDRWQ589">Granting Privilege for kas Commands: the ADMIN Flag</A>.
+</UL>
+<P><H3><A NAME="HDRWQ150" HREF="auagd002.htm#ToC_171">The ptserver Process: the Protection Server</A></H3>
+<A NAME="IDX6276"></A>
+<A NAME="IDX6277"></A>
+<P>The <B>ptserver</B> process, which runs on database server machines, is
+the Protection Server. Its main responsibility is maintaining the
+Protection Database which contains user, machine, and group entries.
+The Protection Server allocates AFS IDs and maintains the mapping between them
+and names. The File Server consults the Protection Server when
+verifying that a user is authorized to perform a requested action.
+<P>The process appears as <TT>ptserver</TT> in the <B>bos status</B>
+command's output, if the conventional name is assigned. It appears
+in the <B>ps</B> command's output as
+<TT>/usr/afs/bin/ptserver</TT>.
+<A NAME="IDX6278"></A>
+<A NAME="IDX6279"></A>
+<P>As a system administrator, you contact the Protection Server when you issue
+<B>pts</B> commands to perform the following kinds of tasks.
+<UL>
+<P><LI>Creating a new user, machine, or group entry in the Protection Database as
+described in <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>
+<P><LI>Adding or removing group members or otherwise manipulating Protection
+Database entries as described in <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>
+<P><LI>Granting or revoking system administrator privilege by changing the
+membership of the <B>system:administrators</B> group as described in
+<A HREF="auagd021.htm#HDRWQ586">Administering the system:administrators Group</A>
+</UL>
+<P><H3><A NAME="HDRWQ151" HREF="auagd002.htm#ToC_172">The runntp Process</A></H3>
+<A NAME="IDX6280"></A>
+<A NAME="IDX6281"></A>
+<A NAME="IDX6282"></A>
+<P>The <B>runntp</B> process, which runs on every server machine, is a
+controller program for the Network Time Protocol Daemon (NTPD), which
+synchronizes the hardware clocks on server machines. You need to run
+the <B>runntp</B> process if you are not already running NTP or another
+time synchronization protocol on your server machines.
+<P>The clocks on database server machines need to be synchronized because
+AFS's distributed database technology (Ubik) works properly only when the
+clocks agree within a narrow range of variation (see <A HREF="auagd008.htm#HDRWQ103">Configuring the Cell for Proper Ubik Operation</A>). The clocks on file server machines need to be
+correct not only because the File Server sets modification time stamps on
+files, but because in the conventional configuration they serve as the time
+source for AFS client machines.
+<P>The process appears as <TT>runntp</TT> in the <B>bos status</B>
+command's output, if the conventional name is assigned. It appears
+in the output from the <B>ps</B> command as
+<TT>/usr/afs/bin/runntp</TT>. The <B>ps</B> command's output
+also includes an entry called <TT>ntpd</TT>; its exact form depends on
+the arguments you provide to the <B>runntp</B> command.
+<A NAME="IDX6283"></A>
+<A NAME="IDX6284"></A>
+<P>As a system administrator, you do not contact the NTPD directly once you
+have installed it according to the instructions in the <I>IBM AFS Quick
+Beginnings</I>.
+<P><H3><A NAME="HDRWQ152" HREF="auagd002.htm#ToC_173">The upserver and upclient Processes: the Update Server</A></H3>
+<A NAME="IDX6285"></A>
+<A NAME="IDX6286"></A>
+<A NAME="IDX6287"></A>
+<P>The Update Server has two separate parts, each of which runs on a different
+type of server machine. The <B>upserver</B> process is the server
+portion of the Update Server. Its function depends on which edition of
+AFS you use:
+<UL>
+<P><LI>With both the United States and international editions, it runs on the
+binary distribution machine of each system type you use as a server machine,
+distributing the contents of each one's <B>/usr/afs/bin</B> directory
+to the other server machines of that type. This guarantees that all
+machines have the same version of AFS binaries. (For a list of the
+binaries, see <A HREF="auagd008.htm#HDRWQ84">Binaries in the /usr/afs/bin Directory</A>.)
+<P><LI>In you use the United States edition of AFS, it also runs on the
+cell's system control machine, distributing the contents of its
+<B>/usr/afs/etc</B> directory to all the other server machines in order to
+synchronize the configuration files stored in that directory. (For a
+list of the configuration files, see <A HREF="auagd008.htm#HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</A>.)
+</UL>
+<P>The <B>upclient</B> process is the client portion of the Update Server,
+and like the server portion its function depends on the AFS edition in
+use.
+<UL>
+<P><LI>It runs on every server machine that is not a binary distribution machine,
+referencing the binary distribution machine of its system type as the source
+for updates to the binaries in the <B>/usr/afs/bin</B> directory.
+The conventional process name to assign is <B>upclientbin</B>.
+<P><LI>If you use the United States edition of AFS, another instance of the
+process runs on every server machine except the system control machine.
+It references the system control machine as the source for updates to the
+common configuration files in the <B>/usr/afs/etc</B> directory.
+The conventional process name to assign is <B>upclientetc</B>.
+</UL>
+<P>In output from the <B>bos status</B> command, the server portion
+appears as <TT>upserver</TT> and the client portions as
+<TT>upclientbin</TT> and <TT>upclientetc</TT>, if the conventional names
+are assigned. In the output from the <B>ps</B> command, the server
+portion appears as <TT>/usr/afs/bin/upserver</TT> and the client portions as
+<TT>/usr/afs/bin/upclient</TT>.
+<A NAME="IDX6288"></A>
+<A NAME="IDX6289"></A>
+<P>You do not contact the Update Server directly once you have installed
+it. It operates automatically whenever you use <B>bos</B> commands
+to change the files that it distributes.
+<P><H3><A NAME="HDRWQ153" HREF="auagd002.htm#ToC_174">The vlserver Process: the Volume Location Server</A></H3>
+<A NAME="IDX6290"></A>
+<A NAME="IDX6291"></A>
+<P>The <B>vlserver</B> process, which runs on database server machines, is
+the Volume Location (VL) Server that automatically tracks which file server
+machines house each volume, making its location transparent to client
+applications.
+<P>The process appears as <TT>vlserver</TT> in the <B>bos status</B>
+command's output, if the conventional name is assigned. It appears
+in the <B>ps</B> command's output as
+<TT>/usr/afs/bin/vlserver</TT>.
+<A NAME="IDX6292"></A>
+<A NAME="IDX6293"></A>
+<A NAME="IDX6294"></A>
+<P>As a system administrator, you contact the VL Server when you issue any
+<B>vos</B> command that changes the status of a volume (it records the
+status changes in the VLDB).
+<HR><H2><A NAME="HDRWQ154" HREF="auagd002.htm#ToC_175">Controlling and Checking Process Status</A></H2>
+<P>To define the AFS server processes that run on a server
+machine, use the <B>bos create</B> command to create entries for them in
+the local <B>/usr/afs/local/BosConfig</B> file. The BOS Server
+monitors the processes listed in the <B>BosConfig</B> file that are marked
+with the <TT>Run</TT> status flag, and automatically attempts to restart
+them if they fail. After creating process entries, you use other
+commands from the <B>bos</B> suite to stop and start processes or change
+the status flag as desired.
+<P>Never edit the <B>BosConfig</B> file directly rather than using
+<B>bos</B> commands. Similarly, it is not a good practice to run
+server processes without listing them in the <B>BosConfig</B> file, or to
+stop them using process termination commands such as the UNIX <B>kill</B>
+command.
+<P><H3><A NAME="Header_176" HREF="auagd002.htm#ToC_176">The Information in the BosConfig File</A></H3>
+<A NAME="IDX6295"></A>
+<A NAME="IDX6296"></A>
+<P>A process's entry in the <B>BosConfig</B> file includes the
+following information:
+<UL>
+<P><LI>The process's name. The recommended conventional names are
+defined in both the <I>IBM AFS Quick Beginnings</I> and <A HREF="#HDRWQ161">Creating and Removing Processes</A>. The name of a simple process usually matches the
+name of its binary file (for example, <B>ptserver</B> for the Protection
+Server).
+<P><LI>Its type, which is one of the following:
+<DL>
+<A NAME="IDX6297"></A>
+<A NAME="IDX6298"></A>
+<P><DT><B>simple
+</B><DD>A process that runs independently of any other on the server
+machine. If several simple processes fail at the same time, the BOS
+Server can restart them in any order. All standard AFS processes except
+the <B>fs</B> process are simple.
+<P><DT><B>fs
+<A NAME="IDX6299"></A>
+<A NAME="IDX6300"></A>
+<A NAME="IDX6301"></A>
+<A NAME="IDX6302"></A>
+<A NAME="IDX6303"></A>
+</B><DD>A process type reserved for the server process for which the conventional
+name is also <B>fs</B>. This process combines three
+components: the File Server, the Volume Server, and the Salvager.
+<A NAME="IDX6304"></A>
+<A NAME="IDX6305"></A>
+<P><DT><B>cron
+</B><DD>A process that runs at a defined time rather than continuously.
+There are no standard processes of this type.
+</DL>
+<A NAME="IDX6306"></A>
+<A NAME="IDX6307"></A>
+<A NAME="IDX6308"></A>
+<A NAME="IDX6309"></A>
+<P><LI>Its status flag, which tells the BOS Server whether it performs the
+following two actions with respect to the process:
+<UL>
+<P><LI>Start the process during BOS Server initialization
+<P><LI>Restart the process if it (the process) fails
+</UL>The two possible values are <TT>Run</TT> (which directs the BOS Server
+to perform these actions) and <TT>NotRun</TT> (which directs the BOS Server
+to ignore the process). The BOS Server itself never changes the setting
+of this flag, even if the process fails repeatedly. Also, this flag is
+for internal use only; it does not appear in the <B>bos status</B>
+command's output.
+<P><LI>Its command parameters, which are the commands that the BOS Server runs to
+start the process.
+<A NAME="IDX6310"></A>
+<UL>
+<P><LI>A simple processes has one: the complete pathname to its binary file
+<P><LI>The <B>fs</B> process has three: the complete pathnames to each
+of the three component processes (<B>/usr/afs/bin/fileserver</B>,
+<B>/usr/afs/bin/volserver</B>, and <B>/usr/afs/bin/salvager</B>)
+<P><LI>A cron process has two: the first the complete pathname to its
+binary file, the second the time at which the BOS Server runs it
+</UL>
+</UL>
+<P>In addition to process definitions, the <B>BosConfig</B> file also
+records automatic restart times for processes that have new binaries, and for
+all server processes including the BOS Server. See <A HREF="#HDRWQ171">Setting the BOS Server's Restart Times</A>.
+<P><H3><A NAME="HDRWQ155" HREF="auagd002.htm#ToC_177">How the BOS Server Uses the Information in the BosConfig File</A></H3>
+<A NAME="IDX6311"></A>
+<A NAME="IDX6312"></A>
+<A NAME="IDX6313"></A>
+<P>Whenever the BOS Server starts or restarts, it reads the
+<B>BosConfig</B> file to learn which processes it is to start and
+monitor. It transfers the information into kernel memory and does not
+read the <B>BosConfig</B> file again until it next restarts. This
+implies that the BOS Server's memory state can change independently of
+the <B>BosConfig</B> file. You can, for example, stop a process but
+leave its status flag in the <B>BosConfig</B> file as <TT>Run</TT>, or
+start a process even though its status flag in the <B>BosConfig</B> file
+is <TT>NotRun</TT>.
+<P><H3><A NAME="HDRWQ156" HREF="auagd002.htm#ToC_178">About Starting and Stopping the Database Server Processes</A></H3>
+<A NAME="IDX6314"></A>
+<A NAME="IDX6315"></A>
+<A NAME="IDX6316"></A>
+<A NAME="IDX6317"></A>
+<A NAME="IDX6318"></A>
+<A NAME="IDX6319"></A>
+<A NAME="IDX6320"></A>
+<P>When you start or stop a database server process (Authentication Server,
+Backup Server, Protection Server, or Volume Location Server) for more than a
+short time, you must follow the instructions in the <I>IBM AFS Quick
+Beginnings</I> for installing or removing a database server machine.
+Here is a summary of the tasks you must perform to preserve correct AFS
+functioning.
+<UL>
+<P><LI>Start or stop all four database server processes on that machine.
+All AFS server processes and the Cache Manager processes expect all four
+database server processes to be running on each machine listed in the
+<B>CellServDB</B> file. There is no way to indicate in the file
+that a machine is running only some of the database server processes.
+<P><LI>Add or remove the machine in the <B>/usr/afs/etc/CellServDB</B> file
+on all server machines and the <B>/usr/vice/etc/CellServDB</B> file on all
+client machines.
+<P><LI>Restart the database server processes on the other database server
+machines to force an election of a new Ubik coordinator for each one.
+</UL>
+<P><H3><A NAME="HDRWQ157" HREF="auagd002.htm#ToC_179">About Starting and Stopping the Update Server</A></H3>
+<A NAME="IDX6321"></A>
+<P>In the conventional cell configuration, one server machine of each system
+type acts as a binary distribution machine, running the server portion of the
+Update Server (<B>upserver</B> process) to distribute the contents of its
+<B>/usr/afs/bin</B> directory. The other server machines of its
+system type run an instance of the Update Server client portion (by convention
+called <B>upclientbin</B>) that references the binary distribution
+machine.
+<P>If you run the United States edition of AFS, it is conventional for the
+first server machine you install to act as the system control machine, running
+the server portion of the Update Server (<B>upserver</B> process) to
+distribute the contents of its <B>/usr/afs/etc</B> directory. All
+other server machines run an instance of the Update Server client portion (by
+convention called <B>upclientetc</B>) that references the system control
+machine.
+<P>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you are using the international edition of AFS, do not use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory
+(you do not run a system control machine). Ignore all references to the
+process in this chapter.
+</TD></TR></TABLE>
+<P>It is simplest not to move binary distribution or system control
+responsibilities to a different machine unless you completely decommission a
+machine that is currently serving in one of those roles. Running the
+Update Server usually imposes very little processing load. If you must
+move the functionality, perform the following related tasks.
+<UL>
+<P><LI>If you replace the system control machine, you must stop the
+<B>upclientetc</B> process on every other server machine and define a new
+one that references the new system control machine.
+<P><LI>If you replace a binary distribution machine, you must stop the
+<B>upclientbin</B> process on every other server machine of its system
+type and define a new one that references the new binary distribution machine
+(unless you are no longer running any server machines of that system
+type).
+</UL>
+<HR><H2><A NAME="HDRWQ158" HREF="auagd002.htm#ToC_180">Displaying Process Status and Information from the BosConfig File</A></H2>
+<P>To display the status of the AFS server processes on a
+server machine, issue the <B>bos status</B> command. Adding the
+<B>-long</B> flag displays most of the information from each
+process's entry in the <B>BosConfig</B> file, including its type and
+command parameters. It also displays a warning message if the mode bits
+on files and subdirectories in the <B>/usr/afs</B> directory do not match
+the expected values.
+<P><H3><A NAME="HDRWQ159" HREF="auagd002.htm#ToC_181">To display the status of server processes and their BosConfig entries</A></H3>
+<A NAME="IDX6322"></A>
+<A NAME="IDX6323"></A>
+<A NAME="IDX6324"></A>
+<A NAME="IDX6325"></A>
+<A NAME="IDX6326"></A>
+<A NAME="IDX6327"></A>
+<A NAME="IDX6328"></A>
+<A NAME="IDX6329"></A>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos status</B> command.
+<PRE> % <B>bos status</B> <<VAR>machine name</VAR>> [<<VAR>server process name</VAR>><SUP>+</SUP>] [<B>-long</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>stat
+</B><DD>Is the shortest acceptable abbreviation of <B>status</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the file server machine for which to display process
+status.
+<P><DT><B><VAR>server process name</VAR>
+</B><DD>Names each process for which to display status, using the name assigned
+when its entry was defined with the <B>bos create</B> command. Omit
+this argument to display the status of all server processes.
+<P><DT><B>-long
+</B><DD>Displays, in addition to status, information from the process's entry
+in the <B>BosConfig</B> file: its type, its status flag, its command
+parameters, the associated notifier program, and so on.
+</DL>
+</OL>
+<P>The output includes an entry for each process and uses one of the following
+strings to indicate the process's status:
+<UL>
+<P><LI><TT>currently running normally</TT> indicates that the process is
+running and its status flag in the <B>BosConfig</B> file is
+<TT>Run</TT>. For cron entries, this message indicates that the
+command is still scheduled to run, not necessarily that it is actually running
+when the <B>bos status</B> command was issued.
+<P><LI><TT>temporarily enabled</TT> indicates that the process is running but
+that its status flag in the <B>BosConfig</B> file is
+<TT>NotRun</TT>. The most common reason is that a system
+administrator has used the <B>bos startup</B> command to start the
+process.
+<P><LI><TT>temporarily disabled</TT> indicates that the process is not running
+even though its status flag in the <B>BosConfig</B> file is
+<TT>Run</TT>. The most common reasons are either that a system
+administrator has used the <B>bos shutdown</B> command to stop the process
+or that the BOS Server ceased trying to restart the process after numerous
+failed attempts. In the latter case, a supplementary message
+appears: <TT>stopped for too many errors</TT>.
+<P><LI><TT>disabled</TT> indicates that the process is not running and that its
+status flag in the <B>BosConfig</B> file is <TT>NotRun</TT>. The
+BOS Server is not monitoring the process. Only a system administrator
+can set the flag this way; the BOS Server never does.
+</UL>
+<P>The output for the <B>fs</B> process always includes a message marked
+<TT>Auxiliary status</TT>, which can be one of the following:
+<UL>
+<P><LI><TT>file server running</TT> indicates that the File Server and Volume
+Server components of the File Server process are running normally.
+<P><LI><TT>salvaging file system</TT> indicates that the Salvager is running,
+which usually implies that the File Server and Volume Server are temporarily
+disabled. The BOS Server restarts them as soon as the Salvager is
+finished.
+</UL>
+<P>The output for a cron process also includes an <TT>Auxiliary status</TT>
+message to report when the command is scheduled to run next; see the
+example that follows.
+<P>The output for any process can include the supplementary message <TT>has
+core file</TT> to indicate that at some point the process failed and
+generated a core file in the <B>/usr/afs/logs</B> directory. In
+most cases, the BOS Server is able to restart the process and it is
+running.
+<P>The following example includes a user-defined cron entry called
+<B>backupusers</B>:
+<PRE> % <B>bos status fs3.abc.com</B>
+ Instance kaserver, currently running normally.
+ Instance ptserver, currently running normally.
+ Instance vlserver, has core file, currently running normally.
+ Instance buserver, currently running normally.
+ Instance fs, currently running normally.
+ Auxiliary status is: file server running.
+ Instance upserver, currently running normally.
+ Instance runntp, currently running normally.
+ Instance backupusers, currently running normally.
+ Auxiliary status is: run next at Mon Jun 7 02:00:00 1999.
+</PRE>
+<P>If you include the <B>-long</B> flag to the <B>bos status</B>
+command, a process's entry in the output includes the following
+additional information from the <B>BosConfig</B> file:
+<UL>
+<P><LI>The process's type (<TT>simple</TT>, <TT>fs</TT>, or
+<TT>cron</TT>).
+<P><LI>The day and time the process last started or restarted.
+<P><LI>The number of <TT>proc starts</TT>, which is how many times the BOS
+Server has started or restarted the process since it started itself.
+<P><LI>The <TT>Last exit</TT> time when the process (or one of the component
+processes in the <B>fs</B> process) last terminated. This line does
+not appear if the process has not terminated since the BOS Server
+started.
+<P><LI>The <TT>Last error exit</TT> time when the process (or one of the
+component processes in the <B>fs</B> process) last failed due to an
+error. A further explanation such as <TT>due to shutdown request</TT>
+sometimes appears. This line does not appear if the process has not
+failed since the BOS Server started.
+<P><LI>Each command that the BOS Server invokes to start the process, as
+specified by the <B>-cmd</B> argument to the <B>bos create</B>
+command.
+<P><LI>The pathname of the notifier program that the BOS Server invokes when the
+process terminates (if any), as specified by the <B>-notifier</B> argument
+to the <B>bos create</B> command.
+</UL>
+<P>In addition, if the BOS Server has found that the mode bits on certain
+files and directories under <B>/usr/afs</B> deviate from what it expects,
+it prints the following warning message:
+<PRE> Bosserver process reports inappropriate access on server directories
+</PRE>
+<P>The expected protections for the directories and files in the
+<B>/usr/afs</B> directory are as follows. A question mark indicates
+that the BOS Server does not check the mode bit. See the <I>IBM AFS
+Quick Beginnings</I> for more information about setting the protections on
+these files and directories.
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/backup</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/db</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/KeyFile</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>????<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/UserList</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>?????<TT>--</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/local</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/logs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR></TABLE>
+<P>The following illustrates the extended output for the <B>fs</B> process
+running on the machine <B>fs3.abc.com</B>:
+<PRE> % <B>bos status fs3.abc.com fs -long</B>
+ Instance fs, (type is fs), currently running normally.
+ Auxiliary status is file server running
+ Process last started at Mon May 3 8:29:19 1999 (3 proc starts)
+ Last exit at Mon May 3 8:29:19 1999
+ Last error exit at Mon May 3 8:29:19 1999, due to shutdown request
+ Command 1 is '/usr/afs/bin/fileserver'
+ Command 2 is '/usr/afs/bin/volserver'
+ Command 3 is '/usr/afs/bin/salvager'
+</PRE>
+<HR><H2><A NAME="HDRWQ161" HREF="auagd002.htm#ToC_182">Creating and Removing Processes</A></H2>
+<A NAME="IDX6330"></A>
+<A NAME="IDX6331"></A>
+<A NAME="IDX6332"></A>
+<A NAME="IDX6333"></A>
+<A NAME="IDX6334"></A>
+<A NAME="IDX6335"></A>
+<A NAME="IDX6336"></A>
+<A NAME="IDX6337"></A>
+<P>To start a new AFS server process on a server machine, issue the <B>bos
+create</B> command, which creates an entry in the
+<B>/usr/afs/local/BosConfig</B> file, sets the process's status flag
+to <TT>Run</TT> both in the file and in the BOS Server's memory, and
+starts it running immediately. The binary file for the new process must
+already be installed, by convention in the <B>/usr/afs/bin</B> directory
+(see <A HREF="auagd008.htm#HDRWQ111">Installing New Binaries</A>).
+<P>To stop a process permanently, first issue the <B>bos stop</B> command,
+which changes the process's status flag to <TT>NotRun</TT> in both the
+<B>BosConfig</B> file and the BOS Server's memory; it is marked
+as <TT>disabled</TT> in the output from the <B>bos status</B>
+command. If desired, issue the <B>bos delete</B> command to remove
+the process's entry from the <B>BosConfig</B> file; the process
+no longer appears in the <B>bos status</B> command's output.
+<P>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you are starting or stopping a database server process in the manner
+described in this section, follow the complete instructions in the <I>IBM
+AFS Quick Beginnings</I> for creating or removing a database server
+machine. If you run one database server process on a given machine, you
+must run them all; for more information, see <A HREF="#HDRWQ156">About Starting and Stopping the Database Server Processes</A>. Similarly, if you are stopping the
+<B>upserver</B> process on the system control machine or a binary
+distribution machine, you must complete the additional tasks described in <A HREF="#HDRWQ157">About Starting and Stopping the Update Server</A>.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ162" HREF="auagd002.htm#ToC_183">To create and start a new process</A></H3>
+<A NAME="IDX6338"></A>
+<A NAME="IDX6339"></A>
+<A NAME="IDX6340"></A>
+<A NAME="IDX6341"></A>
+<A NAME="IDX6342"></A>
+<A NAME="IDX6343"></A>
+<A NAME="IDX6344"></A>
+<A NAME="IDX6345"></A>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>(Optional)</B> Verify that the process's binaries are
+installed in the <B>/usr/afs/bin</B> directory on this machine. If
+necessary, login at the console or telnet to the machine and list the contents
+of the <B>/usr/afs/bin</B> directory.
+<P>If the binaries are not present, install them on the binary distribution
+machine of the appropriate system type, and wait for the Update Server to copy
+them to this machine. For instructions, see <A HREF="auagd008.htm#HDRWQ111">Installing New Binaries</A>.
+<PRE> % <B>ls /usr/afs/bin</B>
+</PRE>
+<P><LI><A NAME="LIWQ163"></A>Issue the <B>bos create</B> command to create an entry in
+the <B>BosConfig</B> file and start the process.
+<PRE> % <B>bos create</B> <<VAR>machine name</VAR>> <<VAR>server process name</VAR>> \
+ <<VAR>server type</VAR>> <<VAR>command lines</VAR>><SUP>+</SUP> [ <B>-notifier</B> <<VAR>Notifier program</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cr
+</B><DD>Is the shortest acceptable abbreviation of <B>create</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the file server machine on which to create the process.
+<P><DT><B><VAR>server process name</VAR>
+</B><DD>Names the process to create and start. For simple processes, the
+conventional value is the name of the process's binary file. It is
+best to use the same name on every server machine that runs the
+process. The following is a list of the conventional names for simple
+and fs-type processes (there are no standard cron processes).
+<UL>
+<P><LI><B>buserver</B> for the Backup Server
+<P><LI><B>fs</B> for the process that combines the File Server, Volume
+Server, and Salvager
+<P><LI><B>kaserver</B> for the Authentication Server
+<P><LI><B>ptserver</B> for the Protection Server
+<P><LI><B>runntp</B> for the controller process for the Network Time Protocol
+Daemon
+<P><LI><B>upclientbin</B> for the client portion of the Update Server that
+references the binary distribution machine of this machine's system type
+<P><LI><B>upclientetc</B> for the client portion of the Update Server that
+references the system control machine
+<P><LI><B>vlserver</B> for the Volume Location (VL) Server
+</UL>
+<P><DT><B><VAR>server type</VAR>
+</B><DD>Defines the process's type. Choose one of the following
+values:
+<UL>
+<P><LI><B>cron</B> for a cron process
+<P><LI><B>fs</B> for the process named <B>fs</B>
+<P><LI><B>simple</B> for all other processes listed as acceptable values for
+the <VAR>server process name</VAR> argument
+</UL>
+<P><DT><B><VAR>command lines</VAR>
+</B><DD>Specifies each command the BOS Server runs to start the process.
+Specify no more than six commands (which can include the command's
+options, in which case the entire string is surrounded by double quotes);
+any additional commands are ignored.
+<P>For a simple process, provide the complete pathname of the process's
+binary file on the local disk (for example, <B>/usr/afs/bin/ptserver</B>
+for the Protection Server). If including any of the initialization
+command's options, surround the entire command in double quotes (<B>"
+"</B>). The <B>upclient</B> process has a required argument, and
+the commands for all other processes take optional arguments.
+<A NAME="IDX6346"></A>
+<P>For the <B>fs</B> process, provide the complete pathname of the local
+disk binary file for each of the component processes:
+<B>fileserver</B>, <B>volserver</B>, and <B>salvager</B>, in that
+order. The standard binary directory is <B>/usr/afs/bin</B>.
+If including any of an initialization command's options, surround the
+entire command in double quotes (<B>" "</B>).
+<A NAME="IDX6347"></A>
+<P>For a <B>cron</B> process, provide two parameters:
+<A NAME="IDX6348"></A>
+<UL>
+<P><LI>The complete local disk pathname of either an executable file or a command
+from one of the AFS suites (complete with all of the necessary
+arguments). Surround this parameter with double quotes (<B>" "</B>)
+if it contains spaces.
+<P><LI>A specification of when the BOS Server executes the file or command
+indicated by the first parameter. There are three acceptable
+values:
+<UL>
+<P><LI>The string <B>now</B>, which directs the BOS Server to execute the
+file or command immediately and only once. It is usually simpler to
+issue the command directly or issue the <B>bos exec</B> command.
+<P><LI>A time of day. The BOS Server executes the file or command daily at
+the indicated time. Separate the hours and minutes with a colon
+(<I>hh</I>:<I>MM</I>), and use either 24-hour format, or a value
+in the range from <B>1:00</B> through <B>12:59</B> with
+the addition of <B>am</B> or <B>pm</B>. For example, both
+<B>14:30</B> and <B>"2:30 pm"</B> indicate 2:30 in
+the afternoon. Surround this parameter with double quotes (<B>"
+"</B>) if it contains a space.
+<P><LI>A day of the week and time of day, separated by a space and surrounded
+with double quotes (<B>" "</B>). The BOS Server executes the file
+or command weekly at the indicated day and time. For the day, provide
+either the whole name or the first three letters, all in lowercase letters
+(<B>sunday</B> or <B>sun</B>, <B>thursday</B> or <B>thu</B>,
+and so on). For the time, use the same format as when specifying the
+time alone.
+</UL>
+</UL>
+<P><DT><B>-notifier
+</B><DD>Specifies the pathname of a program that the BOS Server runs when the
+process terminates. For more information on notifier programs, see the
+<B>bos create</B> command reference page in the <I>IBM AFS
+Administration Reference</I>.
+</DL>
+</OL>
+<P>The following example defines and starts the Protection Server on the
+machine <B>db2.abc.com</B>:
+<PRE>
+ % <B>bos create db2.abc.com ptserver simple /usr/afs/bin/ptserver</B>
+
+</PRE>
+<P>The following example defines and starts the <B>fs</B> process on the
+machine <B>fs6.abc.com</B>.
+<PRE>
+ % <B>bos create fs6.abc.com fs fs /usr/afs/bin/fileserver </B> \
+ <B>/usr/afs/bin/volserver /usr/afs/bin/salvager</B>
+
+</PRE>
+<P>The following example defines and starts a cron process called
+<B>backupuser</B> process on the machine
+<B>fs3.abc.com</B>, scheduling it to run each day at
+3:00 a.m.
+<PRE> % <B>bos create fs3.abc.com backupuser cron "/usr/afs/bin/vos backupsys -prefix user -local" 3:00</B>
+</PRE>
+<P><H3><A NAME="Header_184" HREF="auagd002.htm#ToC_184">To stop a process and remove it from the BosConfig file</A></H3>
+<A NAME="IDX6349"></A>
+<A NAME="IDX6350"></A>
+<A NAME="IDX6351"></A>
+<A NAME="IDX6352"></A>
+<A NAME="IDX6353"></A>
+<A NAME="IDX6354"></A>
+<A NAME="IDX6355"></A>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><A NAME="LIPROC-STOP"></A>Issue the <B>bos stop</B> command to change each
+process's status flag in the <B>BosConfig</B> file to
+<TT>NotRun</TT> and to stop it. You must issue this command even for
+cron processes that you wish to remove from the <B>BosConfig</B> file,
+even though they do not run continuously. For a detailed description of
+this command, see <A HREF="#HDRWQ165">To stop a process by changing its status to NotRun</A>.
+<PRE>
+ % <B>bos stop</B> <<VAR>machine name</VAR>> <<VAR>server process name</VAR>><SUP>+</SUP> [<B>-wait</B>]
+
+</PRE>
+<P><LI><A NAME="LIPROC-DEL"></A>Issue the <B>bos delete</B> command to remove each
+process from the <B>BosConfig</B> file.
+<PRE> % <B>bos delete</B> <<VAR>machine name</VAR>> <<VAR>server process name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>d
+</B><DD>Is the shortest acceptable abbreviation of <B>delete</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which to remove processes from the
+<B>BosConfig</B> file.
+<P><DT><B><VAR>server process name</VAR>
+</B><DD>Names each process entry to remove from the <B>BosConfig</B>
+file. Provide the same names as in Step <A HREF="#LIPROC-STOP">2</A>.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ164" HREF="auagd002.htm#ToC_185">Stopping and Starting Processes Permanently</A></H2>
+<A NAME="IDX6356"></A>
+<A NAME="IDX6357"></A>
+<A NAME="IDX6358"></A>
+<A NAME="IDX6359"></A>
+<P>To stop a process so that the BOS Server no longer attempts to monitor it,
+issue the <B>bos stop</B> command. The process's status flag
+is set to <TT>NotRun</TT> in both the BOS Server's memory and in the
+<B>BosConfig</B> file. The process does not run again until you
+issue the <B>bos start</B> command, which sets its status flag back to
+<TT>Run</TT> in both the BOS Server's memory and in the
+<B>BosConfig</B> file. (You can also use the <B>bos startup</B>
+command to start the process again without changing its status flag in the
+<B>BosConfig</B> file; see <A HREF="#HDRWQ167">Stopping and Starting Processes Temporarily</A>.)
+<P>There is no entry for the BOS Server in the <B>BosConfig</B> file, so
+the <B>bos stop</B> and <B>bos start</B> commands do not control
+it. To stop and immediately restart the BOS Server along with all other
+processes, use the <B>-bosserver</B> flag to the <B>bos restart</B>
+command as described in <A HREF="#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<P>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you are starting or stopping a database server process in the manner
+described in this section, follow the complete instructions in the <I>IBM
+AFS Quick Beginnings</I> for creating or removing a database server
+machine. If you run one database server process on a given machine, you
+must run them all; for more information, see <A HREF="#HDRWQ156">About Starting and Stopping the Database Server Processes</A>. Similarly, if you are stopping the
+<B>upserver</B> process on the system control machine or a binary
+distribution machine, you must complete the additional tasks described in <A HREF="#HDRWQ157">About Starting and Stopping the Update Server</A>.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ165" HREF="auagd002.htm#ToC_186">To stop a process by changing its status to NotRun</A></H3>
+<A NAME="IDX6360"></A>
+<A NAME="IDX6361"></A>
+<A NAME="IDX6362"></A>
+<A NAME="IDX6363"></A>
+<A NAME="IDX6364"></A>
+<A NAME="IDX6365"></A>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos stop</B> command to stop each process and set its
+status flag to <TT>NotRun</TT> in the <B>BosConfig</B> file and the BOS
+Server's memory.
+<PRE> % <B>bos stop</B> <<VAR>machine name</VAR>> <<VAR>server process name</VAR>><SUP>+</SUP> [<B>-wait</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sto
+</B><DD>Is the shortest acceptable abbreviation of <B>stop</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which to stop the process.
+<P><DT><B><VAR>server process name</VAR>
+</B><DD>Names each process to stop, using the name assigned when its entry was
+defined with the <B>bos create</B> command.
+<P><DT><B>-wait
+</B><DD>Delays the return of the command shell prompt until all specified
+processes have stopped. If you omit the flag, the prompt returns almost
+immediately, even if all processes are not yet stopped.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ166" HREF="auagd002.htm#ToC_187">To start processes by changing their status flags to Run</A></H3>
+<A NAME="IDX6366"></A>
+<A NAME="IDX6367"></A>
+<A NAME="IDX6368"></A>
+<A NAME="IDX6369"></A>
+<A NAME="IDX6370"></A>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><A NAME="LIPROC-START"></A>Issue the <B>bos start</B> command to change each
+process's status flag to <TT>Run</TT> in both the <B>BosConfig</B>
+file and the BOS Server's memory and to start it.
+<PRE> % <B>bos start</B> <<VAR>machine name</VAR>> <<VAR>server process name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>start
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which to start running each
+process.
+<P><DT><B><VAR>server process name</VAR>
+</B><DD>Specifies each process to start on <VAR>machine name</VAR>. Use the
+name assigned to the process at creation.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ167" HREF="auagd002.htm#ToC_188">Stopping and Starting Processes Temporarily</A></H2>
+<P>It is sometimes necessary to halt a process temporarily (for
+example, to make slight configuration changes or to perform
+maintenance). The commands described in this section change a
+process's status in the BOS Server's memory only; the effect is
+immediate and lasts until you change the memory state again (or until the BOS
+Server restarts, at which time it starts the process according to its entry in
+the <B>BosConfig</B> file).
+<P>To stop a process temporarily by changing its status flag in BOS Server
+memory to <TT>NotRun</TT>, use the <B>bos shutdown</B> command.
+To restart a stopped process by changing its status flag in the BOS
+Server's memory to <TT>Run</TT>, use the <B>bos startup</B>
+command. The process starts regardless of its status flag in the
+<B>BosConfig</B> file. You can also use the <B>bos startup</B>
+command to start all processes marked with status flag <TT>Run</TT> in the
+<B>BosConfig</B> file, as described in the following instructions.
+<P>Because the <B>bos startup</B> command starts a process without
+changing it status flag in the <B>BosConfig</B> file, it is useful for
+testing a server process without enabling it permanently. To stop and
+start processes by changing their status flags in the <B>BosConfig</B>
+file, see <A HREF="#HDRWQ164">Stopping and Starting Processes Permanently</A>; to stop and immediately restart a process, see <A HREF="#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Do not temporarily stop a database server process on all machines at
+once. Doing so makes the database completely unavailable.
+</TD></TR></TABLE>
+<A NAME="IDX6371"></A>
+<A NAME="IDX6372"></A>
+<P><H3><A NAME="HDRWQ168" HREF="auagd002.htm#ToC_189">To stop processes temporarily</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><A NAME="LIWQ169"></A>Issue the <B>bos shutdown</B> command to stop each process
+by changing its status flag in the BOS Server's memory to
+<TT>NotRun</TT>.
+<PRE> % <B>bos shutdown</B> <<VAR>machine name</VAR>> [<<VAR>instances</VAR>><SUP>+</SUP>] [<B>-wait</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sh
+</B><DD>Is the shortest acceptable abbreviation of <B>shutdown</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which to stop processes
+temporarily.
+<P><DT><B><VAR>instances</VAR>
+</B><DD>Specifies each process to stop temporarily. Use the name assigned
+to the process at creation.
+<P><DT><B>-wait
+</B><DD>Delays the return of the command shell prompt until all specified
+processes have actually stopped. If you omit the flag, the prompt
+returns almost immediately, even if all processes are not yet stopped.
+</DL>
+</OL>
+<A NAME="IDX6373"></A>
+<A NAME="IDX6374"></A>
+<P><H3><A NAME="Header_190" HREF="auagd002.htm#ToC_190">To start all stopped processes that have status flag Run in the BosConfig file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos startup</B> command to start each process on a
+machine that has status flag <TT>Run</TT> in the <B>BosConfig</B> file
+by changing its status flag in the BOS Server's memory from
+<TT>NotRun</TT> to <TT>Run</TT>.
+<PRE> % <B>bos startup</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>startup
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which you wish to start all processes that
+have status flag <TT>Run</TT> in the <B>BosConfig</B> file.
+</DL>
+</OL>
+<P><H3><A NAME="Header_191" HREF="auagd002.htm#ToC_191">To start specific processes</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos startup</B> command to start specific processes by
+changing their status flags in the BOS Server's memory to <TT>Run</TT>
+without changing their status flags in the <B>BosConfig</B> file.
+<PRE> % <B>bos startup</B> <<VAR>machine name</VAR>> <<VAR>instances</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>startup
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the server machine on which to start processes.
+<P><DT><B><VAR>instances</VAR>
+</B><DD>Specifies each process to start. Use the name assigned to the
+process at creation.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ170" HREF="auagd002.htm#ToC_192">Stopping and Immediately Restarting Processes</A></H2>
+<A NAME="IDX6375"></A>
+<A NAME="IDX6376"></A>
+<P>Although by default the BOS Server checks each day for new installed binary
+files and restarts the associated processes, it is sometimes desirable to stop
+and restart processes immediately. The <B>bos restart</B> command
+provides this functionality, starting a completely new instance of each
+affected process:
+<UL>
+<P><LI>To stop and restart the BOS Server, which then restarts all processes
+marked with the <TT>Run</TT> status flag in the <B>BosConfig</B> file,
+include the <B>-bosserver</B> flag.
+<P><LI>To stop and restart all processes marked with the <TT>Run</TT> status
+flag in the <B>BosConfig</B> file, include the <B>-all</B>
+flag. The BOS Server does not restart
+<P><LI>To stop and restart specific processes regardless of the setting of their
+status flags in the <B>BosConfig</B> file, specify the name of each
+process to restart.
+</UL>
+<P>Restarting processes causes a service outage. It is usually best to
+schedule restarts for periods of low usage. The BOS Server
+automatically restarts all processes once a week, to reduce the potential for
+the core leaks that can develop as any process runs for an extended time;
+see <A HREF="#HDRWQ171">Setting the BOS Server's Restart Times</A>.
+<A NAME="IDX6377"></A>
+<A NAME="IDX6378"></A>
+<P>
+<A NAME="IDX6379"></A>
+<A NAME="IDX6380"></A>
+<A NAME="IDX6381"></A>
+<A NAME="IDX6382"></A>
+<A NAME="IDX6383"></A>
+<P><H3><A NAME="Header_193" HREF="auagd002.htm#ToC_193">To stop and restart all processes including the BOS Server</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos restart</B> command with the <B>-bosserver</B>
+flag to stop and restart the BOS Server, which restarts every process marked
+with status flag <TT>Run</TT> in the <B>BosConfig</B> file.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>-bosserver</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>res
+</B><DD>Is the shortest acceptable abbreviation of <B>restart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which to restart all processes.
+<P><DT><B>-bosserver
+</B><DD>Stops the BOS Server and all processes running on the machine. A
+new BOS Server instance starts; it then starts new instances of all
+processes marked with status flag <TT>Run</TT> in the <B>BosConfig</B>
+file.
+</DL>
+</OL>
+<A NAME="IDX6384"></A>
+<A NAME="IDX6385"></A>
+<A NAME="IDX6386"></A>
+<A NAME="IDX6387"></A>
+<P><H3><A NAME="Header_194" HREF="auagd002.htm#ToC_194">To stop and immediately restart all processes except the BOS Server</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos restart</B> command with the <B>-all</B> flag to
+stop and immediately restart every process marked with status flag
+<TT>Run</TT> in the <B>BosConfig</B> file. The BOS Server does
+not restart.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>-all</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>res
+</B><DD>Is the shortest acceptable abbreviation of <B>restart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine on which to stop and restart
+processes.
+<P><DT><B>-all
+</B><DD>Stops and immediately restarts all processes marked with status flag
+<TT>Run</TT> in the <B>BosConfig</B> file.
+</DL>
+</OL>
+<A NAME="IDX6388"></A>
+<A NAME="IDX6389"></A>
+<A NAME="IDX6390"></A>
+<A NAME="IDX6391"></A>
+<P><H3><A NAME="Header_195" HREF="auagd002.htm#ToC_195">To stop and immediately restart specific processes</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos restart</B> command to stop and immediately restart
+one or more specified processes, regardless of their status flag setting in
+the <B>BosConfig</B> file.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <<VAR>instances</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>res
+</B><DD>Is the shortest acceptable abbreviation of <B>restart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the server machine on which to restart the specified
+processes.
+<P><DT><B><VAR>instances</VAR>
+</B><DD>Specifies each process to stop and immediately restart. Use the
+name assigned to the process at creation.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ171" HREF="auagd002.htm#ToC_196">Setting the BOS Server's Restart Times</A></H2>
+<A NAME="IDX6392"></A>
+<A NAME="IDX6393"></A>
+<A NAME="IDX6394"></A>
+<A NAME="IDX6395"></A>
+<A NAME="IDX6396"></A>
+<A NAME="IDX6397"></A>
+<A NAME="IDX6398"></A>
+<A NAME="IDX6399"></A>
+<A NAME="IDX6400"></A>
+<P>The BOS Server by default restarts once a week, and the new instance
+restarts all processes marked with status flag <TT>Run</TT> in the local
+<B>/usr/afs/local/BosConfig</B> file (this is equivalent to issuing the
+<B>bos restart</B> command with the <B>-bosserver</B> flag).
+The default restart time is Sunday at 4:00 a.m. The weekly
+restart is designed to minimize <I>core leaks</I>, which can develop as a
+process continues to allocate virtual memory but does not free it
+again. When the memory is completely exhausted, the machine can no
+longer function correctly.
+<P>The BOS Server also by default checks once a day for any newly installed
+binary files. If it finds that the modification time stamp on a
+process's binary file in the <B>/usr/afs/bin</B> directory is more
+recent than the time at which the process last started, it restarts the
+process so that a new instance starts using the new binary file. The
+default binary-checking time is 5:00 a.m.
+<P>Because restarts can cause outages during which the file system is
+inaccessible, the default times for restarts are in the early morning when
+usage is likely to be lowest. Restarting a database server process on
+any database server machine usually makes the entire system unavailable to
+everyone for a brief time, whereas restarting other types of processes
+inconveniences only users interacting with that process on that
+machine. The longest outages typically result from restarting the
+<B>fs</B> process, because the File Server must reattach all
+volumes.
+<A NAME="IDX6401"></A>
+<A NAME="IDX6402"></A>
+<A NAME="IDX6403"></A>
+<P>The <B>BosConfig</B> file on each file server machine records the two
+restart times. To display the current setting, issue the <B>bos
+getrestart</B> command. To reset a time, use the <B>bos
+setrestart</B> command.
+<A NAME="IDX6404"></A>
+<A NAME="IDX6405"></A>
+<A NAME="IDX6406"></A>
+<P><H3><A NAME="Header_197" HREF="auagd002.htm#ToC_197">To display the BOS Server restart times</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos getrestart</B> command to display the automatic
+restart times.
+<PRE> % <B>bos getrestart</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>getr
+</B><DD>Is the shortest acceptable abbreviation of <B>getrestart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine for which to display the restart
+times.
+</DL>
+</OL>
+<A NAME="IDX6407"></A>
+<A NAME="IDX6408"></A>
+<A NAME="IDX6409"></A>
+<P><H3><A NAME="HDRWQ172" HREF="auagd002.htm#ToC_198">To set the general or binary restart time</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos setrestart</B> command with the <B>-general</B>
+flag to set the general restart time or the <B>-newbinary</B> flag to set
+the binary restart time. The command accepts only one of the flags at a
+time.
+<PRE> % <B>bos setrestart</B> <<VAR>machine name</VAR>> "<<VAR>time to restart server</VAR>>" [<B>-general</B>] [<B>-newbinary</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>setr
+</B><DD>Is the shortest acceptable abbreviation of <B>setrestart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine.
+<P><DT><B><VAR>time to restart server</VAR>
+</B><DD>Sets when the BOS Server restarts itself (if combined with the
+<B>-general</B> flag) or any process with a new binary file (if combined
+with the <B>-newbinary</B> flag). Provide one of the following
+types of values:
+<UL>
+<P><LI>The string <B>never</B>, which directs the BOS Server never to perform
+the indicated type of restart.
+<P><LI>A time of day (the conventional type of value for the binary restart
+time). Separate the hours and minutes with a colon
+(<I>hh</I>:<I>MM</I>), and use either 24-hour format, or a value
+in the range from <B>1:00</B> through <B>12:59</B> with
+the addition of <B>am</B> or <B>pm</B>. For example, both
+<B>14:30</B> and <B>"2:30 pm"</B> indicate 2:30 in
+the afternoon. Surround this parameter with double quotes (<B>"
+"</B>) if it contains a space.
+<P><LI>A day of the week and time of day, separated by a space and surrounded
+with double quotes (<B>" "</B>). This is the conventional type of
+value for the general restart. For the day, provide either the whole
+name or the first three letters, all in lowercase letters (<B>sunday</B>
+or <B>sun</B>, <B>thursday</B> or <B>thu</B>, and so on).
+For the time, use the same format as when specifying the time alone.
+</UL>
+<P>If desired, precede a time or day and time definition with the string
+<B>every</B> or <B>at</B>. These words do not change the
+meaning, but possibly make the output of the <B>bos getrestart</B> command
+easier to understand.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the specified time is within one hour of the current time, the BOS Server
+does not perform the restart until the next eligible time (the next day for a
+time or next week for a day and time).
+</TD></TR></TABLE>
+<P><DT><B>-general
+</B><DD>Sets the general restart time when the BOS Server restarts itself.
+<P><DT><B>-newbinary
+</B><DD>Sets the restart time for processes with new binary files.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ173" HREF="auagd002.htm#ToC_199">Displaying Server Process Log Files</A></H2>
+<A NAME="IDX6410"></A>
+<A NAME="IDX6411"></A>
+<A NAME="IDX6412"></A>
+<A NAME="IDX6413"></A>
+<A NAME="IDX6414"></A>
+<A NAME="IDX6415"></A>
+<A NAME="IDX6416"></A>
+<A NAME="IDX6417"></A>
+<A NAME="IDX6418"></A>
+<A NAME="IDX6419"></A>
+<A NAME="IDX6420"></A>
+<A NAME="IDX6421"></A>
+<A NAME="IDX6422"></A>
+<A NAME="IDX6423"></A>
+<A NAME="IDX6424"></A>
+<A NAME="IDX6425"></A>
+<A NAME="IDX6426"></A>
+<A NAME="IDX6427"></A>
+<P>The <B>/usr/afs/logs</B> directory on each file server machine contains
+log files that detail interesting events that occur during normal operation of
+some AFS server processes. The self-explanatory information in the log
+files can help you evaluate process failures and other problems. To
+display a log file remotely, issue the <B>bos getlog</B> command.
+You can also establish a connection to the server machine and use a text
+editor or other file display program (such as the <B>cat</B>
+command).
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Log files can grow unmanageably large if you do not periodically shutdown and
+restart the database server processes (for example, if you disable the general
+restart time). In this case it is a good policy periodically to issue
+the UNIX <B>rm</B> command to delete the current log file. The
+server process automatically creates a new one as needed.
+</TD></TR></TABLE>
+<A NAME="IDX6428"></A>
+<A NAME="IDX6429"></A>
+<P><H3><A NAME="Header_200" HREF="auagd002.htm#ToC_200">To examine a server process log file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos getlog</B> command to display a log file.
+<PRE> % <B>bos getlog</B> <<VAR>machine name</VAR>> <<VAR>log file to examine</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>getl
+</B><DD>Is the shortest acceptable abbreviation of <B>getlog</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the server machine from which to display the log file.
+<P><DT><B><VAR>log file to examine</VAR>
+</B><DD>Names the log file to be displayed. Provide one of the following
+file names to display the indicated log file from the <B>/usr/afs/logs</B>
+directory.
+<UL>
+<P><LI><B>AuthLog</B> for the Authentication Server log file
+<P><LI><B>BackupLog</B> for the Backup Server log file
+<P><LI><B>BosLog</B> for the BOS Server log file
+<P><LI><B>FileLog</B> for the File Server log file
+<P><LI><B>SalvageLog</B> for the Salvager log file
+<P><LI><B>VLLog</B> for the Volume Location (VL) Server log file
+<P><LI><B>VolserLog</B> for the Volume Server log file
+</UL>
+<P>You can provide a full or relative pathname to display a file from another
+directory. Relative pathnames are interpreted relative to the
+<B>/usr/afs/logs</B> directory.
+</DL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd010.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd009.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd011.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ174" HREF="auagd002.htm#ToC_201">Managing Volumes</A></H1>
+<P>This chapter explains how to manage the volumes stored on
+file server machines. The volume is the designated unit of
+administration in AFS, so managing them is a large part of the
+administrator's duties.
+<HR><H2><A NAME="HDRWQ175" HREF="auagd002.htm#ToC_202">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Create read/write volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos create</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Create read-only volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos addsite</B> <B> and</B> <B>vos release</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Create backup volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos backup</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Create many backup volumes at once
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos backupsys</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine VLDB entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos listvldb</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine volume header
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos listvol</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Examine both VLDB entry and volume header
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display volume's name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs listquota</B> <B>or</B> <B>fs examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display volume's ID number
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs examine</B> <B>or</B> <B>vos examine</B> <B>or</B>
+<B>vos listvol</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display partition's size and space available
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos partinfo</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display volume's location
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs whereis</B> <B>or</B> <B>vos examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Create mount point
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs mkmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove mount point
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs rmmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display mount point
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs lsmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Move read/write volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos move</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Synchronize VLDB with volume headers
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos syncvldb</B> <B>and</B> <B>vos syncserv</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Set volume quota
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs setvol</B> <B>or</B> <B>fs setquota</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display volume quota
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs quota</B> <B>or</B> <B>fs listquota</B> <B>or</B>
+<B>fs examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display volume's current size
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>fs listquota</B> <B>or</B> <B>fs examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Display list of volumes on a machine/partition
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos listvol</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove read/write volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos remove</B> <B>and</B> <B>fs rmmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove read-only volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos remove</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove backup volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos remove</B> <B>and</B> <B>fs rmmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove volume; no VLDB change
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos zap</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove read-only site definition
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos remsite</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Remove VLDB entry; no volume change
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos delentry</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Dump volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos dump</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Restore dumped volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos restore</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Rename volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos rename</B>, <B>fs rmmount</B> <B>and</B> <B>fs
+mkmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Unlock volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos unlock</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Unlock multiple volumes
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos unlockvldb</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="58%">Lock volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="42%"><B>vos lock</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ177" HREF="auagd002.htm#ToC_203">About Volumes</A></H2>
+<A NAME="IDX6430"></A>
+<P>An AFS <I>volume</I> is a logical unit of disk space that functions
+like a container for the files in an AFS directory, keeping them all together
+on one partition of a file server machine. To make a volume's
+contents visible in the cell's file tree and accessible to users, you
+mount the volume at a directory location in the AFS filespace. The
+association between the volume and its location in the filespace is called a
+<I>mount point</I>, and because of AFS's internal workings it looks
+and acts just like a standard directory element. Users can access and
+manipulate a volume's contents in the same way they access and manipulate
+the contents of a standard UNIX directory. For more on the relationship
+between volumes and directories, see <A HREF="#HDRWQ183">About Mounting Volumes</A>.
+<P>Many of an administrator's daily activities involve manipulating
+volumes, since they are the basic storage and administrative unit of
+AFS. For a discussion of some of the ways volumes can make your job
+easier, see <A HREF="#HDRWQ179">How Volumes Improve AFS Efficiency</A>.
+<P><H3><A NAME="HDRWQ178" HREF="auagd002.htm#ToC_204">The Three Types of Volumes</A></H3>
+<P>There are three types of volumes in AFS, as described in the
+following list:
+<UL>
+<P><LI>The single <I>read/write</I> version of a volume houses the modifiable
+versions of the files and directories in that volume.
+<A NAME="IDX6431"></A>
+It is often referred to as the <I>read/write source</I> because volumes of
+the other two types are derived from it by a copying procedure called
+<I>cloning</I>. For instructions on creating read/write volumes,
+see <A HREF="#HDRWQ185">Creating Read/write Volumes</A>.
+<P><LI>A <I>read-only</I> volume is a copy of the read/write source volume
+and can exist at multiple <I>sites</I> (a site is a particular partition
+on a particular file server machine).
+<A NAME="IDX6432"></A>
+<A NAME="IDX6433"></A>
+<A NAME="IDX6434"></A>
+Placing the same data at more than one site is called
+<I>replication</I>; see <A HREF="#HDRWQ179">How Volumes Improve AFS Efficiency</A>. As the name suggests, a
+read-only volume's contents do not change automatically as the read/write
+source changes, but only when an administrator issues the <B>vos
+release</B> command. For users to have a consistent view of the AFS
+filespace, all copies of the read-only volume must match each other and their
+read/write source. All read-only volumes share the same name, which is
+derived by adding the <B>.readonly</B> extension to the read/write
+source's name. For instructions on creating of read-only volumes,
+see <A HREF="#HDRWQ192">Replicating Volumes (Creating Read-only Volumes)</A>.
+<P><LI>A <I>backup</I> volume is a clone of the read/write source volume and
+is stored at the same site as the source.
+<A NAME="IDX6435"></A>
+A backup version is useful because it records the state of the read/write
+source at a certain time, allowing recovery of data that is later mistakenly
+changed or deleted (for further discussion see <A HREF="#HDRWQ179">How Volumes Improve AFS Efficiency</A>). A backup volume's name is derived by adding
+the <B>.backup</B> extension to the read/write source's
+name. For instructions on creating of backup volumes, see <A HREF="#HDRWQ201">Creating Backup Volumes</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A backup volume is not the same as the backup of a volume transferred to tape
+using the AFS Backup System, although making a backup version of a volume is
+usually a stage in the process of backing up the volume to tape. For
+information on backing up a volume using the AFS Backup System, see <A HREF="auagd012.htm#HDRWQ296">Backing Up Data</A>.
+</TD></TR></TABLE>
+</UL>
+<P>As noted, the three types of volumes are related to one another:
+read-only and backup volumes are both derived from a read/write volume through
+a process called cloning. Read-only and backup volumes are exact copies
+of the read/write source at the time they are created.
+<P><H3><A NAME="HDRWQ179" HREF="auagd002.htm#ToC_205">How Volumes Improve AFS Efficiency</A></H3>
+<A NAME="IDX6436"></A>
+<P>Volumes make your cell easier to manage and more efficient in the following
+three ways:
+<UL>
+<P><LI>Volumes are easy to move between partitions, on the same or different
+machines, because they are by definition smaller than a partition.
+<A NAME="IDX6437"></A>
+Perhaps the most common reasons to move volumes are to balance the load among
+file server machines or to take advantage of greater disk capacity on certain
+machines. You can move volumes as often as necessary without disrupting
+user access to their contents, because the move procedure makes the contents
+unavailable for only a few seconds. The automatic tracking of volume
+locations in the Volume Location Database (VLDB) assures that access remains
+transparent. For instructions on moving volumes, see <A HREF="#HDRWQ226">Moving Volumes</A>.
+<P><LI>Volumes are the unit of replication in AFS.
+<A NAME="IDX6438"></A>
+<A NAME="IDX6439"></A>
+<I>Replication</I> refers to creating a read-only clone from the
+read/write source and distributing of the clone to one or more sites.
+Replication improves system efficiency because more than one machine can fill
+requests for popular files. It also boosts system reliability by
+helping to keep data available in the face of machine or server process
+outage. In general, volumes containing popular application programs and
+other files that do not change often are the best candidates for replication,
+but you can replicate any read/write volume. See <A HREF="#HDRWQ192">Replicating Volumes (Creating Read-only Volumes)</A>.
+<P><LI>Volumes are the unit of backup in AFS, in two senses.
+<A NAME="IDX6440"></A>
+You can create a backup volume version to preserves the state of a read/write
+source volume at a specified time. You can mount the backup version in
+the AFS filespace, enabling users to restore data they have accidentally
+changed or deleted without administrator assistance, which frees you for more
+important jobs. If you make a new backup version of user volumes once a
+day (presumably overwriting the former backup), then users are always be able
+to retrieve the previous day's version of a file. For
+instructions, see <A HREF="#HDRWQ201">Creating Backup Volumes</A>.
+<P>Backup also refers to using the AFS Backup System to store permanent copies
+of volume contents on tape or in a special backup data. See <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+</UL>
+<P><H3><A NAME="HDRWQ180" HREF="auagd002.htm#ToC_206">Volume Information in the VLDB</A></H3>
+<P>The Volume Location Database (VLDB) includes entries for
+every volume in a cell. Perhaps the most important information in the
+entry is the volume's location, which is key to transparent access to AFS
+data. When a user opens a file, the Cache Manager consults the Volume
+Location (VL) Server, which maintains the VLDB, for a list of the file server
+machines that house the volume containing the file. The Cache Manager
+then requests the file from the File Server running on one of the relevant
+file server machines. The file location procedure is invisible to the
+user, who only needs to know the file's pathname.
+<A NAME="IDX6441"></A>
+<A NAME="IDX6442"></A>
+<A NAME="IDX6443"></A>
+<P>The VLDB volume entry for a read/write volume also contains the pertinent
+information about the read-only and backup versions, which do not have their
+own VLDB entries. (The rare exception is a read-only volume that has
+its own VLDB entry because its read/write source has been removed.) A
+volume's VLDB entry records the volume's name, the unique volume ID
+number for each version (read/write, read-only, backup, and releaseClone), a
+count of the number of sites that house a read/write or read-only version, and
+a list of the sites.
+<P>To display the VLDB entry for one or more volumes, use the <B>vos
+listvldb</B> command as described in <A HREF="#HDRWQ218">To display VLDB entries</A>. To display the VLDB entry for a single volume along
+with its volume header, use the <B>vos examine</B> command as described in
+<A HREF="#HDRWQ222">To display one volume's VLDB entry and volume header</A>. (See the following section for a description of the
+volume header.)
+<P><H3><A NAME="HDRWQ181" HREF="auagd002.htm#ToC_207">The Information in Volume Headers</A></H3>
+<A NAME="IDX6444"></A>
+<A NAME="IDX6445"></A>
+<P>Whereas all versions of a volume share one VLDB entry, each volume on an
+AFS server partition has its own <I>volume header</I>, a data structure
+that maps the files and directories in the volume to physical memory addresses
+on the partition that stores them. The volume header binds the
+volume's contents into a logical unit without requiring that they be
+stored in contiguous memory blocks. The volume header also records the
+following information about the volume, some of it redundant with the VLDB
+entry: name, volume ID number, type, size, status (online, offline, or
+busy), space quota, timestamps for creation date and date of last
+modification, and number of accesses during the current day.
+<P>To display the volume headers on one or more partitions, use the <B>vos
+listvol</B> command as described in <A HREF="#HDRWQ220">To display volume headers</A>. To display the VLDB entry for a single volume along
+with its volume header, use the <B>vos examine</B> command as described in
+<A HREF="#HDRWQ222">To display one volume's VLDB entry and volume header</A>.
+<P><H3><A NAME="HDRWQ182" HREF="auagd002.htm#ToC_208">Keeping the VLDB and Volume Headers Synchronized</A></H3>
+<A NAME="IDX6446"></A>
+<A NAME="IDX6447"></A>
+<A NAME="IDX6448"></A>
+<A NAME="IDX6449"></A>
+<A NAME="IDX6450"></A>
+<A NAME="IDX6451"></A>
+<P>It is vital that the information in the VLDB correspond to the status of
+the actual volumes on the servers (as recorded in volume headers) as much of
+the time as possible. If a volume's location information in the
+VLDB is incorrect, the Cache Manager cannot find access its contents.
+Whenever you issue a <B>vos</B> command that changes a volume's
+status, the Volume Server and VL Server cooperate to keep the volume header
+and VLDB synchronized. In rare cases, the header and VLDB can diverge,
+for instance because a <B>vos</B> operation halts prematurely. For
+instructions on resynchronizing them, see <A HREF="#HDRWQ227">Synchronizing the VLDB and Volume Headers</A>.
+<P><H3><A NAME="HDRWQ183" HREF="auagd002.htm#ToC_209">About Mounting Volumes</A></H3>
+<A NAME="IDX6452"></A>
+<A NAME="IDX6453"></A>
+<A NAME="IDX6454"></A>
+<P>To make a volume's contents visible in the cell's file tree and
+accessible to users, you mount the volume at a directory location in the AFS
+filespace. The association between the volume and its location in the
+filespace is called a <I>mount point</I>. An AFS mount point looks
+and functions like a regular UNIX file system directory, but structurally it
+is more like a symbolic link that tells the Cache Manager the name of the
+volume associated with the directory. A mount point looks and acts like
+a directory only because the Cache Manager knows how to interpret it.
+<P>Consider the common case where the Cache Manager needs to retrieve a file
+requested by an application program. The Cache Manager traverses the
+file's complete pathname, starting at the AFS root (by convention mounted
+at the <B>/afs</B> directory) and continuing to the file. When the
+Cache Manager encounters (or <I>crosses</I>) a mount point during the
+traversal, it reads it to learn the name of the volume mounted at that
+directory location. After obtaining location information about the
+volume from the Volume Location (VL) Server, the Cache Manager fetches the
+indicated volume and opens its root directory. The <I>root
+directory</I> of a volume lists all the files, subdirectories, and mount
+points that reside in it. The Cache Manager scans the root directory
+listing for the next element in the pathname. It continues down the
+path, using this method to interpret any other mount points it encounters,
+until it reaches the volume that houses the requested file.
+<A NAME="IDX6455"></A>
+<A NAME="IDX6456"></A>
+<P>Mount points act as the glue that connects the AFS file space, creating the
+illusion of a single, seamless file tree even when volumes reside on many
+different file server machines. A volume's contents are visible
+and accessible when the volume is mounted at a directory location, and are not
+accessible at all if the volume is not mounted.
+<P>You can mount a volume at more than one location in the file tree, but this
+is not recommended for two reasons. First, it distorts the hierarchical
+nature of the filespace. Second, the Cache Manager can become confused
+about which pathname it followed to reach the file (causing unpredictable
+output from the <B>pwd</B> command, for example). However, if you
+mount a volume at more than one directory, the access control list (ACL)
+associated with the volume's root directory applies to all of the mount
+points.
+<A NAME="IDX6457"></A>
+<A NAME="IDX6458"></A>
+<P>There are several types of mount points, each of which the Cache Manager
+handles in a different way and each of which is appropriate for a different
+purpose. See <A HREF="#HDRWQ208">Mounting Volumes</A>.
+<P><H3><A NAME="HDRWQ184" HREF="auagd002.htm#ToC_210">About Volume Names</A></H3>
+<A NAME="IDX6459"></A>
+<A NAME="IDX6460"></A>
+<P>A read/write volume's name can be up to 22 characters in
+length. The Volume Server automatically adds the
+<B>.readonly</B> and <B>.backup</B> extensions to
+read-only and backup volumes respectively. Do not explicitly add the
+extensions to volume names, even if they are appropriate.
+<P>It is conventional for a volume's name to indicate the type of data it
+houses. For example, it is conventional to name all user volumes
+<B>user</B>.<VAR>username</VAR> where <VAR>username</VAR> is the
+user's login name. Similarly, many cells elect to put system
+binaries in volumes with names that begin with the system type code.
+For a list of other naming conventions, see <A HREF="auagd007.htm#HDRWQ44">Creating Volumes to Simplify Administration</A>.
+<A NAME="IDX6461"></A>
+<A NAME="IDX6462"></A>
+<HR><H2><A NAME="HDRWQ185" HREF="auagd002.htm#ToC_211">Creating Read/write Volumes</A></H2>
+<A NAME="IDX6463"></A>
+<A NAME="IDX6464"></A>
+<A NAME="IDX6465"></A>
+<P>A read/write volume is the most basic type of volume, and must exist before
+you can create read-only or backup versions of it. When you issue the
+<B>vos create</B> command to create a read/write volume, the VL Server
+creates a VLDB entry for it which records the name you specify, assigns a
+read/write volume ID number, and reserves the next two consecutive volume ID
+numbers for read-only and backup versions that possibly are to be created
+later. At the same time, the Volume Server creates a volume header at
+the site you designate, allocating space on disk to record the name of the
+volume's root directory. The name is filled in when you issue the
+<B>fs mkmount</B> command to mount the volume, and matches the mount point
+name. The following is also recorded in the volume header:
+<UL>
+<P><LI>An initial ACL associated with the volume's root directory. By
+default it grants all seven AFS access permissions to the
+<B>system:administrators</B> group. After you mount the
+volume, you can use the <B>fs setacl</B> command to add other entries and
+to remove or change the entry for the <B>system:administrators</B>
+group. See <A HREF="auagd020.htm#HDRWQ573">Setting ACL Entries</A>.
+<A NAME="IDX6466"></A>
+<A NAME="IDX6467"></A>
+<P><LI>A space quota, which limits the amount of disk space the read/write
+version of the volume can use on the file server partition. The default
+is of 5000 kilobyte blocks, but you can use the <B>-maxquota</B> argument
+to the <B>vos create</B> command to set a different quota.
+<P>To change the quota after creation, use the <B>fs setquota</B> command
+as described in <A HREF="#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>.
+<A NAME="IDX6468"></A>
+<A NAME="IDX6469"></A>
+</UL>
+<P><H3><A NAME="Header_212" HREF="auagd002.htm#ToC_212">To create (and mount) a read/write volume</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that you have the <B>a</B> (<B>administer</B>),
+<B>i</B> (<B>insert</B>), and <B>l</B> (<B>lookup</B>)
+permissions on the ACL of the directory where you plan to mount the
+volume. If necessary, issue the <B>fs listacl</B> command, which is
+fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<A NAME="IDX6470"></A>
+<A NAME="IDX6471"></A>
+<P><LI><A NAME="LIWQ186"></A>Select a site (disk partition on a file server machine) for the
+new volume. To verify that the site has enough free space to house the
+volume (now, or if it grows to use its entire quota), issue the <B>vos
+partinfo</B> command.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The partition-related statistics in this command's output do not always
+agree with the corresponding values in the output of the standard UNIX
+<B>df</B> command. The statistics reported by this command can be
+up to five minutes old, because the Cache Manager polls the File Server for
+partition information at that frequency. Also, on some operating
+systems, the <B>df</B> command's report of partition size includes
+reserved space not included in this command's calculation, and so is
+likely to be about 10% larger.
+</TD></TR></TABLE>
+<PRE> % <B>vos partinfo</B> <<VAR>machine name</VAR>> [<<VAR>partition name</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>p
+</B><DD>Is the shortest acceptable abbreviation of <B>partinfo</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the file server machine for which to display partition size and
+usage.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names one partition for which to display partition size and usage.
+If you omit it, the output displays the size and space available for all
+partitions on the machine.
+</DL>
+<P><LI><A NAME="LIWQ187"></A>Select a volume name, taking note of the information in <A HREF="#HDRWQ184">About Volume Names</A>.
+<A NAME="IDX6472"></A>
+<A NAME="IDX6473"></A>
+<P><LI><A NAME="LIWQ188"></A>Issue the <B>vos create</B> command to create the
+volume.
+<PRE>
+ % <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <<VAR>volume name</VAR>> \
+ [<B>-maxquota</B> <<VAR>initial quota (KB)</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cr
+</B><DD>Is the shortest acceptable abbreviation of <B>create</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies the file server machine on which to place the volume.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Specifies the disk partition on which to place the volume.
+<P><DT><B><VAR>volume name</VAR>
+</B><DD>Names the volume. It can be up to 22 alphanumeric and punctuation
+characters in length. Your cell possibly has naming conventions for
+volumes, such as beginning user volume names with the string <B>user</B>
+and using the period to separate parts of the name.
+<P><DT><B>-maxquota
+</B><DD>Sets the volume's quota, as a number of kilobyte blocks. If
+you omit this argument, the quota is set to 5000 kilobyte blocks.
+</DL>
+<A NAME="IDX6474"></A>
+<A NAME="IDX6475"></A>
+<A NAME="IDX6476"></A>
+<A NAME="IDX6477"></A>
+<P><LI><A NAME="LIWQ189"></A><B>(Optional)</B> Issue the <B>fs mkmount</B> command
+to mount the volume in the filespace. For complete syntax, see <A HREF="#HDRWQ212">To create a regular or read/write mount point</A>.
+<PRE>
+ % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>>
+
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>fs lsmount</B> command to verify
+that the mount point refers to the correct volume. Complete
+instructions appear in <A HREF="#HDRWQ211">To display a mount point</A>.
+<PRE>
+ % <B>fs lsmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>fs setvol</B> command with the
+<B>-offlinemsg</B> argument to record auxiliary information about the
+volume in its volume header. For example, you can record who owns the
+volume or where you have mounted it in the filespace. To display the
+information, use the <B>fs examine</B> command.
+<PRE> % <B>fs setvol</B> <<VAR>dir/file path</VAR>> <B>-offlinemsg</B> <<VAR>offline message</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sv
+</B><DD>Is an acceptable alias for <B>setvol</B> (and <B>setv</B> the
+shortest acceptable abbreviation).
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names the mount point of the volume with which to associate the
+message. Partial pathnames are interpreted relative to the current
+working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to change a read-only volume. By convention,
+you indicate the read/write path by placing a period before the cell name at
+the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P><DT><B>-offlinemsg
+</B><DD>Specifies up to 128 characters of auxiliary information to record in the
+volume header.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ190" HREF="auagd002.htm#ToC_213">About Clones and Cloning</A></H2>
+<A NAME="IDX6478"></A>
+<A NAME="IDX6479"></A>
+<A NAME="IDX6480"></A>
+<A NAME="IDX6481"></A>
+<P>To create a backup or read-only volume, the Volume Server begins by
+<I>cloning</I> the read/write source volume to create a
+<I>clone</I>. The Volume Server creates the clone automatically
+when you issue the <B>vos backup</B> or <B>vos backupsys</B> command
+(for a backup volume) or the <B>vos release</B> command (for a read-only
+volume). No special action is required on your part.
+<P>A clone is not a copy of the data in the read/write source volume, but
+rather a copy of the read/write volume's <I>vnode index</I>.
+The vnode index is a table of pointers between the files and directories in
+the volume and the physical disk blocks on the partition where the data
+resides. From the clone, backup and read-only volumes are created in
+the following manner:
+<UL>
+<P><LI>A read-only volume that occupies the same partition as its read/write
+source (also known as a <I>read-only clone</I>), and a backup volume, are
+created by attaching a volume header to the clone. These volumes
+initially consume very little disk space, because the clone portion (the vnode
+index) points to exactly the same files as the read/write volume, as
+illustrated in <A HREF="#FIGWQ191">Figure 1</A>. The file sharing is possible only because the clone
+is on the same partition as the read/write source volume. When a file
+in the read/write volume is deleted, it is not actually removed from the
+partition, because the backup or read-only clone still points to it.
+Similarly, when a file in the read/write is changed, the entire original file
+is preserved on disk because the clone still points to it, and the read/write
+volume's vnode index changes to point to newly space for the changed
+file. When this happens, the backup or read-only volume is said to grow
+or start occupying actual disk space.
+<P><LI>A read-only volume that does not occupy the same site as the read/write
+source is a copy of the clone and of all of the data in the read/write source
+volume. It occupies the same amount of disk space as the read/write
+volume did at the time the read-only volume was created.
+</UL>
+<P><B><A NAME="FIGWQ191" HREF="auagd003.htm#FT_FIGWQ191">Figure 1. File Sharing Between the Read/write Source and a Clone Volume</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="vnode.gif" ALT="File Sharing Between the Read/write Source and a Clone Volume"><BR></B><BR>
+</TD></TR></TABLE>
+<A NAME="IDX6482"></A>
+<A NAME="IDX6483"></A>
+<A NAME="IDX6484"></A>
+<A NAME="IDX6485"></A>
+<A NAME="IDX6486"></A>
+<A NAME="IDX6487"></A>
+<A NAME="IDX6488"></A>
+<HR><H2><A NAME="HDRWQ192" HREF="auagd002.htm#ToC_214">Replicating Volumes (Creating Read-only Volumes)</A></H2>
+<P><I>Replication</I> refers to creating a read-only copy
+of a read/write volume and distributing the copy to one or more additional
+file server machines. Replication makes a volume's contents
+accessible on more than one file server machine, which increases data
+availability. It can also increase system efficiency by reducing load
+on the network and File Server. Network load is reduced if a client
+machine's server preference ranks lead the Cache Manager to access the
+copy of a volume stored on the closest file server machine. Load on the
+File Server is reduced because it issues only one callback for all data
+fetched from a read-only volume, as opposed to a callback for each file
+fetched from a read/write volume. The single callback is sufficient for
+an entire read-only volume because the volume does not change except in
+response to administrator action, whereas each read/write file can change at
+any time.
+<A NAME="IDX6489"></A>
+<A NAME="IDX6490"></A>
+<A NAME="IDX6491"></A>
+<A NAME="IDX6492"></A>
+<A NAME="IDX6493"></A>
+<P>Replicating a volume requires issuing two commands. First, use the
+<B>vos addsite</B> command to add one or more read-only site definitions
+to the volume's VLDB entry (a <I>site</I> is a particular partition
+on a file server machine). Then use the <B>vos release</B> command
+to clone the read/write source volume and distribute the clone to the defined
+read-only sites. You issue the <B>vos addsite</B> only once for
+each read-only site, but must reissue the <B>vos release</B> command every
+time the read/write volume's contents change and you want to update the
+read-only volumes.
+<P>For users to have a consistent view of the file system, the release of
+updated volume contents to read-only sites must be atomic: either all
+read-only sites receive the new version of the volume, or all sites keep the
+version they currently have. The <B>vos release</B> command is
+designed to ensure that all copies of the volume's read-only version
+match both the read/write source and each other. In cases where
+problems such as machine or server process outages prevent successful
+completion of the release operation, AFS uses two mechanisms to alert
+you.
+<A NAME="IDX6494"></A>
+<A NAME="IDX6495"></A>
+<A NAME="IDX6496"></A>
+<A NAME="IDX6497"></A>
+<A NAME="IDX6498"></A>
+<A NAME="IDX6499"></A>
+<A NAME="IDX6500"></A>
+<A NAME="IDX6501"></A>
+<A NAME="IDX6502"></A>
+<A NAME="IDX6503"></A>
+<A NAME="IDX6504"></A>
+<A NAME="IDX6505"></A>
+<A NAME="IDX6506"></A>
+<A NAME="IDX6507"></A>
+<P>First, the command interpreter generates an error message on the standard
+error stream naming each read-only site that did not receive the new volume
+version. Second, during the release operation the Volume Location (VL)
+Server marks site definitions in the VLDB entry with flags (<TT>New
+release</TT> and <TT>Old release</TT>) that indicate whether or not the
+site has the new volume version. If any flags remain after the
+operation completes, it was not successful. The Cache Manager refuses
+to access a read-only site marked with the <TT>Old release</TT> flag, which
+potentially imposes a greater load on the sites marked with the <TT>New
+release</TT> flag. It is important to investigate and eliminate the
+cause of the failure and then to issue the <B>vos release</B> command as
+many times as necessary to complete the release without errors.
+<P>The pattern of site flags remaining in the volume's VLDB entry after a
+failed release operation can help determine the point at which the operation
+failed. Use the <B>vos examine</B> or <B>vos listvldb</B>
+command to display the VLDB entry. The VL Server sets the flags in
+concert with the Volume Server's operations, as follows:
+<OL TYPE=1>
+<P><LI>Before the operation begins, the VL Server sets the <TT>New release</TT>
+flag on the read/write site definition in the VLDB entry and the <TT>Old
+release</TT> flag on read-only site definitions (unless the read-only site
+has been defined since the last release operation and has no actual volume, in
+which case its site flag remains <TT>Not released</TT>).
+<P><LI>If necessary, the Volume Server creates a temporary copy (a
+<I>clone</I>) of the read/write source called the ReleaseClone (see the
+following discussion of when the Volume Server does or does not create a new
+ReleaseClone.) It assigns the ReleaseClone its own volume ID number,
+which the VL Server records in the <TT>RClone</TT> field of the source
+volume's VLDB entry.
+<P><LI>The Volume Server distributes a copy of the ReleaseClone to each read-only
+site defined in the VLDB entry. As the site successfully receives the
+new clone, the VL Server sets the site's flag in the VLDB entry to
+<TT>New release</TT>.
+<P><LI>When all the read-only copies are successfully released, the VL Server
+clears all the <TT>New release</TT> site flags. The ReleaseClone is
+no longer needed, so the Volume Server deletes it and the VL Server erases its
+ID from the VLDB entry.
+</OL>
+<P>By default, the Volume Server determines automatically whether or not it
+needs to create a new ReleaseClone:
+<UL>
+<P><LI>If there are no flags (<TT>New release</TT>, <TT>Old release</TT>, or
+<TT>Not released</TT>) on site definitions in the VLDB entry, the previous
+<B>vos release</B> command completed successfully and all read-only sites
+currently have the same volume. The Volume Server infers that the
+current <B>vos release</B> command was issued because the read/write
+volume has changed. The Volume Server creates a new ReleaseClone and
+distributes it to all of the read-only sites.
+<P><LI>If any site definition in the VLDB entry is marked with a flag, either the
+previous release operation did not complete successfully or a new read-only
+site was defined since the last release. The Volume Server does not
+create a new ReleaseClone, instead distributing the existing ReleaseClone to
+sites marked with the <TT>Old release</TT> or <TT>Not released</TT>
+flag. As previously noted, the VL Server marks each VLDB site
+definition with the <TT>New release</TT> flag as the site receives the
+ReleaseClone, and clears all flags after all sites successfully receive
+it.
+</UL>
+<P>To override the default behavior, forcing the Volume Server to create and
+release a new ReleaseClone to the read-only sites, include the <B>-f</B>
+flag. This is appropriate if, for example, the data at the read/write
+site has changed since the existing ReleaseClone was created during the
+previous release operation.
+<P><H3><A NAME="HDRWQ193" HREF="auagd002.htm#ToC_215">Using Read-only Volumes Effectively</A></H3>
+<A NAME="IDX6508"></A>
+<A NAME="IDX6509"></A>
+<A NAME="IDX6510"></A>
+<A NAME="IDX6511"></A>
+<P>For maximum effectiveness, replicate only volumes that satisfy two
+criteria:
+<UL>
+<P><LI>The volume's contents are heavily used. Examples include a
+volume housing binary files for text editors or other popular application
+programs, and volumes mounted along heavily traversed directory paths such as
+the paths leading to user home directories. It is an inefficient use of
+disk space to replicate volumes for which the demand is low enough that a
+single File Server can easily service all requests.
+<P><LI>The volume's contents change infrequently. As noted, file
+system consistency demands that the contents of read-only volumes must match
+each other and their read/write source at all times. Each time the
+read/write volume changes, you must issue the <B>vos release</B> command
+to update the read-only volumes. This can become tedious (and easy to
+forget) if the read/write volume changes frequently.
+</UL>
+<A NAME="IDX6512"></A>
+<A NAME="IDX6513"></A>
+<P>Explicitly mounting a read-only volume (creating a mount point that names a
+volume with a <B>.readonly</B> extension) is not generally
+necessary or appropriate. The Cache Manager has a built-in bias to
+access the read-only version of a replicated volume whenever possible.
+As described in more detail in <A HREF="#HDRWQ209">The Rules of Mount Point Traversal</A>, when the Cache Manager encounters a mount point it reads
+the volume name inside it and contacts the VL Server for a list of the sites
+that house the volume. In the normal case, if the mount point resides
+in a read-only volume and names a read/write volume (one that does not have a
+<B>.readonly</B> or <B>.backup</B> extension), the Cache
+Manager always attempts to access a read-only copy of the volume. Thus
+there is normally no reason to force the Cache Manager to access a read-only
+volume by mounting it explicitly.
+<P>It is a good practice to place a read-only volume at the read/write site,
+for a couple of reasons. First, the read-only volume at the read/write
+site requires only a small amount of disk space, because it is a clone rather
+a copy of all of the data (see <A HREF="#HDRWQ190">About Clones and Cloning</A>). Only if a large number of files are removed or
+changed in the read/write volume does the read-only copy occupy much disk
+space. That normally does not happen because the appropriate response
+to changes in a replicated read/write volume is to reclone it. The
+other reason to place a read-only volume at the read/write site is that the
+Cache Manager does not attempt to access the read/write version of a
+replicated volume if all read-only copies become inaccessible. If the
+file server machine housing the read/write volume is the only accessible
+machine, the Cache Manager can access the data only if there is a read-only
+copy at the read/write site.
+<P>The number of read-only sites to define depends on several factors.
+Perhaps the main trade-off is between the level of demand for the
+volume's contents and how much disk space you are willing to use for
+multiple copies of the volume. Of course, each prospective read-only
+site must have enough available space to accommodate the volume. The
+limit on the number of read-only copies of a volume is determined by the
+maximum number of site definitions in a volume's VLDB entry, which is
+defined in the <I>IBM AFS Release Notes</I>. The site housing the
+read/write and backup versions of the volume counts as one site, and each
+read-only site counts as an additional site (even the read-only site defined
+on the same file server machine and partition as the read/write site counts as
+a separate site). Note also that the Volume Server permits only one
+read-only copy of a volume per file server machine.
+<P><H3><A NAME="Header_216" HREF="auagd002.htm#ToC_216">Replication Scenarios</A></H3>
+<A NAME="IDX6514"></A>
+<A NAME="IDX6515"></A>
+<A NAME="IDX6516"></A>
+<P>The instructions in the following section explain how to replicate a volume
+for which no read-only sites are currently defined. However, you can
+also use the instructions in other common situations:
+<UL>
+<P><LI>If you are releasing a new clone to sites that already exist, you can skip
+Step <A HREF="#LIWQ196">2</A>. It can still be useful to issue the <B>vos
+examine</B> command, however, to verify that the desired read-only sites are
+defined.
+<P><LI>If you are adding new read-only sites to existing ones, perform all of the
+steps. In Step <A HREF="#LIWQ197">3</A>, issue the <B>vos addsite</B> command for the new sites
+only.
+<P><LI>If you are defining sites but do not want to release a clone to them yet,
+stop after Step <A HREF="#LIWQ197">3</A> and continue when you are ready.
+<P><LI>If you are removing one or more sites before releasing a new clone to the
+remaining sites, follow the instructions for site removal in <A HREF="#HDRWQ235">Removing Volumes and their Mount Points</A> and then start with Step <A HREF="#LIWQ198">4</A>.
+</UL>
+<P><H3><A NAME="HDRWQ194" HREF="auagd002.htm#ToC_217">To replicate a read/write volume (create a read-only volume)</A></H3>
+<A NAME="IDX6517"></A>
+<A NAME="IDX6518"></A>
+<OL TYPE=1>
+<P><LI><A NAME="LIWQ195"></A>Verify that you are listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><A NAME="LIWQ196"></A>Select one or more sites at which to replicate the
+volume. There are several factors to consider:
+<UL>
+<P><LI>How many sites are already defined. As previously noted, it is
+usually appropriate to define a read-only site at the read/write site.
+Also, the Volume Server permits only one read-only copy of a volume per file
+server machine. To display the volume's current sites, issue the
+<B>vos examine</B> command, which is described fully in <A HREF="#HDRWQ221">Displaying One Volume's VLDB Entry and Volume Header</A>.
+<PRE>
+ % <B>vos examine</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P>The final lines of output display the volume's site definitions from
+the VLDB.
+<P><LI>Whether your cell dedicates any file server machines to housing read-only
+volumes only. In general, only very large cells use read-only server
+machines.
+<P><LI>Whether a site has enough free space to accommodate the volume. A
+read-only volume requires the same amount of space as the read/write version
+(unless it is at the read/write site itself). The first line of output
+from the <B>vos examine</B> command displays the read/write volume's
+current size in kilobyte blocks, as shown in <A HREF="#HDRWQ221">Displaying One Volume's VLDB Entry and Volume Header</A>.
+<P>To display the amount of space available on a file server machine's
+partitions, use the <B>vos partinfo</B> command, which is described fully
+in <A HREF="#HDRWQ185">Creating Read/write Volumes</A>.
+<PRE>
+ % <B>vos partinfo</B> <<VAR>machine name</VAR>> [<<VAR>partition name</VAR>>]
+
+</PRE>
+</UL>
+<A NAME="IDX6519"></A>
+<A NAME="IDX6520"></A>
+<A NAME="IDX6521"></A>
+<A NAME="IDX6522"></A>
+<A NAME="IDX6523"></A>
+<A NAME="IDX6524"></A>
+<P><LI><A NAME="LIWQ197"></A>Issue the <B>vos addsite</B> command to define each new
+read-only site in the VLDB.
+<PRE>
+ % <B>vos addsite</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ad
+</B><DD>Is the shortest acceptable abbreviation of <B>addsite</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Defines the file server machine for the new site.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names a disk partition on the machine <VAR>machine name</VAR>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Identifies the read/write volume to be replicated, either by its complete
+name or its volume ID number.
+</DL>
+<P><LI><A NAME="LIWQ198"></A><B>(Optional)</B> Verify that the <B>fs</B> process
+(which incorporates the Volume Server) is functioning normally on each file
+server machine where you have defined a read-only site, and that the
+<B>vlserver</B> process (the Volume Location Server) is functioning
+correctly on each database server machine. Knowing that they are
+functioning eliminates two possible sources of failure for the release.
+Issue the <B>bos status</B> command on each file server machine housing a
+read-only site for this volume and on each database server machine. The
+command is described fully in <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<PRE>
+ % <B>bos status</B> <<VAR>machine name</VAR>> <B>fs vlserver</B>
+
+</PRE>
+<A NAME="IDX6525"></A>
+<A NAME="IDX6526"></A>
+<A NAME="IDX6527"></A>
+<A NAME="IDX6528"></A>
+<P><LI><A NAME="LIWQ199"></A>Issue the <B>vos release</B> command to clone the
+read/write source volume and distribute the clone to each read-only
+site.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>> [<B>-f</B>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>rel
+</B><DD>Is the shortest acceptable abbreviation of <B>release</B>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Identifies the read/write volume to clone, either by its complete name or
+volume ID number. The read-only version is given the same name with a
+<B>.readonly</B> extension. All read-only copies share the
+same read-only volume ID number.
+<P><DT><B>-f
+</B><DD>Creates and releases a brand new clone.
+</DL>
+<P><LI><A NAME="LIWQ200"></A><B>(Optional)</B> Issue the <B>vos examine</B> command
+to verify that no site definition in the VLDB entry is marked with an <TT>Old
+release</TT> or <TT>New release</TT> flag. The command is described
+fully in <A HREF="#HDRWQ221">Displaying One Volume's VLDB Entry and Volume Header</A>.
+<PRE>
+ % <B>vos examine</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+</OL>
+<P>If any flags appear in the output from Step <A HREF="#LIWQ200">6</A>, repeat Steps <A HREF="#LIWQ198">4</A> and <A HREF="#LIWQ199">5</A> until the Volume Server
+does not produce any error messages during the release operation and the flags
+no longer appear. Do not issue the <B>vos release</B> command when
+you know that the read/write site or any read-only site is inaccessible due to
+network, machine or server process outage.
+<HR><H2><A NAME="HDRWQ201" HREF="auagd002.htm#ToC_218">Creating Backup Volumes</A></H2>
+<A NAME="IDX6529"></A>
+<A NAME="IDX6530"></A>
+<A NAME="IDX6531"></A>
+<A NAME="IDX6532"></A>
+<A NAME="IDX6533"></A>
+<P>A <I>backup volume</I> is a clone that resides at the same site as its
+read/write source (to review the concept of cloning, see <A HREF="#HDRWQ190">About Clones and Cloning</A>). Creating a backup version of a volume has two
+purposes:
+<UL>
+<P><LI>It is by convention the first step when dumping a volume's contents
+to tape with the AFS Backup System. A volume is inaccessible while it
+is being dumped, so instead of dumping the read/write volume, you create and
+dump a backup version. Users do not normally access the backup version,
+so it is unlikely that the dump will disturb them. For more details,
+see <A HREF="auagd012.htm#HDRWQ296">Backing Up Data</A>.
+<P><LI>It enables users to restore mistakenly deleted or changed data themselves,
+freeing you for more crucial tasks. The backup version captures the
+state of its read/write source at the time the backup is made, and its
+contents cannot change. Mount the backup version in the filespace so
+that users can restore a file to its state at the time you made the
+backup. See <A HREF="#HDRWQ204">Making the Contents of Backup Volumes Available to Users</A>.
+</UL>
+<A NAME="IDX6534"></A>
+<A NAME="IDX6535"></A>
+<A NAME="IDX6536"></A>
+<P><H3><A NAME="HDRWQ202" HREF="auagd002.htm#ToC_219">Backing Up Multiple Volumes at Once</A></H3>
+<P>The <B>vos backupsys</B> command creates a backup
+version of many read/write volumes at once. This command is useful when
+preparing for large-scale backups to tape using the AFS Backup System.
+<P>To clone every read/write volume listed in the VLDB, omit all of the
+command's options. Otherwise, combine the command's options
+to clone various groups of volumes. The options use one of two basic
+criteria to select volumes: location (the <B>-server</B> and
+<B>-partition</B> arguments) or presence in the volume name of one of a
+set of specified character strings (the <B>-prefix</B>,
+<B>-exclude</B>, and <B>-xprefix</B> options).
+<P>To clone only volumes that reside on one file server machine, include the
+<B>-server</B> argument. To clone only volumes that reside on one
+partition, combine the <B>-server</B> and <B>-partition</B>
+arguments. The <B>-partition</B> argument can also be used alone to
+clone volumes that reside on the indicated partition on every file server
+machine. These arguments can be combined with those that select volumes
+based on their names.
+<P>Combine the <B>-prefix</B>, <B>-exclude</B>, and
+<B>-xprefix</B> options (with or without the <B>-server</B> and
+<B>-partition</B> arguments) in the indicated ways to select volumes based
+on character strings contained in their names:
+<UL>
+<P><LI>To clone every read/write volume at the specified location whose name
+includes one of a set of specified character strings (for example, begins with
+<B>user.</B> or includes the string <B>afs</B>), use the
+<B>-prefix</B> argument or combine the <B>-xprefix</B> and
+<B>-exclude</B> options.
+<P><LI>To clone every read/write volume at the specified location except those
+whose name includes one of a set of specified character strings, use the
+<B>-xprefix</B> argument or combine the <B>-prefix</B> and
+<B>-exclude</B> options.
+<P><LI>To clone every read/write volume at the specified location whose name
+includes one of one of a set of specified character strings, except those
+whose names include one of a different set of specified character strings,
+combine the <B>-prefix</B> and <B>-xprefix</B> arguments. The
+command creates a list of all volumes that match the <B>-prefix</B>
+argument and then removes from the list the volumes that match the
+<B>-xprefix</B> argument. For effective results, the strings
+specified by the <B>-xprefix</B> argument must designate a subset of the
+volumes specified by the <B>-prefix</B> argument.
+<P>If the <B>-exclude</B> flag is combined with the <B>-prefix</B> and
+<B>-xprefix</B> arguments, the command creates a list of all volumes that
+do not match the <B>-prefix</B> argument and then adds to the list any
+volumes that match the <B>-xprefix</B> argument. As when the
+<B>-exclude</B> flag is not used, the result is effective only if the
+strings specified by the <B>-xprefix</B> argument designate a subset of
+the volumes specified by the <B>-prefix</B> argument.
+</UL>
+<P>The <B>-prefix</B> and <B>-xprefix</B> arguments both accept
+multiple values, which can be used to define disjoint groups of
+volumes. Each value can be one of two types:
+<OL TYPE=1>
+<P><LI>A simple character string, which matches volumes whose name begin with the
+string. All characters are interpreted literally (that is, characters
+that potentially have special meaning to the command shell, such as the
+period, have only their literal meaning).
+<P><LI>A regular expression, which matches volumes whose names contain the
+expressions. Place a caret ( <B>^</B> ) at the
+beginning of the expression, and enclose the entire string in single quotes
+(<B>'</B> <B>'</B>). Explaining regular
+expressions is outside the scope of this reference page; see the UNIX
+manual page for <B>regexp(5)</B> or (for a brief introduction) <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>. As an example, the following expression matches
+volumes that have the string <B>aix</B> anywhere in their names:
+<PRE> <B>-prefix '^.*aix'</B>
+</PRE>
+</OL>
+<P>To display a list of the volumes to be cloned, without actually cloning
+them, include the <B>-dryrun</B> flag. To display a statement that
+summarizes the criteria being used to select volume, include the
+<B>-verbose</B> flag.
+<P>To back up a single volume, use the <B>vos backup</B> command, which
+employs a more streamlined technique for finding a single volume.
+<A NAME="IDX6537"></A>
+<A NAME="IDX6538"></A>
+<A NAME="IDX6539"></A>
+<A NAME="IDX6540"></A>
+<A NAME="IDX6541"></A>
+<A NAME="IDX6542"></A>
+<P><H3><A NAME="HDRWQ203" HREF="auagd002.htm#ToC_220">Automating Creation of Backup Volumes</A></H3>
+<P>Most cells find that it is best to make a new backup version
+of relevant volumes each day. It is best to create the backup versions
+at a time when usage is low, because the backup operation causes the
+read/write volume to be unavailable momentarily.
+<P>You can either issue the necessary the <B>vos backupsys</B> or <B>vos
+backup</B> commands at the console or create a <B>cron</B> entry in the
+<B>BosConfig</B> file on a file server machine, which eliminates the need
+for an administrator to initiate the backup operation.
+<P>The following example command creates a <B>cron</B> process called
+<B>backupusers</B> in the <B>/usr/afs/local/BosConfig</B> file on the
+machine <B>fs3.abc.com</B>. The process runs every
+day at 1:00 a.m. to create a backup version of every
+volume in the cell whose name starts with the string <B>user</B>.
+The <B>-localauth</B> flag enables the process to invoke the privileged
+<B>vos backupsys</B> command while unauthenticated. Note that the
+<B>-cmd</B> argument specifies a complete pathname for the <B>vos</B>
+binary, because the PATH environment variable for the BOS Server (running as
+the local superuser <B>root</B>) generally does not include the path to
+AFS binaries.
+<PRE>
+ % <B>bos create fs3.abc.com backupusers cron</B> \
+ <B>-cmd "/usr/afs/bin/vos backupsys -prefix user -localauth" "1:00"</B>
+
+</PRE>
+<A NAME="IDX6543"></A>
+<A NAME="IDX6544"></A>
+<A NAME="IDX6545"></A>
+<P><H3><A NAME="HDRWQ204" HREF="auagd002.htm#ToC_221">Making the Contents of Backup Volumes Available to Users</A></H3>
+<P>As noted, a backup volume preserves the state of the
+read/write source at the time the backup is created. Many cells choose
+to mount backup volumes so that users can access and restore data they have
+accidentally deleted or changed since the last backup was made, without having
+to request help from administrators. The most sensible place to mount
+the backup version of a user volume is at a subdirectory of the user's
+home directory. Suitable names for this directory include
+<B>OldFiles</B> and <B>Backup</B>. The subdirectory looks just
+like the user's own home directory as it was at the time the backup was
+created, with all files and subdirectories in the same relative
+positions.
+<P>If you do create and mount backup volumes for your users, inform users of
+their existence. The <I>IBM AFS User Guide</I> does not mention
+backup volumes because making them available to users is optional.
+Explain to users how often you make a new backup, so they know what they can
+recover. Remind them also that the data in their backup volume cannot
+change; however, they can use the standard UNIX <B>cp</B> command to
+copy it into their home volume and modify it there. Reassure users that
+the data in their backup volumes does not count against their read/write
+volume quota.
+<P><H3><A NAME="HDRWQ205" HREF="auagd002.htm#ToC_222">To create and mount a backup volume</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that you have the <B>insert</B> (<B>i</B>) and
+<B>administer</B> (<B>a</B>) permissions on the ACL of the directory
+in which you wish to mount the volume. If necessary, issue the <B>fs
+listacl</B> command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<A NAME="IDX6546"></A>
+<A NAME="IDX6547"></A>
+<P><LI><A NAME="LIWQ206"></A>Issue the <B>vos backup</B> command to create a backup
+version of a read/write source volume. The message shown confirms the
+success of the backup operation.
+<PRE>
+ % <B>vos backup</B> <<VAR>volume name or ID</VAR>>
+ Created backup volume for <VAR>volume name or ID</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>backup
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Identifies the read/write volume to back up, either by its complete name
+or volume ID number. The backup volume has the same name with the
+addition of the <B>.backup</B> extension. It has its own
+volume ID number.
+</DL>
+<A NAME="IDX6548"></A>
+<A NAME="IDX6549"></A>
+<P><LI><A NAME="LIWQ207"></A><B>(Optional)</B> Issue the <B>fs mkmount</B> to mount
+the backup volume. While this step is optional, Cache Managers cannot
+access the volume's contents if it is not mounted.
+<PRE>
+ % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>><B>.backup</B>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>mk
+</B><DD>Is the shortest acceptable abbreviation of <B>mkmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point to create. Do not create a file or directory
+of the same name beforehand. Partial pathnames are interpreted relative
+to the current working directory. For the backup version of a user
+volume, the conventional location is the user's home directory.
+<P><DT><B><VAR>volume name</VAR><B>.backup</B>
+</B><DD>Is the full name of the backup volume.
+</DL>
+<P><LI><B>(Optional)</B> Issue the <B>fs lsmount</B> command to verify
+that the mount point refers to the correct volume. Complete
+instructions appear in <A HREF="#HDRWQ211">To display a mount point</A>.
+<PRE>
+ % <B>fs lsmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+</OL>
+<A NAME="IDX6550"></A>
+<A NAME="IDX6551"></A>
+<P><H3><A NAME="Header_223" HREF="auagd002.htm#ToC_223">To create multiple backup volumes at once</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos backupsys</B> command to create a backup version of
+every read/write volume that shares the same prefix or site. The
+effects of combining the three arguments are described in <A HREF="#HDRWQ202">Backing Up Multiple Volumes at Once</A>.
+<PRE> % <B>vos backupsys</B> [<B>-prefix</B> <<VAR>common prefix on volume(s)</VAR>><SUP>+</SUP>] \
+ [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>] \
+ [<B>-exclude</B>] [<B>-xprefix</B> <<VAR>negative prefix on volume(s)</VAR>><SUP>+</SUP>]
+ [<B>-dryrun</B>] [<B>-verbose</B>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>backups
+</B><DD>Is the shortest acceptable abbreviation of <B>backupsys</B>.
+<P><DT><B>-prefix
+</B><DD>Specifies one or more simple character strings or regular expressions of
+any length; a volume whose name includes the string is placed on the list
+of volumes to be cloned. Include field separators (such as periods) if
+appropriate. This argument can be combined with any combination of the
+<B>-server</B>, <B>-partition</B>, <B>-exclude</B>, and
+<B>-xprefix</B> options.
+<P><DT><B>-server
+</B><DD>Specifies the file server machine housing the volumes to backup.
+Can be combined with any combination of the <B>-prefix</B>,
+<B>-partition</B>, <B>-exclude</B>, and <B>-xprefix</B>
+options.
+<P><DT><B>-partition
+</B><DD>Specifies the partition housing the volumes you wish to backup. Can
+be combined with any combination of the <B>-prefix</B>,
+<B>-server</B>, <B>-exclude</B>, and <B>-xprefix</B>
+options.
+<P><DT><B>-exclude
+</B><DD>Indicates that all volumes except those indicated with the
+<B>-prefix</B> argument are to be backed up. The <B>-prefix</B>
+argument must be provided along with this one. Can also be combined
+with any combination of the <B>-prefix</B>, <B>-server</B>, and
+<B>-partition</B> arguments; or with both the <B>-prefix</B> and
+<B>-xprefix</B> arguments, but not with the <B>-xprefix</B> argument
+alone.
+<P><DT><B>-xprefix
+</B><DD>Specifies one or more simple character strings or regular expressions of
+any length; a volume whose name does not include the string is placed on
+the list of volumes to be cloned. Can be combined with any combination
+of the <B>-prefix</B>, <B>-server</B>, and <B>-partition</B>
+arguments; in addition, it can be combined with both the
+<B>-prefix</B> and <B>-exclude</B> options, but not with the
+<B>-exclude</B> flag alone.
+<P><DT><B>-dryrun
+</B><DD>Displays on the standard output stream a list of the volumes to be cloned,
+without actually cloning them.
+<P><DT><B>-verbose
+</B><DD>Displays on the standard output stream a statement that summarizes the
+criteria being used to select volumes, if combined with the <B>-dryrun</B>
+flag; otherwise, traces the cloning operation for each volume.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ208" HREF="auagd002.htm#ToC_224">Mounting Volumes</A></H2>
+<A NAME="IDX6552"></A>
+<P>Mount points make the contents of AFS volumes visible and accessible in the
+AFS filespace, as described in <A HREF="#HDRWQ183">About Mounting Volumes</A>. This section discusses in more detail how the Cache
+Manager handles mount points as it traverses the filespace. It
+describes the three types of mount points, their purposes, and how to
+distinguish between them, and provides instructions for creating, removing,
+and examining mount points.
+<P><H3><A NAME="HDRWQ209" HREF="auagd002.htm#ToC_225">The Rules of Mount Point Traversal</A></H3>
+<P>The Cache Manager observes three basic rules as it traverses
+the AFS filespace and encounters mount points:
+<UL>
+<P><LI><B>Rule 1:</B> Access Backup and Read-only Volumes When
+Specified
+<P>When the Cache Manager encounters a mount point that specifies a volume
+with either a <B>.readonly</B> or a <B>.backup</B>
+extension, it accesses that type of volume only. If a mount point does
+not have either a <B>.backup</B> or <B>.readonly</B>
+extension, the Cache Manager uses Rules 2 and 3.
+<P>For example, the Cache Manager never accesses the read/write version of a
+volume if the mount point names the backup version. If the specified
+version is inaccessible, the Cache Manager reports an error.
+<P><LI><B>Rule 2:</B> Follow the Read-only Path When Possible
+<P>If a mount point resides in a read-only volume and the volume that it
+references is replicated, the Cache Manager attempts to access a read-only
+copy of the volume; if the referenced volume is not replicated, the Cache
+Manager accesses the read/write copy. The Cache Manager is thus said to
+prefer a <I>read-only path</I> through the filespace, accessing read-only
+volumes when they are available.
+<P>The Cache Manager starts on the read-only path in the first place because
+it always accesses a read-only copy of the <B>root.afs</B> volume
+if it exists; the volume is mounted at the root of a cell's AFS
+filespace (named <B>/afs</B> by convention). That is, if the
+<B>root.afs</B> volume is replicated, the Cache Manager attempts to
+access a read-only copy of it rather than the read/write copy. This
+rule then keeps the Cache Manager on a read-only path as long as each
+successive volume is replicated. The implication is that both the
+<B>root.afs</B> and <B>root.cell</B> volumes must be
+replicated for the Cache Manager to access replicated volumes mounted below
+them in the AFS filespace. The volumes are conventionally mounted at
+the <B>/afs</B> and <B>/afs/</B><VAR>cellname</VAR> directories,
+respectively.
+<P><LI><B>Rule 3:</B> Once on a Read/write Path, Stay There
+<P>If a mount point resides in a read/write volume and the volume name does
+not have a <B>.readonly</B> or a <B>.backup</B>
+extension, the Cache Manager attempts to access only the a read/write version
+of the volume. The access attempt fails with an error if the read/write
+version is inaccessible, even if a read-only version is accessible. In
+this situation the Cache Manager is said to be on a <I>read/write path</I>
+and cannot switch back to the read-only path unless mount point explicitly
+names a volume with a <B>.readonly</B> extension. (Cellular
+mount points are an important exception to this rule, as explained in the
+following discussion.
+</UL>
+<P><H3><A NAME="HDRWQ210" HREF="auagd002.htm#ToC_226">The Three Types of Mount Points</A></H3>
+<P>AFS uses three types of mount points, each appropriate for a
+different purpose because of how the Cache Manager handles them.
+<UL>
+<P><LI>When the Cache Manager crosses a <I>regular</I> mount point, it obeys
+all three of the mount point traversal rules previously described.
+<A NAME="IDX6553"></A>
+<A NAME="IDX6554"></A>
+<P>AFS performs best when the vast majority of mount points in the filespace
+are regular, because the mount point traversal rules promote the most
+efficient use of both replicated and nonreplicated volumes. Because
+there are likely to be multiple read-only copies of a replicated volume, it
+makes sense for the Cache Manager to access one of them rather than the single
+read/write version, and the second rule leads it to do so. If a volume
+is not replicated, the third rule means that the Cache Manager still accesses
+the read/write volume when that is the only type available. In other
+words, a regular mount point does not force the Cache Manager always to access
+read-only volumes (it is explicitly not a "read-only mount point").
+<P>To create a regular mount point, use the <B>fs mkmount</B> command as
+described in <A HREF="#HDRWQ212">To create a regular or read/write mount point</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To enable the Cache Manager to access the read-only version of a replicated
+volume named by a regular mount point, all volumes that are mounted above it
+in the pathname must also be replicated. That is the only way the Cache
+Manager can stay on a read-only path to the target volume.
+</TD></TR></TABLE>
+<P><LI>When the Cache Manager crosses a <I>read/write</I> mount point, it
+attempts to access only the volume version named in the mount point. If
+the volume name is the base (read/write) form, without a
+<B>.readonly</B> or <B>.backup</B> extension, the Cache
+Manager accesses the read/write version of the volume, even if it is
+replicated. In other words, the Cache Manager disregards the second
+mount point traversal rule when crossing a read/write mount point: it
+switches to the read/write path through the filespace.
+<A NAME="IDX6555"></A>
+<A NAME="IDX6556"></A>
+<P>It is conventional to create only one read/write mount point in a
+cell's filespace, using it to mount the cell's
+<B>root.cell</B> volume just below the AFS filespace root (by
+convention, <B>/afs/.</B><VAR>cellname</VAR>). As indicated,
+it is conventional to place a period at the start of the read/write mount
+point's name (for example,
+<B>/afs/.abc.com</B>). The period distinguishes the
+read/write mount point from the regular mount point for the
+<B>root.cell</B> volume at the same level. This is the only
+case in which it is conventional to create two mount points for the same
+volume. A desirable side effect of this naming convention for this
+read/write mount point is that it does not appear in the output of the UNIX
+<B>ls</B> command unless the <B>-a</B> flag is included, essentially
+hiding it from regular users who have no use for it.
+<P>The existence of a single read/write mount point at this point in the
+filespace provides access to the read/write version of every volume when
+necessary, because it puts the Cache Manager on a read/write path right at the
+top of the filespace. At the same time, the regular mount point for the
+<B>root.cell</B> volume puts the Cache Manager on a read-only path
+most of the time.
+<P>Using a read/write mount point for a read-only or backup volume is
+acceptable, but unnecessary. The first rule of mount point traversal
+already specifies that the Cache Manager accesses them if the volume name in a
+regular mount point has a <B>.readonly</B> or
+<B>.backup</B> extension.
+<P>To create a read/write mount point, use the <B>-rw</B> flag on the
+<B>fs mkmount</B> command as described in <A HREF="#HDRWQ212">To create a regular or read/write mount point</A>.
+<P><LI>When the Cache Manager crosses a <I>cellular</I> mount point, it
+accesses the indicated volume in the specified cell, which is normally a
+foreign cell. (If the mount point does not name a cell along with the
+volume, the Cache Manager accesses the volume in the cell where the mount
+point resides.) When crossing a regular cellular mount point, the Cache
+Manager disregards the third mount point traversal rule. Instead, it
+accesses a read-only version of the volume if it is replicated, even if the
+volume that houses the mount point is read/write.
+<P>It is inappropriate to circumvent this behavior by creating a read/write
+cellular mount point, because traversing the read/write path imposes an unfair
+load on the foreign cell's file server machines. The File Server
+must issue a callback for each file fetched from the read/write volume, rather
+than single callback required for a read-only volume. In any case, only
+a cell's own administrators generally need to access the read/write
+versions of replicated volumes.
+<A NAME="IDX6557"></A>
+<A NAME="IDX6558"></A>
+<A NAME="IDX6559"></A>
+<P>It is conventional to create cellular mount points only at the second level
+in a cell's filespace, using them to mount foreign cells'
+<B>root.cell</B> volumes just below the AFS filespace root (by
+convention, at <B>/afs/</B><VAR>foreign_cellname</VAR>). The mount
+point enables local users to access the foreign cell's filespace,
+assuming they have the necessary permissions on the ACL of the volume's
+root directory and that there is an entry for the foreign cell in each local
+client machine's <B>/usr/vice/etc/CellServDB</B> file, as described
+in <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P>Creating cellular mount points at other levels in the filespace and
+mounting foreign volumes other than the <B>root.cell</B> volume is
+not generally appropriate. It can be confusing to users if the Cache
+Manager switches between cells at various points in a pathname.
+<P>To create a regular cellular mount point, use the <B>-cell</B> argument
+to specify the cell name, as described in <A HREF="#HDRWQ213">To create a cellular mount point</A>.
+</UL>
+<P>To examine a mount point, use the <B>fs lsmount</B> command as
+described in <A HREF="#HDRWQ211">To display a mount point</A>. The command's output uses distinct notation to
+identify regular, read/write, and cellular mount points. To remove a
+mount point, use the <B>fs rmmount</B> command as described in <A HREF="#HDRWQ215">To remove a mount point</A>.
+<P><H3><A NAME="Header_227" HREF="auagd002.htm#ToC_227">Creating a mount point in a foreign cell</A></H3>
+<P>Creating a mount point in a foreign cell's filespace (as opposed
+to mounting a foreign volume in the local cell) is basically the same as
+creating a mount point in the local filespace. The differences are that
+the <B>fs mkmount</B> command's <VAR>directory</VAR> argument specifies
+a pathname in the foreign cell rather than the local cell, and you must have
+the required permissions on the ACL of the foreign directory where you are
+creating the mount point. The <B>fs mkmount</B> command's
+<B>-cell</B> argument always specifies the cell in which the volume
+resides, not the cell in which to create the mount point.
+<P><H3><A NAME="HDRWQ211" HREF="auagd002.htm#ToC_228">To display a mount point</A></H3>
+<A NAME="IDX6560"></A>
+<A NAME="IDX6561"></A>
+<A NAME="IDX6562"></A>
+<A NAME="IDX6563"></A>
+<A NAME="IDX6564"></A>
+<A NAME="IDX6565"></A>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs lsmount</B> command.
+<PRE>
+ % <B>fs lsmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ls
+</B><DD>Is the shortest acceptable abbreviation of <B>lsmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point to display.
+</DL>
+</OL>
+<P>If the specified directory is a mount point, the output is of the following
+form:
+<PRE> '<VAR>directory</VAR>' is a mount point for volume '<VAR>volume name</VAR>'
+
+</PRE>
+<P>For a regular mount point, a number sign (<TT>#</TT>) precedes the
+<VAR>volume name</VAR> string, as in the following example command issued on a
+client machine in the <B>abc.com</B> cell.
+<PRE>
+ % <B>fs lsmount /afs/abc.com/usr/terry</B>
+ '/afs/abc.com/usr/terry' is a mount point for volume '#user.terry'
+
+</PRE>
+<P>For a read/write mount point, a percent sign (<TT>%</TT>) precedes the
+<VAR>volume name</VAR> string, as in the following example command issued on a
+client machine in the <B>abc.com</B> cell. The cell's
+administrators have followed the convention of preceding the read/write mount
+point's name with a period.
+<PRE>
+ % <B>fs lsmount /afs/.abc.com </B>
+ '/afs/.abc.com' is a mount point for volume '%root.cell'
+
+</PRE>
+<P>For a cellular mount point, a cell name and colon (<TT>:</TT>)
+follow the number or percent sign and precede the <VAR>volume name</VAR> string,
+as in the following example command issued on a client machine in the
+<B>abc.com</B> cell.
+<PRE>
+ % <B>fs lsmount /afs/ghi.gov </B>
+ '/afs/ghi.gov' is a mount point for volume '#ghi.gov:root.cell'
+
+</PRE>
+<P>For a symbolic link to a mount point, the output is of the form shown in
+the following example command issued on a client machine in the
+<B>abc.com</B> cell.
+<PRE>
+ % <B>fs lsmount /afs/abc</B>
+ '/afs/abc' is a symbolic link, leading to a mount point for volume '#root.cell'
+
+</PRE>
+<P>If the directory is not a mount point or is not in AFS, the output reads as
+follows.
+<PRE> '<VAR>directory</VAR>' is not a mount point.
+
+</PRE>
+<P>If the output is garbled, it is possible that the mount point has become
+corrupted in the local cache. Use the <B>fs flushmount</B> command
+as described in <A HREF="auagd015.htm#HDRWQ413">To flush one or more mount points</A>. This forces the Cache Manager to refetch the mount
+point.
+<P><H3><A NAME="HDRWQ212" HREF="auagd002.htm#ToC_229">To create a regular or read/write mount point</A></H3>
+<A NAME="IDX6566"></A>
+<A NAME="IDX6567"></A>
+<A NAME="IDX6568"></A>
+<A NAME="IDX6569"></A>
+<A NAME="IDX6570"></A>
+<A NAME="IDX6571"></A>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>i</B> (<B>insert</B>) and <B>a</B>
+(<B>administer</B>) permissions on the ACL of the directory where you are
+placing the mount point. If necessary, issue the <B>fs listacl</B>
+command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command to create the mount point.
+Include the <B>-rw</B> flag if creating a read/write mount point.
+<PRE>
+ % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>> [<B>-rw</B>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>mk
+</B><DD>Is the shortest acceptable abbreviation for <B>mkmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point to create. A file or directory with the same
+name cannot already exist. A partial pathname is interpreted relative
+to the current working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to create a new mount point in a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P><DT><B><VAR>volume name</VAR>
+</B><DD>Specifies the volume's full name, including the
+<B>.backup</B> or <B>.readonly</B> extension for a
+backup or read-only volume, if appropriate.
+<P><DT><B>-rw
+</B><DD>Creates a read/write mount point.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ213" HREF="auagd002.htm#ToC_230">To create a cellular mount point</A></H3>
+<A NAME="IDX6572"></A>
+<A NAME="IDX6573"></A>
+<A NAME="IDX6574"></A>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>i</B> (<B>insert</B>) and <B>a</B>
+(<B>administer</B>) permissions on the ACL of the directory where you are
+placing the mount point. If necessary, issue the <B>fs listacl</B>
+command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI><A NAME="LIWQ214"></A>If you are mounting one or more foreign cells'
+<B>root.cell</B> volume at the second level in your filespace and
+your cell's <B>root.afs</B> volume is replicated, you must
+create a temporary mount point for the <B>root.afs</B>
+volume's read/write version in a directory on which the ACL grants you
+the <B>i</B> and <B>a</B> permissions. The following command
+creates a mount point called <B>new_cells</B> in your cell's
+<B>/afs/.</B><VAR>cellname</VAR> directory (the entry point to the
+read/write path in your cell).
+<P>Substitute your cell's name for <VAR>cellname</VAR>.
+<PRE>
+ % <B>cd /afs/.</B><VAR>cellname</VAR>
+
+ % <B>fs mkmount new_cells root.afs</B>
+
+ % <B>cd new_cells</B>
+
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command with the <B>-cell</B> argument
+to create a cellular mount point. Repeat the command for each cellular
+mount point as required.
+<PRE>
+ % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>> <B>-cell</B> <<VAR>cell name</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>mk
+</B><DD>Is the shortest acceptable abbreviation for <B>mkmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point to create. A file or directory with the same
+name cannot already exist. A partial pathname is interpreted relative
+to the current working directory. If you are mounting a foreign
+cell's <B>root.cell</B> volume, the standard value for this
+argument is the cell's complete Internet domain name.
+<P><DT><B><VAR>volume name</VAR>
+</B><DD>Specifies the volume's full name, usually <B>root.cell</B>
+for a cellular mount point.
+<P><DT><B>-cell
+</B><DD>Specifies the complete Internet domain name of the cell in which the
+volume resides.
+</DL>
+<P><LI>If you performed the instructions in Step <A HREF="#LIWQ214">2</A>, issue the <B>vos release</B> command to release the new
+version of the <B>root.afs</B> volume to its read-only
+sites. (This command requires that you be listed in your cell's
+<B>/usr/afs/etc/UserList</B> file. If necessary, verify by issuing
+the <B>bos listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.)
+<P>Also issue the <B>fs checkvolumes</B> command to force the local Cache
+Manager to access the new replica of the <B>root.afs</B>
+volume. If desired, you can also remove the temporary
+<B>new_cells</B> mount point from the
+<B>/afs/.</B><VAR>cellname</VAR> directory.
+<PRE>
+ % <B>vos release root.afs</B>
+
+ % <B>fs checkvolumes</B>
+
+ % <B>cd /afs/.</B><VAR>cellname</VAR>
+
+ % <B>fs rmmount new_cells</B>
+
+
+</PRE>
+<P>For your users to access a newly mounted foreign cell, you must also create
+an entry for it in each client machine's local
+<B>/usr/vice/etc/CellServDB</B> file and either reboot the machine or use
+the <B>fs newcell</B> command to insert the entry directly into its kernel
+memory. See the instructions in <A HREF="auagd015.htm#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+</OL>
+<P><H3><A NAME="HDRWQ215" HREF="auagd002.htm#ToC_231">To remove a mount point</A></H3>
+<A NAME="IDX6575"></A>
+<A NAME="IDX6576"></A>
+<A NAME="IDX6577"></A>
+<A NAME="IDX6578"></A>
+<A NAME="IDX6579"></A>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>d</B> (<B>delete</B>) permission on
+the ACL of the directory from which you are removing the mount point.
+If necessary, issue the <B>fs listacl</B> command, which is fully
+described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI>Issue the <B>fs rmmount</B> command to remove the mount point.
+The volume still exists, but its contents are inaccessible if this is the only
+mount point for it.
+<PRE>
+ % <B>fs rmmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>rm
+</B><DD>Is the shortest acceptable abbreviation of <B>rmmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point to remove. A partial pathname is interpreted
+relative to the current working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to delete a mount point from a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="#HDRWQ209">The Rules of Mount Point Traversal</A>.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ216" HREF="auagd002.htm#ToC_232">Displaying Information About Volumes</A></H2>
+<A NAME="IDX6580"></A>
+<A NAME="IDX6581"></A>
+<P>This section explains how to display information about volumes. If
+you know a volume's name or volume ID number, there are commands for
+displaying its VLDB entry, its volume header, or both. Other commands
+display the name or location of the volume that contains a specified file or
+directory.
+<P>For instructions on displaying a volume's quota, see <A HREF="#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>.
+<P><H3><A NAME="HDRWQ217" HREF="auagd002.htm#ToC_233">Displaying VLDB Entries</A></H3>
+<A NAME="IDX6582"></A>
+<A NAME="IDX6583"></A>
+<A NAME="IDX6584"></A>
+<A NAME="IDX6585"></A>
+<P>The <B>vos listvldb</B> command displays the VLDB entry for the volumes
+indicated by the combination of arguments you provide. The
+possibilities are listed here from most to least inclusive:
+<UL>
+<P><LI>To display every entry in the VLDB, provide no arguments. It can
+take a long time to generate the output, depending on the number of
+entries.
+<P><LI>To display every VLDB entry that mentions a specific file server machine
+as the site of a volume, specify the machine's name with the
+<B>-server</B> argument.
+<P><LI>To display every VLDB entry that mentions a certain partition on any file
+server machine as the site of a volume, specify the partition name with the
+<B>-partition</B> argument.
+<P><LI>To display every VLDB entry that mentions a certain partition on a certain
+file server machine as the site of a volume, combine the <B>-server</B>
+and <B>-partition</B> arguments.
+<P><LI>To display a single VLDB entry, specify a volume name or ID number with
+the <B>-name</B> argument.
+<P><LI>To display the VLDB entry only for volumes with locked VLDB entries, use
+the <B>-locked</B> flag with any of the site definitions mentioned
+previously.
+</UL>
+<A NAME="IDX6586"></A>
+<A NAME="IDX6587"></A>
+<P><H3><A NAME="HDRWQ218" HREF="auagd002.htm#ToC_234">To display VLDB entries</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>vos listvldb</B> command.
+<PRE>
+ % <B>vos listvldb</B> [<B>-name</B> <<VAR>volume name or ID</VAR>>] [<B>-server</B> <<VAR>machine name</VAR>>] \
+ [<B>-partition</B> <<VAR>partition name</VAR>>] [<B>-locked</B>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listvl
+</B><DD>Is the shortest acceptable abbreviation of <B>listvldb</B>.
+<P><DT><B>-name
+</B><DD>Identifies one volume either by its complete name or volume ID
+number. Do not combine this argument with the <B>-server</B> or
+<B>-partition</B> arguments.
+<P><DT><B>-server
+</B><DD>Specifies a file server machine. Combine this argument with the
+<B>-partition</B> argument if desired, but not with the <B>-name</B>
+argument.
+<P><DT><B>-partition
+</B><DD>Specifies a partition. Combine this argument with the
+<B>-server</B> argument if desired, but not with the <B>-name</B>
+argument.
+<P><DT><B>-locked
+</B><DD>Displays only locked VLDB entries. Combine this flag with any of
+the other options.
+</DL>
+</OL>
+<P>The VLDB entry for each volume includes the following information:
+<UL>
+<P><LI>The base (read/write) volume name. The read-only and backup
+versions have the same name with a <B>.readonly</B> and
+<B>.backup</B> extension, respectively.
+<P><LI>The volume ID numbers allocated to the versions of the volume that
+actually exist, in fields labeled <TT>RWrite</TT> for the read/write,
+<TT>ROnly</TT> for the read-only, <TT>Backup</TT> for the backup, and
+<TT>RClone</TT> for the ReleaseClone. (If a field does not appear,
+the corresponding version of the volume does not exist.) The appearance
+of the <TT>RClone</TT> field normally indicates that a release operation did
+not complete successfully; the <TT>Old release</TT> and <TT>New
+release</TT> flags often also appear on one or more of the site definition
+lines described just following.
+<A NAME="IDX6588"></A>
+<A NAME="IDX6589"></A>
+<P><LI>The number of sites that house a read/write or read-only copy of the
+volume, following the string <TT>number of sites -></TT>.
+<A NAME="IDX6590"></A>
+<A NAME="IDX6591"></A>
+<A NAME="IDX6592"></A>
+<A NAME="IDX6593"></A>
+<A NAME="IDX6594"></A>
+<P><LI>A line for each site that houses a read/write or read-only copy of the
+volume, specifying the file server machine, partition, and type of volume
+(<TT>RW</TT> for read/write or <TT>RO</TT> for read-only). If a
+backup version exists, it is understood to share the read/write site.
+Several flags can appear with a site definition:
+<DL>
+<A NAME="IDX6595"></A>
+<P><DT><B><TT>Not released</TT>
+</B><DD>Indicates that the <B>vos release</B> command has not been issued
+since the <B>vos addsite</B> command was used to define the read-only
+site.
+<A NAME="IDX6596"></A>
+<P><DT><B><TT>Old release</TT>
+</B><DD>Indicates that a <B>vos release</B> command did not complete
+successfully, leaving the previous, obsolete version of the volume at this
+site.
+<A NAME="IDX6597"></A>
+<P><DT><B><TT>New release</TT>
+</B><DD>Indicates that a <B>vos release</B> command did not complete
+successfully, but that this site did receive the correct new version of the
+volume.
+</DL>
+<P><LI>If the VLDB entry is locked, the string <TT>Volume is currently
+LOCKED</TT>.
+</UL>
+<P>For further discussion of the <TT>New release</TT> and <TT>Old
+release</TT> flags, see <A HREF="#HDRWQ192">Replicating Volumes (Creating Read-only Volumes)</A>.
+<P>An example of this command and its output for a single volume:
+<PRE>
+ % <B>vos listvldb user.terry</B>
+ user.terry
+ RWrite: 50489902 Backup: 50489904
+ number of sites -> 1
+ server fs3.abc.com partition /vicepc RW Site
+
+</PRE>
+<P><H3><A NAME="HDRWQ219" HREF="auagd002.htm#ToC_235">Displaying Volume Headers</A></H3>
+<A NAME="IDX6598"></A>
+<A NAME="IDX6599"></A>
+<P>The <B>vos listvol</B> command displays the volume header for every
+volume on one or all partitions on a file server machine. The
+<B>vos</B> command interpreter obtains the information from the Volume
+Server on the specified machine. You can control the amount of
+information displayed by including one of the <B>-fast</B>, the
+<B>-long</B>, or the <B>-extended</B> flags described following the
+instructions in <A HREF="#HDRWQ220">To display volume headers</A>.
+<P>To display a single volume's volume header of one volume only, use the
+<B>vos examine</B> command as described in <A HREF="#HDRWQ221">Displaying One Volume's VLDB Entry and Volume Header</A>.
+<A NAME="IDX6600"></A>
+<A NAME="IDX6601"></A>
+<P><H3><A NAME="HDRWQ220" HREF="auagd002.htm#ToC_236">To display volume headers</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>vos listvol</B> command.
+<PRE>
+ % <B>vos listvol</B> <<VAR>machine name</VAR>> [<<VAR>partition name</VAR>>] [<B>-fast</B>] [<B>-long</B>] [<B>-extended</B>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listvo
+</B><DD>Is the shortest acceptable abbreviation of <B>listvol</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine for which to display volume headers.
+Provide this argument alone or with the <VAR>partition name</VAR>
+argument.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names one partition on the file server machine named by the <VAR>machine
+name</VAR> argument, which must be provided along with this one.
+<P><DT><B>-fast
+</B><DD>Displays only the volume ID numbers of relevant volumes. Do not
+combine this flag with the <B>-long</B> or <B>-extended</B>
+flag.
+<P><DT><B>-long
+</B><DD>Displays more detailed information about each volume. Do not
+combine this flag with the <B>-fast</B> or <B>-extended</B>
+flag.
+<P><DT><B>-extended
+</B><DD>Displays all of the information displayed by the <B>-long</B> flag,
+plus tables of statistics about reads and writes to the files in the
+volume. Do not combine this flag with the <B>-fast</B> or
+<B>-long</B> flag.
+</DL>
+</OL>
+<P>The output is ordered alphabetically by volume name and by default provides
+the following information on a single line for each volume:
+<UL>
+<P><LI>Name
+<P><LI>Volume ID number
+<A NAME="IDX6602"></A>
+<P><LI>Type (the flag is <TT>RW</TT> for read/write, <TT>RO</TT> for
+read-only, <TT>BK</TT> for backup)
+<P><LI>Size in kilobytes (<TT>1024</TT> equals a megabyte)
+<P><LI>Number of files in the volume, if the <B>-extended</B> flag is
+provided
+<A NAME="IDX6603"></A>
+<P><LI>Status on the file server machine, which is one of the following:
+<DL>
+<A NAME="IDX6604"></A>
+<P><DT><B><TT>On-line</TT>
+</B><DD>The volume is completely accessible to Cache Managers.
+<A NAME="IDX6605"></A>
+<P><DT><B><TT>Off-line</TT>
+</B><DD>The volume is not accessible to Cache Managers, but does not seem to be
+corrupted. This status appears while a volume is being dumped, for
+example.
+<A NAME="IDX6606"></A>
+<P><DT><B><TT>Off-line**needs salvage**</TT>
+</B><DD>The volume is not accessible to Cache Managers, because it seems to be
+corrupted. Use the <B>bos salvage</B> or <B>salvager</B>
+command to repair the corruption.
+</DL>
+</UL>
+<P>If the following message appears instead of the previously listed
+information, it indicates that a volume is not accessible to Cache Managers or
+the <B>vos</B> command interpreter, for example because a clone is being
+created.
+<PRE> **** Volume <VAR>volume_ID</VAR> is busy ****
+</PRE>
+<P>If the following message appears instead of the previously listed
+information, it indicates that the File Server is unable to attach the volume,
+perhaps because it is seriously corrupted. The <B>FileLog</B> and
+<B>VolserLog</B> log files in the <B>/usr/afs/logs</B> directory on
+the file server machine possibly provide additional information; use the
+<B>bos getlog</B> command to display them.
+<PRE> **** Could not attach volume <VAR>volume_ID</VAR> ****
+</PRE>
+<P>(For instructions on salvaging a corrupted or unattached volume, see <A HREF="#HDRWQ232">Salvaging Volumes</A>.)
+<P>The information about individual volumes is bracketed by summary
+lines. The first line of output specifies the number of volumes in the
+listing. The last line of output summarizes the number of volumes that
+are online, offline, and busy, as in the following example:
+<PRE>
+ % <B>vos listvol fs2.abc.com /vicepb</B>
+ Total number of volumes on server fs2.abc.com \
+ partition /vicepb : 66
+ sys 1969534847 RW 1582 K On-line
+ sys.backup 1969535105 BK 1582 K On-line
+ . . . . . .
+ . . . . . .
+ user.pat 1969534536 RW 17518 K On-line
+ user.pat.backup 1969534538 BK 17537 K On-line
+ Total volumes onLine 66 ; Total volumes offLine 0 ; Total busy 0
+
+</PRE>
+<P><B>Output with the -fast Flag</B>
+<P>
+<A NAME="IDX6607"></A>
+If you include the <B>-fast</B> flag displays only the volume ID number of
+each volume, arranged in increasing numerical order, as in the following
+example. The final line (which summarizes the number of on-line,
+off-line, and busy volumes) is omitted.
+<PRE>
+ % <B>vos listvol fs3.abc.com /vicepa -f</B>
+ Total number of volumes on server fs3.abc.com \
+ partition /vicepa: 37
+ 50489902
+ 50489904
+ .
+ .
+ 35970325
+ 49732810
+
+</PRE>
+<P><B>Output with the -long Flag</B>
+<A NAME="IDX6608"></A>
+<P>When you include the <B>-long</B> flag, , the output for each volume
+includes all of the information in the default listing plus the
+following. Each item in this list corresponds to a separate line of
+output:
+<UL>
+<P><LI>The file server machine and partition that house the volume, as determined
+by the command interpreter as the command runs, rather than derived from the
+VLDB or the volume header.
+<A NAME="IDX6609"></A>
+<A NAME="IDX6610"></A>
+<A NAME="IDX6611"></A>
+<A NAME="IDX6612"></A>
+<A NAME="IDX6613"></A>
+<A NAME="IDX6614"></A>
+<A NAME="IDX6615"></A>
+<A NAME="IDX6616"></A>
+<P><LI>The volume ID numbers associated with the various versions of the
+volume: read/write (<TT>RWrite</TT>), read-only (<TT>ROnly</TT>),
+backup (<TT>Backup</TT>), and ReleaseClone (<TT>RClone</TT>). One
+of them matches the volume ID number that appears on the first line of the
+volume's output. If the value in the <TT>RWrite</TT>,
+<TT>ROnly</TT>, or <TT>Backup</TT> field is <TT>0</TT> (zero), there is
+no volume of that type. If there is currently no ReleaseClone, the
+<TT>RClone</TT> field does not appear at all.
+<A NAME="IDX6617"></A>
+<A NAME="IDX6618"></A>
+<P><LI>The maximum space quota allotted to the read/write copy of the volume,
+expressed in kilobyte blocks in the <TT>MaxQuota</TT> field.
+<A NAME="IDX6619"></A>
+<A NAME="IDX6620"></A>
+<P><LI>The date and time the volume was created, in the <TT>Creation</TT>
+field. If the volume has been restored with the <B>backup
+diskrestore</B>, <B>backup volrestore</B>, or <B>vos restore</B>
+command, this is the restore time.
+<A NAME="IDX6621"></A>
+<A NAME="IDX6622"></A>
+<P><LI>The date and time when the contents of the volume last changed, in the
+<TT>Last Update</TT> field. For read-only and backup volumes, it
+matches the timestamp in the <TT>Creation</TT> field.
+<A NAME="IDX6623"></A>
+<A NAME="IDX6624"></A>
+<P><LI>The number of times the volume has been accessed for a fetch or store
+operation since the later of the two following times:
+<UL>
+<P><LI>12:00 a.m. on the day the command is issued
+<P><LI>The last time the volume changed location
+</UL>
+</UL>
+<P>An example of the output when the <B>-long</B> flag is included:
+<PRE>
+ % <B>vos listvol fs2.abc.com b -long</B>
+ Total number of volumes on server fs2.abc.com
+ partition /vicepb: 66
+ . . . . . .
+ . . . . . .
+ user.pat 1969534536 RW 17518 K On-line
+ fs2.abc.com /vicepb
+ RWrite 1969534536 ROnly 0 Backup 1969534538
+ MaxQuota 20000 K
+ Creation Mon Jun 12 09:02:25 1989
+ Last Update Thu Jan 4 17:39:34 1990
+ 1573 accesses in the past day (i.e., vnode references)
+ user.pat.backup 1969534538 BK 17537 K On-line
+ fs2.abc.com /vicepb
+ RWrite 1969534536 ROnly 0 Backup 1969534538
+ MaxQuota 20000 K
+ Creation Fri Jan 5 06:37:59 1990
+ Last Update Fri Jan 5 06:37:59 1990
+ 0 accesses in the past day (i.e., vnode references)
+ . . . . .
+ . . . . .
+ Total volumes onLine 66 ; Total volumes offLine 0 ; Total busy 0
+
+</PRE>
+<P><B>Output with the -extended Flag</B>
+<A NAME="IDX6625"></A>
+<P>When you include the <B>-extended</B> flag, the output for each volume
+includes all of the information reported with the <B>-long</B> flag, plus
+two tables of statistics:
+<UL>
+<P><LI>The table labeled <TT>Raw Read/Write Stats</TT> table summarizes the
+number of times the volume has been accessed for reading or writing.
+<P><LI>The table labeled <TT>Writes Affecting Authorship</TT> table contains
+information on writes made to files and directories in the specified
+volume.
+</UL>
+<P>An example of the output when the <B>-extended</B> flag is
+included:
+<PRE> % <B>vos listvol fs3.abc.com a -extended</B>
+ common.bboards 1969535592 RW 23149 K used 9401 files On-line
+ fs3.abc.com /vicepa
+ RWrite 1969535592 ROnly 0 Backup 1969535594
+ MaxQuota 30000 K
+ Creation Mon Mar 8 14:26:05 1999
+ Last Update Mon Apr 26 09:20:43 1999
+ 11533 accesses in the past day (i.e., vnode references)
+
+ Raw Read/Write Stats
+ |-------------------------------------------|
+ | Same Network | Diff Network |
+ |----------|----------|----------|----------|
+ | Total | Auth | Total | Auth |
+ |----------|----------|----------|----------|
+ Reads | 151 | 151 | 1092 | 1068 |
+ Writes | 3 | 3 | 324 | 324 |
+ |-------------------------------------------|
+
+ Writes Affecting Authorship
+ |-------------------------------------------|
+ | File Authorship | Directory Authorship|
+ |----------|----------|----------|----------|
+ | Same | Diff | Same | Diff |
+ |----------|----------|----------|----------|
+ 0-60 sec | 92 | 0 | 100 | 4 |
+ 1-10 min | 1 | 0 | 14 | 6 |
+ 10min-1hr | 0 | 0 | 19 | 4 |
+ 1hr-1day | 1 | 0 | 13 | 0 |
+ 1day-1wk | 1 | 0 | 1 | 0 |
+ > 1wk | 0 | 0 | 0 | 0 |
+ |-------------------------------------------|
+
+</PRE>
+<P><H3><A NAME="HDRWQ221" HREF="auagd002.htm#ToC_237">Displaying One Volume's VLDB Entry and Volume Header</A></H3>
+<A NAME="IDX6626"></A>
+<A NAME="IDX6627"></A>
+<A NAME="IDX6628"></A>
+<A NAME="IDX6629"></A>
+<A NAME="IDX6630"></A>
+<A NAME="IDX6631"></A>
+<A NAME="IDX6632"></A>
+<P>The <B>vos examine</B> command displays information from both the VLDB
+and the volume header for a single volume. There is some redundancy in
+the information from the two sources, which allows you to compare the VLDB and
+volume header.
+<P>Because the volume header for each version of a volume (read/write,
+read-only, and backup) is different, you can specify which one to
+display. Include the <B>.readonly</B> or
+<B>.backup</B> extension on the <VAR>volume name or ID</VAR> argument
+as appropriate. The information from the VLDB is the same for all three
+versions.
+<A NAME="IDX6633"></A>
+<A NAME="IDX6634"></A>
+<P><H3><A NAME="HDRWQ222" HREF="auagd002.htm#ToC_238">To display one volume's VLDB entry and volume header</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>vos examine</B> command.
+<PRE>
+ % <B>vos examine</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>e
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Identifies one volume either by its complete name or volume ID
+number. It can be a read/write, read-only, or backup type. Use
+the <B>.backup</B> or <B>.readonly</B> extension if
+appropriate.
+</DL>
+</OL>
+<P>The top part of the output displays the same information from a volume
+header as the <B>vos listvol</B> command with the <B>-long</B> flag,
+as described following the instructions in <A HREF="#HDRWQ220">To display volume headers</A>. If you specify the read-only version of the volume
+and it exists at more than one site, the output includes all of them.
+The bottom part of the output lists the same information from the VLDB as the
+<B>vos listvldb</B> command, as described following the instructions in <A HREF="#HDRWQ218">To display VLDB entries</A>.
+<P>Below is an example for a volume whose VLDB entry is currently
+locked.
+<PRE>
+ % <B>vos examine user.terry</B>
+ user.terry 536870981 RW 3459 K On-line
+ fs3.abc.com /vicepa
+ Write 5360870981 ROnly 0 Backup 536870983
+ MaxQuota 40000 K
+ Creation Mon Jun 12 15:22:06 1989
+ Last Update Fri Jun 16 09:34:35 1989
+ 5719 accesses in the past day (i.e., vnode references)
+ RWrite: 5360870981 Backup: 536870983
+ number of sites -> 1
+ server fs3.abc.com partition /vicepa RW Site
+ Volume is currently LOCKED
+
+</PRE>
+<P><H3><A NAME="HDRWQ223" HREF="auagd002.htm#ToC_239">Displaying the Name or Location of the Volume that Contains a File</A></H3>
+<P>This section explains how to learn the name, volume ID
+number, or location of the volume that contains a file or directory.
+<P>You can also use one piece of information about a volume (for example, its
+name) to obtain other information about it (for example, its location).
+The following list points you to the relevant instructions:
+<UL>
+<A NAME="IDX6635"></A>
+<A NAME="IDX6636"></A>
+<A NAME="IDX6637"></A>
+<A NAME="IDX6638"></A>
+<A NAME="IDX6639"></A>
+<A NAME="IDX6640"></A>
+<A NAME="IDX6641"></A>
+<A NAME="IDX6642"></A>
+<A NAME="IDX6643"></A>
+<A NAME="IDX6644"></A>
+<P><LI>To use a volume's name to learn the volume ID numbers of all its
+existing versions, use the <B>vos examine</B> command as described in <A HREF="#HDRWQ222">To display one volume's VLDB entry and volume header</A>.
+<P>You can also use the command to learn a volume's name by providing its
+ID number.
+<P><LI>To use a volume's name or ID number to learn its location, use the
+<B>vos listvldb</B> command as described in <A HREF="#HDRWQ218">To display VLDB entries</A>.
+<A NAME="IDX6645"></A>
+<A NAME="IDX6646"></A>
+<A NAME="IDX6647"></A>
+<A NAME="IDX6648"></A>
+<A NAME="IDX6649"></A>
+<A NAME="IDX6650"></A>
+</UL>
+<A NAME="IDX6651"></A>
+<A NAME="IDX6652"></A>
+<A NAME="IDX6653"></A>
+<A NAME="IDX6654"></A>
+<A NAME="IDX6655"></A>
+<A NAME="IDX6656"></A>
+<P><H4><A NAME="HDRWQ224">To display the name of the volume that contains a file</A></H4>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs listquota</B> command.
+<PRE>
+ % <B>fs listquota</B> [<<VAR>dir/file path</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>lq
+</B><DD>Is an acceptable alias for <B>listquota</B> (and <B>listq</B> the
+shortest acceptable abbreviation).
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a directory or file housed in the volume for which to display the
+name. Partial pathnames are interpreted relative to the current working
+directory, which is the default if this argument is omitted.
+</DL>
+</OL>
+<P>The following is an example of the output:
+<PRE>
+ % <B>fs listquota /afs/abc.com/usr/terry</B>
+ Volume Name Quota Used % Used Partition
+ user.terry 15000 5071 34% 86%
+
+</PRE>
+<A NAME="IDX6657"></A>
+<A NAME="IDX6658"></A>
+<A NAME="IDX6659"></A>
+<A NAME="IDX6660"></A>
+<A NAME="IDX6661"></A>
+<A NAME="IDX6662"></A>
+<P><H4><A NAME="HDRWQ225">To display the ID number of the volume that contains a file</A></H4>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs examine</B> command.
+<PRE>
+ % <B>fs examine</B> [<<VAR>dir/file path</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>exa
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a directory or file housed in the volume for which to display the
+volume ID. Partial pathnames are interpreted relative to the current
+working directory, which is the default if this argument is omitted.
+</DL>
+</OL>
+<P>The following example illustrates how the output reports the volume ID
+number in the <TT>vid</TT> field.
+<PRE>
+ % <B>fs examine /afs/abc.com/usr/terry</B>
+ Volume status for vid = 50489902 named user.terry
+ Current maximum quota is 15000
+ Current blocks used are 5073
+ The partition has 46383 blocks available out of 333305
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The partition-related statistics in this command's output do not always
+agree with the corresponding values in the output of the standard UNIX
+<B>df</B> command. The statistics reported by this command can be
+up to five minutes old, because the Cache Manager polls the File Server for
+partition information at that frequency. Also, on some operating
+systems, the <B>df</B> command's report of partition size includes
+reserved space not included in this command's calculation, and so is
+likely to be about 10% larger.
+</TD></TR></TABLE>
+<A NAME="IDX6663"></A>
+<A NAME="IDX6664"></A>
+<A NAME="IDX6665"></A>
+<A NAME="IDX6666"></A>
+<A NAME="IDX6667"></A>
+<A NAME="IDX6668"></A>
+<A NAME="IDX6669"></A>
+<P><H4><A NAME="Header_242">To display the location of the volume that contains a file</A></H4>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs whereis</B> command to display the name of the file
+server machine that houses the volume containing a file or directory.
+<PRE>
+ % <B>fs whereis</B> [<<VAR>dir/file path</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>whe
+</B><DD>Is the shortest acceptable abbreviation of <B>whereis</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a directory or file for which to report the location. Partial
+pathnames are interpreted relative to the current working directory, which is
+the default if this argument is omitted.
+</DL>
+<P>The output displays the file server machine that houses the volume
+containing the file, as in the following example:
+<PRE>
+ % <B>fs whereis /afs/abc.com/user/terry</B>
+ File /afs/abc.com/usr/terry is on host fs2.abc.com
+
+</PRE>
+<P><LI>If you also want to know which partition houses the volume, first issue
+the <B>fs listquota</B> command to display the volume's name.
+For complete syntax, see <A HREF="#HDRWQ224">To display the name of the volume that contains a file</A>.
+<PRE>
+ % <B>fs listquota</B> [<<VAR>dir/file path</VAR>>]
+
+</PRE>
+<P>Then issue the <B>vos listvldb</B> command, providing the volume name
+as the <VAR>volume name or ID</VAR> argument. For complete syntax and a
+description of the output, see <A HREF="#HDRWQ218">To display VLDB entries</A>.
+<PRE>
+ % <B>vos listvldb</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ226" HREF="auagd002.htm#ToC_243">Moving Volumes</A></H2>
+<A NAME="IDX6670"></A>
+<A NAME="IDX6671"></A>
+<P>There are three main reasons to move volumes:
+<UL>
+<P><LI>To place volumes on other partitions or machines temporarily while
+repairing or replacing a disk or file server machine.
+<P><LI>To free space on a partition that is becoming overcrowded.
+<A NAME="IDX6672"></A>
+<A NAME="IDX6673"></A>
+<A NAME="IDX6674"></A>
+<A NAME="IDX6675"></A>
+<A NAME="IDX6676"></A>
+One symptom of overcrowding is that users cannot to save files even though the
+relevant volume is below its quota. The following error message
+confirms the problem:
+<PRE>
+ afs: failed to store file (partition full)
+
+</PRE>
+<P>You can track available space on AFS server partitions by using the
+<B>scout</B> or <B>afsmonitor</B> programs described in <A HREF="auagd013.htm#HDRWQ323">Monitoring and Auditing AFS Performance</A>.
+<P><LI>A file server machine is becoming overloaded because it houses many more
+volumes than other machines of the same size, or has volumes with more popular
+files in them.
+</UL>
+<P>
+<A NAME="IDX6677"></A>
+<A NAME="IDX6678"></A>
+To move a read/write volume, use the <B>vos move</B> command as described
+in the following instructions. Before attempting to move the volume,
+the <B>vos</B> command interpreter verifies that there is enough free
+space for it on the destination partition. If not, it does not attempt
+the move operation and prints the following message.
+<PRE>
+ vos: no space on target partition <VAR>destination_part</VAR> to move volume <VAR>volume</VAR>
+
+</PRE>
+<P>To move a read-only volume, you actually remove the volume from the current
+site by issuing the <B>vos remove</B> command as described in <A HREF="#HDRWQ236">To remove a volume and unmount it</A>. Then define a new site and release the volume to it
+by issuing the <B>vos addsite</B> and <B>vos release</B> commands as
+described in <A HREF="#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<A NAME="IDX6679"></A>
+<A NAME="IDX6680"></A>
+<P>A backup volume always resides at the same site as its read/write source
+volume, so you cannot move a backup volume except as part of moving the
+read/write source. The <B>vos move</B> command automatically
+deletes the backup version when you move a read/write volume. To create
+a new backup volume at the new site as soon as the move operation completes,
+issue the <B>vos backup</B> command as described in <A HREF="#HDRWQ205">To create and mount a backup volume</A>.
+<A NAME="IDX6681"></A>
+<A NAME="IDX6682"></A>
+<P><H3><A NAME="Header_244" HREF="auagd002.htm#ToC_244">To move a read/write volume</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos move</B> command to move the volume. Type it
+on a single line; it appears on multiple lines here only for
+legibility.
+<PRE>
+ % <B>vos move</B> <<VAR>volume name or ID</VAR>> \
+ <<VAR>machine name on source</VAR>> <<VAR>partition name on source </VAR>> \
+ <<VAR>machine name on destination</VAR>> <<VAR>partition name on destination</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>m
+</B><DD>Is the shortest acceptable abbreviation of <B>move</B>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Specifies the name or volume ID number of the read/write volume to
+move.
+<P><DT><B><VAR>machine name on source</VAR>
+</B><DD>Names the file server machine currently housing the volume.
+<P><DT><B><VAR>partition name on source</VAR>
+</B><DD>Names the partition currently housing the volume.
+<P><DT><B><VAR>machine name on destination</VAR>
+</B><DD>Names the file server machine to which to move the volume.
+<P><DT><B><VAR>partition name on destination</VAR>
+</B><DD>Names the partition to which to move the volume.
+</DL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">It is best not to halt a <B>vos move</B> operation before it completes,
+because parts of the volume can be left on both the source and destination
+machines. For more information, see the command's reference page
+in the <I>IBM AFS Administration Reference</I>.
+</TD></TR></TABLE>
+<P><LI><B>(Optional)</B> Issue the <B>vos listvldb</B> command to confirm
+the success of the move. Complete instructions appear in <A HREF="#HDRWQ218">To display VLDB entries</A>.
+<PRE>
+ % <B>vos listvldb</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P><LI>If a backup version existed at the read/write volume's previous site,
+create a new backup at the new site by issuing the <B>vos backup</B>
+command, which is fully described in <A HREF="#HDRWQ205">To create and mount a backup volume</A>.
+<PRE>
+ % <B>vos backup</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ227" HREF="auagd002.htm#ToC_245">Synchronizing the VLDB and Volume Headers</A></H2>
+<A NAME="IDX6683"></A>
+<A NAME="IDX6684"></A>
+<A NAME="IDX6685"></A>
+<P>AFS can provide transparent file access because the Volume Location
+Database (VLDB) constantly tracks volume locations. When the Cache
+Manager needs a file, it contacts the Volume Location (VL) Server, which reads
+the VLDB for the current location of the volume containing the file.
+Therefore, the VLDB must accurately reflect the state of volumes on the file
+server machines at all times. The Volume Server and VL Server
+automatically update a volume's VLDB entry when its status changes during
+a <B>vos</B> operation, by performing the following series of
+steps.
+<OL TYPE=1>
+<P><LI><A NAME="LIWQ228"></A>The VL Server locks the VLDB entry. The lock advises
+other operations not to manipulate any of the volume versions (read/write,
+read-only, or backup), which prevents the inconsistency that can result from
+multiple simultaneous operations.
+<P><LI><A NAME="LIWQ229"></A>The VL Server sets an <I>intention flag</I> in the VLDB
+entry that indicates the kind of operation to be performed.
+<A NAME="IDX6686"></A>
+<A NAME="IDX6687"></A>
+This flag never appears in VLDB listings because it is for internal use
+only. In case the operation terminates prematurely, this flag tells the
+Salvager which operation was interrupted. (The Salvager then determines
+the steps necessary either to complete the operation or return the volume to a
+previous consistent state. For more information on salvaging, see <A HREF="#HDRWQ232">Salvaging Volumes</A>.)
+<P><LI><A NAME="LIWQ230"></A>The Volume Server manipulates the volume. It usually
+sets the <TT>Off-line</TT> flag in the volume header, which makes the volume
+inaccessible to the File Server and other Volume Server operations during the
+manipulation. When the operation completes, the volume is again marked
+<TT>On-line</TT>.
+<P><LI><A NAME="LIWQ231"></A>The VL Server records any changes resulting from the operation
+in the VLDB entry. Once the operation is complete, it removes the
+intention flag set in Step <A HREF="#LIWQ229">2</A> and releases the lock set in Step <A HREF="#LIWQ228">1</A>.
+</OL>
+<P>If a <B>vos</B> operation fails while the Volume Server is manipulating
+the volume (corresponding to Step <A HREF="#LIWQ230">3</A>), the volume can be left in an intermediate state, which is
+termed <I>corruption</I>. In this case, the <TT>Off-line</TT> or
+<TT>Off-line**needs salvage**</TT> marker usually appears at the end of the
+first line of output from the <B>vos examine</B> command. To repair
+the corruption, run the Salvager before attempting to resynchronize the VLDB
+and volume headers. For salvaging instructions, see <A HREF="#HDRWQ232">Salvaging Volumes</A>.
+<P>More commonly, an interruption while flags are being set or removed
+(corresponding to Step <A HREF="#LIWQ228">1</A>, Step <A HREF="#LIWQ229">2</A>, or Step <A HREF="#LIWQ231">4</A>) causes a discrepancy
+between the VLDB and volume headers. To resynchronize the VLDB and
+volumes, use the <B>vos syncvldb</B> and <B>vos syncserv</B>
+commands. To achieve complete VLDB consistency, it is best to run the
+<B>vos syncvldb</B> command on all file server machines in the cell, and
+then run the <B>vos syncserv</B> command on all file server machines in
+the cell.
+<A NAME="IDX6688"></A>
+<A NAME="IDX6689"></A>
+<A NAME="IDX6690"></A>
+<P>There are several symptoms that indicate a volume operation failed:
+<UL>
+<P><LI>Error messages on the standard error stream or in server process log files
+indicate that an operation terminated abnormally. Perhaps you had to
+halt the operation before it completed (for instance, by using a signal such
+as <B>Ctrl-c</B>), or a file server machine or server process was not
+functioning when the operation ran. To determine if a machine or
+process is still not functioning, issue the <B>bos status</B> command as
+described in <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<P><LI>A subsequent <B>vos</B> operation fails because a previous failure
+left a VLDB entry locked. Sometimes an error message reports that a
+volume is locked. To display a list of locked volumes, use the
+<B>-locked</B> flag on the <B>vos listvldb</B> command as described in
+<A HREF="#HDRWQ217">Displaying VLDB Entries</A>.
+<P>If the only problem with a volume is that its VLDB entry is locked, you
+probably do not need to synchronize the entire VLDB. Instead use the
+<B>vos unlock</B> or <B>vos unlockvldb</B> command to unlock the
+entry, as described in <A HREF="#HDRWQ247">Unlocking and Locking VLDB Entries</A>.
+<P><LI>A subsequent <B>vos</B> operation fails because a previous failure
+left a volume marked as offline. To check a volume's current
+status, check the first line of output from the <B>vos examine</B> command
+as described in <A HREF="#HDRWQ221">Displaying One Volume's VLDB Entry and Volume Header</A>.
+</UL>
+<A NAME="IDX6691"></A>
+<A NAME="IDX6692"></A>
+<A NAME="IDX6693"></A>
+<A NAME="IDX6694"></A>
+<A NAME="IDX6695"></A>
+<P>The <B>vos syncvldb</B> command corrects the information in the Volume
+Location Database (VLDB) either about all volumes housed on a file server
+machine, about the volumes on just one partition, or about a single
+volume. If checking about one or more partitions, the command contacts
+the Volume Server to obtain a list of the volumes that actually reside on each
+partition. It then obtains the VLDB entry for each volume from the VL
+Server. It changes the VLDB entry as necessary to reflect the state of
+the volume on the partition. For example, it creates or updates a VLDB
+entry when it finds a volume for which the VLDB entry is missing or
+incomplete. However, if there is already a VLDB entry that defines a
+different location for the volume, or there are irreconcilable conflicts with
+other VLDB entries, it instead writes a message about the conflict to the
+standard error stream. The command never removes volumes from the file
+server machine.
+<P>When checking a single volume's VLDB entry, the command also
+automatically performs the operations invoked by the <B>vos syncserv</B>
+command: it not only verifies that the VLDB entry is correct for the
+specified volume type (read/write, backup, or read-only), but also checks that
+any related volume types mentioned in the VLDB entry actually exist at the
+site listed in the entry.
+<A NAME="IDX6696"></A>
+<P>The <B>vos syncserv</B> command verifies that each volume type
+(read/write, read-only, and backup) mentioned in a VLDB entry actually exists
+at the site indicated in the entry. It checks all VLDB entries that
+mention a site either on any of a file server machine's partitions or on
+one partition. Note that command can end up inspecting sites other than
+on the specified machine or partition, if there are read-only versions of the
+volume at sites other than the read/write site.
+<P>The command alters any incorrect information in the VLDB, unless there is
+an irreconcilable conflict with other VLDB entries. In that case, it
+writes a message to the standard error stream instead. The command
+never removes volumes from their sites.
+<A NAME="IDX6697"></A>
+<A NAME="IDX6698"></A>
+<A NAME="IDX6699"></A>
+<A NAME="IDX6700"></A>
+<P><H3><A NAME="Header_246" HREF="auagd002.htm#ToC_246">To synchronize the VLDB with volume headers</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><A NAME="LIVOL-SYNCVL"></A>Issue the <B>vos syncvldb</B> command to make the VLDB
+reflect the true state of all volumes on a machine or partition, or the state
+of one volume.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To synchronize the VLDB completely, issue the command repeatedly,
+substituting each file server machine in your cell for the <B>-server</B>
+argument in turn and omitting the <B>-partition</B> and <B>-volume</B>
+arguments, before proceeding to Step <A HREF="#LIVOL-SYNCSR">3</A>.
+</TD></TR></TABLE>
+<PRE> % <B>vos syncvldb -server</B> <<VAR>machine name</VAR>> [<B>-partition</B> <<VAR>partition name</VAR>>] [<B>-volume</B> <<VAR>volume name or ID</VAR>>] [<B>-verbose >></B> <VAR>file</VAR>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>syncv
+</B><DD>Is the shortest acceptable abbreviation of <B>syncvldb</B>.
+<P><DT><B>-server
+</B><DD>Names the file server machine housing the volumes for which to verify VLDB
+entries. If you are also providing the <B>-volume</B> argument,
+this argument must name the machine where the volume actually resides.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) housing the volumes for which to verify VLDB
+entries. In general, it is best to omit this argument so that either
+the VLDB entries for all volumes on a server machine are corrected (if you do
+not provide the <B>-volume</B> argument), or so that you do not need to
+guarantee that the partition actually houses the volume named by the
+<B>-volume</B> argument.
+<P><DT><B>-volume
+</B><DD>Specifies the name or volume ID number of a single volume for which to
+verify the VLDB entry.
+<P><DT><B><B>-verbose >></B> <VAR>file</VAR>
+</B><DD>Directs a detailed trace to the file called <VAR>file</VAR>, which can be
+either in AFS or on the local disk of the machine on which you are issuing the
+command. The command often writes a large amount of output to the
+standard output stream; writing it to a file enables you to examine the
+output more carefully.
+</DL>
+<P><LI><A NAME="LIVOL-SYNCSR"></A>Issue the <B>vos syncserv</B> command to inspect each
+volume for which the VLDB lists a version at the specified site.
+<P>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To synchronize the VLDB completely, issue the command repeatedly,
+substituting each file server machine in your cell for the <VAR>machine
+name</VAR> argument in turn and omitting the <VAR>partition name</VAR>
+argument.
+</TD></TR></TABLE>
+<PRE> % <B>vos syncserv</B> <<VAR>machine name</VAR>> [<<VAR>partition name</VAR>>] [<B>-v >></B> <VAR>file</VAR>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>syncs
+</B><DD>Is the shortest acceptable abbreviation of <B>syncserv</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine mentioned in each VLDB entry to
+check.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Identifies the partition mentioned in each VLDB entry to check. If
+synchronizing the entire VLDB, omit this argument.
+<P><DT><B>-v >> <I><VAR>file</VAR></I>
+</B><DD>Directs a detailed trace to the file called <VAR>file</VAR>, which can be
+either in AFS or on the local disk of the machine on which you are issuing the
+command. The command often writes a large amount of output to the
+standard output stream; writing it to a file enables you to examine the
+output more carefully.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ232" HREF="auagd002.htm#ToC_247">Salvaging Volumes</A></H2>
+<A NAME="IDX6701"></A>
+<A NAME="IDX6702"></A>
+<A NAME="IDX6703"></A>
+<A NAME="IDX6704"></A>
+<A NAME="IDX6705"></A>
+<A NAME="IDX6706"></A>
+<A NAME="IDX6707"></A>
+<A NAME="IDX6708"></A>
+<P>An unexpected interruption while the Volume Server or File Server is
+manipulating the data in a volume can leave the volume in an intermediate
+state (<I>corrupted</I>), rather than just creating a discrepancy between
+the information in the VLDB and volume headers. For example, the
+failure of the operation that saves changes to a file (by overwriting old data
+with new) can leave the old and new data mixed together on the disk.
+<P>If an operation halts because the Volume Server or File Server exits
+unexpectedly, the BOS Server automatically shuts down all components of the
+<B>fs</B> process and invokes the Salvager. The Salvager checks for
+and repairs any inconsistencies it can. Sometimes, however, there are
+symptoms of the following sort, which indicate corruption serious enough to
+create problems but not serious enough to cause the File Server component to
+fail. In these cases you can invoke the Salvager yourself by issuing
+the <B>bos salvage</B> command.
+<UL>
+<P><LI><B>Symptom:</B> A file appears in the output of the
+<B>ls</B> command, but attempts to access the file fail with messages
+indicating that it does not exist.
+<P><B>Possible cause:</B> The Volume Server or File Server exited in
+the middle of a file-creation operation, after changing the directory
+structure, but before actually storing data. (Other possible causes are
+that the ACL on the directory does not grant the permissions you need to
+access the file, or there is a process, machine, or network outage.
+Check for these causes before assuming the file is corrupted.)
+<P><B>Salvager's solution:</B> Remove the file's entry
+from the directory structure.
+<P><LI><B>Symptom:</B> A volume is marked <TT>Off-line</TT> in the
+output from the <B>vos examine</B> and <B>vos listvol</B> commands, or
+attempts to access the volume fail.
+<P><B>Possible cause:</B> Two files or versions of a file are
+sharing the same disk blocks because of an interrupted operation. The
+File Server and Volume Server normally refuse to attach volumes that exhibit
+this type of corruption, because it can be very dangerous. If the
+Volume Server or File Server do attach the volume but are unsure of the status
+of the affected disk blocks, they sometimes try to write yet more data
+there. When they cannot perform the write, the data is lost.
+This effect can cascade, causing loss of all data on a partition.
+<P><B>Salvager's solution:</B> Delete the data from the
+corrupted disk blocks in preference to losing an entire partition.
+<P><LI><B>Symptom:</B> There is less space available on the partition
+than you expect based on the size statistic reported for each volume by the
+<B>vos listvol</B> command.
+<P><B>Possible cause:</B> There are orphaned files and
+directories. An orphaned element is completely inaccessible because it
+is not referenced by any directory that can act as its parent (is higher in
+the file tree). An orphaned element is not counted in the calculation
+of a volume's size (or against its quota), even though it occupies space
+on the server partition.
+<P><B>Salvager's solution:</B> By default, print a message to
+the <B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were
+found and the approximate number of kilobytes they are consuming. You
+can use the <B>-orphans</B> argument to remove or attach orphaned elements
+instead. See <A HREF="#HDRWQ233">To salvage volumes</A>.
+</UL>
+<P>When you notice symptoms such as these, use the <B>bos salvage</B>
+command to invoke the Salvager before corruption spreads. (Even though
+it operates on volumes, the command belongs to the <B>bos</B> suite
+because the BOS Server must coordinate the shutdown and restart of the Volume
+Server and File Server with the Salvager. It shuts them down before the
+Salvager starts, and automatically restarts them when the salvage operation
+finishes.)
+<P>All of the AFS data stored on a file server machine is inaccessible during
+the salvage of one or more partitions. If you salvage just one volume,
+it alone is inaccessible.
+<P>When processing one or more partitions, the command restores consistency to
+corrupted read/write volumes where possible. For read-only or backup
+volumes, it inspects only the volume header:
+<UL>
+<P><LI>If the volume header is corrupted, the Salvager removes the volume
+completely and records the removal in its log file,
+<B>/usr/afs/logs/SalvageLog</B>. Issue the <B>vos release</B>
+or <B>vos backup</B> command to create the read-only or backup volume
+again.
+<P><LI>If the volume header is intact, the Salvager skips the volume (does not
+check for corruption in the contents). However, if the File Server
+notices corruption as it initializes, it sometimes refuses to attach the
+volume or bring it online. In this case, it is simplest to remove the
+volume by issuing the <B>vos remove</B> or <B>vos zap</B>
+command. Then issue the <B>vos release</B> or <B>vos backup</B>
+command to create it again.
+</UL>
+<P>Combine the <B>bos salvage</B> command's arguments as indicated to
+salvage different numbers of volumes:
+<UL>
+<P><LI>To salvage all volumes on a file server machine, combine the
+<B>-server</B> argument and the <B>-all</B> flag.
+<P><LI>To salvage all volumes on one partition, combine the <B>-server</B>
+and <B>-partition</B> arguments.
+<P><LI>To salvage only one read/write volume, combine the <B>-server</B>,
+<B>-partition</B>, and <B>-volume</B> arguments. Only that
+volume is inaccessible to Cache Managers, because the BOS Server does not
+shutdown the File Server and Volume Server processes during the salvage of a
+single volume. Do not name a read-only or backup volume with the
+<B>-volume</B> argument. Instead, remove the volume, using the
+<B>vos remove</B> or <B>vos zap</B> command. Then create a new
+copy of the volume with the <B>vos release</B> or <B>vos backup</B>
+command.
+</UL>
+<P>The Salvager always writes a trace to the
+<B>/usr/afs/logs/SalvageLog</B> file on the file server machine where it
+runs. To record the trace in another file as well (either in AFS or on
+the local disk of the machine where you issue the <B>bos salvage</B>
+command), name the file with the <B>-file</B> argument. Or, to
+display the trace on the standard output stream as it is written to the
+<B>/usr/afs/logs/SalvageLog</B> file, include the <B>-showlog</B>
+flag.
+<P>By default, multiple Salvager subprocesses run in parallel: one for
+each partition up to four, and four subprocesses for four or more
+partitions. To increase or decrease the number of subprocesses running
+in parallel, provide a positive integer value for the <B>-parallel</B>
+argument.
+<P>If there is more than one server partition on a physical disk, the Salvager
+by default salvages them serially to avoid the inefficiency of constantly
+moving the disk head from one partition to another. However, this
+strategy is often not ideal if the partitions are configured as logical
+volumes that span multiple disks. To force the Salvager to salvage
+logical volumes in parallel, provide the string <B>all</B> as the value
+for the <B>-parallel</B> argument. Provide a positive integer to
+specify the number of subprocesses to run in parallel (for example,
+<B>-parallel 5all</B> for five subprocesses), or omit the integer to run
+up to four subprocesses, depending on the number of logical volumes being
+salvaged.
+<P>The Salvager creates temporary files as it runs, by default writing them to
+the partition it is salvaging. The number of files can be quite large,
+and if the partition is too full to accommodate them, the Salvager terminates
+without completing the salvage operation (it always removes the temporary
+files before exiting). Other Salvager subprocesses running at the same
+time continue until they finish salvaging all other partitions where there is
+enough disk space for temporary files. To complete the interrupted
+salvage, reissue the command against the appropriate partitions, adding the
+<B>-tmpdir</B> argument to redirect the temporary files to a local disk
+directory that has enough space.
+<P>The <B>-orphans</B> argument controls how the Salvager handles orphaned
+files and directories that it finds on server partitions it is
+salvaging. An <I>orphaned</I> element is completely inaccessible
+because it is not referenced by the vnode of any directory that can act as its
+parent (is higher in the filespace). Orphaned objects occupy space on
+the server partition, but do not count against the volume's quota.
+<P>During the salvage, the output of the <B>bos status</B> command reports
+the following auxiliary status for the <B>fs</B> process:
+<PRE>
+ Salvaging file system
+
+</PRE>
+<A NAME="IDX6709"></A>
+<A NAME="IDX6710"></A>
+<P><H3><A NAME="HDRWQ233" HREF="auagd002.htm#ToC_248">To salvage volumes</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos salvage</B> command to salvage one or more
+volumes.
+<PRE>
+ % <B>bos salvage -server</B> <<VAR>machine name</VAR>> [<B>-partition</B> <<VAR>salvage partition</VAR>>] \
+ [<B>-volume</B> <<VAR>salvage volume number or volume name</VAR>>] \
+ [<B>-file</B> <VAR>salvage log output file</VAR>] [<B>-all</B>] [<B>-showlog</B>] \
+ [<B>-parallel</B> <<VAR># of max parallel partition salvaging</VAR>>] \
+ [<B>-tmpdir</B> <<VAR>directory to place tmp files</VAR>>] \
+ [<B>-orphans</B> <<B>ignore</B> | <B>remove</B> | <B>attach</B>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-server
+</B><DD>Names the file server machine on which to salvage volumes. This
+argument can be combined either with the <B>-all</B> flag, the
+<B>-partition</B> argument, or both the <B>-partition</B> and
+<B>-volume</B> arguments.
+<P><DT><B>-partition
+</B><DD>Names a single partition on which to salvage all volumes. The
+<B>-server</B> argument must be provided along with this one.
+<P><DT><B>-volume
+</B><DD>Specifies the name or volume ID number of one read/write volume to
+salvage. Combine this argument with the <B>-server</B> and
+<B>-partition</B> arguments.
+<P><DT><B>-file
+</B><DD>Specifies the complete pathname of a file into which to write a trace of
+the salvage operation, in addition to the <B>/usr/afs/logs/SalvageLog</B>
+file on the server machine. If the file pathname is local, the trace is
+written to the specified file on the local disk of the machine where the
+<B>bos salvage</B> command is issued. If the <B>-volume</B>
+argument is included, the file can be in AFS, though not in the volume being
+salvaged. Do not combine this argument with the <B>-showlog</B>
+flag.
+<P><DT><B>-all
+</B><DD>Salvages all volumes on all of the partitions on the machine named by the
+<B>-server</B> argument.
+<P><DT><B>-showlog
+</B><DD>Displays the trace of the salvage operation on the standard output stream,
+as well as writing it to the <B>/usr/afs/logs/SalvageLog</B> file.
+<P><DT><B>-parallel
+</B><DD>Specifies the maximum number of Salvager subprocesses to run in
+parallel. Provide one of three values:
+<UL>
+<P><LI>An integer from the range <B>1</B> to <B>32</B>. A value of
+<B>1</B> means that a single Salvager process salvages the partitions
+sequentially.
+<P><LI>The string <B>all</B> to run up to four Salvager subprocesses in
+parallel on partitions formatted as logical volumes that span multiple
+physical disks. Use this value only with such logical volumes.
+<P><LI>The string <B>all</B> followed immediately (with no intervening space)
+by an integer from the range <B>1</B> to <B>32</B>, to run the
+specified number of Salvager subprocesses in parallel on partitions formatted
+as logical volumes. Use this value only with such logical
+volumes.
+</UL>
+<P>The BOS Server never starts more Salvager subprocesses than there are
+partitions, and always starts only one process to salvage a single
+volume. If this argument is omitted, up to four Salvager subprocesses
+run in parallel.
+<P><DT><B>-tmpdir
+</B><DD>Specifies the full pathname of a local disk directory to which the
+Salvager process writes temporary files as it runs. By default, it
+writes them to the partition it is currently salvaging.
+<P><DT><B>-orphans
+</B><DD>Controls how the Salvager handles orphaned files and directories.
+Choose one of the following three values:
+<DL>
+<P><DT><B>ignore
+</B><DD>Leaves the orphaned objects on the disk, but prints a message to the
+<B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were found
+and the approximate number of kilobytes they are consuming. This is the
+default if you omit the <B>-orphans</B> argument.
+<P><DT><B>remove
+</B><DD>Removes the orphaned objects, and prints a message to the
+<B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were
+removed and the approximate number of kilobytes they were consuming.
+<P><DT><B>attach
+</B><DD>Attaches the orphaned objects by creating a reference to them in the vnode
+of the volume's root directory. Since each object's actual
+name is now lost, the Salvager assigns each one a name of the following
+form:
+<DL>
+<DD><P><B>_ _ORPHANFILE_ _.</B><VAR>index</VAR> for files
+<DD><P><B>_ _ORPHANDIR_ _.</B><VAR>index</VAR> for directories
+</DL>
+<P>
+<P>where <VAR>index</VAR> is a two-digit number that uniquely identifies each
+object. The orphans are charged against the volume's quota and
+appear in the output of the <B>ls</B> command issued against the
+volume's root directory.
+</DL>
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ234" HREF="auagd002.htm#ToC_249">Setting and Displaying Volume Quota and Current Size</A></H2>
+<A NAME="IDX6711"></A>
+<A NAME="IDX6712"></A>
+<P>Every AFS volume has an associated <VAR>quota</VAR> which limits the
+volume's size. The default quota for a newly created volume is
+5,000 kilobyte blocks (slightly less that 5 MB). When a volume reaches
+its quota, the File Server rejects attempts to create new files or directories
+in it. If an application is writing data into an existing file in a
+full volume, the File Server allows a defined overage (by default, 1
+MB). (You can use the <B>fileserver</B> command's
+<B>-spare</B> or <B>-pctspare</B> argument to change the default
+overage; see the command's reference page in the <I>IBM AFS
+Administration Reference</I>.)
+<P>To set a quota other than 5000 KB as you create a volume, include the
+<B>-maxquota</B> argument to the <B>vos create</B> command, as
+described in <A HREF="#HDRWQ185">Creating Read/write Volumes</A>. To modify an existing volume's quota, issue
+either the <B>fs setquota</B> or the <B>fs setvol</B> command as
+described in the following instructions. Do not set an existing
+volume's quota lower than its current size.
+<P>In general, smaller volumes are easier to administer than larger
+ones. If you need to move volumes, say for load-balancing purposes, it
+is easier to find enough free space on other partitions for small
+volumes. Move operations complete more quickly for small volumes,
+reducing the potential for outages or other errors to interrupt the
+move. AFS supports a maximum volume size, which can vary for different
+AFS releases; see the <I>IBM AFS Release Notes</I> for the version
+you are using. Also, the size of a partition or logical places an
+absolute limit on volume size, because a volume cannot span multiple
+partitions or logical volumes.
+<P>It is generally safe to overpack partitions by putting more volumes on them
+than can actually fit if all the volumes reach their maximum quota.
+However, only experience determines to what degree overpacking works in your
+cell. It depends on what kind of quota you assign to volumes
+(particularly user volumes, which are more likely than system volumes to grow
+unpredictably) and how much information people generate and store in
+comparison to their quota.
+<P>There are several commands that display a volume's quota, as described
+in the following instructions. They differ in how much related
+information they produce.
+<P><H3><A NAME="Header_250" HREF="auagd002.htm#ToC_250">To set quota for a single volume</A></H3>
+<A NAME="IDX6713"></A>
+<A NAME="IDX6714"></A>
+<A NAME="IDX6715"></A>
+<A NAME="IDX6716"></A>
+<A NAME="IDX6717"></A>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setquota</B> command to set the volume's maximum
+quota.
+<PRE>
+ % <B>fs setquota</B> [<<VAR>dir/file path</VAR>>] <B>-max</B> <<VAR>max quota in kbytes</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sq
+</B><DD>Is an acceptable alias for <B>setquota</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a file or directory in the volume for which to set the indicated
+quota. Partial pathnames are interpreted relative to the current
+working directory, which is the default if you omit this argument.
+<P>Specify the read/write path to the file or directory, to avoid the failure
+that results when you attempt to change a read-only volume. By
+convention, you indicate the read/write path by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P><DT><B><VAR>max quota in kbytes</VAR>
+</B><DD>Sets the volume's quota, expressed in kilobyte blocks
+(<B>1024</B> equals a megabyte). A value of <B>0</B> grants an
+unlimited quota, but the size of the partition imposes an absolute
+limit. You must include the <B>-max</B> switch if omitting the
+<VAR>dir/file path</VAR> argument (to set the quota on the volume that houses
+the current working directory).
+</DL>
+</OL>
+<P><H3><A NAME="Header_251" HREF="auagd002.htm#ToC_251">To set maximum quota on one or more volumes</A></H3>
+<A NAME="IDX6718"></A>
+<A NAME="IDX6719"></A>
+<A NAME="IDX6720"></A>
+<A NAME="IDX6721"></A>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setvol</B> command to set the quota on one or more
+volumes.
+<PRE>
+ % <B>fs setvol</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>] <B>-max</B> <<VAR>disk space quota in 1K units</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sv
+</B><DD>Is an acceptable alias for <B>setvol</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names one file or directory that resides in each volume for which to set
+the indicated quota. Partial pathnames are interpreted relative to the
+current working directory, which is the default if you omit this
+argument.
+<P><DT><B><VAR>disk space quota in 1K units</VAR>
+</B><DD>Sets the maximum quota on each volume, expressed in kilobytes blocks
+(<B>1024</B> equals a megabyte). A value of <B>0</B> grants an
+unlimited quota, but the size of the partition does impose an absolute
+limit.
+</DL>
+</OL>
+<A NAME="IDX6722"></A>
+<A NAME="IDX6723"></A>
+<A NAME="IDX6724"></A>
+<A NAME="IDX6725"></A>
+<P><H3><A NAME="Header_252" HREF="auagd002.htm#ToC_252">To display percent quota used</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs quota</B> command.
+<PRE>
+ % <B>fs quota</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>q
+</B><DD>Is the shortest acceptable abbreviation of <B>quota</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a directory or file in each volume for which to display percent
+quota used. Partial pathnames are interpreted relative to the current
+working directory, which is the default if you omit this argument.
+</DL>
+</OL>
+<P>The following example illustrates the output produced by this
+command:
+<PRE>
+ % <B>fs quota /afs/abc.com/usr/terry</B>
+ 34% of quota used.
+
+</PRE>
+<A NAME="IDX6726"></A>
+<A NAME="IDX6727"></A>
+<A NAME="IDX6728"></A>
+<A NAME="IDX6729"></A>
+<A NAME="IDX6730"></A>
+<A NAME="IDX6731"></A>
+<P><H3><A NAME="Header_253" HREF="auagd002.htm#ToC_253">To display quota, current size, and other information</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs listquota</B> command.
+<PRE>
+ % <B>fs listquota</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>lq
+</B><DD>Is an alias for <B>listquota</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a directory or file in each volume for which to display quota along
+with volume name and current space usage. Partial pathnames are
+interpreted relative to the current working directory, which is the default if
+you omit this argument.
+</DL>
+</OL>
+<P>As illustrated in the following example, the output reports the
+volume's name, its quota and current size (both in kilobyte units), the
+percent quota used, and the percentage of space on the volume's host
+partition that is used.
+<PRE>
+ % <B>fs listquota /afs/abc.com/usr/terry</B>
+ Volume Name Quota Used % Used Partition
+ user.terry 15000 5071 34% 86%
+
+</PRE>
+<A NAME="IDX6732"></A>
+<A NAME="IDX6733"></A>
+<A NAME="IDX6734"></A>
+<A NAME="IDX6735"></A>
+<A NAME="IDX6736"></A>
+<A NAME="IDX6737"></A>
+<A NAME="IDX6738"></A>
+<P><H3><A NAME="Header_254" HREF="auagd002.htm#ToC_254">To display quota, current size, and more partition information</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs examine</B> command.
+<PRE>
+ % <B>fs examine</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>exa
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a directory or file in each volume for which to display quota
+information and information about the host partition. Partial pathnames
+are interpreted relative to the current working directory, which is the
+default if you omit this argument.
+</DL>
+</OL>
+<P>As illustrated in the following example, the output displays the
+volume's volume ID number and name, its quota and current size (both in
+kilobyte units), and the free and total number of kilobyte blocks on the
+volume's host partition.
+<PRE>
+ % <B>fs examine /afs/abc.com/usr/terry</B>
+ Volume status for vid = 50489902 named user.terry
+ Current maximum quota is 15000
+ Current blocks used are 5073
+ The partition has 46383 blocks available out of 333305
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The partition-related statistics in this command's output do not always
+agree with the corresponding values in the output of the standard UNIX
+<B>df</B> command. The statistics reported by this command can be
+up to five minutes old, because the Cache Manager polls the File Server for
+partition information at that frequency. Also, on some operating
+systems, the <B>df</B> command's report of partition size includes
+reserved space not included in this command's calculation, and so is
+likely to be about 10% larger.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ235" HREF="auagd002.htm#ToC_255">Removing Volumes and their Mount Points</A></H2>
+<A NAME="IDX6739"></A>
+<A NAME="IDX6740"></A>
+<A NAME="IDX6741"></A>
+<A NAME="IDX6742"></A>
+<A NAME="IDX6743"></A>
+<P>To remove a volume from its site and its record from the VLDB, use the
+<B>vos remove</B> command. Use it to remove any of the three types
+of volumes; the effect depends on the type.
+<UL>
+<P><LI>If you indicate the read/write volume by specifying the volume's base
+name without a <B>.readonly</B> or <B>.backup</B>
+extension, the command removes both the read/write and associated backup
+volume from the partition that houses them.
+<A NAME="IDX6744"></A>
+<A NAME="IDX6745"></A>
+You do not need to provide the <B>-server</B> and <B>-partition</B>
+arguments, because there can be only one read/write site. The site
+information is also removed from the VLDB entry, and the site count (reported
+by the <B>vos examine</B> and <B>vos listvldb</B> commands as
+<TT>number of sites</TT>) decrements by one. The read/write and
+backup volume ID numbers no longer appear in the output from the <B>vos
+examine</B> and <B>vos listvldb</B> commands, but they are preserved
+internally. Read-only sites, if any, are not affected, but cannot be
+changed unless a read/write site is again defined. The entire VLDB
+entry is removed if there are no read-only sites.
+<P>If there are no read-only copies left, it is best to remove the
+volume's mount point to prevent attempts to access the volume's
+contents. Do not remove the mount point if copies of the read-only
+volume remain.
+<P><LI>If you indicate a read-only volume by including the
+<B>.readonly</B> extension on its name, it is removed from the
+partition that houses it, and the corresponding site information is removed
+from the VLDB entry. The site count reported by the <B>vos
+examine</B> and <B>vos listvldb</B> commands as <TT>number of
+sites</TT> decrements by one for each volume you remove.
+<A NAME="IDX6746"></A>
+<P>If there is more than one read-only site, you must include the
+<B>-server</B> argument (and optionally <B>-partition</B> argument) to
+specify the site from which to remove the volume. If there is only one
+read-only site, the volume name is sufficient; if no read/write volume
+exists in this case, the entire VLDB entry is removed.
+<P>It is not generally appropriate to remove the volume's mount point
+when removing a read-only volume, especially if the read/write version of the
+volume still exists. If the read/write version no longer exists, remove
+the mount point as described in Step <A HREF="#LIWQ239">5</A> of <A HREF="#HDRWQ236">To remove a volume and unmount it</A>.
+<P><LI>If you indicate a backup volume by including the <B>.backup</B>
+extension on its name, it is removed from the partition that houses it and its
+site information is removed from the VLDB entry. You do not need to
+provide the <B>-server</B> and <B>-partition</B> arguments, because
+there can be only one backup site. The backup volume ID number no
+longer appears in the output from the <B>vos examine</B> or <B>vos
+listvldb</B> command, but is preserved internally.
+<P>In the standard configuration, there is a separate mount point for the
+backup version of a user volume. Remember to remove the mount point to
+prevent attempt to access the nonexistent volume's contents.
+</UL>
+<P><H3><A NAME="Header_256" HREF="auagd002.htm#ToC_256">Other Removal Commands</A></H3>
+<A NAME="IDX6747"></A>
+<P>The <B>vos remove</B> command is almost always the appropriate way to
+remove a volume, because it automatically removes a volume's VLDB entry
+and both the volume header and all data from the partition. If either
+the VLDB entry or volume header does not exist, it is sometimes necessary to
+use other commands that remove only the remaining element. Do not use
+these commands in the normal case when both the VLDB entry and the volume
+header exist, because by definition they create discrepancies between
+them. For details on the commands' syntax, see their reference
+pages in the <I>IBM AFS Administration Reference</I>.
+<P>The <B>vos zap</B> command removes a volume from its site by removing
+the volume header and volume data for which a VLDB entry no longer
+exists.
+<A NAME="IDX6748"></A>
+<A NAME="IDX6749"></A>
+You can tell a VLDB entry is missing if the <B>vos listvol</B> command
+displays the volume header but the <B>vos examine</B> or <B>vos
+listvldb</B> command cannot locate the VLDB entry. You must run this
+command to correct the discrepancy, because the <B>vos syncvldb</B> and
+<B>vos syncserv</B> commands never remove volume headers.
+<P>The <B>vos remsite</B> command removes a read-only site definition from
+the VLDB without affecting the volume on the file server machine.
+<A NAME="IDX6750"></A>
+<A NAME="IDX6751"></A>
+Use this command when you have mistakenly issued the <B>vos addsite</B>
+command to define a read-only site, but have not yet issued the <B>vos
+release</B> command to release the volume to the site. If you have
+actually released a volume to the site, use the <B>vos remove</B> command
+instead.
+<P>The <B>vos delentry</B> command removes the entire VLDB entry that
+mentions the volume you specify.
+<A NAME="IDX6752"></A>
+<A NAME="IDX6753"></A>
+If versions of the volume actually exist on file server machines, they are not
+affected. This command is useful if you know for certain that a volume
+removal was not recorded in the VLDB (perhaps you used the <B>vos zap</B>
+command during an emergency), and do not want to take the time to
+resynchronize the entire VLDB with the <B>vos syncvldb</B> and <B>vos
+syncserv</B> commands.
+<P><H3><A NAME="HDRWQ236" HREF="auagd002.htm#ToC_257">To remove a volume and unmount it</A></H3>
+<A NAME="IDX6754"></A>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If removing the volume's mount point, verify that you have the
+<B>d</B> (<B>delete</B>) permission on its parent directory's
+ACL. If necessary, issue the <B>fs listacl</B> command, which is
+fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI><A NAME="LIWQ237"></A><B>(Optional)</B> Dump the volume to a file or to tape, in
+case you want to restore it later. To copy the volume's contents
+to a file, use the <B>vos dump</B> command as instructed in <A HREF="#HDRWQ240">Dumping and Restoring Volumes</A>. You can then copy the file to tape using a
+third-party backup utility or an archiving utility such as the UNIX
+<B>tar</B> command.
+<P>Alternatively, use the AFS Backup System to create a tape copy. In
+this case, it can be convenient to create a temporary volume set that includes
+only the volume of interest. Temporary volume sets are not recorded in
+the Backup Database, and so do not clutter database with records for volume
+sets that you use only once. For instructions, see <A HREF="auagd012.htm#HDRWQ301">To create a dump</A>.
+<A NAME="IDX6755"></A>
+<A NAME="IDX6756"></A>
+<P><LI><A NAME="LIWQ238"></A>Issue the <B>vos remove</B> command to remove the
+volume. If removing a read-only volume from multiple sites, repeat the
+command for each one.
+<PRE>
+ % <B>vos remove</B> [<B>-server</B> <VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>] \
+ <B>-id</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>remo
+</B><DD>Is the shortest acceptable abbreviation of <B>remove</B>.
+<P><DT><B>-server
+</B><DD>Specifies the file server machine on which the volume resides. It
+is necessary only when the <B>-id</B> argument names a read-only volume
+that exists at multiple sites.
+<P><DT><B>-partition
+</B><DD>Specifies the partition on <VAR>machine name</VAR> where the volume
+resides. It is necessary only when the <B>-id</B> argument names a
+read-only volume that exists at multiple sites. Provide the
+<B>-server</B> argument along with this one.
+<P><DT><B>-id
+</B><DD>Identifies the volume to remove, either by its complete name or volume ID
+number. If identifying a read-only or backup volume by name, include
+the appropriate extension (<B>.readonly</B> or
+<B>.backup</B>).
+</DL>
+<A NAME="IDX6757"></A>
+<A NAME="IDX6758"></A>
+<P><LI><A NAME="LIWQ239"></A>If you are removing the last existing version of the volume,
+issue the <B>fs rmmount</B> command remove the corresponding mount
+point. Complete instructions appear in <A HREF="#HDRWQ236">To remove a volume and unmount it</A>.
+<P>If you are removing a backup volume that is mounted in the conventional way
+(at a subdirectory of its read/write volume's root directory), then
+removing the source volume's mount point in this step is sufficient to
+remove the backup volume's mount point. If you mounted the backup
+at a completely separate directory, you need to repeat this step for the
+backup volume's mount point.
+<PRE>
+ % <B>fs rmmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+<P><LI><B>(Optional)</B> If you created a dump file in Step <A HREF="#LIWQ237">3</A>, transfer it to tape. The preferred method is to use
+the AFS Backup System, which is described in <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+</OL>
+<HR><H2><A NAME="HDRWQ240" HREF="auagd002.htm#ToC_258">Dumping and Restoring Volumes</A></H2>
+<A NAME="IDX6759"></A>
+<A NAME="IDX6760"></A>
+<P><I>Dumping</I> a volume with the <B>vos dump</B> command converts
+its contents into ASCII format and writes them to the file you specify.
+The <B>vos restore</B> command places a dump file's contents into a
+volume after converting them into the volume format appropriate for the
+indicated file server machine.
+<P><H3><A NAME="Header_259" HREF="auagd002.htm#ToC_259">About Dumping Volumes</A></H3>
+<A NAME="IDX6761"></A>
+<A NAME="IDX6762"></A>
+<A NAME="IDX6763"></A>
+<A NAME="IDX6764"></A>
+<A NAME="IDX6765"></A>
+<A NAME="IDX6766"></A>
+<P>Dumping a volume can be useful in several situations, including the
+following:
+<UL>
+<P><LI>You want to back it up to tape, perhaps by using a third-party backup
+utility. To facilitate this type of backup operation, the <B>vos
+dump</B> command can write to a named pipe. To learn about using the
+AFS Backup System instead, see <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<P><LI>You are removing the volume from your cell (perhaps because its owner is
+leaving your cell). The <B>vos dump</B> command enables you to
+create a copy for safekeeping without incurring the overhead of the Backup
+System. For complete instructions on removing a volume, see <A HREF="#HDRWQ235">Removing Volumes and their Mount Points</A>.
+<P><LI>You want to create a copy of the volume for safekeeping on a non-AFS
+server partition, perhaps while you move the actual volume to another machine
+or perform maintenance tasks on the partition that houses the volume.
+<P><LI>You need to replace a corrupted read/write volume. If an
+uncorrupted read-only or backup version of the volume exists, dump it and
+restore the data into the read/write volume, overwriting the corrupted
+contents.
+<P><LI>You want to copy or transfer the contents of the volume to another
+cell. You cannot use the <B>vos move</B> command, because AFS
+supports volume moves only between file server machines that belong to the
+same cell.
+<P><LI>You want to have another read/write copy of the volume's
+contents. The second volume must have a different name than the
+original one. If you want the contents of the two volumes to remain
+identical, you must update them both manually. AFS provides no facility
+for keeping read/write volumes synchronized in this way.
+<P><LI>You want a copy of only the files and directories in the volume with
+modification time stamps after a certain date. The <B>vos dump</B>
+command can create an incremental dump file as described in Step <A HREF="#LIWQ241">3</A> of the following instructions.
+</UL>
+<A NAME="IDX6767"></A>
+<A NAME="IDX6768"></A>
+<A NAME="IDX6769"></A>
+<P>You can use the <B>vos dump</B> command to create a <I>full
+dump</I>, which contains the complete contents of the volume at the time you
+issue the command, or an <I>incremental dump</I>, which contains only
+those files and directories with modification timestamps (as displayed by the
+<B>ls -l</B> command) that are later than a date and time you
+specify. See Step <A HREF="#LIWQ241">3</A> of the following instructions.
+<P>Dumping a volume does not change its VLDB entry or permanently affect its
+status on the file server machine, but the volume's contents are
+inaccessible during the dump operation. To avoid interrupting access to
+the volume, it is generally best to dump the volume's backup version,
+just after using the <B>vos backup</B> or <B>vos backupsys</B> command
+to create a new backup version.
+<P>If you do not provide a filename into which to write the dump, the <B>vos
+dump</B> command directs the output to the standard output stream.
+You can pipe it directly to the <B>vos restore</B> command if you
+wish.
+<P>Because a volume dump file is in ASCII format, you can read its contents
+using a text editor or a command such as the <B>cat</B> command.
+However, dump files sometimes contain special characters that do not have
+alphanumeric correlates, which can cause problems for some display
+programs.
+<P>By default, the <B>vos</B> command interpreter consults the Volume
+Location Database (VLDB) to learn the volume's location, so the
+<B>-server</B> and <B>-partition</B> arguments are not
+required. If the <B>-id</B> argument identifies a read-only volume
+that resides at multiple sites, then the command dumps the version from just
+one of them (normally, the one listed first in the volume's VLDB entry as
+reported by the <B>vos examine</B> or <B>vos listvldb</B>
+command). To dump the read-only volume from a particular site, use the
+<B>-server</B> and <B>-partition</B> arguments to specify the
+site. To bypass the VLDB lookup entirely, provide a volume ID number
+(rather than a volume name) as the value for the <B>-id</B> argument,
+along with the <B>-server</B> and <B>-partition</B> arguments.
+This makes it possible to dump a volume for which there is no VLDB
+entry.
+<A NAME="IDX6770"></A>
+<A NAME="IDX6771"></A>
+<P><H3><A NAME="Header_260" HREF="auagd002.htm#ToC_260">To dump a volume</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that you have the permissions necessary to create the dump
+file. If placing it in AFS, you must have the <B>i</B>
+(<B>insert</B>) permission on the ACL of the file's directory.
+If necessary, issue the <B>fs listacl</B> command, which is fully
+described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI><A NAME="LIWQ241"></A>Issue the <B>vos dump</B> command to dump the
+volume.
+<PRE>
+ % <B>vos dump -id</B> <<VAR>volume name or ID</VAR>> [<B>-time</B> <<VAR>dump from time</VAR>>] [<B>-file</B> <<VAR>arg</VAR>>] [<B>-server</B> <<VAR>server</VAR>>] [<B>-partition</B> <<VAR>partition</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-id
+</B><DD>Identifies the volume to be dumped by its complete name or volume ID
+number. If you want to dump the read-only or backup version, specify
+its volume ID number or add the appropriate extension
+(<B>.readonly</B> or <B>.backup</B>) to the name.
+<P>To bypass the normal VLDB lookup of the volume's location, provide the
+volume ID number and combine this argument with the <B>-server</B> and
+<B>-partition</B> arguments.
+<P><DT><B>-time
+</B><DD>Specifies whether the dump is full or incremental. Omit this
+argument to create a full dump, or provide one of three acceptable
+values:
+<UL>
+<P><LI>The value <B>0</B> (zero) to create a full dump.
+<P><LI>A date in the format
+<I>mm</I><B>/</B><I>dd</I><B>/</B><I>yyyy</I> (month, day
+and year) to create an incremental dump that includes only files and
+directories with modification timestamps later than midnight (12:00
+a.m.) on the indicated date. Valid values for the year
+range from <B>1970</B> to <B>2037</B>; higher values are not
+valid because the latest possible date in the standard UNIX representation is
+in 2038. The command interpreter automatically reduces later dates to
+the maximum value. An example is <B>01/13/1999</B>.
+<P><LI>A date and time in the format
+<B>"</B><I>mm</I><B>/</B><I>dd</I><B>/</B><I>yyyy</I>
+<I>hh</I><B>:</B><I>MM</I><B>"</B> to create an
+incremental dump that includes only files and directories with modification
+timestamps later than the specified date and time. The date format is
+the same as for a date alone. Express the time as hours and minutes
+(<I>hh</I>:<I>MM</I>) in 24-hour format (for example,
+<B>20:30</B> is 8:30 p.m.). Surround the
+entire expression with double quotes (" ") because it contains a space.
+An example is <B>"01/13/1999 22:30"</B>.
+</UL>
+<P><DT><B>-file
+</B><DD>Specifies the pathname of the file to which to write the dump. The
+file can be in AFS, but not in the volume being dumped. A partial
+pathname is interpreted relative to the current working directory. Omit
+this argument to direct the dump to the standard output stream.
+<P><DT><B>-server
+</B><DD>Specifies the file server machine on which the volume resides.
+Provide the <B>-partition</B> argument along with this one.
+<P><DT><B>-partition
+</B><DD>Specifies the partition on which the volume resides. Provide the
+<B>-server</B> argument along with this one.
+</DL>
+</OL>
+<P><H3><A NAME="Header_261" HREF="auagd002.htm#ToC_261">About Restoring Volumes</A></H3>
+<A NAME="IDX6772"></A>
+<A NAME="IDX6773"></A>
+<P>Although you can dump any of the three types of volumes (read/write,
+read-only, or backup), you can restore a dump file to the file system only as
+a read/write volume, using the <B>vos restore</B> command. The
+command automatically translates the dump file's contents from ASCII back
+into the volume format appropriate for the file server machine that stores the
+restored version. As with the <B>vos dump</B> command, you can
+restore a dump file via a named pipe, which facilitates interoperation with
+third-party backup utilities.
+<P>You can restore the contents of a dump file in one of two basic
+ways. In either case, you must restore a full dump of the volume before
+restoring any incremental dumps. Any incremental dumps that you then
+restore must have been created after the full dump. If there is more
+than one incremental dump, you must restore them in the order they were
+created.
+<UL>
+<P><LI>You can restore volume data into a brand new volume with a new name and at
+a location that you specify. See <A HREF="#HDRWQ242">To restore a dump into a new volume and mount it</A>.
+<P>You can assign a volume ID number as you restore the volume, though it is
+best to have the Volume Server allocate a volume number automatically.
+The most common reason for specifying the volume ID is that a volume's
+VLDB entry has disappeared for some reason, but you know the former read/write
+volume ID number and want to reuse it.
+<P><LI>You can restore volume data into an existing volume (usually the one that
+was previously dumped), overwriting its current contents. This is
+convenient if the current contents are corrupted or otherwise incorrect,
+because it allows you to replace them with a coherent version from the past or
+from one of the volume's clones. See <A HREF="#HDRWQ244">To restore a dump file, overwriting an existing volume</A>.
+<P>Provide the <B>-overwrite</B> argument to preconfirm that you wish to
+overwrite the volume's contents, and to specify whether you are restoring
+a full or incremental dump. If you omit the <B>-overwrite</B>
+argument, the Volume Server generates the following prompt to confirm that you
+want to overwrite the existing volume with either a full (<B>f</B>) or
+incremental (<B>i</B>) dump:
+<PRE>
+ Do you want to do a full/incremental restore or abort? [fia](a):
+
+</PRE>
+<P>If you pipe in the dump file via the standard input stream instead of using
+the <B>-file</B> argument to name it, you must include the
+<B>-overwrite</B> argument because there is nowhere for the Volume Server
+to display the prompt in this case.
+<P>You can move the volume to a new site as you overwrite it with a full dump,
+by using the <B>-server</B> and <B>-partition</B> arguments to specify
+the new site. You cannot move the volume when restoring an incremental
+dump.
+</UL>
+<P>The <B>vos restore</B> command sets the restored volume's creation
+date in the volume header to the time of the restore operation, as reported in
+the <TT>Creation</TT> field in the output from the <B>vos examine</B>
+and <B>vos listvol</B> commands.
+<A NAME="IDX6774"></A>
+<A NAME="IDX6775"></A>
+<P><H3><A NAME="HDRWQ242" HREF="auagd002.htm#ToC_262">To restore a dump into a new volume and mount it</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that you have permissions needed to read the dump file and to mount
+the new volume. If the dump file resides in AFS, you need the
+<B>r</B> (<B>read</B>) permission on the ACL of its directory.
+You need the <B>i</B> (<B>insert</B>) and <B>a</B>
+(<B>administer</B>) permissions on the ACL of the directory where you are
+mounting the new volume. If necessary, issue the <B>fs listacl</B>
+command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI>Select a site (disk partition on a file server machine) for the new
+volume. If your cell groups different types of volumes onto different
+file server machines, that can guide your decision. It often makes
+sense to put the volume on the emptiest partition that meets your other
+criteria. To display how much space is available on a file server
+machine's partitions, use the <B>vos partinfo</B> command, which is
+described fully in <A HREF="#HDRWQ185">Creating Read/write Volumes</A>.
+<PRE>
+ % <B>vos partinfo</B> <<VAR>machine name</VAR>> [<<VAR>partition name</VAR>>]
+
+</PRE>
+<P><LI><A NAME="LIWQ243"></A>Issue the <B>vos restore</B> command to create a new volume
+and restore the dump file into it. Type it on a single line; it
+appears on multiple lines here only for legibility.
+<PRE>
+ % <B>vos restore</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> \
+ <<VAR>name of volume to be restored</VAR>> \
+ [<B>-file</B> <<VAR>dump file</VAR>>] [<B>-id</B> <<VAR>volume ID</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>res
+</B><DD>Is the shortest acceptable abbreviation of <B>restore</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine on which to create the new volume.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names the partition on which to create the new volume.
+<P><DT><B><VAR>name of volume to be restored</VAR>
+</B><DD>Names the new read/write volume, which must not already have a VLDB
+entry. It can be up to 22 characters in length.
+<P><DT><B>-file
+</B><DD>Is the dump file to restore. Partial pathnames are interpreted with
+respect to the current working directory. Omit this argument if using a
+pipe to read in the dump file from the standard input stream.
+<P><DT><B>-volume
+</B><DD>Specifies the new volume's ID number. It is appropriate only
+if you are restoring a volume that no longer exists and want to use the volume
+ID number it had previously.
+</DL>
+<A NAME="IDX6776"></A>
+<A NAME="IDX6777"></A>
+<P><LI>Issue the <B>fs mkmount</B> command to mount the new volume, making
+its contents accessible. Complete instructions appear in <A HREF="#HDRWQ212">To create a regular or read/write mount point</A>.
+<PRE>
+ % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>>
+
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>fs lsmount</B> command to verify
+that the mount point refers to the correct volume. Complete
+instructions appear in <A HREF="#HDRWQ211">To display a mount point</A>.
+<PRE>
+ % <B>fs lsmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+</OL>
+<A NAME="IDX6778"></A>
+<A NAME="IDX6779"></A>
+<P><H3><A NAME="HDRWQ244" HREF="auagd002.htm#ToC_263">To restore a dump file, overwriting an existing volume</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that you have permissions needed to read the dump file. If
+it resides in AFS, you need the <B>r</B> (<B>read</B>) permission on
+the ACL of its directory. If necessary, issue the <B>fs listacl</B>
+command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI>Restore the contents of the dump file into a read/write volume,
+overwriting the current contents. The volume retains its current volume
+ID number. Type it on a single line; it appears on multiple lines
+here only for legibility.
+<PRE>
+ % <B>vos restore</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> \
+ <<VAR>name of volume to be restored</VAR>> \
+ [<B>-file</B> <<VAR>dump file</VAR>>] \
+ <B>-overwrite</B> <<B>full</B> | <B>incremental</B>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>res
+</B><DD>Is the shortest acceptable abbreviation of <B>restore</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine where the volume already exists, or the
+machine to which to move it. In the latter case, the value for the
+<B>-overwrite</B> argument must be <B>full</B>.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names the partition where the volume already exists, or the partition to
+which to move it. In the latter case, the value for the
+<B>-overwrite</B> argument must be <B>full</B>.
+<P><DT><B><VAR>name of volume to be restored</VAR>
+</B><DD>Names the read/write volume to overwrite with the contents of the dump
+file.
+<P><DT><B>-file
+</B><DD>Is the dump file to restore. Partial pathnames are interpreted with
+respect to the current working directory. Omit this argument if using a
+pipe to read in the dump file from the standard input stream; in this
+case, you must provide the <B>-overwrite</B> argument.
+<P><DT><B>-overwrite
+</B><DD>Preconfirms that you want to overwrite the existing volume and specifies
+which type of dump file you are restoring. Provide one of the following
+values:
+<UL>
+<P><LI><B>f</B> or <B>full</B> if restoring a full dump file
+<P><LI><B>i</B> or <B>incremental</B> if restoring an incremental dump
+file. This value is not acceptable if you are moving the volume while
+restoring it.
+<P><LI><B>a</B> to terminate the restore operation
+</UL>
+</DL>
+<P><LI>If the volume is replicated, issue the <B>vos release</B> command to
+release the newly restored contents to read-only sites. Complete
+instructions appear in <A HREF="#HDRWQ192">Replicating Volumes (Creating Read-only Volumes)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P><LI>Issue the <B>vos backup</B> command to create a new backup version of
+the volume. Complete instructions appear in <A HREF="#HDRWQ201">Creating Backup Volumes</A>.
+<PRE>
+ % <B>vos backup</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ245" HREF="auagd002.htm#ToC_264">Renaming Volumes</A></H2>
+<A NAME="IDX6780"></A>
+<A NAME="IDX6781"></A>
+<A NAME="IDX6782"></A>
+<A NAME="IDX6783"></A>
+<P>You can use the <B>vos rename</B> command to rename a volume.
+For example, it is appropriate to rename a user's home volume if you use
+the <B>user.</B><VAR>username</VAR> convention for user volume names
+and you change the username. (For complete instructions for changing
+usernames, see <A HREF="auagd018.htm#HDRWQ518">Changing Usernames</A>.)
+<P>
+<A NAME="IDX6784"></A>
+<A NAME="IDX6785"></A>
+<A NAME="IDX6786"></A>
+The <B>vos rename</B> command accepts only read/write volume names, but
+automatically changes the names of the associated read-only and backup
+volumes. As directed in the following instructions, you need to replace
+the volume's current mount point with a new one that reflects the name
+change.
+<A NAME="IDX6787"></A>
+<A NAME="IDX6788"></A>
+<P><H3><A NAME="HDRWQ246" HREF="auagd002.htm#ToC_265">To rename a volume</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Verify that you have the <B>a</B> (<B>administer</B>),
+<B>d</B> (<B>delete</B>), and <B>i</B> (<B>insert</B>) access
+permissions for the directory in which you are replacing the volume's
+mount point. If necessary, issue the <B>fs listacl</B> command,
+which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI><A NAME="LIVOL-REN"></A>Issue the <B>vos rename</B> command to rename the
+volume.
+<PRE>
+ % <B>vos rename</B> <<VAR>old volume name</VAR>> <<VAR>new volume name</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ren
+</B><DD>Is the shortest acceptable abbreviation of <B>rename</B>.
+<P><DT><B><VAR>old volume name</VAR>
+</B><DD>Is the current name of a read/write volume.
+<P><DT><B><VAR>new volume name</VAR>
+</B><DD>Is the new name for the volume. It cannot be more than 22
+characters in length.
+</DL>
+<P>If there is no Volume Location Database (VLDB) entry for the specified
+current volume name, the command fails with the following error message:
+<P>
+<PRE>
+ vos: Could not find entry for volume <VAR>old_volume_name</VAR>.
+
+</PRE>
+<A NAME="IDX6789"></A>
+<A NAME="IDX6790"></A>
+<P><LI>Issue the <B>fs rmmount</B> command to remove the mount point that
+refers to the volume's old name. Complete instructions appear in <A HREF="#HDRWQ215">To remove a mount point</A>.
+<PRE>
+ % <B>fs rmmount</B> <<VAR>directory</VAR>>
+
+</PRE>
+<A NAME="IDX6791"></A>
+<A NAME="IDX6792"></A>
+<P><LI>Issue the <B>fs mkmount</B> to create a mount point that indicates the
+volume's new name. Complete instructions appear in <A HREF="#HDRWQ212">To create a regular or read/write mount point</A>.
+<PRE>
+ % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>> [<B>-rw</B>]
+
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ247" HREF="auagd002.htm#ToC_266">Unlocking and Locking VLDB Entries</A></H2>
+<P>As detailed in <A HREF="#HDRWQ227">Synchronizing the VLDB and Volume Headers</A>, The Volume Location (VL) Server locks the
+Volume Location Database (VLDB) entry for a volume before the Volume Server
+executes any operation on it. No other operation can affect a volume
+with a locked VLDB entry, so the lock prevents the inconsistency or corruption
+that can result from multiple simultaneous operations on a volume.
+<A NAME="IDX6793"></A>
+<A NAME="IDX6794"></A>
+<A NAME="IDX6795"></A>
+<A NAME="IDX6796"></A>
+<A NAME="IDX6797"></A>
+<A NAME="IDX6798"></A>
+<P>To verify that a VLDB entry is locked, issue the <B>vos listvldb</B>
+command as described in <A HREF="#HDRWQ218">To display VLDB entries</A>. The command has a <B>-locked</B> flag that
+displays locked entries only. If the VLDB entry is locked, the string
+<TT>Volume is currently LOCKED</TT> appears on the last line of the
+volume's output.
+<P>To lock a VLDB entry yourself, use the <B>vos lock</B> command.
+This is useful when you suspect something is wrong with a volume and you want
+to prevent any changes to it while you are investigating the problem.
+<P>To unlock a locked VLDB entry, issue the <B>vos unlock</B> command,
+which unlocks a single VLDB entry, or the <B>vos unlockvldb</B> command,
+which unlocks potentially many entries. This is useful when a volume
+operation fails prematurely and leaves a VLDB entry locked, preventing you
+from acting to correct the problems resulting from the failure.
+<A NAME="IDX6799"></A>
+<A NAME="IDX6800"></A>
+<P><H3><A NAME="Header_267" HREF="auagd002.htm#ToC_267">To lock a VLDB entry</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos lock</B> to lock the entry.
+<PRE>
+ % <B>vos lock</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>lo
+</B><DD>Is the shortest acceptable abbreviation of <B>lock</B>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Identifies the volume to be locked, either by its complete name or volume
+ID number. It can be any of the three versions of the volume.
+</DL>
+</OL>
+<A NAME="IDX6801"></A>
+<A NAME="IDX6802"></A>
+<P><H3><A NAME="Header_268" HREF="auagd002.htm#ToC_268">To unlock a single VLDB entry</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos unlock</B> command to unlock the entry.
+<PRE> % <B>vos unlock</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>unlock
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Identifies the volume to be unlocked, either by its complete name or
+volume ID number. It can be any of the three versions of the
+volume.
+</DL>
+</OL>
+<A NAME="IDX6803"></A>
+<A NAME="IDX6804"></A>
+<P><H3><A NAME="Header_269" HREF="auagd002.htm#ToC_269">To unlock multiple VLDB entries</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are listed in the <B>/usr/afs/etc/UserList</B>
+file. If necessary, issue the <B>bos listusers</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>vos unlockvldb</B> command to unlock the desired
+entries.
+<PRE>
+ % <B>vos unlockvldb</B> [<<VAR>machine name</VAR>>] [<<VAR>partition name</VAR>>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>unlockv
+</B><DD>Is the shortest acceptable abbreviation of <B>unlockvldb</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies a file server machine. Provide this argument alone to
+unlock all VLDB entries that mention the machine in a site definition.
+Omit both this argument and the <VAR>partition name</VAR> argument to unlock all
+VLDB entries.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Specifies a partition. Provide this argument alone to unlock all
+VLDB entries that mention the partition (on any machine) in a site
+definition. Omit both this argument and the <VAR>machine name</VAR>
+argument to unlock all VLDB entries.
+</DL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd009.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd011.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd010.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd012.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ248" HREF="auagd002.htm#ToC_270">Configuring the AFS Backup System</A></H1>
+<P>The AFS Backup System helps you to create backup copies of
+data from AFS volumes and to restore data to the file system if it is lost or
+corrupted. This chapter explains how to configure the Backup
+System. For instructions on backing up and restoring data and
+displaying dump records, see <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<HR><H2><A NAME="HDRWQ249" HREF="auagd002.htm#ToC_271">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Determine tape capacity and filemark size
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fms</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Define Tape Coordinator entry in Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup addhost</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove Tape Coordinator entry from Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup delhost</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display Tape Coordinator entries from Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup listhosts</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Create volume set
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup addvolset</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Add volume entry to volume set
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup addvolentry</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">List volume sets and entries
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup listvolsets</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Delete volume set from Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup delvolset</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Delete volume entry from volume set
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup delvolentry</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Define dump level
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup adddump</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Change expiration date on existing dump level
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup setexp</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Delete dump level from dump hierarchy
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup deldump</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display dump hierarchy
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup listdumps</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Label tape
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup labeltape</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Read label on tape
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup readlabel</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ251" HREF="auagd002.htm#ToC_272">Introduction to Backup System Features</A></H2>
+<A NAME="IDX6805"></A>
+<P>The AFS Backup System is highly flexible, enabling you to control most
+aspects of the backup process, including how often backups are performed,
+which volumes are backed up, and whether to dump all of the data in a volume
+or just the data that has changed since the last dump operation. You
+can also take advantage of several features that automate much of the backup
+process.
+<P>To administer and use the Backup System most efficiently, it helps to be
+familiar with its basic features, which are described in the following
+sections. For pointers to instructions for implementing the features as
+you configure the Backup System in your cell, see <A HREF="#HDRWQ257">Overview of Backup System Configuration</A>.
+<P><H3><A NAME="HDRWQ252" HREF="auagd002.htm#ToC_273">Volume Sets and Volume Entries</A></H3>
+<A NAME="IDX6806"></A>
+<A NAME="IDX6807"></A>
+<A NAME="IDX6808"></A>
+<A NAME="IDX6809"></A>
+<A NAME="IDX6810"></A>
+<P>When you back up AFS data, you specify which data to include in terms of
+complete volumes rather than individual files. More precisely, you
+define groups of volumes called <I>volume sets</I>, each of which includes
+one or more volumes that you want to back up in a single operation. You
+must include a volume in a volume set to back it up, because the command that
+backs up data (the <B>backup dump</B> command) does not accept individual
+volume names.
+<P>A volume set consists of one or more <I>volume entries</I>, each of
+which specifies which volumes to back up based on their location (file server
+machine and partition) and volume name. You can use a wildcard notation
+to include all volumes that share a location, a common character string in
+their names, or both.
+<P>For instructions on creating and removing volume sets and volume entries,
+see <A HREF="#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>.
+<P><H3><A NAME="Header_274" HREF="auagd002.htm#ToC_274">Dumps and Dump Sets</A></H3>
+<A NAME="IDX6811"></A>
+<A NAME="IDX6812"></A>
+<A NAME="IDX6813"></A>
+<A NAME="IDX6814"></A>
+<A NAME="IDX6815"></A>
+<A NAME="IDX6816"></A>
+<A NAME="IDX6817"></A>
+<A NAME="IDX6818"></A>
+<A NAME="IDX6819"></A>
+<A NAME="IDX6820"></A>
+<P>A <I>dump</I> is the collection of data that results from backing up a
+volume set. A <I>full dump</I> includes all of the data in every
+volume in the volume set, as it exists at the time of the dump
+operation. An <I>incremental dump</I> includes only some of the
+data from the volumes in the volume set, namely those files and directory
+structures that have changed since a specified previous dump operation was
+performed. The previous dump is referred to as the incremental
+dump's <I>parent dump</I>, and it can be either a full dump or an
+incremental dump itself.
+<P>A <I>dump set</I> is a collection of one or more dumps stored together
+on one or more tapes. The first dump in the dump set is the
+<I>initial dump</I>, and any subsequent dump added onto the end of an
+existing dump set is an <I>appended dump</I>. Appending dumps is
+always optional, but maximizes use of a tape's capacity. In
+contrast, creating only initial dumps can result in many partially filled
+tapes, because an initial dump must always start on a new tape, but does not
+necessarily extend to the end of the tape. Appended dumps do not have
+to be related to one another or to the initial dump (they do not have to be
+dumps of the same or related volume sets), but well-planned appending can
+reduce the number of times you have to change tapes during a restore
+operation. For example, it can make sense to append incremental dumps
+of a volume set together in a single dump set.
+<P>All the records for a dump set are indexed together in the Backup Database
+based on the initial dump (for more on the Backup Database, see <A HREF="#HDRWQ256">The Backup Database and Backup Server Process</A>). To delete the database record of an appended dump,
+you must delete the initial dump record, and doing so deletes the records for
+all dumps in the dump set. Similarly, you cannot recycle just one tape
+in a dump set without deleting the database records of all tapes in the dump
+set.
+<P>For instructions on creating an initial dump, see <A HREF="auagd012.htm#HDRWQ296">Backing Up Data</A>, and to learn how to append dumps, see <A HREF="auagd012.htm#HDRWQ299">Appending Dumps to an Existing Dump Set</A>.
+<P><H3><A NAME="Header_275" HREF="auagd002.htm#ToC_275">Dump Hierarchies, Dump Levels and Expiration Dates</A></H3>
+<A NAME="IDX6821"></A>
+<A NAME="IDX6822"></A>
+<A NAME="IDX6823"></A>
+<A NAME="IDX6824"></A>
+<A NAME="IDX6825"></A>
+<A NAME="IDX6826"></A>
+<P>A <I>dump hierarchy</I> is a logical structure that defines the
+relationship between full and incremental dumps; that is, it defines
+which dump serves as the parent for an incremental dump. Each
+individual component of a hierarchy is a <I>dump level</I>. When
+you create a dump by issuing the <B>backup dump</B> command, you specify a
+volume set name and a dump level name. The Backup System uses the dump
+level to determine whether the dump is full or incremental, and if
+incremental, which dump level to use as the parent.
+<P>You can associate an <I>expiration date</I> with a dump level, to
+define when a dump created at that level expires. The Backup System
+refuses to overwrite a tape until all dumps in the dump set to which the tape
+belongs have expired, so assigning expiration dates automatically determines
+how you recycle tapes. You can define an expiration date either in
+absolute terms (for example, 13 January 2000) or relative terms (for example,
+30 days from when the dump is created). You can also change the
+expiration date associated with a dump level (but not with an actual dump that
+has already been created at that level).
+<P>For instructions on creating dump hierarchies, assigning expiration dates,
+and establishing a tape recycling schedule, see <A HREF="#HDRWQ267">Defining and Displaying the Dump Hierarchy</A>.
+<A NAME="IDX6827"></A>
+<A NAME="IDX6828"></A>
+<A NAME="IDX6829"></A>
+<A NAME="IDX6830"></A>
+<A NAME="IDX6831"></A>
+<A NAME="IDX6832"></A>
+<P><H3><A NAME="HDRWQ253" HREF="auagd002.htm#ToC_276">Dump Names and Tape Names</A></H3>
+<P>When you create a dump, the Backup System creates a Backup
+Database record for it, assigning a name comprising the volume set name and
+the last element in the dump level pathname:
+<PRE> <VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR>
+</PRE>
+<P>For example, a dump of the volume set <B>user</B> at the dump level
+<B>/sunday/friday</B> is called <B>user.friday</B>. The
+Backup System also assigns a unique <I>dump ID</I> number to the dump to
+distinguish it from other dumps with the same name that possibly exist.
+<P>The Backup System assigns a similar <I>AFS tape name</I> to each tape
+that contains a dump set, reflecting the volume set and dump level of the dump
+set's initial dump, plus a numerical index of the tape's position in
+the dump set, and a unique dump ID number:
+<PRE> <VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR><B>.</B><VAR>tape_index</VAR> (<VAR>dump ID</VAR>)
+</PRE>
+<P>For example, the second tape in a dump set whose initial dump is of the
+volume set <B>uservol</B> at the dump level <B>/sunday/friday</B> has
+AFS tape name like <B>uservol.friday.2</B>
+(<B>914382400</B>).
+<P>In addition to its AFS tape name, a tape can have an optional
+<I>permanent name</I> that you assign. Unlike the AFS tape name,
+the permanent name does not have to indicate the volume set and dump level of
+the initial (or any other) dump, and so does not change depending on the
+contents of the tape. The Backup System does not require a certain
+format for permanent names, so you need to make sure that each tape's
+name is unique. If a tape has a permanent name, the Backup System uses
+it rather than the AFS tape name when referring to the tape in prompts and the
+output from most <B>backup</B> commands, but still tracks the AFS tape
+name internally.
+<P><H3><A NAME="HDRWQ254" HREF="auagd002.htm#ToC_277">Tape Labels, Dump Labels, and EOF Markers</A></H3>
+<A NAME="IDX6833"></A>
+<A NAME="IDX6834"></A>
+<A NAME="IDX6835"></A>
+<A NAME="IDX6836"></A>
+<P>Every tape used in the Backup System has a magnetic label at the beginning
+that records the tape's name, capacity, and other information. You
+can use the <B>backup labeltape</B> command to write a label, or the
+<B>backup dump</B> command creates one automatically if you use an
+unlabeled tape. The label records the following information:
+<UL>
+<P><LI>The tape's permanent name, which you can assign by using the
+<B>-pname</B> argument to the <B>backup labeltape</B> command.
+It can be any string of up to 32 characters. If you do not assign a
+permanent name, the Backup System records the value <TT><NULL></TT> when
+you use the <B>backup labeltape</B> command to assign an AFS tape name, or
+when you use the <B>backup dump</B> command to write a dump to the
+tape.
+<P><LI>The tape's AFS <I>tape name</I>, which can be one of three types
+of values:
+<UL>
+<P><LI>A name that reflects the volume set and dump level of the dump set's
+initial dump and the tape's place in the sequence of tapes for the dump
+set, as described in <A HREF="#HDRWQ253">Dump Names and Tape Names</A>. If the tape does not have a permanent name, you can
+assign the AFS tape name by using the <B>-name</B> argument to the
+<B>backup labeltape</B> command.
+<P><LI>The value <TT><NULL></TT>, which results when you assign a permanent
+name, or provide no value for the <B>backup labeltape</B> command's
+<B>-name</B> argument.
+<P><LI>No AFS tape name at all, indicating that you have never labeled the tape
+or written a dump to it.
+</UL>
+<P>If a tape does not already have an actual AFS tape name when you write a
+dump to it, the Backup System constructs and records the appropriate AFS tape
+name. If the tape does have an AFS tape name and you are writing an
+initial dump, then the name must correctly reflect the dump's volume set
+and dump level.
+<P><LI>The capacity, or <I>size</I>, of the tape, followed by a letter that
+indicates the unit of measure (<TT>k</TT> or <TT>K</TT> for kilobytes,
+<TT>m</TT> or <TT>M</TT> for megabytes, <TT>g</TT> or <TT>G</TT> for
+gigabytes, or <TT>t</TT> or <TT>T</TT> for terabytes). The
+tape's manufacturer determines the tape's capacity. For
+further discussion of how the Backup System uses the value in the capacity
+field, see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>.
+</UL>
+<P>For information about labeling tapes, see <A HREF="#HDRWQ272">Writing and Reading Tape Labels</A>.
+<P>In addition to the tape label, the Backup System writes a <I>dump
+label</I> on the tape for every appended dump (the tape label and dump label
+are the same for the initial dump). A dump label records the following
+information:
+<UL>
+<P><LI>The name of the tape containing the dump
+<P><LI>The date and time that the dump operation began
+<P><LI>The cell to which the volumes in the dump belong
+<P><LI>The dump's size in kilobytes
+<P><LI>The dump's dump level
+<P><LI>The dump's dump ID
+</UL>
+<P>The Backup System writes a <I>filemark</I> (also called an End-of-File
+or EOF marker) between the data from each volume in a dump. The tape
+device's manufacturer determines the filemark size, which is typically
+between 2 KB and 2 MB; in general, the larger the usual capacity of the
+tapes that the device uses, the larger the filemark size. If a dump
+contains a small amount of data from each of a large number of volumes, as
+incremental dumps often do, then the filemark size can significantly affect
+how much volume data fits on the tape. To enable the Backup System to
+factor in filemark size as it writes a dump, you can record the filemark size
+in a configuration file; see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>.
+<P><H3><A NAME="HDRWQ255" HREF="auagd002.htm#ToC_278">Tape Coordinator Machines, Port Offsets, and Backup Data Files</A></H3>
+<A NAME="IDX6837"></A>
+<A NAME="IDX6838"></A>
+<A NAME="IDX6839"></A>
+<A NAME="IDX6840"></A>
+<P>A <I>Tape Coordinator machine</I> is a machine that drives one or more
+attached tape devices used for backup operations. It must run the AFS
+client software (the Cache Manager) but reside in a physically secure location
+to prevent unauthorized access to its console. Before backup operations
+can run on a Tape Coordinator machine, each tape device on the machine must be
+registered in the Backup Database, and certain files and directories must
+exist on the machine's local disk; for instructions, see <A HREF="#HDRWQ262">To configure a Tape Coordinator machine</A>.
+<P>Each tape device on a Tape Coordinator machine listens for backup requests
+on a different UNIX port. You pick the port indirectly by assigning a
+<I>port offset number</I> to the tape device. The Backup System
+sets the device's actual port by adding the port offset to a base port
+number that it determines internally. For instructions on assigning
+port offset numbers, see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>.
+<P>For a tape device to perform backup operations, a Backup Tape Coordinator
+(<B>butc</B>) process dedicated to the device must be running actively on
+the Tape Coordinator machine. You then direct backup requests to the
+device's Tape Coordinator by specifying its port offset number with the
+<B>-portoffset</B> argument to the <B>backup</B> command.
+<P>In addition to writing backup data to tape, you can direct it to a
+<I>backup data file</I> on the local disk of a Tape Coordinator
+machine. You can then to transfer the data to a data-archiving system,
+such as a hierarchical storage management (HSM) system, that you use in
+conjunction with AFS and the Backup System. A backup data file has a
+port offset like a tape device. For instructions on configuring backup
+data files, see <A HREF="#HDRWQ282">Dumping Data to a Backup Data File</A>.
+<P><H3><A NAME="HDRWQ256" HREF="auagd002.htm#ToC_279">The Backup Database and Backup Server Process</A></H3>
+<A NAME="IDX6841"></A>
+<A NAME="IDX6842"></A>
+<P>The <I>Backup Database</I> is a replicated administrative database
+maintained by the <I>Backup Server</I> process on the cell's database
+server machines. Like the other AFS database server processes, the
+Backup Server uses the Ubik utility to keep the various copies of the database
+synchronized (for a discussion of Ubik, see <A HREF="auagd007.htm#HDRWQ52">Replicating the AFS Administrative Databases</A>).
+<P>The Backup Database records the following information:
+<UL>
+<P><LI>The Tape Coordinator machine's hostname and the port offset number
+for each tape device used for backup operations
+<P><LI>The dump hierarchy, which consists of its component dump levels and their
+associated expiration dates
+<P><LI>The volume sets and their component volume entries
+<P><LI>A record for each dump, which includes the name of each tape it appears
+on, a list of the volumes from which data is included, the dump level, the
+expiration date, and the dump ID of the initial dump with which the dump is
+associated
+<P><LI>A record for each tape that houses dumped data
+</UL>
+<P><H3><A NAME="Header_280" HREF="auagd002.htm#ToC_280">Interfaces to the Backup System</A></H3>
+<P>The <B>backup</B> suite of commands is the administrative interface
+to the Backup System. You can issue the commands in a command shell (or
+invoke them in a shell script) on any AFS client or server machine from which
+you can access the <B>backup</B> binary. In the conventional
+configuration, the binary resides on the local disk.
+<P>The <B>backup</B> command suite provides an <I>interactive
+mode</I>, in which you can issue multiple commands over a persistent
+connection to the Backup Server and the Volume Location (VL) Server.
+Interactive mode has several convenient features, including the
+following:
+<UL>
+<P><LI>You need to type only the operation code, omitting the initial
+<B>backup</B> string.
+<P><LI>If you assume another AFS identity or specify a foreign cell as you enter
+interactive mode, it applies to all subsequent commands.
+<P><LI>You do not need to enclose shell metacharacters in double quotes.
+<P><LI>You can track current and pending operations with the <B>(backup)
+jobs</B> command, which is available only in this mode.
+<P><LI>You can cancel current and pending operations with the <B>(backup)
+kill</B> command, which is available only in this mode.
+</UL>
+<P>Before issuing a command that requires reading or writing a tape (or backup
+data file), you must also open a connection to the Tape Coordinator machine
+that is attached to the relevant tape device (or that has the backup data file
+on its local disk), and issue the <B>butc</B> command to initialize the
+Tape Coordinator process. The process must continue to run and the
+connection remain open as long as you need to use the tape device or file for
+backup operations.
+<P>For further discussion and instructions, see <A HREF="auagd012.htm#HDRWQ286">Using the Backup System's Interfaces</A>.
+<HR><H2><A NAME="HDRWQ257" HREF="auagd002.htm#ToC_281">Overview of Backup System Configuration</A></H2>
+<A NAME="IDX6843"></A>
+<P>Before you can use the Backup System to back up and restore data, you must
+configure several of its basic components. The indicated sections of
+this chapter explain how to perform the following configuration tasks:
+<UL>
+<P><LI>Determining a tape's capacity and a tape device's filemark size,
+and recording them in the <B>/usr/afs/backup/tapeconfig</B> file (see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>)
+<P><LI>Determining how to grant administrative privilege to backup operators (see
+<A HREF="#HDRWQ260">Granting Administrative Privilege to Backup Operators</A>)
+<P><LI>Configuring Tape Coordinator machines, tape devices, and backup data files
+(see <A HREF="#HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</A>)
+<P><LI>Defining volume sets and volume entries (see <A HREF="#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>)
+<P><LI>Defining dump levels to create a dump hierarchy (see <A HREF="#HDRWQ267">Defining and Displaying the Dump Hierarchy</A>)
+<P><LI>Labeling tapes (see <A HREF="#HDRWQ272">Writing and Reading Tape Labels</A>)
+<P><LI>Creating a device configuration file to automate the backup process (see <A HREF="#HDRWQ275">Automating and Increasing the Efficiency of the Backup Process</A>)
+</UL>
+<P>If you have already configured all of the components required for
+performing a backup dump or restore operation, you can proceed to the
+instructions in <A HREF="auagd012.htm#HDRWQ296">Backing Up Data</A> and <A HREF="auagd012.htm#HDRWQ306">Restoring and Recovering Data</A>.
+<HR><H2><A NAME="HDRWQ258" HREF="auagd002.htm#ToC_282">Configuring the tapeconfig File</A></H2>
+<A NAME="IDX6844"></A>
+<A NAME="IDX6845"></A>
+<A NAME="IDX6846"></A>
+<A NAME="IDX6847"></A>
+<A NAME="IDX6848"></A>
+<P>Several factors interact to determine how much data the Tape Coordinator
+can fit on a tape:
+<UL>
+<P><LI>The tape's capacity (size), as set by the tape manufacturer.
+<P><LI>The tape device's filemark size, as set by the tape device's
+manufacturer. Recall from <A HREF="#HDRWQ254">Tape Labels, Dump Labels, and EOF Markers</A> that the Tape Coordinator writes a filemark between the data
+from each volume in a dump. If a dump contains a small amount of data
+from each of a large number of volumes, as incremental dumps often do, then
+the filemark size can significantly affect how much volume data fits on the
+tape.
+<P><LI>Whether or not you use the tape device's compression mode.
+</UL>
+<P>(The amount of data that can fit in a backup data file is determined by
+amount of space available on the partition, and the operating system's
+maximum file size. The Tape Coordinator does not write filemarks when
+writing to a backup data file. For further information about
+configuring a Tape Coordinator to write to a backup data file, see <A HREF="#HDRWQ282">Dumping Data to a Backup Data File</A>.)
+<P>As the Tape Coordinator (<B>butc</B>) process initializes, it reads the
+<B>/usr/afs/backup/tapeconfig</B> file on its local disk to learn the tape
+capacity and filemark size (for a tape device) or the file size (for a backup
+data file) to use for dump operations. When you begin a dump operation,
+the Tape Coordinator also reads the tape or backup data file's label to
+see if you have recorded a different tape capacity or file size. If you
+have, the value on the label overrides the default value from the
+<B>tapeconfig</B> file.
+<P>As the Tape Coordinator writes data to a tape during a dump operation, it
+uses the capacity and filemark information to track how much tape it has used
+and how much remains before the physical end-of-tape (EOT). Shortly
+before reaching EOT, the Tape Coordinator stops writing and requests a new
+tape. Similarly, it uses a backup data file's size to know when it
+is about to exhaust the space in the file. If the Tape Coordinator
+reaches the EOT unexpectedly, it recovers by obtaining a new tape and writing
+to it the entire contents of the volume it was writing when it reached
+EOT. The interrupted volume remains on the first tape, but is never
+used.
+<P>Many tape devices use tapes that can accommodate multiple gigabytes, or
+even multiple terabytes, of backup data, especially if you use the
+device's compression mode. When writing to such devices and tapes,
+allowing the Tape Coordinator to hit the EOT unexpectedly is generally
+recommended. The devices write data so quickly that it usually does not
+take much extra time to rewrite the interrupted volume on the new tape.
+Similarly, they compress data so well that the data abandoned on the first
+tape from the interrupted volume does not constitute a waste of much
+tape.
+<P>When writing to tapes that accommodate a smaller amount of data (say, less
+than two GB), it is better to avoid having the Tape Coordinator hit EOT
+unexpectedly. AFS supports volumes up to 2 GB in size, so an
+interrupted volume can in fact take up most of the tape. For such
+tapes, recording accurate values for tape capacity and filemark size, if
+possible, helps to maximize both use of tape and the efficiency of dump
+operations. The following discussion of the fields in the
+<B>tapeconfig</B> file explains how to determine the appropriate
+values.
+<P>Use a text editor to create an entry in a Tape Coordinator's
+<B>tapeconfig</B> file for each tape device or backup data file that it
+uses. Each device or file's entry is on its own line and has the
+following format:
+<PRE> [<VAR>capacity</VAR> <VAR>filemark_size</VAR>] <VAR>device_name</VAR> <VAR>port_offset</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>capacity</VAR>
+</B><DD>Specifies the capacity of the tapes used with a tape device, or the amount
+of data to write into a backup data file. Specify an integer value
+followed by a letter that indicates units, with no intervening space.
+The letter <B>k</B> or <B>K</B> indicates kilobytes, <B>m</B> or
+<B>M</B> indicates megabytes, <B>g</B> or <B>G</B> indicates
+gigabytes, and <B>t</B> or <B>T</B> indicates terabytes. If the
+units letter is omitted, the default is kilobytes.
+<P>To determine the capacity of a tape under two GB in size that you are going
+to use in regular (noncompression) mode, you can either use the value that the
+tape's manufacturer specifies on the tape's packaging or use the
+<B>fms</B> command to calculate the capacity, as described later in this
+section. To avoid having the Tape Coordinator reach the EOT
+unexpectedly, it is best to record in the <B>tapeconfig</B> file or on the
+label a capacity that is about 10% smaller than the actual capacity of the
+tape. To calculate the appropriate value for a small tape used in
+compression mode, one method is to multiply the tape capacity (as recorded by
+the manufacturer) by the device's compression ratio.
+<P>For tapes that hold multiple gigabytes or terabytes of data, or if using a
+tape drive's compression mode, the recommended configuration is to record
+a value quite a bit (for instance, two times) larger than the maximum amount
+you believe can fit on the tape. It is not generally worthwhile to run
+the <B>fms</B> command on large tapes, even in noncompression mode.
+The command definitely does not yield accurate results in compression
+mode. The Tape Coordinator is likely to reach the EOT unexpectedly, but
+compression mode fits so much data on the tape that the data abandoned from an
+interrupted volume does not represent much of the tape's capacity.
+<P>For a backup data file, record a value slightly smaller than the amount of
+space available on the partition, and definitely smaller than the operating
+system's maximum file size. It is also best to limit the ability
+of other processes to write to the partition, to prevent them from using up
+the space in the partition.
+<P>If this field is empty, the Tape Coordinator uses the maximum acceptable
+value (2048 GB or 2 TB). Either leave both this field and the
+<VAR>filemark_size</VAR> field empty, or provide a value in both of them.
+<P><DT><B><VAR>filemark_size</VAR>
+</B><DD>Specifies the tape device's filemark size, which usually falls
+between 2 KB and 2 MB. Use the same notation as for the
+<VAR>capacity</VAR> field, but note that if you omit the units letter, the
+default unit is bytes rather than kilobytes.
+<P>For a tape device in regular (noncompression) mode, you can use the
+<B>fms</B> command to determine filemark size, or use the value reported
+by the device's manufacturer. To help the Tape Coordinator avoid
+reaching EOT unexpectedly, increase the value by about 10% when recording it
+in the <B>tapeconfig</B> file.
+<P>The recommended value for a tape device in compression mode is <B>0</B>
+(zero). The <B>fms</B> command does not yield accurate results in
+compression mode, so you cannot use it to determine the filemark size.
+<P>The recommended value for a backup data file is also <B>0</B>
+(zero). The Tape Coordinator does not use filemarks when writing to a
+file, but a value must appear in this field nevertheless if there is also a
+value in the <VAR>capacity</VAR> field.
+<P>If this field is empty, the Tape Coordinator uses the value <B>0</B>
+(zero). Either leave both this field and the <VAR>capacity</VAR> field
+empty, or provide a value in both of them.
+<P><DT><B><VAR>device_name</VAR>
+</B><DD>Specifies the complete pathname of the tape device or backup data
+file. The format of tape device names depends on the operating system,
+but on UNIX systems, device names generally begin with the string
+<B>/dev/</B>. For a backup data file, this field defines the
+complete pathname, but for suggestions on how to name a backup data file, see <A HREF="#HDRWQ282">Dumping Data to a Backup Data File</A>.
+<P><DT><B><VAR>port_offset</VAR>
+</B><DD>Specifies the port offset number for a specific tape device or backup data
+file. Each tape device listens for backup requests on a different UNIX
+port. You pick the port indirectly by recording a value in this
+field. The Backup System sets the device's actual port by adding
+the port offset to a base port number that it determines internally.
+<P>Legal values are the integers <B>0</B> through <B>58510</B> (the
+Backup System can track a maximum of 58,511 port offset numbers). Each
+value must be unique among the cell's Tape Coordinators, but you do not
+have to assign port offset numbers sequentially, and you can associate any
+number of them with a single machine or even tape device. For example,
+if you plan to use a device in both compression and noncompression mode,
+assign it two different port offsets with appropriate tape capacity and
+filemark values for the different modes.
+<P>Assign port offset <B>0</B> (zero) to the Tape Coordinator for the tape
+device or backup data file that you use most often for backup operations;
+doing so enables you to omit the <B>-portoffset</B> argument from the
+largest possible number of <B>backup</B> commands.
+</DL>
+<P>The following example <B>tapeconfig</B> file includes entries for two
+tape devices, <B>/dev/rmt0h</B> and <B>/dev/rmt1h</B>. Each one
+uses tapes with a capacity of 2 GB and has a filemark size of 1 MB.
+Their port offset numbers are <TT>0</TT> and <TT>1</TT>.
+<PRE> 2g 1m /dev/rmt0h 0
+ 2G 1M /dev/rmt1h 1
+</PRE>
+<P>The <B>fms</B> command reports the capacity of the tape you have
+inserted and the tape device's filemark size, both on the standard output
+stream (stdout) and in its <B>fms.log</B> file, which it writes in
+the current working directory. The command interpreter must write data
+to the entire tape, so running the command can take from several hours to more
+than a day, depending on the size of the tape.
+<P><H3><A NAME="HDRWQ259" HREF="auagd002.htm#ToC_283">To run the fms command on a noncompressing tape device</A></H3>
+<A NAME="IDX6849"></A>
+<A NAME="IDX6850"></A>
+<A NAME="IDX6851"></A>
+<A NAME="IDX6852"></A>
+<A NAME="IDX6853"></A>
+<OL TYPE=1>
+<P><LI>If an <B>fms.log</B> file does not already exist in the current
+directory, verify that you can insert and write to files in the current
+directory. If the log file already exists, you must be able to write to
+the file.
+<P><LI>Insert a tape into the drive. Running the command completely
+overwrites the tape, so use a blank tape or one that you want to
+recycle.
+<P><LI>Issue the <B>fms</B> command.
+<PRE> % <B>fms</B> <<VAR>tape special file</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>fms
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>tape special file</VAR>
+</B><DD>Specifies the tape device's UNIX device name, such as
+<B>/dev/rmt0h</B>.
+</DL>
+</OL>
+<P>The following example output reports that the tape in the device with
+device name <B>/dev/rmt0h</B> has a capacity of 2136604672 bytes (about 2
+GB), and that the device's filemark size is 1910205 bytes (close to 2
+MB).
+<PRE> % <B>fms /dev/rmt0h</B>
+ wrote block: 130408
+ Finished data capacity test - rewinding
+ wrote 1109 blocks, 1109 file marks
+ Finished file mark test
+ Tape capacity is 2136604672 bytes
+ File marks are 1910205 bytes
+</PRE>
+<HR><H2><A NAME="HDRWQ260" HREF="auagd002.htm#ToC_284">Granting Administrative Privilege to Backup Operators</A></H2>
+<P>Each person who issues the <B>backup</B> and
+<B>butc</B> commands in your cell must be listed in the
+<B>/usr/afs/etc/UserList</B> file on every database server machine that
+stores the Backup Database and Volume Location Database (VLDB), and every
+machine that houses a volume included in a volume set. By convention,
+the <B>UserList</B> file is the same on every server machine in the
+cell; the instructions in this document assume that your cell is
+configured in this way. To edit the <B>UserList</B> file, use the
+<B>bos adduser</B> and <B>bos removeuser</B> commands as described in <A HREF="auagd021.htm#HDRWQ592">Administering the UserList File</A>.
+<P>In addition to being listed in the <B>UserList</B> file, backup
+operators who issue the <B>butc</B> command must be able to write to the
+files stored in each Tape Coordinator machine's local
+<B>/usr/afs/backup</B> directory, which are protected by UNIX mode
+bits. Before configuring your cell's first Tape Coordinator
+machine, decide which local user and group to designate as the owner of the
+directory and the files in it. Among the possible ownership options are
+the following:
+<UL>
+<P><LI>The local superuser <B>root</B>. With this option, the issuer
+of the <B>butc</B> command must log onto the local file system as the
+local superuser <B>root</B>. If the Tape Coordinator is also a
+server machine, the <B>-localauth</B> flag is used on the <B>butc</B>
+command to construct a server ticket from the local
+<B>/usr/afs/etc/KeyFile</B> file. On non-server machine, the issuer
+must issue the <B>klog</B> command to authenticate as an AFS administrator
+while logged in as <B>root</B>.
+<P><LI>A single AFS administrator. Logging in and authenticating are a
+single step if an AFS-modified login utility is used. The administrator
+is the only user who can start the Tape Coordinator.
+<P><LI>An administrative account for which several operators know the
+password. This allows them all to start the Tape Coordinator.
+</UL>
+<P>Another option is to define a group in the local group file
+(<B>/etc/group</B> or equivalent) to which all backup operators
+belong. Then turn on the <B>w</B> mode bit (<B>write</B>
+permission) in the group mode bits rather than the user mode bits of the
+<B>/usr/afs/backup</B> directory and files in it. An advantage over
+the methods listed previously is that each operator can retain an individual
+administrative account for finer granularity in auditing.
+<P>For instructions on implementing your choice of protection methods, see <A HREF="#HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</A>.
+<HR><H2><A NAME="HDRWQ261" HREF="auagd002.htm#ToC_285">Configuring Tape Coordinator Machines and Tape Devices</A></H2>
+<A NAME="IDX6854"></A>
+<A NAME="IDX6855"></A>
+<A NAME="IDX6856"></A>
+<A NAME="IDX6857"></A>
+<P>This section explains how to configure a machine as a Tape Coordinator
+machine, and how to configure or remove the Tape Coordinator associated with a
+single tape device or backup data file.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">When configuring a tape device attached to an AIX system, you must set the
+device's tape block size to <B> 0</B> (zero) to indicate variable
+block size. If you do not, it is possible that devices attached to
+machines of other system types cannot read the tapes made on the AIX
+system. Use the AIX <B>smit</B> program to verify or change the
+value of the tape block size for a tape device, as instructed in Sep <A HREF="#LIWQ263">3</A>.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ262" HREF="auagd002.htm#ToC_286">To configure a Tape Coordinator machine</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI><A NAME="LIWQ263"></A>Install one or more tape devices on the Tape Coordinator
+machine according to the manufacturer's instructions. The Backup
+System can track a maximum of 58,511 tape devices or backup data files per
+cell.
+<P>If the Tape Coordinator machine is an AIX system, issue the following
+command to change the tape device's tape block size to <B>0</B>
+(zero), which indicates variable block size. Repeat for each tape
+device.
+<PRE> # <B>chdev -l '</B><VAR>device_name</VAR><B>' -a block_size='0'</B>
+</PRE>
+<P>where <VAR>device_name</VAR> is the tape device's device name (for
+example, <B>/dev/rmt0h</B>).
+<P><LI>Verify that the binary files for the <B>backup</B>, <B>butc</B>,
+and <B>fms</B> commands are available on the local disk. If the
+machine is an AFS client, the conventional location is the
+<B>/usr/afsws/etc</B> directory.
+<PRE> # <B>ls /usr/afsws/etc</B>
+</PRE>
+<P><LI>Create the <B>/usr/afs</B> directory. (If the Tape Coordinator
+machine is also configured as a file server machine, this directory already
+exists.) Then create the <B>/usr/afs/backup</B> directory.
+<PRE> # <B>mkdir /usr/afs</B>
+ # <B>mkdir /usr/afs/backup</B>
+</PRE>
+<P><LI>Use a text editor to create the <B>/usr/afs/backup/tapeconfig</B>
+file. Include a single line for each tape device or backup data file,
+specifying the following information in the indicated order. For syntax
+details and suggestions on the values to use in each field, see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>.
+<UL>
+<P><LI>The capacity of tapes to be used in the device, or the size of the backup
+data file
+<P><LI>The device's filemark size
+<P><LI>The device's device name, starting with the string <B>/dev/</B>
+<P><LI>The device's port offset number
+</UL>
+<A NAME="IDX6858"></A>
+<A NAME="IDX6859"></A>
+<A NAME="IDX6860"></A>
+<A NAME="IDX6861"></A>
+<P><LI>Decide which user and group are to own the <B>/usr/afs/backup</B>
+directory and <B>/usr/afs/backup/tapeconfig</B> file, based on the
+suggestions in <A HREF="#HDRWQ260">Granting Administrative Privilege to Backup Operators</A>. Correct the UNIX mode bits on the directory and
+file, if necessary.
+<PRE> # <B>chown</B> <VAR>admin_owner</VAR> <B>/usr/afs/backup</B>
+ # <B>chown</B> <VAR>admin_owner</VAR> <B>/usr/afs/backup/tapeconfig</B>
+ # <B>chgrp</B> <VAR>admin_group</VAR> <B>/usr/afs/backup</B>
+ # <B>chgrp</B> <VAR>admin_group</VAR> <B>/usr/afs/backup/tapeconfig</B>
+ # <B>chmod 774 /usr/afs/backup</B>
+ # <B>chmod 664 /usr/afs/backup/tapeconfig</B>
+</PRE>
+<A NAME="IDX6862"></A>
+<A NAME="IDX6863"></A>
+<A NAME="IDX6864"></A>
+<A NAME="IDX6865"></A>
+<P><LI><A NAME="LICONFTC-ADDHOST"></A>Issue the <B>backup addhost</B> command to create
+a Tape Coordinator entry in the Backup Database. Repeat the command for
+each Tape Coordinator.
+<PRE> # <B>backup addhost</B> <<VAR>tape machine name</VAR>> [<<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addh
+</B><DD>Is the shortest acceptable abbreviation of <B>addhost</B>.
+<P><DT><B><VAR>tape machine name</VAR>
+</B><DD>Specifies the Tape Coordinator machine's fully qualified
+hostname.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the tape device's port offset number. Provide the
+same value as you specified for the device in the <B>tapeconfig</B>
+file. You must provide this argument unless the default value of 0
+(zero) is appropriate.
+</DL>
+</OL>
+<P><H3><A NAME="Header_287" HREF="auagd002.htm#ToC_287">To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Install the tape device on the Tape Coordinator machine according to the
+manufacturer's instructions.
+<P>If the Tape Coordinator machine is an AIX system, issue the following
+command to change the tape device's tape block size to <B>0</B>
+(zero), which indicates variable block size.
+<PRE> # <B>chdev -l '</B><VAR>device_name</VAR><B>' -a block_size='0'</B>
+</PRE>
+<P><LI>Choose the port offset number to assign to the tape device. If
+necessary, use the <B>backup listhosts</B> command to display the port
+offset numbers that are already used; for a discussion of the output, see
+<A HREF="#HDRWQ264">To display the list of configured Tape Coordinators</A>.
+<PRE> # <B>backup listhosts</B>
+</PRE>
+<P>where <B>listh</B> is the shortest acceptable abbreviation of
+<B>listhosts</B>.
+<P><LI>Use a text editor to add one or more entries for the device to the
+<B>/usr/afs/backup/tapeconfig</B> file. Specify the following
+information in the indicated order. For syntax details and suggestions
+on the values to use in each field, see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>.
+<UL>
+<P><LI>The capacity of tapes to be used in the device, or the size of the backup
+data file
+<P><LI>The device's filemark size
+<P><LI>The device's device name, starting with the string <B>/dev/</B>
+<P><LI>The device's port offset number
+</UL>
+<P><LI>Issue the <B>backup addhost</B> command to create an entry in the
+Backup Database for the Tape Coordinator. For complete syntax, see Step
+<A HREF="#LICONFTC-ADDHOST">8</A> in <A HREF="#HDRWQ262">To configure a Tape Coordinator machine</A>.
+<PRE> # <B>backup addhost</B> <<VAR>tape machine name</VAR>> [<<VAR>TC port offset</VAR>>]
+</PRE>
+</OL>
+<A NAME="IDX6866"></A>
+<A NAME="IDX6867"></A>
+<A NAME="IDX6868"></A>
+<A NAME="IDX6869"></A>
+<P><H3><A NAME="Header_288" HREF="auagd002.htm#ToC_288">To unconfigure a Tape Coordinator</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Using a text editor, remove each of the Tape Coordinator's entries
+from the <B>/usr/afs/backup/tapeconfig</B> file.
+<P><LI>Issue the <B>backup delhost</B> command to delete the Tape
+Coordinator's Backup Database entry.
+<PRE> % <B>backup delhost</B> <<VAR>tape machine name</VAR>> [<<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>delh
+</B><DD>Is the shortest acceptable abbreviation of <B>delhost</B>.
+<P><DT><B><VAR>tape machine name</VAR>
+</B><DD>Is the complete Internet host name of the Tape Coordinator machine.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Is the same port offset number removed from the <B>tapeconfig</B>
+file. You must provide this argument unless the default value of
+<B>0</B> (zero) is appropriate.
+</DL>
+</OL>
+<A NAME="IDX6870"></A>
+<A NAME="IDX6871"></A>
+<A NAME="IDX6872"></A>
+<A NAME="IDX6873"></A>
+<P><H3><A NAME="HDRWQ264" HREF="auagd002.htm#ToC_289">To display the list of configured Tape Coordinators</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>backup listhosts</B> command to list the Tape
+Coordinators and port offset numbers currently configured in the Backup
+Database.
+<PRE> % <B>backup listhosts</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listh
+</B><DD>Is the shortest acceptable abbreviation of <B>listhosts</B>.
+</DL>
+</OL>
+<P>The output lists each Tape Coordinator machine and the port offset numbers
+currently allocated to it in the Backup Database. The appearance of a
+port offset number does not imply that the associated Tape Coordinator is
+actually running. Machine names appear in the format in which they were
+specified with the <B>backup addhost</B> command.
+<P>The following example output lists the Tape Coordinators currently defined
+in the Backup Database of the ABC Corporation cell:
+<PRE> % <B>backup listhosts</B>
+ Tape hosts:
+ Host backup1.abc.com, port offset 0
+ Host backup1.abc.com, port offset 2
+ Host backup2.abc.com, port offset 1
+ Host backup2.abc.com, port offset 3
+</PRE>
+<HR><H2><A NAME="HDRWQ265" HREF="auagd002.htm#ToC_290">Defining and Displaying Volume Sets and Volume Entries</A></H2>
+<P>The Backup System handles data at the level of volumes
+rather than individual files. You must define groups of volumes called
+<I>volume sets</I> before performing backup operations, by using the
+<B>backup addvolset</B> command. A volume set name can be up to 31
+characters long and can include any character other than the period
+(<B>.</B>), but avoid using metacharacters that have special
+meanings to the shell.
+<P>After creating a volume set, use the <B>backup addvolentry</B> command
+to place one or more <I>volume entries</I> in it. They define the
+volumes that belong to it in terms of their location (file server machine and
+partition) and name. Use the command's required <B>-server</B>
+argument to designate the file server machine that houses the volumes of
+interest and its required <B>-partition</B> argument to designate the
+partition. Two types of values are acceptable:
+<UL>
+<P><LI>The fully qualified hostname of one machine or full name of one partition
+(such as <B>/vicepm</B>)
+<P><LI>The regular expression <B>.*</B> (period and asterisk), which
+matches every machine name or partition name in the VLDB
+</UL>
+<P>For the volume name (the required <B>-volume</B> argument), specify a
+combination of alphanumeric characters and one or more metacharacters to
+specify part or all of the volume name with a wildcard. You can use any
+of the following metacharacters in the volume name field:
+<A NAME="IDX6874"></A>
+<A NAME="IDX6875"></A>
+<DL>
+<P><DT><B>.
+</B><DD>The period matches any single character.
+<P><DT><B>*
+</B><DD>The asterisk matches zero or more instances of the preceding
+character. Combine it with any other alphanumeric character or
+metacharacter.
+<P><DT><B>[ ]
+</B><DD>Square brackets around a list of characters match a single instance of any
+of the characters, but no other characters; for example, <B>[abc]</B>
+matches a single <B>a</B> or <B>b</B> or <B>c</B>, but not
+<B>d</B> or <B>A</B>. You can combine this expression with the
+asterisk.
+<P><DT><B>^
+</B><DD>The caret, when used as the first character in a square-bracketed set,
+designates a match with any single character other than the characters that
+follow it; for example, <B>[^a]</B> matches any single character
+except lowercase <B>a</B>. You can combine this expression with the
+asterisk.
+<P><DT><B>\
+</B><DD>A backslash preceding any of the metacharacters in this list makes it
+match its literal value only. For example, the expression
+<B>\.</B> (backslash and period) matches a single period,
+<B>\*</B> matches a single asterisk, and <B>\\</B> matches a single
+backslash. You can combine such expressions with the asterisk (for
+example, <B>\.*</B> matches any number of periods).
+</DL>
+<P>Perhaps the most common regular expression is the period followed by an
+asterisk (<B>.*</B>). This expression matches any string of
+any length, because the period matches any character and the asterisk means
+any number of that character. As mentioned, it is the only acceptable
+regular expression in the file server and partition fields of a volume
+entry. In the volume name field, it can stand alone (in which case it
+matches every volume listed in the VLDB), or can combine with alphanumeric
+characters. For example, the string
+<B>user.*\.backup</B> matches any volume name that begins
+with the string <B>user</B> and ends with
+<B>.backup</B>.
+<P>Issuing the <B>backup addvolentry</B> command in interactive mode is
+simplest. If you issue it at the shell prompt, you must surround any
+string that includes a regular expression with double quotes (<B>" "</B>)
+so that the shell passes them uninterpreted to the <B>backup</B> command
+interpreter rather than resolving them.
+<P>To define various combinations of volumes, provide the following types of
+values for the <B>backup addvolentry</B> command's three
+arguments. The list uses the notation appropriate for interactive
+mode; if you issue the command at the shell prompt instead, place double
+quotes around any string that includes a regular expression. To create
+a volume entry that includes:
+<UL>
+<P><LI>All volumes listed in the VLDB, use the regular expression
+<B>.*</B> for all three arguments (<B>-server .*
+-partition .* -volume .*</B>)
+<P><LI>Every volume on a specific file server machine, specify its fully
+qualified hostname as the <B>-server</B> argument and use the regular
+expression <B>.*</B> for the <B>-partition</B> and
+-<B>volume</B> arguments (for example: <B>-server
+fs1.abc.com -partition .* -volume .*</B>)
+<P><LI>All volumes that reside on a partition with the same name on various file
+server machines, specify the complete partition name as the
+<B>-partition</B> argument and use the regular expression
+<B>.*</B> for the <B>-server</B> and <B>-volume</B>
+arguments (for example: <B>-server .* -partition /vicepd
+-volume .*</B>)
+<P><LI>Every volume with a common string in its name, use the regular expression
+<B>.*</B> for the <B>-server</B> and <B>-partition</B>
+arguments, and provide a combination of alphanumeric characters and
+metacharacters as the <B>-volume</B> argument (for example:
+<B>-server .* -partition .* -volume
+.*\.backup</B> includes all volumes whose names end in the
+string <B>.backup</B>).
+<P><LI>All volumes on one partition, specify the machine's fully qualified
+hostname as the <B>-server</B> argument and the full partition name as the
+<B>-partition</B> argument, and use the regular expression
+<B>.*</B> for the <B>-volume</B> argument (for example:
+<B>-server fs2.abc.com -partition /vicepb -volume
+.*</B>).
+<P><LI>A single volume, specify its complete name as the <B>-volume</B>
+argument. To bypass the potentially time-consuming search through the
+VLDB for matching entries, you can specify an actual machine and partition
+name for the <B>-server</B> and <B>-partition</B> arguments
+respectively. However, if it is possible that you need to move the
+volume in future, it is best to use the regular expression
+<B>.*</B> for the machine and partition name.
+</UL>
+<P>As you create volume sets, define groups of volumes you want to dump to the
+same tape at the same time (for example, weekly or daily) and in the same
+manner (fully or incrementally). In general, a volume set that includes
+volumes with similar contents (as indicated by similar names) is more useful
+than one that includes volumes that share a common location, especially if you
+often move volumes for load-balancing or space reasons. Most often,
+then, it is appropriate to use the regular expression <B>.*</B>
+(period followed by a backslash) for the <B>-server</B> and
+<B>-partition</B> arguments to the <B>backup addvolentry</B>
+command.
+<P>It is generally more efficient to include a limited number of volumes in a
+volume entry. Dumps of a volume set that includes a large number of
+volume can take a long time to complete, increasing the possibility that the
+operation fails due to a service interruption or outage.
+<P>To remove a volume entry from a volume set, use the <B>backup
+delvolentry</B> command. To remove a volume set and all of its
+component volume entries from the Backup Database, use the <B>backup
+delvolset</B> command. To display the volume entries in a volume set,
+use the <B>backup listvolsets</B> command.
+<P>By default, a Backup Database record is created for the new volume
+set. Sometimes it is convenient to create volume sets without recording
+them permanently in the Backup Database, for example when using the
+<B>backup volsetrestore</B> command to restore a group of volumes that
+were not necessarily backed up together (for further discussion, see <A HREF="auagd012.htm#HDRWQ312">Using the backup volsetrestore Command</A>). To create a <I>temporary</I> volume set,
+include the <B>-temporary</B> flag to the <B>backup addvolset</B>
+command. A temporary volume set exists only during the lifetime of the
+current interactive session, so the flag is effective only when used during an
+interactive session (opened by issuing the <B>backup (interactive)</B>
+command). You can use the <B>backup delvolset</B> command to delete
+a temporary volume set before the interactive session ends, if you wish, but
+as noted it is automatically deleted when you end the session. One
+advantage of temporary volume sets is that the <B>backup addvolset</B>
+command, and any <B>backup addvolentry</B> commands subsequently used to
+add volume entries to it, complete more quickly than for regular volume sets,
+because you are not creating any Backup Database records.
+<A NAME="IDX6876"></A>
+<A NAME="IDX6877"></A>
+<A NAME="IDX6878"></A>
+<A NAME="IDX6879"></A>
+<P><H3><A NAME="Header_291" HREF="auagd002.htm#ToC_291">To create a volume set</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>backup</B> command to enter
+interactive mode. If you are going to define volume entries right away
+with the <B>backup addvolentry</B> command, this eliminates the need to
+surround metacharacter expressions with double quotes. You must enter
+interactive mode if creating a temporary volume set.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>(backup) addvolset</B> command to create the volume
+set. You must then issue the <B>(backup) addvolentry</B> command to
+define volume entries in it.
+<PRE> backup> <B>addvolset</B> <<VAR>volume set name</VAR>> [<B>-temporary</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addvols
+</B><DD>Is the shortest acceptable abbreviation of <B>addvolset</B>.
+<P><DT><B><VAR>volume set name</VAR>
+</B><DD>Names the volume set. The name can include no more than 31
+characters, cannot include periods, and must be unique within the Backup
+Database. (A temporary volume set can have the same name as an existing
+permanent volume set, but this is not recommended because of the confusion it
+can cause.)
+<P><DT><B>-temporary
+</B><DD>Creates a temporary volume set, which exists only during the current
+interactive session.
+</DL>
+</OL>
+<A NAME="IDX6880"></A>
+<A NAME="IDX6881"></A>
+<A NAME="IDX6882"></A>
+<A NAME="IDX6883"></A>
+<P><H3><A NAME="Header_292" HREF="auagd002.htm#ToC_292">To add a volume entry to a volume set</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>backup</B> command to enter
+interactive mode if you have not already. This makes it simpler to use
+metacharacter expressions, because you do not need to surround them with
+double quotes. If you are adding entries to a temporary volume set, you
+must already have entered interactive mode before creating the volume
+set.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>(backup) addvolentry</B> command to define volume entries
+in an existing volume set. The Backup System assigns each volume entry
+an index within the volume set, starting with 1 (one).
+<PRE> backup> <B>addvolentry -name</B> <<VAR>volume set name</VAR>> \
+ <B>-server</B> <<VAR>machine name</VAR>> \
+ <B>-partition</B> <<VAR>partition name</VAR>> \
+ <B>-volumes</B> <<VAR>volume name (regular expression)</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addvole
+</B><DD>Is the shortest acceptable abbreviation of <B>addvolentry</B>.
+<P><DT><B>-name
+</B><DD>Names the volume set to which to add the volume entry. It must
+already exist (use the <B>backup addvolset</B> command to create
+it).
+<P><DT><B>-server
+</B><DD>Defines the set of one or more file server machines that house the volumes
+in the volume entry. Provide either one fully-qualified hostname (such
+as <B>fs1.abc.com</B>) or the metacharacter expression
+<B>.*</B> (period and asterisk), which matches all machine names in
+the VLDB.
+<P><DT><B>-partition
+</B><DD>Defines the set of one or more partitions that house the volumes in the
+volume entry. Provide either one complete partition name (such as
+<B>/vicepa</B>) or the metacharacter expression <B>.*</B>
+(period and asterisk), which matches all partition names.
+<P><DT><B>-volumes
+</B><DD>Defines the set of one or more volumes included in the volume entry,
+identifying them by name. This argument can include a combination of
+alphanumeric characters and one or more of the metacharacter expressions
+discussed in the introductory material in this section.
+</DL>
+</OL>
+<A NAME="IDX6884"></A>
+<A NAME="IDX6885"></A>
+<A NAME="IDX6886"></A>
+<A NAME="IDX6887"></A>
+<A NAME="IDX6888"></A>
+<A NAME="IDX6889"></A>
+<P><H3><A NAME="HDRWQ266" HREF="auagd002.htm#ToC_293">To display volume sets and volume entries</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>backup listvolsets</B> command to display the volume
+entries in a specific volume set or all of them. If you are displaying
+a temporary volume set, you must still be in the interactive session in which
+you created it.
+<PRE> % <B>backup listvolsets</B> [<<VAR>volume set name</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listv
+</B><DD>Is the shortest acceptable abbreviation of <B>listvolsets</B>.
+<P><DT><B><VAR>volume set name</VAR>
+</B><DD>Names the volume set to display. Omit this argument to display all
+defined volume sets.
+</DL>
+<P>The output from the command uses the wildcard notation used when the volume
+entries were created. The string <TT>(temporary)</TT> marks a
+temporary volume set. The following example displays all three of the
+volume sets defined in a cell's Backup Database, plus a temporary volume
+set <B>pat+jones</B> created during the current interactive session:
+<P>
+<PRE> backup> <B>listv</B>
+ Volume set pat+jones (temporary):
+ Entry 1: server fs1.abc.com, partition /vicepe, volumes: user.pat.backup
+ Entry 2: server fs5.abc.com, partition /viceph, volumes: user.jones.backup
+ Volume set user:
+ Entry 1: server .*, partition .*, volumes: user.*\.backup
+ Volume set sun:
+ Entry 1: server .*, partition .*, volumes: sun4x_55\..*
+ Entry 2: server .*, partition .*, volumes: sun4x_56\..*
+ Volume set rs:
+ Entry 1: server .*, partition .*, volumes: rs_aix42\..*
+</PRE>
+</OL>
+<A NAME="IDX6890"></A>
+<A NAME="IDX6891"></A>
+<A NAME="IDX6892"></A>
+<A NAME="IDX6893"></A>
+<P><H3><A NAME="Header_294" HREF="auagd002.htm#ToC_294">To delete a volume set</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup delvolset</B> command to delete one or more volume
+sets and all of the component volume entries in them. If you are
+deleting a temporary volume set, you must still be in the interactive session
+in which you created it.
+<PRE> % <B>backup delvolset</B> <<VAR>volume set name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>delvols
+</B><DD>Is the shortest acceptable abbreviation of <B>delvolset</B>.
+<P><DT><B><VAR>volume set name</VAR>
+</B><DD>Names each volume set to delete.
+</DL>
+</OL>
+<A NAME="IDX6894"></A>
+<A NAME="IDX6895"></A>
+<A NAME="IDX6896"></A>
+<A NAME="IDX6897"></A>
+<A NAME="IDX6898"></A>
+<P><H3><A NAME="Header_295" HREF="auagd002.htm#ToC_295">To delete a volume entry from a volume set</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup</B> command to enter interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>If the volume set includes more than one volume entry, issue the
+<B>(backup) listvolsets</B> command to display the index number associated
+with each one (if there is only one volume entry, its index is 1). For
+a more detailed description of the command's output, see <A HREF="#HDRWQ266">To display volume sets and volume entries</A>.
+<PRE> backup> <B>listvolsets</B> <<VAR>volume set name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listv
+</B><DD>Is the shortest acceptable abbreviation of <B>listvolsets</B>.
+<P><DT><B><VAR>volume set name</VAR>
+</B><DD>Names the volume set for which to display volume entries.
+</DL>
+<P><LI>Issue the <B>(backup) delvolentry</B> command to delete the volume
+entry.
+<PRE> backup> <B>delvolentry</B> <<VAR>volume set name</VAR>> <<VAR>volume entry index</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>delvole
+</B><DD>Is the shortest acceptable abbreviation of <B>delvolentry</B>.
+<P><DT><B><VAR>volume set name</VAR>
+</B><DD>Names the volume set from which to delete a volume entry.
+<P><DT><B><VAR>volume entry index</VAR>
+</B><DD>Specifies the index number of the volume entry to delete.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ267" HREF="auagd002.htm#ToC_296">Defining and Displaying the Dump Hierarchy</A></H2>
+<A NAME="IDX6899"></A>
+<A NAME="IDX6900"></A>
+<P>A dump hierarchy is a logical structure in the Backup Database that defines
+the relationship between full and incremental dumps; that is, it defines
+which dump serves as the parent for an incremental dump. Each
+individual component of a hierarchy is a dump level.
+<P>As you define dump levels with the <B>backup adddump</B> command, keep
+the following rules and suggestions in mind:
+<UL>
+<P><LI>Each full dump level is the top level of a hierarchy. You can
+create as many hierarchies as you need to dump different volume sets on
+different schedules.
+<P><LI>The name of a full dump level consists of an initial slash (<B>/</B>),
+followed by a string of up to 28 alphanumeric characters.
+<P><LI>The name of an incremental dump level resembles a pathname, starting with
+the name of a full dump level, then the first incremental level, and so on,
+down to the final incremental level. Precede each level name with a
+slash to separate it from the preceding level. Like the full level,
+each component level in the name can have up to 28 alphanumeric characters,
+not including the slash.
+<P><LI>A hierarchy can have any have any number of levels, but the maximum length
+of a complete dump level name is 256 characters, including the slashes.
+<P><LI>Before defining a given incremental level, you must define all of the
+levels above it in the hierarchy.
+<P><LI>Do not use the period (<B>.</B>) in dump level names.
+The Backup System uses the period as the separator between a dump's
+volume set name and dump level name when it creates the dump name and AFS tape
+name. Any other alphanumeric and punctuation characters are allowed,
+but it is best to avoid metacharacters. If you include a metacharacter,
+you must precede it with a backslash (<B>\</B>) or surround the entire
+dump level name with double quotes (<B>" "</B>).
+<P><LI>Naming dump levels for days or other actual time points reminds you when
+to perform dumps, and makes it easier to track the relationship between dumps
+performed at different levels. However, the names have no meaning to
+the Backup System: it does not automatically create dumps according to
+the names, and does not prevent you from, for example, using the
+<B>/sunday</B> level when creating a dump on a Tuesday.
+<P><LI>It is best not to use the same name for more than one component level in a
+hierarchy, because it means the resulting dump name no longer indicates which
+level was used. For example, if you name a dump level
+<B>/full/incr/incr</B>, then the dump name and AFS tape name that result
+from dumping a volume set at the first incremental level
+(<B>/full/incr</B>) look the same as the names that result from dumping at
+the second incremental level (<B>/full/incr/incr</B>).
+<P><LI>Individual levels in different hierarchies can have the same name, but the
+complete pathnames must be unique. For example,
+<B>/sunday1/monday</B> and <B>/sunday2/monday</B> share the same name
+at the final level, but are unique because they have different names at the
+full level (belong to different hierarchies). However, using the same
+name in multiple hierarchies means that dump and AFS tape names do not
+unambiguously indicate which hierarchy was used.
+</UL>
+<P>The following example shows three hierarchies. Each begins with a
+full dump at the top: <B>sunday1</B> for the first hierarchy,
+<B>sunday2</B> for the second hierarchy, and <B>sunday_bin</B> for the
+third hierarchy. In all three hierarchies, each of the other dump
+levels is an incremental level.
+<PRE> /sunday1
+ /monday
+ /tuesday
+ /wednesday
+ /thursday
+ /friday
+ /sunday2
+ /monday
+ /tuesday
+ /wednesday
+ /thursday
+ /friday
+ /sunday_bin
+ /monday
+ /wednesday
+ /friday
+</PRE>
+<P>In the first hierarchy, each incremental dump level refers to the full
+level <B>/sunday1</B> as its parent. When (for example) you dump a
+volume set at the <B>/sunday1/wednesday</B> level, it includes data that
+has changed since the volume set was dumped at the <B>/sunday1</B>
+level.
+<P>In contrast, each incremental dump level in the second hierarchy refers to
+the immediately preceding dump level as its parent. When you dump a
+volume set at the corresponding level in the second hierarchy
+(<B>/sunday2/monday/tuesday/wednesday</B>), the dump includes only data
+that has changed since the volume set was dumped at the
+<B>/sunday2/monday/tuesday</B> level (presumably the day before).
+Assuming you create dumps on the indicated days, an incremental dump made
+using this hierarchy contains less data than an incremental dump made at the
+corresponding level in the first hierarchy.
+<P>The third hierarchy is more appropriate for dumping volumes for which a
+daily backup is excessive because the data does not change often (for example,
+system binaries).
+<P><H3><A NAME="HDRWQ268" HREF="auagd002.htm#ToC_297">Creating a Tape Recycling Schedule</A></H3>
+<A NAME="IDX6901"></A>
+<A NAME="IDX6902"></A>
+<A NAME="IDX6903"></A>
+<A NAME="IDX6904"></A>
+<A NAME="IDX6905"></A>
+<A NAME="IDX6906"></A>
+<A NAME="IDX6907"></A>
+<A NAME="IDX6908"></A>
+<P>If your cell is like most cells, you have a limited amount of room for
+storing backup tapes and a limited budget for new tapes. The easiest
+solution is to recycle tapes by overwriting them when you no longer need the
+backup data on them. The Backup System helps you implement a recycling
+schedule by enabling you to associate an expiration date with each dump
+level. The expiration date defines when a dump created at that level
+expires. Until that time the Backup System refuses to overwrite a tape
+that contains the dump. Thus, assigning expiration dates automatically
+determines how you recycle tapes.
+<P>When designing a tape-recycling schedule, you must decide how far in the
+past and to what level of precision you want to guarantee access to backed up
+data. For instance, if you decide to guarantee that you can restore a
+user's home volume to its state on any given day in the last two weeks,
+you cannot recycle the tape that contains a given daily dump for at least two
+weeks after you create it. Similarly, if you decide to guarantee that
+you can restore home volumes to their state at the beginning of any given week
+in the last month, you cannot recycle the tapes in a dump set containing a
+weekly dump for at least four weeks. The following example dump
+hierarchy implements this recycling schedule by setting the expiration date
+for each daily incremental dump to 13 days and the expiration date of the
+weekly full dumps to 27 days.
+<P>The tapes used to store dumps created at the daily incremental levels in
+the <B>/sunday1</B> hierarchy expire just in time to be recycled for daily
+dumps in the <B>/sunday3</B> hierarchy (and vice versa), and there is a
+similar relationship between the <B>/sunday2</B> and <B>/sunday4</B>
+hierarchies. Similarly, the tape that houses a full dump at the
+<B>/sunday1</B> level expires just in time to be used for a full dump on
+the first Sunday of the following month.
+<PRE>
+ /sunday1 expires in 27d
+ /monday1 expires in 13d
+ /tuesday1 expires in 13d
+ /wednesday1 expires in 13d
+ /thursday1 expires in 13d
+ /friday1 expires in 13d
+ /sunday2 expires in 27d
+ /monday2 expires in 13d
+ /tuesday2 expires in 13d
+ /wednesday2 expires in 13d
+ /thursday2 expires in 13d
+ /friday2 expires in 13d
+ /sunday3 expires in 27d
+ /monday1 expires in 13d
+ /tuesday1 expires in 13d
+ /wednesday1 expires in 13d
+ /thursday1 expires in 13d
+ /friday1 expires in 13d
+ /sunday4 expires in 27d
+ /monday2 expires in 13d
+ /tuesday2 expires in 13d
+ /wednesday2 expires in 13d
+ /thursday2 expires in 13d
+ /friday2 expires in 13d
+</PRE>
+<P>If you use appended dumps in your cell, keep in mind that all dumps in a
+dump set are subject to the latest (furthest into the future) expiration date
+associated with any of the constituent dumps. You cannot recycle any of
+the tapes that contain a dump set until all of the dumps have reached their
+expiration date. See also <A HREF="auagd012.htm#HDRWQ299">Appending Dumps to an Existing Dump Set</A>.
+<P>Most tape manufacturers recommend that you write to a tape a limited number
+of times, and it is best not to exceed this limit when recycling tapes.
+To help you track tape usage, the Backup System records a <TT>useCount</TT>
+counter on the tape's label. It increments the counter each time
+the tape's label is rewritten (each time you use the <B>backup
+labeltape</B> or <B>backup dump</B> command). To display the
+<TT>useCount</TT> counter, use the <B>backup readlabel</B> or
+<B>backup scantape</B> command or include the <B>-id</B> and
+<B>-verbose</B> options when you issue the <B>backup dumpinfo</B>
+command. For instructions see <A HREF="#HDRWQ272">Writing and Reading Tape Labels</A> or <A HREF="auagd012.htm#HDRWQ302">Displaying Backup Dump Records</A>.
+<A NAME="IDX6909"></A>
+<A NAME="IDX6910"></A>
+<A NAME="IDX6911"></A>
+<A NAME="IDX6912"></A>
+<P><H3><A NAME="HDRWQ269" HREF="auagd002.htm#ToC_298">Archiving Tapes</A></H3>
+<A NAME="IDX6913"></A>
+<A NAME="IDX6914"></A>
+<P>Even if you make extensive use of tape recycling, there is probably some
+backup data that you need to archive for a long (or even an indefinite) period
+of time. You can use the Backup System to archive data on a regular
+schedule, and you can also choose to archive data on tapes that you previously
+expected to recycle.
+<P>If you want to archive data on a regular basis, you can create
+date-specific dump levels in the dump hierarchy. For example, if you
+decide to archive a full dump of all data in your cell at the beginning of
+each quarter in the year 2000, you can define the following levels in the dump
+hierarchy:
+<PRE> /1Q2000
+ /2Q2000
+ /3Q2000
+ /4Q2000
+</PRE>
+<P>If you decide to archive data that is on tapes you previously planned to
+recycle, you must gather all of the tapes that contain the relevant dumps,
+both full and incremental. To avoid accidental erasure, it is best to
+set the switch on the tapes that makes them read-only, before placing them in
+your archive storage area. If the tapes also contain a large amount of
+extraneous data that you do not want to archive, you can restore just the
+relevant data into a new temporary volume, and back up that volume to the
+smallest number of tapes possible. One reason to keep a dump set small
+is to minimize the amount of irrelevant data in a dump set you end up needing
+to archive.
+<P>If you do not expect to restore archived data to the file system, you can
+consider using the <B>backup deletedump</B> command to remove the
+associated dump records from the Backup Database, which helps keep it to an
+efficient size. If you ever need to restore the data, you can use the
+<B>-dbadd</B> flag to the <B>backup scantape</B> command to reinsert
+the dump records into the database. For instructions, see <A HREF="auagd012.htm#HDRWQ305">To scan the contents of a tape</A>.
+<P><H3><A NAME="HDRWQ270" HREF="auagd002.htm#ToC_299">Defining Expiration Dates</A></H3>
+<P>To associate an expiration date with a dump level as you
+create it, use the <B>-expires</B> argument to the <B>backup
+adddump</B> command. To change an existing dump level's
+expiration date, use the <B>-expires</B> argument to the <B>backup
+setexp</B> command. (Note that it is not possible to change the
+expiration date of an actual dump that has already been created at that
+level). With both commands, you can define an expiration date either in
+absolute terms (for example, 13 January 2000) or relative terms (for example,
+30 days from when the dump is created).
+<UL>
+<P><LI>To define an absolute expiration date, provide a value for the
+<B>-expires</B> argument with the following format:
+<PRE> [<B>at</B>] <VAR>mm</VAR><B>/</B><VAR>dd</VAR><B>/</B><VAR>yyyy</VAR> [<VAR>hh</VAR><B>:</B><VAR>MM</VAR>]
+</PRE>
+<P>where <VAR>mm</VAR> indicates the month, <VAR>dd</VAR> the day, and
+<VAR>yyyy</VAR> the year when the dump expires. Valid values for the year
+fall in the range <B>1970</B> through <B>2037</B> (the latest possible
+date that the UNIX time representation can express is in early 2038).
+If you provide a time, it must be in 24-hour format with <VAR>hh</VAR> the hours
+and <VAR>MM</VAR> the minutes (for example, <B>21:50</B> is 9:50
+p.m.). If you omit the time, the default is 00:00
+hours (12:00 midnight) on the indicated date.
+<P><LI>To define a relative expiration date, provide a value for the
+<B>-expires</B> argument with the following format:
+<PRE> [<B>in</B>] [<VAR>years</VAR><B>y</B>] [<VAR>months</VAR><B>m</B>] [<VAR>days</VAR><B>d</B>]
+</PRE>
+<P>where each of <VAR>years</VAR>, <VAR>months</VAR>, and <VAR>days</VAR> is an
+integer. Provide at least one of them together with the corresponding
+units letter (<B>y</B>, <B>m</B>, or <B>d</B> respectively), with
+no intervening space. If you provide more than one of the three, list
+them in the indicated order.
+<P>The Backup System calculates a dump's actual expiration date by adding
+the indicated relative value to the start time of the dump operation.
+For example, it assigns an expiration date 1 year, 6 months, and 2 days in the
+future to a dump created at a dump level with associated expiration date
+<B>in 1y 6m 2d</B>.
+<P><LI>To indicate that a dump backed up at the corresponding dump level never
+expires, provide the value <B>NEVER</B> instead of a date and time.
+To recycle tapes that contain dumps created at such a level, you must use the
+<B>backup readlabel</B> command to overwrite the tape's label.
+</UL>
+<P>If you omit the <B>-expires</B> argument to the <B>backup
+adddump</B> command, then the expiration date is set to UNIX time zero
+(00:00 hours on 1 January 1970). The Backup System considers
+dumps created at such a dump level to expire at their creation time. If
+no dumps in a dump set have an expiration date, then the Backup System does
+not impose any restriction on recycling the tapes that contain the dump
+set. If you need to prevent premature recycling of the tapes that
+contain the dump set, you must use a manual tracking system.
+<A NAME="IDX6915"></A>
+<A NAME="IDX6916"></A>
+<A NAME="IDX6917"></A>
+<A NAME="IDX6918"></A>
+<A NAME="IDX6919"></A>
+<A NAME="IDX6920"></A>
+<A NAME="IDX6921"></A>
+<A NAME="IDX6922"></A>
+<A NAME="IDX6923"></A>
+<P><H3><A NAME="Header_300" HREF="auagd002.htm#ToC_300">To add a dump level to the dump hierarchy</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>Optional</B>. Issue the <B>backup</B> command to enter
+interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>backup adddump</B> command to define one or more dump
+levels. If you are defining an incremental level, then all of the
+parent levels that precede it in its pathname must either already exist or
+precede it on the command line.
+<PRE> backup> <B>adddump -dump</B> <<VAR>dump level name</VAR>><SUP>+</SUP> [<B>-expires</B> <<VAR>expiration date</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addd
+</B><DD>Is the shortest acceptable abbreviation of <B>adddump</B>.
+<P><DT><B>-dump
+</B><DD>Names each dump level to added. If you specify more than one dump
+level name, you must include the <B>-dump</B> switch.
+<P>Provide the entire pathname of the dump level, preceding each level in the
+pathname with a slash (<B>/</B>). Each component level can be up to
+28 characters in length, and the pathname can include up to 256 characters
+including the slashes.
+<P><DT><B>-expires
+</B><DD>Sets the expiration date associated with each dump level. Specify
+either a relative or absolute expiration date, as described in <A HREF="#HDRWQ270">Defining Expiration Dates</A>, or omit this argument to assign no expiration date to the
+dump levels.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition to be
+associated with each dump level specified by the <B>-dump</B>
+argument.
+</TD></TR></TABLE>
+</DL>
+</OL>
+<A NAME="IDX6924"></A>
+<A NAME="IDX6925"></A>
+<A NAME="IDX6926"></A>
+<A NAME="IDX6927"></A>
+<A NAME="IDX6928"></A>
+<A NAME="IDX6929"></A>
+<P><H3><A NAME="Header_301" HREF="auagd002.htm#ToC_301">To change a dump level's expiration date</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>Optional</B>. Issue the <B>backup</B> command to enter
+interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>(backup) setexp</B> command to change the expiration date
+associated with one or more dump levels.
+<PRE> backup> <B>setexp -dump</B> <<VAR>dump level name</VAR>><SUP>+</SUP> [<B>-expires</B> <<VAR>expiration date</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>se
+</B><DD>Is the shortest acceptable abbreviation of <B>setexp</B>.
+<P><DT><B>-dump
+</B><DD>Names each existing dump level for which to change the expiration
+date.
+<P><DT><B>-expires
+</B><DD>Sets the expiration date associated with each dump level. Specify
+either a relative or absolute expiration date, as described in <A HREF="#HDRWQ270">Defining Expiration Dates</A>; omit this argument to remove the expiration date
+currently associated with each dump level.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition to be
+associated with each dump level specified by the <B>-dump</B>
+argument.
+</TD></TR></TABLE>
+</DL>
+</OL>
+<A NAME="IDX6930"></A>
+<A NAME="IDX6931"></A>
+<A NAME="IDX6932"></A>
+<A NAME="IDX6933"></A>
+<A NAME="IDX6934"></A>
+<P><H3><A NAME="Header_302" HREF="auagd002.htm#ToC_302">To delete a dump level from the dump hierarchy</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>Optional</B>. Issue the <B>backup</B> command to enter
+interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>(backup) deldump</B> command to delete the dump
+level. Note that the command automatically removes all incremental dump
+levels for which the specified level serves as parent, either directly or
+indirectly.
+<PRE> backup> <B>deldump</B> <<VAR>dump level name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>deld
+</B><DD>Is the shortest acceptable abbreviation of <B>deldump</B>.
+<P><DT><B><VAR>dump level name</VAR>
+</B><DD>Specifies the complete pathname of the dump level to delete.
+</DL>
+</OL>
+<A NAME="IDX6935"></A>
+<A NAME="IDX6936"></A>
+<A NAME="IDX6937"></A>
+<A NAME="IDX6938"></A>
+<A NAME="IDX6939"></A>
+<A NAME="IDX6940"></A>
+<P><H3><A NAME="HDRWQ271" HREF="auagd002.htm#ToC_303">To display the dump hierarchy</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>backup listdumps</B> command to display the dump
+hierarchy.
+<PRE> % <B>backup listdumps</B>
+</PRE>
+<P>where <B>listd</B> is the shortest acceptable abbreviation of
+<B>listdumps</B>.
+<P>The output from this command displays the dump hierarchy, reporting the
+expiration date associated with each dump level, as in the following
+example.
+<PRE> % <B>backup listdumps</B>
+ /week1 expires in 27d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /sunday expires in 13d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /week3 expires in 27d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /sunday expires in 13d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ sunday1 expires in 27d
+ /monday1 expires in 13d
+ /tuesday1 expires in 13d
+ /wednesday1 expires in 13d
+ /thursday1 expires in 13d
+ /friday1 expires in 13d
+ sunday2 expires in 27d
+ /monday2 expires in 13d
+ /tuesday2 expires in 13d
+ /wednesday2 expires in 13d
+ /thursday2 expires in 13d
+ /friday2 expires in 13d
+ sunday3 expires in 27d
+ /monday1 expires in 13d
+ /tuesday1 expires in 13d
+ /wednesday1 expires in 13d
+ /thursday1 expires in 13d
+ /friday1 expires in 13d
+ sunday4 expires in 27d
+ /monday2 expires in 13d
+ /tuesday2 expires in 13d
+ /wednesday2 expires in 13d
+ /thursday2 expires in 13d
+ /friday2 expires in 13d
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ272" HREF="auagd002.htm#ToC_304">Writing and Reading Tape Labels</A></H2>
+<A NAME="IDX6941"></A>
+<A NAME="IDX6942"></A>
+<A NAME="IDX6943"></A>
+<A NAME="IDX6944"></A>
+<A NAME="IDX6945"></A>
+<A NAME="IDX6946"></A>
+<P>As described in <A HREF="#HDRWQ253">Dump Names and Tape Names</A> and <A HREF="#HDRWQ254">Tape Labels, Dump Labels, and EOF Markers</A>, you can assign either a permanent name or
+an AFS tape name to a tape that you use in the Backup System. The names
+are recorded on the tape's magnetic label, along with an indication of
+the tape's capacity (size).
+<P>You can assign either a permanent name or an AFS tape name, but not
+both. In general, assigning permanent names rather than AFS tape names
+simplifies the backup process, because the Backup System does not dictate the
+format of permanent names. If a tape does not have a permanent name,
+then by default the Backup System accepts only three strictly defined values
+in the AFS tape name field, and refuses to write a dump to a tape with an
+inappropriate AFS tape name. The acceptable values are a name that
+matches the volume set and dump level of the initial dump, the value
+<TT><NULL></TT>, and no value in the field at all.
+<P>If a tape has a permanent name, the Backup System does not check the AFS
+tape name, and as part of the dump operation constructs the appropriate AFS
+tape name itself and records it on the label. This means that if you
+assign a permanent name, the Backup System assigns an AFS tape name itself and
+the tape has both types of name. In contrast, if a tape has an AFS tape
+name but not a permanent name, you cannot assign a permanent name without
+first erasing the AFS tape name.
+<P>(You can also suppress the Backup System's check of a tape's AFS
+tape name, even it does not have a permanent name, by assigning the value
+<B>NO</B> to the <B>NAME_CHECK</B> instruction in the device
+configuration file. See <A HREF="#HDRWQ280">Eliminating the AFS Tape Name Check</A>.)
+<P>Because the Backup System accepts unlabeled tapes, you do not have to label
+a tape before using it for the first time. After the first use, there
+are a couple of cases in which you must relabel a tape in order to write a
+dump to it:
+<UL>
+<P><LI>The tape does not have a permanent name, and the AFS tape name on it does
+not match the new initial dump set you want to create (the volume set and dump
+level names are different, or the index is incorrect).
+<P><LI>You want to recycle a tape before all of the dumps on it have
+expired. The Backup System does not overwrite a tape with any unexpired
+dumps. Keep in mind, though, that if you relabel the tape to making
+recycling possible, you erase all the dump records for the tape from the
+Backup Database, which makes it impossible to restore any data from the
+tape.
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Labeling a tape that contains dump data makes it impossible to use that data
+in a restore operation, because the labeling operation removes the dump's
+records from the Backup Database. If you want to record a permanent
+name on a tape label, you must do it before dumping any data to the
+tape.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_305" HREF="auagd002.htm#ToC_305">Recording a Name on the Label</A></H3>
+<P>To write a permanent name on a tape's label, include the
+<B>-pname</B> argument to specify a string of up to 32 characters.
+Check that no other tape used with the Backup System in your cell already has
+the permanent name you are assigning, because the Backup System does not
+prevent you from assigning the same name to multiple tapes. The Backup
+System overwrites the existing AFS tape name, if any, with the value
+<TT><NULL></TT>. When a tape has a permanent name, the Backup
+System uses it instead of the AFS tape name in most prompts and when referring
+to the tape in output from <B>backup</B> commands. The permanent
+name persists until you again include the <B>-pname</B> argument to the
+<B>backup labeltape</B> command, regardless of the tape's contents
+and of how often you recycle the tape or use the <B>backup labeltape</B>
+command without the <B>-pname</B> argument.
+<P>To write an AFS tape name on the label, provide a value for the
+<B>-name</B> argument that matches the volume set name and the final
+element in the dump level pathname of the initial dump that you plan to write
+to the tape, and an index that indicates the tape's place in the sequence
+of tapes for the dump set. The format is as follows:
+<PRE> <VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR><B>.</B><VAR>tape_index</VAR>
+</PRE>
+<P>If you omit the <B>-name</B> argument, the Backup System sets the AFS
+tape name to <TT><NULL></TT>. The Backup System automatically
+constructs and records the appropriate name when you later write an initial
+dump to the tape by using the <B>backup dump</B> or <B>backup
+savedb</B> command.
+<P>You cannot use the <B>-name</B> argument if the tape already has a
+permanent name. To erase a tape's permanent name, provide a null
+value to the <B>-pname</B> argument by issuing the following
+command:
+<PRE> % <B>backup labeltape -pname ""</B>
+</PRE>
+<P><H3><A NAME="Header_306" HREF="auagd002.htm#ToC_306">Recording a Capacity on the Label</A></H3>
+<P>To record the tape's capacity on the label, specify a number of
+kilobytes as the <B>-size</B> argument. If you omit this argument
+the first time you label a tape, the Backup System records the default tape
+capacity associated with the specified port offset in the
+<B>/usr/afs/backup/tapeconfig</B> file on the Tape Coordinator
+machine. If the tape's capacity is different (in particular,
+larger) than the capacity recorded in the <B>tapeconfig</B> file, it is
+best to record a capacity on the label before using the tape. Once set,
+the value in the label's capacity field persists until you again use the
+<B>-size</B> argument to the <B>backup labeltape</B> command.
+For a discussion of the appropriate capacity to record for tapes, see <A HREF="#HDRWQ258">Configuring the tapeconfig File</A>.
+<P>To read a tape's label, use the <B>backup readlabel</B>
+command.
+<P>Most tapes also come with an adhesive label you can apply to the exterior
+casing. To help you easily identify a tape, record at least the
+tape's permanent and AFS tape names on the adhesive label.
+Depending on the recycling scheme you use, it can be useful to record other
+information, such as the dump ID, dump creation date, and expiration date of
+each dump you write to the tape.
+<A NAME="IDX6947"></A>
+<A NAME="IDX6948"></A>
+<P><H3><A NAME="HDRWQ273" HREF="auagd002.htm#ToC_307">To label a tape</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="auagd012.htm#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P><LI>Place the tape in the device.
+<P><LI><B>Optional</B>. Issue the <B>backup</B> command to enter
+interactive mode, if you want to label multiple tapes or issue additional
+commands after labeling the tape. The interactive prompt appears in the
+following step.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>(backup) labeltape</B> command to label the tape.
+<PRE> backup> <B>labeltape</B> [<B>-name</B> <<VAR>tape name, defaults to NULL</VAR>>] \
+ [<B>-size</B> <<VAR>tape size in Kbytes, defaults to size in tapeconfig</VAR>>] \
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>>] [<B>-pname</B> <<VAR>permanent tape name</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>la
+</B><DD>Is the shortest acceptable abbreviation of <B>labeltape</B>.
+<P><DT><B>-name
+</B><DD>Specifies the AFS tape name to record on the label. Include this
+argument or the <B>-pname</B> argument, but not both. If you omit
+this argument, the AFS tape name is set to <TT><NULL></TT>. If you
+provide it, it must have the following format.
+<PRE><VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR><B>.</B><VAR>tape_index</VAR>
+</PRE>
+<P>
+<P>for the tape to be acceptable for use in a future <B>backup dump</B>
+operation. The <VAR>volume_set_name</VAR> must match the volume set name
+of the initial dump to be written to the tape, <VAR>dump_level_name</VAR> must
+match the last element of the dump level pathname at which the volume set is
+to be dumped, and <VAR>tape_index</VAR> must correctly indicate the tape's
+place in the sequence of tapes that house the dump set; indexing begins
+with the number 1 (one).
+<P><DT><B>-size
+</B><DD>Specifies the tape capacity to record on the label. If you are
+labeling the tape for the first time, you need to include this argument only
+if the tape's capacity differs from the capacity associated with the
+specified port offset in the <B>/usr/afs/backup/tapeconfig</B> file on the
+Tape Coordinator machine.
+<P>If you provide a value, it is an integer value followed by a letter that
+indicates units, with no intervening space. A unit value of
+<B>k</B> or <B>K</B> indicates kilobytes, <B>m</B> or <B>M</B>
+indicates megabytes, and <B>g</B> or <B>G</B> indicates
+gigabytes. If you omit the units letter, the default is
+kilobytes.
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the tape
+or backup data file for this operation. You must provide this argument
+unless the default value of <B>0</B> (zero) is appropriate.
+<P><DT><B>-pname
+</B><DD>Specifies the permanent name to record on the label. It can be up
+to 32 characters in length, and include any alphanumeric characters.
+Avoid metacharacters that have a special meaning to the shell, to avoid having
+to mark them as literal in commands issued at the shell prompt.
+<P>Include this argument or the <B>-name</B> argument, but not
+both. When you provide this argument, the AFS tape name is set to
+<TT><NULL></TT>. If you omit this argument, any existing permanent
+name is retained.
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or if the device's device configuration file
+includes the instruction <B>AUTOQUERY YES</B>, then the Tape Coordinator
+prompts you to place the tape in the device's drive. You have
+already done so, but you must now press <B><Return></B> to indicate
+that the tape is ready for labeling.
+</OL>
+<A NAME="IDX6949"></A>
+<A NAME="IDX6950"></A>
+<P><H3><A NAME="HDRWQ274" HREF="auagd002.htm#ToC_308">To read the label on a tape</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="auagd012.htm#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P><LI>Place the tape in the device.
+<P><LI><B>Optional</B>. Issue the <B>backup</B> command to enter
+interactive mode, if you want to label multiple tapes or issue additional
+commands after labeling the tape. The interactive prompt appears in the
+following step.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>(backup) readlabel</B> command to read the label on the
+tape.
+<PRE> backup> <B>readlabel</B> [<<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>rea
+</B><DD>Is the shortest acceptable abbreviation of <B>readlabel</B>.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the port offset number of Tape Coordinator handling the tape or
+backup data file for this operation. You must provide this argument
+unless the default value of <B>0</B> (zero) is appropriate.
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or the device's device configuration file
+includes the instruction <B>AUTOQUERY YES</B> instruction, then the Tape
+Coordinator prompts you to place the tape in the device's drive.
+You have already done so, but you must now press <B><Return></B> to
+indicate that the tape is ready for reading.
+</OL>
+<P>Information from the tape label appears both in the <B>backup</B>
+command window and in the Tape Coordinator window. The output in the
+command window has the following format:
+<PRE> Tape read was labelled: <VAR>tape_name</VAR> (<VAR>initial_dump_ID</VAR>)
+ size: <VAR>size</VAR> KBytes
+</PRE>
+<P>where <VAR>tape_name</VAR> is the tape's permanent name (if it has one)
+or AFS tape name, <VAR>initial_dump_ID</VAR> is the dump ID of the initial dump
+on the tape, and <VAR>size</VAR> is the capacity recorded on the label, in
+kilobytes.
+<P>The information in the Tape Coordinator window is more extensive.
+The tape's permanent name appears in the <TT>tape name</TT> field and
+its AFS tape name in the <TT>AFS tape name</TT> field. If either name
+is undefined, a value of <TT><NULL></TT> appears in the field
+instead. The capacity recorded on the label appears in the
+<TT>size</TT> field. Other fields in the output report the creation
+time, dump level name, and dump ID of the initial dump on the tape
+(<TT>creationTime</TT>, <TT>dump path</TT>, and <TT>dump id</TT>
+respectively). The <TT>cell</TT> field reports the cell in which the
+dump operation was performed, and the <TT>useCount</TT> field reports the
+number of times the tape has been relabeled, either with the <B>backup
+labeltape</B> command or during a dump operation. For further
+details, see the command's reference page in the <I>IBM AFS
+Administration Reference</I>.
+<P>If the tape has no label, or if the drive is empty, the following message
+appears at the command shell:
+<PRE> Failed to read tape label.
+</PRE>
+<P>The following example illustrates the output in the command shell for a
+tape in the device with port offset 1:
+<PRE> % <B>backup readlabel 1</B>
+ Tape read was labelled: monthly_guest (917860000)
+ size: 2150000 KBytes
+</PRE>
+<P>The following output appears in the Tape Coordinator window at the same
+time:
+<PRE> Tape label
+ ----------
+ tape name = monthly_guest
+ AFS tape name = guests.monthly.3
+ creationTime = Mon Feb 1 04:06:40 1999
+ cell = abc.com
+ size = 2150000 Kbytes
+ dump path = /monthly
+ dump id = 917860000
+ useCount = 44
+ -- End of tape label --
+</PRE>
+<HR><H2><A NAME="HDRWQ275" HREF="auagd002.htm#ToC_309">Automating and Increasing the Efficiency of the Backup Process</A></H2>
+<A NAME="IDX6951"></A>
+<A NAME="IDX6952"></A>
+<P>The Backup System includes several optional features to help you automate
+the backup process in your cell and make it more efficient. By
+combining several of the features, you can dump volume data to tape with
+minimal human intervention in most cases. To take advantage of many of
+the features, you create a <I>device configuration file</I> in the
+<B>/usr/afs/backup</B> directory for each tape device that participates in
+automated operations. For general instructions on creating the device
+configuration file, see <A HREF="#HDRWQ276">Creating a Device Configuration File</A>. The following list refers you to sections that
+describe each feature in greater detail.
+<UL>
+<P><LI>You can use tape stackers and jukeboxes to perform backup
+operations. These are tape drives with an attached unit that stores
+several tapes and can physically insert and remove them from the tape reader
+(tape drive) without human intervention, meaning that no operator has to be
+present even for backup operations that require several tapes. To use a
+stacker or jukebox with the Backup System, include the <B>MOUNT</B> and
+<B>UNMOUNT</B> instructions in its device configuration file. See <A HREF="#HDRWQ277">Invoking a Device's Tape Mounting and Unmounting Routines</A>.
+<P><LI>You can suppress the Tape Coordinator's default prompt for the
+initial tape that it needs for a backup operation, again eliminating the need
+for a human operator to be present when a backup operation begins. (You
+must still insert the correct tape in the drive at some point before the
+operation begins.) To suppress the initial prompt, include the
+<B>-noautoquery</B> flag on the <B>butc</B> command, or assign the
+value <B>NO</B> to the <B>AUTOQUERY</B> instruction in the device
+configuration file. See <A HREF="#HDRWQ278">Eliminating the Search or Prompt for the Initial Tape</A>.
+<P><LI>You can suppress the prompts that the Tape Coordinator otherwise generates
+when it encounters several types of errors. When you use this feature,
+the Tape Coordinator instead responds to the errors in a default manner, which
+generally allows the operation to continue without human intervention.
+To suppress prompts about error conditions, assign the value <B>NO</B> to
+the <B>ASK</B> instruction in the device configuration file. See <A HREF="#HDRWQ279">Enabling Default Responses to Error Conditions</A>.
+<P><LI>You can suppress the Backup System's default verification that the
+AFS tape name on a tape that has no permanent name matches the name derived
+from the volume set and dump level names of the initial dump the Backup System
+is writing to the tape. This enables you to recycle a tape without
+first relabeling it, as long as all dumps on it are expired. To
+suppress name checking, assign the value <B>NO</B> to the
+<B>NAME_CHECK</B> instruction in the device configuration file. See
+<A HREF="#HDRWQ280">Eliminating the AFS Tape Name Check</A>.
+<P><LI>You can promote tape streaming (the most efficient way for a tape device
+to operate) by setting the size of the memory buffer the Tape Coordinator uses
+when transferring volume data between the file system and the device.
+To set the buffer size, include the <B>BUFFERSIZE</B> instruction in the
+device configuration file. See <A HREF="#HDRWQ281">Setting the Memory Buffer Size to Promote Tape Streaming</A>.
+<P><LI>You can write dumps to a <I>backup data file</I> on the local disk of
+the Tape Coordinator machine, rather than to tape. You can then
+transfer the backup data file to a data-archiving system, such as a
+hierarchical storage management (HSM) system, that you use in conjunction with
+AFS and the Backup System. Writing a dump to a file is usually more
+efficient that issuing the equivalent <B>vos dump</B> commands
+individually. To write dumps to a file, include the <B>FILE</B>
+instruction in the device configuration file. See <A HREF="#HDRWQ282">Dumping Data to a Backup Data File</A>.
+</UL>
+<P>There are two additional ways to increase backup automation and efficiency
+that do not involve the device configuration file:
+<UL>
+<P><LI>You can schedule one or more <B>backup dump</B> commands to run at
+specified times. This enables you to create backups at times of low
+system usage, without requiring a human operator to be present. You can
+schedule a single dump operation for a future time, or multiple operations to
+run at various future times. See <A HREF="auagd012.htm#HDRWQ300">Scheduling Dumps</A>.
+<P><LI>You can append dumps to a tape that already has other dumps on it.
+This enables you to use as much of a tape's capacity as possible.
+The appended dumps do not have be related in any way to one another or to the
+initial dump on the tape, but grouping dumps appropriately can reduce the
+number of necessary tape changes during a restore operation. To append
+a dump, include the <B>-append</B> argument to the <B>backup dump</B>
+command. See <A HREF="auagd012.htm#HDRWQ299">Appending Dumps to an Existing Dump Set</A>.
+</UL>
+<P><H3><A NAME="HDRWQ276" HREF="auagd002.htm#ToC_310">Creating a Device Configuration File</A></H3>
+<A NAME="IDX6953"></A>
+<A NAME="IDX6954"></A>
+<A NAME="IDX6955"></A>
+<A NAME="IDX6956"></A>
+<P>To use many of the features that automate backup operations, create a
+configuration file for each tape device in the <B>/usr/afs/backup</B>
+directory on the local disk of the Tape Coordinator machine that drives the
+device. The filename has the following form:
+<P><B>CFG_</B><VAR>device_name</VAR>
+<P>where <VAR>device_name</VAR> represents the name of the tape device or backup
+data file (see <A HREF="#HDRWQ282">Dumping Data to a Backup Data File</A> to learn about writing dumps to a file rather than to
+tape).
+<P>For a tape device, construct the <VAR>device_name</VAR> portion of the name
+by stripping off the initial <B>/dev/</B> string with which all UNIX
+device names conventionally begin, and replacing any other slashes in the name
+with underscores. For example, <B>CFG_rmt_4m</B> is the appropriate
+filename for a device called <B>/dev/rmt/4m</B>.
+<P>For a backup data file, construct the <VAR>device_name</VAR> portion by
+stripping off the initial slash (<B>/</B>) and replacing any other slashes
+(<B>/</B>) in the name with underscores. For example,
+<B>CFG_var_tmp_FILE</B> is the appropriate filename for a backup data file
+called <B>/var/tmp/FILE</B>.
+<P>Creating a device configuration file is optional. If you do not want
+to take advantage of any of the features that the file provides, you do not
+have to create it.
+<P>You can include one of each of the following instructions in any order in a
+device configuration file. All are optional. Place each
+instruction on its own line, but do not include any newline
+(<B><Return></B>) characters within an instruction.
+<DL>
+<P><DT><B>MOUNT and UNMOUNT
+</B><DD>Identify a script of routines for mounting and unmounting tapes in a tape
+stacker or jukebox's drive as needed. See <A HREF="#HDRWQ277">Invoking a Device's Tape Mounting and Unmounting Routines</A>.
+<P><DT><B>AUTOQUERY
+</B><DD>Controls whether the Tape Coordinator prompts for the first tape it needs
+for a backup operation. See <A HREF="#HDRWQ278">Eliminating the Search or Prompt for the Initial Tape</A>.
+<P><DT><B>ASK
+</B><DD>Controls whether the Tape Coordinator asks you how to respond to certain
+error conditions. See <A HREF="#HDRWQ279">Enabling Default Responses to Error Conditions</A>.
+<P><DT><B>NAME_CHECK
+</B><DD>Controls whether the Tape Coordinator verifies that an AFS tape name
+matches the initial dump you are writing to the tape. See <A HREF="#HDRWQ280">Eliminating the AFS Tape Name Check</A>.
+<P><DT><B>BUFFERSIZE
+</B><DD>Sets the size of the memory buffer the Tape Coordinator uses when
+transferring data between a tape device and a volume. See <A HREF="#HDRWQ281">Setting the Memory Buffer Size to Promote Tape Streaming</A>.
+<P><DT><B>FILE
+</B><DD>Controls whether the Tape Coordinator writes dumps to, and restores data
+from, a tape device or a backup data file. See <A HREF="#HDRWQ282">Dumping Data to a Backup Data File</A>.
+</DL>
+<A NAME="IDX6957"></A>
+<A NAME="IDX6958"></A>
+<A NAME="IDX6959"></A>
+<A NAME="IDX6960"></A>
+<A NAME="IDX6961"></A>
+<A NAME="IDX6962"></A>
+<P><H3><A NAME="HDRWQ277" HREF="auagd002.htm#ToC_311">Invoking a Device's Tape Mounting and Unmounting Routines</A></H3>
+<P>A tape stacker or jukebox helps you automate backup
+operations because it can switch between multiple tapes during an operation
+without human intervention. To take advantage of this feature, include
+the <B>MOUNT</B> and optionally <B>UNMOUNT</B> instructions in the
+device configuration file that you write for the stacker or jukebox.
+The instructions share the same syntax:
+<PRE> <B>MOUNT</B> <VAR>filename</VAR>
+ <B>UNMOUNT</B> <VAR>filename</VAR>
+</PRE>
+<P>where <VAR>filename</VAR> is the pathname on the local disk of a script or
+program you have written that invokes the routines defined by the
+device's manufacturer for mounting or unmounting a tape in the
+device's tape drive. (For convenience, the following discussion
+uses the term <I>script</I> to refers to both scripts and
+programs.) The script usually also contains additional logic that
+handles error conditions or modifies the script's behavior depending on
+which backup operation is being performed.
+<P>You can refer to different scripts with the <B>MOUNT</B> or
+<B>UNMOUNT</B> instructions, or to a single script that invokes both
+mounting and unmounting routines. The scripts inherit the local
+identity and AFS tokens associated with to the issuer of the <B>butc</B>
+command.
+<P>You need to include a <B>MOUNT</B> instruction in the device
+configuration file for all tape devices, but the need for an
+<B>UNMOUNT</B> instruction depends on the tape-handling routines that the
+device's manufacturer provides. Some devices, usually stackers,
+have only a single routine for mounting tapes, which also automatically
+unmounts a tape whose presence prevents insertion of the required new
+tape. In this case, an <B>UNMOUNT</B> instruction is not
+necessary. For devices that have separate mounting and unmounting
+routines, you must include an <B>UNMOUNT</B> instruction to remove a tape
+when the Tape Coordinator is finished with it; otherwise, subsequent
+attempts to run the <B>MOUNT</B> instruction fail with an error.
+<P>When the device configuration file includes a <B>MOUNT</B> instruction,
+you must stock the stacker or jukebox with the necessary tapes before running
+a backup operation. Many jukeboxes are able to search for the required
+tape by reading external labels (such as barcodes) on the tapes, but many
+stackers can only switch between tapes in sequence and sometimes only in one
+direction. In the latter case, you must also stock the tapes in the
+correct order.
+<P>To obtain a list of the tapes required for a restore operation so that you
+can prestock them in the tape device, include the <B>-n</B> flag on the
+appropriate <B>backup</B> command (<B>backup diskrestore</B>,
+<B>backup volrestore</B>, or <B>backup volsetrestore</B>). For
+a dump operation, it is generally sufficient to stock the device with more
+tapes than the operation is likely to require. You can prelabel the
+tapes with permanent names or AFS tape names, or not prelabel them at
+all. If you prelabel the tapes for a dump operation with AFS tape
+names, then it is simplest to load them into the stacker in sequential order
+by tape index. But it is probably simpler still to prelabel tapes with
+permanent tape names or use unlabeled tapes, in which case the Backup System
+generates and applies the appropriately indexed AFS tape name itself during
+the dump operation.
+<P><H4><A NAME="Header_312">How the Tape Coordinator Uses the MOUNT and UNMOUNT Instructions</A></H4>
+<P>When you issue the <B>butc</B> command to initialize the Tape
+Coordinator for a given tape device, the Tape Coordinator looks for the device
+configuration file called <B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR>
+on its local disk, where <VAR>device_name</VAR> has the format described in <A HREF="#HDRWQ276">Creating a Device Configuration File</A>. If the file exists and contains a <B>MOUNT</B>
+instruction, then whenever the Tape Coordinator needs a tape, it executes the
+script named by the instruction's <VAR>filename</VAR> argument.
+<P>If the device configuration file does not exist, or does not include a
+<B>MOUNT</B> instruction, then whenever the Tape Coordinator needs a tape,
+it generates a prompt in its window instructing the operator to insert the
+necessary tape. The operator must insert the tape and press
+<B><Return></B> before the Tape Coordinator continues the backup
+operation.
+<P>Note, however, that you can modify the Tape Coordinator's behavior
+with respect to the first tape needed for an operation, by setting the
+<B>AUTOQUERY</B> instruction in the device configuration file to
+<B>NO</B>, or including the <B>-noautoquery</B> flag to the
+<B>butc</B> command. In this case, the Tape Coordinator does not
+execute the <B>MOUNT</B> instruction or prompt for a tape at the start of
+an operation, because it expects to find the required first tape in the
+drive. See <A HREF="#HDRWQ278">Eliminating the Search or Prompt for the Initial Tape</A>.
+<P>If there is an <B>UNMOUNT</B> instruction in the device configuration
+file, then whenever the Tape Coordinator closes the tape device, it executes
+the script named by the instruction's <VAR>filename</VAR> argument.
+It executes the script only once, and regardless of whether the
+<B>close</B> operation on the device succeeded or not. If the
+device configuration file does not include an <B>UNMOUNT</B> instruction,
+then the Tape Coordinator takes no action.
+<P><H4><A NAME="Header_313">The Available Parameters and Required Exit Codes</A></H4>
+<P>When the Tape Coordinator executes the <B>MOUNT</B> script, it
+passes in five parameters, ordered as follows. You can use the
+parameters in your script to refine its response to varying circumstances that
+can arise during a backup operation.
+<OL TYPE=1>
+<P><LI>The tape device or backup data file's pathname, as recorded in the
+<B>/usr/afs/backup/tapeconfig</B> file.
+<P><LI>The tape operation, which (except for the exceptions noted in the
+following list) matches the <B>backup</B> command operation code used to
+initiate the operation:
+<UL>
+<P><LI><B>appenddump</B> (when a <B>backup dump</B> command includes the
+<B>-append</B> flag)
+<P><LI><B>dump</B> (when a <B>backup dump</B> command does not include
+the <B>-append</B> flag)
+<P><LI><B>labeltape</B>
+<P><LI><B>readlabel</B>
+<P><LI><B>restore</B> (for a <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> command)
+<P><LI><B>restoredb</B>
+<P><LI><B>savedb</B>
+<P><LI><B>scantape</B>
+</UL>
+<P><LI>The number of times the Tape Coordinator has attempted to open the tape
+device or backup data file. If the open attempt returns an error, the
+Tape Coordinator increments this value by one and again invokes the
+<B>MOUNT</B> instruction.
+<P><LI>The tape name. For some operations, the Tape Coordinator passes the
+string <TT>none</TT>, because it does not know the tape name (when running
+the <B>backup scantape</B> or <B>backup readlabel</B>, for example),
+or because the tape does not necessarily have a name (when running the
+<B>backup labeltape</B> command, for example).
+<P><LI>The tape ID recorded in the Backup Database. As with the tape name,
+the Backup System passes the string <TT>none</TT> for operations where it
+does not know the tape ID or the tape does not necessarily have an ID.
+</OL>
+<P>Your <B>MOUNT</B> script must return one of the following exit codes to
+tell the Tape Coordinator whether or not it mounted the tape
+successfully:
+<UL>
+<P><LI>Code <B>0</B> (zero) indicates a successful mount, and the Tape
+Coordinator continues the backup operation. If the script or program
+called by the <B>MOUNT</B> instruction does not return this exit code, the
+Tape Coordinator never calls the <B>UNMOUNT</B> instruction.
+<P><LI>Code <B>1</B> indicates that mount attempt failed. The Tape
+Coordinator terminates the backup operation.
+<P><LI>Any other code indicates that the script was unable to access the correct
+tape. The Tape Coordinator prompts the operator to insert it.
+</UL>
+<P>When the Tape Coordinator executes the <B>UNMOUNT</B> script, it passes
+in two parameters in the following order.
+<OL TYPE=1>
+<P><LI>The tape device's pathname (as specified in the
+<B>/usr/afs/backup/tapeconfig</B> file)
+<P><LI>The tape operation, which is always <B>unmount</B>.
+</OL>
+<P>The following example script uses two of the parameters passed to it by the
+Backup System: <TT>tries</TT> and <TT>operation</TT>. It
+follows the recommended practice of exiting if the value of the
+<TT>tries</TT> parameter exceeds one, because that implies that the stacker
+is out of tapes.
+<P>For a <B>backup dump</B> or <B>backup savedb</B> operation, the
+routine calls the example <B>stackerCmd_NextTape</B> function provided by
+the stacker's manufacturer. Note that the final lines in the file
+return the exit code that prompts the operator to insert a tape; these
+lines are invoked when either the stacker cannot load a tape or a the
+operation being performed is not one of those explicitly mentioned in the file
+(is a restore operation, for example).
+<PRE> #! /bin/csh -f
+
+ set devicefile = $1
+ set operation = $2
+ set tries = $3
+ set tapename = $4
+ set tapeid = $5
+ set exit_continue = 0
+ set exit_abort = 1
+ set exit_interactive = 2
+ #--------------------------------------------
+ if (${tries} > 1) then
+ echo "Too many tries"
+ exit ${exit_interactive}
+ endif
+ if (${operation} == "unmount") then
+ echo "UnMount: Will leave tape in drive"
+ exit ${exit_continue}
+ endif
+ if ((${operation} == "dump") |\
+ (${operation} == "appenddump") |\
+ (${operation} == "savedb")) then
+
+ stackerCmd_NextTape ${devicefile}
+ if (${status} != 0)exit${exit_interactive}
+ echo "Will continue"
+ exit ${exit_continue}
+ endif
+
+ if ((${operation} == "labeltape") |\
+ (${operation} == "readlabel")) then
+ echo "Will continue"
+ exit ${exit_continue}
+ endif
+
+ echo "Prompt for tape"
+ exit ${exit_interactive}
+</PRE>
+<A NAME="IDX6963"></A>
+<A NAME="IDX6964"></A>
+<A NAME="IDX6965"></A>
+<A NAME="IDX6966"></A>
+<P><H3><A NAME="HDRWQ278" HREF="auagd002.htm#ToC_314">Eliminating the Search or Prompt for the Initial Tape</A></H3>
+<P>By default, the Tape Coordinator obtains the first tape it
+needs for a backup operation by reading the device configuration file for the
+appropriate tape device. If there is a <B>MOUNT</B> instruction in
+the file, the Tape Coordinator executes the referenced script. If the
+device configuration file does not exist or does not have a <B>MOUNT</B>
+instruction in it, the Tape Coordinator prompts you to insert the correct tape
+and press <B><Return></B>.
+<P>If you know in advance that an operation requires a tape, you can increase
+efficiency by placing the required tape in the drive before issuing the
+<B>backup</B> command and telling the Tape Coordinator's to skip its
+initial tape-acquisition steps. This both enables the operation to
+begin more quickly and eliminates that need for you to be present to insert a
+tape.
+<P>There are two ways to bypass the Tape Coordinator's initial
+tape-acquisition steps:
+<OL TYPE=1>
+<P><LI>Include the instruction <B>AUTOQUERY NO</B> in the device
+configuration file
+<P><LI>Include the <B>-noautoquery</B> flag to the <B>butc</B> command
+</OL>
+<P>To avoid any error conditions that require operator attention, be sure that
+the tape you are placing in the drive does not contain any unexpired dumps and
+is not write protected. If there is no permanent name on the
+tape's label and you are creating an initial dump, make sure that the AFS
+tape name either matches the volume set and dump set names or is
+<TT><NULL></TT>. Alternatively, suppress the Tape
+Coordinator's name verification step by assigning the value <B>NO</B>
+to the <B>NAME_CHECK</B> instruction in the device configuration file, as
+described in <A HREF="#HDRWQ280">Eliminating the AFS Tape Name Check</A>.
+<A NAME="IDX6967"></A>
+<A NAME="IDX6968"></A>
+<A NAME="IDX6969"></A>
+<P><H3><A NAME="HDRWQ279" HREF="auagd002.htm#ToC_315">Enabling Default Responses to Error Conditions</A></H3>
+<P>By default, the Tape Coordinator asks you how to respond
+when it encounters certain error conditions. To suppress the prompts
+and cause the Tape Coordinator to handle the errors in a predetermined manner,
+include the instruction <B>ASK NO</B> in the device configuration
+file. If you assign the value <B>YES</B>, or omit the
+<B>ASK</B> instruction completely, the Tape Coordinator prompts you for
+direction when it encounters one of the errors.
+<P>The following list describes the error conditions and the Tape
+Coordinator's response to them.
+<UL>
+<P><LI>The Backup System is unable to dump a volume while running the <B>backup
+dump</B> command. When you assign the value <B>NO</B>, the Tape
+Coordinator omits the volume from the dump and continues the operation.
+When you assign the value <B>YES</B>, it prompts to ask if you want to try
+to dump the volume again immediately, to omit the volume from the dump but
+continue the operation, or to terminate the operation.
+<P><LI>The Backup System is unable to restore a volume while running the
+<B>backup diskrestore</B>, <B>backup volrestore</B>, or <B>backup
+volsetrestore</B> command. When you assign the value <B>NO</B>,
+the Tape Coordinator continues the operation, omitting the problematic volume
+but restoring the remaining ones. When you assign the value
+<B>YES</B>, it prompts to ask if you want to omit the volume and continue
+the operation, or to terminate the operation.
+<P><LI>The Backup System cannot determine if the dump set includes any more tapes
+while running the <B>backup scantape</B> command (the command's
+reference page in the <I>IBM AFS Administration Reference</I> discusses
+possible reasons for this problem). When you assign the value
+<B>NO</B>, the Tape Coordinator proceeds as though there are more tapes
+and invokes the <B>MOUNT</B> script named in the device configuration
+file, or prompts the operator to insert the next tape. When you assign
+the value <B>YES</B>, it prompts to ask if there are more tapes to
+scan.
+<P><LI>The Backup System determines that the tape contains an unexpired dump
+while running the <B>backup labeltape</B> command. When you assign
+the value <B>NO</B>, it terminates the operation without relabeling the
+tape. With a <B>YES</B> value, the Tape Coordinator prompts to ask
+if you want to relabel the tape anyway.
+</UL>
+<A NAME="IDX6970"></A>
+<A NAME="IDX6971"></A>
+<A NAME="IDX6972"></A>
+<A NAME="IDX6973"></A>
+<P><H3><A NAME="HDRWQ280" HREF="auagd002.htm#ToC_316">Eliminating the AFS Tape Name Check</A></H3>
+<P>If a tape does not have a permanent name and you are writing
+an initial dump to it, then by default the Backup System verifies that the
+tape's AFS tape name is acceptable. It accepts three types of
+values:
+<UL>
+<P><LI>A name that reflects the volume set and dump level of the initial dump and
+the tape's place in the sequence of tapes for the dump set, as described
+in <A HREF="#HDRWQ253">Dump Names and Tape Names</A>. If the tape does not already have a permanent name,
+you can assign the AFS tape name by using the <B>-name</B> argument to the
+<B>backup labeltape</B> command.
+<P><LI>A <TT><NULL></TT> value, which results when you assign a permanent
+name, or provide no value for the <B>backup labeltape</B> command's
+<B>-name</B> argument.
+<P><LI>No AFS tape name at all, indicating that you have never labeled the tape
+or written a dump to it.
+</UL>
+<P>To bypass the name check, include the <B>NAME_CHECK NO</B> instruction
+in the device configuration file. This enables you to recycle a tape
+without first relabeling it, as long as all dumps on it are expired.
+(If a tape has unexpired dumps on it but you want to recycle it anyway, you
+must use the <B>backup labeltape</B> command to relabel it first.
+For this to work, the <B>ASK NO</B> instruction cannot appear in the
+device configuration file.)
+<P><H3><A NAME="HDRWQ281" HREF="auagd002.htm#ToC_317">Setting the Memory Buffer Size to Promote Tape Streaming</A></H3>
+<P>By default, the Tape Coordinator uses a 16-KB memory buffer
+during dump operations. As it receives volume data from the Volume
+Server, the Tape Coordinator gathers 16 KB of data in the buffer before
+transferring the entire 16 KB to the tape device. Similarly, during a
+restore operation the Tape Coordinator by default buffers 32 KB of data from
+the tape device before transferring the entire 32 KB to the Volume Server for
+restoration into the file system. Buffering makes the volume of data
+flowing to and from a tape device more even and so promotes tape streaming,
+which is the most efficient way for a tape device to operate.
+<P>In a normal network configuration, the default buffer sizes are usually
+large enough to promote tape streaming. If the network between the Tape
+Coordinator machine and file server machines is slow, it can help to increase
+the buffer size.
+<P>To determine if altering the buffer size is helpful for your configuration,
+observe the tape device in operation to see if it is streaming, or consult the
+manufacturer. To set the buffer size, include the <B>BUFFERSIZE</B>
+instruction in the device configuration file. It takes an integer
+value, and optionally units, in the following format:
+<PRE> <B>BUFFERSIZE</B> <VAR>size</VAR>[{<B>k</B> | <B>K</B> | <B>m</B> | <B>M</B> | <B>g</B> | <B>G</B>}]
+</PRE>
+<P>where <VAR>size</VAR> specifies the amount of memory the Tape Coordinator
+allocates to use as a buffer during both dump and restore operations.
+The default unit is bytes, but use <B>k</B> or <B>K</B> to specify
+kilobytes, <B>m</B> or <B>M</B> for megabytes, and <B>g</B> or
+<B>G</B> for gigabytes. There is no space between the <VAR>size</VAR>
+value and the units letter.
+<P><H3><A NAME="HDRWQ282" HREF="auagd002.htm#ToC_318">Dumping Data to a Backup Data File</A></H3>
+<P>You can write dumps to a <I>backup data file</I> rather
+than to tape. This is useful if, for example, you want to transfer the
+data to a data-archiving system, such as a hierarchical storage management
+(HSM) system, that you use in conjunction with AFS and the Backup
+System. You can restore data from a backup data file into the file
+system as well. Using a backup data file is usually more efficient than
+issuing the equivalent <B>vos dump</B> and <B>vos restore</B> commands
+individually for multiple volumes.
+<P>Writing to a backup data file is simplest if it is on the local disk of the
+Tape Coordinator machine, but you can also write the file to an NFS-mounted
+partition that resides on a remote machine. It is even acceptable to
+write to a file in AFS, provided that the access control list (ACL) on its
+parent directory grants the necessary permissions, but it is somewhat circular
+to back up AFS data into AFS itself.
+<P>If the backup data file does not already exist when the Tape Coordinator
+attempts to write a dump to it, the Tape Coordinator creates it. For a
+restore operation to succeed, the file must exist and contain volume data
+previously written to it during a <B>backup dump</B> operation.
+<P>When writing to a backup data file, the Tape Coordinator writes data at 16
+KB offsets. If a given block of data (such as the marker that signals
+the beginning or end of a volume) does not fill the entire 16 KB, the Tape
+Coordinator still skips to the next offset before writing the next
+block. In the output of a <B>backup dumpinfo</B> command issued
+with the <B>-id</B> option, the value in the <TT>Pos</TT> column is the
+ordinal of the 16-KB offset at which the volume data begins, and so is not
+generally only one higher than the position number on the previous line, as it
+is for dumps to tape.
+<P>Before writing to a backup data file, you need to configure the file as
+though it were a tape device.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A file pathname, rather than a tape device name, must appear in the third
+field of the <B>/usr/afs/backup/tapeconfig</B> file when the <B>FILE
+YES</B> instruction appears in the device configuration file, and vice
+versa. If the <B>tapeconfig</B> file instead refers to a tape
+device, dump operations appear to succeed but are inoperative. You
+cannot restore data that you accidently dumped to a tape device while the
+<B>FILE</B> instruction was set to <B>YES</B>. In the same way,
+if the <B>FILE</B> instruction is set to <B>NO</B>, the
+<B>tapeconfig</B> entry must refer to an actual tape device.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_319" HREF="auagd002.htm#ToC_319">To configure a backup data file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI><B>Optional</B>. Issue the <B>backup</B> command to enter
+interactive mode.
+<PRE> # <B>backup</B>
+</PRE>
+<P><LI>Choose the port offset number to assign to the file. If necessary,
+display previously assigned port offsets by issuing the <B>(backup)
+listhosts</B> command, which is fully described in <A HREF="#HDRWQ264">To display the list of configured Tape Coordinators</A>.
+<PRE> backup> <B>listhosts</B>
+</PRE>
+<P>As for a tape device, acceptable values are the integers <B>0</B>
+(zero) through <B>58510</B> (the Backup System can track a maximum of
+58,511 port offset numbers). Each port offset must be unique in the
+cell, but you can associate any number them with a single Tape Coordinator
+machine. You do not have to assign port offset numbers
+sequentially.
+<P><LI>Issue the <B>(backup) addhost</B> command to register the backup data
+file's port offset in the Backup Database.
+<PRE> backup> <B>addhost</B> <<VAR>tape machine name</VAR>> [<<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addh
+</B><DD>Is the shortest acceptable abbreviation of <B>addhost</B>.
+<P><DT><B><VAR>tape machine name</VAR>
+</B><DD>Specifies the fully qualified hostname of the Tape Coordinator machine you
+invoke to write to the backup data file.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the file's port offset number. You must provide this
+argument unless the default value of <B>0</B> (zero) is
+appropriate.
+</DL>
+<P><LI><A NAME="LITAPECONFIG-FILE"></A>Using a text editor, create an entry for the backup
+data file in the local <B>/usr/afs/backup/tapeconfig</B> file, using the
+standard syntax:
+<PRE> [<VAR>capacity</VAR> <VAR>filemark_size</VAR>] <VAR>device_name</VAR> <VAR>port_offset</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>capacity</VAR>
+</B><DD>Specifies the amount of space on the partition that houses the backup data
+file that you want to make available for the file. To avoid the
+complications that arise from filling up the partition, it is best to provide
+a value somewhat smaller than the actual amount of space you expect to be
+available when the dump operation runs, and never larger than the maximum file
+size allowed by the operating system.
+<P>Specify a numerical value followed by a letter that indicates units, with
+no intervening space. The letter <B>k</B> or <B>K</B> indicates
+kilobytes, <B>m</B> or <B>M</B> indicates megabytes, and <B>g</B>
+or <B>G</B> indicates gigabytes. If you omit the units letter, the
+default is kilobytes. If you leave this field empty, the Tape
+Coordinator uses the maximum acceptable value (2048 GB or 2 TB). Also
+leave the <VAR>filemark_size</VAR> field empty in that case.
+<P><DT><B><VAR>filemark_size</VAR>
+</B><DD>Specify the value <B>0</B> (zero) or leave both this field and the
+<VAR>capacity</VAR> field empty. In the latter case, the Tape Coordinator
+also uses the value zero.
+<P><DT><B><VAR>device_name</VAR>
+</B><DD>Specifies the complete pathname of the backup data file. Rather
+than specifying an actual file pathname, however, the recommended
+configuration is to create a symbolic link in the <B>/dev</B> directory
+that points to the actual file pathname, and record the symbolic link in this
+field. This configuration provides these advantages:
+<UL>
+<P><LI>It makes the <VAR>device_name</VAR> portion of the
+<B>CFG_</B><VAR>device_name</VAR>, of the
+<B>TE_</B><VAR>device_name</VAR>, and of the
+<B>TL_</B><VAR>device_name</VAR> filenames as short as possible.
+Because the symbolic link is in the <B>/dev</B> directory as though it is
+a tape device, you strip off the entire <B>/dev/</B> prefix when forming
+the filename, instead of just the initial slash (<B>/</B>). If, for
+example, the symbolic link is called <B>/dev/FILE</B>, the device
+configuration file's name is <B>CFG_FILE</B>, whereas if the actual
+pathname /<B>var/tmp/FILE</B> appears in the <B>tapeconfig</B> file,
+the configuration file's name must be <B>CFG_var_tmp_FILE</B>.
+<P><LI>It provides for a more graceful, and potentially automated, recovery if
+the Tape Coordinator cannot write a complete dump into the backup data file
+(for example, because the partition housing the backup data file becomes
+full). The Tape Coordinator's reaction to this problem is to
+invoke the <B>MOUNT</B> script, or to prompt you if the <B>MOUNT</B>
+instruction does not appear in the configuration file.
+<UL>
+<P><LI>If there is a <B>MOUNT</B> script, you can prepare for this situation
+by adding a subroutine to the script that changes the symbolic link to point
+to another backup data file on a partition where there is space
+available.
+<P><LI>If there is no <B>MOUNT</B> instruction, the prompt enables you
+manually to change the symbolic link to point to another backup data file and
+then press <<B>Return</B>> to signal that the Tape Coordinator can
+continue the operation.
+</UL>
+<P>If this field names the actual file, there is no way to recover from
+exhausting the space on the partition. You cannot change the
+<B>tapeconfig</B> file in the middle of an operation.
+</UL>
+<P><DT><B><VAR>port_offset</VAR>
+</B><DD>Specifies the port offset number that you chose for the backup data
+file.
+</DL>
+<P><LI>Create the device configuration file <B>CFG_</B><VAR>device_name</VAR>
+in the Tape Coordinator machine's <B>/usr/afs/backup</B>
+directory. Include the <B>FILE YES</B> instruction in the
+file.
+<P>Construct the <VAR>device_name</VAR> portion of the name based on the device
+name you recorded in the <B>tapeconfig</B> file in Step <A HREF="#LITAPECONFIG-FILE">6</A>. If, as recommended, you recorded a symbolic link
+name, strip off the <B>/dev/</B> string and replace any other slashes
+(<B>/</B>) in the name with underscores (<B>_</B>). For
+example, <B>CFG_FILE</B> is the appropriate name if the symbolic link is
+<B>/dev/FILE</B>. If you recorded the name of an actual file, then
+strip off the initial slash only and replace any other slashes in the name
+with underscores. For a backup data file called
+<B>/var/tmp/FILE</B>, the appropriate device configuration filename is
+<B>CFG_var_tmp_FILE</B>.
+<P><LI>If you chose in Step <A HREF="#LITAPECONFIG-FILE">6</A> to record a symbolic link name in the <VAR>device_name</VAR>
+field of the <B>tapeconfig</B> entry, then you must do one of the
+following:
+<UL>
+<P><LI>Use the <B>ln -s</B> command to create the appropriate symbolic link
+in the <B>/dev</B> directory
+<P><LI>Write a script that initializes the backup data file in this way, and
+include a <B>MOUNT</B> instruction in the device configuration file to
+invoke the script. An example script appears following these
+instructions.
+</UL>
+</OL>
+<P>You do not need to create the backup data file itself, because the Tape
+Coordinator does so if the file does not exist when the dump operation
+begins.
+<P>The following example script illustrates how you can automatically create a
+symbolic link to the backup data file during the preparation phase for writing
+to the file. When the Tape Coordinator is executing a <B>backup
+dump</B>, <B>backup restore</B>, <B>backup savedb</B>, or
+<B>backup restoredb</B> operation, the routine invokes the UNIX <B>ln
+-s</B> command to create a symbolic link from the backup data file named in
+the <B>tapeconfig</B> file to the actual file to use (this is the
+recommended method). It uses the values of the <TT>tapename</TT> and
+<TT>tapeid</TT> parameters passed to it by the Backup System when
+constructing the filename.
+<P>The routine makes use of two other parameters as well:
+<TT>tries</TT> and <TT>operation</TT>. The <TT>tries</TT>
+parameter tracks how many times the Tape Coordinator has attempted to access
+the file. A value greater than one indicates that the Tape Coordinator
+cannot access it, and the routine returns exit code 2
+(<TT>exit_interactive</TT>), which results in a prompt for the operator to
+load a tape. The operator can use this opportunity to change the name
+of the backup data file specified in the <B>tapeconfig</B> file.
+<PRE> #! /bin/csh -f
+ set devicefile = $1
+ set operation = $2
+ set tries = $3
+ set tapename = $4
+ set tapeid = $5
+ set exit_continue = 0
+ set exit_abort = 1
+ set exit_interactive = 2
+ #--------------------------------------------
+ if (${tries} > 1) then
+ echo "Too many tries"
+ exit ${exit_interactive}
+ endif
+ if (${operation} == "labeltape") then
+ echo "Won't label a tape/file"
+ exit ${exit_abort}
+ endif
+ if ((${operation} == "dump") |\
+ (${operation} == "appenddump") |\
+ (${operation} == "restore") |\
+ (${operation} == "savedb") |\
+ (${operation} == "restoredb")) then
+
+ /bin/rm -f ${devicefile}
+ /bin/ln -s /hsm/${tapename}_${tapeid} ${devicefile}
+ if (${status} != 0) exit ${exit_abort}
+ endif
+
+ exit ${exit_continue}
+</PRE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd010.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd012.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd011.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd013.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ283" HREF="auagd002.htm#ToC_320">Backing Up and Restoring AFS Data</A></H1>
+<P>The instructions in this chapter explain how to back up and
+restore AFS data and to administer the Backup Database. They assume
+that you have already configured all of the Backup System components by
+following the instructions in <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A>.
+<HR><H2><A NAME="HDRWQ284" HREF="auagd002.htm#ToC_321">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Enter interactive mode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup (interactive)</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Leave interactive mode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>(backup) quit</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">List operations in interactive mode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>(backup) jobs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Cancel operation in interactive mode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>(backup) kill</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Start Tape Coordinator
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>butc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Stop Tape Coordinator
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><<B>Ctrl-c</B>>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Check status of Tape Coordinator
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup status</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Back up data
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup dump</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display dump records
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup dumpinfo</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display volume's dump history
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup volinfo</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Scan contents of tape
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup scantape</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Restore volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup volrestore</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Restore partition
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup diskrestore</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Restore group of volumes
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup volsetrestore</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Verify integrity of Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup dbverify</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Repair corruption in Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup savedb</B> and <B>backup restoredb</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Delete dump set from Backup Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>backup deletedump</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ286" HREF="auagd002.htm#ToC_322">Using the Backup System's Interfaces</A></H2>
+<A NAME="IDX6974"></A>
+<P>When performing backup operations, you interact with three Backup System
+components:
+<UL>
+<P><LI>You initiate backup operations by issuing commands from the
+<B>backup</B> suite. You can issue the commands in a command shell
+(or invoke them in a shell script) on any AFS client or server machine from
+which you can access the <B>backup</B> binary. In the conventional
+configuration, the binary resides in the <B>/usr/afs/bin</B> directory on
+a server machine and the <B>/usr/afsws/etc</B> directory on a client
+machine.
+<P>The suite provides an interactive mode, in which you can issue multiple
+commands over a persistent connection to the Backup Server and the Volume
+Location (VL) Server. Interactive mode has several convenient
+features. For a discussion and instructions, see <A HREF="#HDRWQ288">Using Interactive and Regular Command Mode</A>.
+<P>Note that some operating systems include a <B>backup</B> command of
+their own. You must configure machines that run such an operating
+system to ensure that you are accessing the desired <B>backup</B>
+binary.
+<P><LI>Before you perform a backup operation that involves reading or writing to
+a tape device or backup data file, you must open a dedicated connection to the
+appropriate Tape Coordinator machine and start the Tape Coordinator
+(<B>butc</B>) process that handles the device or file. The
+<B>butc</B> process must continue to run over the dedicated connection as
+long as it is executing an operation or is to be available to execute
+one. For further discussion and instructions, see <A HREF="#HDRWQ291">Starting and Stopping the Tape Coordinator Process</A>.
+<P><LI>The Backup Server (<B>buserver</B>) process must be running on
+database server machines, because most backup operations require accessing or
+changing information in the Backup Database. The <I>IBM AFS Quick
+Beginnings</I> explains how to configure the Backup Server.
+</UL>
+<P>For consistent Backup System performance, the AFS build level of all three
+binaries (<B>backup</B>, <B>butc</B>, and <B>buserver</B>) must
+match. For instructions on displaying the build level, see <A HREF="auagd008.htm#HDRWQ117">Displaying A Binary File's Build Level</A>.
+<P><H3><A NAME="HDRWQ287" HREF="auagd002.htm#ToC_323">Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A></H3>
+<A NAME="IDX6975"></A>
+<A NAME="IDX6976"></A>
+<A NAME="IDX6977"></A>
+<P>By default, the volumes and Backup Database involved in a backup operation
+must reside on server machines that belong to the cell named in the
+<B>/usr/vice/etc/ThisCell</B> files on both the Tape Coordinator machine
+and the machine where you issue the <B>backup</B> command. Also, to
+issue most <B>backup</B> commands you must have AFS tokens for an identity
+listed in the local cell's <B>/usr/afs/etc/UserList</B> file (which
+by convention is the same on every server machine in a cell). You can,
+however, perform backup operations on volumes or the Backup Database from a
+foreign cell, or perform backup operations while logged in as the local
+superuser <B>root</B> rather than as a privileged AFS identity.
+<P>To perform backup operations on volumes that reside in a foreign cell using
+machines from the local cell, you must designate the foreign cell as the cell
+of execution for both the Tape Coordinator and the <B>backup</B> command
+interpreter. Use one of the two following methods. For either
+method, you must also have tokens as an administrator listed in the foreign
+cell's <B>/usr/afs/etc/UserList</B> file.
+<UL>
+<P><LI>Before issuing <B>backup</B> commands and the <B>butc</B> command,
+set the AFSCELL environment variable to the foreign cell name in both command
+shells.
+<P><LI>Include the <B>-cell</B> argument to the <B>butc</B> and all
+<B>backup</B> commands. If you include the argument on the
+<B>backup (interactive)</B> command, it applies to all commands issued
+during the interactive session.
+</UL>
+<P>To perform backup operations without having administrative AFS tokens, you
+must log on as the local superuser <B>root</B> on both the Tape
+Coordinator machine and the machine where you issue <B>backup</B>
+commands. Both machines must be server machines, or at least have a
+<B>/usr/afs/etc/KeyFile</B> file that matches the file on other server
+machines. Then include the <B>-localauth</B> argument on both the
+<B>butc</B> command and all <B>backup</B> commands (or the <B>backup
+(interactive)</B> command). The Tape Coordinator and
+<B>backup</B> command interpreter construct a server ticket using the
+server encryption key with the highest key version number in the local
+<B>/usr/afs/etc/KeyFile</B> file, and present it to the Backup Server,
+Volume Server, and VL Server that belong to the cell named in the local
+<B>/usr/afs/etc/ThisCell</B> file. The ticket never expires.
+<P>You cannot combine the <B>-cell</B> and <B>-localauth</B> options
+on the same command. Also, each one overrides the local cell setting
+defined by the AFSCELL environment variable or the
+<B>/usr/vice/etc/ThisCell</B> file.
+<P><H3><A NAME="HDRWQ288" HREF="auagd002.htm#ToC_324">Using Interactive and Regular Command Mode</A></H3>
+<A NAME="IDX6978"></A>
+<A NAME="IDX6979"></A>
+<P>The <B>backup</B> command suite provides an <I>interactive
+mode</I>, in which you can issue multiple commands over a persistent
+connection to the Backup Server and the VL Server. Interactive mode
+provides the following features:
+<UL>
+<P><LI>The <TT>backup></TT> prompt replaces the usual command shell
+prompt.
+<P><LI>You omit the initial <B>backup</B> string from command names.
+Type only the operation code and option names.
+<P><LI>You cannot issue commands that do not belong to the <B>backup</B>
+suite.
+<P><LI>If you assume an administrative AFS identity or specify a foreign cell as
+you enter interactive mode, it applies to all commands issued during the
+interactive session. See <A HREF="#HDRWQ287">Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A>.
+<P><LI>You do not need to enclose shell metacharacters in double quotes.
+</UL>
+<A NAME="IDX6980"></A>
+<A NAME="IDX6981"></A>
+<P>When you initiate a backup operation in interactive mode, the Backup System
+assigns it a <I>job ID number</I>. You can display the list of
+current and pending operations with the <B>(backup) jobs</B> command, for
+which instructions appear in <A HREF="#HDRWQ289">To display pending or running jobs in interactive mode</A>. (In both regular and interactive modes, the Tape
+Coordinator also assigns a <I>task ID number</I> to each operation you
+initiate with a <B>backup</B> command. You can track task ID
+numbers with the <B>backup status</B> command. See <A HREF="#HDRWQ291">Starting and Stopping the Tape Coordinator Process</A>.)
+<P>You can cancel an operation in interactive mode with the <B>(backup)
+kill</B> command, for which instructions appear in <A HREF="#HDRWQ290">To cancel operations in interactive mode</A>. However, it is best not to interrupt a dump
+operation because the resulting dump is incomplete, and interrupting a restore
+operation can leave volumes in an inconsistent state, or even completely
+remove them from the server machine. For further discussion, see <A HREF="#HDRWQ296">Backing Up Data</A> and <A HREF="#HDRWQ306">Restoring and Recovering Data</A>.
+<P>The <B>(backup) jobs</B> and <B>(backup) kill</B> commands are
+available only in interactive mode and there is no equivalent functionality in
+regular command mode.
+<A NAME="IDX6982"></A>
+<A NAME="IDX6983"></A>
+<A NAME="IDX6984"></A>
+<A NAME="IDX6985"></A>
+<P><H3><A NAME="Header_325" HREF="auagd002.htm#ToC_325">To enter interactive mode</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. Entering interactive mode does
+not itself require privilege, but most other <B>backup</B> commands do,
+and the AFS identity you assume when entering the mode applies to all commands
+you issue within it. If necessary, issue the <B>bos listusers</B>
+command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup (interactive)</B> command at the system
+prompt. The <TT>backup></TT> prompt appears. You can include
+either, but not both, of the <B>-localauth</B> and <B>-cell</B>
+options, as discussed in <A HREF="#HDRWQ287">Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A>.
+<PRE> % <B>backup</B>
+ backup>
+</PRE>
+</OL>
+<A NAME="IDX6986"></A>
+<A NAME="IDX6987"></A>
+<A NAME="IDX6988"></A>
+<A NAME="IDX6989"></A>
+<P><H3><A NAME="Header_326" HREF="auagd002.htm#ToC_326">To exit interactive mode</A></H3>
+<P><B></B>
+<OL TYPE=1>
+<P><LI>Issue the <B>quit</B> command at the <TT>backup></TT> prompt.
+The command shell prompt reappears when the command succeeds, which it does
+only if there are no jobs pending or currently running. To display and
+cancel pending or running jobs, follow the instructions in <A HREF="#HDRWQ289">To display pending or running jobs in interactive mode</A> and <A HREF="#HDRWQ290">To cancel operations in interactive mode</A>.
+<PRE> backup> <B>quit</B>
+ %
+</PRE>
+</OL>
+<A NAME="IDX6990"></A>
+<A NAME="IDX6991"></A>
+<A NAME="IDX6992"></A>
+<A NAME="IDX6993"></A>
+<A NAME="IDX6994"></A>
+<A NAME="IDX6995"></A>
+<P><H3><A NAME="HDRWQ289" HREF="auagd002.htm#ToC_327">To display pending or running jobs in interactive mode</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>jobs</B> command at the <TT>backup></TT> prompt.
+<P>
+<PRE> backup> <B>jobs</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>j
+</B><DD>Is the shortest acceptable abbreviation of <B>jobs</B>.
+</DL>
+</OL>
+<P>The output always includes the expiration date and time of the tokens that
+the <B>backup</B> command interpreter is using during the current
+interactive session, in the following format:
+<PRE> <VAR>date</VAR> <VAR>time</VAR>: TOKEN EXPIRATION
+</PRE>
+<P>If the execution date and time specified for a scheduled dump operation is
+later than <I>date time</I>, then its individual line (as described in the
+following paragraphs) appears below this line to indicate that the current
+tokens will not be available to it.
+<P>If the issuer of the <B>backup</B> command included the
+<B>-localauth</B> flag when entering interactive mode, the line instead
+reads as follows:
+<PRE> : TOKEN NEVER EXPIRES
+</PRE>
+<P>The entry for a scheduled dump operation has the following format:
+<PRE> Job <VAR>job_ID</VAR>: <VAR>timestamp</VAR>: dump <VAR>volume_set</VAR> <VAR>dump_level</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>job_ID</VAR>
+</B><DD>Is a job identification number assigned by the Backup System.
+<P><DT><B><VAR>timestamp</VAR>
+</B><DD>Indicates the date and time the dump operation is to begin, in the format
+<I>month</I>/<I>date</I>/<I>year</I>
+<I>hours</I>:<I>minutes</I> (in 24-hour format)
+<P><DT><B><VAR>volume_set</VAR>
+</B><DD>Indicates the volume set to dump.
+<P><DT><B><VAR>dump_level</VAR>
+</B><DD>Indicates the dump level at which to perform the dump operation.
+</DL>
+<P>The line for a pending or running operation of any other type has the
+following format:
+<PRE> Job <VAR>job_ID</VAR>: <VAR>operation</VAR> <VAR>status</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>job_ID</VAR>
+</B><DD>Is a job identification number assigned by the Backup System.
+<P><DT><B><VAR>operation</VAR>
+</B><DD>Identifies the operation the Tape Coordinator is performing, which is
+initiated by the indicated command:
+<DL>
+<P><DT><B><TT>Dump</TT> <TT>(</TT><VAR>dump name</VAR><TT>)</TT>
+</B><DD>Initiated by the <B>backup dump</B> command. The <VAR>dump
+name</VAR> has the following format:
+<P><VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR>
+<P><DT><B><TT>Restore</TT>
+</B><DD>Initiated by the <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> command.
+<P><DT><B><TT>Labeltape</TT> <TT>(</TT><VAR>tape_label</VAR><TT>)</TT>
+</B><DD>Initiated by the <B>backup labeltape</B> command. The
+<VAR>tape_label</VAR> is the name specified by the <B>backup labeltape</B>
+command's <B>-name</B> or <B>-pname</B> argument.
+<P><DT><B><TT>Scantape</TT>
+</B><DD>Initiated by the <B>backup scantape</B> command.
+<P><DT><B><TT>SaveDb</TT>
+</B><DD>Initiated by the <B>backup savedb</B> command.
+<P><DT><B><TT>RestoreDb</TT>
+</B><DD>Initiated by the <B>backup restoredb</B> command.
+</DL>
+<P><DT><B><VAR>status</VAR>
+</B><DD>Indicates the job's current status in one of the following
+messages. If no message appears, the job is either still pending or has
+finished.
+<DL>
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, volume</TT> <VAR>volume_name</VAR>
+</B><DD>For a running dump operation, indicates the number of kilobytes copied to
+tape or a backup data file so far, and the volume currently being
+dumped.
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, restore.volume</TT>
+</B><DD>For a running restore operation, indicates the number of kilobytes copied
+into AFS from a tape or a backup data file so far.
+<P><DT><B><TT>[abort requested]</TT>
+</B><DD>The <B>(backup) kill</B> command was issued, but the termination
+signal has yet to reach the Tape Coordinator.
+<P><DT><B><TT>[abort sent]</TT>
+</B><DD>The operation is canceled by the <B>(backup) kill</B> command.
+Once the Backup System removes an operation from the queue or stops it from
+running, it no longer appears at all in the output from the command.
+<P><DT><B><TT>[butc contact lost]</TT>
+</B><DD>The <B>backup</B> command interpreter cannot reach the Tape
+Coordinator. The message can mean either that the Tape Coordinator
+handling the operation was terminated or failed while the operation was
+running, or that the connection to the Tape Coordinator timed out.
+<P><DT><B><TT>[done]</TT>
+</B><DD>The Tape Coordinator has finished the operation.
+<P><DT><B><TT>[drive wait]</TT>
+</B><DD>The operation is waiting for the specified tape drive to become
+free.
+<P><DT><B><TT>[operator wait]</TT>
+</B><DD>The Tape Coordinator is waiting for the backup operator to insert a tape
+in the drive.
+</DL>
+</DL>
+<A NAME="IDX6996"></A>
+<A NAME="IDX6997"></A>
+<A NAME="IDX6998"></A>
+<A NAME="IDX6999"></A>
+<A NAME="IDX7000"></A>
+<P><H3><A NAME="HDRWQ290" HREF="auagd002.htm#ToC_328">To cancel operations in interactive mode</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>jobs</B> command at the <TT>backup></TT> prompt, to
+learn the job ID number of the operation you want to cancel. For
+details, see <A HREF="#HDRWQ289">To display pending or running jobs in interactive mode</A>.
+<PRE> backup> <B>jobs</B>
+</PRE>
+<P><LI>Issue the <B>(backup) kill</B> command to cancel the operation.
+<P>
+<PRE> backup> <B>kill</B> <<VAR>job ID or dump set name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>k
+</B><DD>Is the shortest acceptable abbreviation of <B>kill</B>.
+<P><DT><B><VAR>job ID or dump set name</VAR>
+</B><DD>Specifies either the job ID number of the operation to cancel, as reported
+by the <B>jobs</B> command, or for a dump operation only, the dump name in
+the format <VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR>.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ291" HREF="auagd002.htm#ToC_329">Starting and Stopping the Tape Coordinator Process</A></H3>
+<A NAME="IDX7001"></A>
+<P>Before performing a backup operation that reads from or writes to a tape
+device or backup data file, you must start the Tape Coordinator
+(<B>butc</B>) process that handles the drive or file. This section
+explains how to start, stop, and check the status of a Tape Coordinator
+process. To use these instructions, you must have already configured
+the Tape Coordinator machine and created a Tape Coordinator entry in the
+Backup Database, as instructed in <A HREF="auagd011.htm#HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</A>.
+<P>
+<A NAME="IDX7002"></A>
+<A NAME="IDX7003"></A>
+The Tape Coordinator assigns a <I>task ID number</I> to each operation it
+performs. The number is distinct from the job ID number assigned by the
+<B>backup</B> command interpreter in interactive mode (which is discussed
+in <A HREF="#HDRWQ288">Using Interactive and Regular Command Mode</A>). The Tape Coordinator reports the task ID number in
+its onscreen trace and in the messages that it writes to its log and error
+files. To view the task ID numbers of a Tape Coordinator's running
+or pending operations, issue the <B>backup status</B> command.
+<A NAME="IDX7004"></A>
+<A NAME="IDX7005"></A>
+<A NAME="IDX7006"></A>
+<P><H3><A NAME="HDRWQ292" HREF="auagd002.htm#ToC_330">To start a Tape Coordinator process</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file of the cell in which the Tape
+Coordinator is to access volume data and the Backup Database. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>Alternately, you can log into a file server machine as the local superuser
+<B>root</B> in Step <A HREF="#LIWQ293">3</A>.
+<P><LI>Verify that you can write to the Tape Coordinator's log and error
+files in the local <B>/usr/afs/backup</B> directory (the
+<B>TE_</B><VAR>device_name</VAR> and <B>TL_</B><VAR>device_name</VAR>
+files). If the log and error files do not already exist, you must be
+able to insert and write to files in the <B>/usr/afs/backup</B>
+directory.
+<P><LI><A NAME="LIWQ293"></A>Open a connection (using a command such as <B>telnet</B> or
+<B>rlogin</B>) to the Tape Coordinator machine that drives the tape
+device, or whose local disk houses the backup data file. The Tape
+Coordinator uses a devoted connection or window that must remain open for the
+Tape Coordinator to accept requests and while it is executing them.
+<P>If you plan to include the <B>-localauth</B> flag to the
+<B>butc</B> command in the next step, log in as the local superuser
+<B>root</B>.
+<P><LI><A NAME="LIWQ294"></A>Issue the <B>butc</B> command to start the Tape
+Coordinator. You can include either, but not both, of the
+<B>-localauth</B> and <B>-cell</B> options, as discussed in <A HREF="#HDRWQ287">Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-debuglevel</B> <<VAR>trace level</VAR>>] \
+ [<B>-cell</B> <<VAR>cellname</VAR>>] [<B>-noautoquery</B>] [<B>-localauth</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>butc
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>port offset</VAR>
+</B><DD>Specifies the Tape Coordinator's port offset number. You must
+provide this argument unless the default value of <B>0</B> (zero) is
+appropriate.
+<P><DT><B>-debuglevel
+</B><DD>Specifies the type of trace messages that the Tape Coordinator writes to
+the standard output stream (stdout). Provide one of the following three
+values, or omit this argument to display the default type of messages
+(equivalent to setting a value of <B>0</B> [zero]):
+<UL>
+<P><LI><B>0</B>: The Tape Coordinator generates only the minimum number
+of messages necessary to communicate with the backup operator, including
+prompts for insertion of additional tapes and messages that indicate errors or
+the beginning or completion of operations.
+<P><LI><B>1</B>: In addition to the messages displayed at level
+<B>0</B>, the Tape Coordinator displays the name of each volume being
+dumped or restored.
+<P><LI><B>2</B>: In addition to the messages displayed at levels
+<B>0</B> and <B>1</B>, the Tape Coordinator displays all of the
+messages it is also writing to its log file
+(<B>/usr/afs/backup/TL_</B><VAR>device_name</VAR>).
+</UL>
+<P><DT><B><VAR>cellname</VAR>
+</B><DD>Names the cell in which to perform the backup operations (the cell where
+the relevant volumes reside and the Backup Server process is running).
+If you omit this argument, the Tape Coordinator uses its home cell, as defined
+in the local <B>/usr/vice/etc/ThisCell</B> file. Do not combine
+this argument with the <B>-localauth</B> flag.
+<P><DT><B>-noautoquery
+</B><DD>Disables the Tape Coordinator's prompt for the first tape it needs
+for each operation. For a description of the advantages and
+consequences of including this flag, see <A HREF="auagd011.htm#HDRWQ278">Eliminating the Search or Prompt for the Initial Tape</A>.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>butc</B> process
+presents it to the Backup Server, Volume Server, and VL Server during mutual
+authentication. You must be logged into a file server machine as the
+local superuser <B>root</B> to include this flag, and cannot combine it
+with the <B>-cell</B> argument.
+</DL>
+</OL>
+<A NAME="IDX7007"></A>
+<P><H3><A NAME="Header_331" HREF="auagd002.htm#ToC_331">To stop a Tape Coordinator process</A></H3>
+<OL TYPE=1>
+<P><LI>Enter an interrupt signal such as <<B>Ctrl-c</B>> over the
+dedicated connection to the Tape Coordinator.
+</OL>
+<A NAME="IDX7008"></A>
+<A NAME="IDX7009"></A>
+<A NAME="IDX7010"></A>
+<P><H3><A NAME="HDRWQ295" HREF="auagd002.htm#ToC_332">To check the status of a Tape Coordinator process</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup status</B> command.
+<PRE> % <B>backup status</B> [<<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>st
+</B><DD>Is the shortest acceptable abbreviation of <B>status</B>.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the Tape Coordinator's port offset number. You must
+provide this argument unless the default value of <B>0</B> (zero) is
+appropriate.
+</DL>
+</OL>
+<P>The following message indicates that the Tape Coordinator is not currently
+performing an operation:
+<PRE> Tape coordinator is idle
+</PRE>
+<P>Otherwise, the output includes a message of the following format for each
+running or pending operation:
+<PRE> Task <VAR>task_ID</VAR>: <VAR>operation</VAR>: <VAR>status</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>task_ID</VAR>
+</B><DD>Is a task identification number assigned by the Tape Coordinator.
+It begins with the Tape Coordinator's port offset number.
+<P><DT><B><VAR>operation</VAR>
+</B><DD>Identifies the operation the Tape Coordinator is performing, which is
+initiated by the indicated command:
+<UL>
+<P><LI><TT>Dump</TT> (the <B>backup dump</B> command)
+<P><LI><TT>Restore</TT> (the <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> commands)
+<P><LI><TT>Labeltape</TT> (the <B>backup labeltape</B> command)
+<P><LI><TT>Scantape</TT> (the <B>backup scantape</B> command)
+<P><LI><TT>SaveDb</TT> (the <B>backup savedb</B> command)
+<P><LI><TT>RestoreDb</TT> (the <B>backup restoredb</B> command)
+</UL>
+<P><DT><B><VAR>status</VAR>
+</B><DD>Indicates the job's current status in one of the following
+messages.
+<DL>
+<P><DT><B><VAR>number</VAR> <TT>Kbytes transferred, volume</TT> <VAR>volume_name</VAR>
+</B><DD>For a running dump operation, indicates the number of kilobytes copied to
+tape or a backup data file so far, and the volume currently being
+dumped.
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, restore.volume</TT>
+</B><DD>For a running restore operation, indicates the number of kilobytes copied
+into AFS from a tape or a backup data file so far.
+<P><DT><B><TT>[abort requested]</TT>
+</B><DD>The <B>(backup) kill</B> command was issued, but the termination
+signal has yet to reach the Tape Coordinator.
+<P><DT><B><TT>[abort sent]</TT>
+</B><DD>The operation is canceled by the <B>(backup) kill</B> command.
+Once the Backup System removes an operation from the queue or stops it from
+running, it no longer appears at all in the output from the command.
+<P><DT><B><TT>[butc contact lost]</TT>
+</B><DD>The <B>backup</B> command interpreter cannot reach the Tape
+Coordinator. The message can mean either that the Tape Coordinator
+handling the operation was terminated or failed while the operation was
+running, or that the connection to the Tape Coordinator timed out.
+<P><DT><B><TT>[done]</TT>
+</B><DD>The Tape Coordinator has finished the operation.
+<P><DT><B><TT>[drive wait]</TT>
+</B><DD>The operation is waiting for the specified tape drive to become
+free.
+<P><DT><B><TT>[operator wait]</TT>
+</B><DD>The Tape Coordinator is waiting for the backup operator to insert a tape
+in the drive.
+</DL>
+</DL>
+<P>If the Tape Coordinator is communicating with an XBSA server (a third-party
+backup utility that implements the Open Group's Backup Service API
+[XBSA]), the following message appears last in the output:
+<PRE> <VAR>XBSA_program</VAR> Tape coordinator
+</PRE>
+<P>where <VAR>XBSA_program</VAR> is the name of the XBSA-compliant
+program.
+<HR><H2><A NAME="HDRWQ296" HREF="auagd002.htm#ToC_333">Backing Up Data</A></H2>
+<A NAME="IDX7011"></A>
+<A NAME="IDX7012"></A>
+<A NAME="IDX7013"></A>
+<A NAME="IDX7014"></A>
+<A NAME="IDX7015"></A>
+<A NAME="IDX7016"></A>
+<A NAME="IDX7017"></A>
+<A NAME="IDX7018"></A>
+<A NAME="IDX7019"></A>
+<A NAME="IDX7020"></A>
+<A NAME="IDX7021"></A>
+<A NAME="IDX7022"></A>
+<P>This section explains how to use the <B>backup dump</B> command to back
+up AFS data to tape or to a backup data file. The instructions assume
+that you understand Backup System concepts and have already configured the
+Backup System according to the instructions in <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A>. Specifically, you must already have:
+<UL>
+<P><LI>Decided whether to dump data to tape or to a backup data file, and
+configured the Tape Coordinator machine and Tape Coordinator process
+appropriately. See <A HREF="auagd011.htm#HDRWQ261">Configuring Tape Coordinator Machines and Tape Devices</A> and <A HREF="auagd011.htm#HDRWQ282">Dumping Data to a Backup Data File</A>.
+<P><LI>Defined a volume set that includes the volumes you want to dump
+together. See <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>.
+<P><LI>Defined the dump level in the dump hierarchy at which you want to dump the
+volume set. If it is an incremental dump level, you must have
+previously created a dump at its parent level. See <A HREF="auagd011.htm#HDRWQ267">Defining and Displaying the Dump Hierarchy</A>.
+<P><LI>Created a device configuration file. Such a file is required for
+each tape stacker, jukebox device, or backup data file. You can also
+use it to configure the Backup System's automation features. See <A HREF="auagd011.htm#HDRWQ275">Automating and Increasing the Efficiency of the Backup Process</A>.
+</UL>
+<P>The most basic way to perform a dump operation is to create an initial dump
+of a single volume set as soon as the appropriate Tape Coordinator is
+available, by providing only the required arguments to the <B>backup
+dump</B> command. Instructions appear in <A HREF="#HDRWQ301">To create a dump</A>. The command has several optional arguments that
+you can use to increase the efficiency and flexibility of your backup
+procedures:
+<UL>
+<P><LI>To append a dump to the end of a set of tapes that already contains other
+dumps, include the <B>-append</B> argument. Otherwise, the Backup
+System creates an initial dump. Appending dumps enables you to use a
+tape's full capacity and has other potentially useful features.
+For a discussion, see <A HREF="#HDRWQ299">Appending Dumps to an Existing Dump Set</A>.
+<P><LI>To schedule one or more dump operations to run at a future time, include
+the <B>-at</B> argument. For a discussion and instructions, see <A HREF="#HDRWQ300">Scheduling Dumps</A>.
+<P><LI>To initiate a number of dump operations with a single <B>backup
+dump</B> command, include the <B>-file</B> argument to name a file in
+which you have listed the commands. For a discussion and instructions,
+see <A HREF="#HDRWQ299">Appending Dumps to an Existing Dump Set</A> and <A HREF="#HDRWQ300">Scheduling Dumps</A>.
+<P><LI>To generate a list of the volumes to be included in a dump, without
+actually dumping them, combine the <B>-n</B> flag with the other arguments
+to be used on the actual command.
+</UL>
+<P><H3><A NAME="HDRWQ297" HREF="auagd002.htm#ToC_334">Making Backup Operations More Efficient</A></H3>
+<A NAME="IDX7023"></A>
+<P>There are several ways to make dump operations more efficient, less prone
+to error, and less disruptive to your users. Several of them also
+simplify the process of restoring data if that becomes necessary.
+<UL>
+<P><LI>It is best not to dump the read/write or read-only version of a volume,
+because no other users or processes can access a volume while it is being
+dumped. Instead, shortly before the dump operation begins, create a
+backup version of each volume to be dumped, and dump the backup
+version. Creating a Backup version usually makes the source volume
+unavailable for just a few moments (during which access attempts by other
+processes are blocked but do not fail). To automate the creation of
+backup volumes, you can create a <B>cron</B> process in the
+<B>/usr/afs/local/BosConfig</B> file on one or more server machines,
+setting its start time at a sufficient interval before the dump operation is
+to begin. Include the <B>-localauth</B> argument to the <B>vos
+backup</B> or <B>vos backupsys</B> command to enable it to run without
+administrative tokens. For instructions, see <A HREF="auagd009.htm#HDRWQ162">To create and start a new process</A>.
+<P><LI>The volume set, dump level, and Tape Coordinator port offset you specify
+on the <B>backup dump</B> command line must be properly defined in the
+Backup Database. The Backup System checks the database before beginning
+a dump operation and halts the command immediately if any of the required
+entities are missing. If necessary, use the indicated commands:
+<UL>
+<P><LI>To display volume sets, use the <B>backup listvolsets</B> command as
+described in <A HREF="auagd011.htm#HDRWQ266">To display volume sets and volume entries</A>.
+<P><LI>To display dump levels, use the <B>backup listdumps</B> command as
+described in <A HREF="auagd011.htm#HDRWQ271">To display the dump hierarchy</A>.
+<P><LI>To display port offsets, use the <B>backup listhosts</B> command as
+described in <A HREF="auagd011.htm#HDRWQ264">To display the list of configured Tape Coordinators</A>.
+</UL>
+<P><LI>Ensure that a valid token corresponding to a privileged administrative
+identity is available to the Backup System processes both when the <B>backup
+dump</B> command is issued and when the dump operation actually runs (for a
+complete description or the necessary privileges, see <A HREF="auagd011.htm#HDRWQ260">Granting Administrative Privilege to Backup Operators</A>). This is a special concern for scheduled
+dumps. One alternative is to run <B>backup</B> commands (or the
+script that invokes them) and the <B>butc</B> command on server machines,
+and to include the <B>-localauth</B> argument on the command. In
+this case, the processes use the key with the highest key version number in
+the local <B>/usr/afs/etc/KeyFile</B> file to construct a token that never
+expires. Otherwise, you must use a method to renew tokens before they
+expire, or grant tokens with long lifetimes. In either case, you must
+protect against improper access to the tokens by securing the machines both
+physically and against unauthorized network access. The protection
+possibly needs to be even stronger than when a human operator is present
+during the operations.
+<P><LI>Record tape capacity and filemark size values that are as accurate as
+possible in the Tape Coordinator's <B>/usr/afs/backup/tapeconfig</B>
+file and on the tape's label. For suggested values and a
+description of what can happen when they are inaccurate, see <A HREF="auagd011.htm#HDRWQ258">Configuring the tapeconfig File</A>.
+<P><LI>If an unattended dump requires multiple tapes, arrange to provide them by
+properly configuring a tape stacker or jukebox and writing a tape-mounting
+script to be invoked in the device's <B>CFG_</B><VAR>device_name</VAR>
+file. For instructions, see <A HREF="auagd011.htm#HDRWQ277">Invoking a Device's Tape Mounting and Unmounting Routines</A>.
+<P><LI>You can configure any tape device or backup data file's
+<B>CFG_</B><VAR>device_name</VAR> file to take advantage of the Backup
+System's automation features. See <A HREF="auagd011.htm#HDRWQ275">Automating and Increasing the Efficiency of the Backup Process</A>.
+<P><LI>When you issue a <B>backup</B> command in regular (noninteractive)
+mode, the command shell prompt does not return until the operation
+completes. To avoid having to open additional connections, issue the
+<B>backup dump</B> command in interactive mode, especially when including
+the <B>-at</B> argument to schedule dump operations.
+<P><LI>An incremental dump proceeds most smoothly if there is a dump created at
+the dump level immediately above the level you are using. If the Backup
+System does not find a Backup Database record for a dump created at the
+immediate parent level, it looks for a dump created at one level higher in the
+hierarchy, continuing up to the full dump level if necessary. It
+creates an incremental dump at the level one below the lowest valid parent
+dump that it finds, or even creates a full dump if that is necessary.
+This algorithm guarantees that the dump captures all data that has changed
+since the last dump, but has a couple of disadvantages. First, the
+Backup System's search through the database for a valid parent dump takes
+extra time. Second, the subsequent pattern of dumps can be confusing to
+a human operator who needs to restore data from them, because they were not
+performed at the expected dump levels.
+<P>The easiest way to guarantee that a dump exists at the immediate parent
+level is always to perform dump operations on the predetermined
+schedule. To check that the parent dump exists, you can issue the
+<B>backup dumpinfo</B> command (as described in <A HREF="#HDRWQ303">To display dump records</A>) and search for it in the output. Alternatively,
+issue the <B>backup volinfo</B> command (as described in <A HREF="#HDRWQ304">To display a volume's dump history</A>) for a volume that you believe is in the parent dump.
+<P><LI>Always use dump levels from the same hierarchy (levels that are
+descendants of the same full level) when dumping a given volume set.
+The result of alternating between levels from different hierarchies can be
+confusing when you need to restore data or read dump records. It also
+increases the chance that changed data is not captured in any dump, or is
+backed up redundantly into more than one dump.
+<P><LI>Use permanent tape names rather than AFS tape names. You can make
+permanent names more descriptive than is allowed by an AFS tape name's
+strict format, and also bypass the name-checking step that the Backup System
+performs by default when a tape has an AFS tape name only. You can also
+configure the Tape Coordinator always to skip the check, however; for
+instructions and a description of the acceptable format for AFS tape names,
+see <A HREF="auagd011.htm#HDRWQ280">Eliminating the AFS Tape Name Check</A>.
+<P><LI>If you write dumps to tape, restore operations are simplest if all of your
+tape devices are compatible (can read the same type of tape, at the same
+compression ratios, and so on). If you must use incompatible devices,
+then at least use compatible devices for all dumps performed at dump levels
+that are at the same depth in their respective hierarchies (compatible devices
+for all dumps performed at a full dump level, compatible devices for all dumps
+performed at a level 1 incremental dump level, and so on). The
+<B>-portoffset</B> argument to the <B>backup diskrestore</B> and
+<B>backup volsetrestore</B> commands accepts multiple port offset numbers,
+but uses the first listed port offset when restoring all full dumps, the
+second port offset when restoring all level 1 dumps, and so on. If you
+did not use compatible tape devices when creating dumps at the same depth in a
+hierarchy, you must restore one volume at a time with the <B>backup
+volrestore</B> command.
+<P><LI>In some cases, it makes sense to use a <I>temporary</I> volume set,
+which exists only within the context of the interactive session in which it is
+created and for which no record is created in the Backup Database. One
+suitable situation is when dumping a volume to tape in preparation for
+removing it permanently (perhaps because its owner is leaving the
+cell). In this case, you can define a volume entry that includes only
+the volume of interest without cluttering up the Backup Database with a volume
+set record that you are using only once.
+<P><LI>Do not perform a dump operation when you know that there are network,
+machine, or server process problems that can prevent the Backup System from
+accessing volumes or the Volume Location Database (VLDB). Although the
+Backup System automatically makes a number of repeated attempts to get to an
+inaccessible volume, the dump operation takes extra time and in some cases
+stops completely to prompt you for instructions on how to continue.
+Furthermore, if the Backup System's last access attempt fails and the
+volume is omitted from the dump, you must take extra steps to have it backed
+up (namely, the steps described just following for a halted dump
+operation). For a more complete description of how the Backup System
+makes repeated access attempts, see <A HREF="#HDRWQ298">How Your Configuration Choices Influence the Dump Process</A>.
+<P><LI>Review the logs created by the Backup System as soon as possible after a
+dump operation completes, particularly if it ran unattended. They name
+any volumes that were not successfully backed up, among other problems.
+The Backup Server writes to the <B>/usr/afs/logs/BackupLog</B> file on the
+local disk of the database server machine, and you can use the <B>bos
+getlog</B> command to read it remotely if you wish; for instructions,
+see <A HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A>. The Tape Coordinator writes to two files in the
+local <B>/usr/afs/backup</B> directory on the machine where it is
+running: the <B>TE_</B><VAR>device_name</VAR> file records errors, and
+the <B>TL_</B><VAR>device_name</VAR> file records both trace and error
+messages.
+<P><LI>Avoid halting a dump operation (for instance, by issuing the <B>(backup)
+kill</B> command in interactive mode), both because it introduces the
+potential for confusion and because recovering from the interruption requires
+extra effort. When a dump operation is interrupted, the volumes that
+were backed up before the halt signal is received are complete on the tape or
+in the backup data file, and are usable in restore operations. The
+records in the Backup Database about the volumes' dump history accurately
+show when and at which dump level they were backed up; to display the
+records, use the <B>backup volinfo</B> command as described in <A HREF="#HDRWQ304">To display a volume's dump history</A>.
+<P>However, there is no indication in the dump's Backup Database record
+that volumes were omitted; to display the record, use the <B>backup
+dumpinfo</B> command as described in <A HREF="#HDRWQ303">To display dump records</A>. You must choose one of the following methods for
+dealing with the volumes that were not backed up before the dump operation
+halted. (Actually, you must make the same decision if the dump
+operation halts for reasons outside your control.)
+<UL>
+<P><LI>You can take no action, waiting until the next regularly scheduled dump
+operation to back them up. At that time, the Backup System
+automatically dumps them at the appropriate level to guarantee that the dump
+captures all of the data that changed since the volume was last dumped.
+However, you are gambling that restoring the volume is not necessary before
+the next dump operation. If restoration is necessary, you can restore
+the volume only to its state at the time it was last included in a
+dump--you have lost all changes made to the volume since that
+time.
+<P><LI>You can discard the entire dump and run the dump operation again.
+To discard the dump, use the <B>backup labeltape</B> command to relabel
+the tapes or backup data file, which automatically removes all associated
+records from the Backup Database. For instructions, see <A HREF="auagd011.htm#HDRWQ272">Writing and Reading Tape Labels</A>. If a long time has passed since the backup version
+of the volumes was created, some of the source volumes have possibly
+changed. If that seems likely, reissue the <B>vos backup</B> or
+<B>vos backupsys</B> command on them before redoing the dump
+operation.
+<P><LI>You can create a new volume set that includes the missed volumes and dump
+it at a full dump level (even if you specify an incremental dump level, the
+Backup System uses the full dump level at the top of your specified
+level's hierarchy, because it has never before backed up these volumes as
+part of the new volume set). The next time you dump the original volume
+set, the Backup System automatically dumps the missed volumes at the level one
+below the level it used the last time it dumped the volumes as part of the
+original volume set.
+</UL>
+</UL>
+<P><H3><A NAME="HDRWQ298" HREF="auagd002.htm#ToC_335">How Your Configuration Choices Influence the Dump Process</A></H3>
+<A NAME="IDX7024"></A>
+<P>This section provides an overview of the backup process, describing what
+happens at each stage both by default and as a result of your configuration
+choices, including the configuration instructions you include in the
+device-specific <B>CFG_</B><VAR>device_name</VAR> file. For the sake
+of clarity, it tracks the progress of a single <B>backup dump</B> command
+that creates an initial dump. For a discussion of the slight
+differences in the procedure when you append or schedule dumps, see <A HREF="#HDRWQ299">Appending Dumps to an Existing Dump Set</A> or <A HREF="#HDRWQ300">Scheduling Dumps</A>.
+<P>As a concrete example, the following description traces a dump of the
+volume set <B>user</B> at the <B>/weekly/mon/tues/wed</B> dump
+level. The <B>user</B> volume set has one volume entry that matches
+the backup version of all user volumes:
+<PRE> <B>.* .* user.*\.backup</B>
+</PRE>
+<P>The dump level belongs to the following dump hierarchy.
+<PRE> /weekly
+ /mon
+ /tues
+ /wed
+ /thurs
+ /fri
+</PRE>
+<OL TYPE=1>
+<P><LI><A NAME="LIBKOV-BUTC"></A>You issue the <B>butc</B> command to start a Tape
+Coordinator to handle the dump operation. The Tape Coordinator does not
+have to be running when you issue the <B>backup dump</B> command, but must
+be active in time to accept the list of volumes to be included in the dump,
+when Step <A HREF="#LIBKOV-VOLMATCHES">3</A> is completed. To avoid coordination problems, it is
+best to start the Tape Coordinator before issuing the <B>backup dump</B>
+command.
+<P>As the Tape Coordinator initializes, it reads the entry in its local
+<B>/usr/afs/backup/tapeconfig</B> file for the port offset you specify on
+the <B>butc</B> command line. The entry specifies the name of the
+device to use, and the Tape Coordinator verifies that it can access it.
+It also reads the device's configuration file,
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR>, if it exists. See
+Step <A HREF="#LIBKOV-READCFG">6</A> for a description of how the instructions in the file
+influence the dump operation.
+<P><LI>You issue the <B>backup dump</B> command, specifying a volume set,
+dump level, and the same port offset number you specified on the
+<B>butc</B> command in Step <A HREF="#LIBKOV-BUTC">1</A>. The Backup System verifies that they have
+correct Backup Database records and halts the operation with an error message
+if they do not.
+<P>If you issue the command in interactive mode, the Backup System assigns the
+operation a job ID number, which you can use to check the operation's
+status or halt it by using the <B>(backup) jobs</B> or <B>(backup)
+kill</B> command, respectively. For instructions, see <A HREF="#HDRWQ289">To display pending or running jobs in interactive mode</A> and <A HREF="#HDRWQ290">To cancel operations in interactive mode</A>.
+<P><LI><A NAME="LIBKOV-VOLMATCHES"></A>The Backup System works with the VL Server to
+generate a list of the volumes in the VLDB that match the name and location
+criteria defined in the volume set's volume entries. If a volume
+matches more than one volume entry, the Backup System ignores the duplicates
+so that the dump includes only one copy of data from the volume.
+<P>To reduce the number of times you need to switch tapes during a restore
+operation, the Backup System sorts the volumes by server machine and
+partition, and during the dump operation writes the data from all volumes
+stored on a specific partition before moving to the next partition.
+<P>As previously mentioned, it is best to back up backup volumes rather than
+read/write volumes, to avoid blocking users' access to data during the
+dump. To achieve this, you must explicitly include the
+<B>.backup</B> suffix on the volume names in volume entry
+definitions. For instructions, and to learn how to define volume
+entries that match multiple volumes, see <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>.
+<P>In the example, suppose that 50 volumes match the <B>user</B> volume
+set criteria, including three called <B>user.pat.backup</B>,
+<B>user.terry.backup</B>, and
+<B>user.smith.backup</B>.
+<P><LI><A NAME="LIBKOV-CLONEDATE"></A>The Backup System next scans the dump hierarchy for
+the dump level you have specified on the <B>backup dump</B> command
+line. If it is a full level, then in the current operation the Backup
+System backs up all of the data in all of the volumes in the list obtained in
+Step <A HREF="#LIBKOV-VOLMATCHES">3</A>.
+<P>If the dump level is incremental, the Backup System reads each
+volume's dump history in the Backup Database to learn which of the parent
+levels in its pathname was used when the volume was most recently backed up as
+part of this volume set. In the usual case, it is the current dump
+level's immediate parent level.
+<P>An incremental dump of a volume includes only the data that changed since
+the volume was included in the parent dump. To determine which data are
+eligible, the Backup System uses the concept of a volume's <I>clone
+date</I>. A read/write volume's clone date is when the Backup
+System locks the volume before copying its contents into a dump. A
+backup volume's clone date is the completion time of the operation that
+created it by cloning its read/write source volume (the operation initiated by
+a <B>vos backup</B> or <B>vos backupsys</B> command). A
+read-only volume's clone date is the time of the release operation
+(initiated by the <B>vos release</B> command) that completed most recently
+before the dump operation.
+<P>More precisely then, an incremental dump includes only data that have a
+modification timestamp between the clone date of the volume included in the
+parent dump (the <I>parent clone date</I>) and the clone date of the
+volume to be included in the current dump (the <I>current clone
+date</I>).
+<P>There are some common exceptions to the general rule that a volume's
+parent dump is the dump created at the immediate parent level:
+<UL>
+<P><LI>The volume did not exist at all at the time of the last dump. In
+this case, the Backup System automatically does a full dump of it.
+<P><LI>The volume did not match the volume set's name and location criteria
+at the time of the last dump. In this case, the Backup System
+automatically does a full dump of it, even if it was backed up recently (fully
+or incrementally) as part of another volume set. This redundancy is an
+argument for defining volume entries in terms of names rather than locations,
+particularly if you move volumes frequently.
+<P><LI>The volume was not included in the dump at the immediate parent level for
+some reason (perhaps a process, machine, or network access prevented the
+Backup System from accessing it). In this case, the Backup System sets
+the clone date to the time of the last dump operation that included the
+volume. If the volume was not included in a dump performed at any of
+the levels in the current level's pathname, the Backup System does a full
+dump of it.
+</UL>
+<P>In the example, the current dump level is
+<B>/weekly/mon/tues/wed</B>. The
+<B>user.pat.backup</B> and
+<B>user.terry.backup</B> volumes were included in the dump
+performed yesterday, Tuesday, at the <B>/weekly/mon/tues</B> level.
+The Backup System uses as their parent clone date 3:00
+a.m. on Tuesday, which is when backup versions of them were
+created just before Tuesday's dump operation. However,
+Tuesday's dump did not include the
+<B>user.smith.backup</B> volume for some reason. The
+last time it was included in a dump was Monday, at the <B>/weekly/mon</B>
+level. The Backup System uses a parent clone date of Monday at
+2:47 a.m., which is when a backup version of the volume
+was created just before the dump operation on Monday.
+<P><LI>If performing an incremental dump, the Backup System works with the Volume
+Server to prepare a list of all of the files in each volume that have changed
+(have modification timestamps) between the parent clone date and the current
+clone date. The dump includes the complete contents of every such
+file. If a file has not changed, the dump includes only a placeholder
+stub for it. The dump also includes a copy of the complete directory
+structure in the volume, whether or not it has changed since the previous
+dump.
+<P>If none of the data in the volume has changed since the last dump, the
+Backup System omits the volume completely. It generates the following
+message in the Tape Coordinator window and log files:
+<PRE> Volume <VAR>volume_name</VAR> (<VAR>volume_ID</VAR>) not dumped - has not been modified
+ since last dump.
+</PRE>
+<P><LI><A NAME="LIBKOV-READCFG"></A>The Tape Coordinator prepares to back up the
+data. If there is a <B>CFG_</B><VAR>device_name</VAR> file, the Tape
+Coordinator already read it in Step <A HREF="#LIBKOV-BUTC">1</A>. The following list describes how the instructions in
+the file guide the Tape Coordinator's behavior at this point:
+<DL>
+<P><DT><B>FILE
+</B><DD>If this instruction is set to <B>YES</B>, the Tape Coordinator writes
+data to a backup data file. The <VAR>device_name</VAR> field in the
+<B>tapeconfig</B> file must also specify a filename for the dump to work
+properly. For further discussion and instructions on configuring a
+backup data file, see <A HREF="auagd011.htm#HDRWQ282">Dumping Data to a Backup Data File</A>.
+<P>If it is set to <B>NO</B> or does not appear in the file, the Tape
+Coordinator writes to a tape device.
+<P><DT><B>MOUNT and UNMOUNT
+</B><DD>If there is a <B>MOUNT</B> instruction in the file, each time the Tape
+Coordinator needs a new tape, it invokes the indicated script or program to
+mount a tape in the device's tape drive. There must be a
+<B>MOUNT</B> instruction if you want to utilize a tape stacker or
+jukebox's ability to switch between tapes automatically. If there
+is no <B>MOUNT</B> instruction, the Tape Coordinator prompts the human
+operator whenever it needs a tape.
+<P>The <B>AUTOQUERY</B> instruction, which is described just following,
+modifies the Tape Coordinator's tape acquisition procedure for the first
+tape it needs in a dump operation.
+<P>If there is an <B>UNMOUNT</B> instruction, then the Tape Coordinator
+invokes the indicated script or program whenever it closes the tape
+device. Not all tape devices have a separate tape unmounting routine,
+in which case the <B>UNMOUNT</B> instruction is not necessary. For
+more details on both instructions, see <A HREF="auagd011.htm#HDRWQ277">Invoking a Device's Tape Mounting and Unmounting Routines</A>.
+<P><DT><B>AUTOQUERY
+</B><DD>If this instruction is set to <B>NO</B>, the Tape Coordinator assumes
+that the first tape needed for the dump operation is already in the tape
+drive. It does not use its usual tape acquisition procedure as
+described in the preceding discussion of the <B>MOUNT</B>
+instruction. You can achieve the same effect by including the
+<B>-noautoquery</B> flag to the <B>butc</B> command.
+<P>If this instruction is absent or set to <B>YES</B>, the Tape
+Coordinator uses its usual tape acquisition procedure even for the first
+tape. For more details, see <A HREF="auagd011.htm#HDRWQ278">Eliminating the Search or Prompt for the Initial Tape</A>.
+<P><DT><B>BUFFERSIZE
+</B><DD>If this instruction appears in the file, the Tape Coordinator sets its
+buffer size to the specified value rather than using the default buffer size
+of 16 KB. For further discussion, see <A HREF="auagd011.htm#HDRWQ281">Setting the Memory Buffer Size to Promote Tape Streaming</A>.
+</DL>
+<P>If there is no <B>CFG_</B><VAR>device_name</VAR> file, the Tape
+Coordinator writes data to a tape device and prompts the human operator each
+time it needs a tape (the only exception being the first tape if you include
+the <B>-noautoquery</B> flag to the <B>butc</B> command).
+<P><LI><A NAME="LIBKOV-NAMECHECK"></A>The Tape Coordinator opens either a tape drive or
+backup data file at this point, as directed by the instructions in the
+<B>CFG_</B><VAR>device_name</VAR> file (described in Step <A HREF="#LIBKOV-READCFG">6</A>). The instructions also determine whether it
+invokes a mount script or prompts the operator. In Step <A HREF="#LIBKOV-BUTC">1</A> the Tape Coordinator read in the device's capacity and
+filemark size from the <B>tapeconfig</B> file. It now reads the
+same values from the tape or backup data file's magnetic label, and
+overwrites the <B>tapeconfig</B> values if there is a difference.
+<P>If creating an initial dump (as in the current example) and there is no
+permanent name on the label, the Tape Coordinator next checks that the AFS
+tape name has one of the three acceptable formats. If not, it rejects
+the tape and you must use the <B>backup labeltape</B> command to write an
+acceptable name. You can bypass this name-checking step by including
+the <B>NAME_CHECK NO</B> instruction in the
+<B>CFG_</B><VAR>device_name</VAR> file. For discussion and a list of
+the acceptable AFS tape name values, see <A HREF="auagd011.htm#HDRWQ280">Eliminating the AFS Tape Name Check</A>.
+<P><LI><A NAME="LIBKOV-EXPDATE"></A>For an initial dump, the Tape Coordinator starts writing
+at the beginning of the tape or backup dump file, overwriting any existing
+data. To prevent inappropriate overwriting, the Backup System first
+checks the Backup Database for any dump records associated with the name
+(permanent or AFS tape name) on the tape or backup dump file's
+label. It refuses to write to a backup data file that has unexpired
+dumps in it, or to a tape that belongs to a dump set with any unexpired
+dumps. To recycle a file or tape before all dumps have expired, you
+must use the <B>backup labeltape</B> command to relabel it. Doing
+so removes the Backup Database records of all dumps in the file or on all
+tapes in the dump set, which makes it impossible to restore data from any of
+the tapes. For more information on expiration dates, see <A HREF="auagd011.htm#HDRWQ270">Defining Expiration Dates</A>.
+<P>The Tape Coordinator also checks for two other types of inappropriate tape
+reuse. The tape cannot already have data on it that belongs to the dump
+currently being performed, because that implies that the previous tape is
+still in the drive, or you have mistakenly reinserted it. The Tape
+Coordinator generates the following message and attempts to obtain another
+tape:
+<PRE> Can't overwrite tape containing the dump in progress
+</PRE>
+<P>The tape cannot contain data from a parent dump of the current
+(incremental) dump, because overwriting a parent dump makes it impossible to
+restore data from the current dump. The Tape Coordinator generates the
+following message and attempts to obtain another tape:
+<PRE> Can't overwrite the parent dump <VAR>parent_name</VAR> (<VAR>parent_dump_ID</VAR>)
+</PRE>
+<P><LI><A NAME="LIBKOV-WRITE"></A>The Tape Coordinator now writes data to the tape or backup
+data file. It uses the capacity and filemark size it obtained in Step <A HREF="#LIBKOV-NAMECHECK">7</A> as it tracks how much more space is available, automatically
+using its tape acquisition procedure if the dump is not finished when it
+reaches the end of the tape. For a more detailed description, and a
+discussion of what happens if the Tape Coordinator reaches the physical
+end-of-tape unexpectedly, see <A HREF="auagd011.htm#HDRWQ258">Configuring the tapeconfig File</A>. Similarly, for instructions on configuring a backup
+data file to optimize recovery from unexpectedly running out of space, see
+Step <A HREF="auagd011.htm#LITAPECONFIG-FILE">6</A> in the instructions in <A HREF="auagd011.htm#HDRWQ282">Dumping Data to a Backup Data File</A>.
+<P>If the Tape Coordinator cannot access a volume during the dump (perhaps
+because of a server process, machine, or network outage), it skips the volume
+and continues dumping all volumes that it can access. It generates an
+error message in the Tape Coordinator window and log file about the omitted
+volume. It generates a similar message if it discovers that a backup
+volume has not been recloned since the previous dump operation (that is, that
+the volume's current clone date is the same as its parent clone
+date):
+<PRE> Volume <VAR>volume_name</VAR> (<VAR>volume_ID</VAR>) not dumped - has not been re-cloned
+ since last dump.
+</PRE>
+<P>After completing a first pass through all of the volumes, it attempts to
+dump each omitted volume again. It first checks to see if the reason
+that the volume was inaccessible during the first pass is that it has been
+moved since the VL Server generated the list of volumes to dump in Step <A HREF="#LIBKOV-VOLMATCHES">3</A>. If so, it dumps the volume from its new site.
+If the second attempt to access a volume also fails, the Tape Coordinator it
+generates the following message, prompting you for instruction on how to
+proceed:
+<PRE> Dump of volume <VAR>volume_name</VAR> (<VAR>volume_ID</VAR>) failed
+ Please select action to be taken for this volume.
+ r - retry, try dumping this volume again
+ o - omit, this volume from this dump
+ a - abort, the entire dump
+</PRE>
+<P>To increase the automation of the dump process, you can include the
+<B>ASK NO</B> instruction in the <B>CFG_</B><VAR>device_name</VAR> file
+to suppress this prompt and have the Tape Coordinator automatically omit the
+volume from the dump.
+<P>If you are tracking the dump as it happens, the prompt enables you to take
+corrective action. If the volume has not been recloned, you can issue
+the <B>vos backup</B> command. If the volume is inaccessible, you
+can investigate and attempt to resolve the cause.
+<A NAME="IDX7025"></A>
+<A NAME="IDX7026"></A>
+<A NAME="IDX7027"></A>
+<A NAME="IDX7028"></A>
+<A NAME="IDX7029"></A>
+<P><LI>If the tape or backup data file does not already have an AFS tape name,
+the Backup System constructs the appropriate one and records it on the label
+and in the Backup Database. It also assigns a dump name and ID number
+to the dump and records them in dump record that it creates in the Backup
+Database. For details on tape and dump names, see <A HREF="auagd011.htm#HDRWQ253">Dump Names and Tape Names</A>. For instructions on displaying dump records or a
+volume's dump history, or scanning the contents of a tape, see <A HREF="#HDRWQ302">Displaying Backup Dump Records</A>.
+</OL>
+<P><H3><A NAME="HDRWQ299" HREF="auagd002.htm#ToC_336">Appending Dumps to an Existing Dump Set</A></H3>
+<A NAME="IDX7030"></A>
+<P>The AFS Backup System enables you to append dumps to the end of the final
+tape in a dump set by including the <B>-append</B> flag to the <B>backup
+dump</B> command. Appending dumps improves Backup System automation
+and efficiency in several ways:
+<UL>
+<P><LI>It maximizes use of a tape's capacity. An initial dump must
+always start on a new tape, but does not necessarily extend to the end of the
+final tape in the dump set. You can fill up the unused tape by
+appending one or more dumps.
+<P><LI>It can reduce the number of tapes and tape changes needed to complete a
+dump operation. Rather than performing a series of initial dumps first,
+instead begin with an initial dump and follow it immediately with several
+appended dumps. In this way you can write all dumps in the series to
+the same tape (assuming the tape is large enough to accommodate them
+all). If, in contrast, you perform all of the initial dumps first, each
+must begin on a new tape and you must switch tapes again if you then want to
+append dumps.
+<P>You can either issue the appropriate series of <B>backup dump</B>
+commands at the interactive <TT>backup></TT> prompt, or record them in a
+file that you then name with the <B>-file</B> argument to the <B>backup
+dump</B> command. Appending dumps in this way enables you to run
+multiple unattended backup operations even without a tape stacker or jukebox,
+if all of the dumps fit on one tape.
+<P><LI>It can reduce the number of tape changes during a restore
+operation. For example, if you append all of the incremental dumps of a
+volume set to tapes in one dump set, then restoring a volume from the volume
+set requires a minimum number of tape changes. It is best not to append
+incremental dumps to a tape that contains the parent full dump, however:
+if the tape is lost or damaged, you lose all of the data from the
+volume.
+<P>Although it can be efficient to group together appended dumps that are
+related, the Backup System does not require any relationship between the
+appended dumps on a tape or in a dump set.
+</UL>
+<P>When writing an appended dump, the Backup System performs most of the steps
+described in <A HREF="#HDRWQ298">How Your Configuration Choices Influence the Dump Process</A>. Appended dumps do not have to be related to one
+another or the initial dump, so it skips Step <A HREF="#LIBKOV-NAMECHECK">7</A>: there is no need to check that the AFS tape name
+reflects the volume set and dump level names in this case. It also
+skips Step <A HREF="#LIBKOV-EXPDATE">8</A>. Because it is not overwriting any existing data on
+the tape, it does not need to check the expiration dates of existing dumps on
+the tape or in the file. Then in Step <A HREF="#LIBKOV-WRITE">9</A> the Tape Coordinator scans to the end of the last dump on
+the tape or in the backup data file before it begins writing data.
+<P>The Backup System imposes the following conditions on appended dumps:
+<UL>
+<P><LI>If writing to tape, the Tape Coordinator checks that it is the final one
+in a dump set for which there are complete and valid tape and dump records in
+the Backup Database. If not, it rejects the tape and requests an
+acceptable one. If you believe the tape has valid data on it, you can
+reconstruct the Backup Database dump records for it by using the
+<B>-dbadd</B> argument to the <B>backup scantape</B> command as
+instructed in <A HREF="#HDRWQ305">To scan the contents of a tape</A>.
+<P><LI>The most recent dump on the tape or in the backup data file must have
+completed successfully.
+<P><LI>The dump set to which the tape or file belongs must begin with an initial
+dump that is recorded in the Backup Database. If there are no dumps on
+the current tape, then the Backup System treats the dump operation as an
+initial dump and imposes the relevant requirements (for example, checks the
+AFS tape name if appropriate).
+</UL>
+<P>As you append dumps, keep in mind that all of a dump set's dump and
+tape records in the Backup Database are indexed to the initial dump. If
+you want to delete an appended dump's record, you must delete the initial
+dump record, and doing so erases the records of all dumps in the dump
+set. Without those records, you cannot restore any of the data in the
+dump set.
+<P>Similarly, all of the dumps in a dump set must expire before you can
+recycle (write a new initial dump to) any of the tapes in a dump set.
+Do not append a dump if its expiration date is later than the date on which
+you want to recycle any of the tapes in its dump set. To recycle a tape
+before the last expiration date, you must delete the initial dump's
+record from the Backup Database. Either use the <B>backup
+labeltape</B> command to relabel the tape as instructed in <A HREF="auagd011.htm#HDRWQ273">To label a tape</A>, or use the <B>backup deletedump</B> command
+to delete the record directly as instructed in <A HREF="#HDRWQ322">To delete dump records from the Backup Database</A>.
+<P>Although in theory you can append as many dumps as you wish, it generally
+makes sense to limit the number of tapes in a dump set (for example, to five),
+for these reasons:
+<UL>
+<P><LI>If an unreadable spot develops on one of the tapes in a dump set, it can
+prevent the Tape Coordinator from scanning the tape as part of a <B>backup
+scantape</B> operation you use to reconstruct Backup Database
+records. The Tape Coordinator can almost always scan the tape
+successfully up to the point of damage and can usually skip past minor
+damage. A scanning operation can start on any tape in a dump set, so
+damage on one tape does not prevent scanning of the others in the dump
+set. However, you can scan only the tapes that precede the damaged one
+in the dump set or the ones that follow the damaged one, but not both.
+(For more information on using tapes to reconstruct the information in the
+Backup Database, see <A HREF="#HDRWQ305">To scan the contents of a tape</A>.)
+<P>An unreadable bad spot can also prevent you from restoring a volume
+completely, because restore operations must begin with the full dump and
+continue with each incremental dump in order. If you cannot restore a
+specific dump, you cannot restore any data from later incremental
+dumps.
+<P><LI>If you decide in the future to archive one or more dumps, then you must
+archive the entire set of tapes that constitute the dump set, rather than just
+the ones that contain the data of interest. This wastes both tape and
+archive storage space. For more information on archiving, see <A HREF="auagd011.htm#HDRWQ269">Archiving Tapes</A>.
+</UL>
+<P><H3><A NAME="HDRWQ300" HREF="auagd002.htm#ToC_337">Scheduling Dumps</A></H3>
+<P>By default, the Backup System starts executing a dump
+operation as soon as you enter the <B>backup dump</B> command, and the
+Tape Coordinator begins writing data as soon as it is not busy and the list of
+files to write is available. You can, however, schedule a dump
+operation to begin at a specific later time:
+<UL>
+<P><LI>To schedule a single dump operation, include the <B>-at</B> argument
+to specify its start time.
+<P><LI>To schedule multiple dump operations, list the operations in a file named
+by the <B>-file</B> argument and use the <B>-at</B> argument to
+specify when the <B>backup</B> command interpreter reads the file.
+If you omit the <B>-at</B> argument, the command interpreter reads the
+file immediately, which does not count as scheduling, but does allow you to
+initiate multiple dump operations in a single command. Do not combine
+the <B>-file</B> argument with the <B>-volumeset</B>,
+<B>-dump</B>, <B>-portoffset</B>, <B>-append</B>, or <B>-n</B>
+options.
+<P>For file-formatting instructions, see the description of the
+<B>-file</B> argument in Step <A HREF="#LIBKDUMP-SYNTAX">7</A> of <A HREF="#HDRWQ301">To create a dump</A>.
+</UL>
+<P>The Backup System performs initial and appended dumps in the same manner
+whether they are scheduled or begin running as soon as you issue the
+<B>backup dump</B> command. The only difference is that the
+requirements for successful execution hold both at the time you issue the
+command and when the Backup System actually begins running it. All
+required Backup Database entries for volume sets, dump levels, and port
+offsets, and all dump and tape records must exist at both times.
+Perhaps more importantly, the required administrative tokens must be available
+at both times. See <A HREF="#HDRWQ297">Making Backup Operations More Efficient</A>.
+<P><H3><A NAME="HDRWQ301" HREF="auagd002.htm#ToC_338">To create a dump</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P><LI>If using a tape device, insert the tape.
+<P><LI>Issue the <B>backup</B> command to enter interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Decide which volume set and dump level to use. If necessary, issue
+the <B>backup listvolsets</B> and <B>backup listdumps</B> commands to
+display the existing volume sets and dump levels. For complete
+instructions and a description of the output, see <A HREF="auagd011.htm#HDRWQ266">To display volume sets and volume entries</A> and <A HREF="auagd011.htm#HDRWQ271">To display the dump hierarchy</A>.
+<PRE> backup> <B>listvolsets</B> [<<VAR>volume set name</VAR>>]
+ backup> <B>listdumps</B>
+</PRE>
+<P>If you want to use a temporary volume set, you must create it during the
+current interactive session. This can be useful if you are dumping a
+volume to tape in preparation for removing it permanently (perhaps because its
+owner is leaving the cell). In this case, you can define a volume entry
+that includes only the volume of interest without cluttering up the Backup
+Database with a volume set record that you are using only once.
+Complete instructions appear in <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>.
+<PRE> backup> <B>addvolset</B> <<VAR>volume set name</VAR>> <B>-temporary</B>
+ backup> <B>addvolentry -name</B> <<VAR>volume set name</VAR>> \
+ <B>-server</B> <<VAR>machine name</VAR>> \
+ <B>-partition</B> <<VAR>partition name</VAR>> \
+ <B>-volumes</B> <<VAR>volume name (regular expression)</VAR>>
+</PRE>
+<P><LI>If you are creating an initial dump and writing to a tape or backup data
+file that does not have a permanent name, its AFS tape name must satisfy the
+Backup System's format requirements as described in <A HREF="auagd011.htm#HDRWQ280">Eliminating the AFS Tape Name Check</A>. If necessary, use the <B>backup readlabel</B>
+command to display the label and the <B>backup labeltape</B> command to
+change the names, as instructed in <A HREF="auagd011.htm#HDRWQ272">Writing and Reading Tape Labels</A>. You must also relabel a tape if you want to
+overwrite it and it is part of a dump set that includes any unexpired dumps,
+though this is not recommended. For a discussion of the appropriate way
+to recycle tapes, see <A HREF="auagd011.htm#HDRWQ268">Creating a Tape Recycling Schedule</A>.
+<A NAME="IDX7031"></A>
+<A NAME="IDX7032"></A>
+<P><LI><A NAME="LIBKDUMP-SYNTAX"></A>Issue the <B>backup dump</B> command to dump the
+volume set.
+<UL>
+<P><LI>To create one initial dump, provide only the volume set name, dump level
+name, and port offset (if not zero).
+<P><LI>To create one appended dump, add the <B>-append</B> flag.
+<P><LI>To schedule a single initial or appended dump, add the <B>-at</B>
+argument.
+<P><LI>To initiate multiple dump operations, record the appropriate commands in a
+file and name it with the <B>-file</B> argument. Do not combine
+this argument with options other than the <B>-at</B> argument.
+</UL>
+<PRE> backup> <B>dump</B> <<VAR>volume set name</VAR>> <<VAR>dump level name</VAR>> [<<VAR>TC port offset</VAR>>] \
+ [<B>-at</B> <<VAR>Date/time to start dump</VAR>><SUP>+</SUP>] \
+ [<B>-append</B>] [<B>-n</B>] [<B>-file</B> <<VAR>load file</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>dump
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>volume set name</VAR>
+</B><DD>Names the volume set to dump.
+<P><DT><B><VAR>dump level name</VAR>
+</B><DD>Specifies the complete pathname of the dump level at which to dump the
+volume set.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the port offset number of the Tape Coordinator process that is
+handling the operation. You must provide this argument unless the
+default value of 0 (zero) is appropriate.
+<P><DT><B>-at
+</B><DD>Specifies the date and time in the future at which to run the command, or
+to read the file named by the <B>-file</B> argument. Provide a
+value in the format <VAR>mm</VAR>/<VAR>dd</VAR>/<VAR>yyyy</VAR>
+[<VAR>hh</VAR>:<VAR>MM</VAR>], where the month (<VAR>mm</VAR>), day
+(<VAR>dd</VAR>), and year (<VAR>yyyy</VAR>) are required. Valid values for
+the year range from <B>1970</B> to <B>2037</B>; higher values are
+not valid because the latest possible date in the standard UNIX representation
+is in February 2038. The Backup System automatically reduces any later
+date to the maximum value in 2038.
+<P>The hour and minutes (<VAR>hh</VAR>:<VAR>MM</VAR>) are optional, but if
+provided must be in 24-hour format (for example, the value
+<B>14:36</B> represents 2:36 p.m.). If
+you omit them, the time defaults to midnight (00:00 hours).
+<P>As an example, the value <B>04/23/1999 20:20</B> schedules the
+command for 8:20 p.m. on 23 April 1999.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-append
+</B><DD>Creates an appended dump by scanning to the end of the data from one or
+more previous dump operations that it finds on the tape or in the backup data
+file.
+<P><DT><B>-n
+</B><DD>Displays the names of all volumes to be included in the indicated dump,
+without actually writing data to tape or the backup data file. Combine
+this flag with the arguments you plan to use on the actual command, but not
+with the <B>-file</B> argument.
+<P><DT><B>-file
+</B><DD>Specifies the local disk or AFS pathname of a file containing
+<B>backup</B> commands. The Backup System reads the file
+immediately, or at the time specified by the <B>-at</B> argument if it is
+provided. A partial pathname is interpreted relative to the current
+working directory.
+<P>Place each <B>backup dump</B> command on its own line in the indicated
+file, using the same syntax as for the command line, but without the word
+<B>backup</B> at the start of the line. Each command must include
+the <VAR>volume set name</VAR> and <VAR>dump level name</VAR> arguments plus the
+<VAR>TC port offset</VAR> argument if the default value of zero is not
+appropriate. Commands in the file can also include any of the
+<B>backup dump</B> command's optional arguments, including the
+<B>-at</B> argument (which must specify a date and time later than the
+date and time at which the Backup System reads the file).
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or if the device's
+<B>CFG_</B><VAR>device_name</VAR> configuration file includes the
+instruction <B>AUTOQUERY YES</B>, then the Tape Coordinator prompts you to
+place the tape in the device's drive. You have already done so,
+but you must now press <<B>Return</B>> to indicate that the tape is
+ready for labeling.
+<P>If more than one tape is required, you must either include the
+<B>MOUNT</B> instruction in the <B>CFG_</B><VAR>device_name</VAR> file
+and stock the corresponding stacker or jukebox with tapes, or remain at the
+console to respond to the Tape Coordinator's prompts for subsequent
+tapes.
+<P><LI>After the dump operation completes, review the Backup System's log
+files to check for errors. Use the <B>bos getlog</B> command as
+instructed in <A HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A> to read the <B>/usr/afs/logs/BackupLog</B> file, and a
+text editor on the Tape Coordinator machine to read the
+<B>TE_</B><VAR>device_name</VAR> and <B>TL_</B><VAR>device_name</VAR>
+files in the local <B>/usr/afs/backup</B> directory.
+<P>It is also a good idea to record the tape name and dump ID number on the
+exterior label of each tape.
+</OL>
+<HR><H2><A NAME="HDRWQ302" HREF="auagd002.htm#ToC_339">Displaying Backup Dump Records</A></H2>
+<P>The <B>backup</B> command suite includes three commands
+for displaying information about data you have backed up:
+<UL>
+<P><LI>To display information about one or more dump operations, such as the date
+it was performed and the number of volumes included, use the <B>backup
+dumpinfo</B> command as described in <A HREF="#HDRWQ303">To display dump records</A>. You can display a detailed record of a single dump
+or more condensed records for a certain number of dumps, starting with the
+most recent and going back in time. You can specify the number of dumps
+or accept the default of 10.
+<P><LI>To display a volume's dump history, use the <B>backup volinfo</B>
+command as described in <A HREF="#HDRWQ304">To display a volume's dump history</A>.
+<P><LI>To display information extracted from a tape or backup data file about the
+volumes it includes, use the <B>backup scantape</B> command. To
+create new dump and tape records in the Backup Database derived from the tape
+and dump labels, add the <B>-dbadd</B> flag. For instructions, see <A HREF="#HDRWQ305">To scan the contents of a tape</A>.
+</UL>
+<A NAME="IDX7033"></A>
+<A NAME="IDX7034"></A>
+<A NAME="IDX7035"></A>
+<A NAME="IDX7036"></A>
+<A NAME="IDX7037"></A>
+<A NAME="IDX7038"></A>
+<A NAME="IDX7039"></A>
+<P><H3><A NAME="HDRWQ303" HREF="auagd002.htm#ToC_340">To display dump records</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup dumpinfo</B> command to list information about
+dumps recorded in the Backup Database.
+<PRE> % <B>backup dumpinfo</B> [<B>-ndumps</B> <<VAR>no. of dumps</VAR>>] [<B>-id</B> <<VAR>dump id</VAR>>] [<B>-verbose</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>dump
+</B><DD>Is the shortest acceptable abbreviation of <B>dumpinfo</B>.
+<P><DT><B>-ndumps
+</B><DD>Displays the Backup Database record for each of the specified number of
+dumps, starting with the most recent and going back in time. If the
+database contains fewer dumps than are requested, the output includes the
+records for all existing dumps. Do not combine this argument with the
+<B>-id</B> argument or <B>-verbose</B> flag; omit all three
+options to display the records for the last 10 dumps.
+<P><DT><B>-id
+</B><DD>Specifies the dump ID number of a single dump for which to display the
+Backup Database record. You must include the <B>-id</B>
+switch. Do not combine this option with the <B>-ndumps</B> or
+<B>-verbose</B> arguments; omit all three arguments to display the
+records for the last 10 dumps.
+<P><DT><B>-verbose
+</B><DD>Provides more detailed information about the dump specified with the
+<B>-id</B> argument, which must be provided along with it. Do not
+combine this flag with the <B>-ndumps</B> option.
+</DL>
+</OL>
+<P>If the <B>-ndumps</B> argument is provided, the output presents the
+following information in table form, with a separate line for each dump:
+<DL>
+<P><DT><B><TT>dumpid</TT>
+</B><DD>The dump ID number.
+<P><DT><B><TT>parentid</TT>
+</B><DD>The dump ID number of the dump's parent dump. A value of
+<TT>0</TT> (zero) identifies a full dump.
+<P><DT><B><TT>lv</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used to create the
+dump. A value of <TT>0</TT> (zero) identifies a full dump, in which
+case the value in the <TT>parentid</TT> field is also <TT>0</TT>. A
+value of <TT>1</TT> or greater indicates an incremental dump made at the
+corresponding level in the dump hierarchy.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the Backup System started the dump operation
+that created the dump.
+<P><DT><B><TT>nt</TT>
+</B><DD>The number of tapes that contain the data in the dump. A value of
+<TT>0</TT> (zero) indicates that the dump operation was terminated or
+failed. Use the <B>backup deletedump</B> command to remove such
+entries.
+<P><DT><B><TT>nvols</TT>
+</B><DD>The number of volumes from which the dump includes data. If a
+volume spans tapes, it is counted twice. A value of <TT>0</TT> (zero)
+indicates that the dump operation was terminated or failed; the value in
+the <TT>nt</TT> field is also <TT>0</TT> in this case.
+<P><DT><B><TT>dump name</TT>
+</B><DD>The dump name in the form
+<PRE> <VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR> (<VAR>initial_dump_ID</VAR>)
+
+</PRE>
+<P>
+<P>where <VAR>volume_set_name</VAR> is the name of the volume set, and
+<VAR>dump_level_name</VAR> is the last element in the dump level pathname at
+which the volume set was dumped.
+<P>The <VAR>initial_dump_ID</VAR>, if displayed, is the dump ID of the initial
+dump in the dump set to which this dump belongs. If there is no value
+in parentheses, the dump is the initial dump in a dump set that has no
+appended dumps.
+</DL>
+<P>If the <B>-id</B> argument is provided alone, the first line of output
+begins with the string <TT>Dump</TT> and reports information for the entire
+dump in the following fields:
+<DL>
+<P><DT><B><TT>id</TT>
+</B><DD>The dump ID number.
+<P><DT><B><TT>level</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used to create the
+dump. A value of <TT>0</TT> (zero) identifies a full dump. A
+value of <TT>1</TT> (one) or greater indicates an incremental dump made at
+the specified level in the dump hierarchy.
+<P><DT><B><TT>volumes</TT>
+</B><DD>The number of volumes for which the dump includes data.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the dump operation began.
+</DL>
+<P>If an XBSA server was the backup medium for the dump (rather than a tape
+device or backup data file), the following line appears next:
+<PRE> Backup Service: <VAR>XBSA_program</VAR>: Server: <VAR>hostname</VAR>
+</PRE>
+<P>where <VAR>XBSA_program</VAR> is the name of the XBSA-compliant program and
+<VAR>hostname</VAR> is the name of the machine on which the program runs.
+<P>Next the output includes an entry for each tape that houses volume data
+from the dump. Following the string <TT>Tape</TT>, the first two
+lines of each entry report information about that tape in the following
+fields:
+<DL>
+<P><DT><B><TT>name</TT>
+</B><DD>The tape's permanent name if it has one, or its AFS tape name
+otherwise, and its tape ID number in parentheses.
+<P><DT><B><TT>nVolumes</TT>
+</B><DD>The number of volumes for which this tape includes dump data.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the Tape Coordinator began writing data to this
+tape.
+</DL>
+<P>Following another blank line, the tape-specific information concludes with
+a table that includes a line for each volume dump on the tape. The
+information appears in columns with the following headings:
+<DL>
+<P><DT><B><TT>Pos</TT>
+</B><DD>The relative position of each volume in this tape or file. On a
+tape, the counter begins at position 2 (the tape label occupies position 1),
+and increments by one for each volume. For volumes in a backup data
+file, the position numbers start with 1 and do not usually increment only by
+one, because each is the ordinal of the 16 KB offset in the file at which the
+volume's data begins. The difference between the position numbers
+therefore indicates how many 16 KB blocks each volume's data
+occupies. For example, if the second volume is at position 5 and the
+third volume in the list is at position 9, that means that the dump of the
+second volume occupies 64 KB (four 16-KB blocks) of space in the file.
+<P><DT><B><TT>Clone time</TT>
+</B><DD>For a backup or read-only volume, the time at which it was cloned from its
+read/write source. For a Read/Write volume, it is the same as the dump
+creation date reported on the first line of the output.
+<P><DT><B><TT>Nbytes</TT>
+</B><DD>The number of bytes of data in the dump of the volume.
+<P><DT><B><TT>Volume</TT>
+</B><DD>The volume name, complete with <TT>.backup</TT> or
+<TT>.readonly</TT> extension if appropriate.
+</DL>
+<P>If both the <B>-id</B> and <B>-verbose</B> options are provided,
+the output is divided into several sections:
+<UL>
+<P><LI>The first section, headed by the underlined string <TT>Dump</TT>,
+includes information about the entire dump. The fields labeled
+<TT>id</TT>, <TT>level</TT>, <TT>created</TT>, and <TT>nVolumes</TT>
+report the same values (though in a different order) as appear on the first
+line of output when the <B>-id</B> argument is provided by itself.
+Other fields of potential interest to the backup operator are:
+<DL>
+<P><DT><B><TT>Group id</TT>
+</B><DD>The dump's <I>group ID number</I>, which is recorded in the
+dump's Backup Database record if the <B>GROUPID</B> instruction
+appears in the Tape Coordinator's <B>
+/usr/afs/backup/CFG_</B><VAR>tcid</VAR> file when the dump is created.
+<P><DT><B><TT>maxTapes</TT>
+</B><DD>The number of tapes that contain the dump set to which this dump
+belongs.
+<P><DT><B><TT>Start Tape Seq</TT>
+</B><DD>The ordinal of the tape on which this dump begins in the set of tapes that
+contain the dump set.
+</DL>
+<P><LI>For each tape that contains data from this dump, there follows a section
+headed by the underlined string <TT>Tape</TT>. The fields labeled
+<TT>name</TT>, <TT>written</TT>, and <TT>nVolumes</TT> report the same
+values (though in a different order) as appear on the second and third lines
+of output when the <B>-id</B> argument is provided by itself. Other
+fields of potential interest to the backup operator are:
+<DL>
+<P><DT><B><TT>expires</TT>
+</B><DD>The date and time when this tape can be recycled, because all dumps it
+contains have expired.
+<P><DT><B><TT>nMBytes Data</TT> and <TT>nBytes Data</TT>
+</B><DD>Summed together, these fields represent the total amount of dumped data
+actually from volumes (as opposed to labels, filemarks, and other
+markers).
+<P><DT><B><TT>KBytes Tape Used</TT>
+</B><DD>The number of kilobytes of tape (or disk space, for a backup data file)
+used to store the dump data. It is generally larger than the sum of the
+values in the <TT>nMBytes Data</TT> and <TT>nBytes Data</TT> fields,
+because it includes the space required for the label, file marks and other
+markers, and because the Backup System writes data at 16 KB offsets, even if
+the data in a given block doesn't fill the entire 16 KB.
+</DL>
+<P><LI>For each volume on a given tape, there follows a section headed by the
+underlined string <TT>Volume</TT>. The fields labeled
+<TT>name</TT>, <TT>position</TT>, <TT>clone</TT>, and <TT>nBytes</TT>
+report the same values (though in a different order) as appear in the table
+that lists the volumes in each tape when the <B>-id</B> argument is
+provided by itself. Other fields of potential interest to the backup
+operator are:
+<DL>
+<P><DT><B><TT>id</TT>
+</B><DD>The volume ID.
+<P><DT><B><TT>tape</TT>
+</B><DD>The name of the tape containing this volume data.
+</DL>
+</UL>
+<P>The following example command displays the Backup Database records for the
+five most recent dump operations.
+<PRE> % <B>backup dump 5</B>
+ dumpid parentid lv created nt nvols dump name
+ 924424000 0 0 04/18/1999 04:26 1 22 usr.sun (924424000)
+ 924685000 924424000 1 04/21/1999 04:56 1 62 usr.wed (924424000)
+ 924773000 924424000 1 04/22/1999 05:23 1 46 usr.thu (924424000)
+ 924860000 924424000 1 04/23/1999 05:33 1 58 usr.fri (924424000)
+ 925033000 0 0 04/25/1999 05:36 2 73 sys.week
+</PRE>
+<A NAME="IDX7040"></A>
+<A NAME="IDX7041"></A>
+<A NAME="IDX7042"></A>
+<A NAME="IDX7043"></A>
+<P><H3><A NAME="HDRWQ304" HREF="auagd002.htm#ToC_341">To display a volume's dump history</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup volinfo</B> command to display a volume's
+dump history.
+<PRE> % <B>backup volinfo</B> <<VAR>volume name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>voli
+</B><DD>Is the shortest acceptable abbreviation of <B>volinfo</B>.
+<P><DT><B><VAR>volume name</VAR>
+</B><DD>Names the volume for which to display the dump history. If you
+dumped the backup or read-only version of the volume, include the
+<B>.backup</B> or <B>.readonly</B> extension.
+</DL>
+</OL>
+<P>The output includes a line for each Backup Database dump record that
+mentions the specified volume, order from most to least recent. The
+output for each record appears in a table with six columns:
+<DL>
+<P><DT><B><TT>dumpID</TT>
+</B><DD>The dump ID of the dump that includes the volume.
+<P><DT><B><TT>lvl</TT>
+</B><DD>The depth in the dump hierarchy of the dump level at which the volume was
+dumped. A value of <TT>0</TT> indicates a full dump. A value
+of <TT>1</TT> or greater indicates an incremental dump made at the specified
+depth in the dump hierarchy.
+<P><DT><B><TT>parentid</TT>
+</B><DD>The dump ID of the dump's parent dump. A value of <TT>0</TT>
+indicates a full dump, which has no parent; in this case, the value in
+the <TT>lvl</TT> column is also <TT>0</TT>.
+<P><DT><B><TT>creation date</TT>
+</B><DD>The date and time at which the Backup System started the dump operation
+that created the dump.
+<P><DT><B><TT>clone date</TT>
+</B><DD>For a backup or read-only volume, the time at which it was cloned from its
+read/write source. For a read/write volume, the same as the value in
+the <TT>creation date</TT> field.
+<P><DT><B><TT>tape name</TT>
+</B><DD>The name of the tape containing the dump: either the permanent tape
+name, or an AFS tape name in the format
+<I>volume_set_name</I>.<I>dump_level_name</I>.<I>tape_index</I>
+where <I>volume_set_name</I> is the name of the volume set associated with
+the initial dump in the dump set of which this tape is a part;
+<I>dump_level_name</I> is the name of the dump level at which the initial
+dump was backed up; <I>tape_index</I> is the ordinal of the tape in
+the dump set. Either type of name can be followed by a dump ID in
+parentheses; if it appears, it is the dump ID of the initial dump in the
+dump set to which this appended dump belongs.
+</DL>
+<P>The following example shows part of the dump history of the backup volume
+<B>user.smith.backup</B>:
+<PRE> %<B> backup volinfo user.smith.backup</B>
+ DumpID lvl parentID creation date clone date tape name
+ 924600000 1 924427600 04/20/1999 05:20 04/20/1999 05:01 user_incr_2 (924514392)
+ 924514392 1 924427600 04/19/1999 05:33 04/19/1999 05:08 user_incr_2
+ 924427600 0 0 04/18/1999 05:26 04/18/1999 04:58 user_full_6
+ . . . . . . . .
+ . . . . . . . .
+</PRE>
+<A NAME="IDX7044"></A>
+<A NAME="IDX7045"></A>
+<A NAME="IDX7046"></A>
+<A NAME="IDX7047"></A>
+<A NAME="IDX7048"></A>
+<P><H3><A NAME="HDRWQ305" HREF="auagd002.htm#ToC_342">To scan the contents of a tape</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The ability to scan a tape that is corrupted or damaged
+depends on the extent of the damage and what type of data is corrupted.
+The Backup System can almost always scan the tape successfully up to the point
+of damage. If the damage is minor, the Backup System can usually skip
+over it and scan the rest of the tape, but more major damage can prevent
+further scanning. A scanning operation does not have to begin with the
+first tape in a dump set, but the Backup System can process tapes only in
+sequential order after the initial tape provided. Therefore, damage on
+one tape does not prevent scanning of the others in the dump set, but it is
+possible to scan either the tapes that precede the damaged one or the ones
+that follow it, not both.
+<P>If you use the <B>-dbadd</B> flag to scan information into the Backup
+Database and the first tape you provide is not the first tape in the dump set,
+the following restrictions apply:
+<UL>
+<P><LI>If the first data on the tape is a continuation of a volume that begins on
+the previous (unscanned) tape in the dump set, the Backup System does not add
+a record for that volume to the Backup Database.
+<P><LI>The Backup System must read the marker that indicates the start of an
+appended dump to add database records for the volumes in it. If the
+first volume on the tape belongs to an appended dump, but is not immediately
+preceded by the appended-dump marker, the Backup System does not create a
+Backup Database record for it or any subsequent volumes that belong to that
+appended dump.
+</UL>
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P><LI>If scanning a tape, place it in the drive.
+<P><LI><B>(Optional)</B> Issue the <B>backup</B> command to enter
+interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<A NAME="IDX7049"></A>
+<A NAME="IDX7050"></A>
+<P><LI>Issue the <B>backup scantape</B> command to read the contents of the
+tape.
+<PRE> backup> <B>scantape</B> [<B>-dbadd</B>] [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sc
+</B><DD>Is the shortest acceptable abbreviation of <B>scantape</B>.
+<P><DT><B>-dbadd
+</B><DD>Constructs dump and tape records from the tape and dump labels in the dump
+and writes them into the Backup Database.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the port offset number of the Tape Coordinator process that is
+handling the operation. You must provide this argument unless the
+default value of 0 (zero) is appropriate.
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or the device's
+<B>CFG_</B><VAR>device_name</VAR> configuration file includes the
+instruction <B>AUTOQUERY YES</B> instruction, then the Tape Coordinator
+prompts you to place the tape in the device's drive. You have
+already done so, but you must now press <<B>Return</B>> to indicate
+that the tape is ready for reading.
+</OL>
+<P>To terminate a tape scanning operation, use a termination signal such as
+<<B>Ctrl-c</B>>, or issue the <B>(backup) kill</B> command in
+interactive mode. It is best not to interrupt the scan if you included
+the <B>-dbadd</B> argument. If the Backup System has already
+written new records into the Backup Database, then you must remove them before
+rerunning the scanning operation. If during the repeated scan operation
+the Backup System finds that a record it needs to create already exists, it
+halts the operation.
+<P>For each dump on the tape, the output in the Tape Coordinator window
+displays the dump label followed by an entry for each volume. There is
+no output in the command window. The dump label has the same fields as
+the tape label displayed by the <B>backup readlabel</B> command, as
+described in <A HREF="auagd011.htm#HDRWQ272">Writing and Reading Tape Labels</A>. Or see the <I>IBM AFS Administration
+Reference</I> for a detailed description of the fields in the output.
+<P>The following example shows the dump label and first volume entry on the
+tape in the device that has port offset 2:
+<PRE> % <B>backup scantape 2</B>
+ -- Dump label --
+ tape name = monthly_guest
+ AFS tape name = guests.monthly.3
+ creationTime = Mon Feb 1 04:06:40 1999
+ cell = abc.com
+ size = 2150000 Kbytes
+ dump path = /monthly
+ dump id = 917860000
+ useCount = 44
+ -- End of dump label --
+ -- volume --
+ volume name: user.guest10.backup
+ volume ID 1937573829
+ dumpSetName: guests.monthly
+ dumpID 917860000
+ level 0
+ parentID 0
+ endTime 0
+ clonedate Mon Feb 1 03:03:23 1999
+</PRE>
+<HR><H2><A NAME="HDRWQ306" HREF="auagd002.htm#ToC_343">Restoring and Recovering Data</A></H2>
+<A NAME="IDX7051"></A>
+<A NAME="IDX7052"></A>
+<A NAME="IDX7053"></A>
+<A NAME="IDX7054"></A>
+<A NAME="IDX7055"></A>
+<A NAME="IDX7056"></A>
+<A NAME="IDX7057"></A>
+<A NAME="IDX7058"></A>
+<A NAME="IDX7059"></A>
+<A NAME="IDX7060"></A>
+<A NAME="IDX7061"></A>
+<A NAME="IDX7062"></A>
+<P>The purpose of making backups is to enable you to recover when data becomes
+corrupted or is removed accidentally, returning the data to a coherent past
+state. The AFS Backup System provides three commands that restore
+varying numbers of volumes:
+<UL>
+<P><LI>To restore one or more volumes to a single site (partition on an AFS file
+server machine), use the <B>backup volrestore</B> command.
+<P><LI>To restore one or more volumes that are defined as a volume set, each to a
+specified site, use the <B>backup volsetrestore</B> command.
+<P><LI>To restore an entire partition (that is, all of the volumes that the VLDB
+lists as resident on it), use the <B>backup diskrestore</B>
+command.
+</UL>
+<P>The commands are suited to different purposes because they vary in the
+combinations of features they offer and in the requirements they
+impose. To decide which is appropriate for a specific restore
+operation, see the subsequent sections of this introduction: <A HREF="#HDRWQ308">Using the backup volrestore Command</A>, <A HREF="#HDRWQ310">Using the backup diskrestore Command</A>, and <A HREF="#HDRWQ312">Using the backup volsetrestore Command</A>.
+<P><H3><A NAME="HDRWQ307" HREF="auagd002.htm#ToC_344">Making Restore Operations More Efficient</A></H3>
+<P>The following comments apply to all types of restore
+operation:
+<UL>
+<P><LI>The Backup System begins by restoring the most recent full dump of a
+volume. As it restores subsequent incremental dumps, it alters the data
+in the full dump appropriately, essentially repeating the volume's change
+history. The <B>backup diskrestore</B> and <B>backup
+volsetrestore</B> commands always restore all incremental dumps, bringing a
+volume to its state at the time of the most recent incremental dump.
+You can use the <B>backup volrestore</B> command to return a volume to its
+state at a specified time in the past, by not restoring the data from
+incremental dumps performed after that time.
+<P><LI>The Backup System sets a restored volume's creation date to the date
+and time of the restore operation. The creation date appears in the
+<TT>Creation</TT> field of the output from the <B>vos examine</B> and
+<B>vos listvol</B> commands.
+<P><LI>When identifying the volumes to restore, it is best to specify the base
+(read/write) name. In this case, the Backup System searches the Backup
+Database for the most recent dump set that includes data from either the
+read/write or backup version of the volume, and restores dumps of that volume
+starting with the most recent full dump. If you include the
+<B>.backup</B> or <B>.readonly</B> extension on the
+volume name, the Backup System restores dumps of that version only. If
+it cannot find data dumped from that version, it does not perform the
+restoration even if another version was dumped.
+<P><LI>All three restoration commands accept the <B>-n</B> option, which
+generates a list of the volumes to be restored and the tapes or backup data
+files that contain the necessary dumps, without actually restoring data to AFS
+server partitions. This enables you to gather together the tapes before
+beginning the restore operation, even preloading them into a stacker or
+jukebox if you are using one.
+<P><LI>If you back up AFS data to tape, restoration is simplest if all of your
+tape devices are compatible, meaning that they can read the same type of tape,
+at the same compression ratios, and so on. (This suggestion also
+appears in <A HREF="#HDRWQ297">Making Backup Operations More Efficient</A>, because by the time you need to restore data it is too late
+to implement it.) You can still restore multiple volumes with a single
+command even if data was backed up using incompatible devices, because the
+<B>-portoffset</B> argument to all three restoration commands accepts
+multiple values. However, the Backup System uses the first port offset
+listed when restoring the full dump of each volume, the next port offset when
+restoring the level 1 incremental dump of each volume, and so on. If
+you did not use a compatible tape device when creating the full dump of every
+volume (and at each incremental level too), you cannot restore multiple
+volumes with a single command. You must use the <B>backup
+volrestore</B> command to restore one volume at a time, or use the
+<B>backup volsetrestore</B> command after defining volume sets that group
+volumes according to the tape device used to dump them.
+<P><LI>During a restore operation, the Backup System uses instructions in the
+relevant <B>CFG_</B><VAR>device_name</VAR> configuration file in much the
+same way as during a dump operation, as described in <A HREF="#HDRWQ298">How Your Configuration Choices Influence the Dump Process</A>. It uses the <B>MOUNT</B>, <B>UNMOUNT</B>,
+<B>AUTOQUERY</B>, <B>BUFFERSIZE</B>, and <B>FILE</B> instructions
+just as for a dump operation. A difference for the
+<B>BUFFERSIZE</B> instruction is that the default buffer size overridden
+by the instruction is 32 KB for restore operations rather than the 16 KB used
+for dump operations. The Backup System does not use the
+<B>NAME_CHECK</B> instruction at all during restore operations. The
+<B>ASK</B> instruction controls whether the Backup System prompts you if
+it cannot restore a volume for any reason. If the setting is
+<B>NO</B>, it skips the problematic volume and restores as many of the
+other volumes as possible.
+<P><LI>Do not perform a restore operation when you know that there are network,
+machine, or server process problems that can prevent the Backup System from
+accessing volumes or the VLDB. Although the Backup System automatically
+makes a number of repeated attempts to restore a volume, the restore operation
+takes extra time and in some cases stops completely to prompt you for
+instructions on how to continue.
+<P><LI>Avoid halting a restore operation (for instance by issuing the
+<B>(backup) kill</B> command in interactive mode). If a restore
+operation is interrupted for any reason, including causes outside your
+control, reissue the same restoration command as soon as is practical; if
+an outage or other problem caused the operation to halt, do not continue until
+the system returns to normal.
+<P>Any volume that is completely restored when the operation halts is online
+and usable, but very few volumes are likely to be in this state. When
+restoring multiple volumes at once, the Backup System restores the full dump
+of every volume before beginning the level 1 incremental restore for any of
+them, and so on, completing the restore of every volume at a specific
+incremental level before beginning to restore data from the next incremental
+level. Unless a volume was dumped at fewer incremental levels than
+others being restored as part of the same operation, it is unlikely to be
+complete.
+<P>It is even more dangerous to interrupt a restore operation if you are
+overwriting the current contents of the volume. Depending on how far
+the restore operation has progressed, it is possible that the volume is in
+such an inconsistent state that the Backup System removes it entirely.
+The data being restored is still available on tape or in the backup data file,
+but you must take extra steps to re-create the volume.
+</UL>
+<P><H3><A NAME="HDRWQ308" HREF="auagd002.htm#ToC_345">Using the backup volrestore Command</A></H3>
+<A NAME="IDX7063"></A>
+<A NAME="IDX7064"></A>
+<A NAME="IDX7065"></A>
+<A NAME="IDX7066"></A>
+<A NAME="IDX7067"></A>
+<A NAME="IDX7068"></A>
+<P>The <B>backup volrestore</B> command is most appropriate when you need
+to restore a few volumes to a single site (partition on a file server
+machine). By default, it restores the volumes to their state at the
+time of the most recent dump operation (this is termed a <I>full
+restore</I>). You can also use the command to perform a
+<I>date-specific restore</I>, which restores only the dumps (full and
+incremental) performed before a specified date and time, leaving the volume in
+the state it was in at the time of the final relevant incremental dump.
+The <B>backup diskrestore</B> and <B>backup volsetrestore</B> commands
+can only perform full restores.
+<P>You can restore data into a new copy of each volume rather than overwriting
+the current version, by including the <B>-extension</B> argument.
+After mounting the new volume in the filespace, you can compare the contents
+of the two and decide which to keep permanently.
+<P>The following list summarizes how to combine the <B>backup
+volrestore</B> command's arguments to restore a volume in different
+ways:
+<UL>
+<P><LI>To perform a date-specific restore as described just previously, use the
+<B>-date</B> argument to specify the date and optionally time. The
+Backup System restores the most recent full dump and each subsequent
+incremental dump for which the clone date of the volume included in the dump
+is before the indicated date and time (for a definition of the clone date, see
+Step <A HREF="#LIBKOV-CLONEDATE">4</A> in <A HREF="#HDRWQ298">How Your Configuration Choices Influence the Dump Process</A>). You can combine this argument with
+the <B>-extension</B> argument to place the date-specific restore in a new
+volume.
+<P><LI>To move a volume to a new site as you overwrite its contents with the
+restored data, use the <B>-server</B> and <B>-partition</B> arguments,
+singly or in combination, to specify the new site rather than the current
+site. The Backup System creates a new volume at that site, removes the
+existing volume, and updates the site information in the volume's VLDB
+entry. The volume's backup version is not removed automatically
+from the original site, if it exists. Use the <B>vos remove</B>
+command to remove it and the <B>vos backup</B> command to create a backup
+version at the new site.
+<P><LI>To create a new volume to house the restored data, rather than overwriting
+an existing volume, use the <B>-extension</B> argument. The Backup
+System creates the new volume on the server and partition named by the
+<B>-server</B> and <B>-partition</B> arguments, derives its name by
+adding the extension to the name specified with the <B>-volume</B>
+argument, and creates a new VLDB entry for it. The command does not
+affect the existing volume in any way. However, if a volume with the
+specified extension also already exists, the command overwrites it. To
+make the contents of the new volume accessible, use the <B>fs mkmount</B>
+command to mount it. You can then compare its contents to those of the
+existing volume, to see which to retain permanently.
+<P><LI>To restore a volume that no longer exists on an AFS server partition, but
+for which you have backed up data, specify the name of the new volume with the
+<B>-volume</B> argument and use the <B>-server</B> and
+<B>-partition</B> arguments to place it at the desired site. The
+Backup System creates a new volume and new VLDB entry.
+</UL>
+<A NAME="IDX7069"></A>
+<A NAME="IDX7070"></A>
+<P><H3><A NAME="HDRWQ309" HREF="auagd002.htm#ToC_346">To restore volumes with the backup volrestore command</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P>Repeat the command for each Tape Coordinator if you are using more than one
+tape device.
+<P><LI>If using a tape device, insert the tape.
+<P><LI>Issue the <B>backup</B> command to enter interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>backup volrestore</B> command with the desired
+arguments.
+<PRE> backup> <B>volrestore</B> <<VAR>destination machine</VAR>> <<VAR>destination partition</VAR>> \
+ <B>-volume</B> <<VAR>volume(s) to restore</VAR>><SUP>+</SUP> \
+ [<B>-extension</B> <<VAR>new volume name extension</VAR>>] \
+ [<B>-date</B> <<VAR>date from which to restore</VAR>>] \
+ [<B>-portoffset</B> <<VAR>TC port offsets</VAR>><SUP>+</SUP>] [<B>-n</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>volr
+</B><DD>Is the shortest acceptable abbreviation of <B>volrestore</B>.
+<P><DT><B><VAR>destination machine</VAR>
+</B><DD>Names the file server machine on which to restore each volume. It
+does not have to be a volume's current site.
+<P><DT><B><VAR>destination partition</VAR>
+</B><DD>Names the partition on which to restore each volume. It does not
+have to be a volume's current site.
+<P><DT><B>-volume
+</B><DD>Names each volume to restore. It is best to provide the base
+(read/write) name, for the reasons discussed in <A HREF="#HDRWQ307">Making Restore Operations More Efficient</A>.
+<P><DT><B>-extension
+</B><DD>Creates a new volume to house the restored data, with a name derived by
+appending the specified string to each volume named by the <B>-volume</B>
+extension. The Backup System preserves the contents of the existing
+volume if it still exists. Do not use either of the
+<B>.readonly</B> or <B>.backup</B> extensions, which are
+reserved. The combination of base volume name and extension cannot
+exceed 22 characters in length. If you want a period to separate the
+extension from the name, specify it as the first character of the string (as
+in <B>.rst</B>, for example).
+<P><DT><B>-date
+</B><DD>Specifies a date and optionally time; the restored volume includes
+data from dumps performed before the date only. Provide a value in the
+format <I>mm</I>/<I>dd</I>/<I>yyyy</I>
+[<I>hh</I>:<I>MM</I>], where the required <I>mm/dd/yyyy</I>
+portion indicates the month (<I>mm</I>), day (<I>dd</I>), and year
+(<I>yyyy</I>), and the optional <I>hh:MM</I> portion indicates
+the hour and minutes in 24-hour format (for example, the value
+<B>14:36</B> represents 2:36 p.m.). If
+omitted, the time defaults to 59 seconds after midnight (00:00:59
+hours).
+<P>Valid values for the year range from <B>1970</B> to
+<B>2037</B>; higher values are not valid because the latest possible
+date in the standard UNIX representation is in February 2038. The
+command interpreter automatically reduces any later date to the maximum
+value.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-portoffset
+</B><DD>Specifies one or more port offset numbers, each corresponding to a Tape
+Coordinator to use in the operation. If there is more than one value,
+the Backup System uses the first one when restoring the full dump of each
+volume, the second one when restoring the level 1 incremental dump of each
+volume, and so on. It uses the final value in the list when restoring
+dumps at the corresponding depth in the dump hierarchy and all dumps at lower
+levels.
+<P>Provide this argument unless the default value of 0 (zero) is appropriate
+for all dumps. If 0 is just one of the values in the list, provide it
+explicitly in the appropriate order.
+<P><DT><B>-n
+</B><DD>Displays the list of tapes that contain the dumps required by the restore
+operation, without actually performing the operation.
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or the device's
+<B>CFG_</B><VAR>device_name</VAR> configuration file includes the
+instruction <B>AUTOQUERY YES</B>, then the Tape Coordinator prompts you to
+place the tape in the device's drive. You have already done so,
+but you must now press <<B>Return</B>> to indicate that the tape is
+ready for labeling.
+<P>If more than one tape is required, you must either include the
+<B>MOUNT</B> instruction in the <B>CFG_</B><VAR>device_name</VAR> file
+and stock the corresponding stacker or jukebox with tapes, or remain at the
+console to respond to the Tape Coordinator's prompts for subsequent
+tapes.
+<P><LI>After the restore operation completes, review the Backup System's log
+files to check for errors. Use the <B>bos getlog</B> command as
+instructed in <A HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A> to read the <B>/usr/afs/logs/BackupLog</B> file, and a
+text editor on the Tape Coordinator machine to read the
+<B>TE_</B><VAR>device_name</VAR> and <B>TL_</B><VAR>device_name</VAR>
+files in the local <B>/usr/afs/backup</B> directory.
+</OL>
+<P><H3><A NAME="HDRWQ310" HREF="auagd002.htm#ToC_347">Using the backup diskrestore Command</A></H3>
+<A NAME="IDX7071"></A>
+<A NAME="IDX7072"></A>
+<P>The <B>backup diskrestore</B> command is most appropriate when you need
+to restore all of the volumes on an AFS server partition, perhaps because a
+hardware failure has corrupted or destroyed all of the data. The
+command performs a full restore of all of the read/write volumes for which the
+VLDB lists the specified partition as the current site, using the dumps of
+either the read/write or backup version of each volume depending on which type
+was dumped more recently. (You can restore any backup or read-only
+volumes that resided on the partition by using the <B>vos backup</B> and
+<B>vos release</B> commands after the <B>backup diskrestore</B>
+operation is complete.)
+<P>By default, the Backup System restores the volumes to the site they
+previously occupied. To move the partition contents to a different
+site, use the <B>-newserver</B> and <B>-newpartition</B> arguments,
+singly or in combination.
+<P>By default, the Backup System overwrites the contents of existing volumes
+with the restored data. To create a new volume to house the restored
+data instead, use the <B>-extension</B> argument. The Backup System
+creates the new volume at the site designated by the <B>-newserver</B> and
+<B>-newpartition</B> arguments if they are used or the <B>-server</B>
+and <B>-partition</B> arguments otherwise. It derives the volume
+name by adding the extension to the read/write base name listed in the VLDB,
+and creates a new VLDB entry. The command does not affect the existing
+volume in any way. However, if a volume with the specified extension
+also already exists, the command overwrites it.
+<P>If a partition seems damaged, be sure not to run the <B>vos
+syncserv</B> command before the <B>backup diskrestore</B>
+command. As noted, the Backup System restores volumes according to VLDB
+site definitions. The <B>vos syncserv</B> command sometimes removes
+a volume's VLDB entry when the corruption on the partition is so severe
+that the Volume Server cannot confirm the volume's presence.
+<A NAME="IDX7073"></A>
+<A NAME="IDX7074"></A>
+<P><H3><A NAME="HDRWQ311" HREF="auagd002.htm#ToC_348">To restore a partition with the backup diskrestore command</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P>Repeat the command for each Tape Coordinator if you are using more than one
+tape device.
+<P><LI>If using a tape device, insert the tape.
+<P><LI>Issue the <B>backup</B> command to enter interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI>Issue the <B>backup diskrestore</B> command with the desired
+arguments.
+<PRE> backup> <B>diskrestore</B> <<VAR>machine to restore</VAR>> <<VAR>partition to restore</VAR>> \
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>><SUP>+</SUP>] \
+ [<B>-newserver</B> <<VAR>destination machine</VAR>>] \
+ [<B>-newpartition</B> <<VAR>destination partition</VAR>>] \
+ [<B>-extension</B> <<VAR>new volume name extension</VAR>>] [<B>-n</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>di
+</B><DD>Is the shortest acceptable abbreviation of <B>diskrestore</B>.
+<P><DT><B><VAR>machine to restore</VAR>
+</B><DD>Names the file server machine that the VLDB lists as the site of the
+volumes that need to be restored.
+<P><DT><B><VAR>partition to restore</VAR>
+</B><DD>Names the partition that the VLDB lists as the site of the volumes that
+need to be restored.
+<P><DT><B>-portoffset
+</B><DD>Specifies one or more port offset numbers, each corresponding to a Tape
+Coordinator to use in the operation. If there is more than one value,
+the Backup System uses the first one when restoring the full dump of each
+volume, the second one when restoring the level 1 incremental dump of each
+volume, and so on. It uses the final value in the list when restoring
+dumps at the corresponding depth in the dump hierarchy and all dumps at lower
+levels.
+<P>Provide this argument unless the default value of 0 (zero) is appropriate
+for all dumps. If 0 is just one of the values in the list, provide it
+explicitly in the appropriate order.
+<P><DT><B>-newserver
+</B><DD>Names an alternate file server machine to which to restore the
+volumes. If you omit this argument, the volumes are restored to the
+file server machine named by the <B>-server</B> argument.
+<P><DT><B>-newpartition
+</B><DD>Names an alternate partition to which to restore the data. If you
+omit this argument, the volumes are restored to the partition named by the
+<B>-partition</B> argument.
+<P><DT><B>-extension
+</B><DD>Creates a new volume for each volume being restored, to house the restored
+data, appending the specified string to the volume's read/write base name
+as listed in the VLDB. Any string other than
+<B>.readonly</B> or <B>.backup</B> is acceptable, but
+the combination of the base name and extension cannot exceed 22 characters in
+length. To use a period to separate the extension from the name,
+specify it as the first character of the string (as in <B>.rst</B>,
+for example).
+<P><DT><B>-n
+</B><DD>Displays a list of the tapes necessary to perform the requested restore,
+without actually performing the operation.
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or the device's
+<B>CFG_</B><VAR>device_name</VAR> configuration file includes the
+instruction <B>AUTOQUERY YES</B>, then the Tape Coordinator prompts you to
+place the tape in the device's drive. You have already done so,
+but you must now press <<B>Return</B>> to indicate that the tape is
+ready for labeling.
+<P>If more than one tape is required, you must either include the
+<B>MOUNT</B> instruction in the <B>CFG_</B><VAR>device_name</VAR> file
+and stock the corresponding stacker or jukebox with tapes, or remain at the
+console to respond to the Tape Coordinator's prompts for subsequent
+tapes.
+<P><LI>After the restore operation completes, review the Backup System's log
+files to check for errors. Use the <B>bos getlog</B> command as
+instructed in <A HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A> to read the <B>/usr/afs/logs/BackupLog</B> file, and a
+text editor on the Tape Coordinator machine to read the
+<B>TE_</B><VAR>device_name</VAR> and <B>TL_</B><VAR>device_name</VAR>
+files in the local <B>/usr/afs/backup</B> directory.
+</OL>
+<P><H3><A NAME="HDRWQ312" HREF="auagd002.htm#ToC_349">Using the backup volsetrestore Command</A></H3>
+<P>The <B>backup volsetrestore</B> command is most
+appropriate when you need to perform a full restore of several read/write
+volumes, placing each at a specified site. You specify the volumes to
+restore either by naming a volume set with the <B>-name</B> argument or by
+listing each volume's name and restoration site in a file named by the
+<B>-file</B> argument, as described in the following sections.
+<P>Because the <B>backup volsetrestore</B> command enables you to restore
+a large number of volumes with a single command, the restore operation can
+potentially take hours to complete. One way to reduce the time is to
+run multiple instances of the command simultaneously. Either use the
+<B>-name</B> argument to specify disjoint volume sets for each command, or
+the <B>-file</B> argument to name files that list different
+volumes. You must have several Tape Coordinators available to read the
+required tapes. Depending on how the volumes to be restored were dumped
+to tape, specifying disjoint volume sets can also reduce the number of tape
+changes required.
+<P><H4><A NAME="HDRWQ313">Restoring a Volume Set with the -name Argument</A></H4>
+<P>Use the <B>-name</B> argument to restore a group of
+volumes defined in a volume set. The Backup System creates a list of
+the volumes in the VLDB that match the server, partition, and volume name
+criteria defined in the volume set's volume entries, and for which dumps
+are available. The volumes do not have to exist on the server partition
+as long as the VLDB still lists them (this can happen when, for instance, a
+hardware problem destroys the contents of an entire disk).
+<P>By default, the Backup System restores, as a read/write volume, each volume
+that matches the volume set criteria to the site listed in the VLDB. If
+a volume of the matching name exists at that site, its current contents are
+overwritten. You can instead create a new volume to house the restored
+data by including the <B>-extension</B> argument. The Backup System
+creates the new volume at the existing volume's site, derives its name by
+adding the extension to the existing volume's read/write base name, and
+creates a new VLDB entry for it. The command does not affect the
+existing volume in any way. However, if a volume with the specified
+extension also already exists, the command overwrites it. To make the
+contents of the new volume accessible, use the <B>fs mkmount</B> command
+to mount it. You can then compare its contents to those of the existing
+volume, to see which to retain permanently.
+<P>It is not required that the volume set was previously used to back up
+volumes (was used as the <B>-volumeset</B> option to the <B>backup
+dump</B> command). It can be defined especially to match the volumes
+that need to be restored with this command, and that is usually the better
+choice. Indeed, a <I>temporary</I> volume set, created by including
+the <B>-temporary</B> flag to the <B>backup addvolset</B> command, can
+be especially useful in this context (instructions appear in <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>). A temporary volume set is not added to the Backup
+Database and exists only during the current interactive backup session, which
+is suitable if the volume set is needed only to complete the single restore
+operation initialized by this command.
+<P>The reason that a specially defined volume set is probably better is that
+volume sets previously defined for use in dump operations usually match the
+backup version of volumes, whereas for a restore operation it is best to
+define volume entries that match the base (read/write) name. In this
+case, the Backup System searches the Backup Database for the newest dump set
+that includes a dump of either the read/write or the backup version of the
+volume. If, in contrast, a volume entry explicitly matches the
+volume's backup or read-only version, the Backup System uses dumps of
+that volume version only, restoring them to a read/write volume by stripping
+off the <B>.backup</B> or <B>.readonly</B>
+extension.
+<P>If there are VLDB entries that match the volume set criteria, but for which
+there are no dumps recorded in the Backup Database, the Backup System cannot
+restore them. It generates an error message on the standard error
+stream for each one.
+<P><H4><A NAME="HDRWQ314">Restoring Volumes Listed in a File with the -file Argument</A></H4>
+<P>Use the <B>-file</B> argument to specify the name and
+site of each read/write volume to restore. Each volume's entry
+must appear on its own (unbroken) line in the file, and comply with the
+following format:
+<PRE> <VAR>machine</VAR> <VAR>partition</VAR> <VAR>volume</VAR> [<VAR>comments...</VAR>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>machine</VAR>
+</B><DD>Names the file server machine to which to restore the volume. You
+can move the volume as you restore it by naming a machine other than the
+current site.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Names the partition to which to restore the volume. You can move
+the volume as you restore it by naming a partition other than the current
+site.
+<P><DT><B><VAR>volume</VAR>
+</B><DD>Names the volume to restore. Specify the base (read/write) name to
+have the Backup System search the Backup Database for the newest dump set that
+includes a dump of either the read/write or the backup version of the
+volume. It restores the dumps of that version of the volume, starting
+with the most recent full dump. If, in contrast, you include the
+<TT>.backup</TT> or <TT>.readonly</TT> extension, the Backup
+System restores dumps of that volume version only, but into a read/write
+volume without the extension. The base name must match the name used in
+Backup Database dump records rather than in the VLDB, if they differ, because
+the Backup System does not consult the VLDB when you use the <B>-file</B>
+argument.
+<P><DT><B><VAR>comments...</VAR>
+</B><DD>Is any other text. The Backup System ignores any text on each line
+that appears after the volume name, so you can use this field for helpful
+notes.
+</DL>
+<P>Do not use wildcards (for example, <B>.*</B>) in the
+<VAR>machine</VAR>, <VAR>partition</VAR>, or <VAR>volume</VAR> fields. It is
+acceptable for multiple lines in the file to name the same volume, but the
+Backup System processes only the first of them.
+<P>By default, the Backup System replaces the existing version of each volume
+with the restored data, placing the volume at the site specified in the
+<VAR>machine</VAR> and <VAR>partition</VAR> fields. You can instead create
+a new volume to house the restored contents by including the
+<B>-extension</B> argument. The Backup System creates a new volume
+at the site named in the <VAR>machine</VAR> and <VAR>partition</VAR> fields,
+derives its name by adding the specified extension to the read/write version
+of the name in the <VAR>volume</VAR> field, and creates a new VLDB entry for
+it. The command does not affect the existing volume in any way.
+However, if a volume with the specified extension also already exists, the
+command overwrites it. To make the contents of the new volume
+accessible, use the <B>fs mkmount</B> command to mount it. You can
+then compare its contents to those of the existing volume, to see which to
+retain permanently.
+<P>If the file includes entries for volumes that have no dumps recorded in the
+Backup Database, the Backup System cannot restore them. It generates an
+error message on the standard error stream for each one.
+<P>One way to generate a file to use as input to the <B>-file</B> argument
+is to issue the command with the <B>-name</B> and <B>-n</B> options
+and direct the output to a file. The output includes a line like the
+following for each volume (shown here on two lines only for legibility
+reasons); the value comes from the source indicated in the following
+list:
+<PRE> <VAR>machine</VAR> <VAR>partition</VAR> <VAR>volume_dumped</VAR> # as <VAR>volume_restored</VAR>; \
+ <VAR>tape_name</VAR> (<VAR>tape_ID</VAR>); pos <VAR>position_number</VAR>; <VAR>date</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>machine</VAR>
+</B><DD>Names the file server machine that currently houses the volume, as listed
+in the VLDB.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Names the partition that currently houses the volume, as listed in the
+VLDB.
+<P><DT><B><VAR>volume_dumped</VAR>
+</B><DD>Specifies the version (read/write or backup) of the volume that was
+dumped, as listed in the Backup Database.
+<P><DT><B><VAR>volume_restored</VAR>
+</B><DD>Specifies the name under which the Backup System restores the volume when
+the <B>-n</B> flag is not included. If you include the
+<B>-extension</B> argument with the <B>-name</B> and <B>-n</B>
+options, then the extension appears on the name in this field (as in
+<TT>user.pat.rst</TT>, for example).
+<P><DT><B><VAR>tape_name</VAR>
+</B><DD>Names the tape containing the dump of the volume, from the Backup
+Database. If the tape has a permanent name, it appears here;
+otherwise, it is the AFS tape name.
+<P><DT><B><VAR>tape_ID</VAR>
+</B><DD>The tape ID of the tape containing the dump of the volume, from the Backup
+Database.
+<P><DT><B><VAR>position_number</VAR>
+</B><DD>Specifies the dump's position on the tape (for example, <TT>31</TT>
+indicates that 30 volume dumps precede the current one on the tape). If
+the dump was written to a backup data file, this number is the ordinal of the
+16 KB-offset at which the volume's data begins.
+<P><DT><B><VAR>date</VAR>
+</B><DD>The date and time when the volume was dumped.
+</DL>
+<P>To make the entries suitable for use with the <B>-file</B> argument,
+edit them as indicated:
+<UL>
+<P><LI>The Backup System uses only the first three fields on each line of the
+input file, and so ignores all the fields after the number sign
+(<TT>#</TT>). You can remove them if it makes it easier for you to
+read the file, but that is not necessary.
+<P><LI>The <VAR>volume_dumped</VAR> (third) field of each line in the output file
+becomes the <VAR>volume</VAR> field in the input file. The Backup System
+restores data to read/write volumes only, so remove the
+<TT>.backup</TT> or <TT>.readonly</TT> extension if it
+appears on the name in the <VAR>volume_dumped</VAR> field.
+<P><LI>The output file includes a line for every dump operation in which a
+specific volume was included (the full dump and any incremental dumps), but
+the Backup System only processes the first line in the input file that
+mentions a specific volume. You can remove the repeated lines if it
+makes the file easier for you to read.
+<P><LI>The <I>machine</I> and <I>partition</I> fields on an output line
+designate the volume's current site. To move the volume to another
+location as you restore it, change the values.
+</UL>
+<A NAME="IDX7075"></A>
+<A NAME="IDX7076"></A>
+<P><H3><A NAME="HDRWQ315" HREF="auagd002.htm#ToC_352">To restore a group of volumes with the backup volsetrestore command</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>If the Tape Coordinator for the tape device that is to perform the
+operation is not already running, open a connection to the appropriate Tape
+Coordinator machine and issue the <B>butc</B> command, for which complete
+instructions appear in <A HREF="#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P>Repeat the command for each Tape Coordinator if you are using more than one
+tape device.
+<P><LI>If using a tape device, insert the tape.
+<P><LI>Issue the <B>backup</B> command to enter interactive mode.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI><B>(Optional)</B> If appropriate, issue the <B>(backup)
+addvolset</B> command to create a new volume set expressly for this restore
+operation. Include the <B>-temporary</B> flag if you do not need to
+add the volume set to the Backup Database. Then issue one or more
+<B>(backup) addvolentry</B> commands to create volume entries that include
+only the volumes to be restored. Complete instructions appear in <A HREF="auagd011.htm#HDRWQ265">Defining and Displaying Volume Sets and Volume Entries</A>.
+<PRE> backup> <B>addvolset</B> <<VAR>volume set name</VAR>> [<B>-temporary</B>]
+
+ backup> <B>addvolentry -name</B> <<VAR>volume set name</VAR>> \
+ <B>-server</B> <<VAR>machine name</VAR>> \
+ <B>-partition</B> <<VAR>partition name</VAR>> \
+ <B>-volumes</B> <<VAR>volume name (regular expression)</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup volsetrestore</B> command with the desired
+arguments.
+<PRE> backup> <B>volsetrestore</B> [<B>-name</B> <<VAR>volume set name</VAR>>] \
+ [<B>-file</B> <<VAR>file name</VAR>>] \
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>><SUP>+</SUP>] \
+ [<B>-extension</B> <<VAR>new volume name extension</VAR>>] [<B>-n</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-name
+</B><DD>Names a volume set to restore. The Backup System restores all of
+the volumes listed in the VLDB that match the volume set's volume
+entries, as described in <A HREF="#HDRWQ313">Restoring a Volume Set with the -name Argument</A>. Provide this argument or the <B>-file</B>
+argument, but not both.
+<P><DT><B>-file
+</B><DD>Specifies the full pathname of a file that lists one or more volumes and
+the site (file server machine and partition) to which to restore each.
+The input file has the format described in <A HREF="#HDRWQ314">Restoring Volumes Listed in a File with the -file Argument</A>. Use either this argument or the <B>-name</B>
+argument, but not both.
+<P><DT><B><B>-portoffset</B>
+</B><DD>Specifies one or more port offset numbers, each corresponding to a Tape
+Coordinator to use in the operation. If there is more than one value,
+the Backup System uses the first one when restoring the full dump of each
+volume, the second one when restoring the level 1 incremental dump of each
+volume, and so on. It uses the final value in the list when restoring
+dumps at the corresponding depth in the dump hierarchy and all dumps at lower
+levels.
+<P>Provide this argument unless the default value of 0 (zero) is appropriate
+for all dumps. If 0 is just one of the values in the list, provide it
+explicitly in the appropriate order.
+<P><DT><B>-extension
+</B><DD>Creates a new volume for each volume being restored, to house the restored
+data, appending the specified string to the volume's read/write base name
+as listed in the VLDB. Any string other than
+<B>.readonly</B> or <B>.backup</B> is acceptable, but
+the combination of the base name and extension cannot exceed 22 characters in
+length. To use a period to separate the extension from the name,
+specify it as the first character of the string (as in <B>.rst</B>,
+for example).
+<P><DT><B><B>-n</B>
+</B><DD>Displays a list of the volumes to be restored when the flag is not
+included, without actually restoring them. The <B>Output</B>
+section of this reference page details the format of the output. When
+combined with the <B>-name</B> argument, its output is easily edited for
+use as input to the <B>-file</B> argument on a subsequent <B>backup
+volsetrestore</B> command.
+</DL>
+<P><LI>If you did not include the <B>-noautoquery</B> flag when you issued
+the <B>butc</B> command, or the device's
+<B>CFG_</B><VAR>device_name</VAR> configuration file includes the
+instruction <B>AUTOQUERY YES</B>, then the Tape Coordinator prompts you to
+place the tape in the device's drive. You have already done so,
+but you must now press <<B>Return</B>> to indicate that the tape is
+ready for labeling.
+<P>If more than one tape is required, you must either include the
+<B>MOUNT</B> instruction in the <B>CFG_</B><VAR>device_name</VAR> file
+and stock the corresponding stacker or jukebox with tapes, or remain at the
+console to respond to the Tape Coordinator's prompts for subsequent
+tapes.
+<P><LI>After the restore operation completes, review the Backup System's log
+files to check for errors. Use the <B>bos getlog</B> command as
+instructed in <A HREF="auagd009.htm#HDRWQ173">Displaying Server Process Log Files</A> to read the <B>/usr/afs/logs/BackupLog</B> file, and a
+text editor on the Tape Coordinator machine to read the
+<B>TE_</B><VAR>device_name</VAR> and <B>TL_</B><VAR>device_name</VAR>
+files in the local <B>/usr/afs/backup</B> directory.
+</OL>
+<A NAME="IDX7077"></A>
+<HR><H2><A NAME="HDRWQ316" HREF="auagd002.htm#ToC_353">Maintaining the Backup Database</A></H2>
+<P>The Backup Database stores all of the configuration and
+tracking information that the Backup System uses when dumping and restoring
+data. If a hardware failure or other problem on a database server
+machine corrupts or damages the database, it is relatively easy to recreate
+the configuration information (the dump hierarchy and lists of volume sets and
+Tape Coordinator port offset numbers). However, restoring the dump
+tracking information (dump records) is more complicated and
+time-consuming. To protect yourself against loss of data, back up the
+Backup Database itself to tape on a regular schedule.
+<P>Another potential concern is that the Backup Database can grow large rather
+quickly, because the Backup System keeps very detailed and cross-referenced
+records of dump operations. Backup operations become less efficient if
+the Backup Server has to navigate through a large number of obsolete records
+to find the data it needs. To keep the database to a manageable size,
+use the <B>backup deletedump</B> command to delete obsolete records, as
+described in <A HREF="#HDRWQ321">Removing Obsolete Records from the Backup Database</A>. If you later find that you have removed records that
+you still need, you can use the <B>backup scantape</B> command to read the
+information from the dump and tape labels on the corresponding tapes back into
+the database, as instructed in <A HREF="#HDRWQ305">To scan the contents of a tape</A>.
+<A NAME="IDX7078"></A>
+<A NAME="IDX7079"></A>
+<A NAME="IDX7080"></A>
+<A NAME="IDX7081"></A>
+<A NAME="IDX7082"></A>
+<P><H3><A NAME="HDRWQ317" HREF="auagd002.htm#ToC_354">Backing Up and Restoring the Backup Database</A></H3>
+<P>Because of the importance of the information in the Backup
+Database, it is best to back it up to tape or other permanent media on a
+regular basis. As for the other AFS, administrative databases, the
+recommended method is to use a utility designed to back up a machine's
+local disk, such as the UNIX <B>tar</B> command. For instructions,
+see <A HREF="auagd008.htm#HDRWQ107">Backing Up and Restoring the Administrative Databases</A>.
+<P>In the rare event that the Backup Database seems damaged or corrupted, you
+can use the <B>backup dbverify</B> command to check its status. If
+it is corrupted, use the <B>backup savedb</B> command to repair some types
+of damage. Then use the <B>backup restoredb</B> to return the
+corrected database to the local disks of the database server machines.
+For instructions, see <A HREF="#HDRWQ318">Checking for and Repairing Corruption in the Backup Database</A>.
+<P><H3><A NAME="HDRWQ318" HREF="auagd002.htm#ToC_355">Checking for and Repairing Corruption in the Backup Database</A></H3>
+<P>In rare cases, the Backup Database can become damaged or
+corrupted, perhaps because of disk or other hardware errors. Use the
+<B>backup dbverify</B> command to check the integrity of the
+database. If it is corrupted, the most efficient way to repair it is to
+use the <B>backup savedb</B> command to copy the database to tape.
+The command automatically repairs several types of corruption, and you can
+then use the <B>backup restoredb</B> command to transfer the repaired copy
+of the database back to the local disks of the database server
+machines.
+<P>The <B>backup savedb</B> command also removes <I>orphan blocks</I>,
+which are ranges of memory that the Backup Server preallocated in the database
+but cannot use. Orphan blocks do not interfere with database access,
+but do waste disk space. The <B>backup dbverify</B> command reports
+the existence of orphan blocks if you include the <B>-detail</B>
+flag.
+<A NAME="IDX7083"></A>
+<A NAME="IDX7084"></A>
+<A NAME="IDX7085"></A>
+<P><H3><A NAME="HDRWQ319" HREF="auagd002.htm#ToC_356">To verify the integrity of the Backup Database</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>backup dbverify</B> command to check the integrity of the
+Backup Database.
+<PRE> % <B>backup dbverify</B> [<B>-detail</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>db
+</B><DD>Is the shortest acceptable abbreviation of <B>dbverify</B>.
+<P><DT><B>-detail
+</B><DD>Reports the existence of orphan blocks and other information about the
+database, as described on the <B>backup dbverify</B> reference page in the
+<I>IBM AFS Administration Reference</I>.
+</DL>
+<P>The output reports one of the following messages:
+<UL>
+<P><LI><TT>Database OK</TT> indicates that the Backup Database is
+undamaged.
+<P><LI><TT>Database not OK</TT> indicates that the Backup Database is
+damaged. To recover from the problem, use the instructions in <A HREF="#HDRWQ320">To repair corruption in the Backup Database</A>.
+</UL>
+</OL>
+<A NAME="IDX7086"></A>
+<A NAME="IDX7087"></A>
+<P><H3><A NAME="HDRWQ320" HREF="auagd002.htm#ToC_357">To repair corruption in the Backup Database</A></H3>
+<OL TYPE=1>
+<P><LI>Log in as the local superuser <B>root</B> on each database server
+machine in the cell.
+<P><LI><A NAME="LISAVEDB-STARTTC"></A>If the Tape Coordinator for the tape device that is to
+perform the operation is not already running, open a connection to the
+appropriate Tape Coordinator machine and issue the <B>butc</B> command,
+for which complete instructions appear in <A HREF="#HDRWQ292">To start a Tape Coordinator process</A>.
+<PRE> % <B>butc</B> [<<VAR>port offset</VAR>>] [<B>-noautoquery</B>]
+</PRE>
+<P><LI>If writing to tape, place a tape in the appropriate device.
+<P><LI>Working on one of the machines, issue the <B>backup</B> command to
+enter interactive mode.
+<PRE> # <B> backup -localauth</B>
+</PRE>
+<P>where <B>-localauth</B> constructs a server ticket from the local
+<B>/usr/afs/etc/KeyFile</B> file. This flag enables you to issue a
+privileged command while logged in as the local superuser <B>root</B> but
+without AFS administrative tokens.
+<P><LI>Verify that no backup operations are actively running. If
+necessary, issue the <B>(backup) status</B> command as described in <A HREF="#HDRWQ295">To check the status of a Tape Coordinator process</A>. Repeat for each Tape Coordinator port offset in
+turn.
+<PRE> backup> <B>status -portoffset</B> <<VAR>TC port offset</VAR>>
+</PRE>
+<P><LI><A NAME="LISAVEDB-CMD"></A>Issue the <B>(backup) savedb</B> command to repair
+corruption in the database as it is written to tape or a file.
+<PRE> backup> <B>savedb</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is the shortest acceptable abbreviation of <B>savedb</B>.
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the tape
+or backup data file for this operation. You must provide this argument
+unless the default value of 0 (zero) is appropriate.
+</DL>
+<P><LI>Exit interactive mode.
+<PRE> backup> <B>quit</B>
+</PRE>
+<P><LI>On each machine in turn, issue the <B>bos shutdown</B> command to shut
+down the Backup Server process. Include the <B>-localauth</B> flag
+because you are logged in as the local superuser root, but do not necessarily
+have administrative tokens. For complete command syntax, see <A HREF="auagd009.htm#HDRWQ168">To stop processes temporarily</A>.
+<PRE> # <B>/usr/afs/bin/bos shutdown</B> <<VAR>machine name</VAR>> <B>buserver -localauth -wait</B>
+</PRE>
+<P><LI>On each machine in turn, issue the following commands to remove the Backup
+Database.
+<PRE> # <B>cd /usr/afs/db</B>
+ # <B>rm bdb.DB0</B>
+ # <B>rm bdb.DBSYS1</B>
+</PRE>
+<P><LI>On each machine in turn, starting with the machine with the lowest IP
+address, issue the <B>bos start</B> command to restart the Backup Server
+process, which creates a zero-length copy of the Backup Database as it
+starts. For complete command syntax, see <A HREF="auagd009.htm#HDRWQ166">To start processes by changing their status flags to Run</A>.
+<PRE> # <B>/usr/afs/bin/bos start</B> <<VAR>machine name</VAR>> <B>buserver -localauth</B>
+</PRE>
+<P><LI>Working on one of the machines, issue the <B>backup</B> command to
+enter interactive mode.
+<PRE> # <B> backup -localauth</B>
+</PRE>
+<P>where <B>-localauth</B> constructs a server ticket from the local
+<B>/usr/afs/etc/KeyFile</B> file.
+<P><LI>Issue the <B>(backup) addhost</B> command to create an entry in the
+new, empty database for the Tape Coordinator process handling the tape or file
+from which you are reading the repaired copy of the database (presumably the
+process you started in Step <A HREF="#LISAVEDB-STARTTC">2</A> and which performed the <B>backup savedb</B> operation
+in Step <A HREF="#LISAVEDB-CMD">6</A>). For complete syntax, see Step <A HREF="auagd011.htm#LICONFTC-ADDHOST">8</A> in <A HREF="auagd011.htm#HDRWQ262">To configure a Tape Coordinator machine</A>.
+<PRE> backup> <B>addhost</B> <<VAR>tape machine name</VAR>> [<<VAR>TC port offset</VAR>>]
+</PRE>
+<A NAME="IDX7088"></A>
+<A NAME="IDX7089"></A>
+<P><LI>Issue the <B>(backup) restoredb</B> command to copy the repaired
+database to the database server machines.
+<PRE> backup> <B>restoredb</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>res
+</B><DD>Is the shortest acceptable abbreviation of <B>restoredb</B>.
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the tape
+or backup data file for this operation. You must provide this argument
+unless the default value of <B>0</B> (zero) is appropriate.
+</DL>
+<P><LI><B>(Optional)</B> Exit interactive mode if you do not plan to issue
+any additional <B>backup</B> commands.
+<PRE> backup> <B>quit</B>
+</PRE>
+<P><LI><B>(Optional)</B> If desired, enter <B>Ctrl-d</B> or another
+interrupt signal to exit the <B>root</B> shell on each database server
+machine. You can also issue the <B>Ctrl-c</B> signal on the Tape
+Coordinator machine to stop the process.
+</OL>
+<A NAME="IDX7090"></A>
+<A NAME="IDX7091"></A>
+<P><H3><A NAME="HDRWQ321" HREF="auagd002.htm#ToC_358">Removing Obsolete Records from the Backup Database</A></H3>
+<P>Whenever you recycle or relabel a tape using the <B>backup
+dump</B> or <B>backup labeltape</B> command, the Backup System
+automatically removes all of the dump records for the dumps contained on the
+tape and all other tapes in the dump set. However, obsolete records can
+still accumulate in the Backup Database over time. For example, when
+you discard a backup tape after using it the maximum number of times
+recommended by the manufacturer, the records for dumps on it remain in the
+database. Similarly, the Backup System does not automatically remove a
+dump's record when the dump reaches its expiration date, but only if you
+then recycle or relabel the tape that contains the dump. Finally, if a
+backup operation halts in the middle, the records for any volumes successfully
+written to tape before the halt remain in the database.
+<P>A very large Backup Database can make backup operations less efficient
+because the Backup Server has to navigate through a large number of records to
+find the ones it needs. To remove obsolete records, use the <B>backup
+deletedump</B> command. Either identify individual dumps by dump ID
+number, or specify the removal of all dumps created during a certain time
+period. Keep in mind that you cannot remove the record of an appended
+dump except by removing the record of its initial dump, which removes the
+records of all associated appended dumps. Removing records of a dump
+makes it impossible to restore data from the corresponding tapes or from any
+dump that refers to the deleted dump as its parent, directly or
+indirectly. That is, restore operations must begin with the full dump
+and continue with each incremental dump in order. If you have removed
+the records for a specific dump, you cannot restore any data from later
+incremental dumps.
+<P>Another way to truncate the Backup Database is to include the
+<B>-archive</B> argument to the <B>backup savedb</B> command.
+After a copy of the database is written to tape or to a backup data file, the
+Backup Server deletes the dump records for all dump operations with timestamps
+prior to the date and time you specify. However, issuing the
+<B>backup deletedump</B> command with only the <B>-to</B> argument is
+equivalent in effect and is simpler because it does not require starting a
+Tape Coordinator process as the <B>backup savedb</B> command does.
+For further information on the <B>-archive</B> argument to the <B>backup
+savedb</B> command, see the command's reference page in the <I>IBM
+AFS Administration Reference</I>.
+<P>If you later need to access deleted dump records, and the corresponding
+tapes still exist, you can use the <B>-dbadd</B> argument to the
+<B>backup scantape</B> command to scan their contents into the database,
+as instructed in <A HREF="#HDRWQ305">To scan the contents of a tape</A>.
+<A NAME="IDX7092"></A>
+<A NAME="IDX7093"></A>
+<P><H3><A NAME="HDRWQ322" HREF="auagd002.htm#ToC_359">To delete dump records from the Backup Database</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>backup</B> command to enter
+interactive mode, if you want to delete multiple records or issue additional
+commands. The interactive prompt appears in the following step.
+<PRE> % <B>backup</B>
+</PRE>
+<P><LI><B>(Optional)</B> Issue the <B>backup dumpinfo</B> command to list
+information from the Backup Database that can help you decide which records to
+delete. For detailed instructions, see <A HREF="#HDRWQ303">To display dump records</A>.
+<PRE> backup> <B>dumpinfo</B> [<<VAR>no. of dumps</VAR>>] [<B>-id</B> <<VAR>dump id</VAR>>] [<B>-verbose</B>]
+</PRE>
+<P><LI>Issue the <B>backup deletedump</B> command to delete one or more dump
+sets.
+<PRE> backup> <B>deletedump</B> [<B>-dumpid</B> <<VAR>dumpid</VAR>><SUP>+</SUP>] [<B>-from</B> <<VAR>date time</VAR>>] \
+ [<B>-to</B> <<VAR>date time</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>dele
+</B><DD>Is the shortest acceptable abbreviation of <B>deletedump</B>.
+<P><DT><B>-dumpid
+</B><DD>Specifies the dump ID of each initial dump to delete from the Backup
+Database. The records for all associated appended dumps are also
+deleted. Provide either this argument or the <B>-to</B> (and
+optionally, <B>-from</B>) argument.
+<P><DT><B>-from
+</B><DD>Specifies the beginning of a range of dates; the record for any dump
+created during the indicated period of time is deleted.
+<P>To omit all records before the time indicated with the <B>-to</B>
+argument, omit this argument. Otherwise provide a value in the
+following format
+<P><VAR>mm</VAR>/<VAR>dd</VAR>/<VAR>yyyy</VAR> [<VAR>hh</VAR>:<VAR>MM</VAR>]
+<P>where the month (<VAR>mm</VAR>), day (<VAR>dd</VAR>), and year (<VAR>yyyy</VAR>)
+are required. You can omit the hour and minutes
+(<VAR>hh</VAR>:<VAR>MM</VAR>) to indicate the default of midnight
+(00:00 hours). If you provide them, use 24-hour format (for
+example, the value <B>14:36</B> represents 2:36
+p.m.).
+<P>You must provide the <B>-to</B> argument along with this one.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-to
+</B><DD>Specifies the end of a range of dates; the record of any dump created
+during the range is deleted from the Backup Database.
+<P>To delete all records created after the date you specify with the
+<B>-from</B> argument, specify the value <B>NOW</B>. To delete
+every dump record in the Backup Database, provide the value <B>NOW</B> and
+omit the <B>-from</B> argument. Otherwise, provide a date value in
+the same format as described for the <B>-from</B> argument. Valid
+values for the year (<VAR>yyyy</VAR>) range from <B>1970</B> to
+<B>2037</B>; higher values are not valid because the latest possible
+date in the standard UNIX representation is in early 2038. The command
+interpreter automatically reduces any later date to the maximum value in
+2038.
+<P>If you omit the time portion (<VAR>hh</VAR>:<VAR>MM</VAR>), it defaults
+to 59 seconds after midnight (00:00:59 hours). Similarly,
+the <B>backup</B> command interpreter automatically adds 59 seconds to any
+time value you provide. In both cases, adding 59 seconds compensates
+for how the Backup Database and <B>backup dumpinfo</B> command represent
+dump creation times in hours and minutes only. For example, the
+Database records a creation timestamp of <TT>20:55</TT> for any dump
+operation that begins between 20:55:00 and
+20:55:59. Automatically adding 59 seconds to a time thus
+includes the records for all dumps created during that minute.
+<P>Provide either this argument, or the <B>-dumpid</B> argument.
+This argument is required if the <B>-from</B> argument is provided.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+</DL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd011.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd013.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd012.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd014.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ323" HREF="auagd002.htm#ToC_360">Monitoring and Auditing AFS Performance</A></H1>
+<A NAME="IDX7094"></A>
+<A NAME="IDX7095"></A>
+<A NAME="IDX7096"></A>
+<A NAME="IDX7097"></A>
+<A NAME="IDX7098"></A>
+<A NAME="IDX7099"></A>
+<A NAME="IDX7100"></A>
+<A NAME="IDX7101"></A>
+<P>AFS comes with three main monitoring tools:
+<UL>
+<P><LI>The <B>scout</B> program, which monitors and gathers statistics on
+File Server performance.
+<P><LI>The <B>fstrace</B> command suite, which traces Cache Manager
+operations in detail.
+<P><LI>The <B>afsmonitor</B> program, which monitors and gathers statistics
+on both the File Server and the Cache Manager.
+</UL>
+<P>AFS also provides a tool for auditing AFS events on file server machines
+running AIX.
+<HR><H2><A NAME="HDRWQ324" HREF="auagd002.htm#ToC_361">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Initialize the <B>scout</B> program
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>scout</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display information about a trace log
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fstrace lslog</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display information about an event set
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fstrace lsset</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Change the size of a trace log
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fstrace setlog</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set the state of an event set
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fstrace setset</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Dump contents of a trace log
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fstrace dump</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Clear a trace log
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fstrace clear</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Initialize the <B>afsmonitor</B> program
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>afsmonitor</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ326" HREF="auagd002.htm#ToC_362">Using the scout Program</A></H2>
+<A NAME="IDX7102"></A>
+<P>The <B>scout</B> program monitors the status of the File Server process
+running on file server machines. It periodically collects statistics
+from a specified set of File Server processes, displays them in a graphical
+format, and alerts you if any of the statistics exceed a configurable
+threshold.
+<P>More specifically, the <B>scout</B> program includes the following
+features.
+<UL>
+<P><LI>You can monitor, from a single location, the File Server process on any
+number of server machines from the local and foreign cells. The number
+is limited only by the size of the display window, which must be large enough
+to display the statistics.
+<P><LI>You can set a threshold for many of the statistics. When the value
+of a statistic exceeds the threshold, the <B>scout</B> program highlights
+it (displays it in reverse video) to draw your attention to it. If the
+value goes back under the threshold, the highlighting is deactivated.
+You control the thresholds, so highlighting reflects what you consider to be a
+noteworthy situation. See <A HREF="#HDRWQ332">Highlighting Significant Statistics</A>.
+<P><LI>The <B>scout</B> program alerts you to File Server process, machine,
+and network outages by highlighting the name of each machine that does not
+respond to its probe, enabling you to respond more quickly.
+<P><LI>You can set how often the <B>scout</B> program collects statistics
+from the File Server processes.
+</UL>
+<P><H3><A NAME="HDRWQ327" HREF="auagd002.htm#ToC_363">System Requirements</A></H3>
+<A NAME="IDX7103"></A>
+<A NAME="IDX7104"></A>
+<A NAME="IDX7105"></A>
+<A NAME="IDX7106"></A>
+<A NAME="IDX7107"></A>
+<A NAME="IDX7108"></A>
+<A NAME="IDX7109"></A>
+<P>The <B>scout</B> program runs on any AFS client machine that has access
+to the <B>curses</B> graphics package, which most UNIX distributions
+include as a standard utility. It can run on both dumb terminals and
+under windowing systems that emulate terminals, but the output looks best on
+machines that support reverse video and cursor addressing. For best
+results, set the TERM environment variable to the correct terminal type, or
+one with characteristics similar to the actual ones. For machines
+running AIX, the recommended TERM setting is <B>vt100</B>, assuming the
+terminal is similar to that. For other operating systems, the wider
+range of acceptable values includes <B>xterm</B>, <B>xterms</B>,
+<B>vt100</B>, <B>vt200</B>, and <B>wyse85</B>.
+<A NAME="IDX7110"></A>
+<P>No privilege is required to run the <B>scout</B> program, so any user
+who can access the directory where its binary resides (the
+<B>/usr/afsws/bin</B> directory in the conventional configuration) can use
+it. The program's probes for collecting statistics do not impose a
+significant burden on the File Server process, but you can restrict its use by
+placing the binary file in a directory with a more restrictive access control
+list (ACL).
+<P>Multiple instances of the <B>scout</B> program can run on a single
+client machine, each over its own dedicated connection (in its own
+window). It must run in the foreground, so the window in which it runs
+does not accept further input except for an interrupt signal.
+<P>You can also run the <B>scout</B> program on several machines and view
+its output on a single machine, by opening telnet connections to the other
+machines from the central one and initializing the program in each remote
+window. In this case, you can include the <B>-host</B> flag to the
+<B>scout</B> command to make the name of each remote machine appear in the
+<I>banner line</I> at the top of the window displaying its output.
+See <A HREF="#HDRWQ330">The Banner Line</A>.
+<P><H3><A NAME="HDRWQ328" HREF="auagd002.htm#ToC_364">Using the -basename argument to Specify a Domain Name</A></H3>
+<A NAME="IDX7111"></A>
+<A NAME="IDX7112"></A>
+<P>As previously mentioned, the <B>scout</B> program can monitor the File
+Server process on any number of file server machines. If all of the
+machines belong to the same cell, then their hostnames probably all have the
+same domain name suffix, such as <B>abc.com</B> in the ABC
+Corporation cell. In this case, you can use the <B>-basename</B>
+argument to the <B>scout</B> command, which has several advantages:
+<UL>
+<P><LI>You can omit the domain name suffix as you enter each file server
+machine's name on the command line. The <B>scout</B> program
+automatically appends the domain name to each machine's name, resulting
+in a fully-qualified hostname. You can omit the domain name suffix even
+when you don't include the <B>-basename</B> argument, but in that
+case correct resolution of the name depends on the state of your cell's
+naming service at the time of connection.
+<P><LI>The machine names are more likely to fit in the appropriate column of the
+display without having to be truncated (for more on truncating names in the
+display column, see <A HREF="#HDRWQ331">The Statistics Display Region</A>).
+<P><LI>The domain name appears in the banner line at the top of the display
+window to indicate the name of the cell you are monitoring.
+</UL>
+<P><H3><A NAME="HDRWQ329" HREF="auagd002.htm#ToC_365">The Layout of the scout Display</A></H3>
+<A NAME="IDX7113"></A>
+<A NAME="IDX7114"></A>
+<P>The <B>scout</B> program can display statistics either in a dedicated
+window or on a plain screen if a windowing environment is not
+available. For best results, use a window or screen that can print in
+reverse video and do cursor addressing.
+<P>The <B>scout</B> program screen has three main regions: the
+<I>banner line</I>, the <I>statistics display region</I> and the
+<I>probe/message line</I>. This section describes their contents,
+and graphic examples appear in <A HREF="#HDRWQ336">Example Commands and Displays</A>.
+<P><H4><A NAME="HDRWQ330">The Banner Line</A></H4>
+<A NAME="IDX7115"></A>
+<A NAME="IDX7116"></A>
+<P>By default, the string <TT>scout</TT> appears in the banner line at the
+top of the window or screen, to indicate that the <B>scout</B> program is
+running. You can display two additional types of information by include
+the appropriate option on the command line:
+<UL>
+<P><LI>Include the <B>-host</B> flag to display the local machine's name
+in the banner line. This is particularly useful when you are running
+the <B>scout</B> program on several machines but displaying the results on
+a single machine.
+<P>For example, the following banner line appears when you run the
+<B>scout</B> program on the machine
+<B>client1.abc.com</B> and use the<B>-host</B>
+flag:
+<PRE> [client1.abc.com] scout
+</PRE>
+<P><LI>Include the <B>-basename</B> argument to display the specified cell
+domain name in the banner line. For further discussion, see <A HREF="#HDRWQ328">Using the -basename argument to Specify a Domain Name</A>.
+<P>For example, if you specify a value of <B>abc.com</B> for the
+<B>-basename</B> argument, the banner line reads:
+<PRE> scout for abc.com
+</PRE>
+</UL>
+<P><H4><A NAME="HDRWQ331">The Statistics Display Region</A></H4>
+<A NAME="IDX7117"></A>
+<A NAME="IDX7118"></A>
+<P>The statistics display region occupies most of the window and is divided
+into six columns. The following list describes them as they appear from
+left to right in the window.
+<DL>
+<P><DT><B><TT>Conn</TT>
+<A NAME="IDX7119"></A>
+</B><DD>Displays the number of RPC connections open between the File Server
+process and client machines. This number normally equals or exceeds the
+number in the fourth <TT>Ws</TT> column. It can exceed the number in
+that column because each user on the machine can have more than one connection
+open at once, and one client machine can handle several users.
+<P><DT><B><TT>Fetch</TT>
+<A NAME="IDX7120"></A>
+</B><DD>Displays the number of fetch-type RPCs (fetch data, fetch access list, and
+fetch status) that the File Server process has received from client machines
+since it started. It resets to zero when the File Server process
+restarts.
+<P><DT><B><TT>Store</TT>
+<A NAME="IDX7121"></A>
+</B><DD>Displays the number of store-type RPCs (store data, store access list, and
+store status) that the File Server process has received from client machines
+since it started. It resets to zero when the File Server process
+restarts.
+<P><DT><B><TT>Ws</TT>
+<A NAME="IDX7122"></A>
+<A NAME="IDX7123"></A>
+<A NAME="IDX7124"></A>
+</B><DD>Displays the number of client machines (workstations) that have
+communicated with the File Server process within the last 15 minutes (such
+machines are termed <I>active</I>). This number is likely to be
+smaller than the number in the <TT>Conn</TT>) column because a single client
+machine can have several connections open to one File Server process.
+<P><DT><B>[Unlabeled column]
+</B><DD>Displays the name of the file server machine on which the File Server
+process is running. It is 12 characters wide. Longer names are
+truncated and an asterisk (<TT>*</TT>) appears as the last character in the
+name. If all machines have the same domain name suffix, you can use the
+<B>-basename</B> argument to decrease the need for truncation; see <A HREF="#HDRWQ328">Using the -basename argument to Specify a Domain Name</A>.
+<P><DT><B><TT>Disk attn</TT>
+<A NAME="IDX7125"></A>
+<A NAME="IDX7126"></A>
+<A NAME="IDX7127"></A>
+<A NAME="IDX7128"></A>
+</B><DD>Displays the number of kilobyte blocks available on up to 26 of the file
+server machine's AFS server (<B>/vicep</B>) partitions. The
+display for each partition has the following format:
+<PRE> <VAR>partition_letter</VAR>:<VAR>free_blocks</VAR>
+</PRE>
+<P>
+<P>For example, <TT>a:8949</TT> indicates that partition
+<B>/vicepa</B> has 8,949 KB free. If the window is not wide enough
+for all partition entries to appear on a single line, the <B>scout</B>
+program automatically stacks the partition entries into subcolumns within the
+sixth column.
+<P>The label on the <TT>Disk attn</TT> column indicates the threshold value
+at which entries in the column become highlighted. By default, the
+<B>scout</B> program highlights a partition that is over 95% full, in
+which case the label is as follows:
+<PRE> Disk attn: > 95% used
+</PRE>
+<P>
+<P>For more on this threshold and its effect on highlighting, see <A HREF="#HDRWQ332">Highlighting Significant Statistics</A>.
+</DL>
+<P>For all columns except the fifth (file server machine name), you can use
+the <B>-attention</B> argument to set a threshold value above which the
+<B>scout</B> program highlights the statistic. By default, only
+values in the fifth and sixth columns ever become highlighted. For
+instructions on using the <B>-attention</B> argument, see <A HREF="#HDRWQ332">Highlighting Significant Statistics</A>.
+<P><H4><A NAME="Header_368">The Probe Reporting Line</A></H4>
+<A NAME="IDX7129"></A>
+<A NAME="IDX7130"></A>
+<P>The bottom line of the display indicates how many times the
+<B>scout</B> program has probed the File Server processes for
+statistics. The statistics gathered in the latest probe appear in the
+statistics display region. By default, the <B>scout</B> program
+probes the File Servers every 60 seconds, but you can use the
+<B>-frequency</B> argument to specify a different probe frequency.
+<P><H3><A NAME="HDRWQ332" HREF="auagd002.htm#ToC_369">Highlighting Significant Statistics</A></H3>
+<A NAME="IDX7131"></A>
+<A NAME="IDX7132"></A>
+<A NAME="IDX7133"></A>
+<A NAME="IDX7134"></A>
+<P>To draw your attention to a statistic that currently exceed a threshold
+value, the <B>scout</B> program displays it in reverse video (highlights
+it). You can set the threshold value for most statistics, and so
+determine which values are worthy of special attention and which are
+normal.
+<P><H4><A NAME="HDRWQ333">Highlighting Server Outages</A></H4>
+<A NAME="IDX7135"></A>
+<A NAME="IDX7136"></A>
+<A NAME="IDX7137"></A>
+<A NAME="IDX7138"></A>
+<A NAME="IDX7139"></A>
+<P>The only column in which you cannot control highlighting is the fifth,
+which identifies the file server machine for which statistics are displayed in
+the other columns. The <B>scout</B> program uses highlighting in
+this column to indicate that the File Server process on a machine fails to
+respond to its probe, and automatically blanks out the other columns.
+Failure to respond to the probe can indicate a File Server process, file
+server machine, or network outage, so the highlighting draws your attention to
+a situation that is probably interrupting service to users.
+<P>When the File Server process once again responds to the probes, its name
+appears normally and statistics reappear in the other columns. If all
+machine names become highlighted at once, a possible network outage has
+disrupted the connection between the file server machines and the client
+machine running the <B>scout</B> program.
+<P><H4><A NAME="Header_371">Highlighting for Extreme Statistic Values</A></H4>
+<P>To set the threshold value for one or more of the five
+statistics-displaying columns, use the <B>-attention</B> argument.
+The threshold value applies to all File Server processes you are monitoring
+(you cannot set different thresholds for different machines). For
+details, see the syntax description in <A HREF="#HDRWQ335">To start the scout program</A>.
+<P>It is not possible to change the threshold values for a running
+<B>scout</B> program. Stop the current program and start a new
+one. Also, the <B>scout</B> program does not retain threshold
+values across restarts, so you must specify all thresholds every time you
+start the program.
+<P><H3><A NAME="HDRWQ334" HREF="auagd002.htm#ToC_372">Resizing the scout Display</A></H3>
+<A NAME="IDX7140"></A>
+<A NAME="IDX7141"></A>
+<A NAME="IDX7142"></A>
+<P>Do not resize the display window while the <B>scout</B> program is
+running. Increasing the size does no harm, but the <B>scout</B>
+program does not necessarily adjust to the new dimensions. Decreasing
+the display's width can disturb column alignment, making the display
+harder to read. With any type of resizing, the <B>scout</B> program
+does not adjust the display in any way until it displays the results of the
+next probe.
+<P>To resize the display effectively, stop the <B>scout</B> program,
+resize the window and then restart the program. Even in this case, the
+<B>scout</B> program's response depends on the accuracy of the
+information it receives from the display environment. Testing during
+development has shown that the display environment does not reliably provide
+information about window resizing. If you use the X windowing system,
+issuing the following sequence of commands before starting the
+<B>scout</B> program (or placing them in the shell initialization file)
+sometimes makes it adjust properly to resizing.
+<PRE> %<B> set noglob</B>
+ % <B>eval '/usr/bin/X11/resize'</B>
+ % <B>unset noglob</B>
+</PRE>
+<A NAME="IDX7143"></A>
+<A NAME="IDX7144"></A>
+<A NAME="IDX7145"></A>
+<A NAME="IDX7146"></A>
+<A NAME="IDX7147"></A>
+<P><H3><A NAME="HDRWQ335" HREF="auagd002.htm#ToC_373">To start the scout program</A></H3>
+<OL TYPE=1>
+<P><LI>Open a dedicated command shell. If necessary, adjust it to the
+appropriate size.
+<P><LI>Issue the <B>scout</B> command to start the program.
+<PRE> % <B>scout</B> [<B>initcmd</B>] <B>-server</B> <<VAR>FileServer name(s) to monitor</VAR>><SUP>+</SUP> \
+ [<B>-basename</B> <<VAR>base server name</VAR>>] \
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>] [<B>-host</B>] \
+ [<B>-attention</B> <<VAR>specify attention (highlighting) level</VAR>><SUP>+</SUP>] \
+ [<B>-debug</B> <<VAR>turn debugging output on to the named file</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>initcmd
+</B><DD>Is an optional string that accommodates the command's use of the AFS
+command parser. It can be omitted and ignored.
+<P><DT><B>-server
+</B><DD>Identifies each File Server process to monitor, by naming the file server
+machine it is running on. Provide fully-qualified hostnames unless the
+<B>-basename</B> argument is used. In that case, specify only the
+initial part of each machine name, omitting the domain name suffix common to
+all the machine names.
+<P><DT><B>-basename
+</B><DD>Specifies the domain name suffix common to all of the file server machines
+named by the <B>-server</B> argument. For discussion of this
+argument's effects, see <A HREF="#HDRWQ328">Using the -basename argument to Specify a Domain Name</A>.
+<P>Do not include the period that separates the domain suffix from the initial
+part of the machine name, but do include any periods that occur within the
+suffix itself. (For example, in the ABC Corporation cell, the proper
+value is <B>abc.com</B>, not
+<B>.abc.com</B>.)
+<P><DT><B>-frequency
+</B><DD>Sets the frequency, in seconds, of the <B>scout</B> program's
+probes to File Server processes. Specify an integer greater than 0
+(zero). The default is 60 seconds.
+<P><DT><B>-host
+</B><DD>Displays the name of the machine that is running the <B>scout</B>
+program in the display window's banner line. By default, no
+machine name is displayed.
+<P><DT><B>-attention
+</B><DD>Defines the threshold value at which to highlight one or more
+statistics. You can provide the pairs of statistic and threshold in any
+order, separating each pair and the parts of each pair with one or more
+spaces. The following list defines the syntax for each
+statistic.
+<A NAME="IDX7148"></A>
+<A NAME="IDX7149"></A>
+<A NAME="IDX7150"></A>
+<DL>
+<P><DT><B>conn <VAR>connections</VAR>
+</B><DD>Highlights the value in the <TT>Conn</TT> (first) column when the number
+of connections that the File Server has open to client machines exceeds the
+<VAR>connections</VAR> value. The highlighting deactivates when the value
+goes back below the threshold. There is no default threshold.
+<P><DT><B>fetch <VAR>fetch_RPCs</VAR>
+</B><DD>Highlights the value in the <TT>Fetch</TT> (second) column when the
+number of fetch RPCs that clients have made to the File Server process exceeds
+the <VAR>fetch_RPCs</VAR> value. The highlighting deactivates only when
+the File Server process restarts, at which time the value returns to
+zero. There is no default threshold.
+<P><DT><B>store <VAR>store_RPCs</VAR>
+</B><DD>Highlights the value in the <TT>Store</TT> (third) column when the
+number of store RPCs that clients have made to the File Server process exceeds
+the <VAR>store_RPCs</VAR> value. The highlighting deactivates only when
+the File Server process restarts, at which time the value returns to
+zero. There is no default threshold.
+<P><DT><B>ws <VAR>active_clients</VAR>
+</B><DD>Highlights the value in the <TT>Ws</TT> (fourth) column when the number
+of active client machines (those that have contacted the File Server in the
+last 15 minutes) exceeds the <VAR>active_clients</VAR> value. The
+highlighting deactivates when the value goes back below the threshold.
+There is no default threshold.
+<P><DT><B>disk <VAR>percent_full</VAR> % or disk <VAR>min_blocks</VAR>
+</B><DD>Highlights the value for a partition in the <TT>Disk attn</TT> (sixth)
+column when either the amount of disk space used exceeds the percentage
+indicated by the<VAR>percent_full</VAR> value, or the number of free KB blocks
+is less than the <VAR>min_blocks</VAR> value. The highlighting
+deactivates when the value goes back below the <VAR>percent_full</VAR> threshold
+or above the <VAR>min_blocks</VAR> threshold.
+<P>The value you specify appears in the header of the sixth column following
+the string <TT>Disk attn</TT>. The default threshold is 95%
+full.
+<P>Acceptable values for <VAR>percent_full</VAR> are the integers from the range
+<B>0</B> (zero) to <B>99</B>, and you must include the percent sign to
+distinguish this statistic from a <VAR>min_blocks</VAR> value..
+</DL>
+<P>The following example sets the threshold for the <TT>Conn</TT> column to
+100, for the <TT>Ws</TT> column to 50, and for the <TT>Disk attn</TT>
+column to 75%. There is no threshold for the <TT>Fetch</TT> and
+<TT>Store</TT> columns.
+<P><B>-attention conn 100 ws 50 disk 75%</B>
+<P>The following example has the same affect as the previous one except that
+it sets the threshold for the <TT>Disk attn</TT> column to 5000 free KB
+blocks:
+<P><B>-attention disk 5000 ws 50 conn 100</B>
+<P><DT><B>-debug
+</B><DD>Enables debugging output and directs it into the specified file.
+Partial pathnames are interpreted relative to the current working
+directory. By default, no debugging output is produced.
+</DL>
+</OL>
+<P><H3><A NAME="Header_374" HREF="auagd002.htm#ToC_374">To stop the scout program</A></H3>
+<A NAME="IDX7151"></A>
+<OL TYPE=1>
+<P><LI>Enter <B>Ctrl-c</B> in the display window. This is the proper
+interrupt signal even if the general interrupt signal in your environment is
+different.
+</OL>
+<P><H3><A NAME="HDRWQ336" HREF="auagd002.htm#ToC_375">Example Commands and Displays</A></H3>
+<A NAME="IDX7152"></A>
+<A NAME="IDX7153"></A>
+<P>This section presents examples of the <B>scout</B> program, combining
+different arguments and illustrating the screen displays that result.
+<P>In the first example, an administrator in the ABC Corporation issues the
+<B>scout</B> command without providing any optional arguments or
+flags. She includes the <B>-server</B> argument because she is
+providing multiple machine names. She chooses to specify on the initial
+part of each machine's name even though she has not used the
+<B>-basename</B> argument, relying on the cell's name service to
+obtain the fully-qualified name that the <B>scout</B> program requires for
+establishing a connection.
+<PRE> % <B>scout -server fs1 fs2</B>
+</PRE>
+<P><A HREF="#FIGWQ337">Figure 2</A> depicts the resulting display. Notice first that the
+machine names in the fifth (unlabeled) column appear in the format the
+administrator used on the command line. Now consider the second line in
+the display region, where the machine name <TT>fs2</TT> appears in the fifth
+column. The <TT>Conn</TT> and <TT>Ws</TT> columns together show
+that machine <B>fs2</B> has 144 RPC connections open to 44 client
+machines, demonstrating that multiple connections per client machine are
+possible. The <TT>Fetch</TT> column shows that client machines have
+made 2,734,278 fetch RPCs to machine <B>fs2</B> since the File Server
+process last started and the <TT>Store</TT> column shows that they have made
+34,066 store RPCs.
+<P>Six partition entries appear in the <TT>Disk attn</TT> column, marked
+<TT>a</TT> through <TT>f</TT> (for <B>/vicepa</B> through
+<B>/vicepf</B>). They appear on three lines in two subcolumns
+because of the width of the window; if the window is wider, there are
+more subcolumns. Four of the partition entries (<TT>a</TT>,
+<TT>c</TT>, <TT>d</TT>, and <TT>e</TT>) appear in reverse video to
+indicate that they are more than 95% full (the threshold value that appears in
+the <TT>Disk attn</TT> header).
+<P><B><A NAME="FIGWQ337" HREF="auagd003.htm#FT_FIGWQ337">Figure 2. First example scout display</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="scout1.gif" ALT="First example scout display"><BR></B><BR>
+</TD></TR></TABLE>
+<P>In the second example, the administrator uses more of the <B>scout</B>
+program's optional arguments.
+<UL>
+<P><LI>She provides the machine names in the same form as in Example 1, but this
+time she also uses the <B>-basename</B> argument to specify their domain
+name suffix, <B>abc.com</B>. This implies that the
+<B>scout</B> program does not need the name service to expand the names to
+fully-qualified hostnames, but the name service still converts the hostnames
+to IP addresses.
+<P><LI>She uses the <B>-host</B> flag to display in the banner line the name
+of the client machine where the <B>scout</B> program is running.
+<P><LI>She uses the <B>-frequency</B> argument to changes the probing
+frequency from its default of once per minute to once every five
+seconds.
+<P><LI>She uses the <B>-attention</B> argument to changes the highlighting
+threshold for partitions to a 5000 KB minimum rather than the default of 95%
+full.
+</UL>
+<PRE> % <B>scout -server fs1 fs2 -basename abc.com -host -frequency 5 -attention disk 5000</B>
+</PRE>
+<P>The use of optional arguments results in several differences between <A HREF="#FIGWQ338">Figure 3</A> and <A HREF="#FIGWQ337">Figure 2</A>. First, because the <B>-host</B>
+flag is included, the banner line displays the name of the machine running the
+<B>scout</B> process as <TT>[client52]</TT> along with the basename
+<TT>abc.com</TT> specified with the <B>-basename</B>
+argument.
+<P>Another difference is that two rather than four of machine
+<B>fs2</B>'s partitions appear in reverse video, even though their
+values are almost the same as in <A HREF="#FIGWQ337">Figure 2</A>. This is because the administrator changed the
+highlight threshold to a 5000 block minimum, as also reflected in the
+<TT>Disk attn</TT> column's header. And while machine
+<B>fs2</B>'s partitions <B>/vicepa</B> and <B>/vicepd</B> are
+still 95% full, they have more than 5000 free blocks left; partitions
+<B>/vicepc</B> and <B>/vicepe</B> are highlighted because they have
+fewer than 5000 blocks free.
+<P>Note also the result of changing the probe frequency, reflected in the
+probe reporting line at the bottom left corner of the display. Both
+this example and the previous one represent a time lapse of one minute after
+the administrator issues the <B>scout</B> command. In this example,
+however, the <B>scout</B> program has probed the File Server processes 12
+times as opposed to once
+<P><B><A NAME="FIGWQ338" HREF="auagd003.htm#FT_FIGWQ338">Figure 3. Second example scout display</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="scout2.gif" ALT="Second example scout display"><BR></B><BR>
+</TD></TR></TABLE>
+<P>In <A HREF="#FIGWQ339">Figure 4</A>, an administrator in the State University cell monitors
+three of that cell's file server machines. He uses the
+<B>-basename</B> argument to specify the <B>stateu.edu</B>
+domain name.
+<PRE> % <B>scout -server server2 server3 server4 -basename stateu.edu</B>
+</PRE>
+<P><B><A NAME="FIGWQ339" HREF="auagd003.htm#FT_FIGWQ339">Figure 4. Third example scout display</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="scout3.gif" ALT="Third example scout display"><BR></B><BR>
+</TD></TR></TABLE>
+<P><A HREF="#FIGWQ340">Figure 5</A> illustrates three of the <B>scout</B> program's
+features. First, you can monitor file server machines from different
+cells in a single display: <B>fs1.abc.com</B>,
+<B>server3.stateu.edu</B>, and
+<B>sv7.def.com</B>. Because the machines belong to
+different cells, it is not possible to provide the <B>-basename</B>
+argument.
+<P>Second, it illustrates how the display must truncate machine names that do
+not fit in the fifth column, using an asterisk at the end of the name to show
+that it is shortened.
+<P>Third, it illustrates what happens when the <B>scout</B> process cannot
+reach a File Server process, in this case the one on the machine
+<B>sv7.def.com</B>: it highlights the machine name and
+blanks out the values in the other columns.
+<P><B><A NAME="FIGWQ340" HREF="auagd003.htm#FT_FIGWQ340">Figure 5. Fourth example scout display</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="scout4.gif" ALT="Fourth example scout display"><BR></B><BR>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ341" HREF="auagd002.htm#ToC_376">Using the fstrace Command Suite</A></H2>
+<P>This section describes the <B>fstrace</B> commands that
+system administrators employ to trace Cache Manager activity for debugging
+purposes. It assumes the reader is familiar with the Cache Manager
+concepts described in <A HREF="auagd015.htm#HDRWQ387">Administering Client Machines and the Cache Manager</A>.
+<P>The <B>fstrace</B> command suite monitors the internal activity of the
+Cache Manager and enables you to record, or trace, its operations in
+detail. The operations, which are termed <I>events</I>, comprise
+the <B>cm</B> <I>event set</I>. Examples of <B>cm</B>
+events are fetching files and looking up information for a listing of files
+and subdirectories using the UNIX <B>ls</B> command.
+<P>Following are the <B>fstrace</B> commands and their respective
+functions:
+<UL>
+<P><LI>The <B>fstrace apropos</B> command provides a short description of
+commands.
+<P><LI>The <B>fstrace clear</B> command clears the trace log.
+<P><LI>The <B>fstrace dump</B> command dumps the contents of the trace
+log.
+<P><LI>The <B>fstrace help</B> command provides a description and syntax for
+commands.
+<P><LI>The <B>fstrace lslog</B> command lists information about the trace
+log.
+<P><LI>The <B>fstrace lsset</B> command lists information about the event
+set.
+<P><LI>The <B>fstrace setlog</B> command changes the size of the trace
+log.
+<P><LI>The <B>fstrace setset</B> command sets the state of the event
+set.
+</UL>
+<P><H3><A NAME="HDRWQ342" HREF="auagd002.htm#ToC_377">About the fstrace Command Suite</A></H3>
+<P>The <B>fstrace</B> command suite replaces and greatly
+expands the functionality formerly provided by the <B>fs debug</B>
+command. Its intended use is to aid in diagnosis of specific Cache
+Manager problems, such as client machine hangs, cache consistency problems,
+clock synchronization errors, and failures to access a volume or AFS
+file. Therefore, it is best not to keep <B>fstrace</B> logging
+enabled at all times, unlike the logging for AFS server processes.
+<P>Most of the messages in the trace log correspond to low-level Cache Manager
+operations. It is likely that only personnel familiar with the AFS
+source code can interpret them. If you have an AFS source license, you
+can attempt to interpret the trace yourself, or work with the AFS Product
+Support group to resolve the underlying problems. If you do not have an
+AFS source license, it is probably more efficient to contact the AFS Product
+Support group immediately in case of problems. They can instruct you to
+activate <B>fstrace</B> tracing if appropriate.
+<P>The log can grow in size very quickly; this can use valuable disk
+space if you are writing to a file in the local file space.
+Additionally, if the size of the log becomes too large, it can become
+difficult to parse the results for pertinent information.
+<A NAME="IDX7154"></A>
+<A NAME="IDX7155"></A>
+<P>When AFS tracing is enabled, each time a <B>cm</B> event occurs, a
+message is written to the trace log, <B>cmfx</B>. To diagnose a
+problem, read the output of the trace log and analyze the operations executed
+by the Cache Manager. The default size of the trace log is 60 KB, but
+you can increase or decrease it.
+<A NAME="IDX7156"></A>
+<A NAME="IDX7157"></A>
+<P>To use the <B>fstrace</B> command suite, you must first enable tracing
+and reserve, or allocate, space for the trace log with the <B>fstrace
+setset</B> command. With this command, you can set the <B>cm</B>
+event set to one of three states to enable or disable tracing for the event
+set and to allocate or deallocate space for the trace log in the kernel:
+<A NAME="IDX7158"></A>
+<A NAME="IDX7159"></A>
+<A NAME="IDX7160"></A>
+<DL>
+<P><DT><B>active
+</B><DD>Enables tracing for the event set and allocates space for the trace
+log.
+<P><DT><B>inactive
+</B><DD>Temporarily disables tracing for the event set; however, the event
+set continues to allocate space occupied by the log to which it sends
+data.
+<P><DT><B>dormant
+</B><DD>Disables tracing for the event set; furthermore, the event set
+releases the space occupied by the log to which it sends data. When the
+<B>cm</B> event set that sends data to the <B>cmfx</B> trace log is in
+this state, the space allocated for that log is freed or deallocated.
+</DL>
+<A NAME="IDX7161"></A>
+<A NAME="IDX7162"></A>
+<A NAME="IDX7163"></A>
+<P>Both event sets and trace logs can be designated as <I>persistent</I>,
+which prevents accidental resetting of an event set's state or clearing
+of a trace log. The designation is made as the kernel is compiled and
+cannot be changed.
+<P>If an event set such as <B>cm</B> is persistent, you can change its
+state only by including the <B>-set</B> argument to the <B>fstrace
+setset</B> command. (That is, you cannot change its state along with
+the state of all other event sets by issuing the <B>fstrace setset</B>
+command with no arguments.) Similarly, if a trace log such as
+<B>cmfx</B> is persistent, you can clear it only by including either the
+<B>-set</B> or <B>-log</B> argument to the <B>fstrace clear</B>
+command (you cannot clear it along with all other trace logs by issuing the
+<B>fstrace clear</B> command with no arguments.)
+<P>When a problem occurs, set the <B>cm</B> event set to active using the
+<B>fstrace setset</B> command. When tracing is enabled on a busy
+AFS client, the volume of events being recorded is significant;
+therefore, when you are diagnosing problems, restrict AFS activity as much as
+possible to minimize the amount of extraneous tracing in the log.
+Because tracing can have a negative impact on system performance, leave
+<B>cm</B> tracing in the dormant state when you are not diagnosing
+problems.
+<P>If a problem is reproducible, clear the <B>cmfx</B> trace log with the
+<B>fstrace clear</B> command and reproduce the problem. If the
+problem is not easily reproduced, keep the state of the event set active until
+the problem recurs.
+<P>To view the contents of the trace log and analyze the <B>cm</B> events,
+use the <B>fstrace dump</B> command to copy the content lines of the trace
+log to standard output (stdout) or to a file.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If a particular command or process is causing problems, determine its process
+id (PID). Search the output of the <B>fstrace dump</B> command for
+the PID to find only those lines associated with the problem.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ343" HREF="auagd002.htm#ToC_378">Requirements for Using the fstrace Command Suite</A></H3>
+<A NAME="IDX7164"></A>
+<A NAME="IDX7165"></A>
+<P>Except for the <B>fstrace help</B> and <B>fstrace apropos</B>
+commands, which require no privilege, issuing the <B>fstrace</B> commands
+requires that the issuer be logged in as the local superuser <B>root</B>
+on the local client machine. Before issuing an <B>fstrace</B>
+command, verify that you have the necessary privilege.
+<P>The Cache Manager catalog must be in place so that logging can
+occur. The <B>fstrace</B> command suite uses the standard UNIX
+catalog utilities. The default location is
+<B>/usr/vice/etc/C/afszcm.cat</B>. It can be placed in
+another directory by placing the file elsewhere and using the proper NLSPATH
+and LANG environment variables.
+<P><H3><A NAME="Header_379" HREF="auagd002.htm#ToC_379">Using fstrace Commands Effectively</A></H3>
+<P>To use <B>fstrace</B> commands most effectively, configure them as
+indicated:
+<UL>
+<P><LI>Store the <B>fstrace</B> binary in a local disk directory.
+<P><LI>When you dump the <B>fstrace</B> log to a file, direct it to one on
+the local disk.
+<P><LI>The trace can grow large in just a few minutes. Before attempting
+to dump the log to a local file, verify that you have enough room. Be
+particularly careful if you are using disk quotas on partitions in the local
+file system.
+<P><LI>Attempt to limit Cache Manager activity on the AFS client machine other
+than the problem operation. This reduces the amount of extraneous data
+in the trace.
+<P><LI>Activate the <B>fstrace</B> log for the shortest possibly period of
+time. If possible activate the trace immediately before performing the
+problem operation, deactivate it as soon as the operation completes, and dump
+the trace log to a file immediately.
+<P><LI>If possible, obtain UNIX process ID (PID) of the command or program that
+initiates the problematic operation. This enables the person analyzing
+the trace log to search it for messages associated with the PID.
+</UL>
+<P><H3><A NAME="HDRWQ344" HREF="auagd002.htm#ToC_380">Activating the Trace Log</A></H3>
+<P>To start Cache Manager tracing on an AFS client machine, you
+must first configure
+<UL>
+<P><LI>The <B>cmfx</B> kernel trace log using the <B>fstrace setlog</B>
+command
+<P><LI>The <B>cm</B> event set using the <B>fstrace setset</B> command
+</UL>
+<P>The <B>fstrace setlog</B> command sets the size of the <B>cmfx</B>
+kernel trace log in kilobytes. The trace log occupies 60 kilobytes of
+kernel by default. If the trace log already exists, it is cleared when
+this command is issued and a new log of the given size is created.
+Otherwise, a new log of the desired size is created.
+<P>The <B>fstrace setset</B> command sets the state of the <B>cm</B>
+kernel event set. The state of the <B>cm</B> event set determines
+whether information on the events in that event set is logged.
+<P>After establishing kernel tracing on the AFS client machine, you can check
+the state of the event set and the size of the kernel buffer allocated for the
+trace log. To display information about the state of the <B>cm</B>
+event set, issue the <B>fstrace lsset</B> command. To display
+information about the <B>cmfx</B> trace log, use the <B>fstrace
+lslog</B> command. See the instructions in <A HREF="#HDRWQ346">Displaying the State of a Trace Log or Event Set</A>.
+<A NAME="IDX7166"></A>
+<A NAME="IDX7167"></A>
+<A NAME="IDX7168"></A>
+<A NAME="IDX7169"></A>
+<P><H3><A NAME="Header_381" HREF="auagd002.htm#ToC_381">To configure the trace log</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fstrace setlog</B> command to set the size of the
+<B>cmfx</B> kernel trace log.
+<PRE> # <B>fstrace setlog</B> [<B>-log</B> <<VAR>log_name</VAR>><SUP>+</SUP>] <B>-buffersize</B> <<VAR>1-kilobyte_units</VAR>>
+</PRE>
+</OL>
+<P>The following example sets the size of the <B>cmfx</B> trace log to 80
+KB.
+<PRE> # <B>fstrace setlog cmfx 80</B>
+</PRE>
+<A NAME="IDX7170"></A>
+<A NAME="IDX7171"></A>
+<A NAME="IDX7172"></A>
+<A NAME="IDX7173"></A>
+<P><H3><A NAME="HDRWQ345" HREF="auagd002.htm#ToC_382">To set the event set</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fstrace setset</B> command to set the state of event
+sets.
+<PRE> % <B>fstrace setset</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-active</B>] [<B>-inactive</B>] \
+ [<B>-dormant</B>]
+</PRE>
+</OL>
+<P>The following example activates the <B>cm</B> event set.
+<PRE> # <B>fstrace setset cm -active</B>
+</PRE>
+<P><H3><A NAME="HDRWQ346" HREF="auagd002.htm#ToC_383">Displaying the State of a Trace Log or Event Set</A></H3>
+<P>An event set must be in the <I>active</I> state to be
+included in the trace log. To display an event set's state, use
+the <B>fstrace lsset</B> command. To set its state, issue the
+<B>fstrace setset</B> command as described in <A HREF="#HDRWQ345">To set the event set</A>.
+<P>To display size and allocation information for the trace log, issue the
+<B>fstrace lslog</B>command with the <B>-long</B> argument.
+<A NAME="IDX7174"></A>
+<A NAME="IDX7175"></A>
+<A NAME="IDX7176"></A>
+<A NAME="IDX7177"></A>
+<P><H3><A NAME="Header_384" HREF="auagd002.htm#ToC_384">To display the state of an event set</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fstrace lsset</B> command to display the available event
+set and its state.
+<PRE> # <B>fstrace lsset</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>]
+</PRE>
+</OL>
+<P>The following example displays the event set and its state on the local
+machine.
+<PRE> #<B> fstrace lsset cm</B>
+ Available sets:
+ cm active
+</PRE>
+<P>The output from this command lists the event set and its states. The
+three event states for the <B>cm</B> event set are:
+<DL>
+<P><DT><B><TT>active</TT>
+</B><DD>Tracing is enabled.
+<P><DT><B><TT>inactive</TT>
+</B><DD>Tracing is disabled, but space is still allocated for the corresponding
+trace log (<B>cmfx</B>).
+<P><DT><B><TT>dormant</TT>
+</B><DD>Tracing is disabled, and space is no longer allocated for the
+corresponding trace log (<B>cmfx</B>).Disables tracing for the
+event set.
+</DL>
+<A NAME="IDX7178"></A>
+<A NAME="IDX7179"></A>
+<A NAME="IDX7180"></A>
+<A NAME="IDX7181"></A>
+<P><H3><A NAME="Header_385" HREF="auagd002.htm#ToC_385">To display the log size</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fstrace lslog</B> command to display information about
+the kernel trace log.
+<PRE> # <B>fstrace lslog</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-log</B> <<VAR>log_name</VAR>>] [<B>-long</B>]
+</PRE>
+</OL>
+<P>The following example uses the <B>-long</B> flag to display additional
+information about the <B>cmfx</B> trace log.
+<PRE> # <B>fstrace lslog cmfx -long</B>
+ Available logs:
+ cmfx : 60 kbytes (allocated)
+</PRE>
+<P>The output from this command lists information on the trace log.
+When issued without the <B>-long</B> flag, the <B>fstrace lslog</B>
+command lists only the name of the log. When issued with the
+<B>-long</B> flag, the <B>fstrace lslog</B> command lists the log, the
+size of the log in kilobytes, and the allocation state of the log.
+<P>There are two allocation states for the kernel trace log:
+<DL>
+<P><DT><B><TT>allocated</TT>
+</B><DD>Space is reserved for the log in the kernel. This indicates that
+the event set that writes to this log is either <I>active</I> (tracing is
+enabled for the event set) or <I>inactive</I> (tracing is temporarily
+disabled for the event set); however, the event set continues to reserve
+space occupied by the log to which it sends data.
+<P><DT><B><TT>unallocated</TT>
+</B><DD>Space is not reserved for the log in the kernel. This indicates
+that the event set that writes to this log is <I>dormant</I> (tracing is
+disabled for the event set); furthermore, the event set releases the
+space occupied by the log to which it sends data.
+</DL>
+<P><H3><A NAME="HDRWQ347" HREF="auagd002.htm#ToC_386">Dumping and Clearing the Trace Log</A></H3>
+<P>After the Cache Manager operation you want to trace is
+complete, use the <B>fstrace dump</B> command to dump the trace log to the
+standard output stream or to the file named by the <B>-file</B>
+argument. Or, to dump the trace log continuously, use the
+<B>-follow</B> argument (combine it with the <B>-file</B> argument if
+desired). To halt continuous dumping, press an interrupt signal such as
+<<B>Ctrl-c</B>>.
+<P>To clear a trace log when you no longer need the data in it, issue the
+<B>fstrace clear</B> command. (The <B>fstrace setlog</B>
+command also clears an existing trace log automatically when you use it to
+change the log's size.)
+<A NAME="IDX7182"></A>
+<A NAME="IDX7183"></A>
+<A NAME="IDX7184"></A>
+<A NAME="IDX7185"></A>
+<A NAME="IDX7186"></A>
+<P><H3><A NAME="Header_387" HREF="auagd002.htm#ToC_387">To dump the contents of a trace log</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fstrace dump</B> command to dump trace logs.
+<PRE> # <B>fstrace dump</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-follow</B> <<VAR>log_name></VAR>] \
+ [<B>-file</B> <<VAR>output_filename</VAR>>] \
+ [<B>-sleep</B> <<VAR>seconds_between_reads</VAR>>]
+</PRE>
+</OL>
+<P>At the beginning of the output of each dump is a header specifying the date
+and time at which the dump began. The number of logs being dumped is
+also displayed if the <B>-follow</B> argument is not specified. The
+header appears as follows:
+<PRE> AFS Trace Dump --
+ Date: <VAR>date</VAR> <VAR>time</VAR>
+ Found <VAR>n</VAR> logs.
+</PRE>
+<P>where <I>date</I> is the starting date of the trace log dump,
+<I>time</I> is the starting time of the trace log dump, and <I>n</I>
+specifies the number of logs found by the <B>fstrace dump</B>
+command.
+<P>The following is an example of trace log dump header:
+<PRE> AFS Trace Dump --
+ Date: Fri Apr 16 10:44:38 1999
+ Found 1 logs.
+</PRE>
+<P>The contents of the log follow the header and are comprised of messages
+written to the log from an active event set. The messages written to
+the log contain the following three components:
+<UL>
+<P><LI>The timestamp associated with the message (number of seconds from an
+arbitrary start point)
+<P><LI>The process ID or thread ID associated with the message
+<P><LI>The message itself
+</UL>
+<P>A trace log message is formatted as follows:
+<PRE> time <VAR>timestamp</VAR>, pid <VAR>pid</VAR>:<VAR>event message</VAR>
+</PRE>
+<P>where <I>timestamp</I> is the number of seconds from an arbitrary start
+point, <I>pid</I> is the process ID number of the Cache Manager event, and
+<I>event message</I> is the Cache Manager event which corresponds with a
+function in the AFS source code.
+<P>The following is an example of a dumped trace log message:
+<PRE> time 749.641274, pid 3002:Returning code 2 from 19
+</PRE>
+<P>For the messages in the trace log to be most readable, the Cache Manager
+catalog file needs to be installed on the local disk of the client
+machine; the conventional location is
+<B>/usr/vice/etc/C/afszcm.cat</B>. Log messages that begin
+with the string <TT>raw op</TT>, like the following, indicate that the
+catalog is not installed.
+<PRE> raw op 232c, time 511.916288, pid 0
+ p0:Fri Apr 16 10:36:31 1999
+</PRE>
+<P>Every 1024 seconds, a current time message is written to each log.
+This message has the following format:
+<PRE> time <VAR>timestamp</VAR>, pid <VAR>pid</VAR>: Current time: <VAR>unix_time</VAR>
+</PRE>
+<P>where <VAR>timestamp</VAR> is the number of seconds from an arbitrary start
+point, <VAR>pid</VAR> is the process ID number, and <VAR>unix_time</VAR> is the
+standard time format since January 1, 1970.
+<P>The current time message can be used to determine the actual time
+associated with each log message. Determine the actual time as
+follows:
+<OL TYPE=1>
+<P><LI>Locate the log message whose actual time you want to determine.
+<P><LI>Search backward through the dump record until you come to a current time
+message.
+<P><LI>If the current time message's <I>timestamp</I> is smaller than
+the log message's <I>timestamp</I>, subtract the former from the
+latter. If the current time message's <I>timestamp</I> is
+larger than the log message's <I>timestamp</I>, add 1024 to the
+latter and subtract the former from the result.
+<P><LI>Add the resulting number to the current time message's
+<I>unix_time</I> to determine the log message's actual time.
+</OL>
+<P>Because log data is stored in a finite, circular buffer, some of the data
+can be overwritten before being read. If this happens, the following
+message appears at the appropriate place in the dump:
+<PRE> Log wrapped; data missing.
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If this message appears in the middle of a dump, which can happen under a
+heavy work load, it indicates that not all of the log data is being written to
+the log or some data is being overwritten. Increasing the size of the
+log with the <B>fstrace setlog</B> command can alleviate this
+problem.
+</TD></TR></TABLE>
+<A NAME="IDX7187"></A>
+<A NAME="IDX7188"></A>
+<A NAME="IDX7189"></A>
+<A NAME="IDX7190"></A>
+<A NAME="IDX7191"></A>
+<P><H3><A NAME="Header_388" HREF="auagd002.htm#ToC_388">To clear the contents of a trace log</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fstrace clear</B> command to clear logs by log name or by
+event set.
+<PRE> # <B>fstrace clear</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-log</B> <<VAR>log_name</VAR>><SUP>+</SUP>]
+</PRE>
+</OL>
+<P>The following example clears the <B>cmfx</B> log used by the
+<B>cm</B> event set on the local machine.
+<PRE> # <B>fstrace clear cm</B>
+</PRE>
+<P>The following example also clears the <B>cmfx</B> log on the local
+machine.
+<PRE> # <B>fstrace clear cmfx</B>
+</PRE>
+<A NAME="IDX7192"></A>
+<P><H3><A NAME="HDRWQ348" HREF="auagd002.htm#ToC_389">Examples of fstrace Commands</A></H3>
+<P>This section contains an extensive example of the use of the
+<B>fstrace</B> command suite, which is useful for gathering a detailed
+trace of Cache Manager activity when you are working with AFS Product Support
+to diagnose a problem. The Product Support representative can guide you
+in choosing appropriate parameter settings for the trace.
+<P>Before starting the kernel trace log, try to isolate the Cache Manager on
+the AFS client machine that is experiencing the problem accessing the
+file. If necessary, instruct users to move to another machine so as to
+minimize the Cache Manager activity on this machine. To minimize the
+amount of unrelated AFS activity recorded in the trace log, place both the
+<B>fstrace</B> binary and the dump file must reside on the local disk, not
+in AFS. You must be logged in as the local superuser <B>root</B> to
+issue <B>fstrace</B> commands.
+<P>Before starting a kernel trace, issue the <B>fstrace lsset</B> command
+to check the state of the <B>cm</B> event set.
+<PRE> # <B>fstrace lsset cm</B>
+</PRE>
+<P>If tracing has not been enabled previously or if tracing has been turned
+off on the client machine, the following output is displayed:
+<PRE> Available sets:
+ cm inactive
+</PRE>
+<P>If tracing has been turned off and kernel memory is not allocated for the
+trace log on the client machine, the following output is displayed:
+<PRE> Available sets:
+ cm inactive (dormant)
+</PRE>
+<P>If the current state of the <B>cm</B> event set is <TT>inactive</TT>
+or <TT>inactive (dormant)</TT>, turn on kernel tracing by issuing the
+<B>fstrace setset</B> command with the <B>-active</B> flag.
+<PRE> # <B>fstrace setset cm -active</B>
+</PRE>
+<P>If tracing is enabled currently on the client machine, the following output
+is displayed:
+<PRE> Available sets:
+ cm active
+</PRE>
+<P>If tracing is enabled currently, you do not need to use the <B>fstrace
+setset</B> command. Do issue the <B>fstrace clear</B> command to
+clear the contents of any existing trace log, removing prior traces that are
+not related to the current problem.
+<PRE> # <B>fstrace clear cm</B>
+</PRE>
+<P>After checking on the state of the event set, issue the <B>fstrace
+lslog</B> command with the <B>-long</B> flag to check the current state
+and size of the kernel trace log .
+<PRE> # <B>fstrace lslog cmfx -long</B>
+</PRE>
+<P>If tracing has not been enabled previously or the <B>cm</B> event set
+was set to <TT>active</TT> or <TT>inactive</TT> previously, output similar
+to the following is displayed:
+<PRE> Available logs:
+ cmfx : 60 kbytes (allocated)
+</PRE>
+<P>The <B>fstrace</B> tracing utility allocates 60 kilobytes of memory to
+the trace log by default. You can increase or decrease the amount of
+memory allocated to the kernel trace log by setting it with the <B>fstrace
+setlog</B> command. The number specified with the
+<B>-buffersize</B> argument represents the number of kilobytes allocated
+to the kernel trace log. If you increase the size of the kernel trace
+log to 100 kilobytes, issue the following command.
+<PRE> # <B>fstrace setlog cmfx</B> 100
+</PRE>
+<P>After ensuring that the kernel trace log is configured for your needs, you
+can set up a file into which you can dump the kernel trace log. For
+example, create a dump file with the name
+<B>cmfx.dump.file.1</B> using the following
+<B>fstrace dump</B> command. Issue the command as a continuous
+process by adding the <B>-follow</B> and <B>-sleep</B>
+arguments. Setting the <B>-sleep</B> argument to <I>10</I>
+dumps output from the kernel trace log to the file every 10 seconds.
+<PRE> # <B>fstrace dump -follow</B> cmfx <B>-file</B> cmfx.dump.file.1 <B>-sleep</B> 10
+ AFS Trace Dump -
+ Date: Fri Apr 16 10:54:57 1999
+ Found 1 logs.
+ time 32.965783, pid 0: Fri Apr 16 10:45:52 1999
+ time 32.965783, pid 33657: Close 0x5c39ed8 flags 0x20
+ time 32.965897, pid 33657: Gn_close vp 0x5c39ed8 flags 0x20 (returns
+ 0x0)
+ time 35.159854, pid 10891: Breaking callback for 5bd95e4 states 1024
+ (volume 0)
+ time 35.407081, pid 10891: Breaking callback for 5c0fadc states 1024
+ (volume 0)
+ . .
+ . .
+ . .
+ time 71.440456, pid 33658: Lookup adp 0x5bbdcf0 name g3oCKs fid (756
+ 4fb7e:588d240.2ff978a8.6)
+ time 71.440569, pid 33658: Returning code 2 from 19
+ time 71.440619, pid 33658: Gn_lookup vp 0x5bbdcf0 name g3oCKs (returns
+ 0x2)
+ time 71.464989, pid 38267: Gn_open vp 0x5bbd000 flags 0x0 (returns 0x
+ 0)
+ AFS Trace Dump - Completed
+</PRE>
+<HR><H2><A NAME="HDRWQ349" HREF="auagd002.htm#ToC_390">Using the afsmonitor Program</A></H2>
+<A NAME="IDX7193"></A>
+<P>The <B>afsmonitor</B> program enables you to monitor the status and
+performance of specified File Server and Cache Manager processes by gathering
+statistical information. Among its other uses, the
+<B>afsmonitor</B> program can be used to fine-tune Cache Manager
+configuration and load balance File Servers.
+<P>The <B>afsmonitor</B> program enables you to perform the following
+tasks.
+<UL>
+<P><LI>Monitor any number of File Server and Cache Manager processes on any
+number of machines (in both local and foreign cells) from a single
+location.
+<P><LI>Set threshold values for any monitored statistic. When the value of
+a statistic exceeds the threshold, the <B>afsmonitor</B> program
+highlights it to draw your attention. You can set threshold levels that
+apply to every machine or only some.
+<P><LI>Invoke programs or scripts automatically when a statistic exceeds its
+threshold.
+</UL>
+<P><H3><A NAME="HDRWQ350" HREF="auagd002.htm#ToC_391">Requirements for running the afsmonitor program</A></H3>
+<A NAME="IDX7194"></A>
+<P>The following software must be accessible to a machine where the
+<B>afsmonitor</B> program is running:
+<UL>
+<P><LI>The AFS <B>xstat</B> libraries, which the <B>afsmonitor</B>
+program uses to gather data
+<P><LI>The <B>curses</B> graphics package, which most UNIX distributions
+provide as a standard utility
+</UL>
+<A NAME="IDX7195"></A>
+<A NAME="IDX7196"></A>
+<P>The <B>afsmonitor</B> screens format successfully both on so-called
+dumb terminals and in windowing systems that emulate terminals. For the
+output to looks its best, the display environment needs to support reverse
+video and cursor addressing. Set the TERM environment variable to the
+correct terminal type, or to a value that has characteristics similar to the
+actual terminal type. The display window or terminal must be at least
+80 columns wide and 12 lines long.
+<A NAME="IDX7197"></A>
+<A NAME="IDX7198"></A>
+<A NAME="IDX7199"></A>
+<P>The <B>afsmonitor</B> program must run in the foreground, and in its
+own separate, dedicated window or terminal. The window or terminal is
+unavailable for any other activity as long as the <B>afsmonitor</B>
+program is running. Any number of instances of the
+<B>afsmonitor</B> program can run on a single machine, as long as each
+instance runs in its own dedicated window or terminal. Note that it can
+take up to three minutes to start an additional instance.
+<P>
+<A NAME="IDX7200"></A>
+No privilege is required to run the <B>afsmonitor</B> program. By
+convention, it is installed in the <B>/usr/afsws/bin</B> directory, and
+anyone who can access the directory can monitor File Servers and Cache
+Managers. The probes through which the <B>afsmonitor</B> program
+collects statistics do not constitute a significant burden on the File Server
+or Cache Manager unless hundreds of people are running the program. If
+you wish to restrict its use, place the binary file in a directory available
+only to authorized users.
+<P><H3><A NAME="Header_392" HREF="auagd002.htm#ToC_392">The afsmonitor Output Screens</A></H3>
+<A NAME="IDX7201"></A>
+<P>The <B>afsmonitor</B> program displays its data on three screens:
+<UL>
+<P><LI><TT>System Overview</TT>: This screen appears automatically when
+the <B>afsmonitor</B> program initializes. It summarizes separately
+for File Servers and Cache Managers the number of machines being monitored and
+how many of them have <I>alerts</I> (statistics that have exceeded their
+thresholds). It then lists the hostname and number of alerts for each
+machine being monitored, indicating if appropriate that a process failed to
+respond to the last probe.
+<P><LI><TT>File Server</TT>: This screen displays File Server statistics
+for each file server machine being monitored. It highlights statistics
+that have exceeded their thresholds, and identifies machines that failed to
+respond to the last probe.
+<P><LI><TT>Cache Managers</TT>: This screen displays Cache Manager
+statistics for each client machine being monitored. It highlights
+statistics that have exceeded their thresholds, and identifies machines that
+failed to respond to the last probe.
+</UL>
+<P>Fields at the corners of every screen display the following
+information:
+<UL>
+<P><LI>In the top left corner, the program name and version number.
+<P><LI>In the top right corner, the screen name, current and total page numbers,
+and current and total column numbers. The page number (for example,
+<TT>p. 1 of 3</TT>) indicates the index of the current page and the
+total number of (vertical) pages over which data is displayed. The
+column number (for example, <TT>c. 1 of 235</TT>) indicates the index
+of the current leftmost column and the total number of columns in which data
+appears. (The symbol <TT>>>></TT> indicates that there is additional
+data to the right; the symbol <TT><<<</TT> indicates that
+there is additional data to the left.)
+<P><LI>In the bottom left corner, a list of the available commands. Enter
+the first letter in the command name to run that command. Only the
+currently possible options appear; for example, if there is only one page
+of data, the <TT>next</TT> and <TT>prev</TT> commands, which scroll the
+screen up and down respectively, do not appear. For descriptions of the
+commands, see the following section about navigating the display
+screens.
+<P><LI>In the bottom right corner, the <TT>probes</TT> field reports how many
+times the program has probed File Servers (<TT>fs</TT>), Cache Managers
+(<TT>cm</TT>), or both. The counts for File Servers and Cache
+Managers can differ. The <TT>freq</TT> field reports how often the
+program sends probes.
+</UL>
+<P><B>Navigating the afsmonitor Display Screens</B>
+<P>As noted, the lower left hand corner of every display screen displays the
+names of the commands currently available for moving to alternate screens,
+which can either be a different type or display more statistics or machines of
+the current type. To execute a command, press the lowercase version of
+the first letter in its name. Some commands also have an uppercase
+version that has a somewhat different effect, as indicated in the following
+list.
+<DL>
+<P><DT><B><TT>cm</TT>
+</B><DD>Switches to the <TT>Cache Managers</TT> screen. Available only on
+the <TT>System Overview</TT> and <TT>File Servers</TT> screens.
+<P><DT><B><TT>fs</TT>
+</B><DD>Switches to the <TT>File Servers</TT> screen. Available only on
+the <TT>System Overview</TT> and the <TT>Cache Managers</TT>
+screens.
+<P><DT><B><TT>left</TT>
+</B><DD>Scrolls horizontally to the left, to access the data columns situated to
+the left of the current set. Available when the <TT><<<</TT>
+symbol appears at the top left of the screen. Press uppercase
+<B>L</B> to scroll horizontally all the way to the left (to display the
+first set of data columns).
+<P><DT><B><TT>next</TT>
+</B><DD>Scrolls down vertically to the next page of machine names.
+Available when there are two or more pages of machines and the final page is
+not currently displayed. Press uppercase <B>N</B> to scroll to the
+final page.
+<P><DT><B><TT>oview</TT>
+</B><DD>Switches to the <TT>System Overview</TT> screen. Available only
+on the <TT>Cache Managers</TT> and <TT>File Servers</TT> screens.
+<P><DT><B><TT>prev</TT>
+</B><DD>Scrolls up vertically to the previous page of machine names.
+Available when there are two or more pages of machines and the first page is
+not currently displayed. Press uppercase <B>N</B> to scroll to the
+first page.
+<P><DT><B><TT>right</TT>
+</B><DD>Scrolls horizontally to the right, to access the data columns situated to
+the right of the current set. This command is available when the
+<TT>>>></TT> symbol appears at the upper right of the screen. Press
+uppercase <B>R</B> to scroll horizontally all the way to the right (to
+display the final set of data columns).
+</DL>
+<P><H3><A NAME="Header_393" HREF="auagd002.htm#ToC_393">The System Overview Screen</A></H3>
+<P>The <TT>System Overview</TT> screen appears automatically as the
+<B>afsmonitor</B> program initializes. This screen displays the
+status of as many File Server and Cache Manager processes as can fit in the
+current window; scroll down to access additional information.
+<P>The information on this screen is split into File Server information on the
+left and Cache Manager information on the right. The header for each
+grouping reports two pieces of information:
+<UL>
+<P><LI>The number of machines on which the program is monitoring the indicated
+process
+<P><LI>The number of alerts and the number of machines affected by them (an
+<I>alert</I>means that a statistic has exceeded its threshold or a process
+failed to respond to the last probe)
+</UL>
+<P>A list of the machines being monitored follows. If there are any
+alerts on a machine, the number of them appears in square brackets to the left
+of the hostname. If a process failed to respond to the last probe, the
+letters <TT>PF</TT> (probe failure) appear in square brackets to the left of
+the hostname.
+<P>The following graphic is an example <TT>System Overview</TT>
+screen. The <B>afsmonitor</B> program is monitoring six File
+Servers and seven Cache Managers. The File Server process on host
+<B>fs1.abc.com</B> and the Cache Manager on host
+<B>cli33.abc.com</B> are each marked <TT>[ 1]</TT> to
+indicate that one threshold value is exceeded. The <TT>[PF]</TT>
+marker on host <B>fs6.abc.com</B> indicates that its File
+Server process did not respond to the last probe.
+<P><B><A NAME="Figure_6" HREF="auagd003.htm#FT_Figure_6">Figure 6. The afsmonitor System Overview Screen</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="overview.gif" ALT="System Overview Screen"><BR></B><BR>
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_394" HREF="auagd002.htm#ToC_394">The File Servers Screen</A></H3>
+<P>The <TT>File Servers</TT> screen displays the values collected at the
+most recent probe for File Server statistics.
+<P>A summary line at the top of the screen (just below the standard program
+version and screen title blocks) specifies the number of monitored File
+Servers, the number of alerts, and the number of machines affected by the
+alerts.
+<P>The first column always displays the hostnames of the machines running the
+monitored File Servers.
+<P>To the right of the hostname column appear as many columns of statistics as
+can fit within the current width of the display screen or window; each
+column requires space for 10 characters. The name of the statistic
+appears at the top of each column. If the File Server on a machine did
+not respond to the most recent probe, a pair of dashes (<TT>--</TT>) appears
+in each column. If a value exceeds its configured threshold, it is
+highlighted in reverse video. If a value is too large to fit into the
+allotted column width, it overflows into the next row in the same
+column.
+<P>For a list of the available File Server statistics, see <A HREF="auagd024.htm#HDRWQ617">Appendix C, The afsmonitor Program Statistics</A>.
+<P>The following graphic depicts the <TT>File Servers</TT> screen that
+follows the System Overview Screen example previously discussed; however,
+one additional server probe has been completed. In this example, the
+File Server process on <B>fs1</B> has exceeded the configured threshold
+for the number of performance calls received (the <B>numPerfCalls</B>
+statistic), and that field appears in reverse video. Host
+<B>fs6</B> did not respond to Probe 10, so dashes appear in all
+fields.
+<P><B><A NAME="Figure_7" HREF="auagd003.htm#FT_Figure_7">Figure 7. The afsmonitor File Servers Screen</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="fserver1.gif" ALT="File Servers Screen"><BR></B><BR>
+</TD></TR></TABLE>
+<P>Both the File Servers and Cache Managers screen (discussed in the following
+section) can display hundreds of columns of data and are therefore designed to
+scroll left and right. In the preceding graphic, the screen displays
+the leftmost screen and the screen title block shows that column 1 of 235 is
+displayed. The appearance of the <TT>>>></TT> symbol in the upper
+right hand corner of the screen and the <B>right</B> command in the
+command block indicate that additional data is available by scrolling
+right. (For information on the available statistics, see <A HREF="auagd024.htm#HDRWQ617">Appendix C, The afsmonitor Program Statistics</A>.)
+<P>If the <B>right</B> command is executed, the screen looks something
+like the following example. Note that the horizontal scroll symbols now
+point both to the left (<TT><<<</TT>) and to the right
+(<TT>>>></TT>) and both the <B>left</B> and <B>right</B> commands
+appear, indicating that additional data is available by scrolling both left
+and right.
+<P><B><A NAME="Figure_8" HREF="auagd003.htm#FT_Figure_8">Figure 8. The afsmonitor File Servers Screen Shifted One Page to the Right</A></B><BR>
+<TABLE BORDER ><TR><TD><BR>
+<B><BR><IMG SRC="fserver2.gif" ALT="File Servers Screen Shifted One Page to the Right"><BR></B><BR>
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_395" HREF="auagd002.htm#ToC_395">The Cache Managers Screen</A></H3>
+<P>The <TT>Cache Managers</TT> screen displays the values collected at
+the most recent probe for Cache Manager statistics.
+<P>A summary line at the top of the screen (just below the standard program
+version and screen title blocks) specifies the number of monitored Cache
+Managers, the number of alerts, and the number of machines affected by the
+alerts.
+<P>The first column always displays the hostnames of the machines running the
+monitored Cache Managers.
+<P>To the right of the hostname column appear as many columns of statistics as
+can fit within the current width of the display screen or window; each
+column requires space for 10 characters. The name of the statistic
+appears at the top of each column. If the Cache Manager on a machine
+did not respond to the most recent probe, a pair of dashes (<TT>--</TT>)
+appears in each column. If a value exceeds its configured threshold, it
+is highlighted in reverse video. If a value is too large to fit into
+the allotted column width, it overflows into the next row in the same
+column.
+<P>For a list of the available Cache Manager statistics, see <A HREF="auagd024.htm#HDRWQ617">Appendix C, The afsmonitor Program Statistics</A>.
+<P>The following graphic depicts a Cache Managers screen that follows the
+System Overview Screen previously discussed. In the example, the Cache
+Manager process on host <B>cli33</B> has exceeded the configured threshold
+for the number of cells it can contact (the <B>numCellsContacted</B>
+statistic), so that field appears in reverse video.
+<P><B><A NAME="Figure_9" HREF="auagd003.htm#FT_Figure_9">Figure 9. The afsmonitor Cache Managers Screen</A></B><BR>
+<TABLE BORDER WIDTH="100%"><TR><TD>
+<B><BR><IMG SRC="cachmgr.gif" ALT="Cache Managers Screen"><BR></B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ351" HREF="auagd002.htm#ToC_396">Configuring the afsmonitor Program</A></H2>
+<A NAME="IDX7202"></A>
+<A NAME="IDX7203"></A>
+<P>To customize the <B>afsmonitor</B> program, create an ASCII-format
+configuration file and use the <B>-config</B> argument to name it.
+You can specify the following in the configuration file:
+<UL>
+<P><LI>The File Servers, Cache Managers, or both to monitor.
+<P><LI>The statistics to display. By default, the display includes 271
+statistics for File Servers and 570 statistics for Cache Managers. For
+information on the available statistics, see <A HREF="auagd024.htm#HDRWQ617">Appendix C, The afsmonitor Program Statistics</A>.
+<P><LI>The threshold values to set for statistics and a script or program to
+execute if a threshold is exceeded. By default, no threshold values are
+defined and no scripts or programs are executed.
+</UL>
+<P>The following list describes the instructions that can appear in the
+configuration file:
+<DL>
+<P><DT><B><TT>cm <VAR>host_name</VAR></TT>
+</B><DD>Names a client machine for which to display Cache Manager
+statistics. The order of <B>cm</B> lines in the file determines the
+order in which client machines appear from top to bottom on the <TT>System
+Overview</TT> and <TT>Cache Managers</TT> output screens.
+<P><DT><B><TT>fs <VAR>host_name</VAR></TT>
+</B><DD>Names a file server machine for which to display File Server
+statistics. The order of <B>fs</B> lines in the file determines the
+order in which file server machines appear from top to bottom on the
+<TT>System Overview</TT> and <TT>File Servers</TT> output screens.
+<P><DT><B><TT>thresh fs | cm <VAR>field_name</VAR> <VAR>thresh_val</VAR>
+[<VAR>cmd_to_run</VAR>] [<VAR>arg</VAR><SUB>1</SUB>] . . .
+[<VAR>arg</VAR><SUB>n</SUB>]</TT>
+</B><DD>Assigns the threshold value <VAR>thresh_val</VAR> to the statistic
+<VAR>field_name</VAR>, for either a File Server statistic (<B>fs</B>) or a
+Cache Manager statistic (<B>cm</B>). The optional
+<VAR>cmd_to_execute</VAR> field names a binary or script to execute each time
+the value of the statistic changes from being below <VAR>thresh_val</VAR> to
+being at or above <VAR>thresh_val</VAR>. A change between two values that
+both exceed <VAR>thresh_val</VAR> does not retrigger the binary or
+script. The optional <VAR>arg</VAR><SUB>1</SUB> through
+<VAR>arg</VAR><SUB>n</SUB> fields are additional values that the
+<B>afsmonitor</B> program passes as arguments to the
+<VAR>cmd_to_execute</VAR> command. If any of them include one or more
+spaces, enclose the entire field in double quotes.
+<P>The parameters <B>fs</B>, <B>cm</B>, <VAR>field_name</VAR>,
+<VAR>threshold_val</VAR>, and <VAR>arg</VAR><SUB>1</SUB> through
+<VAR>arg</VAR><SUB>n</SUB> correspond to the values with the same name on the
+<B>thresh</B> line. The <VAR>host_name</VAR> parameter identifies the
+file server or client machine where the statistic has crossed the threshold,
+and the <VAR>actual_val</VAR> parameter is the actual value of
+<VAR>field_name</VAR> that equals or exceeds the threshold value.
+<P>Use the <B>thresh</B> line to set either a global threshold, which
+applies to all file server machines listed on <B>fs</B> lines or client
+machines listed on <B>cm</B> lines in the configuration file, or a
+machine-specific threshold, which applies to only one file server or client
+machine.
+<UL>
+<P><LI>To set a global threshold, place the <B>thresh</B> line before any of
+the <B>fs</B> or <B>cm</B> lines in the file.
+<P><LI>To set a machine-specific threshold, place the <B>thresh</B> line
+below the corresponding <B>fs</B> or <B>cm</B> line, and above any
+other <B>fs</B> or <B>cm</B> lines. A machine-specific
+threshold value always overrides the corresponding global threshold, if
+set. Do not place a <B>thresh fs</B> line directly after a
+<B>cm</B> line or a <B>thresh cm</B> line directly after a
+<B>fs</B> line.
+</UL>
+<P><DT><B><TT>show fs | cm <VAR>field/group/section</VAR></TT>
+</B><DD>Specifies which individual statistic, group of statistics, or section of
+statistics to display on the <TT>File Servers</TT> screen (<B>fs</B>) or
+<TT>Cache Managers</TT> screen (<B>cm</B>) and the order in which to
+display them. The appendix of <B>afsmonitor</B> statistics in the
+<I>IBM AFS Administration Guide</I> specifies the group and section to
+which each statistic belongs. Include as many <B>show</B> lines as
+necessary to customize the screen display as desired, and place them anywhere
+in the file. The top-to-bottom order of the <B>show</B> lines in
+the configuration file determines the left-to-right order in which the
+statistics appear on the corresponding screen.
+<P>If there are no <B>show</B> lines in the configuration file, then the
+screens display all statistics for both Cache Managers and File
+Servers. Similarly, if there are no <B>show fs</B> lines, the
+<TT>File Servers</TT> screen displays all file server statistics, and if
+there are no <B>show cm</B> lines, the <TT>Cache Managers</TT> screen
+displays all client statistics.
+<P><DT><B># <VAR>comments</VAR>
+</B><DD>Precedes a line of text that the <B>afsmonitor</B> program ignores
+because of the initial number (<B>#</B>) sign, which must appear in the
+very first column of the line.
+</DL>
+<P>For a list of the values that can appear in the
+<VAR>field/group/section</VAR> field of a <B>show</B> instruction, see <A HREF="auagd024.htm#HDRWQ617">Appendix C, The afsmonitor Program Statistics</A>.)
+<P>The following example illustrates a possible configuration file:
+<PRE> thresh cm dlocalAccesses 1000000
+ thresh cm dremoteAccesses 500000 handleDRemote
+ thresh fs rx_maxRtt_Usec 1000
+ cm client5
+ cm client33
+ cm client14
+ thresh cm dlocalAccesses 2000000
+ thresh cm vcacheMisses 10000
+ cm client2
+ fs fs3
+ fs fs9
+ fs fs5
+ fs fs10
+ show cm numCellsContacted
+ show cm dlocalAccesses
+ show cm dremoteAccesses
+ show cm vcacheMisses
+ show cm Auth_Stats_group
+</PRE>
+<P>Since the first three <B>thresh</B> instructions appear before any
+<B>fs</B> or <B>cm</B> instructions, they set global threshold
+values:
+<UL>
+<P><LI>All Cache Manager process in this file use <B>1000000</B> as the
+threshold for the <B>dlocalAccesses</B> statistic (except for the machine
+<B>client2</B> which uses an overriding value of
+<B>2000000</B>.)
+<P><LI>All Cache Manager processes in this file use <B>500000</B> as the
+threshold value for the <B>dremoteAccesses</B> statistic; if that
+value is exceeded, the script <B>handleDRemote</B> is invoked.
+<P><LI>All File Server processes in this file use <B>1000</B> as the
+threshold value for the <B>rx_maxRtt_Usec</B> statistic.
+</UL>
+<P>The four <B>cm</B> instructions monitor the Cache Manager on the
+machines <B>client5</B>, <B>client33</B>, <B>client14</B>, and
+<B>client2</B>. The first three use all of the global threshold
+values.
+<P>The Cache Manager on <B>client2</B> uses the global threshold value for
+the <B>dremoteAccesses</B> statistic, but a different one for the
+<B>dlocalAccesses</B> statistic. Furthermore, <B>client22</B>
+is the only Cache Manager that uses the threshold set for the
+<B>vcacheMisses</B> statistic.
+<P>The <B>fs</B> instructions monitor the File Server on the machines
+<B>fs3</B>, <B>fs9</B>, <B>fs5</B>, and <B>fs10</B>.
+They all use the global threshold for the<B>rx_maxRtt_Usec</B>
+statistic.
+<P>Because there are no <B>show fs</B> instructions, the File Servers
+screen displays all File Server statistics. The Cache Managers screen
+displays only the statistics named in <B>show cm</B> instructions,
+ordering them from left to right. The <B>Auth_Stats_group</B>
+includes several statistics, all of which are displayed (<B>curr_PAGs</B>,
+<B>curr_Records</B>, <B>curr_AuthRecords</B>,
+<B>curr_UnauthRecords</B>, <B>curr_MaxRecordsInPAG</B>,
+<B>curr_LongestChain</B>, <B>PAGCreations</B>,
+<B>TicketUpdates</B>, <B>HWM_PAGS</B>, <B>HWM_Records</B>,
+<B>HWM_MaxRecordsInPAG</B>, and <B>HWM_LongestChain</B>).
+<HR><H2><A NAME="HDRWQ352" HREF="auagd002.htm#ToC_397">Writing afsmonitor Statistics to a File</A></H2>
+<A NAME="IDX7204"></A>
+<P>All of the statistical information collected and displayed by the
+<B>afsmonitor</B> program can be preserved by writing it to an output
+file. You can create an output file by using the <B>-output</B>
+argument when you startup the <B>afsmonitor</B> process. You can
+use the output file to track process performance over long periods of time and
+to apply post-processing techniques to further analyze system trends.
+<P>The <B>afsmonitor</B> program output file is a simple ASCII file that
+records the information reported by the File Server and Cache Manager
+screens. The output file has the following format:
+<PRE> <VAR>time</VAR> <VAR>host_name</VAR> <B>CM</B>|<B>FS</B> <VAR>list_of_measured_values</VAR>
+</PRE>
+<P>and specifies the <I>time</I> at which the
+<I>list_of_measured_values</I> were gathered from the Cache Manager
+(<B>CM</B>) or File Server (<B>FS</B>) process housed on
+<VAR>host_name</VAR>. On those occasion where probes fail, the value
+<TT>-1</TT> is reported instead of the
+<I>list_of_measured_values</I>.
+<P>This file format provides several advantages:
+<UL>
+<P><LI>It can be viewed using a standard editor. If you intend to view
+this file frequently, use the <B>-detailed</B> flag with the
+<B>-output</B> argument. It formats the output file in a way that
+is easier to read.
+<P><LI>It can be passed through filters to extract desired information using the
+standard set of UNIX tools.
+<P><LI>It is suitable for long term storage of the <B>afsmonitor</B> program
+output.
+</UL>
+<A NAME="IDX7205"></A>
+<A NAME="IDX7206"></A>
+<HR><H2><A NAME="Header_398" HREF="auagd002.htm#ToC_398">To start the afsmonitor Program</A></H2>
+<OL TYPE=1>
+<P><LI>Open a separate command shell window or use a dedicated terminal for each
+instance of the <B>afsmonitor</B> program. This window or terminal
+must be devoted to the exclusive use of the <B>afsmonitor</B> process
+because the command cannot be run in the background.
+<P><LI>Initialize the <B>afsmonitor</B> program. The message <TT>
+afsmonitor Collecting Statistics...</TT>, followed by
+the appearance of the System Overview screen, confirms a successful
+start.
+<PRE> % <B>afsmonitor</B> [<B>initcmd</B>] [<B>-config</B> <<VAR>configuration file</VAR>>] \
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>] \
+ [<B>-output</B> <<VAR>storage file name</VAR>>] [<B>-detailed</B>] \
+ [<B>-debug</B> <<VAR>turn debugging output on to the named file</VAR>>] \
+ [<B>-fshosts</B> <<VAR>list of file servers to monitor</VAR>><SUP>+</SUP>] \
+ [<B>-cmhosts</B> <<VAR>list of cache managers to monitor</VAR>><SUP>+</SUP>]
+ afsmonitor Collecting Statistics...
+</PRE>
+<P>where
+<DL>
+<P><DT><B>initcmd
+</B><DD>Is an optional string that accommodates the command's use of the AFS
+command parser. It can be omitted and ignored.
+<P><DT><B>-config
+</B><DD>Specifies the pathname of an <B>afsmonitor</B> configuration file,
+which lists the machines and statistics to monitor. Partial pathnames
+are interpreted relative to the current working directory. Provide
+either this argument or one or both of the <B>-fshosts</B> and
+<B>-cmhosts</B> arguments. You must use a configuration file to set
+thresholds or customize the screen display. For instructions on
+creating the configuration file, see <A HREF="#HDRWQ351">Configuring the afsmonitor Program</A>.
+<P><DT><B>-frequency
+</B><DD>Specifies how often to probe the File Server and Cache Manager processes,
+as a number of seconds. Acceptable values range from <B>1</B> and
+<B>86400</B>; the default value is <B>60</B>. This
+frequency applies to both File Server and Cache Manager probes; however,
+File Server and Cache Manager probes are initiated and processed independent
+of each other. The actual interval between probes to a host is the
+probe frequency plus the time needed by all hosts to respond to the
+probe.
+<P><DT><B>-output
+</B><DD>Specifies the name of an output file to which to write all of the
+statistical data. By default, no output file is created. For
+information on this file, see <A HREF="#HDRWQ352">Writing afsmonitor Statistics to a File</A>.
+<P><DT><B>-detailed
+</B><DD>Formats the output file named by the <B>-output</B> argument to be
+more easily readable. The <B>-output</B> argument must be provided
+along with this flag.
+<P><DT><B>-fshosts
+</B><DD>Identifies each File Server process to monitor by specifying the host it
+is running on. You can identify a host using either its complete
+Internet-style host name or an abbreviation acceptable to the cell's
+naming service. Combine this argument with the <B>-cmhosts</B> if
+you wish, but not the <B>-config</B> argument.
+<P><DT><B>-cmhosts
+</B><DD>Identifies each Cache Manager process to monitor by specifying the host it
+is running on. You can identify a host using either its complete
+Internet-style host name or an abbreviation acceptable to the cell's
+naming service. Combine this argument with the <B>-fshosts</B> if
+you wish, but not the <B>-config</B> argument.
+</DL>
+</OL>
+<HR><H2><A NAME="Header_399" HREF="auagd002.htm#ToC_399">To stop the afsmonitor program</A></H2>
+<A NAME="IDX7207"></A>
+<P>To exit an <B>afsmonitor</B> program session, Enter the
+<<B>Ctrl-c</B>> interrupt signal or an uppercase <B>Q</B>.
+<HR><H2><A NAME="HDRWQ353" HREF="auagd002.htm#ToC_400">The xstat Data Collection Facility</A></H2>
+<A NAME="IDX7208"></A>
+<A NAME="IDX7209"></A>
+<A NAME="IDX7210"></A>
+<A NAME="IDX7211"></A>
+<A NAME="IDX7212"></A>
+<A NAME="IDX7213"></A>
+<A NAME="IDX7214"></A>
+<A NAME="IDX7215"></A>
+<A NAME="IDX7216"></A>
+<A NAME="IDX7217"></A>
+<A NAME="IDX7218"></A>
+<P>The <B>afsmonitor</B> program uses the <B>xstat</B> data collection
+facility to gather and calculate the data that it (the <B>afsmonitor</B>
+program) then uses to perform its function. You can also use the
+<B>xstat</B> facility to create your own data display programs. If
+you do, keep the following in mind. The File Server considers any
+program calling its RPC routines to be a Cache Manager; therefore, any
+program calling the File Server interface directly must export the Cache
+Manager's callback interface. The calling program must be capable
+of emulating the necessary callback state, and it must respond to periodic
+keep-alive messages from the File Server. In addition, a calling
+program must be able to gather the collected data.
+<P>The <B>xstat</B> facility consists of two C language libraries
+available to user-level applications:
+<UL>
+<P><LI><B>/usr/afsws/lib/afs/libxstat_fs.a</B> exports calls that
+gather information from one or more running File Server processes.
+<P><LI><B>/usr/afsws/lib/afs/libxstat_cm.a</B> exports calls that
+collect information from one or more running Cache Managers.
+</UL>
+<P>The libraries allow the caller to register
+<UL>
+<P><LI>A set of File Servers or Cache Managers to be examined.
+<P><LI>The frequency with which the File Servers or Cache Managers are to be
+probed for data.
+<P><LI>A user-specified routine to be called each time data is collected.
+</UL>
+<P>The libraries handle all of the lightweight processes, callback
+interactions, and timing issues associated with the data collection.
+The user needs only to process the data as it arrives.
+<P><H3><A NAME="Header_401" HREF="auagd002.htm#ToC_401">The libxstat Libraries</A></H3>
+<A NAME="IDX7219"></A>
+<A NAME="IDX7220"></A>
+<P>The <B>libxstat_fs.a</B> and <B>libxstat_cm.a</B>
+libraries handle the callback requirements and other complications associated
+with the collection of data from File Servers and Cache Managers. The
+user provides only the means of accumulating the desired data. Each
+<B>xstat</B> library implements three routines:
+<UL>
+<P><LI>Initialization (<B>xstat_fs_Init</B> and <B>xstat_cm_Init</B>)
+arranges the periodic collection and handling of data.
+<P><LI>Immediate probe (<B>xstat_fs_ForceProbeNow</B> and
+<B>xstat_cm_ForceProbeNow</B>) forces the immediate collection of data,
+after which collection returns to its normal probe schedule.
+<P><LI>Cleanup (<B>xstat_fs_Cleanup</B> and <B>xstat_cm_Cleanup</B>)
+terminates all connections and removes all traces of the data collection from
+memory.
+</UL>
+<P>
+<A NAME="IDX7221"></A>
+<A NAME="IDX7222"></A>
+<A NAME="IDX7223"></A>
+<A NAME="IDX7224"></A>
+<A NAME="IDX7225"></A>
+The File Server and Cache Manager each define data collections that clients
+can fetch. A data collection is simply a related set of numbers that
+can be collected as a unit. For example, the File Server and Cache
+Manager each define profiling and performance data collections. The
+profiling collections maintain counts of the number of times internal
+functions are called within servers, allowing bottleneck analysis to be
+performed. The performance collections record, among other things,
+internal disk I/O statistics for a File Server and cache effectiveness figures
+for a Cache Manager, allowing for performance analysis.
+<P>
+<A NAME="IDX7226"></A>
+<A NAME="IDX7227"></A>
+<A NAME="IDX7228"></A>
+For a copy of the detailed specification which provides much additional usage
+information about the <B>xstat</B> facility, its libraries, and the
+routines in the libraries, contact AFS Product Support.
+<P><H3><A NAME="Header_402" HREF="auagd002.htm#ToC_402">Example xstat Commands</A></H3>
+<A NAME="IDX7229"></A>
+<A NAME="IDX7230"></A>
+<A NAME="IDX7231"></A>
+<A NAME="IDX7232"></A>
+<A NAME="IDX7233"></A>
+<P>AFS comes with two low-level, example commands:
+<B>xstat_fs_test</B> and <B>xstat_cm_test</B>. The commands
+allow you to experiment with the <B>xstat</B> facility. They gather
+information and display the available data collections for a File Server or
+Cache Manager. They are intended merely to provide examples of the
+types of data that can be collected via <B>xstat</B>; they are not
+intended for use in the actual collection of data.
+<A NAME="IDX7234"></A>
+<A NAME="IDX7235"></A>
+<A NAME="IDX7236"></A>
+<A NAME="IDX7237"></A>
+<P><H4><A NAME="Header_403">To use the example xstat_fs_test command</A></H4>
+<OL TYPE=1>
+<P><LI>Issue the example <B>xstat_fs_test</B> command to test the routines in
+the <B>libxstat_fs.a</B> library and display the data collections
+associated with the File Server process. The command executes in the
+foreground.
+<PRE> % <B>xstat_fs_test</B> [<B>initcmd</B>] \
+ <B>-fsname</B> <<VAR>File Server name(s) to monitor</VAR>><SUP>+</SUP> \
+ <B>-collID</B> <<VAR>Collection(s) to fetch</VAR>><SUP>+</SUP> [<B>-onceonly</B>] \
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>] \
+ [<B>-period</B> <<VAR>data collection time, in minutes</VAR>>] [<B>-debug</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>xstat_fs_test
+</B><DD>Must be typed in full.
+<P><DT><B>initcmd
+</B><DD>Is an optional string that accommodates the command's use of the AFS
+command parser. It can be omitted and ignored.
+<P><DT><B>-fsname
+</B><DD>Is the Internet host name of each file server machine on which to monitor
+the File Server process.
+<P><DT><B>-collID
+</B><DD>Specifies each data collection to return. The indicated data
+collection defines the type and amount of data the command is to gather about
+the File Server. Data is returned in the form of a predefined data
+structure (refer to the specification documents referenced previously for more
+information about the data structures).
+<P>There are two acceptable values:
+<UL>
+<P><LI><B>1</B> reports various internal performance statistics related to
+the File Server (for example, vnode cache entries and <B>Rx</B> protocol
+activity).
+<P><LI><B>2</B> reports all of the internal performance statistics provided
+by the <B>1</B> setting, plus some additional, detailed performance
+figures about the File Server (for example, minimum, maximum, and cumulative
+statistics regarding File Server RPCs, how long they take to complete, and how
+many succeed).
+</UL>
+<P><DT><B>-onceonly
+</B><DD>Directs the command to gather statistics just one time. Omit this
+option to have the command continue to probe the File Server for statistics
+every 30 seconds. If you omit this option, you can use the
+<<B>Ctrl-c</B>> interrupt signal to halt the command at any
+time.
+<P><DT><B>-frequency
+</B><DD>Sets the frequency in seconds at which the program initiates probes to the
+File Server. If you omit this argument, the default is 30
+seconds.
+<P><DT><B>-period
+</B><DD>Sets how long the utility runs before exiting, as a number of
+minutes. If you omit this argument, the default is 10 minutes.
+<P><DT><B>-debug
+</B><DD>Displays additional information as the command runs.
+</DL>
+</OL>
+<A NAME="IDX7238"></A>
+<A NAME="IDX7239"></A>
+<A NAME="IDX7240"></A>
+<A NAME="IDX7241"></A>
+<P><H4><A NAME="Header_404">To use the example xstat_cm_test command</A></H4>
+<OL TYPE=1>
+<P><LI>Issue the example <B>xstat_cm_test</B> command to test the routines in
+the <B>libxstat_cm.a</B> library and display the data collections
+associated with the Cache Manager. The command executes in the
+foreground.
+<PRE> % <B>xstat_cm_test</B> [<B>initcmd</B>] \
+ <B>-cmname</B> <<VAR>Cache Manager name(s) to monitor</VAR>><SUP>+</SUP> \
+ <B>-collID</B> <<VAR>Collection(s) to fetch</VAR>><SUP>+</SUP> \
+ [<B>-onceonly</B>] [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>] \
+ [<B>-period</B> <<VAR>data collection time, in minutes</VAR>>] [<B>-debug</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>xstat_cm_test
+</B><DD>Must be typed in full.
+<P><DT><B>initcmd
+</B><DD>Is an optional string that accommodates the command's use of the AFS
+command parser. It can be omitted and ignored.
+<P><DT><B>-cmname
+</B><DD>Is the host name of each client machine on which to monitor the Cache
+Manager.
+<P><DT><B>-collID
+</B><DD>Specifies each data collection to return. The indicated data
+collection defines the type and amount of data the command is to gather about
+the Cache Manager. Data is returned in the form of a predefined data
+structure (refer to the specification documents referenced previously for more
+information about the data structures).
+<P>There are two acceptable values:
+<UL>
+<P><LI><B>0</B> provides profiling information about the numbers of times
+different internal Cache Manager routines were called since the Cache manager
+was started.
+<P><LI><B>1</B> reports various internal performance statistics related to
+the Cache manager (for example, statistics about how effectively the cache is
+being used and the quantity of intracell and intercell data access).
+<P><LI><B>2</B> reports all of the internal performance statistics provided
+by the <B>1</B> setting, plus some additional, detailed performance
+figures about the Cache Manager (for example, statistics about the number of
+RPCs sent by the Cache Manager and how long they take to complete; and
+statistics regarding things such as authentication, access, and PAG
+information associated with data access).
+</UL>
+<P><DT><B>-onceonly
+</B><DD>Directs the command to gather statistics just one time. Omit this
+option to have the command continue to probe the Cache Manager for statistics
+every 30 seconds. If you omit this option, you can use the
+<<B>Ctrl-c</B>> interrupt signal to halt the command at any
+time.
+<P><DT><B>-frequency
+</B><DD>Sets the frequency in seconds at which the program initiates probes to the
+Cache Manager. If you omit this argument, the default is 30
+seconds.
+<P><DT><B>-period
+</B><DD>Sets how long the utility runs before exiting, as a number of
+minutes. If you omit this argument, the default is 10 minutes.
+<P><DT><B>-debug
+</B><DD>Displays additional information as the command runs.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ354" HREF="auagd002.htm#ToC_405">Auditing AFS Events on AIX File Servers</A></H2>
+<A NAME="IDX7242"></A>
+<A NAME="IDX7243"></A>
+<A NAME="IDX7244"></A>
+<A NAME="IDX7245"></A>
+<P>You can audit AFS events on AIX File Servers using an AFS mechanism that
+transfers audit information from AFS to the AIX auditing system. The
+following general classes of AFS events can be audited. For a complete
+list of specific AFS audit events, see <A HREF="auagd025.htm#HDRWQ620">Appendix D, AIX Audit Events</A>.
+<UL>
+<P><LI>Authentication and Identification Events
+<P><LI>Security Events
+<P><LI>Privilege Required Events
+<P><LI>Object Creation and Deletion Events
+<P><LI>Attribute Modification Events
+<P><LI>Process Control Events
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This section assumes familiarity with the AIX auditing system. For
+more information, see the <I>AIX System Management Guide</I> for the
+version of AIX you are using.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_406" HREF="auagd002.htm#ToC_406">Configuring AFS Auditing on AIX File Servers</A></H3>
+<P>The directory <B>/usr/afs/local/audit</B> contains three files that
+contain the information needed to configure AIX File Servers to audit AFS
+events:
+<UL>
+<P><LI>The <B>events.sample</B> file contains information on auditable
+AFS events. The contents of this file are integrated into the
+corresponding AIX events file (<B>/etc/security/audit/events</B>).
+<P><LI>The <B>config.sample</B> file defines the six classes of AFS
+audit events and the events that make up each class. It also defines
+the classes of AFS audit events to audit for the File Server, which runs as
+the local superuser <B>root</B>. The contents of this file must be
+integrated into the corresponding AIX config file
+(<B>/etc/security/audit/config</B>).
+<P><LI>The <B>objects.sample</B> file contains a list of information
+about audited files. You must only audit files in the local file
+space. The contents of this file must be integrated into the
+corresponding AIX objects file
+(<B>/etc/security/audit/objects</B>).
+</UL>
+<P>Once you have properly configured these files to include the AFS-relevant
+information, use the AIX auditing system to start up and shut down the
+auditing.
+<P><H3><A NAME="Header_407" HREF="auagd002.htm#ToC_407">To enable AFS auditing</A></H3>
+<OL TYPE=1>
+<P><LI>Create the following string in the file <B>/usr/afs/local/Audit</B> on
+each File Server on which you plan to audit AFS events:
+<PRE> <B>AFS_AUDIT_AllEvents</B>
+</PRE>
+<P><LI>Issue the <B>bos restart</B> command (with the <B>-all</B> flag)
+to stop and restart all server processes on each File Server. For
+instructions on using this command, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+</OL>
+<P><H3><A NAME="Header_408" HREF="auagd002.htm#ToC_408">To disable AFS auditing</A></H3>
+<OL TYPE=1>
+<P><LI>Remove the contents of the file <B>/usr/afs/local/Audit</B> on each
+File Server for which you are no longer interested in auditing AFS
+events.
+<P><LI>Issue the <B>bos restart</B> command (with the <B>-all</B> flag)
+to stop and restart all server processes on each File Server. For
+instructions on using this command, see <A HREF="auagd009.htm#HDRWQ170">Stopping and Immediately Restarting Processes</A>.
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd012.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd014.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd013.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd015.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ355" HREF="auagd002.htm#ToC_409">Managing Server Encryption Keys</A></H1>
+<P>This chapter explains how to maintain your cell's
+server encryption keys, which are vital for secure communications in
+AFS.
+<HR><H2><A NAME="HDRWQ356" HREF="auagd002.htm#ToC_410">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Add a new server encryption key
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos addkey</B> and <B>kas setpassword</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Inspect key checksums in the Authentication Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>kas examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Inspect key checksums in the <B>KeyFile</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos listkeys</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove an old server encryption key
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos removekey</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ358" HREF="auagd002.htm#ToC_411">About Server Encryption Keys</A></H2>
+<A NAME="IDX7246"></A>
+<A NAME="IDX7247"></A>
+<P>An <I>encryption key</I> is a string of octal numbers used to encrypt
+and decrypt packets of information. In AFS, a <I>server encryption
+key</I> is the key used to protect information being transferred between AFS
+server processes and between them and their clients. A server
+encryption key is essentially a password for a server process and like a user
+password is stored in the Authentication Database.
+<P>Maintaining your cell's server encryption keys properly is the most
+basic way to protect the information in your AFS filespace from access by
+unauthorized users.
+<P><H3><A NAME="Header_412" HREF="auagd002.htm#ToC_412">Keys and Mutual Authentication: A Review</A></H3>
+<A NAME="IDX7248"></A>
+<A NAME="IDX7249"></A>
+<A NAME="IDX7250"></A>
+<A NAME="IDX7251"></A>
+<A NAME="IDX7252"></A>
+<A NAME="IDX7253"></A>
+<P>Server encryption keys play a central role in the mutual authentication
+between client and server processes in AFS. For a more detailed
+description of mutual authentication, see <A HREF="auagd007.htm#HDRWQ75">A More Detailed Look at Mutual Authentication</A>.
+<P>When a client wants to contact an AFS server, it first contacts the
+<I>Ticket Granting Service</I> (TGS) module of the Authentication
+Server. After verifying the client's identity (based indirectly on
+the password of the human user whom the client represents), the TGS gives the
+client a <I>server ticket</I>. This ticket is encrypted with the
+server's encryption key. (The TGS also invents a second encryption
+key, called the <I>session key</I>, to be used only for a single episode
+of communication between server and client. The server ticket and
+session key, together with other pieces of information, are collectively
+referred to as a <I>token</I>.)
+<P>The client cannot read the server ticket or token because it does not know
+the server encryption key. However, the client sends it to the AFS
+server along with service requests, because the ticket proves to the AFS
+server processes that it has already authenticated with the TGS. AFS
+servers trust the TGS to grant tickets only to valid clients. The fact
+that the client possesses a ticket encrypted with the server's encryption
+key proves to the server that the client is valid. On the other hand,
+the client assumes that only a genuine AFS server knows the server encryption
+key needed to decrypt the ticket. The server's ability to decrypt
+the ticket and understand its contents proves to the client that the server is
+legitimate.
+<P><H3><A NAME="Header_413" HREF="auagd002.htm#ToC_413">Maintaining AFS Server Encryption Keys</A></H3>
+<P>As you maintain your cell's server encryption keys, keep the
+following in mind.
+<UL>
+<P><LI>Change the key frequently to enhance your cell's security.
+Changing the key at least once a month is strongly recommended.
+<A NAME="IDX7254"></A>
+<P><LI>The AFS server encryption key currently in use is stored in two
+places. When you add a new key, you must make changes in both places
+and make them in the correct order, as instructed in <A HREF="#HDRWQ362">Adding Server Encryption Keys</A>. Failure to follow the instructions can seriously
+impair cell functioning, as clients and servers become unable to
+communicate. The two storage sites for the current server encryption
+key are the following:
+<OL TYPE=1>
+<P><LI>The file <B>/usr/afs/etc/KeyFile</B> on the local disk of every file
+server machine. The file can list more than one key, each with an
+associated numerical identifier, the <I>key version number</I> or
+<I>kvno</I>. A client token records the key version number of the
+key used to seal it, and the server process retrieves the appropriate key from
+this file when the client presents the token.
+<A NAME="IDX7255"></A>
+<A NAME="IDX7256"></A>
+<A NAME="IDX7257"></A>
+<A NAME="IDX7258"></A>
+<A NAME="IDX7259"></A>
+<P><LI>The <B>afs</B> entry in the Authentication Database. The
+current server encryption key is in the entry's password field, just like
+an individual user's scrambled password. The Authentication
+Server's Ticket Granting Service (TGS) uses this key to encrypt the
+tokens it gives to clients. There is only a single key in the entry,
+because the TGS never needs to read existing tokens, but only to generate new
+ones by using the current key.
+<A NAME="IDX7260"></A>
+<A NAME="IDX7261"></A>
+<A NAME="IDX7262"></A>
+</OL>
+<P>For instructions on creating the initial <B>afs</B> entry and
+<B>KeyFile</B> files as you install your cell's first server machine,
+see the <I>IBM AFS Quick Beginnings</I>.
+<P><LI>At any specific time, the tokens that the Authentication Server's
+Ticket Granting Service gives to clients are sealed with only one of the
+server encryption keys, namely the one stored in the <B>afs</B> entry in
+the Authentication Database.
+<P><LI>When you add a new server encryption key, you cannot immediately remove
+the former key from the <B>/usr/afs/etc/KeyFile</B> file on the local disk
+of every AFS server machine. Any time that you add a new key, it is
+likely that some clients still have valid, unexpired tokens sealed with the
+previous key. The more frequently you change the server encryption key,
+the more such tickets there are likely to be. To be able to grant
+service appropriately to clients with such tokens, an AFS server process must
+still be able to access the server encryption key used to seal it.
+<P>You can safely delete an old server encryption key only when it is certain
+that no clients have tokens sealed with that key. In general, wait a
+period of time at least as long as the maximum token lifetime in your
+cell. By default, the maximum token lifetime for users is 25 hours
+(except for users whose Authentication Database entries were created by using
+the 3.0 version of AFS, for whom the default is 100 hours). You
+can use the <B>-lifetime</B> argument to the <B>kas setfields</B>
+command to change this default.
+<P>Instructions for removing obsolete keys appear in <A HREF="#HDRWQ368">Removing Server Encryption Keys</A>.
+<P><LI>You create a new AFS server encryption key in much the same way regular
+users change their passwords, by providing a character string that is
+converted into an encryption key automatically. See <A HREF="#HDRWQ362">Adding Server Encryption Keys</A>.
+<A NAME="IDX7263"></A>
+<P><LI>In addition to using server encryption keys when communicating with
+clients, the server processes use them to protect communications with other
+server processes. Therefore, all server machines in your cell must have
+the same version of the <B>KeyFile</B> file. The easiest way to
+maintain consistency (if you run the United States edition of AFS) is to use
+the Update Server to distribute the contents of the system control
+machine's <B>/usr/afs/etc</B> directory to all of the other server
+machines. There are two implications:
+<UL>
+<P><LI>You must run the <B>upserver</B> process on the system control machine
+and an <B>upclientetc</B> process on all other server machines that
+references the system control machine. The <I>IBM AFS Quick
+Beginnings</I> explains how to install both processes. For
+instructions on verifying that the Update Server processes are running, see <A HREF="auagd009.htm#HDRWQ158">Displaying Process Status and Information from the BosConfig File</A>.
+<A NAME="IDX7264"></A>
+<P><LI>Change the <B>KeyFile</B> file only on the system control machine
+(except in the types of emergencies discussed in <A HREF="#HDRWQ370">Handling Server Encryption Key Emergencies</A>). Any changes you make on other server machines are
+overwritten the next time the <B>upclientetc</B> process retrieves the
+contents of the system control machine's <B>/usr/afs/etc</B>
+directory. By default, this happens every five minutes.
+<A NAME="IDX7265"></A>
+</UL>
+<P>If you run the international edition of AFS, do not use the Update Server
+to distribute the contents of the <B>/usr/afs/etc</B> directory,
+particularly the <B>KeyFile</B> file. The data in the file is too
+sensitive for transfer in unencrypted form, and because of United States
+government exports regulations the international edition of AFS does not
+include the necessary encryption routines in a form that the Update Server can
+use. You must instead modify the file on each server machine
+individually, taking care to enter the same key on every server
+machine.
+<P><LI>Never edit the <B>KeyFile</B> directly with a text editor.
+Instead, always use the appropriate <B>bos</B> commands as instructed in <A HREF="#HDRWQ362">Adding Server Encryption Keys</A> and <A HREF="#HDRWQ368">Removing Server Encryption Keys</A>.
+</UL>
+<HR><H2><A NAME="HDRWQ359" HREF="auagd002.htm#ToC_414">Displaying Server Encryption Keys</A></H2>
+<P>To display the server encryption keys in the
+<B>/usr/afs/etc/KeyFile</B> file on any file server machine, use the
+<B>bos listkeys</B> command. Use the <B>kas examine</B> command
+to display the key in the Authentication Database's <B>afs</B>
+entry.
+<P>By default the commands do not display the actual string of octal digits
+that constitute a key, but rather a <I>checksum</I>, a decimal number
+derived by encrypting a constant with the key. This prevents
+unauthorized users from easily accessing the actual key, which they can then
+use to falsify or eavesdrop on protected communications.
+<A NAME="IDX7266"></A>
+<A NAME="IDX7267"></A>
+The <B>bos listkeys</B> and <B>kas examine</B> commands generate the
+same checksum for a given key, so displaying checksums rather than actual keys
+is generally sufficient. If you suspect that the keys differ in a way
+that the checksums are not revealing, then you are probably experiencing
+authentication problems throughout your cell. The easiest solution is
+to create a new server encryption key following the instructions in <A HREF="#HDRWQ362">Adding Server Encryption Keys</A> or <A HREF="#HDRWQ370">Handling Server Encryption Key Emergencies</A>. Another common reason to issue the
+<B>bos listkeys</B> command is to display the key version numbers
+currently in use, in preparation for choosing the next one; here, the
+checksum is sufficient because the key itself is irrelevant.
+<P>If it is important to display the actual octal digits, include the
+<B>-showkey</B> argument to both the <B>bos listkeys</B> and <B>kas
+examine</B> commands.
+<A NAME="IDX7268"></A>
+<A NAME="IDX7269"></A>
+<A NAME="IDX7270"></A>
+<A NAME="IDX7271"></A>
+<A NAME="IDX7272"></A>
+<A NAME="IDX7273"></A>
+<P><H3><A NAME="HDRWQ360" HREF="auagd002.htm#ToC_415">To display the KeyFile file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos listkeys</B> command to display the contents of one
+machine's <B>/usr/afs/etc/KeyFile</B> file.
+<PRE> % <B>bos listkeys</B> <<VAR>machine name</VAR>> [<B>-showkey</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listk
+</B><DD>Is the shortest acceptable abbreviation of <B>listkeys</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names a file server machine. In the normal case, it is acceptable
+to name any machine, because correct cell functioning requires that the
+<B>KeyFile</B> file be the same on all of them.
+<P><DT><B><B>-showkey</B>
+</B><DD>Displays the octal digits that constitute each key.
+</DL>
+</OL>
+<P>In the following example, the output displays a checksum for each server
+encryption key rather than the actual octal digits. The penultimate
+line indicates when an administrator last changed the file, and the final line
+confirms that the output is complete.
+<PRE> % <B>bos listkeys fs1.abc.com</B>
+ key 0 has cksum 972037177
+ key 1 has cksum 2825165022
+ Keys last changed on Wed Jan 13 11:20:29 1999.
+ All done.
+</PRE>
+<A NAME="IDX7274"></A>
+<A NAME="IDX7275"></A>
+<A NAME="IDX7276"></A>
+<A NAME="IDX7277"></A>
+<A NAME="IDX7278"></A>
+<A NAME="IDX7279"></A>
+<P><H3><A NAME="HDRWQ361" HREF="auagd002.htm#ToC_416">To display the afs key from the Authentication Database</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas examine</B> command to display the <B>afs</B>
+entry in the Authentication Database.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas examine afs</B> [<B>-showkey</B>] \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>e</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B>.
+<P><DT><B>afs
+</B><DD>Designates the <B>afs</B> entry.
+<P><DT><B><B>-showkey</B>
+</B><DD>Displays the octal digits that constitute the key.
+<P><DT><B>-admin
+</B><DD>Names an administrative account with the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+</DL>
+</OL>
+<P>In the following example, the <B>admin</B> user displays the
+<B>afs</B> entry without using the <B>-showkey</B> flag. The
+second line shows the key version number in parentheses and the key's
+checksum. The line that begins with the string <TT>last mod</TT>
+reports the date on which the indicated administrator changed the key.
+There is no necessary relationship between this date and the date reported by
+the <B>bos listkeys</B> command, because the latter date changes for any
+type of change to the <B>KeyFile</B> file, not just a key addition.
+For a description of the other lines in the output from the <B>kas
+examine</B> command, see its reference page in the <I>IBM AFS
+Administration Reference</I>.
+<PRE> % <B>kas examine afs -admin admin</B>
+ Administrator's (admin) password: <VAR>admin_password</VAR>
+ User data for afs
+ key (1) cksum is 2825165022, last cpw: no date
+ password will never expire.
+ An unlimited number of unsuccessful authentications is permitted.
+ entry expires on never. Max ticket lifetime 100.00 hours.
+ last mod on Wed Jan 13 11:21:36 1999 by admin
+ permit password reuse
+</PRE>
+<HR><H2><A NAME="HDRWQ362" HREF="auagd002.htm#ToC_417">Adding Server Encryption Keys</A></H2>
+<A NAME="IDX7280"></A>
+<A NAME="IDX7281"></A>
+<A NAME="IDX7282"></A>
+<A NAME="IDX7283"></A>
+<A NAME="IDX7284"></A>
+<A NAME="IDX7285"></A>
+<A NAME="IDX7286"></A>
+<A NAME="IDX7287"></A>
+<A NAME="IDX7288"></A>
+<P>As noted, AFS records server encryption keys in two separate places:
+<OL TYPE=1>
+<P><LI>In the file <B>/usr/afs/etc/KeyFile</B> on the local disk of each
+server machine, for use by the AFS server processes running on the machine
+<P><LI>In the <B>afs</B> entry in the Authentication Database, for use by the
+Ticket Granting Service (TGS) when creating tokens
+</OL>
+<P>To ensure that server processes and the TGS share the same AFS server
+encryption key, execute all the steps in this section without
+interruption.
+<P>The following instructions include a step in which you restart the database
+server processes (the Authentication, Backup, Protection, and Volume Location
+Server processes) on all database server machines. As a database server
+process starts, it reads in the server encryption key that has the highest key
+version number in the <B>KeyFile</B> file and uses it to protect the
+messages that it sends for synchronizing the database and maintaining
+quorum. It uses the same key throughout its lifetime, which can be for
+an extended period, even if you remove the key from the <B>KeyFile</B>
+file. However, if one of the peer database server processes restarts
+and the others do not, quorum and database synchronization break down because
+the processes are no longer using the same key: the restarted process is
+using the key that currently has the highest key version number, and the other
+processes are still using the key they read in when they originally
+started. To avoid this problem, it is safest to restart all of the
+database server processes when adding a new key.
+<P>After adding a new key, you can remove obsolete keys from the
+<B>KeyFile</B> file to prevent it from becoming cluttered. However,
+you must take care not to remove keys that client or server processes are
+still using. For discussion and instructions, see <A HREF="#HDRWQ368">Removing Server Encryption Keys</A>.
+<P><H3><A NAME="HDRWQ363" HREF="auagd002.htm#ToC_418">To add a new server encryption key</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI><A NAME="LIWQ364"></A>Issue the <B>bos listkeys</B> command to display the key
+version numbers that are already in use, as a first step in choosing the key
+version number for the new key.
+<PRE> % <B>bos listkeys</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listk
+</B><DD>Is the shortest acceptable abbreviation of <B>listkeys</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names any file server machine.
+</DL>
+<P><LI><A NAME="LIWQ365"></A>Choose a key version number for the new key, based on the
+output from Step <A HREF="#LIWQ364">2</A> and the following requirements:
+<UL>
+<P><LI>A key version number must be an integer between 0 (zero) and 255 to comply
+with Kerberos standards. It is simplest if you keep your key version
+numbers in sequence by choosing a key version number one greater than the
+largest existing one.
+<P><LI>Do not reuse a key version number currently found in the
+<B>KeyFile</B> file, particularly if it is also the one in the
+Authentication Database <B>afs</B> entry. Client processes possibly
+still have tickets sealed with the key that originally had that key version
+number, but the server processes start using the new key marked with that key
+version number. Because the keys do not match, the server processes
+refuse requests from clients who hold legitimate tokens.
+</UL>
+<A NAME="IDX7289"></A>
+<A NAME="IDX7290"></A>
+<P><LI><A NAME="LIWQ366"></A>Issue the <B>bos addkey</B> command to create a new AFS
+server encryption key in the <B>KeyFile</B> file.
+<P>If you run the United States edition of AFS and use the Update Server to
+distribute the contents of the system control machine's
+<B>/usr/afs/etc</B> directory, substitute the system control machine for
+the <VAR>machine name</VAR> argument. (If you have forgotten which
+machine is the system control machine, see <A HREF="auagd008.htm#HDRWQ96">To locate the system control machine</A>.)
+<P>If you run the international edition of AFS or do not use the Update
+Server, repeat the <B>bos addkey</B> command, substituting each server
+machine in your cell for the <VAR>machine name</VAR> argument in turn.
+<P>To avoid visible echoing of the string that corresponds to the new key,
+omit the <B>-key</B> argument from the command line; instead enter
+the string at the prompts that appear when you omit it, as shown in the
+following syntax specification.
+<PRE> % <B>bos addkey -server</B> <<VAR>machine name</VAR>> <B>-kvno</B> <<VAR>key version number</VAR>>
+ input key: <VAR>afs_password</VAR>
+ Retype input key: <VAR>afs_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>addk</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>addkey</B>.
+<P><DT><B>-server
+</B><DD>Names the cell's system control machine if you are using the Update
+Server, or each server machine in turn if you are not.
+<P><DT><B>-kvno
+</B><DD>Specifies the new key's key version number as an integer from the
+range 0 (zero) through 255.
+<P>Remember the number. You need to use it again in Step <A HREF="#LIWQ367">6</A>. If you are using the international edition of AFS,
+be sure to type the same number each time you issue this command.
+<P><DT><B><VAR>afs_password</VAR>
+</B><DD>Is a character string similar to a user password, of any length from one
+to about 1,000 characters. To improve security, include nonalphabetic
+characters and make the string as long as is practical (you need to type it
+only in this step and in Step <A HREF="#LIWQ367">6</A>). If you are using the international edition of AFS,
+be sure to type the same string each time you issue this command.
+<P>Do not enter an octal string directly. The BOS Server scrambles the
+character string into an octal string appropriate for use as an encryption key
+before recording it in the <B>KeyFile</B> file.
+</DL>
+<P><LI>If you are using the Update Server, wait for a few minutes while the
+Update Server distributes the new <B>KeyFile</B> file to all server
+machines. The maximum necessary waiting period is the largest value
+provided for the <B>-t</B> argument to the <B>upclientetc</B>
+process's initialization command used on any of the server machines;
+the default time is five minutes.
+<P>To be certain that all machines have the same <B>KeyFile</B> file,
+issue the <B>bos listkeys</B> command for every file server machine and
+verify that the checksum for the new key is the same on all machines.
+<PRE> % <B>bos listkeys</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>If you are not using the Update Server, try to complete Step <A HREF="#LIWQ366">4</A> within five minutes.
+<A NAME="IDX7291"></A>
+<A NAME="IDX7292"></A>
+<P><LI><A NAME="LIWQ367"></A>Issue the <B>kas setpassword</B> command to enter the same
+key in the <B>afs</B> entry in the Authentication Database.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas setpassword -name afs -kvno</B> <<VAR>kvno</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+ new_password: <VAR>afs_password</VAR>
+ Verifying, please re-enter new_password: <VAR>afs_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>sp</B>
+</B><DD>Is an acceptable alias for <B>setpassword</B> (<B>setp</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-name afs
+</B><DD>Creates the new key in the <B>afs</B> entry.
+<P><DT><B>-kvno
+</B><DD>Specifies the same key version number as in Step <A HREF="#LIWQ366">4</A>.
+<P><DT><B>-admin
+</B><DD>Names an administrative account with the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+<P><DT><B><VAR>afs_password</VAR>
+</B><DD>Is the same character string you entered in Step <A HREF="#LIWQ366">4</A>.
+</DL>
+<P><LI><B>(Optional.)</B> If you want to verify that the keys you just
+created in the <B>KeyFile</B> file and the Authentication Database
+<B>afs</B> entry are identical and have the same key version number,
+follow the instructions in <A HREF="#HDRWQ359">Displaying Server Encryption Keys</A>.
+<P><LI>Issue the <B>bos restart</B> command to restart the database server
+processes on all database server machines. This forces them to start
+using the key in the <B>KeyFile</B> file that currently has the highest
+key version number.
+<P>Repeat this command in quick succession for each database server machine,
+starting with the machine that has the lowest IP address.
+<PRE> % <B>bos restart</B> <<VAR>machine name</VAR>> <B>buserver kaserver ptserver vlserver</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>res</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>restart</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names each database server machine in turn.
+<P><DT><B>buserver kaserver ptserver vlserver
+</B><DD>Designates the Backup Server, Authentication Server, Protection Server,
+and Volume Location (VL) Server, respectively.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ368" HREF="auagd002.htm#ToC_419">Removing Server Encryption Keys</A></H2>
+<A NAME="IDX7293"></A>
+<A NAME="IDX7294"></A>
+<A NAME="IDX7295"></A>
+<P>You can periodically remove old keys from the
+<B>/usr/afs/etc/KeyFile</B> file to keep it to a reasonable size.
+To avoid disturbing cell functioning, do not remove an old key until all
+tokens sealed with the key and held by users or client processes have
+expired. After adding a new key, wait to remove old keys at least as
+long as the longest token lifetime you use in your cell. For
+Authentication Database user entries created under AFS version 3.1 or
+higher, the default token lifetime is 25 hours; for entries created under
+AFS version 3.0, it is 100 hours.
+<P>There is no command for removing the key from the <B>afs</B> entry in
+the Authentication Database, because the key field in that entry must never be
+empty. Use the <B>kas setpassword</B> command to replace the
+<B>afs</B> key, but only as part of the complete procedure detailed in <A HREF="#HDRWQ363">To add a new server encryption key</A>.
+<P>Never remove from the <B>KeyFile</B> file the key that is currently in
+the <B>afs</B> entry in the Authentication Database. AFS server
+processes become unable to decrypt the tickets that clients present to
+them.
+<P><H3><A NAME="HDRWQ369" HREF="auagd002.htm#ToC_420">To remove a key from the KeyFile file</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you are authenticated as a user listed in the
+<B>/usr/afs/etc/UserList</B> file. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos listkeys</B> command to display the key version
+number of each key you want to remove. The output also reveals whether
+it has been at least 25 hours since a new key was placed in the
+<B>KeyFile</B> file. For complete instructions for the <B>bos
+listkeys</B> command, see <A HREF="#HDRWQ360">To display the KeyFile file</A>.
+<PRE> % <B>bos listkeys</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>kas examine</B> command to verify that the key currently
+in the Authentication Database's <B>afs</B> entry does not have the
+same key version number as any of the keys you are removing from the
+<B>KeyFile</B> file. For detailed instructions for the <B>kas
+examine</B> command, see <A HREF="#HDRWQ361">To display the afs key from the Authentication Database</A>.
+<PRE> % <B>kas examine afs -admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<A NAME="IDX7296"></A>
+<A NAME="IDX7297"></A>
+<P><LI>Issue the <B>bos removekey</B> command to remove one or more server
+encryption keys from the <B>KeyFile</B> file.
+<P>If you run the United States edition of AFS and use the Update Server to
+distribute the contents of the system control machine's
+<B>/usr/afs/etc</B> directory, substitute the system control machine for
+the <VAR>machine name</VAR> argument. (If you have forgotten which
+machine is the system control machine, see <A HREF="auagd008.htm#HDRWQ96">To locate the system control machine</A>.)
+<P>If you run the international edition of AFS or do not use the Update
+Server, repeat the <B>bos removekey</B> command, substituting each server
+machine in your cell for the <VAR>machine name</VAR> argument in turn.
+<PRE> % <B>bos removekey</B> <<VAR>machine name</VAR>> <<VAR>key version number</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>removek</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>removekey</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the cell's system control machine if you are using the Update
+Server, or each server machine in turn if you are not.
+<P><DT><B><VAR>key version number</VAR>
+</B><DD>Specifies the key version number of each key to remove.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ370" HREF="auagd002.htm#ToC_421">Handling Server Encryption Key Emergencies</A></H2>
+<A NAME="IDX7298"></A>
+<A NAME="IDX7299"></A>
+<A NAME="IDX7300"></A>
+<A NAME="IDX7301"></A>
+<A NAME="IDX7302"></A>
+<P>In rare circumstances, the AFS server processes can become unable to
+decrypt the server tickets that clients or peer server processes are
+presenting. Activity in your cell can come to a halt, because the
+server processes believe that the tickets are forged or expired, and refuse to
+execute any actions. This can happen on one machine or several;
+the effect is more serious when more machines are involved.
+<P>One common cause of server encryption key problems is that the
+client's ticket is encrypted with a key that the server process does not
+know. Usually this means that the <B>/usr/afs/etc/KeyFile</B> on
+the server machine does not include the key in the <B>afs</B>
+Authentication Database entry, which the Authentication Server's Ticket
+Granting Service (TGS) module is using to encrypt server tickets.
+<P>Another possibility is that the <B>KeyFile</B> files on different
+machines do not contain the same keys. In this case, communications
+among server processes themselves become impossible. For instance,
+AFS's replicated database mechanism (Ubik) breaks down if the instances
+of a database server process on the different database server machines are not
+using the same key.
+<P>The appearance of the following error message when you direct a
+<B>bos</B> command to a file server machine in the local cell is one
+possible symptom of server encryption key mismatch. (Note, however,
+that you can also get this message if you forget to include the
+<B>-cell</B> argument when directing the <B>bos</B> command to a file
+server machine in a foreign cell.)
+<PRE> bos: failed to contact host's bosserver (security object was passed a bad ticket).
+</PRE>
+<P>The solution to server encryption key emergencies is to put a new AFS
+server encryption key in both the Authentication Database and the
+<B>KeyFile</B> file on every server machine, so that the TGS and all
+server processes again share the same key.
+<P>Handling key emergencies requires some unusual actions. The reasons
+for these actions are explained in the following sections; the actual
+procedures appear in the subsequent instructions.
+<P><H3><A NAME="HDRWQ371" HREF="auagd002.htm#ToC_422">Prevent Mutual Authentication</A></H3>
+<P>It is necessary to prevent the server processes from trying
+to mutually authenticate with you as you deal with a key emergency, because
+they possibly cannot decrypt your token. When you do not mutually
+authenticate, the server processes assign you the identity
+<B>anonymous</B>. To prevent mutual authentication, use the
+<B>unlog</B> command to discard your tokens and include the
+<B>-noauth</B> flag on every command where it is available.
+<P><H3><A NAME="Header_423" HREF="auagd002.htm#ToC_423">Disable Authorization Checking by Hand</A></H3>
+<P>Because the server processes recognize you as the user
+<B>anonymous</B> when you do not mutually authenticate, you must turn off
+authorization checking. Only with authorization checking disabled do
+the server processes allow the <B>anonymous</B> user to perform privileged
+actions such as key creation.
+<P>In an emergency, disable authorization checking by creating the file
+<B>/usr/afs/local/NoAuth</B> by hand. In normal circumstances, use
+the <B>bos setauth</B> command instead.
+<P><H3><A NAME="Header_424" HREF="auagd002.htm#ToC_424">Work Quickly on Each Machine</A></H3>
+<P>Disabling authorization checking is a serious security exposure,
+because server processes on the affected machine perform any action for
+anyone. Disable authorization checking only for as long as necessary,
+completing all steps in an uninterrupted session and as quickly as
+possible.
+<P><H3><A NAME="Header_425" HREF="auagd002.htm#ToC_425">Work at the Console</A></H3>
+<P>Working at the console of each server machine on which you disable
+authorization checking ensures that no one else logs onto the console while
+you are working there. It does not prevent others from connecting to
+the machine remotely (using the <B>telnet</B> program, for example), which
+is why it is important to work quickly. The only way to ensure complete
+security is to disable network traffic, which is not a viable option in many
+environments. You can improve security in general by limiting the
+number of people who can connect remotely to your server machines at any time,
+as recommended in <A HREF="auagd007.htm#HDRWQ74">Improving Security in Your Cell</A>.
+<P><H3><A NAME="HDRWQ372" HREF="auagd002.htm#ToC_426">Change Individual KeyFile Files</A></H3>
+<P>If you use the Update Server to distribute the contents of
+the <B>/usr/afs/etc</B> directory, an emergency is the only time when it
+is appropriate to change the <B>KeyFile</B> file on individual machines
+instead. Updating each machine's file is necessary because
+mismatched keys can prevent the system control machine's
+<B>upserver</B> process from mutually authenticating with
+<B>upclientetc</B> processes on other server machines, in which case the
+<B>upserver</B> process refuses to distribute its <B>KeyFile</B> file
+to them.
+<P>Even if it appears that the Update Server is working correctly, the only
+way to verify that is to change the key on the system control machine and wait
+the standard delay period to see if the <B>upclientetc</B> processes
+retrieve the key. During an emergency, it does not usually make sense
+to wait the standard delay period. It is more efficient simply to
+update the file on each server machine separately. Also, even if the
+Update Server can distribute the file correctly, other processes can have
+trouble because of mismatched keys. The following instructions add the
+new key file on the system control machine first. If the Update Server
+is working, then it is distributing the same change as you are making on each
+server machine individually.
+<P>If your cell does not use the Update Server, or uses the international
+edition of AFS, you always change keys on server machines individually.
+The following instructions are also appropriate for you.
+<P><H3><A NAME="Header_427" HREF="auagd002.htm#ToC_427">Two Component Procedures</A></H3>
+<P>There are two subprocedures used frequently in the following
+instructions: disabling authorization checking and reenabling it.
+For the sake of clarity, the procedures are detailed here; the
+instructions refer to them as necessary.
+<P><H4><A NAME="HDRWQ373">Disabling Authorization Checking in an Emergency</A></H4>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<A NAME="IDX7303"></A>
+<P><LI><A NAME="LIWQ374"></A>Create the file <B>/usr/afs/local/NoAuth</B> to disable
+authorization checking.
+<PRE> # <B>touch /usr/afs/local/NoAuth</B>
+</PRE>
+<A NAME="IDX7304"></A>
+<P><LI>Discard your tokens, in case they were sealed with an incompatible key,
+which can prevent some commands from executing.
+<PRE> # <B>unlog</B>
+</PRE>
+</OL>
+<P><H4><A NAME="HDRWQ375">Reenabling Authorization Checking in an Emergency</A></H4>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Remove the <B>/usr/afs/local/NoAuth</B> file.
+<PRE> # <B>rm /usr/afs/local/NoAuth</B>
+</PRE>
+<A NAME="IDX7305"></A>
+<P><LI>Authenticate as an administrative identity that belongs to the
+<B>system:administrators</B> group and is listed in the
+<B>/usr/afs/etc/UserList</B> file.
+<PRE> # <B>klog</B> <<VAR>admin_user</VAR>>
+ Password: <<VAR>admin_password</VAR>>
+</PRE>
+<P><LI>If appropriate, log out from the console (or close the remote connection
+you are using), after issuing the <B>unlog</B> command to destroy your
+tokens.
+</OL>
+<P><H3><A NAME="Header_430" HREF="auagd002.htm#ToC_430">To create a new server encryption key in emergencies</A></H3>
+<OL TYPE=1>
+<P><LI><A NAME="LIWQ376"></A><B>On the system control machine</B>, disable authorization
+checking as instructed in <A HREF="#HDRWQ373">Disabling Authorization Checking in an Emergency</A>.
+<P><LI><A NAME="LIWQ377"></A>Issue the <B>bos listkeys</B> command to display the key
+version numbers already in use in the <B>KeyFile</B> file, as a first step
+in choosing the new key's key version number.
+<PRE> #<B> bos listkeys</B> <<VAR>machine name</VAR>> <B>-noauth</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>listk</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>listkeys</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Specifies a file server machine.
+<P><DT><B><B>-noauth</B>
+</B><DD>Bypasses mutual authentication with the BOS Server. Include it in
+case the key emergency is preventing successful mutual authentication.
+</DL>
+<P><LI><A NAME="LIWQ378"></A>Choose a key version number for the new key, based on what you
+learned in Step <A HREF="#LIWQ377">2</A> plus the following requirements:
+<UL>
+<P><LI>It is best to keep your key version numbers in sequence by choosing a key
+version number one greater than the largest existing one.
+<P><LI>Key version numbers must be integers between 0 and 255 to comply with
+Kerberos standards.
+<P><LI>Do not reuse a key version number currently listed in the
+<B>KeyFile</B> file.
+</UL>
+<A NAME="IDX7306"></A>
+<P><LI><A NAME="LIWQ379"></A><B>On the system control machine</B>, issue the <B>bos
+addkey</B> command to create a new AFS server encryption key in the
+<B>KeyFile</B> file.
+<PRE> # <B>bos addkey</B> <<VAR>machine name</VAR>> <B>-kvno</B> <<VAR>key version number</VAR>> <B>-noauth</B>
+ input key: <VAR>afs_password</VAR>
+ Retype input key: <VAR>afs_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>addk</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>addkey</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine on which to define the new key in the
+<B>KeyFile</B> file.
+<P><DT><B>-kvno
+</B><DD>Specifies the key version number you chose in Step <A HREF="#LIWQ378">3</A>, an integer in the range 0 (zero) through 255. You
+must specify the same number in Steps <A HREF="#LIWQ382">7</A>, <A HREF="#LIWQ383">8</A>, and <A HREF="#LIWQ386">13</A>.
+<P><DT><B><B>-noauth</B>
+</B><DD>Bypasses mutual authentication with the BOS Server. Include it in
+case the key emergency is preventing successful mutual authentication.
+<P><DT><B><VAR>afs_password</VAR>
+</B><DD>Is a character string similar to a user password, of any length from one
+to about 1,000 characters. To improve security, make the string as long
+as is practical, and include nonalphabetic characters.
+<P>Do not type an octal string directly. The BOS Server scrambles the
+character string into an octal string appropriate for use as an encryption key
+before recording it in the <B>KeyFile</B> file.
+<P>Remember the string. You need to use it again in Steps <A HREF="#LIWQ382">7</A>, <A HREF="#LIWQ383">8</A>, and <A HREF="#LIWQ386">13</A>.
+</DL>
+<P><LI><A NAME="LIWQ380"></A><B>On every database server machine in your cell</B> (other
+than the system control machine), disable authorization checking as instructed
+in <A HREF="#HDRWQ373">Disabling Authorization Checking in an Emergency</A>. Do not repeat the procedure on the system control
+machine, if it is a database server machine, because you already disabled
+authorization checking in Step <A HREF="#LIWQ376">1</A>. (If you need to learn which machines are database
+server machines, use the <B>bos listhosts</B> command as described in <A HREF="auagd008.htm#HDRWQ95">To locate database server machines</A>.)
+<P><LI><A NAME="LIWQ381"></A>Wait at least 90 seconds after finishing Step <A HREF="#LIWQ380">5</A>, to allow each of the database server processes (the
+Authentication, Backup, Protection and Volume Location Servers) to finish
+electing a new sync site. Then issue the <B>udebug</B> command to
+verify that the election worked properly. Issue the following commands,
+substituting each database server machine's name for <VAR>server
+machine</VAR> in turn. Include the system control machine if it is a
+database server machine.
+<PRE> # <B>udebug</B> <<VAR>server machine</VAR>> <B>buserver</B>
+ # <B>udebug</B> <<VAR>server machine</VAR>> <B>kaserver</B>
+ # <B>udebug</B> <<VAR>server machine</VAR>> <B>ptserver</B>
+ # <B>udebug</B> <<VAR>server machine</VAR>> <B>vlserver</B>
+</PRE>
+<P>For each process, the output from all of the database server machines must
+agree on which one is the sync site for the process. It is not,
+however, necessary that the same machine serves as the sync site for each of
+the four processes. For each process, the output from only one machine
+must include the following string:
+<PRE> I am sync site ...
+</PRE>
+<P>The output on the other machines instead includes the following line
+<PRE> I am not sync site
+</PRE>
+<P>and a subsequent line that begins with the string <TT>Sync host</TT> and
+specifies the IP address of the machine claiming to be the sync site.
+<P>If the output does not meet these requirements or seems abnormal in another
+way, contact AFS Product Support for assistance.
+<P><LI><A NAME="LIWQ382"></A><B>On every database server machine in your cell</B> (other
+than the system control machine), issue the <B>bos addkey</B> command
+described in Step <A HREF="#LIWQ379">4</A>. Be sure to use the same values for
+<VAR>afs_password</VAR> and <VAR>kvno</VAR> as you used in that step.
+<A NAME="IDX7307"></A>
+<P><LI><A NAME="LIWQ383"></A>Issue the <B>kas setpassword</B> command to define the new
+key in the Authentication Database's <B>afs</B> entry. It must
+match the key you created in Step <A HREF="#LIWQ379">4</A> and Step <A HREF="#LIWQ382">7</A>.
+<PRE> # <B>kas setpassword -name afs</B> <B>-kvno</B> <<VAR>key version number</VAR>> <B>-noauth</B>
+ new_password: <VAR>afs_password</VAR>
+ Verifying, please re-enter new_password: <VAR>afs_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>sp</B>
+</B><DD>Is an acceptable alias for <B>setpassword</B> (<B>setp</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-kvno
+</B><DD>Is the same key version number you specified in Step <A HREF="#LIWQ379">4</A>.
+<P><DT><B><VAR>afs_password</VAR>
+</B><DD>Is the same character string you specified as <VAR>afs_password</VAR> in
+Step <A HREF="#LIWQ379">4</A>. It does not echo visibly.
+</DL>
+<P><LI><A NAME="LIWQ384"></A><B>On every database server machine in your cell</B>
+(including the system control machine if it is a database server machine),
+reenable authorization checking as instructed in <A HREF="#HDRWQ375">Reenabling Authorization Checking in an Emergency</A>. If the system control machine is not a database
+server machine, do not perform this procedure until Step <A HREF="#LIWQ385">11</A>.
+<P><LI>Repeat Step <A HREF="#LIWQ381">6</A> to verify that each database server process has properly
+elected a sync site after being restarted in Step <A HREF="#LIWQ384">9</A>.
+<P><LI><A NAME="LIWQ385"></A><B>On the system control machine</B> (if it is not a
+database server machine), reenable authorization checking as instructed in <A HREF="#HDRWQ375">Reenabling Authorization Checking in an Emergency</A>. If it is a database server machine, you already
+performed the procedure in Step <A HREF="#LIWQ384">9</A>.
+<P><LI><B>On all remaining (simple) file server machines</B>, disable
+authorization checking as instructed in <A HREF="#HDRWQ373">Disabling Authorization Checking in an Emergency</A>.
+<P><LI><A NAME="LIWQ386"></A><B>On all remaining (simple) file server machines</B>,
+issue the <B>bos addkey</B> command described in Step <A HREF="#LIWQ379">4</A>. Be sure to use the same values for
+<VAR>afs_password</VAR> and <VAR>kvno</VAR> as you used in that step.
+<P><LI><B>On all remaining (simple) file server machines</B>, reenable
+authorization checking as instructed in <A HREF="#HDRWQ375">Reenabling Authorization Checking in an Emergency</A>.
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd013.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd015.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd014.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd016.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX7308"></A>
+<A NAME="IDX7309"></A>
+<HR><H1><A NAME="HDRWQ387" HREF="auagd002.htm#ToC_431">Administering Client Machines and the Cache Manager</A></H1>
+<P>This chapter describes how to administer an AFS client
+machine, which is any machine from which users can access the AFS filespace
+and communicate with AFS server processes. (A client machine can
+simultaneously function as an AFS server machine if appropriately
+configured.) An AFS client machine has the following
+characteristics:
+<UL>
+<P><LI>The kernel includes the set of modifications, commonly referred to as the
+Cache Manager, that enable access to AFS files and directories. You can
+configure many of the Cache Manager's features to suit your users'
+needs. See <A HREF="#HDRWQ390">Overview of Cache Manager Customization</A>.
+<P><LI>The <B>/usr/vice/etc</B> directory on the local disk stores several
+configuration files. See <A HREF="#HDRWQ392">Configuration Files in the /usr/vice/etc Directory</A>.
+<P><LI>A cache stores temporary copies of data fetched from AFS file server
+machines, either in machine memory or on a devoted local disk
+partition. See <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A> and <A HREF="#HDRWQ402">Setting Other Cache Parameters with the afsd program</A>.
+</UL>
+<P>To learn how to install the client functionality on a machine, see the
+<I>IBM AFS Quick Beginnings</I>.
+<HR><H2><A NAME="HDRWQ388" HREF="auagd002.htm#ToC_432">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display cache size set at reboot
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>cat /usr/vice/etc/cacheinfo</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display current cache size and usage
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs getcacheparms</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Change disk cache size without rebooting
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs setcachesize</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Initialize Cache Manager
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>afsd</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display contents of <B>CellServDB</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>cat /usr/vice/etc/CellServDB</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display list of database server machines from kernel memory
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs listcells</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Change list of database server machines in kernel memory
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs newcell</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Check cell's status regarding setuid
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs getcellstatus</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Set cell's status regarding setuid
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs setcell</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Set server probe interval
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs checkservers -interval</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display machine's cell membership
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>cat /usr/vice/etc/ThisCell</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Change machine's cell membership
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%">Edit <B>/usr/vice/etc/ThisCell</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Flush cached file/directory
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs flush</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Flush everything cached from a volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs flushvolume</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Update volume-to-mount-point mappings
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs checkvolumes</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display Cache Manager's server preference ranks
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs getserverprefs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Set Cache Manager's server preference ranks
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs setserverprefs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display client machine addresses to register
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs getclientaddrs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Set client machine addresses to register
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs setclientaddrs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Control the display of warning and status messages
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs messages</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Display and change machine's system type
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs sysname</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="67%">Enable asynchronous writes
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="33%"><B>fs storebehind</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ390" HREF="auagd002.htm#ToC_433">Overview of Cache Manager Customization</A></H2>
+<A NAME="IDX7310"></A>
+<A NAME="IDX7311"></A>
+<A NAME="IDX7312"></A>
+<P>An AFS client machine's kernel includes a set of modifications,
+commonly referred to as the <I>Cache Manager</I>, that enable access to
+AFS files and directories and communications with AFS server processes.
+It is common to speak of the Cache Manager as a process or program, and in
+regular usage it appears to function like one. When configuring it,
+though, it is helpful to keep in mind that this usage is not strictly
+accurate.
+<P>The Cache Manager mainly fetches files on behalf of application programs
+running on the machine. When an application requests an AFS file, the
+Cache Manager contacts the Volume Location (VL) Server to obtain a list of the
+file server machines that house the volume containing the file. The
+Cache Manager then translates the application program's system call
+requests into remote procedure calls (RPCs) to the File Server running on the
+appropriate machine. When the File Server delivers the file, the Cache
+Manager stores it in a local <I>cache</I> before delivering it to the
+application program.
+<P>The File Server delivers a data structure called a <I>callback</I>
+along with the file. (To be precise, it delivers a callback for each
+file fetched from a read/write volume, and a single callback for all data
+fetched from a read-only volume.) A valid callback indicates that the
+Cache Manager's cached copy of a file matches the central copy maintained
+by the File Server. If an application on another AFS client machine
+changes the central copy, the File Server breaks the callback, and the Cache
+Manager must retrieve the new version when an application program on its
+machine next requests data from the file. As long as the callback is
+unbroken, however, the Cache Manager can continue to provide the cached
+version of the file to applications on its machine, which eliminates
+unnecessary network traffic.
+<P>The indicated sections of this chapter explain how to configure and
+customize the following Cache Manager features. All but the first
+(choosing disk or memory cache) are optional, because AFS sets suitable
+defaults for them.
+<UL>
+<P><LI><I>disk or memory cache</I>. The AFS Cache Manager can use
+machine memory for caching instead of space on the local disk. Deciding
+which to use is the most basic configuration decision you must make.
+See <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A>.
+<P><LI><I>cache size</I>. Cache size probably has the most direct
+influence on client machine performance. It determines how often the
+Cache Manager must contact the File Server across the network or discard
+cached data to make room for newly requested files, both of which affect how
+quickly the Cache Manager delivers files to users. See <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A>.
+<P><LI><I>cache location</I>. For a disk cache, you can alter the
+conventional cache directory location (<B>/usr/vice/cache</B>) to take
+advantage of greater space availability on other disks on the machine.
+A larger cache can result in faster file delivery. See <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A>.
+<P><LI><I>chunk size and number</I>. The <B>afsd</B> program,
+which initializes the Cache Manager, allows you to control the size and number
+of chunks into which a cache is divided, plus related parameters.
+Setting these parameters is optional, because there are reasonable defaults,
+but it provides precise control. The AFS distribution includes
+configuration scripts that set Cache Manager parameters to values that are
+reasonable for different configurations and usage patterns. See <A HREF="#HDRWQ402">Setting Other Cache Parameters with the afsd program</A>.
+<P><LI><I>knowledge of database server machines</I>. Enable access to
+a cell's AFS filespace and other services by listing the cell's
+database server machines in the <B>/usr/vice/etc/CellServDB</B> file on
+the local disk. See <A HREF="#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P><LI><I>setuid privilege</I>. You can control whether the Cache
+Manager allows programs from a cell to execute with setuid permission.
+See <A HREF="#HDRWQ409">Determining if a Client Can Run Setuid Programs</A>.
+<P><LI><I>cell membership</I>. Each client belongs to a one cell
+defined by the local <B>/usr/vice/etc/ThisCell</B> file. Cell
+membership determines the default cell in which the machine's users are
+authenticated and in which AFS commands run. See <A HREF="#HDRWQ411">Setting a Client Machine's Cell Membership</A>.
+<P><LI><I>cached file version</I>. AFS's system of callbacks
+normally guarantees that the Cache Manager has the most current versions of
+files and directories possible. Nevertheless, you can force the Cache
+Manager to fetch the most current version of a file from the File Server if
+you suspect that the cache contains an outdated version. See <A HREF="#HDRWQ412">Forcing the Update of Cached Data</A>.
+<P><LI><I>File Server and Volume Location Server preferences</I>. The
+Cache Manager sets numerical preference ranks for the interfaces on file
+server machines and Volume Server (VL) machines. The ranks determine
+which interface the Cache Manager first attempts to use when fetching data
+from a volume or from the Volume Location Database (VLDB). The Cache
+Manager sets default ranks as it initializes, basing them on its network
+proximity to each interface, but you can modify the preference ranks if you
+wish. See <A HREF="#HDRWQ414">Maintaining Server Preference Ranks</A>.
+<P><LI><I>interfaces registered with the File Server</I>. If the Cache
+Manager is multihomed (has multiple interface addresses), you can control
+which of them it registers for File Servers to use when they initiate RPCs to
+the client machine. See <A HREF="#HDRWQ415">Managing Multihomed Client Machines</A>.
+<P><LI><I>display of information messages</I>. By default, the Cache
+Manager sends basic error and informational messages to the client
+machine's console and to command shells. You can disable the
+messaging. See <A HREF="#HDRWQ416">Controlling the Display of Warning and Informational Messages</A>.
+<P><LI><I>system type</I>. The Cache Manager records the local
+machine's AFS system type in kernel memory, and substitutes the value for
+the <VAR>@sys</VAR> variable in pathnames. See <A HREF="#HDRWQ417">Displaying and Setting the System Type Name</A>.
+<P><LI><I>delayed writes</I>. By default, the Cache Manager writes all
+data to the File Server immediately and synchronously when an application
+program closes a file. You can enable asynchronous writes, either for
+an individual file, or all files that the Cache Manager handles, and set how
+much data remains to be written when the Cache Manager returns control to the
+closing application. See <A HREF="#HDRWQ418">Enabling Asynchronous Writes</A>.
+</UL>
+<P>You must make all configuration changes on the client machine itself (at
+the console or over a direct connection such as a <B>telnet</B>
+connection). You cannot configure the Cache Manager remotely.
+You must be logged in as the local superuser <B>root</B> to issue some
+commands, whereas others require no privilege. All files mentioned in
+this chapter must actually reside on the local disk of each AFS client machine
+(they cannot, for example, be symbolic links to files in AFS).
+<P>AFS's <B>package</B> program can simplify other aspects of client
+machine configuration, including those normally set in the machine's AFS
+initialization file. See <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.
+<HR><H2><A NAME="HDRWQ391" HREF="auagd002.htm#ToC_434">Configuration and Cache-Related Files on the Local Disk</A></H2>
+<A NAME="IDX7313"></A>
+<A NAME="IDX7314"></A>
+<A NAME="IDX7315"></A>
+<A NAME="IDX7316"></A>
+<A NAME="IDX7317"></A>
+<P>This section briefly describes the client configuration files that must
+reside in the local <B>/usr/vice/etc</B> directory on every client
+machine. If the machine uses a disk cache, there must be a partition
+devoted to cache files; by convention, it is mounted at the
+<B>/usr/vice/cache</B> directory.
+<P><B>Note for Windows users:</B> Some files described in this
+document possibly do not exist on machines that run a Windows operating
+system. Also, Windows uses a backslash
+( <B>\</B> ) rather than a forward slash
+( <B>/</B> ) to separate the elements in a
+pathname.
+<P><H3><A NAME="HDRWQ392" HREF="auagd002.htm#ToC_435">Configuration Files in the /usr/vice/etc Directory</A></H3>
+<P>The <B>/usr/vice/etc</B> directory on a client
+machine's local disk must contain certain configuration files for the
+Cache Manager to function properly. They control the most basic aspects
+of Cache Manager configuration.
+<P>If it is important that the client machines in your cell perform uniformly,
+it is most efficient to update these files from a central source. The
+following descriptions include pointers to sections that discuss how best to
+maintain the files.
+<DL>
+<A NAME="IDX7318"></A>
+<A NAME="IDX7319"></A>
+<A NAME="IDX7320"></A>
+<A NAME="IDX7321"></A>
+<A NAME="IDX7322"></A>
+<P><DT><B>afsd
+</B><DD>The binary file for the program that initializes the Cache Manager.
+It must run each time the machine reboots in order for the machine to remain
+an AFS client machine. The program also initializes several daemons
+that improve Cache Manager functioning, such as the process that handles
+callbacks.
+<A NAME="IDX7323"></A>
+<A NAME="IDX7324"></A>
+<P><DT><B>cacheinfo
+</B><DD>A one-line file that sets the cache's most basic configuration
+parameters: the local directory at which the Cache Manager mounts the
+AFS filespace, the local disk directory to use as the cache, and how many
+kilobytes to allocate to the cache.
+<P>The <I>IBM AFS Quick Beginnings</I> explains how to create this file as
+you install a client machine. To change the cache size on a machine
+that uses a memory cache, edit the file and reboot the machine. On a
+machine that uses a disk cache, you can change the cache size without
+rebooting by issuing the <B>fs setcachesize</B> command. For
+instructions, see <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A>.
+<A NAME="IDX7325"></A>
+<A NAME="IDX7326"></A>
+<P><DT><B>CellServDB
+</B><DD>This ASCII file names the database server machines in the local cell and
+in any foreign cell to which you want to enable access from this
+machine. (Database server machines are the machines in a cell that run
+the Authentication, Backup, Protection, and VL Server processes; see <A HREF="auagd008.htm#HDRWQ92">Database Server Machines</A>.)
+<P>The Cache Manager must be able to reach a cell's database server
+machines to fetch files from its filespace. Incorrect or missing
+information in the <B>CellServDB</B> file can slow or completely block
+access. It is important to update the file whenever a cell's
+database server machines change.
+<P>As the <B>afsd</B> program initializes the Cache Manager, it loads the
+contents of the file into kernel memory. The Cache Manager does not
+read the file between reboots, so to incorporate changes to the file into
+kernel memory, you must reboot the machine. Alternatively, you can
+issue the <B>fs newcell</B> command to insert the changes directly into
+kernel memory without changing the file. It can also be convenient to
+upgrade the file from a central source. For instructions, see <A HREF="#HDRWQ406">Maintaining Knowledge of Database Server Machines</A>.
+<P>(The <B>CellServDB</B> file on client machines is not the same as the
+one kept in the <B>/usr/afs/etc</B> directory on server machines, which
+lists only the local cell's database server machines. For
+instructions on maintaining the server <B>CellServDB</B> file, see <A HREF="auagd008.htm#HDRWQ118">Maintaining the Server CellServDB File</A>).
+<A NAME="IDX7327"></A>
+<A NAME="IDX7328"></A>
+<P><DT><B>NetInfo
+</B><DD>This optional ASCII file lists one or more of the network interface
+addresses on the client machine. If it exists when the Cache Manager
+initializes, the Cache Manager uses it as the basis for the list of interfaces
+that it registers with File Servers. See <A HREF="#HDRWQ415">Managing Multihomed Client Machines</A>.
+<A NAME="IDX7329"></A>
+<A NAME="IDX7330"></A>
+<P><DT><B>NetRestrict
+</B><DD>This optional ASCII file lists one or more network interface
+addresses. If it exists when the Cache Manager initializes, the Cache
+Manager removes the specified addresses from the list of interfaces that it
+registers with File Servers. See <A HREF="#HDRWQ415">Managing Multihomed Client Machines</A>.
+<A NAME="IDX7331"></A>
+<A NAME="IDX7332"></A>
+<P><DT><B>ThisCell
+</B><DD>This ASCII file contains a single line that specifies the complete
+domain-style name of the cell to which the machine belongs. Examples
+are <TT>abc.com</TT> and <TT>stateu.edu</TT>. This
+value defines the default cell in which the machine's users become
+authenticated, and in which the command interpreters (for example, the
+<B>bos</B> command) contact server processes.
+<P>The <I>IBM AFS Quick Beginnings</I> explains how to create this file as
+you install the AFS client functionality. To learn about changing a
+client machine's cell membership, see <A HREF="#HDRWQ411">Setting a Client Machine's Cell Membership</A>.
+</DL>
+<P>In addition to these files, the <B>/usr/vice/etc</B> directory also
+sometimes contains the following types of files and subdirectories:
+<UL>
+<A NAME="IDX7333"></A>
+<A NAME="IDX7334"></A>
+<A NAME="IDX7335"></A>
+<A NAME="IDX7336"></A>
+<P><LI>The AFS initialization script, called <B>afs.rc</B> on many
+system types. In the conventional configuration specified by the
+<I>IBM AFS Quick Beginnings</I>, it is a symbolic link to the actual
+script kept in the same directory as other initialization files used by the
+operating system.
+<A NAME="IDX7337"></A>
+<A NAME="IDX7338"></A>
+<P><LI>A subdirectory that houses AFS kernel library files used by a dynamic
+kernel loading program.
+<A NAME="IDX7339"></A>
+<A NAME="IDX7340"></A>
+<P><LI>A subdirectory called <B>C</B>, which houses the Cache Manager catalog
+file called <B>afszcm.cat</B>. The fstrace program uses the
+catalog file to translate operation codes into character strings, which makes
+the message in the trace log more readable. See <A HREF="auagd013.htm#HDRWQ342">About the fstrace Command Suite</A>.
+</UL>
+<P><H3><A NAME="HDRWQ393" HREF="auagd002.htm#ToC_436">Cache-Related Files</A></H3>
+<A NAME="IDX7341"></A>
+<A NAME="IDX7342"></A>
+<A NAME="IDX7343"></A>
+<A NAME="IDX7344"></A>
+<A NAME="IDX7345"></A>
+<P>A client machine that uses a disk cache must have a local disk directory
+devoted to the cache. The conventional mount point is
+<B>/usr/vice/cache</B>, but you can use another partition that has more
+available space.
+<P>Do not delete or directly modify any of the files in the cache
+directory. Doing so can cause a kernel panic, from which the only way
+to recover is to reboot the machine. By default, only the local
+superuser <B>root</B> can read the files directly, by virtue of owning
+them.
+<P>A client machine that uses a memory cache keeps all of the information
+stored in these files in machine memory instead.
+<DL>
+<A NAME="IDX7346"></A>
+<A NAME="IDX7347"></A>
+<P><DT><B>CacheItems
+</B><DD>A binary-format file in which the Cache Manager tracks the contents of
+cache chunks (the <B>V</B> files in the directory, described just
+following), including the file ID number (fID) and the data version
+number.
+<A NAME="IDX7348"></A>
+<A NAME="IDX7349"></A>
+<P><DT><B>VolumeItems
+</B><DD>A binary-format file in which the Cache Manager records the mapping
+between mount points and the volumes from which it has fetched data.
+The Cache Manager uses the information when responding to the <B>pwd</B>
+command, among others.
+<A NAME="IDX7350"></A>
+<A NAME="IDX7351"></A>
+<A NAME="IDX7352"></A>
+<P><DT><B>V<VAR>n</VAR>
+</B><DD>A cache chunk file, which expands to a maximum size (by default, 64 KB) to
+house data fetched from AFS files. The number of <B>V</B><VAR>n</VAR>
+files in the cache depends on the cache size among other factors. The
+<VAR>n</VAR> is the index assigned to each file; they are numbered
+sequentially, but the Cache Manager does not necessarily use them in order or
+contiguously. If an AFS file is larger than the maximum size for
+<B>V</B><VAR>n</VAR> files, the Cache Manager divides it across multiple
+<B>V</B><VAR>n</VAR> files.
+</DL>
+<HR><H2><A NAME="HDRWQ394" HREF="auagd002.htm#ToC_437">Determining the Cache Type, Size, and Location</A></H2>
+<P>This section explains how to configure a memory or disk
+cache, how to display and set the size of either type of cache, and how to set
+the location of the cache directory for a disk cache.
+<A NAME="IDX7353"></A>
+<A NAME="IDX7354"></A>
+<P>The Cache Manager uses a disk cache by default, and it is the preferred
+type of caching. To configure a memory cache, include the
+<B>-memcache</B> flag on the <B>afsd</B> command, which is normally
+invoked in the machine's AFS initialization file. If configured to
+use a memory cache, the Cache Manager does no disk caching, even if the
+machine has a disk.
+<P><H3><A NAME="Header_438" HREF="auagd002.htm#ToC_438">Choosing the Cache Size</A></H3>
+<A NAME="IDX7355"></A>
+<P>Cache size influences the performance of a client machine more directly
+than perhaps any other cache parameter. The larger the cache, the
+faster the Cache Manager is likely to deliver files to users. A small
+cache can impair performance because it increases the frequency at which the
+Cache Manager must discard cached data to make room for newly requested
+data. When an application asks for data that has been discarded, the
+Cache Manager must request it from the File Server, and fetching data across
+the network is almost always slower than fetching it from the local
+disk. The Cache Manager never discards data from a file that has been
+modified locally but not yet stored back to the File Server. If the
+cache is very small, the Cache Manager possible cannot find any data to
+discard. For more information about the algorithm it uses when
+discarding cached data, see <A HREF="#HDRWQ401">How the Cache Manager Chooses Data to Discard</A>).
+<P>The amount of disk or memory you devote to caching depends on several
+factors. The amount of space available in memory or on the partition
+housing the disk cache directory imposes an absolute limit. In
+addition, you cannot allocate more than 95% of the space available on the
+cache directory's partition to a disk cache. The <B>afsd</B>
+program exits without starting the Cache Manager and prints an appropriate
+message to the standard output stream if you violate this restriction.
+For a memory cache, you must leave enough memory for other processes and
+applications to run. If you try to allocate more memory than is
+actually available, the <B>afsd</B> program exits without initializing the
+Cache Manager and produces the following message on the standard output
+stream:
+<PRE> afsd: memCache allocation failure at <VAR>number</VAR> KB
+</PRE>
+<P>where <VAR>number</VAR> is how many kilobytes were allocated just before the
+failure.
+<P>Within these hard limits, the factors that determine appropriate cache size
+include the number of users working on the machine, the size of the files with
+which they usually work, and (for a memory cache) the number of processes that
+usually run on the machine. The higher the demand from these factors,
+the larger the cache needs to be to maintain good performance.
+<P>Disk caches smaller than 10 MB do not generally perform well.
+Machines serving multiple users usually perform better with a cache of at
+least 60 to 70 MB. The point at which enlarging the cache further does
+not really improve performance depends on the factors mentioned previously,
+and is difficult to predict.
+<P>Memory caches smaller than 1 MB are nonfunctional, and the performance of
+caches smaller than 5 MB is usually unsatisfactory. Suitable upper
+limits are similar to those for disk caches but are probably determined more
+by the demands on memory from other sources on the machine (number of users
+and processes). Machines running only a few processes possibly can use
+a smaller memory cache.
+<P>AFS imposes an absolute limit on cache size in some versions. See
+the <I>IBM AFS Release Notes</I> for the version you are using.
+<P><B></B>
+<P><H3><A NAME="HDRWQ395" HREF="auagd002.htm#ToC_439">Displaying and Setting the Cache Size and Location</A></H3>
+<A NAME="IDX7356"></A>
+<A NAME="IDX7357"></A>
+<A NAME="IDX7358"></A>
+<A NAME="IDX7359"></A>
+<A NAME="IDX7360"></A>
+<A NAME="IDX7361"></A>
+<A NAME="IDX7362"></A>
+<A NAME="IDX7363"></A>
+<A NAME="IDX7364"></A>
+<A NAME="IDX7365"></A>
+<A NAME="IDX7366"></A>
+<A NAME="IDX7367"></A>
+<A NAME="IDX7368"></A>
+<A NAME="IDX7369"></A>
+<A NAME="IDX7370"></A>
+<A NAME="IDX7371"></A>
+<A NAME="IDX7372"></A>
+<A NAME="IDX7373"></A>
+<A NAME="IDX7374"></A>
+<A NAME="IDX7375"></A>
+<A NAME="IDX7376"></A>
+<P>The Cache Manager determines how big to make the cache by reading the
+<B>/usr/vice/etc/cacheinfo</B> file as it initializes. As directed
+in the <I>IBM AFS Quick Beginnings</I>, you must create the file before
+running the <B>afsd</B> program. The file also defines the
+directory on which to mount AFS (by convention, <B>/afs</B>), and the
+local disk directory to use for a cache directory.
+<P>To change any of the values in the file, log in as the local superuser
+<B>root</B>. You must reboot the machine to have the new value take
+effect. For instructions, see <A HREF="#HDRWQ398">To edit the cacheinfo file</A>.
+<P>To change the cache size at reboot without editing the <B>cacheinfo</B>
+file, include the <B>-blocks</B> argument to the <B>afsd</B>
+command; see the command's reference page in the <I>IBM AFS
+Administration Reference</I>.
+<P>For a disk cache, you can also use the <B>fs setcachesize</B> command
+to reset the cache size without rebooting. The value you set persists
+until the next reboot, at which time the cache size returns to the value
+specified in the <B>cacheinfo</B> file or by the <B>-blocks</B>
+argument to the <B>afsd</B> command. For instructions, see <A HREF="#HDRWQ399">To change the disk cache size without rebooting</A>.
+<P>To display the current cache size and the amount of space the Cache Manager
+is using at the moment, use the <B>fs getcacheparms</B> command as
+detailed in <A HREF="#HDRWQ397">To display the current cache size</A>.
+<P><H3><A NAME="HDRWQ396" HREF="auagd002.htm#ToC_440">To display the cache size set at reboot</A></H3>
+<OL TYPE=1>
+<P><LI>Use a text editor or the <B>cat</B> command to display the contents of
+the <B>/usr/vice/etc/cacheinfo</B> file.
+<PRE> % <B>cat /usr/vice/etc/cacheinfo</B>
+</PRE>
+</OL>
+<A NAME="IDX7377"></A>
+<A NAME="IDX7378"></A>
+<A NAME="IDX7379"></A>
+<A NAME="IDX7380"></A>
+<A NAME="IDX7381"></A>
+<A NAME="IDX7382"></A>
+<P><H3><A NAME="HDRWQ397" HREF="auagd002.htm#ToC_441">To display the current cache size</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs getcacheparms</B> command on the client
+machine.
+<PRE> % <B>fs getcacheparms</B>
+</PRE>
+<P>where <B>getca</B> is the shortest acceptable abbreviation of
+<B>getcacheparms</B>.
+<P>The output shows the number of kilobyte blocks the Cache Manager is using
+as a cache at the moment the command is issued, and the current size of the
+cache. For example:
+<PRE> AFS using 13709 of the cache's available 15000 1K byte blocks.
+</PRE>
+</OL>
+<A NAME="IDX7383"></A>
+<A NAME="IDX7384"></A>
+<A NAME="IDX7385"></A>
+<A NAME="IDX7386"></A>
+<A NAME="IDX7387"></A>
+<P><H3><A NAME="HDRWQ398" HREF="auagd002.htm#ToC_442">To edit the cacheinfo file</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Use a text editor to edit the <B>/usr/vice/etc/cacheinfo</B> file,
+which has three fields, separated by colons:
+<UL>
+<P><LI>The first field names the local directory on which to mount the AFS
+filespace. The conventional location is <B>/afs</B>.
+<P><LI>The second field defines the local disk directory to use for the disk
+cache. The conventional location is the <B>/usr/vice/cache</B>
+directory, but you can specify an alternate directory if another partition has
+more space available. There must always be a value in this field, but
+the Cache Manager ignores it if the machine uses a memory cache.
+<P><LI>The third field defines cache size as a number of kilobyte (1024-byte)
+blocks.
+</UL>
+<P>The following example mounts the AFS filespace at the <B>/afs</B>
+directory, names <B>/usr/vice/cache</B> as the cache directory, and sets
+cache size to 50,000 KB:
+<PRE> <B>/afs:/usr/vice/cache:50000</B>
+</PRE>
+</OL>
+<A NAME="IDX7388"></A>
+<A NAME="IDX7389"></A>
+<A NAME="IDX7390"></A>
+<A NAME="IDX7391"></A>
+<A NAME="IDX7392"></A>
+<A NAME="IDX7393"></A>
+<P><H3><A NAME="HDRWQ399" HREF="auagd002.htm#ToC_443">To change the disk cache size without rebooting</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI><A NAME="LIWQ400"></A>Issue the <B>fs setcachesize</B> command to set a new disk
+cache size.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This command does not work for a memory cache.
+</TD></TR></TABLE>
+<PRE> # <B>fs setcachesize</B> <<VAR>size in 1K byte blocks (0 => reset)</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>setca</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>setcachesize</B>.
+<P><DT><B><VAR>size in 1K byte blocks (0 => reset)</VAR>
+</B><DD>Sets the number of kilobyte blocks to be used for the cache.
+Specify a positive integer (<B>1024</B> equals 1 MB), or <B>0</B>
+(zero) to reset the cache size to the value specified in the
+<B>cacheinfo</B> file.
+</DL>
+</OL>
+<A NAME="IDX7394"></A>
+<A NAME="IDX7395"></A>
+<A NAME="IDX7396"></A>
+<A NAME="IDX7397"></A>
+<A NAME="IDX7398"></A>
+<A NAME="IDX7399"></A>
+<P><H3><A NAME="Header_444" HREF="auagd002.htm#ToC_444">To reset the disk cache size to the default without rebooting</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs setcachesize</B> command to reset the size of the
+local disk cache (the command does not work for a memory cache). Choose
+one of the two following options:
+<UL>
+<P><LI>To reset the cache size to the value specified in the local
+<B>cacheinfo</B> file, specify the value <B>0</B> (zero)
+<PRE> # <B>fs setcachesize 0</B>
+</PRE>
+<P><LI>To reset the cache size to the value set at the last reboot of the
+machine, include the <B>-reset</B> flag. Unless the
+<B>-blocks</B> argument was used on the <B>afsd</B> command, this is
+also the value in the <B>cacheinfo</B> file.
+<PRE> # <B>fs setcachesize -reset</B>
+</PRE>
+</UL>
+<P>where
+<DL>
+<P><DT><B><B>setca</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>setcachesize</B>.
+<P><DT><B>0
+</B><DD>Resets the disk cache size to the value in the third field of the
+<B>/usr/vice/etc/cacheinfo</B> file.
+<P><DT><B>-reset
+</B><DD>Resets the cache size to the value set at the last reboot.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ401" HREF="auagd002.htm#ToC_445">How the Cache Manager Chooses Data to Discard</A></H3>
+<P>When the cache is full and application programs request more
+data from AFS, the Cache Manager must flush out cache chunks to make room for
+the data. The Cache Manager considers two factors:
+<OL TYPE=1>
+<P><LI>How recently an application last accessed the data.
+<P><LI>Whether the chunk is <I>dirty</I>. A dirty chunk contains
+changes to a file that have not yet been saved back to the permanent copy
+stored on a file server machine.
+</OL>
+<P>The Cache Manager first checks the least-recently used chunk. If it
+is not dirty, the Cache Manager discards the data in that chunk. If the
+chunk is dirty, the Cache Manager moves on to check the next least recently
+used chunk. It continues in this manner until it has created a
+sufficient number of empty chunks.
+<P>Chunks that contain data fetched from a read-only volume are by definition
+never dirty, so the Cache Manager can always discard them. Normally,
+the Cache Manager can also find chunks of data fetched from read/write volumes
+that are not dirty, but a small cache makes it difficult to find enough
+eligible data. If the Cache Manager cannot find any data to discard, it
+must return I/O errors to application programs that request more data from
+AFS. Application programs usually have a means for notifying the user
+of such errors, but not for revealing their cause.
+<HR><H2><A NAME="HDRWQ402" HREF="auagd002.htm#ToC_446">Setting Other Cache Parameters with the afsd program</A></H2>
+<P>There are only three cache configuration parameters you must
+set: the mount directory for AFS, the location of the disk cache
+directory, and the cache size. They correspond to the three fields in
+the <B>/usr/vice/etc/cacheinfo</B> file, as discussed in <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A>. However, if you want to experiment with fine-tuning
+cache performance, you can use the arguments on the <B>afsd</B> command to
+control several other parameters. This section discusses a few of these
+parameters that have the most direct effect on cache performance. To
+learn more about the <B>afsd</B> command's arguments, see its
+reference page in the <I>IBM AFS Administration Reference</I>.
+<P>In addition, the AFS initialization script included in the AFS distribution
+for each system type includes several variables that set several
+<B>afsd</B> arguments in a way that is suitable for client machines of
+different sizes and usage patterns. For instructions on using the
+script most effectively, see the section on configuring the Cache Manager in
+the <I>IBM AFS Quick Beginnings</I>.
+<P><H3><A NAME="HDRWQ403" HREF="auagd002.htm#ToC_447">Setting Cache Configuration Parameters</A></H3>
+<P>The cache configuration parameters with the most direct
+effect on cache performance include the following:
+<UL>
+<P><LI><I>total cache size.</I> This is the amount of disk space or
+machine memory available for caching, as discussed in detail in <A HREF="#HDRWQ394">Determining the Cache Type, Size, and Location</A>.
+<P><LI><I>number of cache chunks.</I> For a disk cache, each chunk is
+a <B>V</B><VAR>n</VAR> file in the local cache directory (see <A HREF="#HDRWQ393">Cache-Related Files</A>). For a memory cache, each chunk is a set of
+contiguous blocks allocated in machine memory.
+<P>This parameter does not have as much of an effect on cache performance as
+total size. However, adjusting it can influence how often the Cache
+Manager must discard cached data to make room for new data. Suppose,
+for example, that you set the disk cache size to 50 MB and the number of
+chunks (<B>V</B><VAR>n</VAR> files) to 1,000. If each of the ten
+users on the machine caches 100 AFS files that average 20 KB in size, then all
+1,000 chunks are full (a chunk can contain data from only one AFS file) but
+the cache holds only about 20 MB of data. When a user requests more
+data from the File Server, the Cache Manager must discard cached data to
+reclaim some chunks, even though the cache is filled to less than 50% of its
+capacity. In such a situation, increasing the number of chunks enables
+the Cache Manager to discard data less often.
+<P><LI><I>chunk size.</I> This parameter determines the maximum amount
+of data that can fit in a chunk. If a cached element is smaller than
+the chunk size, the remaining space in the chunk is not used (a chunk can hold
+no more than one element). If an element cannot fit in a single chunk,
+it is split across as many chunks as needed. This parameter also
+determines how much data the Cache Manager requests at a time from the File
+Server (how much data per <I>fetch RPC</I>, because AFS uses partial file
+transfer).
+<P>The main reason to change chunk size is because of its relation to the
+amount of data fetched per RPC. If your network links are very fast, it
+can improve performance to increase chunk size; if the network is
+especially slow, it can make sense to decrease chunk size.
+<P><LI><I>number of dcache entries in memory.</I> The Cache Manager
+maintains one dcache entry for each cache chunk, recording a small amount of
+information, such as the file ID (fID) and version number of the AFS file
+corresponding to the chunk.
+<P>For a disk cache, dcache entries reside in the
+<B>/usr/vice/cache/CacheItems</B> file; a small number are duplicated
+in machine memory to speed access.
+<P>For a memory cache, the number of dcache entries equals the number of cache
+chunks. For a discussion of the implications of this correspondence,
+see <A HREF="#HDRWQ405">Controlling Memory Cache Configuration</A>.
+</UL>
+<P>For a description of how the Cache Manager determines defaults for number
+of chunks, chunk size, and number of dcache entries in a disk cache, see <A HREF="#HDRWQ404">Configuring a Disk Cache</A>; for a memory cache, see <A HREF="#HDRWQ405">Controlling Memory Cache Configuration</A>. The instructions also explain
+how to use the <B>afsd</B> command's arguments to override the
+defaults.
+<P><H3><A NAME="HDRWQ404" HREF="auagd002.htm#ToC_448">Configuring a Disk Cache</A></H3>
+<P>The default number of cache chunks (<B>V</B><VAR>n</VAR>
+files) in a disk cache is calculated by the <B>afsd</B> command to be the
+greatest of the following:
+<UL>
+<P><LI>100
+<P><LI>1.5 times the result of dividing cache size by chunk size
+(<VAR>cachesize</VAR>/<VAR>chunksize</VAR> * 1.5)
+<P><LI>The result of dividing cachesize by 10 MB (<VAR>cachesize</VAR>/10240)
+</UL>
+<P>You can override this value by specifying a positive integer with the
+<B>-files</B> argument. Consider increasing this value if more than
+75% of the <B>V</B><VAR>n</VAR> files are already used soon after the Cache
+Manager finishes initializing. Consider decreasing it if only a small
+percentage of the chunks are used at that point. In any case, never
+specify a value less than 100, because a smaller value can cause performance
+problems.
+<P>The following example sets the number of <B>V</B><VAR>n</VAR> files to
+2,000:
+<PRE> <B>/usr/vice/etc/afsd -files 2000</B>
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">It is conventional to place the <B>afsd</B> command in a machine's
+AFS initialization file, rather than entering it in a command shell.
+Furthermore, the values specified in this section are examples only, and are
+not necessarily suitable for a specific machine.
+</TD></TR></TABLE>
+<P>The default chunk size for a disk cache is 64 KB. In general, the
+only reason to change it is to adjust to exceptionally slow or fast
+networks; see <A HREF="#HDRWQ403">Setting Cache Configuration Parameters</A>. You can use the <B>-chunksize</B>
+argument to override the default. Chunk size must be a power of 2, so
+provide an integer between 0 (zero) and 30 to be used as an exponent of
+2. For example, a value of 10 sets chunk size to 1 KB (2<SUP>10</SUP> =
+1024); a value of 16 equals the default for disk caches (2<SUP>16</SUP> =
+64 KB). Specifying a value of 0 (zero) or greater than 30 returns chunk
+size to the default. Values less than 10 (1 KB) are not
+recommended. The following example sets chunk size to 16 KB
+(2<SUP>14</SUP>):
+<PRE> <B>/usr/vice/etc/afsd -chunksize 14</B>
+</PRE>
+<P>For a disk cache, the default number of dcache entries duplicated in memory
+is one-half the number of chunks specified with the <B>-files</B>
+argument, to a maximum of 2,000 entries. You can use the
+<B>-dcache</B> argument to change the default, even exceeding 2,000 if you
+wish. Duplicating more than half the dcache entries in memory is not
+usually necessary, but sometimes improves performance slightly, because access
+to memory is faster than access to disk. The following example sets the
+number to 750:
+<PRE> <B>/usr/vice/etc/afsd -dcache 750</B>
+</PRE>
+<P>When configuring a disk cache, you can combine the <B>afsd</B>
+command's arguments in any way. The main reason for this
+flexibility is that the setting you specify for disk cache size (in the
+<B>cacheinfo</B> file or with the <B>-blocks</B> argument) is an
+absolute maximum limit. You cannot override it by specifying higher
+values for the <B>-files</B> or <B>-chunksize</B> arguments, alone or
+in combination. A related reason is that the Cache Manager does not
+have to reserve a set amount of memory on disk. <B>V</B><VAR>n</VAR>
+files (the chunks in a disk cache) are initially zero-length, but can expand
+up to the specified chunk size and shrink again, as needed. If you set
+the number of <B>V</B><VAR>n</VAR> files to such a large value that
+expanding all of them to the full allowable size exceeds the total cache size,
+they simply never grow to full size.
+<P><H3><A NAME="HDRWQ405" HREF="auagd002.htm#ToC_449">Controlling Memory Cache Configuration</A></H3>
+<P>Configuring a memory cache differs from configuring a disk
+cache in that not all combinations of the <B>afsd</B> command's
+arguments are allowed. This limitation results from the greater
+interaction between the configuration parameters in a memory cache than a disk
+cache. If all combinations are allowed, it is possible to set the
+parameters in an inconsistent way. A list of the acceptable and
+unacceptable combinations follows a discussion of default values.
+<P>The default chunk size for a memory cache is 8 KB. In general, the
+only reason to change it is to adjust to exceptionally slow or fast
+networks; see <A HREF="#HDRWQ403">Setting Cache Configuration Parameters</A>.
+<P>There is no predefined default for number of chunks in a memory
+cache. The Cache Manager instead calculates the correct number by
+dividing the total cache size by the chunk size. Recall that for a
+memory cache, all dcache entries must be in memory. This implies that
+the number of chunks equals the number of dcache entries in memory, and that
+there is no default for number of dcache entries (like the number of chunks,
+it is calculated by dividing the total size by the chunk size).
+<P>The following are acceptable combinations of the <B>afsd</B>
+command's arguments when configuring a memory cache:
+<UL>
+<P><LI><B>-blocks</B> alone, which overrides the cache size specified in the
+<B>/usr/vice/etc/cacheinfo</B> file. The Cache Manager divides the
+value of this argument by the default chunk size of eight KB to calculate the
+number of chunks and dcache entries. The following example sets cache
+size to five MB (5,120 KB) and the number of chunks to 640 (5,120 divided by
+8):
+<PRE> <B>/usr/vice/etc/afsd -memcache -blocks 5120</B>
+</PRE>
+<P><LI><B>-chunksize</B> alone, to override the default of eight KB.
+The chunk size must be a power of two, so provide an integer between 0 (zero)
+and 30 to be used as an exponent of two. For example, a value of ten
+sets chunk size to 1 KB (2<SUP>10</SUP> = 1024); a value of 13 equals the
+default for memory caches (2<SUP>13</SUP> = 8 KB). Specifying a value
+of 0 (zero) or greater than 30 returns the chunk size to the default.
+Values less than ten (equivalent to 1 KB) are not recommended. The
+following example sets the chunk size to four KB (2<SUP>12</SUP>).
+Assuming a total cache size of four MB (4,096 KB), the resulting number of
+chunks is 1024.
+<PRE> <B>/usr/vice/etc/afsd -memcache -chunksize 12</B>
+</PRE>
+<P><LI><B>-blocks</B> and <B>-chunksize</B> together override the
+defaults for cache size and chunk size. The Cache Manager divides the
+first by the second to calculate the number of chunks and dcache
+entries. For example, the following example sets the cache size to six
+MB (6,144 KB) and chunksize to four KB (2<SUP>12</SUP>), resulting in 1,536
+chunks:
+<PRE> <B>/usr/vice/etc/afsd -memcache -blocks 6144 -chunksize 12</B>
+</PRE>
+</UL>
+<P>The following arguments or combinations explicitly set the number of chunks
+and dcache entries. It is best not to use them, because they set the
+cache size indirectly, forcing you to perform a hand calculation to determine
+the size of the cache. Instead, set the <B>-blocks</B> and
+<B>-chunksize</B> arguments alone or in combination; in those cases,
+the Cache Manager determines the number of chunks and dcache entries
+itself. Because the following combinations are not recommended, no
+examples are included.
+<UL>
+<P><LI>The <B>-dcache</B> argument alone explicitly sets the number of chunks
+and dcache entries. The Cache Manager multiples this value times the
+default chunk size of 8 KB to derive the total cache size (overriding the
+value in the <B>cacheinfo</B> file).
+<P><LI>The combination of <B>-dcache</B> and <B>-chunksize</B> sets the
+chunk number and size. The Cache Manager sets the specified values and
+multiplies them together to obtain total cache size (overriding the value in
+the <B>cacheinfo</B> file).
+</UL>
+<P>Do not use the following arguments for a memory cache:
+<UL>
+<P><LI><B>-files</B> alone. This argument controls the number of
+<B>V</B><VAR>n</VAR> files for a disk cache, but is ignored for a memory
+cache.
+<P><LI><B>-blocks</B> and <B>-dcache</B>. An error message
+results, because it is possible to provide values such that dividing the first
+(total size) by the second (number of chunks) results in a chunk size that is
+not a power of two.
+</UL>
+<HR><H2><A NAME="HDRWQ406" HREF="auagd002.htm#ToC_450">Maintaining Knowledge of Database Server Machines</A></H2>
+<A NAME="IDX7400"></A>
+<A NAME="IDX7401"></A>
+<A NAME="IDX7402"></A>
+<A NAME="IDX7403"></A>
+<A NAME="IDX7404"></A>
+<A NAME="IDX7405"></A>
+<A NAME="IDX7406"></A>
+<A NAME="IDX7407"></A>
+<A NAME="IDX7408"></A>
+<P>For the users of an AFS client machine to access a cell's AFS
+filespace and other services, the Cache Manager and other client-side agents
+must have an accurate list of the cell's database server machines.
+The affected functions include the following:
+<UL>
+<P><LI>Accessing files. The Cache Manager contacts the Volume Location
+(VL) Server to learn which file server machine houses the volume containing a
+requested file or directory. If the Cache Manager cannot contact a
+cell's VL Servers, it cannot fetch files.
+<P><LI>Authenticating. The <B>klog</B> program and AFS-modified login
+utilities contact the Authentication Server to obtain tokens, which the AFS
+server processes accept as proof that the user is authenticated.
+<P><LI>Creating protection groups. The <B>pts</B> command interpreter
+contacts the Protection Server when users create protection groups or request
+information from the Protection Database.
+<P><LI>Editing access control lists (ACLs). The <B>fs</B> command
+interpreter contacts the File Server that maintains the read/write volume
+containing a file or directory; the location information comes from the
+VL Server.
+</UL>
+<P>To enable a machine's users to access a cell, you must list the names
+and IP addresses of its database server machines in the
+<B>/usr/vice/etc/CellServDB</B> file on the machine's local
+disk. In addition to the machine's home cell, you can list any
+foreign cells that you want to enable users to access. (To enable
+access to a cell's filespace, you must also mount its
+<B>root.cell</B> volume in the local AFS filespace; the
+conventional location is just under the AFS root directory,
+<B>/afs</B>. For instructions, see the <I>IBM AFS Quick
+Beginnings</I>.)
+<P><H3><A NAME="Header_451" HREF="auagd002.htm#ToC_451">How Clients Use the List of Database Server Machines</A></H3>
+<P>As the <B>afsd</B> program runs and initializes the Cache Manager,
+it reads the contents of the <B>CellServDB</B> file into kernel
+memory. The Cache Manager does not consult the file again until the
+machine next reboots. In contrast, the command interpreters for the AFS
+command suites (such as <B>fs</B> and <B>pts</B>) read the
+<B>CellServDB</B> file each time they need to contact a database server
+process.
+<P>When a cell's list of database server machines changes, you must
+change both the <B>CellServDB</B> file and the list in kernel memory to
+preserve consistent client performance; some commands probably fail if
+the two lists of machines disagree. One possible method for updating
+both the <B>CellServDB</B> file and kernel memory is to edit the file and
+reboot the machine. To avoid needing to reboot, you can instead perform
+both of the following steps:
+<OL TYPE=1>
+<P><LI>Issue the <B>fs newcell</B> command to alter the list in kernel memory
+directly, making the changes available to the Cache Manager.
+<P><LI>Edit the <B>CellServDB</B> file to make the changes available to
+command interpreters. For a description of the file's format, see <A HREF="#HDRWQ407">The Format of the CellServDB file</A>.
+</OL>
+<P>The consequences of missing or incorrect information in the
+<B>CellServDB</B> file or kernel memory are as follows:
+<UL>
+<P><LI>If there is no entry for a cell, the machine's users cannot access
+the cell.
+<P><LI>If a cell's entry does not include a database server machine, then
+the Cache Manager and command interpreters never attempt to contact the
+machine. The omission does not prevent access to the cell--as long
+as the information about the other database server machines is correct and the
+server processes, machines, and network are functioning correctly--but it
+can put an undue burden on the machines that are listed. If all of the
+listed machines become inaccessible to clients, then the cell becomes
+inaccessible even if the omitted database server machine is functioning
+correctly.
+<P><LI>If a machine's name or address is incorrect, or the machine is not
+actually running the database server processes, then requests from clients
+time out. Users can experience lengthy delays because they have to wait
+the full timeout period before the Cache Manager or command interpreter
+contacts another database server machine.
+</UL>
+<P><H3><A NAME="HDRWQ407" HREF="auagd002.htm#ToC_452">The Format of the CellServDB file</A></H3>
+<A NAME="IDX7409"></A>
+<A NAME="IDX7410"></A>
+<P>When editing the <B>/usr/vice/etc/CellServDB</B> file, you must use the
+correct format for cell and machine entries. Each cell has a separate
+entry. The first line has the following format:
+<PRE> ><VAR>cell_name</VAR> #<VAR>organization</VAR>
+</PRE>
+<P>where <VAR>cell_name</VAR> is the cell's complete Internet domain name
+(for example, <B>abc.com</B>) and <VAR>organization</VAR> is an
+optional field that follows any number of spaces and the number sign
+(<TT>#</TT>) and can name the organization to which the cell corresponds
+(for example, the ABC Corporation). After the first line comes a
+separate line for each database server machine. Each line has the
+following format:
+<PRE> <VAR>IP_address</VAR> #<VAR>machine_name</VAR>
+</PRE>
+<P>where <VAR>IP_address</VAR> is the machine's IP address in dotted
+decimal format (for example, 192.12.105.3).
+Following any number of spaces and the number sign (<TT>#</TT>) is
+<VAR>machine_name</VAR>, the machine's fully-qualified hostname (for
+example, <B>db1.abc.com</B>). In this case, the
+number sign does not indicate a comment: <VAR>machine_name</VAR> is a
+required field.
+<P>The order in which the cells appear is not important, but it is convenient
+to put the client machine's home cell first. Do not include any
+blank lines in the file, not even after the last entry.
+<P>The following example shows entries for two cells, each of which has three
+database server machines:
+<PRE> >abc.com #ABC Corporation (home cell)
+ 192.12.105.3 #db1.abc.com
+ 192.12.105.4 #db2.abc.com
+ 192.12.105.55 #db3.abc.com
+ >stateu.edu #State University cell
+ 138.255.68.93 #serverA.stateu.edu
+ 138.255.68.72 #serverB.stateu.edu
+ 138.255.33.154 #serverC.stateu.edu
+</PRE>
+<P><H3><A NAME="HDRWQ408" HREF="auagd002.htm#ToC_453">Maintaining the Client CellServDB File</A></H3>
+<A NAME="IDX7411"></A>
+<A NAME="IDX7412"></A>
+<P>Because a correct entry in the <B>CellServDB</B> file is vital for
+consistent client performance, you must also update the file on each client
+machine whenever a cell's list of database server machines changes (for
+instance, when you follow the instructions in the <I>IBM AFS Quick
+Beginnings</I> to add or remove a database server machine). To
+facilitate the client updates, you can use the <B>package</B> program,
+which copies files from a central source in AFS to the local disk of client
+machines. It is conventional to invoke the <B>package</B> program
+in a client machine's AFS initialization file so that it runs as the
+machine reboots, but you can also issue the <B>package</B> command at any
+time. For instructions, see <A HREF="auagd016.htm#HDRWQ448">Running the package program</A>.
+<P>If you use the <B>package</B> program, the conventional location for
+your cell's central source <B>CellServDB</B> file is
+<B>/afs/</B><VAR>cell_name</VAR><B>/common/etc/CellServDB</B>, where
+<VAR>cell_name</VAR> is your cell name.
+<A NAME="IDX7413"></A>
+<P>Creating a symbolic or hard link from <B>/usr/vice/etc/CellServDB</B>
+to a central source file in AFS is not a viable option. The
+<B>afsd</B> program reads the file into kernel memory before the Cache
+Manager is completely initialized and able to access AFS.
+<P>Because every client machine has its own copy of the <B>CellServDB</B>
+file, you can in theory make the set of accessible cells differ on various
+machines. In most cases, however, it is best to maintain consistency
+between the files on all client machines in the cell: differences
+between machines are particularly confusing if users commonly use a variety of
+machines rather than just one.
+<P>The AFS Product Support group maintains a central <B>CellServDB</B>
+file that includes all cells that have agreed to make their database server
+machines access to other AFS cells. It is advisable to check this file
+periodically for updated information. See <A HREF="auagd007.htm#HDRWQ38">Making Your Cell Visible to Others</A>.
+<A NAME="IDX7414"></A>
+<P>An entry in the local <B>CellServDB</B> is one of the two requirements
+for accessing a cell. The other is that the cell's
+<B>root.cell</B> volume is mounted in the local filespace, by
+convention as a subdirectory of the <B>/afs</B> directory. For
+instructions, see <A HREF="auagd010.htm#HDRWQ213">To create a cellular mount point</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The <B>/usr/vice/etc/CellServDB</B> file on a client machine is not the
+same as the <B>/usr/afs/etc/CellServDB</B> file on the local disk of a
+file server machine. The server version lists only the database server
+machines in the server machine's home cell, because server processes
+never need to contact foreign cells. It is important to update both
+types of <B>CellServDB</B> file on all machines in the cell whenever there
+is a change to your cell's database server machines. For more
+information about maintaining the server version of the <B>CellServDB</B>
+file, see <A HREF="auagd008.htm#HDRWQ118">Maintaining the Server CellServDB File</A>.
+</TD></TR></TABLE>
+<A NAME="IDX7415"></A>
+<A NAME="IDX7416"></A>
+<A NAME="IDX7417"></A>
+<A NAME="IDX7418"></A>
+<A NAME="IDX7419"></A>
+<P><H3><A NAME="Header_454" HREF="auagd002.htm#ToC_454">To display the /usr/vice/etc/CellServDB file</A></H3>
+<OL TYPE=1>
+<P><LI>Use a text editor or the <B>cat</B> command to display the contents of
+the <B>/usr/vice/etc/CellServDB</B> file. By default, the mode bits
+on the file permit anyone to read it.
+<PRE> % <B>cat /usr/vice/etc/CellServDB</B>
+</PRE>
+</OL>
+<A NAME="IDX7420"></A>
+<A NAME="IDX7421"></A>
+<P><H3><A NAME="Header_455" HREF="auagd002.htm#ToC_455">To display the list of database server machines in kernel memory</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs listcells</B> command.
+<PRE> % <B>fs listcells [&]</B>
+</PRE>
+<P>where <B>listc</B> is the shortest acceptable abbreviation of
+<B>listcells</B>.
+<P>To have your shell prompt return immediately, include the ampersand
+(<B>&</B>), which makes the command run in the background. It
+can take a while to generate the complete output because the kernel stores
+database server machines' IP addresses only, and the <B>fs</B>
+command interpreter has the cell's name resolution service (such as the
+Domain Name Service or a local host table) translate them into
+hostnames. You can halt the command at any time by issuing an interrupt
+signal such as <B>Ctrl-c</B>.
+<P>The output includes a single line for each cell, in the following
+format:
+<PRE> Cell <VAR>cell_name</VAR> on hosts <VAR>list_of_hostnames</VAR>.
+</PRE>
+<P>The name service sometimes returns hostnames in uppercase letters, and if
+it cannot resolve a name at all, it returns its IP address. The
+following example illustrates all three possibilities:
+<PRE> % <B>fs listcells</B>
+ .
+ .
+ Cell abc.com on hosts db1.abc.com db2.abc.com db3.abc.com
+ Cell stateu.edu on hosts SERVERA.STATEU.EDU SERVERB.STATEU.EDU
+ SERVERC.STATEU.EDU
+ Cell ghi.org on hosts 191.255.64.111 191.255.64.112
+ .
+ .
+</PRE>
+</OL>
+<A NAME="IDX7422"></A>
+<A NAME="IDX7423"></A>
+<A NAME="IDX7424"></A>
+<A NAME="IDX7425"></A>
+<A NAME="IDX7426"></A>
+<A NAME="IDX7427"></A>
+<A NAME="IDX7428"></A>
+<A NAME="IDX7429"></A>
+<A NAME="IDX7430"></A>
+<A NAME="IDX7431"></A>
+<A NAME="IDX7432"></A>
+<P><H3><A NAME="Header_456" HREF="auagd002.htm#ToC_456">To change the list of a cell's database server machines in kernel memory</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>If you a use a central copy of the <B>CellServDB</B> file as a source
+for client machines, verify that its directory's ACL grants you the
+<B>l</B> (<B>lookup</B>), <B>r</B> (<B>read</B>), and
+<B>w</B> (<B>write</B>) permissions. The conventional directory
+is <B>/afs/</B><VAR>cell_name</VAR><B>/common/etc</B>. If
+necessary, issue the <B>fs listacl</B> command, which is fully described
+in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> # <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<A NAME="IDX7433"></A>
+<A NAME="IDX7434"></A>
+<P><LI><A NAME="LINEWCELL"></A>Issue the <B>fs newcell</B> command to add or change a
+cell's entry in kernel memory. Repeat the command for each
+cell.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You cannot use this command to remove a cell's entry completely from
+kernel memory. In the rare cases when you urgently need to prevent
+access to a specific cell, you must edit the <B>CellServDB</B> file and
+reboot the machine.
+</TD></TR></TABLE>
+<PRE> # <B>fs newcell</B> <<VAR>cell name</VAR>> <<VAR>primary servers</VAR>><SUP>+</SUP> \
+ [<B>-linkedcell</B> <<VAR>linked cell name</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>n
+</B><DD>Is the shortest acceptable abbreviation of <B>newcell</B>.
+<P><DT><B><VAR>cell name</VAR>
+</B><DD>Specifies the complete Internet domain name of the cell for which to
+record a new list of database server machines.
+<P><DT><B><VAR>primary servers</VAR>
+</B><DD>Specifies the fully-qualified hostname or IP address in dotted-decimal
+format for each database server machine in the cell. The list you
+provide completely replaces the existing list.
+<P><DT><B>-linkedcell
+</B><DD>Specifies the complete Internet domain name of the AFS cell to link to a
+DCE cell for the purposes of DFS fileset location. You can use this
+argument if the machine's AFS users access DFS via the AFS/DFS Migration
+Toolkit Protocol Translator. For instructions, see the <I>IBM AFS/DFS
+Migration Toolkit Administration Guide and Reference</I>.
+</DL>
+<P><LI>Add or edit the cell's entry in the local
+<B>/usr/vice/etc/CellServDB</B> file, using one of the following three
+methods. In each case, be sure to obey the formatting requirements
+described in <A HREF="#HDRWQ407">The Format of the CellServDB file</A>.
+<UL>
+<P><LI>If you maintain a central source version of the <B>CellServDB</B> file
+and use the <B>package</B> program, first use a text editor to alter the
+central copy of the file. Then issue the <B>package</B> command to
+transfer the contents of the file to the local machine. For complete
+instructions, see <A HREF="auagd016.htm#HDRWQ448">Running the package program</A>.
+<PRE> # <B>/etc/package -v -c</B> <<VAR>name of package file</VAR>>
+</PRE>
+<P><LI>If you maintain a central source <B>CellServDB</B> file but do not use
+the <B>package</B> program, first use a text editor to alter the central
+copy of the file. Then use a copying command such as the <B>cp</B>
+command to copy it to the local <B>/usr/vice/etc/CellServDB</B>
+file.
+<P><LI>If you do not use a central source <B>CellServDB</B> file, edit the
+local machine's <B>/usr/vice/etc/CellServDB</B> file directly.
+</UL>
+</OL>
+<HR><H2><A NAME="HDRWQ409" HREF="auagd002.htm#ToC_457">Determining if a Client Can Run Setuid Programs</A></H2>
+<A NAME="IDX7435"></A>
+<A NAME="IDX7436"></A>
+<A NAME="IDX7437"></A>
+<P>A <I>setuid program</I> is one whose binary file has the UNIX setuid
+mode bit turned on. While a setuid program runs, the user who
+initialized it assumes the local identity (UNIX UID) of the binary file's
+owner, and so is granted the permissions in the local file system that pertain
+to the owner. Most commonly, the issuer's assumed identity (often
+referred to as <I>effective UID</I>) is the local superuser
+<B>root</B>.
+<P>AFS does not recognize effective UID: if a setuid program accesses
+AFS files and directories, it uses the current AFS identity of the user who
+initialized the program, not of the program's owner. Nevertheless,
+it can be useful to store setuid programs in AFS for use on more than one
+client machine. AFS enables a client machine's administrator to
+determine whether the local Cache Manager allows setuid programs to run or
+not.
+<P>By default, the Cache Manager allows programs from its home cell to run
+with setuid permission, but denies setuid permission to programs from foreign
+cells. A program belongs to the same cell as the file server machine
+that houses the volume in which the file resides, as specified in the file
+server machine's <B>/usr/afs/etc/ThisCell</B> file. The Cache
+Manager determines its own home cell by reading the
+<B>/usr/vice/etc/ThisCell</B> file at initialization.
+<P>To change a cell's setuid status with respect to the local machine,
+become the local superuser <B>root</B> and issue the <B>fs setcell</B>
+command. To determine a cell's current setuid status, use the
+<B>fs getcellstatus</B> command.
+<P>When you issue the <B>fs setcell</B> command, you directly alter a
+cell's setuid status as recorded in kernel memory, so rebooting the
+machine is not necessary. However, nondefault settings do not persist
+across reboots of the machine unless you add the appropriate <B>fs
+setcell</B> command to the machine's AFS initialization file.
+<P>Only members of the <B>system:administrators</B> group can turn
+on the setuid mode bit on an AFS file or directory. When the setuid
+mode bit is turned on, the UNIX <B>ls -l</B> command displays the third
+user mode bit as an <B>s</B> instead of an <B>x</B>, but for an AFS
+file or directory, the <B>s</B> appears only if setuid permission is
+enabled for the cell in which the file resides.
+<A NAME="IDX7438"></A>
+<A NAME="IDX7439"></A>
+<P><H3><A NAME="Header_458" HREF="auagd002.htm#ToC_458">To determine a cell's setuid status</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs getcellstatus</B> command to check the setuid status
+of each desired cell.
+<PRE> % <B>fs getcellstatus</B> <<VAR>cell name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>getce</B>
+</B><DD>Is the shortest acceptable abbreviation of
+<B>getcellstatus</B>.
+<P><DT><B><VAR>cell name</VAR>
+</B><DD>Names each cell for which to report setuid status. Provide the
+complete Internet domain name or a shortened form that distinguishes it from
+the other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
+file.
+</DL>
+</OL>
+<P>The output reports the setuid status of each cell:
+<UL>
+<P><LI>the string <TT>no setuid allowed</TT> indicates that the Cache Manager
+does not allow programs from the cell to run with setuid permission
+<P><LI><TT>setuid allowed</TT> indicates that the Cache Manager allows programs
+from the cell to run with setuid permission
+</UL>
+<A NAME="IDX7440"></A>
+<A NAME="IDX7441"></A>
+<P><H3><A NAME="Header_459" HREF="auagd002.htm#ToC_459">To change a cell's setuid status</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs setcell</B> command to change the setuid status of the
+cell.
+<PRE> # <B>fs setcell</B> <<VAR>cell name</VAR>><SUP>+</SUP> [<B>-suid</B>] [<B>-nosuid</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>setce</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>setcell</B>.
+<P><DT><B><VAR>cell name</VAR>
+</B><DD>Names each cell for which to change setuid status as specified by the
+<B>-suid</B> or <B>-nosuid</B> flag. Provide each cell's
+complete Internet domain name or a shortened form that distinguishes it from
+the other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
+file.
+<P><DT><B><B>-suid</B>
+</B><DD>Enables programs from each specified cell to execute with setuid
+permission. Provide this flag or the <B>-nosuid</B> flag, or omit
+both to disable setuid permission for each cell.
+<P><DT><B><B>-nosuid</B>
+</B><DD>Prevents programs from each specified cell from executing with setuid
+permission. Provide this flag or the <B>-suid</B> flag, or omit
+both to disable setuid permission for each cell.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ410" HREF="auagd002.htm#ToC_460">Setting the File Server Probe Interval</A></H2>
+<A NAME="IDX7442"></A>
+<A NAME="IDX7443"></A>
+<A NAME="IDX7444"></A>
+<P>The Cache Manager periodically sends a probe to server machines to verify
+that they are still accessible. Specifically, it probes the database
+server machines in its cell and those file servers that house data it has
+cached.
+<P>If a server process does not respond to a probe, the client machine assumes
+that it is inaccessible. By default, the interval between probes is
+three minutes, so it can take up to three minutes for a client to recognize
+that a server process is once again accessible after it was
+inaccessible.
+<P>To adjust the probe interval, include the <B>-interval</B> argument to
+the <B>fs checkservers</B> command while logged in as the local superuser
+<B>root</B>. The new interval setting persists until you again
+issue the command or reboot the machine, at which time the setting returns to
+the default. To preserve a nondefault setting across reboots, include
+the appropriate <B>fs checkservers</B> command in the machine's AFS
+initialization file.
+<P><H3><A NAME="Header_461" HREF="auagd002.htm#ToC_461">To set a client's file server probe interval</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs checkservers</B> command with the <B>-interval</B>
+argument.
+<A NAME="IDX7445"></A>
+<A NAME="IDX7446"></A>
+<P>
+<PRE> # <B>fs checkservers -interval</B> <<VAR>seconds between probes</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>checks</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>checkservers</B>.
+<P><DT><B>-interval
+</B><DD>Specifies the number of seconds between probes. Provide an integer
+value greater than zero.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ411" HREF="auagd002.htm#ToC_462">Setting a Client Machine's Cell Membership</A></H2>
+<A NAME="IDX7447"></A>
+<A NAME="IDX7448"></A>
+<A NAME="IDX7449"></A>
+<A NAME="IDX7450"></A>
+<A NAME="IDX7451"></A>
+<A NAME="IDX7452"></A>
+<P>Each client machine belongs to a particular cell, as named in the
+<B>/usr/vice/etc/ThisCell</B> on its local disk. The machine's
+cell membership determines three defaults important to users of the
+machine:
+<UL>
+<P><LI>The cell for which users of the machine obtain tokens (authenticate) when
+they use the <B>login</B> program or issue the <B>klog</B>
+command. There are two effects:
+<UL>
+<P><LI>The <B>klog</B> program and AFS-modified login utilities contact an
+Authentication Server in the cell named in the <B>ThisCell</B>
+file.
+<P><LI>The <B>klog</B> program and AFS-modified login utilities combine the
+contents of the <B>ThisCell</B> file with the password that the user
+provides, generating an encryption key from the combination. The
+user's entry in the Authentication Database includes an encryption key
+also generated from the combination of password and cell name. If the
+cell name in the <B>ThisCell</B> file is incorrect, users cannot
+authenticate even if they provide the correct password.
+</UL>
+<P><LI>The cell the Cache Manager considers its local, or home, cell. The
+Cache Manager allows programs from its local cell to run with setuid
+permission, but not programs from foreign cells, as discussed further in <A HREF="#HDRWQ409">Determining if a Client Can Run Setuid Programs</A>.
+<P><LI>The default database server machines that are contacted by the AFS command
+interpreters running on this machine.
+</UL>
+<P><H3><A NAME="Header_463" HREF="auagd002.htm#ToC_463">To display a client machine's cell membership</A></H3>
+<OL TYPE=1>
+<P><LI>Use a text editor or the <B>cat</B> command to display the contents of
+the <B>/usr/vice/etc/ThisCell</B> file.
+<PRE> % <B>cat /usr/vice/etc/ThisCell</B>
+</PRE>
+</OL>
+<P><H3><A NAME="Header_464" HREF="auagd002.htm#ToC_464">To set a client machine's cell membership</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Using a text editor, replace the cell name in the
+<B>/usr/vice/etc/ThisCell</B> file.
+<P><LI><B>(Optional.)</B> Reboot the machine to enable the Cache
+Manager to use the new cell name immediately; the appropriate command
+depends on the machine's system type. The <B>klog</B> program,
+AFS-modified login utilities, and the AFS command interpreters use the new
+cell name the next time they are invoked; no reboot is necessary.
+<PRE> # <B>sync</B>
+
+ # <B>shutdown</B>
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ412" HREF="auagd002.htm#ToC_465">Forcing the Update of Cached Data</A></H2>
+<A NAME="IDX7453"></A>
+<A NAME="IDX7454"></A>
+<A NAME="IDX7455"></A>
+<A NAME="IDX7456"></A>
+<A NAME="IDX7457"></A>
+<A NAME="IDX7458"></A>
+<A NAME="IDX7459"></A>
+<A NAME="IDX7460"></A>
+<P>AFS's callback mechanism normally guarantees that the Cache Manager
+provides the most current version of a file or directory to the application
+programs running on its machine. However, you can force the Cache
+Manager to discard (flush) cached data so that the next time an application
+program requests it, the Cache Manager fetches the latest version available at
+the File Server.
+<P>You can control how many file system elements to flush at a time:
+<UL>
+<P><LI>To flush only specific files or directories, use the <B>fs flush</B>
+command. This command forces the Cache Manager to discard the data and
+status information it has cached from the specified files or
+directories. It does not discard information from an application
+program's buffer or information that has been altered locally (changes
+made in the cache but not yet saved permanently to the File Server).
+However, the next time an application requests the element's data or
+status information, the Cache Manager has to contact the File Server to get
+it.
+<P><LI>To flush everything cached from a certain volume, use the <B>fs
+flushvolume</B> command. This command works like the <B>fs
+flush</B> command, but differs in two ways:
+<UL>
+<P><LI>The Cache Manager discards data for all elements in the cache that come
+from the same volume as the specified files or directories.
+<P><LI>The Cache Manager discards only data, not status information. This
+difference has little practical effect, but can lead to different output from
+the <B>ls</B> command when the two different commands are used to flush
+the same element.
+</UL>
+</UL>
+<P>In addition to callbacks, the Cache Manager has a mechanism for tracking
+other kinds of possible changes, such as changes in a volume's
+location. If a volume moves and the Cache Manager has not accessed any
+data in it for a long time, the Cache Manager's volume location record
+can be wrong. To resynchronize it, use the <B>fs checkvolumes</B>
+command. When you issue the command, the Cache Manager creates a new
+table of mappings between volume names, ID numbers, and locations. This
+forces the Cache Manager to reference newly relocated and renamed volumes
+before it can provide data from them.
+<P>It is also possible for information about mount points to become corrupted
+in the cache. Symptoms of a corrupted mount point included garbled
+output from the <B>fs lsmount</B> command, and failed attempts to change
+directory to or list the contents of a mount point. Use the <B>fs
+flushmount</B> command to discard a corrupted mount point. The Cache
+Manager must refetch the mount point the next time it crosses it in a
+pathname. (The Cache Manager periodically refreshes cached mount
+points, but the only other way to discard them immediately is to reinitialize
+the Cache Manager by rebooting the machine.
+<A NAME="IDX7461"></A>
+<A NAME="IDX7462"></A>
+<P><H3><A NAME="Header_466" HREF="auagd002.htm#ToC_466">To flush certain files or directories</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs flush</B> command.
+<PRE> % <B>fs flush</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>flush</B>
+</B><DD>Must be typed in full.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names each file or directory structure to flush from the cache.
+Omit this argument to flush the current working directory. Flushing a
+directory structure does not flush any files or subdirectories cached from
+it.
+</DL>
+</OL>
+<A NAME="IDX7463"></A>
+<A NAME="IDX7464"></A>
+<P><H3><A NAME="Header_467" HREF="auagd002.htm#ToC_467">To flush all data from a volume</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs flushvolume</B> command.
+<PRE> % <B>fs flushvolume</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>flushv</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>flushvolume</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names a file or directory from each volume to flush from the cache.
+The Cache Manager flushes everything in the cache that it has fetched from the
+same volume. Omit this argument to flush all cached data fetched from
+the volume that contains the current working directory.
+</DL>
+</OL>
+<A NAME="IDX7465"></A>
+<A NAME="IDX7466"></A>
+<P><H3><A NAME="Header_468" HREF="auagd002.htm#ToC_468">To force the Cache Manager to notice other volume changes</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs checkvolumes</B> command.
+<PRE> % <B>fs checkvolumes</B>
+</PRE>
+<P>where <B>checkv</B> is the shortest acceptable abbreviation of
+<B>checkvolumes</B>.
+</OL>
+<P>The following command confirms that the command completed
+successfully:
+<PRE> All volumeID/name mappings checked.
+</PRE>
+<A NAME="IDX7467"></A>
+<A NAME="IDX7468"></A>
+<P><H3><A NAME="HDRWQ413" HREF="auagd002.htm#ToC_469">To flush one or more mount points</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs flushmount</B> command.
+<PRE> % <B>fs flush</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>flushm</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>flushmount</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names each mount point to flush from the cache. Omit this argument
+to flush the current working directory. Files or subdirectories cached
+from the associated volume are unaffected.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ414" HREF="auagd002.htm#ToC_470">Maintaining Server Preference Ranks</A></H2>
+<A NAME="IDX7469"></A>
+<A NAME="IDX7470"></A>
+<A NAME="IDX7471"></A>
+<A NAME="IDX7472"></A>
+<A NAME="IDX7473"></A>
+<A NAME="IDX7474"></A>
+<P>As mentioned in the introduction to this chapter, AFS uses client-side data
+caching and callbacks to reduce the amount of network traffic in your
+cell. The Cache Manager also tries to make its use of the network as
+efficient as possible by assigning <I>preference ranks</I> to server
+machines based on their network proximity to the local machine. The
+ranks bias the Cache Manager to fetch information from the server machines
+that are on its own subnetwork or network rather than on other networks, if
+possible. Reducing the network distance that data travels between
+client and server machine tends to reduce network traffic and speed the Cache
+Manager's delivery of data to applications.
+<P>The Cache Manager stores two separate sets of preference ranks in kernel
+memory. The first set of ranks applies to machines that run the Volume
+Location (VL) Server process, hereafter referred to as <I>VL Server
+machines</I>. The second set of ranks applies to machines that run
+the File Server process, hereafter referred to as <I>file server
+machines</I>. This section explains how the Cache Manager sets
+default ranks, how to use the <B>fs setserverprefs</B> command to change
+the defaults or set new ranks, and how to use the <B>fs getserverprefs</B>
+command to display the current set of ranks.
+<P><H3><A NAME="Header_471" HREF="auagd002.htm#ToC_471">How the Cache Manager Sets Default Ranks</A></H3>
+<P>As the <B>afsd</B> program initializes the Cache Manager, it
+assigns a preference rank of 10,000 to each of the VL Server machines listed
+in the local <B>/usr/vice/etc/CellServDB</B> file. It then
+randomizes the ranks by adding an integer randomly chosen from the range 0
+(zero) to 126. It avoids assigning the same rank to machines in one
+cell, but it is possible for machines from different cells to have the same
+rank. This does not present a problem in use, because the Cache Manager
+compares the ranks of only one cell's database server machines at a
+time. Although AFS supports the use of multihomed database server
+machines, the Cache Manager only uses the single address listed for each
+database server machine in the local <B>/usr/vice/etc/CellServDB</B>
+file. Only Ubik can take advantage of a multihomed database server
+machine's multiple interfaces.
+<P>The Cache Manager assigns preference ranks to a file server machine when it
+obtains the server's VLDB record from the VL Server, the first time that
+it accesses a volume that resides on the machine. If the machine is
+multihomed, the Cache Manager assigns a distinct rank to each of its
+interfaces (up to the number of interfaces that the VLDB can store for each
+machine, which is specified in the <I>IBM AFS Release Notes</I>).
+The Cache Manager compares the interface's IP address to the local
+machine's address and applies the following algorithm:
+<UL>
+<P><LI>If the local machine is a file server machine, the base rank for each of
+its interfaces is 5,000.
+<P><LI>If the file server machine interface is on the same subnetwork as the
+local machine, its base rank is 20,000.
+<P><LI>If the file server machine interface is on the same network as the local
+machine, or is at the distant end of a point-to-point link with the local
+machine, its base rank is 30,000.
+<P><LI>If the file server machine interface is on a different network than the
+local machine, or the Cache Manager cannot obtain network information about
+it, its base rank is 40,000.
+</UL>
+<P>If the client machine has only one interface, the Cache Manager compares it
+to the server interface's IP address and sets a rank according to the
+algorithm. If the client machine is multihomed, the Cache Manager
+compares each of the local interface addresses to the server interface, and
+assigns to the server interface the lowest rank that results from comparing it
+to all of the client interfaces.
+<P>After assigning a base rank to a file server machine interface, the Cache
+Manager adds to it a number randomly chosen from the range 0 (zero) to
+15. As an example, a file server machine interface in the same
+subnetwork as the local machine receives a base rank of 20,000, but the Cache
+Manager records the actual rank as an integer between 20,000 and
+20,015. This process reduces the number of interfaces that have exactly
+the same rank. As with VL Server machine ranks, it is possible for file
+server machine interfaces from foreign cells to have the same rank as
+interfaces in the local cell, but this does not present a problem. Only
+the relative ranks of the interfaces that house a specific volume are
+relevant, and AFS supports storage of a volume in only one cell at a
+time.
+<P><H3><A NAME="Header_472" HREF="auagd002.htm#ToC_472">How the Cache Manager Uses Preference Ranks</A></H3>
+<P>Each preference rank pairs an interface's IP address with an
+integer that can range from 1 to 65,534. A lower rank (lower number)
+indicates a stronger preference. Once set, a rank persists until the
+machine reboots, or until you use the <B>fs setserverprefs</B> command to
+change it.
+<P>The Cache Manager uses VL Server machine ranks when it needs to fetch
+volume location information from a cell. It compares the ranks for the
+cell's VL Server machines and attempts to contact the VL Server process
+on the machine with the best (lowest integer) rank. If it cannot reach
+that VL Server, it tries to contact the VL Server with the next best rank, and
+so on. If all of a cell's VL Server machines are inaccessible, the
+Cache Manager cannot fetch data from the cell.
+<P>Similarly, when the Cache Manager needs to fetch data from a volume, it
+compares the ranks for the interfaces of machines that house the volume, and
+attempts to contact the interface that has the best rank. If it cannot
+reach the <B>fileserver</B> process via that interface, it tries to
+contact the interface with the next best integer rank, and so on. If it
+cannot reach any of the interfaces for machines that house the volume, it
+cannot fetch data from the volume.
+<P><H3><A NAME="Header_473" HREF="auagd002.htm#ToC_473">Displaying and Setting Preference Ranks</A></H3>
+<P>To display the file server machine ranks that the Cache Manager is
+using, use the <B>fs getserverprefs</B> command. Include the
+<B>-vlservers</B> flag to display VL Server machine ranks instead.
+By default, the output appears on the standard output stream (stdout), but you
+can write it to a file instead by including the <B>-file</B>
+argument.
+<P>The Cache Manager stores IP addresses rather than hostnames in its kernel
+list of ranks, but by default the output identifies interfaces by hostname
+after calling a translation routine that refers to either the cell's name
+service (such as the Domain Name Server) or the local host table. If an
+IP address appears in this case, it is because the translation attempt
+failed. To bypass the translation step and display IP addresses rather
+than hostnames, include the <B>-numeric</B> flag. This can
+significantly speed up the output.
+<P>You can use the <B>fs setserverprefs</B> command to reset an existing
+preference rank, or to set the initial rank of a file server machine interface
+or VL Server machine for which the Cache Manager has no rank. The ranks
+you set persist until the machine reboots or until you issue the <B>fs
+setserverprefs</B> command again. To make a rank persist across a
+reboot, place the appropriate <B>fs setserverprefs</B> command in the
+machine's AFS initialization file.
+<P>As with default ranks, the Cache Manager adds a randomly chosen integer to
+each rank range that you assign. For file server machine interfaces,
+the randomizing number is from the range 0 (zero) to 15; for VL Server
+machines, it is from the range 0 (zero) to 126. For example, if you
+assign a rank of 15,000 to a file server machine interface, the Cache Manager
+stores an integer between 15,000 to 15,015.
+<P>To assign VL Server machine ranks, list them after the <B>-vlserver</B>
+argument to the <B>fs setserverprefs</B> command.
+<P>To assign file server machine ranks, use or more of the three possible
+methods:
+<OL TYPE=1>
+<P><LI>List them after the <B>-servers</B> argument on the command
+line.
+<P><LI>Record them in a file and name it with the <B>-file</B>
+argument. You can easily generate a file with the proper format by
+including the <B>-file</B> argument to the <B>fs getserverprefs</B>
+command.
+<P><LI>Provide them via the standard input stream, by including the
+<B>-stdin</B> flag. This enables you to feed in values directly
+from a command or script that generates preferences using an algorithm
+appropriate for your cell. It must generate them in the proper format,
+with one or more spaces between each pair and between the two parts of the
+pair. The AFS distribution does not include such a script, so you must
+write one if you want to use this method.
+</OL>
+<P>You can combine any of the <B>-servers</B>, <B>-file</B>, and
+<B>-stdin</B> options on the same command line if you wish. If more
+than one of them specifies a rank for the same interface, the one assigned
+with the <B>-servers</B> argument takes precedence. You can also
+provide the <B>-vlservers</B> argument on the same command line to set VL
+Server machine ranks at the same time as file server machine ranks.
+<P>The <B>fs</B> command interpreter does not verify hostnames or IP
+addresses, and so willingly stores ranks for hostnames and addresses that
+don't actually exist. The Cache Manager never uses such ranks
+unless the same VLDB record for a server machine records the same incorrect
+information.
+<A NAME="IDX7475"></A>
+<A NAME="IDX7476"></A>
+<P><H3><A NAME="Header_474" HREF="auagd002.htm#ToC_474">To display server preference ranks</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs getserverprefs</B> command to display the Cache
+Manager's preference ranks for file server machines or VL Server
+machines.
+<PRE> % <B>fs getserverprefs</B> [<B>-file</B> <<VAR>output to named file</VAR>>] [<B>-numeric</B>] [<B>-vlservers</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>gp
+</B><DD>Is an acceptable alias for <B>getserverprefs</B> (<B>gets</B> is
+the shortest acceptable abbreviation).
+<P><DT><B>-file
+</B><DD>Specifies the pathname of the file to which to write the list of
+ranks. Omit this argument to display the list on the standard output
+stream (stdout).
+<P><DT><B>-numeric
+</B><DD>Displays the IP address, rather than the hostname, of each ranked machine
+interface. Omit this flag to have the addresses translated into
+hostnames, which takes longer.
+<P><DT><B>-vlservers
+</B><DD>Displays ranks for VL Server machines rather than file server
+machines.
+</DL>
+<P>The following example displays file server machine ranks. The
+<B>-numeric</B> flag is not used, so the appearance of an IP address
+indicates that is not currently possible to translate it to a hostname.
+<P>
+<PRE> % <B>fs gp</B>
+ fs5.abc.com 20000
+ fs1.abc.com 30014
+ server1.stateu.edu 40011
+ fs3.abc.com 20001
+ fs4.abc.com 30001
+ 192.12.106.120 40002
+ 192.12.106.119 40001
+ . . . . . . .
+</PRE>
+</OL>
+<A NAME="IDX7477"></A>
+<A NAME="IDX7478"></A>
+<A NAME="IDX7479"></A>
+<P><H3><A NAME="Header_475" HREF="auagd002.htm#ToC_475">To set server preference ranks</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs setserverprefs</B> command to set the Cache
+Manager's preference ranks for one or more file server machines or VL
+Server machines.
+<PRE> # <B>fs setserverprefs</B> [<B>-servers</B> <<VAR>fileserver names and ranks</VAR>><SUP>+</SUP>] \
+ [<B>-vlservers</B> <<VAR>VL server names and ranks</VAR>><SUP>+</SUP>] \
+ [<B>-file</B> <<VAR>input from named file</VAR>>] [<B>-stdin</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sp
+</B><DD>Is an acceptable alias for <B>setserverprefs</B> (<B>sets</B> is
+the shortest acceptable abbreviation).
+<P><DT><B>-servers
+</B><DD>Specifies one or more pairs of file server machine interface and
+rank. Identify each interface by its fully-qualified hostname or IP
+address in dotted decimal format. Acceptable ranks are the integers
+from <B>1</B> to <B>65534</B>. Separate the parts of a pair,
+and the pairs from one another, with one or more spaces.
+<P><DT><B>-vlservers
+</B><DD>Specifies one or more pairs of VL Server machine and rank. Identify
+each machine by its fully-qualified hostname or IP address in dotted decimal
+format. Acceptable ranks are the integers from <B>1</B> to
+<B>65534</B>.
+<P><DT><B>-file
+</B><DD>Specifies the pathname of a file that contains one more pairs of file
+server machine interface and rank. Place each pair on its own line in
+the file. Use the same format for interfaces and ranks as with the
+<B>-servers</B> argument.
+<P><DT><B>-stdin
+</B><DD>Indicates that pairs of file server machine interface and rank are being
+provided via the standard input stream (stdin). The program or script
+that generates the pairs must format them in the same manner as for the
+<B>-servers</B> argument.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ415" HREF="auagd002.htm#ToC_476">Managing Multihomed Client Machines</A></H2>
+<A NAME="IDX7480"></A>
+<A NAME="IDX7481"></A>
+<A NAME="IDX7482"></A>
+<A NAME="IDX7483"></A>
+<A NAME="IDX7484"></A>
+<A NAME="IDX7485"></A>
+<P>The File Server can choose the interface to which to send a message when it
+initiates communication with the Cache Manager on a multihomed client machine
+(one with more than one network interface and IP address). If that
+interface is inaccessible, it automatically switches to an alternate.
+This improves AFS performance, because it means that the outage of an
+interface does not interrupt communication between File Server and Cache
+Manager.
+<P>The File Server can choose the client interface when it sends two types of
+messages:
+<UL>
+<P><LI>A message to break the callback that the Cache Manager holds on a cached
+file
+<P><LI>A <I>ping</I> message to check that the Cache Manager is still
+accessible and responding; the File Server sends such a message every few
+minutes
+</UL>
+<P>(The File Server does not choose which client interface to respond to when
+filling a Cache Manager's request for AFS data. In that case, it
+always responds to the client interface via which the Cache Manager sent the
+request.)
+<P>The Cache Manager compiles the list of eligible interfaces on its client
+machine automatically as it initializes, and records them in kernel
+memory. When the Cache Manager first establishes a connection with the
+File Server, it sends along the list of interface addresses. The File
+Server records the addresses, and uses the one at the top of the list when it
+needs to break a callback or send a ping to the Cache Manager. If that
+interface is inaccessible, the File Server simultaneously sends a message to
+all of the other interfaces in the list. Whichever interface replies
+first is the one to which the File Server sends future messages.
+<P>You can control which addresses the Cache Manager registers with File
+Servers by listing them in two files in the <B>/usr/vice/etc</B> directory
+on the client machine's local disk: <B>NetInfo</B> and
+<B>NetRestrict</B>. If the <B>NetInfo</B> file exists when the
+Cache Manager initializes, the Cache Manager uses its contents as the basis
+for the list of interfaces. Otherwise, the Cache Manager uses the list
+of interfaces configured with the operating system. It then removes
+from the list any addresses that appear in the
+<B>/usr/vice/etc/NetRestrict</B> file, if it exists. The Cache
+Manager records the resulting list in kernel memory.
+<P>You can also use the <B>fs setclientaddrs</B> command to change the
+list of addresses stored in the Cache Manager's kernel memory, without
+rebooting the client machine. The list of addresses you provide on the
+command line completely replaces the current list in kernel memory. The
+changes you make persist only until the client machine reboots,
+however. To preserve the revised list across reboots, list the
+interfaces in the <B>NetInfo</B> file (and if appropriate, the
+<B>NetRestrict</B> file) in the local <B>/usr/vice/etc</B>
+directory. (You can also place the appropriate <B>fs
+setclientaddrs</B> command in the machine's AFS initialization script,
+but that is less efficient: by the time the Cache Manager reads the
+command in the script, it has already compiled a list of interfaces.)
+<P>To display the list of addresses that the Cache Manager is currently
+registering with File Servers, use the <B>fs getclientaddrs</B>
+command.
+<P>Keep the following in mind when you change the <B>NetInfo</B> or
+<B>NetRestrict</B> file, or issue the <B>fs getclientaddrs</B> or
+<B>fs setclientaddrs</B> commands:
+<UL>
+<P><LI>When you issue the <B>fs setclientaddrs</B> command, the revised list
+of addresses does not propagate automatically to File Servers with which the
+Cache Manager has already established a connection. They continue to
+use the list that the Cache Manager registered with them when it first
+established a connection. To force previously contacted File Servers to
+use the revised list, you must either reboot each file server machine, or
+reboot the client machine after changing its <B>NetInfo</B> file,
+<B>NetRestrict</B> file, or both.
+<P><LI>The <B>fs</B> command interpreter verifies that each of the addresses
+you specify on the <B>fs setclientaddrs</B> command line is actually
+configured with the client machine's operating system. If it is
+not, the command fails with an error message that marks the address as a
+<TT>Nonexistent interface</TT>.
+<P><LI>As previously noted, the File Server does not use the registered list of
+addresses when it responds to the Cache Manager's request for data (as
+opposed to initiating communication itself). It always attempts to send
+its reply to the interface from which the Cache Manager sent the
+request. If the reply attempt fails, the File Server selects an
+alternate route for resending the reply according to its server machine's
+network routing configuration, not the list of addresses registered by the
+Cache Manager.
+<P><LI>The Cache Manager does not use the list of interfaces when choosing the
+interface via which to establish a connection to a File Server.
+<P><LI>The list of addresses that the <B>fs getclientaddrs</B> command
+displays is not necessarily the one that a specific File Server is using, if
+an administrator has issued the <B>fs setclientaddrs</B> command since the
+Cache Manager first contacted that File Server. It determines only
+which addresses the Cache Manager registers when connecting to File Servers in
+future.
+</UL>
+<A NAME="IDX7486"></A>
+<A NAME="IDX7487"></A>
+<A NAME="IDX7488"></A>
+<A NAME="IDX7489"></A>
+<P><H3><A NAME="Header_477" HREF="auagd002.htm#ToC_477">To create or edit the client NetInfo file</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Using a text editor, open the <B>/usr/vice/etc/NetInfo</B>
+file. Place one IP address in dotted decimal format (for example,
+<TT>192.12.107.33</TT>) on each line. On the
+first line, put the address that you want each File Server to use
+initially. The order of the remaining machines does not matter, because
+if an RPC to the first interface fails, the File Server simultaneously sends
+RPCs to all of the other interfaces in the list. Whichever interface
+replies first is the one to which the File Server then sends pings and RPCs to
+break callbacks.
+<P><LI>If you want the Cache Manager to start using the revised list immediately,
+either reboot the machine, or use the <B>fs setclientaddrs</B> command to
+create the same list of addresses in kernel memory directly.
+</OL>
+<A NAME="IDX7490"></A>
+<A NAME="IDX7491"></A>
+<A NAME="IDX7492"></A>
+<A NAME="IDX7493"></A>
+<P><H3><A NAME="Header_478" HREF="auagd002.htm#ToC_478">To create or edit the client NetRestrict file</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Using a text editor, open the <B>/usr/vice/etc/NetRestrict</B>
+file. Place one IP address in dotted decimal format on each
+line. The order of the addresses is not significant. Use the
+value <B>255</B> as a wildcard that represents all possible addresses in
+that field. For example, the entry
+<TT>192.12.105.255</TT> indicates that the Cache
+Manager does not register any of the addresses in the 192.12.105
+subnet.
+<P><LI>If you want the Cache Manager to start using the revised list immediately,
+either reboot the machine, or use the <B>fs setclientaddrs</B> command to
+set a list of addresses that does not included the prohibited ones.
+</OL>
+<A NAME="IDX7494"></A>
+<A NAME="IDX7495"></A>
+<P><H3><A NAME="Header_479" HREF="auagd002.htm#ToC_479">To display the list of addresses from kernel memory</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs getclientaddrs</B> command.
+<PRE> % <B>fs getclientaddrs</B>
+</PRE>
+<P>where <B>gc</B> is an acceptable alias for <B>getclientaddrs</B>
+(<B>getcl</B> is the shortest acceptable abbreviation).
+</OL>
+<P>The output lists each IP address on its own line, in dotted decimal
+format.
+<A NAME="IDX7496"></A>
+<A NAME="IDX7497"></A>
+<P><H3><A NAME="Header_480" HREF="auagd002.htm#ToC_480">To set the list of addresses in kernel memory</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs setclientaddrs</B> command to replace the list of
+addresses currently in kernel memory with a new list.
+<PRE> # <B>fs setclientaddrs</B> [<B>-address</B> <<VAR>client network interfaces</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sc
+</B><DD>Is an acceptable alias for <B>setclientaddrs</B> (<B>setcl</B> is
+the shortest acceptable abbreviation).
+<P><DT><B>-address
+</B><DD>Specifies one or more IP addresses in dotted decimal format (hostnames are
+not acceptable). Separate each address with one or more spaces.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ416" HREF="auagd002.htm#ToC_481">Controlling the Display of Warning and Informational Messages</A></H2>
+<A NAME="IDX7498"></A>
+<A NAME="IDX7499"></A>
+<P>By default, the Cache Manager generates two types of warning and
+informational messages:
+<UL>
+<P><LI>It sends <I>user messages</I>, which provide user-level status and
+warning information, to user screens.
+<P><LI>It sends <I>console messages</I>, which provide system-level status
+and warning information, to the client machine's designated
+console.
+</UL>
+<P>You can use the <B>fs messages</B> command to control whether the Cache
+Manager displays either type of message, both types, or neither. It is
+best not to disable messages completely, because they provide useful
+information.
+<P>If you want to monitor Cache Manager status and performance more actively,
+you can use the <B>afsmonitor</B> program to collect an extensive set of
+statistics (it also gathers File Server statistics). If you experience
+performance problems, you can use <B>fstrace</B> suite of commands to
+gather a low-level trace of Cache Manager operations, which the AFS Support
+and Development groups can analyze to help solve your problem. To learn
+about both utilities, see <A HREF="auagd013.htm#HDRWQ323">Monitoring and Auditing AFS Performance</A>.
+<A NAME="IDX7500"></A>
+<A NAME="IDX7501"></A>
+<P><H3><A NAME="Header_482" HREF="auagd002.htm#ToC_482">To control the display of warning and status messages</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs messages</B> command, using the <B>-show</B>
+argument to specify the type of messages to be displayed.
+<PRE> # <B>fs messages -show</B> <<B>user</B>|<B>console</B>|<B>all</B>|<B>none</B>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>me
+</B><DD>Is the shortest acceptable abbreviation of <B>messages</B>.
+<P><DT><B>-show
+</B><DD>Specifies the types of messages to display. Choose one of the
+following values:
+<DL>
+<P><DT><B>user
+</B><DD>Sends user messages to user screens.
+<P><DT><B>console
+</B><DD>Sends console messages to the console.
+<P><DT><B>all
+</B><DD>Sends user messages to user screens and console messages to the console
+(the default if the <B>-show</B> argument is omitted).
+<P><DT><B>none
+</B><DD>Disables messages completely.
+</DL>
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ417" HREF="auagd002.htm#ToC_483">Displaying and Setting the System Type Name</A></H2>
+<A NAME="IDX7502"></A>
+<A NAME="IDX7503"></A>
+<P>The Cache Manager stores the system type name of the local client machine
+in kernel memory. It reads in the default value from a hardcoded
+definition in the AFS client software.
+<P>The Cache Manager uses the system name as a substitute for the
+<VAR>@sys</VAR> variable in AFS pathnames. The variable is useful when
+creating a symbolic link from the local disk to an AFS directory that houses
+binaries for the client machine's system type. Because the
+<VAR>@sys</VAR> variable automatically steers the Cache Manager to the
+appropriate directory, you can create the same symbolic link on client
+machines of different system types. (You can even automate the creation
+operation by using the package utility described in <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.) The link also remains valid when you upgrade the
+machine to a new system type.
+<P>Configuration is simplest if you use the system type names that AFS
+assigns. For a list, see the <I>IBM AFS Release Notes</I>.
+<P>To display the system name stored in kernel memory, use the <B>sys</B>
+or <B>fs sysname</B> command. To change the name, add the latter
+command's <B>-newsys</B> argument.
+<A NAME="IDX7504"></A>
+<A NAME="IDX7505"></A>
+<A NAME="IDX7506"></A>
+<A NAME="IDX7507"></A>
+<P><H3><A NAME="Header_484" HREF="auagd002.htm#ToC_484">To display the system type name</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs sysname</B> or <B>sys</B> command.
+<PRE> % <B>fs sysname</B>
+
+ % <B>sys</B>
+</PRE>
+</OL>
+<P>The output of the <B>fs sysname</B> command has the following
+format:
+<PRE> Current sysname is '<VAR>system_name</VAR>'
+</PRE>
+<P>The <B>sys</B> command displays the <VAR>system_name</VAR> string with no
+other text.
+<P><H3><A NAME="Header_485" HREF="auagd002.htm#ToC_485">To change the system type name</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs sysname</B> command, using the <B>-newsys</B>
+argument to specify the new name.
+<PRE> # <B>fs sysname</B> <<VAR>new sysname</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sys
+</B><DD>Is the shortest acceptable abbreviation of <B>sysname</B>.
+<P><DT><B><VAR>new sysname</VAR>
+</B><DD>Specifies the new system type name.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ418" HREF="auagd002.htm#ToC_486">Enabling Asynchronous Writes</A></H2>
+<A NAME="IDX7508"></A>
+<A NAME="IDX7509"></A>
+<A NAME="IDX7510"></A>
+<P>By default, the Cache Manager writes all data to the File Server
+immediately and synchronously when an application program closes a
+file. That is, the <B>close</B> system call does not return until
+the Cache Manager has actually written all of the cached data from the file
+back to the File Server. You can enable the Cache Manager to write
+files asynchronously by specifying the number of kilobytes of a file that can
+remain to be written to the File Server when the Cache Manager returns control
+to the application.
+<P>Enabling asynchronous writes can be helpful to users who commonly work with
+very large files, because it usually means that the application appears to
+perform faster. However, it introduces some complications. It is
+best not to enable asynchronous writes unless the machine's users are
+sophisticated enough to understand the potential problems and how to avoid
+them. The complications include the following:
+<UL>
+<P><LI>In most cases, the Cache Manager returns control to applications earlier
+than it does by default, but it is not guaranteed to do so. Users
+cannot always expect faster performance.
+<P><LI>If an asynchronous write fails, there is no way to notify the application,
+because the <B>close</B> system call has already returned with a code
+indicating success.
+<P><LI>Asynchronous writing increases the possibility that the user fails to
+notice when a write operation makes a volume exceed its quota. As
+always, the portion of the file that exceeds the quota is lost, as indicated
+by a message like the following:
+<PRE> No space left on device
+</PRE>
+<P>To avoid losing data because of insufficient quota, before closing a file
+users must verify that the volume housing the file has enough free space to
+accommodate it.
+</UL>
+<P>When you enable asynchronous writes by issuing the <B>fs
+storebehind</B> command, you set the number of kilobytes of a file that can
+still remain to be written to the File Server when the Cache Manager returns
+control to the application program. You can apply the setting either to
+all files manipulated by applications running on the machine, or only to
+certain files:
+<UL>
+<P><LI>The setting that applies to all files is called the <I>default store
+asynchrony</I> for the machine, and persists until the machine
+reboots. If, for example, you set the default store asynchrony to 10
+KB, it means that when an application closes a file, the Cache Manager can
+return control to the application as soon as no more than 10 KB of a file that
+the application has closed remain to be written to the File Server.
+<P><LI>The setting for an individual file overrides the default store asynchrony
+and persists as long as there is an entry for the file in the internal table
+that the Cache Manager uses to track information about files. In
+general, such an entry persists at least until an application closes the file
+or exits completely, but the Cache Manager is free to recycle the entry if the
+file is inactive and it needs to free up slots in the table. To be sure
+the entry exists in the table, issue the <B>fs storebehind</B> command
+shortly before closing the file.
+</UL>
+<A NAME="IDX7511"></A>
+<A NAME="IDX7512"></A>
+<P><H3><A NAME="Header_487" HREF="auagd002.htm#ToC_487">To set the default store asynchrony</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs storebehind</B> command with the <B>-allfiles</B>
+argument.
+<PRE> # <B>fs storebehind -allfiles</B> <<VAR>new default (KB)</VAR>> [<B>-verbose</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>st
+</B><DD>Is the shortest acceptable abbreviation of <B>storebehind</B>.
+<P><DT><B>-allfiles
+</B><DD>Sets the number of kilobytes of data that can remain to be written to the
+File Server when the Cache Manager returns control to the application that
+closed a file.
+<P><DT><B>-verbose
+</B><DD>Produces a message that confirms the new setting.
+</DL>
+</OL>
+<A NAME="IDX7513"></A>
+<A NAME="IDX7514"></A>
+<P><H3><A NAME="Header_488" HREF="auagd002.htm#ToC_488">To set the store asynchrony for one or more files</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>w</B> (<B>write</B>) permission on the
+access control list (ACL) of each file for which you are setting the store
+asynchrony, by issuing the <B>fs listacl</B> command, which is described
+fully in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> <VAR>dir/file path</VAR>
+</PRE>
+<P>Alternatively, become the local superuser <B>root</B> on the client
+machine, if you are not already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs storebehind</B> command with the <B>-kbytes</B>
+and <B>-files</B> arguments.
+<PRE> # <B>fs storebehind -kbytes</B> <<VAR>asynchrony for specified names</VAR>> \
+ <B>-files</B> <<VAR>specific pathnames</VAR>><SUP>+</SUP> \
+ [<B>-verbose</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>st
+</B><DD>Is the shortest acceptable abbreviation of <B>storebehind</B>.
+<P><DT><B>-kbytes
+</B><DD>Sets the number of kilobytes of data that can remain to be written to the
+File Server when the Cache Manager returns control to the application that
+closed a file named by the <B>-files</B> argument.
+<P><DT><B>-files
+</B><DD>Specifies each file for which to set a store asynchrony that overrides the
+default. Partial pathnames are interpreted relative to the current
+working directory.
+<P><DT><B>-verbose
+</B><DD>Produces a message that confirms that new setting.
+</DL>
+</OL>
+<A NAME="IDX7515"></A>
+<A NAME="IDX7516"></A>
+<P><H3><A NAME="Header_489" HREF="auagd002.htm#ToC_489">To display the default store asynchrony</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs storebehind</B> command with no arguments, or with the
+<B>-verbose</B> flag only.
+<PRE> % <B>fs storebehind </B> [<B>-verbose</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>st
+</B><DD>Is the shortest acceptable abbreviation of <B>storebehind</B>.
+<P><DT><B>-verbose
+</B><DD>Produces output that reports the default store asynchrony.
+</DL>
+</OL>
+<A NAME="IDX7517"></A>
+<A NAME="IDX7518"></A>
+<P><H3><A NAME="Header_490" HREF="auagd002.htm#ToC_490">To display the store asynchrony for one or more files</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs storebehind</B> command with the <B>-files</B>
+argument only.
+<PRE> % <B>fs storebehind</B> <B>-files</B> <<VAR>specific pathnames</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>st
+</B><DD>Is the shortest acceptable abbreviation of <B>storebehind</B>.
+<P><DT><B>-files
+</B><DD>Specifies each file for which to display the store asynchrony.
+Partial pathnames are interpreted relative to the current working
+directory.
+</DL>
+</OL>
+<P>The output lists each file separately. If a value has previously
+been set for the specified files, the output reports the following:
+<PRE> Will store up to <VAR>y</VAR> kbytes of <VAR>file</VAR> asynchronously.
+ Default store asynchrony is <VAR>x</VAR> kbytes.
+</PRE>
+<P>If the default store asynchrony applies to a file (because you have not set
+a <B>-kbytes</B> value for it), the output reports the following:
+<PRE> Will store <VAR>file</VAR> according to default.
+ Default store asynchrony is <VAR>x</VAR> kbytes.
+</PRE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd014.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd016.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd015.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd017.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ419" HREF="auagd002.htm#ToC_491">Configuring Client Machines with the package Program</A></H1>
+<P>The <B>package</B> program automates many aspects of the
+client configuration process. With the <B>package</B> program, you
+can easily configure the local disk of numerous clients by defining global
+configuration files.
+<A NAME="IDX7519"></A>
+<A NAME="IDX7520"></A>
+<A NAME="IDX7521"></A>
+<A NAME="IDX7522"></A>
+<HR><H2><A NAME="HDRWQ420" HREF="auagd002.htm#ToC_492">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands or instructions in a prototype file:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Configure a client machine's local disk
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>package</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Define directory
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>D</B> [<VAR>update_code</VAR>] <VAR>directory</VAR> <VAR>owner</VAR>
+<VAR>group</VAR> <VAR>mode_bits</VAR>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Define file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>F</B> [<VAR>update_code</VAR>] <VAR>file</VAR> <VAR>source_file</VAR>
+[<VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>]
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Define symbolic link
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>L</B> [<VAR>update_code</VAR>] <VAR>link</VAR> <VAR>actual_file</VAR>
+[<VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>]
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Define block special device
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>B</B> <VAR>device_name</VAR> <VAR>major_device_number</VAR>
+<VAR>minor_device_number</VAR> <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Define character special device
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>C</B> <VAR>device_name</VAR> <VAR>major_device_number</VAR>
+<VAR>minor_device_number</VAR> <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="37%">Define socket
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="63%"><B>S</B> <VAR>socket_name</VAR> [<VAR>owner</VAR> <VAR>group</VAR>
+<VAR>mode_bits</VAR>]
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ422" HREF="auagd002.htm#ToC_493">Using the package Program</A></H2>
+<A NAME="IDX7523"></A>
+<A NAME="IDX7524"></A>
+<P>The <B>package</B> program uses system-independent <I>prototype
+files</I> to define a standard disk configuration; a prototype file
+indicates which files reside on the local client disk, which files are links
+into AFS, etc. The prototype files are then compiled into
+<I>configuration files</I> for each different system type.
+<P>Not all client machines have the same configuration. If desired, you
+can create different prototype files for different client functions (print
+server, regular client, etc.).
+<P>The <B>package</B> program compares the contents of a local client disk
+with the configuration file. If there are any differences, the
+<B>package</B> program makes the necessary updates to the local disk by
+copying the files from AFS onto the disk. The <B>package</B>
+program can also be configured to delete files that are not part of the system
+configuration or automatically reboot the client when certain files (such as
+the <B>dkload</B> file) have been updated.
+<P>The <B>package</B> program does require that you take some time to
+prepare the prototype files, but it provides the following benefits:
+<UL>
+<P><LI>You no longer need to configure each machine individually; the
+prototype configuration file applies to all machines.
+<P><LI>You can change the configuration of machines simply by changing the
+prototype file and rebooting the clients.
+<P><LI>Disk organization is uniform across a set of machines.
+<P><LI>The configuration files serve as a record of files on the disk and
+symbolic links into AFS.
+</UL>
+<P><H3><A NAME="Header_494" HREF="auagd002.htm#ToC_494">Using Package on File Server Machines</A></H3>
+<P>While the <B>package</B> program was designed for use on client
+machines, it can also be used to configure a file server machine's
+disk. However, if any of the files referred to in a configuration file
+reside in volumes on the file server, the <B>package</B> program cannot
+access the volumes during reboot (and until the File Server process and Volume
+Server process start up again).
+<P>Since the <B>package</B> program aborts when it cannot access a file,
+you need to eliminate references to files in AFS that reside in volumes on the
+file server machine. Because of these constraints, the remainder of
+this chapter assumes the <B>package</B> program is being used for client
+configurations.
+<HR><H2><A NAME="HDRWQ423" HREF="auagd002.htm#ToC_495">Package Overview</A></H2>
+<P>There are three main steps to follow before running the
+<B>package</B> program:
+<OL TYPE=1>
+<P><LI>Preparing function-specific <I>prototype files</I> (and any included
+<I>library files</I>).
+<P><LI>Modifying the <B>package</B> <B>Makefile</B> and compiling
+prototype files into system-specific <I>configuration files</I>.
+<P><LI>Modifying client machines to run the appropriate <B>package</B>
+configuration file automatically.
+</OL>
+<P>The following sections summarize these steps.
+<P><H3><A NAME="Header_496" HREF="auagd002.htm#ToC_496">Preparing Prototype Files</A></H3>
+<A NAME="IDX7525"></A>
+<A NAME="IDX7526"></A>
+<P>Begin by listing the different functions or roles client machines perform
+and the local disk configurations that support those functions. Example
+roles include a standard client that provides AFS access, a print server that
+drives a printer, and a backup machine on which you issue commands from the
+<B>backup</B> suite. Create a different <I>prototype file</I>
+for each role.
+<P>A prototype file defines the disk configuration that supports a specific
+role. Usually, prototype files are function-specific, but system
+independent; system-specific values can be defined using variables and
+library files. Then, when you modify a variable or library file, the
+change gets propagated to all appropriate clients when the <B>package</B>
+program is invoked.
+<P>Methods for building flexible prototype files that are easy to maintain are
+presented in <A HREF="#HDRWQ427">Example Prototype and Library Files</A>.
+<P><H3><A NAME="HDRWQ424" HREF="auagd002.htm#ToC_497">Compiling Prototype Files</A></H3>
+<A NAME="IDX7527"></A>
+<A NAME="IDX7528"></A>
+<A NAME="IDX7529"></A>
+<P>Prototype files are usually system-independent, but can include
+<TT>ifdef</TT> statements to satisfy the needs of different system
+types. The prototype files are compiled to generate operating-system
+specific versions. During compilation, the <B>package</B> program
+selects the definitions suitable for each system type and replaces any
+variables with actual values. These compiled, machine-specific files
+are called <I>configuration files</I>.
+<P>Prototype files are compiled using a standard-type <B>Makefile</B>
+file, as described in <A HREF="#HDRWQ438">The Package Makefile File</A>.
+<P><H3><A NAME="Header_498" HREF="auagd002.htm#ToC_498">Preparing Clients</A></H3>
+<P>Once system-specific configuration files exist, the <B>package</B>
+program is ready to run on the clients. You must first make the
+<B>package</B> binary available and specify the correct configuration
+file.
+<P>Modify the clients as described below:
+<OL TYPE=1>
+<P><LI>Create a <B>.package</B> file in the root ( <B>/</B> )
+directory of each client's local disk that defines the default
+configuration file.
+<P><LI>Make the <B>package</B> binary (<B>/etc/package</B>) available on
+the local disk.
+<P><LI>Modify the machine's initialization file (<B>/etc/rc</B> or
+equivalent) to include a call to the <B>package</B> program.
+</OL>
+<P>These steps are discussed more completely in <A HREF="#HDRWQ447">Modifying Client Machines</A>.
+<HR><H2><A NAME="HDRWQ425" HREF="auagd002.htm#ToC_499">The package Directory Structure</A></H2>
+<A NAME="IDX7530"></A>
+<P>This section assumes that the <B>package</B>-related files have been
+installed in three subdirectories of the
+<B>/afs/</B><VAR>cellname</VAR>/<B>wsadmin</B> directory:
+<B>src</B>, <B>lib</B> and <B>etc</B>, as recommended in the
+<I>IBM AFS Quick Beginnings</I>.
+<P>These directories contain several sample prototype, library, and
+configuration files, which can help to clarify how the <B>package</B>
+program works. However, they are not necessarily suitable for use in
+your cell; you must modify them for your needs.
+<P><H3><A NAME="HDRWQ426" HREF="auagd002.htm#ToC_500">The src directory</A></H3>
+<P>The <B>src</B> directory contains some sample prototype
+files (used to build the configuration files), the <B>Makefile</B> file
+used to build them, and the resulting compiled configuration files.
+<P>Prototype files have names of the form
+<VAR>function</VAR>.<B>proto</B>. For example, a
+<B>minimal.proto</B> file defines the minimum set of library files
+need to run AFS and a<B>staff.dkload.proto</B> file defines
+a client configuration that uses the a dynamic kernel loading program.
+Prototype files can also contain definitions for system administrative files,
+such as a <B>hosts.equiv</B> file.
+<P>The <B>Makefile</B> file is used to compile the system-independent
+prototype files into system-specific configuration files. To learn how
+to modify this file for use in your cell, see <A HREF="#HDRWQ438">The Package Makefile File</A>.
+<P>Configuration files are the compiled version of the prototype files and are
+named <VAR>function</VAR><B>.</B><VAR>sysname</VAR>.
+Configuration files also appear in the <B>etc</B> subdirectory, which the
+<B>package</B> program accesses when configuring disks.
+<P><H3><A NAME="Header_501" HREF="auagd002.htm#ToC_501">The lib directory</A></H3>
+<P>The <B>lib</B> directory contains many of the example library files
+referred to in prototype files. For example, the
+<B>base.generic</B> file is a system-independent file which
+includes a definition of the cell name, system options, and variables;
+these are used to set the <VAR>owner</VAR>, <VAR>group</VAR>, and
+<VAR>mode_bits</VAR> fields in the file and the symbolic link
+definitions.
+<P><H3><A NAME="Header_502" HREF="auagd002.htm#ToC_502">The etc directory</A></H3>
+<P>The <B>etc</B> directory contains the system-specific configuration
+files built from the prototype files in the <B>src</B>
+subdirectory. The <B>package</B> program uses the configuration
+files in the <B>etc</B> directory to configure disks.
+<P>Some of the example files include <B>minimal</B> and <B>staff</B>
+prototype files compiled for different system types.
+<HR><H2><A NAME="HDRWQ427" HREF="auagd002.htm#ToC_503">Example Prototype and Library Files</A></H2>
+<A NAME="IDX7531"></A>
+<A NAME="IDX7532"></A>
+<P>A prototype file is a template that defines the configuration of a
+client's local disk. Prototype files are usually function-specific
+(for example, a backup machine, print server, etc.) but
+system-independent. Prototype files support the use of <TT>ifdef</TT>
+statements and variables, so you can include system-specific
+definitions. The actual system-specific configuration file is generated
+when the prototype file is compiled.
+<P>The components defined in a prototype file can include the directories,
+files, symbolic links, block special devices, character special devices and
+sockets that need to reside on a client's local disk in order for it to
+perform a specific role, such as a print server or backup machine.
+Thus, we recommend that you construct a unique prototype file for each
+different client function.
+<P>To make the <B>package</B> program more effective and easy to maintain,
+create prototype files that are modular and generic, instead of specific, by
+using library files and variables:
+<A NAME="IDX7533"></A>
+<A NAME="IDX7534"></A>
+<UL>
+<P><LI>By creating general-purpose library files, you can include the same
+library file in many prototype files. Thus, you can make global
+configuration changes by modifying a single library file; you do not need
+to modify each prototype file.
+<P><LI>Variables enable you to change definitions simply by changing the
+variable's value.
+</UL>
+<P><H3><A NAME="HDRWQ428" HREF="auagd002.htm#ToC_504">An Example Prototype File</A></H3>
+<A NAME="IDX7535"></A>
+<P>The following is part of an example prototype file that contains the
+minimum definitions necessary to run AFS. A similar file called
+<B>minimal.proto</B> can reside in your <B>src</B>
+subdirectory. As recommended, this prototype file references library
+files and does not include actual definitions.
+<PRE> .
+ .
+ # Package prototype for a minimal configuration.
+ # Base components
+ %include ${wsadmin}/lib/base.generic
+ # Machine-specific components
+ %ifdef rs_aix42
+ %include ${wsadmin}/lib/rs_aix42.readonly
+ %include ${wsadmin}/lib/rs_aix42.AFS
+ %endif rs_aix42
+ %ifdef alpha_dux40
+ %include ${wsadmin}/lib/alpha_dux40.readonly
+ %include ${wsadmin}/lib/alpha_dux40.AFS
+ %endif alpha_dux40
+ %ifdef sun4x_56
+ %include ${wsadmin}/lib/sun4x_56.readonly
+ %include ${wsadmin}/lib/sun4x_56.AFS
+ %endif sun4x_56
+ .
+ .
+</PRE>
+<P>In the previous example, the first uncommented line includes the
+<B>/lib/base.generic</B> library file. This library file can
+contain definitions appropriate for many prototype files; the
+<B>base.generic</B> library file can also be included in other
+prototype files, like a <B>staff.proto</B> or
+<B>backup.proto</B> file. An example library file appears in
+the following section.
+<P>Note that system-specific definitions are permitted through the use of
+<TT>ifdef</TT> statements and variables (for example, <TT>${wsadmin}</TT>
+is used to specify pathnames). Thus, the same prototype file can be
+used to configure a machine running AIX 4.2 or Solaris 2.6, even
+though they require different files, directories, symbolic links and
+devices.
+<P>In the next uncommented lines of this example, the administrator has
+constructed different library files for different system types. Each of
+these is compiled into unique configuration files. For instance, the
+following lines in this prototype file tell the <B>package</B> program to
+use the library files <B>lib/rs_aix42.readonly</B> and
+<B>lib/rs_aix42.AFS</B> for the configuration file when the value
+<TT>rs_aix42</TT> has been declared. (The system-type definition is
+declared in the <B>Makefile</B>; see <A HREF="#HDRWQ438">The Package Makefile File</A>.)
+<PRE> %ifdef rs_aix42
+ %include ${wsadmin}/lib/rs_aix42.readonly
+ %include ${wsadmin}/lib/rs_aix42.AFS
+ %endif rs_aix42
+</PRE>
+<P>Similarly, the following lines tell the <B>package</B> program to use
+the library files <B>lib/sun4x_56.readonly</B> and
+<B>lib/sun4x_56.AFS</B> when the value <TT>sun4x_56</TT> has been
+declared.
+<PRE> %ifdef sun4x_56
+ %include ${wsadmin}/lib/sun4x_56.readonly
+ %include ${wsadmin}/lib/sun4x_56.AFS
+ %endif sun4x_56
+</PRE>
+<P><H3><A NAME="Header_505" HREF="auagd002.htm#ToC_505">Example Library File</A></H3>
+<A NAME="IDX7536"></A>
+<A NAME="IDX7537"></A>
+<A NAME="IDX7538"></A>
+<A NAME="IDX7539"></A>
+<P>The following is part of an example library file for basic configuration
+definitions. A similar file, called <B>base.generic</B>, can
+reside in your <B>lib</B> subdirectory. Note that configurations
+are defined using standard <TT>ifdef</TT> statements.
+<PRE> .
+ .
+ #
+ # Base package definitions.
+ #
+ %ifndef cell
+ %define cell abc.com
+ %endif cell
+ %ifndef sys
+ %include /etc/package.sys
+ %endif sys
+ %define ${name} ${name}
+ %define ${cpu} ${cpu}
+ %define ${sys} ${sys}
+ %define ${dept} ${dept}
+ %define ${hostname} ${hostname}
+ %ifdef rs_aix42
+ % define AIX
+ % define rootlinks
+ %ifndef noafsd
+ % define afsd
+ %endif noafsd
+ %endif rs_aix42
+ .
+ .
+ #
+ # Some definitions to handle common combinations of owner, group,
+ # and protection fields.
+ #
+ %define rzmode root wheel 600
+ %define usermode root wheel 666
+ %define systemmode root wheel 644
+ %define diskmode root wheel 644
+ %define ptymode root wheel 666
+ %define ttymode root wheel 666
+ .
+ .
+ %define aix_rootbin root bin
+ %define aix_rootprintq root printq
+ %define aix_rootstaff root staff
+ %define aix_rootsys root system
+ %define aix_binbin bin bin
+ %define aix_binmail bin mail
+ %define aix_binsys bin system
+ %define aix_addsys adduser system
+ %define aix_romode 444
+ %define aix_loginmode 544
+ %define aix_usermode 666
+ %define aix_systemmode 644
+ %define aix_textmode 644
+ %define aix_rwmode1 660
+ %define aix_allrugw 664
+</PRE>
+<P>The following example library file uses <B>package</B>-specific syntax
+to define files, directories, sockets, etc. Each line, called a
+<I>configuration file instruction</I>, defines a specific component of
+disk configuration. The proper syntax for these instructions is briefly
+described in <A HREF="#HDRWQ429">Package Configuration File Instruction Syntax</A>; see the reference page for the <B>package</B>
+configuration file in the <I>IBM AFS Administration Reference</I> for
+detailed descriptions.
+<P>In this example, the library file contains instructions specific to the
+configuration of an <B>rs_aix42</B> machine. You can have similar
+library files in your <B>lib</B> subdirectory.
+<PRE> .
+ .
+ #
+ # Generic configuration for an AFS rs_aix42 machine.
+ #
+ D / ${treemode}
+ D /afs
+ FAQ /unix ${machine}/unix.std ${binmode}
+ LA /unix.std /unix
+ D /bin ${treemode}
+ F /bin/as ${machine} ${binmode}
+ F /bin/ld ${machine} ${binmode}
+ F /bin/nm ${machine} ${binmode}
+ FO /bin/login ${afstest} ${suidmode}
+ .
+ .
+ FAQ /usr/vice/etc/ThisCell ${common}/etc/ThisCell ${textmode}
+ FQ /usr/vice/etc/afsd ${afstest}/root.client ${binmode}
+ FA /usr/vice/etc/bos ${afstest}/bin/bos ${binmode}
+ FA /usr/vice/etc/fs ${afstest}/bin/fs ${binmode}
+</PRE>
+<HR><H2><A NAME="HDRWQ429" HREF="auagd002.htm#ToC_506">Package Configuration File Instruction Syntax</A></H2>
+<A NAME="IDX7540"></A>
+<A NAME="IDX7541"></A>
+<P>Within a library file, configuration file instructions are used to define
+the specific disk configuration. Each instruction can be used to define
+a file, directory, socket, or device on the client machine. The syntax
+for each valid instruction type is described briefly here; detailed
+descriptions of the fields appear in the <I>AFS Command Reference
+Manual</I>.
+<UL>
+<P><LI><B>D</B> defines a directory
+<P><LI><B>F</B> defines a file
+<P><LI><B>L</B> defines a link
+<P><LI><B>B</B> defines a block special device
+<P><LI><B>C</B> defines a character special device
+<P><LI><B>S</B> defines a socket
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Each configuration instruction must appear on a single, unbroken line.
+Instructions sometimes appear here on multiple lines only for
+legibility.
+<P>The configuration file must be completely correct. If there are any
+syntax errors or incorrect values, the <B>package</B> command interpreter
+exits without executing any instruction.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ430" HREF="auagd002.htm#ToC_507">Local Files versus Symbolic Links</A></H3>
+<P>You can take advantage of the AFS by keeping the number of
+files on the local client disk to a minimum; instead, create symbolic
+links that point into AFS. This can improve machine performance by
+allowing more space for caching and swapping.
+<P>Some files, however, must reside on the local disk, as described
+below. Create these files in the prototype or library files using the
+<B>F</B> (file) instruction, not the <B>L</B> (symbolic link)
+instruction.
+<P>The following types of files must reside on the local disk of all AFS
+clients:
+<UL>
+<P><LI>Boot sequence files executed before the <B>afsd</B> program
+runs.
+<P>Until <B>afsd</B> runs and initializes the Cache Manager, AFS is
+inaccessible from the client. Any files that are executed before the
+<B>afsd</B> program runs must reside on the local client disk.
+<P>For example, on a machine that uses a disk cache, the
+<B>/usr/vice/cache</B> directory must exist when you bring up the Cache
+Manager, so that there is a location to create cache files. The binary
+files <B>/etc/mount</B> and <B>/etc/umount</B> must be available on
+the local disk as the machine boots in order to mount the
+<B>/usr/vice/cache</B> directory.
+<P>In addition, certain UNIX files, such as initialization files
+(<B>/etc/rc</B> or equivalent) and file system mapping files
+(<B>/etc/fstab</B> or equivalent), must reside on the local disk.
+<P><LI>Diagnostic and recovery files
+<P>Certain commands can be used to diagnose and recover from problems caused
+by a file server outage. It is best to keep copies of the binaries for
+these commands on the local disk. For example, store the <B>bos</B>
+and <B>fs</B> binaries in the <B>/usr/vice/etc</B> directory on the
+local disk, as well as in the <B>/usr/afsws</B> directory (which in the
+conventional configuration is a symbolic link into AFS). Then, set PATH
+variables so that the <B>/usr/afsws</B> directory appears before the
+<B>/usr/vice/etc</B> directory. Thus, even if users cannot access
+AFS (for example, due to a file server outage) they can still access copies of
+the <B>bos</B> and <B>fs</B> binaries in the <B>/usr/vice/etc</B>
+directory on the local disk.
+<P><LI>Files in the <B>/usr/vice</B> directory
+<P>The contents of the <B>/usr/vice</B> directory, including the cache
+files in the <B>cache</B> subdirectory and the configuration files in the
+<B>etc</B> subdirectory, must reside on the local disk. For a
+description of the files in the directory, see <A HREF="auagd015.htm#HDRWQ391">Configuration and Cache-Related Files on the Local Disk</A>.
+</UL>
+<A NAME="IDX7542"></A>
+<A NAME="IDX7543"></A>
+<A NAME="IDX7544"></A>
+<A NAME="IDX7545"></A>
+<P><H3><A NAME="HDRWQ431" HREF="auagd002.htm#ToC_508">Defining a Directory</A></H3>
+<P>The <B>D</B> instruction defines a directory to be
+created on the local disk. If a symbolic link, file, or other element
+on the local disk has the same name, it is replaced with a directory.
+If the directory already exists, its owner, group, and mode bits are changed
+if necessary to conform with the instruction.
+<P>Use the following instruction to define a directory:
+<PRE> <B>D</B>[<VAR>update_code</VAR>] <VAR>directory</VAR> <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+</PRE>
+<P>The following example defines the <B>/usr</B> directory:
+<PRE> D /usr root wheel 755
+</PRE>
+<A NAME="IDX7546"></A>
+<A NAME="IDX7547"></A>
+<A NAME="IDX7548"></A>
+<A NAME="IDX7549"></A>
+<P><H3><A NAME="HDRWQ432" HREF="auagd002.htm#ToC_509">Defining a File</A></H3>
+<P>The <B>F</B> instruction defines a file to be created on
+the local disk. The source file can reside in either AFS or the local
+disk.
+<P>If a file of this name already exists, then it is updated with (overwritten
+by) the source file, unless the <B>I</B> update code is specified.
+If a symbolic link or directory of this name exists, the <B>package</B>
+program replaces it with the source file.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Some files must reside on the local disk; they cannot be symbolic
+links. See <A HREF="#HDRWQ430">Local Files versus Symbolic Links</A>.
+</TD></TR></TABLE>
+<P>Use the following instruction to define a file:
+<PRE> <B>F</B>[<VAR>update_code</VAR>] <VAR>file</VAR> <VAR>source_file</VAR> [<VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>]
+</PRE>
+<P>An example which creates/updates the file <B>/bin/grep</B> on the local
+disk, using <B>/afs/abc.com/rs_aix42/bin/grep</B> as the
+source:
+<PRE> F /bin/grep /afs/abc.com/rs_aix42 root wheel 755
+</PRE>
+<P>In the following example, two update codes are used, and the
+<I>owner</I>, <I>group</I> and <I>mode_bits</I> slots are left
+empty, so that the disk file adopts the source file's values for those
+slots.
+<PRE> FAQ /usr/vice/etc/ThisCell /afs/abc.com/common/etc/ThisCell
+</PRE>
+<A NAME="IDX7550"></A>
+<A NAME="IDX7551"></A>
+<A NAME="IDX7552"></A>
+<A NAME="IDX7553"></A>
+<P><H3><A NAME="HDRWQ433" HREF="auagd002.htm#ToC_510">Defining a Symbolic Link</A></H3>
+<P>The <B>L</B> instruction defines a symbolic link to be
+created on the local disk. The symbolic link can point to the AFS file
+system or the local disk. If the identical symbolic link already
+exists, the <B>package</B> program does nothing. However, if an
+element of the same name exists on the disk as a file or directory, the
+<B>package</B> program replaces the element with a symbolic link.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Some files must reside on the local disk; they cannot be symbolic
+links. See <A HREF="#HDRWQ430">Local Files versus Symbolic Links</A>.
+</TD></TR></TABLE>
+<P>Use the following instruction to define a symbolic link:
+<PRE> <B>L</B>[<VAR>update_code</VAR>] <VAR>link</VAR> <VAR>actual_file</VAR> [<VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>]
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Do not create a symbolic link to a file whose name begins with the number
+sign (<B>#</B>) or percent sign (<B>%</B>). The Cache Manager
+interprets such a link as a mount point to a regular or Read/Write volume,
+respectively.
+</TD></TR></TABLE>
+<P>The following example creates a symbolic link from the <B>/etc/ftpd</B>
+directory on the local disk to the
+<B>/afs/abc.com/hp_ux110/etc/ftpd</B> file in AFS. Since the
+<I>owner</I>, <I>group</I> and <I>mode_bits</I> fields are empty,
+the symbolic link adopts values for those fields from the actual file:
+<PRE> L /etc/ftpd /afs/abc.com/hp_ux110
+</PRE>
+<P>This example uses the <B>A</B> update code:
+<PRE> LA /etc/printcap /afs/abc.com/common/etc/printcap.remote
+ root wheel 644
+</PRE>
+<A NAME="IDX7554"></A>
+<A NAME="IDX7555"></A>
+<A NAME="IDX7556"></A>
+<A NAME="IDX7557"></A>
+<P><H3><A NAME="HDRWQ434" HREF="auagd002.htm#ToC_511">Defining a Block Special Device</A></H3>
+<P>The <B>B</B> instruction defines a block special device,
+which is a device that handles data in units of multibyte blocks, such as a
+disk. If a device of the same name already exists, the
+<B>package</B> program replaces it with the specified block device.
+<P>Use the following instruction to define a block special device (it appears
+on two lines here only for legibility):
+<PRE> <B>B</B> <VAR>device_name</VAR> <VAR>major_device_number</VAR> <VAR>minor_device_number</VAR> \
+ <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+</PRE>
+<P>The following example defines a disk called <B>/dev/hd0a</B> to have
+major and minor device numbers <B>1</B> and <B>0</B>:
+<PRE> B /dev/hd0a 1 0 root wheel 644
+</PRE>
+<A NAME="IDX7558"></A>
+<A NAME="IDX7559"></A>
+<A NAME="IDX7560"></A>
+<A NAME="IDX7561"></A>
+<P><H3><A NAME="HDRWQ435" HREF="auagd002.htm#ToC_512">Defining a Character Special Device</A></H3>
+<P>The <B>C</B> instruction defines a character special
+device, which is device that handles data in units of a single character at a
+time, such as a terminal or tty. If a device of the same name already
+exists, the <B>package</B> program replaces it with the specified
+character device.
+<P>Use the following instruction to define a character special device (it
+appears here on two lines only for legibility):
+<PRE> <B>C </B><VAR>device_name</VAR> <VAR>major_device_number</VAR> <VAR>minor_device_number</VAR> \
+ <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+</PRE>
+<P>The following example defines the tty called <B>/dev/ttyp5</B> with
+major and minor device numbers <B>6</B> and <B>5</B>:
+<PRE> C /dev/ttyp5 6 5 root wheel 666
+</PRE>
+<A NAME="IDX7562"></A>
+<A NAME="IDX7563"></A>
+<A NAME="IDX7564"></A>
+<A NAME="IDX7565"></A>
+<P><H3><A NAME="HDRWQ436" HREF="auagd002.htm#ToC_513">Defining a Socket</A></H3>
+<P>The <B>S</B> instruction defines a socket, which is
+communications device for UDP and TCP/IP connections. If a socket of
+the same name already exists, the <B>package</B> program replaces
+it.
+<P>Use the following instruction to define a socket:
+<PRE> <B>S</B> <VAR>socket_name</VAR> [<VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>]
+</PRE>
+<P>The following example defines a socket called
+<B>/dev/printer</B>:
+<PRE> S /dev/printer root wheel 777
+</PRE>
+<HR><H2><A NAME="HDRWQ437" HREF="auagd002.htm#ToC_514">Constructing Prototype and Library Files</A></H2>
+<A NAME="IDX7566"></A>
+<A NAME="IDX7567"></A>
+<A NAME="IDX7568"></A>
+<P>This section describes the general steps required to create
+<B>package</B> prototype and library files. Refer to the previous
+sections for guidelines, and the files in your <B>wsadmin</B> directory
+for examples. The construction of prototype and library files is
+different for each cell.
+<P><H3><A NAME="Header_515" HREF="auagd002.htm#ToC_515">To construct a prototype file and its component library files</A></H3>
+<OL TYPE=1>
+<P><LI>Determine where the three <B>package</B>-related subdirectories
+(<B>src</B>, <B>lib</B> and <B>etc</B>) reside in your cell's
+file tree; the following instructions assume they were loaded into the
+<B>/afs/</B><VAR>cellname</VAR><B>/wsadmin</B> directory, as described
+in the <I>IBM AFS Quick Beginnings</I>.
+<P><LI>Decide how many different functions you want client machines in your cell
+to perform. We recommend that you construct a separate prototype file
+for each function. Common functions include:
+<UL>
+<P><LI>Standard workstation: provides users with access to files in AFS
+<P><LI>Printer server: drives a printer; can be combined with "staff"
+functionality
+<P><LI>Backup machine: performs backups of AFS volumes to tape by running
+the AFS Backup System software
+</UL>
+<P><LI>Determine the minimum functionality needed for all clients (such as AFS
+setup) and place these generic definitions in one or more library
+files.
+<P><LI>For each type of client (printer server, backup machine, and so on), place
+all system-independent definitions in one file, and all operating-system
+dependent definitions in another file.
+</OL>
+<HR><H2><A NAME="HDRWQ438" HREF="auagd002.htm#ToC_516">The Package Makefile File</A></H2>
+<A NAME="IDX7569"></A>
+<A NAME="IDX7570"></A>
+<A NAME="IDX7571"></A>
+<P>Once you have created the appropriate prototype and library files, you must
+compile the prototype for each system type. The result is a
+system-specific configuration file.
+<P>The <B>Makefile</B> file defines the prototype and library files used
+and the order of compilation. We recommend that you create your
+<B>Makefile</B> file by modifying the example provided with the AFS
+distribution, as described in this section. In the conventional
+configuration, it is located at
+<B>/afs/</B><VAR>cellname</VAR><B>/wsadmin/src/Makefile</B>.
+<P><H3><A NAME="Header_517" HREF="auagd002.htm#ToC_517">Overview</A></H3>
+<P>The following list summarizes the sections in the <B>package</B>
+<B>Makefile</B> file, identifying each by the header name that begins the
+section. More detailed descriptions follow.
+<DL>
+<P><DT><B><TT>CONFIG=</TT>
+</B><DD>Lists all of the configuration files to be created and defines which
+prototype files are compiled for which system types. See <A HREF="#HDRWQ439">The CONFIG Section</A>.
+<P><DT><B><TT>BASE_LIBS=</TT>
+</B><DD>Lists the pathnames of all operating-system- and function independent
+library files included in any prototype files. See <A HREF="#HDRWQ440">The BASE_LIBS Section</A>.
+<P><DT><B><TT>MACHINE_LIBS=</TT>
+</B><DD>Lists the pathnames of all operating-system-specific library files
+included in any prototype files. See <A HREF="#HDRWQ441">The MACHINE_LIBS Section</A>.
+<P><DT><B><TT>LIBS=</TT>
+</B><DD>A one-line instruction that defines <TT>LIBS</TT> as the combination of
+<TT>BASE_LIBS</TT> and <TT>MACHINE_LIBS</TT>. See <A HREF="#HDRWQ442">The LIBS Section</A>.
+<P><DT><B><TT>.SUFFIXES</TT>
+</B><DD>Defines all of the suffixes that can appear on a prototype or
+configuration file. See <A HREF="#HDRWQ443">The .SUFFIXES Section</A>.
+</DL>
+<P>Finally, the <B>Makefile</B> file contains a set of instructions that
+the <B>package</B> program follows to generate configuration files.
+It is not generally necessary to alter this section. See <A HREF="#HDRWQ444">The Makefile Instructions Section</A>.
+<P><H3><A NAME="HDRWQ439" HREF="auagd002.htm#ToC_518">The CONFIG Section</A></H3>
+<P>As mentioned, a configuration file is a prototype file that
+has been compiled for a specific operating system type. The
+<TT>CONFIG</TT> section of the <B>Makefile</B> file defines the
+prototype files to compile for each system type. The resulting compiled
+file is a system-specific configuration file.
+<P>Study the following example taken from the sample <B>Makefile</B>
+file. Configuration files are defined by specifying the
+prototype-system combination as
+<VAR>prototype_file</VAR><B>.</B><VAR>sysname</VAR>. Note that
+it is not necessary to generate a configuration file for each prototype-system
+type combination.
+<PRE> #Makefile...
+ # (C) Copyright IBM Corporation 1999
+ # Licensed Materials - Property of IBM
+ # All Rights Reserved.
+ #
+ CONFIG = \
+ staff.rs_aix42 \
+ staff.alpha_dux40 \
+ staff.xdm.alpha_dux40 \
+ staff.sun4x_56 \
+ staff.hp_ux110 \
+ minimal.rs_aix42 \
+ minimal.alpha_dux40 \
+ minimal.hp_ux110 \
+ minimal.sun4x_56
+</PRE>
+<P>An entry in the <TT>CONFIG</TT> section has the following format:
+<UL>
+<P><LI>The first part of the entry defines the prototype file and is the same as
+the prototype file name (without the <B>.proto</B>
+extension). The second part of the entry indicates the system type for
+which the prototype file is to be compiled. A complete list of these
+suffixes is in the <TT>.SUFFIXES</TT> section of the
+<B>Makefile</B> file, as described in <A HREF="#HDRWQ443">The .SUFFIXES Section</A>. This
+<VAR>prototype_file</VAR><B>.</B><VAR>sysname</VAR> definition becomes
+the name of the compiled configuration file.
+<P>For example, <B>staff.rs_aix42</B> indicates that the
+<B>staff.proto</B> file is compiled for machines running AIX
+4.2. The resulting compiled configuration file is called
+<B>staff.rs_aix42</B>.
+<P><LI>Each configuration file must appear on a separate line.
+<P><LI>A backslash must follow the <TT>CONFIG=</TT> header and every name but
+the last one. A backslash must also appear on blank lines.
+</UL>
+<P><H3><A NAME="HDRWQ440" HREF="auagd002.htm#ToC_519">The BASE_LIBS Section</A></H3>
+<P>This section defines the complete pathname of all system-
+and function-independent library files included in any prototype file.
+(System-specific library files are defined in the <TT>MACHINE_LIBS</TT>
+section). The pathnames can include the <TT>${wsadmin}</TT> variable,
+whose value is supplied on the <B>make</B> command line.
+<P>You must include all of the library files referred to in your prototype
+files; files included but not used are ignored.
+<P>Study the following example. Note that the all entries (except the
+last one) must be followed by a backslash.
+<PRE> BASE_LIBS = \
+ ${wsadmin}/src/admin \
+ ${wsadmin}/lib/devel \
+ ${wsadmin}/lib/base.generic
+</PRE>
+<P><H3><A NAME="HDRWQ441" HREF="auagd002.htm#ToC_520">The MACHINE_LIBS Section</A></H3>
+<P>This section lists the complete pathname of all
+operating-system-specific library files included in prototype files.
+(System- and function-independent library files are defined in the
+<TT>BASE_LIBS</TT> section.)
+<P>Study the following example. Note that in this example, library
+files were grouped by operating-system type. Again, all lines (except
+the last one) must be followed by a backslash, the <TT>${wsadmin}</TT>
+variable is allowed, and files included but not used are ignored.
+<PRE> MACHINE_LIBS = \
+ ${wsadmin}/lib/rs_aix42.generic \
+ ${wsadmin}/lib/rs_aix42.generic.dev \
+ ${wsadmin}/lib/rs_aix42.readonly \
+ ${wsadmin}/lib/rs_aix42.readwrite \
+ ${wsadmin}/lib/rt_aix42.generic.printer \
+ \
+ .
+ .
+ ${wsadmin}/lib/alpha_dux40.AFS \
+ ${wsadmin}/lib/hp_ux110.AFS \
+ ${wsadmin}/lib/sun4x_56.AFS \
+ ${wsadmin}/lib/rs_aix42.AFS
+</PRE>
+<P><H3><A NAME="HDRWQ442" HREF="auagd002.htm#ToC_521">The LIBS Section</A></H3>
+<P>This section contains only one instruction, which indicates
+that <TT>LIBS</TT> is defined as the combination of <TT>MACHINE_LIBS</TT>
+and <TT>BASE_LIBS</TT>. Insert a blank line after the line to
+separate this section from the next.
+<PRE> LIBS = ${MACHINE_LIBS} ${BASE_LIBS}
+</PRE>
+<P><H3><A NAME="HDRWQ443" HREF="auagd002.htm#ToC_522">The .SUFFIXES Section</A></H3>
+<P>This section lists the valid machine-type suffixes.
+This list includes system types currently supported for AFS. Unused
+suffixes are ignored.
+<PRE> .SUFFIXES: .rs_aix42 \
+ .alpha_dux40 \
+ .proto \
+ .sun4x_56 \
+ .i386_linux22 \
+ .hp_ux110
+</PRE>
+<P><H3><A NAME="HDRWQ444" HREF="auagd002.htm#ToC_523">The Makefile Instructions Section</A></H3>
+<P>The remainder of the <B>Makefile</B> file controls how
+the <B>package</B> program generates configuration files.
+<P>Study the following instructions; it is assumed that you are familiar
+with programming and <B>Makefile</B> concepts.
+<PRE> #The following appear on a single line each in the actual file
+ .proto.rs_aix42: ; mpp -Dwsadmin=${wsadmin} -Dsys=rs_aix42
+ -Dname=$* $*.proto > $@
+ .proto.alpha_dux40: ; mpp -Dwsadmin=${wsadmin} -Dsys=alpha_dux40
+ -Dname=$* $*.proto > $@
+ .proto.sun4x_56: ; mpp -Dwsadmin=${wsadmin} -Dsys=sun4x_56
+ -Dname=$* $*.proto > $@
+ .proto.hp_ux110: ; mpp -Dwsadmin=${wsadmin} -Dsys=hp_ux110
+ -Dname=$* $*.proto > $@
+ all: ${CONFIG}
+ ${CONFIG}: ${LIBS}
+ system: install
+ install: ${CONFIG}
+ cp ${CONFIG} ${wsadmin}/etc
+ clean:
+ rm -f ${CONFIG} *.BAK *.CKP
+</PRE>
+<HR><H2><A NAME="HDRWQ445" HREF="auagd002.htm#ToC_524">Modifying the Makefile</A></H2>
+<A NAME="IDX7572"></A>
+<A NAME="IDX7573"></A>
+<A NAME="IDX7574"></A>
+<P>Modify the <B>package</B> <B>Makefile</B> files when you
+<UL>
+<P><LI>Add a new prototype file
+(<VAR>function</VAR><B>.proto</B>).
+<P><LI>Add a new system type.
+<P><LI>Add new library files.
+</UL>
+<P>The following sections provide brief examples of how to modify the
+<B>Makefile</B> file for these reasons.
+<P><H3><A NAME="Header_525" HREF="auagd002.htm#ToC_525">Adding a New Prototype File</A></H3>
+<P>When you create a new prototype file, add the file name and each system
+type for which it is to be built into the <TT>CONFIG</TT> section of the
+<B>Makefile</B> file.
+<P>For example, to add a <VAR>function</VAR><B>.proto</B> file for
+<B>alpha_dux40</B> and <B>hp_ux110</B>, add the following entries to
+the <TT>CONFIG</TT> section:
+<PRE> CONFIG = \
+ ...
+ <VAR>function</VAR>.alpha_dux40 \
+ <VAR>function</VAR>.hp_ux110 \
+ ...
+</PRE>
+<P>If you have added new library files for this prototype function, add those
+to the <TT>MACHINE_LIBS</TT> section.
+<P><H3><A NAME="Header_526" HREF="auagd002.htm#ToC_526">Adding a New System Type</A></H3>
+<P>For each prototype file that you want to build for the new system type,
+add an entry to the <TT>CONFIG</TT> section. Also add any new
+libraries to the <TT>MACHINE_LIBS</TT> section, and the new system type to
+the <TT>.SUFFIXES</TT> section.
+<P>The following example shows the modifications appropriate when building the
+<B>staff</B> and <B>minimal</B> prototype files for this new system
+type.
+<PRE> CONFIG = \
+ ...
+ staff.<VAR>sysname</VAR> \
+ minimal.<VAR>sysname</VAR> \
+ ...
+</PRE>
+<P>If you have created corresponding library files for this new machine type,
+add them to the <TT>MACHINE_LIBS</TT> section.
+<PRE> MACHINE_LIBS = \
+ ...
+ ${wsadmin}/lib/<VAR>sysname</VAR>.generic \
+ ${wsadmin}/lib/<VAR>sysname</VAR>.generic.dev \
+ ${wsadmin}/lib/<VAR>sysname</VAR>.readonly \
+ ${wsadmin}/lib/<VAR>sysname</VAR>.readwrite \
+ ...
+</PRE>
+<P>Add the new system type to the <TT>SUFFIXES</TT> section.
+<PRE> .SUFFIXES: ...\
+ .<VAR>sysname</VAR> \
+ ...
+</PRE>
+<P>Add a line to build the configuration files for this system in the section
+with the rest of the commands to build configuration files:
+<PRE> .proto.<VAR>sysname</VAR>: ; mpp -Dwsadmin=${wsadmin} \
+ -Dsys=<VAR>sysname</VAR> -Dname=$* $*.proto > $
+</PRE>
+<P><H3><A NAME="Header_527" HREF="auagd002.htm#ToC_527">Adding New Library Files</A></H3>
+<P>If you added a new library file for each system type,
+<VAR>sysname</VAR><B>.</B><VAR>library_file</VAR>, add these files to
+the MACHINE_LIBS section of the<B> Makefile</B>.
+<PRE> MACHINE_LIBS = \
+ ...
+ ${wsadmin}/lib/rs_aix42.<VAR>library_file</VAR> \
+ ...
+ ${wsadmin}/lib/alpha_dux40.<VAR>library_file</VAR> \
+ ...
+ ${wsadmin}/lib/sun4x_56.<VAR>library_file</VAR> \
+ ...
+</PRE>
+<P>If you added a new library file that is common to all system types,
+<I>library_file</I>, add this only to the <TT>BASE_LIBS</TT>
+section:
+<PRE> BASE_LIBS = \
+ ...
+ ${wsadmin}/lib/<VAR>library_file</VAR> \
+ ...
+</PRE>
+<HR><H2><A NAME="HDRWQ446" HREF="auagd002.htm#ToC_528">Compiling Prototype Files</A></H2>
+<A NAME="IDX7575"></A>
+<A NAME="IDX7576"></A>
+<P>The <B>package</B> program generates configuration files and installs
+them in the <B>etc</B> and <B>src</B> subdirectories of the directory
+designated as <B>wsadmin=</B> on the <B>make</B> command line.
+Recompile whenever you modify a prototype or library file.
+<P><H3><A NAME="Header_529" HREF="auagd002.htm#ToC_529">To compile prototype files</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">These instructions assume that you store your <B>package</B>-related
+files in the <B>/afs/</B><VAR>cellname</VAR><B>/wsadmin</B>
+directory. If you use a different directory, substitute its name for
+<B>/afs/</B><VAR>cellname</VAR><B>/wsadmin</B>.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>Verify that you have all privileges in the
+<B>/afs/</B><VAR>cellname</VAR><B>/wsadmin</B> directory and in its
+<B>src</B>, <B>lib</B> and <B>etc</B> subdirectories. If
+necessary, issue the <B>fs</B> <B>listacl</B> command.
+<PRE> % <B>fs listacl</B> [<VAR>dir/file path</VAR>]
+</PRE>
+<P><LI>Change to the <B>/afs/</B><VAR>cellname</VAR><B>/wsadmin/src</B>
+subdirectory.
+<PRE> % <B>cd /afs/</B><VAR>cellname</VAR><B>/wsadmin/src</B>
+</PRE>
+<P><LI>Create a backup copy of the <B>Makefile</B> file included in the AFS
+distribution.
+<PRE> % <B>cp Makefile Makefile.example</B>
+</PRE>
+<P><LI>Modify the <TT>CONFIG</TT>, <TT>BASE_LIBS</TT> and
+<TT>MACHINE_LIBS</TT> sections of the <B>Makefile</B> file, as described
+in <A HREF="#HDRWQ439">The CONFIG Section</A>, <A HREF="#HDRWQ440">The BASE_LIBS Section</A>, and <A HREF="#HDRWQ441">The MACHINE_LIBS Section</A>.
+<P><LI>Compile the prototype files using the <B>make</B> command.
+<P>Use the <B>wsadmin=</B> argument to specify the <B>package</B>
+directory. This becomes the value of the <TT>${wsadmin}</TT> variable
+in the prototype and the library files.
+<P>The <B>package</B> program generates configuration files and installs
+them in the <B>etc</B> and <B>src</B> subdirectories of the directory
+designated as <B>wsadmin=</B>.
+<PRE> % <B>make system wsadmin=/afs/</B><VAR>cellname</VAR><B>/wsadmin</B>
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ447" HREF="auagd002.htm#ToC_530">Modifying Client Machines</A></H2>
+<A NAME="IDX7577"></A>
+<A NAME="IDX7578"></A>
+<A NAME="IDX7579"></A>
+<A NAME="IDX7580"></A>
+<P>To prepare a client to run the <B>package</B> program automatically,
+perform the following steps. The instructions are generic because they
+do not refer to system-specific configuration files. If desired, you
+can invoke the <B>package</B> program with specific arguments, as
+described in the <I>IBM AFS Administration Reference</I>.
+<OL TYPE=1>
+<P><LI>Specify the configuration file to use.
+<P>The <B>.package</B> file in the client machine's root (
+<B>/</B>) directory is redirected as an argument to the <B>package</B>
+command; the <B>.package</B> file specifies which
+configuration file the <B>package</B> program uses.
+<P><LI>Make the <B>package</B> binary available to the client, either by
+copying it to the local disk, or by creating a symbolic link to AFS.
+<UL>
+<P><LI>A symbolic link saves local disk space. However, when the file
+server machine that houses it is down, the <B>package</B> binary is
+inaccessible.
+<P><LI>Keeping the <B>package</B> binary on the local disk enables you to run
+the <B>package</B> program even if file server is down. However, a
+file server machine outage usually makes it difficult to run the
+<B>package</B> program because most configuration file instructions refer
+to files in AFS. A local copy of the <B>package</B> binary can be
+useful if the files referred to in instructions are in replicated
+volumes.
+</UL>
+<P><LI>Modify the client machine's initialization file to invoke the
+<B>package</B> program at reboot. The client machine reboots a
+second time if the <B>package</B> program updates any files marked with
+the <B>Q</B> update code.
+</OL>
+<P><H3><A NAME="Header_531" HREF="auagd002.htm#ToC_531">To prepare a client machine to run the package program</A></H3>
+<P>Repeat these instructions on every client that runs the
+<B>package</B> program.
+<P>These instructions assume that the <B>package</B> configuration files
+(created when the prototype files were compiled) reside in the
+<B>/afs/</B><VAR>cellname</VAR><B>/wsadmin/etc</B> directory .
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Create the <B>.package</B> file in the root ( <B>/</B>)
+directory and specify the name of the prototype file to use. Do not
+include the system-type suffix (such as <B>.rs_aix42</B>); the
+<B>package</B> program automatically determines the correct machine
+type.
+<PRE> # <B>echo "/afs/</B><VAR>cellname</VAR><B>/wsadmin/etc/</B><VAR>config_file</VAR><B>" >> /.package</B>
+</PRE>
+<P>For example, to configure a machine for a member of staff machine (assuming
+the proper prototype file had been defined and compiled for the system type),
+the appropriate command is:
+<PRE> # <B>echo "/afs/</B><VAR>cellname</VAR><B>/wsadmin/etc/staff" >> /.package</B>
+</PRE>
+<P><LI>Make the <B>package</B> binary available on the local disk as
+<B>/etc/package</B>. Issue one of the following commands, depending
+on whether you want to create a file or create a symbolic link.
+<P>To store the <B>package</B> binary locally, enter the following
+command:
+<PRE> # <B>cp /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/etc/package /etc/package</B>
+</PRE>
+<P>To create a symbolic link, enter the following command:
+<PRE> # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/etc/package /etc/package</B>
+</PRE>
+<P><LI>Add the following lines to the appropriate initialization file, after the
+<B>afsd</B> command is invoked. If this is a file server machine,
+the <B>bosserver</B> command must follow the <B>package</B>
+command.
+<P>Using the <B>-v</B> and <B>-c</B> options is recommended.
+The <B>-v</B> flag produces a detailed trace, and the <B>-c</B> option
+appends the system type to the base name of the configuration file. See
+the <I>IBM AFS Administration Reference</I> for a description of other
+options.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Replace the <B>shutdown</B> command with a similar command if it is not
+appropriate for rebooting your machine.
+</TD></TR></TABLE>
+<PRE> if [ -f /etc/package ]; then
+ if [ -f /.package ]: then
+ /etc/package -v -c `cat /.package` >/dev/console
+ else
+ /etc/package -v >/dev/console
+ fi
+ case $? in
+ 0)
+ echo "Package completed successfully" >/dev/console 2>&1
+ date >/dev/console 2>&1
+ ;;
+ 4)
+ echo "Rebooting to restart system" >/dev/console 2>&1
+ echo >/fastboot
+ shutdown
+ ;;
+ *)
+ echo "Update failed, continuing anyway" >/dev/console 2>&1
+ ;;
+ esac
+ fi
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ448" HREF="auagd002.htm#ToC_532">Running the package program</A></H2>
+<P>After you have created and compiled prototype files and
+modified client machines, you are ready to run the <B>package</B>
+program. It is probably most convenient to run the <B>package</B>
+program automatically at reboot by invoking it in the machine's AFS
+initialization file, but you can also issue the command at the command shell
+prompt.
+<P>The configuration file must be completely correct. If there are any
+syntax errors or incorrect values, the program exits without executing any
+instruction. To check the configuration file, issue the
+<B>package</B> command with the <B>-noaction</B> and <B>-debug</B>
+flags at the command shell prompt. They display a list of potential
+problems without actually executing instructions.
+<P>The <B>package</B> program follows these general rules. Complete
+explanations are in <A HREF="#HDRWQ429">Package Configuration File Instruction Syntax</A>.
+<UL>
+<P><LI>The <B>package</B> program does not delete any files from the disk
+unless the <B>R</B> update code was specified in the prototype
+file. If the <B>R</B> update code is associated with the parent
+directory, the <B>package</B> program removes anything from the local disk
+directory that is not specified in the configuration file.
+<P><LI>Local files are updated only if they are out of date. For each
+<B>F</B> instruction in the configuration file, the <B>package</B>
+program compares the time of the local file with the indicated source
+file. If the source file is newer than the local, the file is
+updated.
+<P><LI>When the initialization file is modified as recommended in <A HREF="#HDRWQ447">Modifying Client Machines</A>, the <B>package</B> program reboots the workstation
+automatically if any files marked with the <B>Q</B> update code are
+updated, and if the <B>package</B> program has been invoked from the
+initialization file. When a file marked with the <B>Q</B> update
+code is changed, the <B>package</B> program exits with status code 4,
+causing a reboot (as directed in the initialization file). Files that
+require a reboot before changes are recognized (such as the operating system
+kernel and <B>/usr/vice/etc/CellServDB</B> files) must be marked with a
+<B>Q</B> update code in the configuration file.
+<P><LI>The <B>package</B> program copies the configuration file it has just
+used to <B>/etc/package.</B><VAR>sysname</VAR>, where
+<VAR>sysname</VAR> reflects this machine's system type. The
+<B>package</B> command interpreter consults this file if you do not
+provide a configuration file name. To be sure that it configures the
+local disk as you wish, review its contents.
+</UL>
+<P><H3><A NAME="Header_533" HREF="auagd002.htm#ToC_533">To invoke the package program by rebooting</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI><B>(Recommended)</B> Verify the following:
+<UL>
+<P><LI>The <B>/.package</B> file identifies the desired configuration
+file
+<P><LI>The <B>package</B> binary is available as <B>/etc/package</B>
+<P><LI>The initialization file is properly modified to invoke the
+<B>package</B> program automatically
+</UL>
+<P><LI>Reboot the machine, using the appropriate command.
+<PRE> # <B>shutdown</B>
+</PRE>
+</OL>
+<A NAME="IDX7581"></A>
+<A NAME="IDX7582"></A>
+<P><H3><A NAME="Header_534" HREF="auagd002.htm#ToC_534">To invoke the package program directly (without rebooting)</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Verify the following:
+<UL>
+<P><LI>The <B>/.package</B> file identifies the desired configuration
+file
+<P><LI>The <B>package</B> binary is available as <B>/etc/package</B>
+<P><LI>The initialization file is properly modified to invoke the
+<B>package</B> program automatically
+</UL>
+<P><LI>Issue the <B>package</B> command.
+<PRE> # <B>package</B> [<B>initcmd</B>] [<B>-config</B> <<VAR>base name of configuration file</VAR>>] \
+ [<B>-fullconfig</B> <<VAR>full name of configuration file, or stdin for standard input</VAR>>] \
+ [<B>-overwrite</B>] [<B>-noaction</B>] [<B>-verbose</B>] [<B>-silent</B>] [<B>-rebootfiles</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-config
+</B><DD>Specifies the full pathname of the configuration file to use, ending in
+the file's base name, which omits the suffix that indicates the machine
+type. The <B>package</B> program knows how to determine a
+machine's type, and automatically selects the appropriate version of the
+base file name. An example of the proper value for this argument is
+<B>staff</B> rather than <B>staff.rs_aix42</B>. You can
+also have the <B>package</B> program refer to <B>/.package</B>
+to learn the configuration file name by providing the following value:
+<P><B>`cat /.package`</B>
+<P>Use either this argument or the <B>-fullconfig</B> argument.
+<P><DT><B>-fullconfig
+</B><DD>Specifies the full name of the configuration file to use, complete with
+the machine-type extension. Examples are
+<B>staff.rs_aix42</B> and <B>minimal.hp_ux110</B>
+files.
+<P>Another possibility is the string <B>stdin</B>, which indicates that
+the issuer is providing configuration information via the standard input
+stream, either as a piped file or by typing the configuration file at the
+keyboard. Press <<B>Ctrl-d</B>> to conclude the input.
+<P>Use either this argument or the <B>-config</B> argument.
+<P><DT><B>-overwrite
+</B><DD>Overwrite elements on the local disk with the source version indicated in
+the configuration file, even if the first (owner) <B>w</B>
+(<B>write</B>) mode bit is turned off on the local disk copy of the
+file. Files protected by the <B>I</B> update code are not
+overwritten; see the definition for the <B>F</B> instruction.
+<P><DT><B>-noaction
+</B><DD>Displays on the standard output stream a trace of potential problems in
+running the command, rather than actually running it. If the
+<B>-verbose</B> flag is added, the trace also notes the actions the
+<B>package</B> program attempts.
+<P><DT><B>-silent
+</B><DD>Explicitly invokes the default level of tracing, which includes only a
+list of problems encountered while executing the command.
+<P><DT><B>-verbose
+</B><DD>Produces a detailed trace of the program's actions on the standard
+output stream. The trace records on the transfer and ownership/mode bit
+setting of each element in the configuration file.
+<P><DT><B>-rebootfiles
+</B><DD>Prevents the overwrite of any element marked with the <B>Q</B>
+update-mode code in the configuration file. This effectively prevents
+the machine from rebooting automatically again when the <B>package</B>
+program is invoked from an initialization file.
+</DL>
+<P><LI>If you think files marked with the <B>Q</B> update code were updated,
+reboot the machine. This reboot does not occur automatically.
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd015.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd017.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd016.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd018.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX7583"></A>
+<HR><H1><A NAME="HDRWQ449" HREF="auagd002.htm#ToC_535">Creating and Deleting User Accounts with the uss Command Suite</A></H1>
+<P>The <B>uss</B> command suite helps you create and delete
+AFS user accounts quickly and easily. You can create a single account
+with the <B>uss add</B> command, delete a single account with the <B>uss
+delete</B> command, or create and delete multiple accounts with the <B>uss
+bulk</B> command.
+<P>A single <B>uss add</B> or <B>uss bulk</B> command can create a
+complete AFS user account because the <B>uss</B> command interpreter
+refers to a template file in which you predefine the configuration of many
+account components. The <B>uss delete</B> command deletes most of
+the components of a user account, but does not use a template file.
+<P>The <B>uss</B> suite also easily incorporates shell scripts or other
+programs that you write to perform parts of account creation and deletion
+unique to your site. To invoke a script or program automatically as a
+<B>uss</B> command runs, use the appropriate instructions in the template
+file or bulk input file. Various sections of this chapter discuss
+possible uses for scripts.
+<P>Using the <B>uss</B> commands to create and delete accounts is the
+recommended method because it automates and correctly orders most of the
+necessary steps. The alternative is to issue a series of separate
+commands to the various AFS servers, which requires more careful record
+keeping. For instructions, see <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>.
+<HR><H2><A NAME="HDRWQ450" HREF="auagd002.htm#ToC_536">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Add a single user account
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>uss add</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Delete a single user account
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>uss delete</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Add and delete multiple accounts
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>uss bulk</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ452" HREF="auagd002.htm#ToC_537">Overview of the uss Command Suite</A></H2>
+<P>The commands in the <B>uss</B> suite help you to
+automate the creation and deletion of AFS user accounts:
+<UL>
+<P><LI>The <B>uss add</B> command creates all of the components of an
+account, one account at a time. It consults a template file that
+defines account configuration.
+<P><LI>The <B>uss delete</B> command deletes the major components of an
+account, one account at a time. It does not use a template file, so you
+possibly need to perform additional tasks manually.
+<P><LI>The <B>uss bulk</B> command can create and delete multiple
+accounts. It refers to a bulk input file that can contain any number of
+account-creation and deletion instructions, along with other instructions for
+further automating the process.
+</UL>
+<A NAME="IDX7584"></A>
+<A NAME="IDX7585"></A>
+<P><H3><A NAME="Header_538" HREF="auagd002.htm#ToC_538">The Components of an AFS User Account</A></H3>
+<P>An AFS user account can have many components. The only two
+required components are entries in the Protection Database and Authentication
+Database, but the other components add functionality and usability. The
+following information also appears in a corresponding section of <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>, but is repeated here for your convenience.
+<UL>
+<P><LI>A <I>Protection Database entry</I> defines the username (the name
+provided when authenticating with AFS), and maps it to an AFS user ID (AFS
+UID), a number that the AFS servers use internally when referencing
+users. The Protection Database also tracks the groups to which the user
+belongs. For details, see <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P><LI>An <I>Authentication Database entry</I> records the user's AFS
+password in a scrambled form suitable for use as an encryption key.
+<P><LI>A home <I>volume</I> stores all the files in the user's home
+directory together on a single partition of a file server machine. The
+volume has an associated <VAR>quota</VAR> that limits its size. For a
+complete discussion of volumes, see <A HREF="auagd010.htm#HDRWQ174">Managing Volumes</A>.
+<P><LI>A <I>mount point</I> makes the contents of the user's volume
+visible and accessible in the AFS filespace, and acts as the user's home
+directory. For more details about mount points, see <A HREF="auagd010.htm#HDRWQ183">About Mounting Volumes</A>.
+<P><LI>Full access permissions on the home directory's <I>access control
+list (ACL)</I> and ownership of the directory (as displayed by the UNIX
+<B>ls -ld</B> command) enable the user to manage his or her files.
+For details on AFS file protection, see <A HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A>.
+<P><LI>A <I>local password file entry</I> (in the <B>/etc/passwd</B> file
+or equivalent) of each AFS client machine enables the user to log in and
+access AFS files through the Cache Manager. A subsequent section in
+this chapter further discusses local password file entries.
+<P><LI>Other optional <I>configuration files</I> make the account more
+convenient to use. Such files help the user log in and log out more
+easily, receive electronic mail, print, and so on.
+</UL>
+<A NAME="IDX7586"></A>
+<A NAME="IDX7587"></A>
+<P><H3><A NAME="HDRWQ453" HREF="auagd002.htm#ToC_539">Privilege Requirements for the uss Commands</A></H3>
+<P>To issue <B>uss</B> commands successfully, you usually
+need all of the standard AFS administrative privileges: membership in
+the <B>system:administrators</B> group, inclusion in the
+<B>/usr/afs/etc/UserList</B> file on every relevant server machine, and
+the <TT>ADMIN</TT> flag on your Authentication Database entry. For
+details on administrative privilege, see <A HREF="auagd021.htm#HDRWQ581">Managing Administrative Privilege</A>.
+<A NAME="IDX7588"></A>
+<A NAME="IDX7589"></A>
+<A NAME="IDX7590"></A>
+<A NAME="IDX7591"></A>
+<A NAME="IDX7592"></A>
+<A NAME="IDX7593"></A>
+<A NAME="IDX7594"></A>
+<P><H3><A NAME="HDRWQ454" HREF="auagd002.htm#ToC_540">Avoiding and Recovering from Errors and Interrupted Operations</A></H3>
+<P>As for any complex operation, there are a number of possible
+reasons that an account-creation or deletion operation can halt before it
+completes. You can easily avoid several of the common reasons by making
+the following checks before issuing a <B>uss</B> command:
+<UL>
+<P><LI>Verify that you have all of the administrative privileges you need to
+complete an operation, as described in <A HREF="#HDRWQ453">Privilege Requirements for the uss Commands</A>. The instructions for using the <B>uss add</B>,
+<B>uss delete</B>, and <B>uss bulk</B> commands include this check as
+a step.
+<P><LI>Proofread the template and bulk input files for correct syntax and
+acceptable values. For discussion, see <A HREF="#HDRWQ463">Constructing a uss Template File</A> and <A HREF="#HDRWQ489">Constructing a Bulk Input File</A>.
+<P><LI>Do not issue <B>uss</B> commands when you are aware of network, server
+machine, or server process outages. Because <B>uss</B> operations
+affect so many components of AFS, it is unlikely that the command can succeed
+when there are outages.
+</UL>
+<P>Another way to avoid errors that halt an operation is to preview the
+<B>uss</B> command by combining the <B>-dryrun</B> flag with the other
+arguments to be used on the actual command. The <B>uss</B> command
+interpreter generates a screen trace of the actions to be performed by the
+actual command, without performing them.
+<P>Using the <B>-dryrun</B> flag reveals many basic errors that can halt
+an operation, particularly the ones due to incorrect syntax in the command
+line, template file, or bulk input file. It does not catch all possible
+errors, however, because the command interpreter is not actually attempting to
+perform the actions it is tracing. For example, a Volume Server outage
+does not necessarily halt the volume creation step when the <B>-dryrun</B>
+flag is included, because the command interpreter is not actually contacting
+the server; such an outage halts the actual creation operation.
+<A NAME="IDX7595"></A>
+<A NAME="IDX7596"></A>
+<A NAME="IDX7597"></A>
+<P>When the <B>uss</B> command interpreter encounters error conditions
+minor enough that they do not require halting the operation, it usually
+generates a message that begins with the string <TT>uss:
+Warning:</TT> and describes the action it is taking to avoid
+halting. For example, if a user's Protection Database entry
+already exists, the following message appears on the standard output
+stream:
+<PRE> uss: Warning: User '<VAR>user</VAR>' already in the protection database
+ The uid for user '<VAR>user</VAR>' is <VAR>AFS UID</VAR>
+</PRE>
+<P>If an error is more serious, the word <TT>Warning</TT> does not appear in
+the message, which instead describes why the command interpreter cannot
+perform the requested action. Not all of these errors cause the
+<B>uss</B> operation to halt, but they still require you to take
+corrective action. For example, attempting to create a mount point
+fails if you lack the necessary permissions on the parent directory's
+ACL, or if the mount point pathname in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field is malformed. However, this error does not
+cause the creation operation to halt until later instructions in the template
+attempt to install subdirectories or files under the nonexistent mount
+point.
+<P>If the command shell prompts returns directly after an error message, then
+the error generally was serious enough to halt the operation. When an
+error halts account creation or deletion, the best way to recover is to find
+and fix the cause, and then reissue the same <B>uss</B> command.
+<A NAME="IDX7598"></A>
+<A NAME="IDX7599"></A>
+<A NAME="IDX7600"></A>
+<A NAME="IDX7601"></A>
+<A NAME="IDX7602"></A>
+<A NAME="IDX7603"></A>
+<P>The following list describes what happens when components of a user's
+account already exist when you reissue an account-creation command (the
+<B>uss add</B> command, or the <B>uss bulk</B> command when the bulk
+input file contains <B>add</B> instructions):
+<UL>
+<P><LI>If the Protection Database entry already exists, a message confirms its
+existence and specifies the associated AFS UID.
+<P><LI>If the Authentication Database entry already exists, a message confirms
+its existence.
+<P><LI>If the volume and associated Volume Location Database (VLDB) entry already
+exist, a message confirms their existence. However, the <B>uss</B>
+command interpreter does alter the volume's quota, mount point, or ACL if
+any of the relevant fields in the template <B>V</B> instruction have
+changed since the command last ran. If the value in the
+<VAR>mount_point</VAR> field has changed, the command interpreter creates the
+new mount point but does not remove any existing mount points.
+<P><LI>If any of the fields in the template <B>A</B> instruction have
+changed, the <B>uss</B> command interpreter makes the changes without
+comment.
+<P><LI>If a directory, file, or link defined by a template file <B>D</B>,
+<B>E</B>, <B>F</B>, <B>L</B>, or <B>S</B> instruction already
+exists, the <B>uss</B> command interpreter replaces the existing element
+with one that conforms to the template definition. To control whether
+the <B>uss</B> command interpreter prompts for confirmation that you wish
+to overwrite a given element, use the <B>-overwrite</B> flag to the
+<B>uss add</B> or <B>uss bulk</B> command:
+<UL>
+<P><LI>If you include the <B>-overwrite</B> flag, the command interpreter
+automatically overwrites all elements without asking for confirmation.
+<P><LI>If you omit the flag, the command interpreter prompts once for each
+account to ask if you want to overwrite all elements associated with
+it.
+</UL>
+<P><LI>The command interpreter always reexecutes <B>X</B> instructions in the
+template file. If a command's result already holds, reissuing it
+has the same effect as reissuing it outside the context of the <B>uss</B>
+commands.
+</UL>
+<P>The following describes what happens when a <B>uss delete</B> command
+references account components that have already been deleted.
+<UL>
+<P><LI>If the volume and VLDB entry no longer exist, a message confirms their
+absence.
+<P><LI>If the Authentication Database entry no longer exists, a message confirms
+its absence.
+</UL>
+<A NAME="IDX7604"></A>
+<HR><H2><A NAME="HDRWQ455" HREF="auagd002.htm#ToC_541">Creating Local Password File Entries with uss</A></H2>
+<P>To obtain authenticated access to a cell's AFS
+filespace, a user must not only have a valid AFS token, but also an entry in
+the local password file (<B>/etc/passwd</B> or equivalent) of the AFS
+client machine. This section discusses why it is important for the
+user's AFS UID to match to the UNIX UID listed in the local password
+file, the appropriate value to put in the file's password field, and
+outlines a method for creating a single source password file.
+<P>For instructions on using the template file's <B>E</B> instruction
+to generate local password file entries automatically as part of account
+creation, see <A HREF="#HDRWQ458">Creating a Common Source Password File</A>.
+<P>The following information also appears in a corresponding section of <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>, but is repeated here for your convenience.
+<A NAME="IDX7605"></A>
+<A NAME="IDX7606"></A>
+<A NAME="IDX7607"></A>
+<A NAME="IDX7608"></A>
+<A NAME="IDX7609"></A>
+<P><H3><A NAME="HDRWQ456" HREF="auagd002.htm#ToC_542">Assigning AFS and UNIX UIDs that Match</A></H3>
+<P>A user account is easiest to administer and use if the AFS
+user ID number (AFS UID) and UNIX UID match. All instructions in the
+AFS documentation assume that they do.
+<P>The most basic reason to make AFS and UNIX UIDs the same is so that the
+owner name reported by the UNIX <B>ls -l</B> and <B>ls -ld</B>
+commands makes sense for AFS files and directories. Following standard
+UNIX practice, the File Server records a number rather than a username in an
+AFS file or directory's owner field: the owner's AFS
+UID. When you issue the <B>ls -l</B> command, it translates the UID
+to a username according to the mapping in the local password file, not the AFS
+Protection Database. If the AFS and UNIX UIDs do not match, the <B>ls
+-l</B> command reports an unexpected (and incorrect) owner. The
+output can even vary on different client machines if their local password
+files map the same UNIX UID to different names.
+<P>Follow the recommendations in the indicated sections to make AFS and UNIX
+UIDs match when you are creating accounts for various types of users:
+<UL>
+<P><LI>If creating an AFS account for a user who already has a UNIX UID, see <A HREF="#HDRWQ459">Converting Existing UNIX Accounts with uss</A>.
+<P><LI>If some users in your cell have existing UNIX accounts but the user for
+whom you are creating an AFS account does not, then it is best to allow the
+Protection Server to allocate an AFS UID automatically. To avoid
+overlap of AFS UIDs with existing UNIX UIDs, set the Protection
+Database's <TT>max user id</TT> counter higher than the largest UNIX
+UID, using the instructions in <A HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<P><LI>If none of your users have existing UNIX accounts, allow the Protection
+Server to allocate AFS UIDs automatically, starting either at its default or
+at the value you have set for the <TT>max user id</TT> counter.
+</UL>
+<A NAME="IDX7610"></A>
+<A NAME="IDX7611"></A>
+<P><H3><A NAME="HDRWQ457" HREF="auagd002.htm#ToC_543">Specifying Passwords in the Local Password File</A></H3>
+<P>Authenticating with AFS is easiest for your users if you
+install and configure an AFS-modified login utility, which logs a user into
+the local file system and obtains an AFS token in one step. In this
+case, the local password file no longer controls a user's ability to
+login in most circumstances, because the AFS-modified login utility does not
+consult the local password file if the user provides the correct AFS
+password. You can nonetheless use a password file entry's password
+field (usually, the second field) in the following ways to control login and
+authentication:
+<UL>
+<P><LI>To prevent both local login and AFS authentication, place an asterisk ( *
+) in the field. This is useful mainly in emergencies, when you want to
+prevent a certain user from logging into the machine.
+<P><LI>To prevent login to the local file system if the user does not provide the
+correct AFS password, place a character string of any length other than the
+standard thirteen characters in the field. This is appropriate if you
+want to allow only people with local AFS accounts to log into to your
+machines. A single <B>X</B> or other character is the most easily
+recognizable way to do this.
+<P><LI>To enable a user to log into the local file system even after providing an
+incorrect AFS password, record a standard UNIX encrypted password in the field
+by issuing the standard UNIX password-setting command (<B>passwd</B> or
+equivalent).
+</UL>
+<P>If you do not use an AFS-modified login utility, you must place a standard
+UNIX password in the local password file of every client machine the user will
+use. The user logs into the local file system only, and then must issue
+the <B>klog</B> command to authenticate with AFS. It is simplest if
+the passwords in the local password file and the Authentication Database are
+the same, but this is not required.
+<A NAME="IDX7612"></A>
+<A NAME="IDX7613"></A>
+<A NAME="IDX7614"></A>
+<A NAME="IDX7615"></A>
+<A NAME="IDX7616"></A>
+<P><H3><A NAME="HDRWQ458" HREF="auagd002.htm#ToC_544">Creating a Common Source Password File</A></H3>
+<P>This section explains how to create a common source version
+of the local password file when using <B>uss</B> commands to create user
+accounts. The sequence of steps is as follows:
+<OL TYPE=1>
+<P><LI>Include an <B>E</B> instruction in the template file to create a
+one-line file that has the format of a local password file entry.
+<P><LI>Incorporate the one-line file into the common source version of the local
+password file. It makes sense to store this file in AFS. See the
+following two example scripts for automating this step.
+<P><LI>Distribute the common password file to each client machine, perhaps by
+using the AFS <B>package</B> utility as described in <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.
+</OL>
+<P>As an example, the template file used by the ABC Corporation includes the
+following <B>E</B> instruction to create a file called
+<B>passwd_</B><VAR>username</VAR> in the directory
+<B>/afs/.abc.com/common/etc/newaccts</B> (the entire
+contents of the template file appear in <A HREF="#HDRWQ471">Example uss Templates</A> and a full description of the <B>E</B> instruction
+appears in <A HREF="#HDRWQ476">Creating One-Line Files with the E Instruction</A>):
+<PRE> E /afs/.abc.com/common/etc/newaccts/passwd_$USER 0644 root \
+ "$USER:X:$UID:11:$NAME:$MTPT:/bin/csh"
+</PRE>
+<P>For the user Joe L. Smith with username <B>smith</B>, this
+instruction creates a file called <B>passwd_smith</B> which contains the
+following line:
+<PRE> smith:X:1205:11:Joe L. Smith:/afs/abc.com/usr/usr1/smith:/bin/csh
+</PRE>
+<P>A shell script is probably the easiest way to incorporate a set of files
+created in this manner into a common source password file, and two sample
+shell scripts appear here. To automate the process even further, you
+can create a <B>cron</B> process in a file server machine's
+<B>/usr/afs/local/BosConfig</B> directory to execute the shell script,
+perhaps each day at a given time; for details, see <A HREF="auagd009.htm#HDRWQ162">To create and start a new process</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The following example scripts are suggestions only. If you choose to
+use them, or to model similar scripts on them, you must test that your script
+has the desired result, preferably in a test environment.
+</TD></TR></TABLE>
+<P><B>Example C Shell Script</B>
+<P>The first example is a simple C shell script suitable for the ABC
+Corporation cell. It incorporates the individual files found in the
+<B>/afs/.abc.com/common/uss/newaccts</B> directory into a
+new version of the global password file found in the
+<B>/afs/.abc.com/common/etc</B> directory, sorting the files
+into alphabetical order. It takes care to save the current version with
+a <B>.old</B> extension, then removes the individual files when
+done.
+<PRE> set dir = /afs/.abc.com/common
+ cat $dir/uss/newaccts/passwd_* $dir/etc/passwd >! $dir/etc/passwd.new
+ mv $dir/etc/passwd $dir/etc/passwd.old
+ sort $dir/etc/passwd.new > $dir/etc/passwd
+ rm $dir/etc/passwd.new $dir/uss/newaccts/passwd_*
+</PRE>
+<P><B>Example Bourne Shell Script</B>
+<P>The second, more elaborate, example is a Bourne shell script that first
+verifies that there are new <B>passwd_</B><VAR>username</VAR> files to be
+incorporated into the global password file. While running, it checks
+that each new entry does not already exist. Like the shorter C shell
+example, it incorporates the individual files found in the
+<B>/afs/.abc.com/common/uss/newaccts</B> directory into a
+new version of the global <B>passwd</B> file found in the
+<B>/afs/.abc.com/common/etc</B> directory.
+<PRE> #!/bin/sh
+ DESTDIR=/afs/.abc.com/common/uss/newaccts
+ cd $DESTDIR
+ DEST=/afs/.abc.com/common/etc
+ cp /afs/.abc.com/common/etc/passwd /afs/.abc.com/common/uss/newaccts/passwd
+ echo "copied in passwd file."
+ PASSWD=/afs/.abc.com/common/uss/newaccts/passwd
+ ENTRIES=`ls passwd_*`
+ case $ENTRIES in
+ "")
+ echo No new entry found to be added to passwd file
+ ;;
+ *)
+ echo "Adding new users to passwd file."
+ for i in $ENTRIES
+ do
+ cat $i | awk -F: '{print $1 > "foo"}'
+ USER=`cat foo`
+ case `egrep -e \^$USER\: $PASSWD` in
+ "")
+ echo adding $USER
+ cat $i >> $PASSWD
+ ;;
+ *)
+ echo $USER already in passwd file
+ ;;
+ esac
+ mv $i ../old.passdir/done_${i}
+ done
+ cd /afs/.abc.com/common/uss/newaccts
+ echo "sorting password file"
+ sort ${PASSWD} > ${PASSWD}.sorted
+ echo "installing files"
+ install ${PASSWD}.sorted ${DEST}/passwd
+ echo "Password file is built, sorted and installed."
+ ;;
+ esac
+</PRE>
+<A NAME="IDX7617"></A>
+<A NAME="IDX7618"></A>
+<A NAME="IDX7619"></A>
+<HR><H2><A NAME="HDRWQ459" HREF="auagd002.htm#ToC_545">Converting Existing UNIX Accounts with uss</A></H2>
+<P>This section discusses the three main issues you need to
+consider if there are existing UNIX accounts to be converted to AFS
+accounts.
+<P><H3><A NAME="HDRWQ460" HREF="auagd002.htm#ToC_546">Making UNIX and AFS UIDs Match</A></H3>
+<P>As previously mentioned, AFS users must have an entry in the
+local password file on every client machine from which they access the AFS
+filespace as an authenticated user. Both administration and use are
+much simpler if the UNIX UID and AFS UID match. When converting
+existing UNIX accounts, you have two alternatives:
+<UL>
+<P><LI>Make the AFS UIDs match the existing UNIX UIDs. In this case, you
+need to assign the AFS UID yourself as you create an AFS account:
+<UL>
+<P><LI>If using the <B>uss add</B> command, include the <B>-uid</B>
+argument.
+<P><LI>If using the <B>uss bulk</B> command, specify the desired UID in the
+<VAR>uid</VAR> field of the <B>add</B> instruction in the bulk input
+file.
+</UL>
+<P>Because you are retaining the user's UNIX UID, you do not need to
+alter the UID in the local password file entry. However, if you are
+using an AFS-modified login utility, you possibly need to change the password
+field in the entry. For a discussion of how the value in the password
+field affects login with an AFS-modified login utility, see <A HREF="#HDRWQ455">Creating Local Password File Entries with uss</A>.
+<P>If now or in the future you need to create AFS accounts for users who do
+not have an existing UNIX UID, then you must guarantee that new AFS UIDs do
+not conflict with any existing UNIX UIDs. The simplest way is to set
+the <TT>max user id</TT> counter in the Protection Database to a value
+higher than the largest existing UNIX UID. See <A HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<P><LI>Change the existing UNIX UIDs to match the new AFS UIDs that the
+Protection Server assigns automatically.
+<P>Allow the Protection Server to allocate the AFS UIDs automatically as you
+create AFS accounts. For instructions on creating a new entry for the
+local password file during account creation, see <A HREF="#HDRWQ455">Creating Local Password File Entries with uss</A>.
+<P>There is one drawback to changing the UNIX UID: any files and
+directories that the user owned in the local file system before becoming an
+AFS user still have the former UID in their owner field. If you want
+the <B>ls -l</B> and <B>ls -ld</B> commands to display the correct
+owner, you must use the <B>chown</B> command to change the value to the
+user's new UID, whether you are leaving the file in the local file system
+or moving it to AFS. See <A HREF="#HDRWQ462">Moving Local Files into AFS</A>.
+</UL>
+<P><H3><A NAME="HDRWQ461" HREF="auagd002.htm#ToC_547">Setting the Password Field Appropriately</A></H3>
+<P>Existing UNIX accounts already have an entry in the local
+password file, probably with a (scrambled) password in the password
+field. You possibly need to change the value in the field, depending on
+the type of login utility you use:
+<UL>
+<P><LI>If the login utility is not modified for use with AFS, the actual password
+must appear (in scrambled form) in the password field of the local password
+file entry.
+<P><LI>If the login utility is modified for use with AFS, choose one of the
+acceptable values, each of which affects the login utility's behavior
+differently. See <A HREF="#HDRWQ455">Creating Local Password File Entries with uss</A>.
+</UL>
+<P>If you choose to place an actual password in a local password file entry,
+then you can define a dummy password when you use a template file <B>E</B>
+instruction to create the entry, as described in <A HREF="#HDRWQ476">Creating One-Line Files with the E Instruction</A>. Have the user issue the UNIX password-setting
+command (<B>passwd</B> or equivalent) to replace the dummy with an actual
+secret password.
+<P><H3><A NAME="HDRWQ462" HREF="auagd002.htm#ToC_548">Moving Local Files into AFS</A></H3>
+<P>New AFS users with existing UNIX accounts probably already
+own files and directories stored in a machine's local file system, and it
+usually makes sense to transfer them into the new home volume. The
+easiest method is to move them onto the local disk of an AFS client machine,
+and then use the UNIX <B>mv</B> command to transfer them into the
+user's new AFS home directory.
+<P>As you move files and directories into AFS, keep in mind that the meaning
+of their mode bits changes. AFS ignores the second and third sets of
+mode bits (group and other), and does not use the first set (the owner bits)
+directly, but only in conjunction with entries on the ACL (for details, see <A HREF="auagd020.htm#HDRWQ580">How AFS Interprets the UNIX Mode Bits</A>). Be sure that the ACL protects the file or directory
+at least as securely as the mode bits.
+<P>If you have chosen to change a user's UNIX UID to match a new AFS UID,
+you must change the ownership of UNIX files and directories as well.
+Only members of the <B>system:administrators</B> group can issue the
+<B>chown</B> command on files and directories once they reside in
+AFS.
+<A NAME="IDX7620"></A>
+<A NAME="IDX7621"></A>
+<A NAME="IDX7622"></A>
+<HR><H2><A NAME="HDRWQ463" HREF="auagd002.htm#ToC_549">Constructing a uss Template File</A></H2>
+<P>Creating user accounts with <B>uss</B> commands is
+generally more convenient than using individual commands. You control
+the account creation process just as closely, but the <B>uss</B> template
+file enables you to predefine many aspects of account configuration.
+Because you construct the template before issuing <B>uss</B> commands, you
+have time to consider configuration details carefully and correct syntax
+errors. The following list summarizes some further advantages of using
+a template:
+<UL>
+<P><LI>You do not have to remember the correct order in which to create or delete
+account components, or the order of each command's arguments, which
+reduces the likelihood of errors.
+<P><LI>You do not have to type the same information multiple times.
+Instead, you can place constants and variables in the template file that
+enable you to type as little on the command line as possible. See <A HREF="#HDRWQ465">Using Constants and Variables in the Template File</A>.
+<P><LI>You can create different templates for different types of users.
+Instead of having to remember which components differ for a given user,
+specify the appropriate template when issuing the <B>uss add</B> or
+<B>uss bulk</B> command.
+<P><LI>You can create any of the three types of AFS account (authentication-only,
+basic, or full) by including or omitting certain information in the template,
+as described in <A HREF="#HDRWQ464">Creating the Three Types of User Accounts</A>.
+</UL>
+<P>The following list briefly describes the instructions that can appear in a
+template file and points you to a later section for more details. It
+lists them in the order that is usually optimal for correct handling of
+dependencies between the different types of instruction.
+<DL>
+<P><DT><B><B>G</B>
+</B><DD>Defines a directory that is one of a set of parent directories into which
+the <B>uss</B> command interpreter evenly distributes newly created home
+directories. Place the corresponding template file variable, $AUTO, in
+the <VAR>mount_point</VAR> field of the <B>V</B> instruction. See <A HREF="#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A> and <A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P><DT><B><B>V</B>
+</B><DD>Creates a volume, mounts it as the user's home directory at a
+specified location in the AFS filespace, sets the volume's quota, and
+defines the owner and ACL for the directory. This instruction must
+appear in any template that is not empty (zero-length). See <A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P><DT><B><B>D</B>
+</B><DD>Creates a directory, generally a subdirectory of the new home directory,
+and sets its mode bits, owner, and ACL. See <A HREF="#HDRWQ474">Creating a Directory with the D Instruction</A>.
+<P><DT><B><B>F</B>
+</B><DD>Creates a file by copying a prototype and sets its mode bits and
+owner. See <A HREF="#HDRWQ475">Creating a File from a Prototype with the F Instruction</A>.
+<P><DT><B><B>E</B>
+</B><DD>Creates a single-line file by copying in the contents of the instruction
+itself, then sets the file's mode bits and owner. See <A HREF="#HDRWQ476">Creating One-Line Files with the E Instruction</A>.
+<P><DT><B><B>L</B>
+</B><DD>Creates a hard link. See <A HREF="#HDRWQ477">Creating Links with the L and S Instructions</A>.
+<P><DT><B><B>S</B>
+</B><DD>Creates a symbolic link. See <A HREF="#HDRWQ477">Creating Links with the L and S Instructions</A>.
+<P><DT><B><B>A</B>
+</B><DD>Improves account security by imposing restrictions on passwords and
+authentication attempts. See <A HREF="#HDRWQ478">Increasing Account Security with the A Instruction</A>.
+<P><DT><B><B>X</B>
+</B><DD>Executes a command. See <A HREF="#HDRWQ479">Executing Commands with the X Instruction</A>.
+</DL>
+<A NAME="IDX7623"></A>
+<A NAME="IDX7624"></A>
+<A NAME="IDX7625"></A>
+<P><H3><A NAME="HDRWQ464" HREF="auagd002.htm#ToC_550">Creating the Three Types of User Accounts</A></H3>
+<P>Using the <B>uss add</B> and <B>uss bulk</B>
+commands, you can create three types of accounts that differ in their levels
+of functionality. For a description of the types, see <A HREF="auagd007.htm#HDRWQ57">Configuring AFS User Accounts</A>. The following list explains how to construct a
+template for each type:
+<UL>
+<P><LI>To create an authentication-only account, create an empty (zero-length)
+template file. Such an account has only two components: entries
+in the Authentication Database and Protection Database.
+<P><LI>To create a basic account, include a <B>V</B> instruction, and
+<B>G</B> instructions if you want to distribute home directories evenly as
+described in <A HREF="#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A>. In addition to Authentication Database and
+Protection Database entries, this type of account includes a volume mounted at
+the home directory with owner and ACL set appropriately.
+<P><LI>To create a full account, include <B>D</B>, <B>E</B>,
+<B>F</B>, <B>L</B>, and <B>S</B> instructions as appropriate, in
+addition to the <B>V</B> and <B>G</B> instructions. This type
+of account includes configuration files for basic functions such as logging
+in, printing, and mail delivery. For a discussion of some useful types
+of configuration files, see <A HREF="auagd007.htm#HDRWQ60">Creating Standard Files in New AFS Accounts</A>.
+</UL>
+<A NAME="IDX7626"></A>
+<A NAME="IDX7627"></A>
+<A NAME="IDX7628"></A>
+<A NAME="IDX7629"></A>
+<P><H3><A NAME="HDRWQ465" HREF="auagd002.htm#ToC_551">Using Constants and Variables in the Template File</A></H3>
+<P>Each instruction in the <B>uss</B> template file has
+several fields that define the characteristics of the element that it
+creates. The <B>D</B> instruction's fields, for instance,
+define a directory's pathname, owner, mode bits, and ACL.
+<P>You can place three types of values in a field: a variable, a
+constant, or a combination of the two. The appropriate value depends on
+the desired configuration, and determines which arguments you provide to the
+<B>uss add</B> command or which fields you include in a bulk input file
+<B>add</B> instruction.
+<P>If an aspect of account configuration is the same for every user, define a
+constant value in the appropriate field by inserting a character
+string. For example, to assign a space quota of 10,000 KB to every user
+volume, place the string <B>10000</B> in the <B>V</B>
+instruction's <VAR>quota</VAR> field.
+<P>If, on the other hand, an aspect of account configuration varies for each
+user, put a variable in the appropriate field. When creating each
+account, provide a value for the variable by providing either the
+corresponding argument to the <B>uss add</B> command or a value in the
+corresponding field of the <B>add</B> instruction in the bulk input
+file.
+<P>The <B>uss</B> command suite defines a set of template variables, each
+of which has a corresponding source for its value, as summarized in <A HREF="#TBLWQ466">Table 3</A>. For a discussion of their intended uses, see the
+following sections about each template instruction (<A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A> through <A HREF="#HDRWQ479">Executing Commands with the X Instruction</A>).
+<BR>
+<P><B><A NAME="TBLWQ466" HREF="auagd004.htm#FT_TBLWQ466">Table 3. Source for values of uss template variables</A></B><BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>Variable</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>Source for value</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$AUTO
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Previous <B>G</B> instructions in template
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$MTPT
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-mount</B> argument to <B>uss add</B> command or
+<VAR>mount_point</VAR> field of bulk input file <B>add</B> instruction, when
+in <B>V</B> instruction; <B>V</B> instruction's
+<VAR>mount_point</VAR> field when in subsequent instructions
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$NAME
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-realname</B> argument to <B>uss add</B> command or
+<VAR>mount_point</VAR> field of bulk input file <B>add</B> instruction, if
+provided; otherwise, <B>-user</B> argument to <B>uss add</B>
+command or <VAR>username</VAR> field of in bulk input file <B>add</B>
+instruction
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$PART
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-partition</B> argument to <B>uss add</B> command or
+<VAR>partition</VAR> field of bulk input file <B>add</B> instruction
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$PWEXPIRES
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-pwexpires</B> argument to <B>uss add</B> command or
+<VAR>password_expires</VAR> field of bulk input file <B>add</B> instruction
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$SERVER
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-server</B> argument to <B>uss add</B> command or
+<VAR>file_server</VAR> field of bulk input file <B>add</B> instruction
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$UID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-uid</B> argument to <B>uss add</B> command or <VAR>uid</VAR>
+field of bulk input file <B>add</B> instruction, if provided;
+otherwise, allocated automatically by Protection Server
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$USER
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-user</B> argument to <B>uss add</B> command or
+<VAR>username</VAR> field of bulk input file <B>add</B> instruction
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$1 through $9
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-var</B> argument to <B>uss add</B> command or <VAR>var1</VAR>
+through <VAR>var9</VAR> fields of bulk input file <B>add</B> instruction
+</TD></TR></TABLE>
+<P>A common use of variables is to define the file server machine and
+partition that house the user's volume, which often vary from user to
+user. Place the $SERVER variable in the <B>V</B> instruction's
+<VAR>server</VAR> field, and the $PART variable in its <VAR>partition</VAR>
+field. If using the <B>uss add</B> command, provide the desired
+value with the <B>-server</B> and <B>-partition</B> arguments.
+If using the <B>uss bulk</B> command, provide the desired values in the
+<VAR>file_server</VAR> and <VAR>partition</VAR> fields of each user's
+<B>add</B> instruction in the bulk input file.
+<A NAME="IDX7630"></A>
+<A NAME="IDX7631"></A>
+<P>The variables $1 through $9 can be used to customize other aspects of the
+account. Provide a value for these variables with the <B>-var</B>
+argument to the <B>uss add</B> command or in the appropriate field of the
+bulk input file <B>add</B> instruction. The <B>-var</B>
+argument is unusual in that each instance for it has two parts: the
+number index and the value, separated by a space. For examples of the
+use of a number variable, see the discussions of the <VAR>mount_point</VAR> and
+<VAR>quota</VAR> fields in <A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P>If some aspect of account configuration is partly constant and partly
+variable, you can combine variables and constants in an instruction
+field. For example, suppose that the ABC Corporation mounts user
+volumes in the <B>/afs/abc.com/usr</B> directory. That part
+of the pathname is constant, but the name of the mount point and home
+directory is the user's username, which corresponds to the $USER
+variable. To configure accounts in this way, combine a constant string
+and a variable in the <B>V</B> instruction's <VAR>mount_point</VAR>
+field as follows:
+<PRE> /afs/abc.com/usr/$USER
+</PRE>
+<P>Then provide the value for the $USER variable with the <B>-user</B>
+argument to the <B>uss add</B> command, or in the <VAR>username</VAR> field
+of each user's <B>add</B> instruction in the bulk input file.
+<A NAME="IDX7632"></A>
+<A NAME="IDX7633"></A>
+<P><H3><A NAME="HDRWQ468" HREF="auagd002.htm#ToC_552">Where to Place Template Files</A></H3>
+<P>A template must be available to the <B>uss</B> command
+interpreter as it executes a <B>uss add</B> or <B>uss bulk</B>
+command, even if it is the zero-length file appropriate for creating an
+authentication-only account.
+<P>If you do not provide the <B>-template</B> argument to the <B>uss
+add</B> or <B>uss bulk</B> command, then the command interpreter
+searches for a template file called <B>uss.template</B> in each of
+the following directories in turn:
+<OL TYPE=1>
+<P><LI>The current working directory
+<P><LI><B>/afs/<VAR>cellname</VAR>/common/uss</B>, where <VAR>cellname</VAR> is
+the local cell
+<P><LI><B>/etc</B>
+</OL>
+<P>To use a template file with a different name or stored in a different
+directory, include the <B>-template</B> argument to the <B>uss add</B>
+or <B>uss bulk</B> command. If you provide a filename only, the
+command interpreter looks for it in the directories listed just
+previously. If you provide a pathname and filename, it looks only in
+the specified directory, interpreting a partial pathname relative to the
+current working directory.
+<A NAME="IDX7634"></A>
+<A NAME="IDX7635"></A>
+<P><H3><A NAME="HDRWQ469" HREF="auagd002.htm#ToC_553">Some General Rules for Constructing a Template</A></H3>
+<P>This section summarizes some general rules to follow when
+constructing a template file. For each instruction's syntax
+definition, see the following sections (<A HREF="#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A> through <A HREF="#HDRWQ479">Executing Commands with the X Instruction</A>).
+<UL>
+<P><LI>If a variable takes its value from an element elsewhere within the
+template, the definition must precede the reference. Putting the
+instruction lines in the following order usually results in correct resolution
+of variables:
+<P><B>G V D F E L S A X</B>
+<P><LI>The fields in each instruction must appear in the order specified by the
+instruction's syntax definition, which appear in the following sections
+about each instruction. You cannot omit a field. Separate each
+field from its neighbors with one or more spaces.
+<P><LI>When specifying a pathname, provide a full one. Partial pathnames
+are interpreted relative to the current working directory (the one in which
+the <B>uss</B> command is issued), with possibly unintended
+results.
+<P><LI>Each instruction must appear on a single line in the template file, with a
+newline character (<B><Return></B>) only at the end of the
+instruction. Some example instructions appear in this document on more
+than one line, but that is only for legibility.
+<P><LI>Provide a value for every variable that appears in the template by
+including the corresponding argument to the <B>uss add</B> command or
+placing a value in the corresponding field of the bulk input file
+<B>add</B> instruction. A missing value halts the entire creation
+operation. If a variable does not appear in the template file, the
+command interpreter ignores the corresponding command-line argument or field
+in the bulk input file, even if you provide it.
+<P><LI>You can use blank lines in the template file to increase its
+legibility. If you place comments in the file, begin each comment line
+with the number sign (<B>#</B>).
+</UL>
+<P><H3><A NAME="HDRWQ470" HREF="auagd002.htm#ToC_554">About Creating Local Disk Directories and Files</A></H3>
+<P>It is possible to use the <B>D</B>, <B>E</B>, and
+<B>F</B> instructions to create directories or files in the local file
+system of the machine on which you are issuing the <B>uss</B> command, but
+that usage is not recommended. It introduces two potential
+complications:
+<UL>
+<P><LI>The local file system automatically assigns ownership of a new local disk
+directory or file to its creator. Because you are the issuer of the
+<B>uss</B> command that is creating the object, it records your current
+UNIX UID. If that is not appropriate and you want to designate another
+owner as the object is created, then you must be logged in as the local
+superuser <B>root</B> (the local file system allows only the
+<B>root</B> user to issue the UNIX <B>chown</B> command, which the
+<B>uss</B> command interpreter invokes to change the owner from the
+default value). You must also use the <B>-admin</B> argument to the
+<B>uss add</B> or <B>uss bulk</B> command to authenticate as a
+privileged AFS administrator. Only an administrator can create
+Authentication Database and Protection Database entries, which the
+<B>uss</B> command interpreter always creates as part of a new
+account.
+<P>The alternative is to become the local superuser <B>root</B> after the
+<B>uss</B> operation completes, and issue the necessary <B>chown</B>
+command then. However, that makes the account creation process that
+much less automated.
+<P><LI>Creating a local disk directory always generates an error message because
+the <B>uss</B> command interpreter cannot successfully set a local
+directory's ACL. The directory is created nevertheless, and a
+value still must appear in the <B>D</B> instruction's <VAR>ACL</VAR>
+field.
+</UL>
+<P>The recommended method for configuring a machine's local disk is to
+use the AFS <B>package</B> utility instead; see <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.
+<A NAME="IDX7636"></A>
+<A NAME="IDX7637"></A>
+<P><H3><A NAME="HDRWQ471" HREF="auagd002.htm#ToC_555">Example uss Templates</A></H3>
+<P>This section describes example templates for the basic and
+full account types (the template for an authentication-only account is
+empty).
+<P>The first example creates a basic account. It contains two
+<B>G</B> instructions and a <B>V</B> instruction that defines the
+volume name, file server machine, partition, quota in kilobytes, mount point,
+home directory owner, and home directory access control list. In the
+ABC Corporation cell, a suitable template is:
+<PRE> G /afs/.abc.com/usr1
+ G /afs/.abc.com/usr2
+ V user.$USER $SERVER.abc.com /vicep$PART 5000 $AUTO/$USER $UID \
+ $USER all staff rl
+</PRE>
+<P>When issuing the <B>uss add</B> command with this type of template,
+provide the following arguments:
+<UL>
+<P><LI><B>-user</B> to specify the username for the $USER variable
+<P><LI><B>-server</B> to specify the unique part of the file server machine
+name for the $SERVER variable
+<P><LI><B>-partition</B> to specify the unique part of the partition name for
+the $PART variable
+</UL>
+<P>The Protection Server automatically assigns an AFS UID for the $UID
+variable, and the <B>G</B> instructions provide a value for the $AUTO
+variable.
+<P>The following example template file creates a full account in the ABC
+Corporation cell. The following sections about each type of instruction
+describe the effect of the examples. Note that the <B>V</B> and
+<B>E</B> instructions appear on two lines each only for the sake of
+legibility.
+<PRE> #
+ # Specify the available grouping directories
+ #
+ G /afs/.abc.com/usr1
+ G /afs/.abc.com/usr2
+ #
+ # Create the user's home volume
+ #
+ V user.$USER $SERVER.abc.com /vicep$PART 5000 /afs/.abc.com/$AUTO/$USER \
+ $UID $USER all abc:staff rl
+ #
+ # Create directories and files for mail
+ #
+ D $MTPT/.MESSAGES 0700 $UID $USER all abc:staff none
+ D $MTPT/.Outgoing 0700 $UID $USER rlidwk postman rlidwk
+ D $MTPT/Mailbox 0700 $UID $USER all abc:staff none system:anyuser lik
+ #
+ # Here are some useful scripts for login etc.
+ #
+ F $MTPT/.Xbiff 0755 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/.Xresources 0644 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/.Xsession 0755 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/.cshrc 0755 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/.login 0755 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/.logout 0755 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/.twmrc 0644 $UID /afs/abc.com/admin/user/proto
+ F $MTPT/preferences 0644 $UID /afs/abc.com/admin/user/proto
+ #
+ # Make a passwd entry
+ #
+ E /afs/.abc.com/common/etc/newaccts/passwd_$USER 0644 root \
+ "$USER:X:$UID:11:$NAME:$MTPT:/bin/csh"
+ #
+ # Put in the standard password/authentication checks
+ #
+ A $USER 250 noreuse 9 25
+ #
+ # Create and mount a public volume for the user
+ #
+ X "create_public_vol $USER $1 $2"
+ #
+ # Here we set up the symbolic link to public directory
+ #
+ S /afs/abc.com/public/$USER $MTPT/public
+</PRE>
+<A NAME="IDX7638"></A>
+<A NAME="IDX7639"></A>
+<A NAME="IDX7640"></A>
+<A NAME="IDX7641"></A>
+<A NAME="IDX7642"></A>
+<P><H3><A NAME="HDRWQ472" HREF="auagd002.htm#ToC_556">Evenly Distributing User Home Directories with the G Instruction</A></H3>
+<P>In cells with thousands of user accounts, it often makes
+sense to distribute the mount points for user volumes into multiple parent
+directories, because placing them all in one directory noticeably slows down
+directory lookup when a user home directory is accessed. A possible
+solution is to create parent directories that group user home directories
+alphabetically, or that reflect divisions like academic or corporate
+departments. However, in a really large cell, some such groups can
+still be large enough to slow directory lookup, and users who belong to those
+groups are unfairly penalized every time they access their home
+directory. Another drawback to groupings that reflect workplace
+divisions is that you must move mount points when users change departmental
+affiliation.
+<P>An alternative is an even distribution of user home directories into
+multiple parent directories that do not represent workplace divisions.
+The <B>uss</B> command suite enables you to define a list of directories
+by placing a <B>G</B> instruction for each one at the top of the template
+file, and then using the $AUTO variable in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field. When the <B>uss</B> command interpreter
+encounters the $AUTO variable, it substitutes the directory named by a
+<B>G</B> instruction that currently has the fewest entries.
+(Actually, the $AUTO variable can appear in any field that includes a
+pathname, in any type of instruction. In all cases, the command
+interpreter substitutes the directory that currently has the fewest
+entries.)
+<P>The <B>G</B> instruction's syntax is as follows:
+<PRE> G <VAR>directory</VAR>
+</PRE>
+<P>where <VAR>directory</VAR> specifies either a complete directory pathname or
+only the final element (the directory itself). The choice determines
+the appropriate value to place in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field.
+<P>Specify the read/write path to each directory, to avoid the failure that
+results when you attempt to create a new mount point in a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P>For example, the ABC Corporation example template for a full account in <A HREF="#HDRWQ471">Example uss Templates</A> defines two directories:
+<PRE> G /afs/.abc.com/usr1
+ G /afs/.abc.com/usr2
+</PRE>
+<P>and puts the value <B>$AUTO/$USER</B> in the <B>V</B>
+instruction's <VAR>mount_point</VAR> field. An alternative with the
+same result is to define the directories as follows:
+<PRE> G usr1
+ G usr2
+</PRE>
+<P>and specify a more complete pathname in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field:
+<B>/afs/.abc.com/$AUTO/$USER</B>.
+<A NAME="IDX7643"></A>
+<A NAME="IDX7644"></A>
+<A NAME="IDX7645"></A>
+<A NAME="IDX7646"></A>
+<A NAME="IDX7647"></A>
+<A NAME="IDX7648"></A>
+<P><H3><A NAME="HDRWQ473" HREF="auagd002.htm#ToC_557">Creating a Volume with the V Instruction</A></H3>
+<P>Unless the template file is empty (zero-length), one and
+only one <B>V</B> instruction must appear in it. (To create other
+volumes for a user as part of a <B>uss</B> account-creation operation, use
+the <B>X</B> instruction to invoke the <B>vos create</B> command or a
+script that invokes that command along with others, such as the <B>fs
+mkmount</B> command. For an example, see <A HREF="#HDRWQ479">Executing Commands with the X Instruction</A>.)
+<P>The <B>V</B> instruction defines the following AFS entities:
+<UL>
+<P><LI>A volume and associated VLDB entry
+<P><LI>The volume's site (file server machine and partition)
+<P><LI>The volume's mount point in the AFS filespace, which becomes the
+user's home directory
+<P><LI>The volume's space quota
+<P><LI>The home directory's owner, usually the new user
+<P><LI>The home directory's ACL, which normally at least grants all
+permissions to the user
+</UL>
+<P>The following discussion of the fields in a <B>V</B> instruction refers
+to the example in the full account template from <A HREF="#HDRWQ471">Example uss Templates</A> (the instruction appears here on two lines only for
+legibility):
+<PRE> V user.$USER $SERVER.abc.com /vicep$PART 5000 \
+ /afs/.abc.com/$AUTO/$USER $UID $USER all abc:staff rl
+</PRE>
+<P>The <B>V</B> instruction's syntax is as follows:
+<PRE> V <VAR>volume_name</VAR> <VAR>server</VAR> <VAR>partition</VAR> <VAR>quota</VAR> <VAR>mount_point</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>V</B>
+</B><DD>Indicates a volume creation instruction.
+<P><DT><B><VAR>volume_name</VAR>
+</B><DD>Specifies the volume's name as recorded in the VLDB.
+<P>To follow the convention of including the user's name as part of the
+volume name, include the $USER variable in this field. The variable
+takes its value from the <B>-user</B> argument to the <B>uss add</B>
+command or from the bulk input file <B>add</B> instruction's
+<VAR>username</VAR> field.
+<P>The ABC Corporation example uses the value <B>user.$USER</B> to
+assign the conventional volume name,
+<B>user.</B><VAR>username</VAR>. When creating an account for
+user <B>smith</B>, for example, you then include <B>-user smith</B> as
+an argument to the <B>uss add</B> command, or place the value
+<B>smith</B> in the bulk input file <B>add</B> instruction's
+<VAR>username</VAR> field.
+<P><DT><B><VAR>server</VAR>
+</B><DD>Names the file server machine on which to create the new volume. It
+is best to provide a fully qualified host name (for example,
+<B>fs1.abc.com</B>), but an abbreviated form is acceptable
+if the cell's naming service is available to resolve it at the time the
+volume is created.
+<P>To place different users' volumes on different file server machines,
+use the $SERVER variable in this field, and provide a value for it either with
+the <B>-server</B> argument to the <B>uss add</B> command or in the
+<VAR>server</VAR> field of the bulk input file <B>add</B>
+instruction. One easy way to specify a fully qualified hostname without
+having to type it completely on the command line is to combine a constant and
+the $SERVER variable. Specifically, the constant specifies the
+domain-name suffix common to all the file server machines.
+<P>In the ABC Corporation example, all of the file server machines in the cell
+share the <B>abc.com</B> domain name suffix, so the <VAR>server</VAR>
+field combines a variable and constant:
+<B>$SERVER.abc.com</B>. To place the new volume on
+the machine <B>fs1.abc.com</B>, you then include
+<B>-server fs1</B> as an argument to the <B>uss add</B> command, or
+place the value <B>fs1</B> in the bulk input file <B>add</B>
+instruction's <VAR>server</VAR> field.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Specifies the partition on which to create the user's volume; it
+must be on the file server machine named in the <VAR>server</VAR> field.
+Identify the partition by its complete name (for example, <B>/vicepa</B>)
+or use one of the abbreviations listed in <A HREF="auagd023.htm#HDRWQ615">Rules for Using Abbreviations and Aliases</A>.
+<P>To place different users' volumes on different partitions, use the
+$PART variable in this field, and provide a value for it either with the
+<B>-partition</B> argument to the <B>uss add</B> command or in the
+<VAR>partition</VAR> field of the bulk input file <B>add</B>
+instruction. Because all full partition names start with the
+<B>/vicep</B> string, it is convenient to combine that string as a
+constant with the $PART variable.
+<P>The ABC Corporation example template combines the constant string
+<B>/vicep</B> and the $PART variable in this way, as
+<B>/vicep$PART</B>.
+<A NAME="IDX7649"></A>
+<A NAME="IDX7650"></A>
+<A NAME="IDX7651"></A>
+<A NAME="IDX7652"></A>
+<P><DT><B><VAR>quota</VAR>
+</B><DD>Sets the maximum number of kilobyte blocks the volume can occupy on the
+file server machine's disk. It must be an integer. If you
+assign the same quota to all user volumes, specify a constant value. To
+assign different quotas to different volumes, place one of the number
+variables ($1 through $9) in this field, and provide a value for it either
+with the <B>-var</B> argument to the <B>uss add</B> command or in the
+appropriate field of the bulk input file <B>add</B> instruction.
+<P>The ABC Corporation example grants a 5000 KB initial quota to every new
+user.
+<A NAME="IDX7653"></A>
+<A NAME="IDX7654"></A>
+<A NAME="IDX7655"></A>
+<A NAME="IDX7656"></A>
+<P><DT><B><VAR>mount_point</VAR>
+</B><DD>Creates a mount point for the volume, which serves as the volume's
+root directory and the user's home directory. By convention, user
+home directory names include the username, which you can read in by including
+the $USER variable in this field.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to create the new mount point in a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). If you use the $AUTO variable
+in this field, the directories named by each <B>G</B> instruction possibly
+already indicate the read/write path. For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P>If other parts of the mount point name also vary from user to user, you can
+use the $MTPT variable in this field, and provide a value with the <B>uss
+add</B> command's <B>-mount</B> argument or in the
+<VAR>mount_point</VAR> field of a bulk input file <B>add</B>
+instruction. Note, however, that when the $MTPT variable appears in
+subsequent instructions in the template (usually, in <B>D</B>,
+<B>E</B>, or <B>F</B> instructions), it instead takes as its value the
+complete contents of this field.
+<P>Combine constants and variables based on how you have decided to group home
+directories together in one or more parent directories. Note that the
+parent directories must already exist before you run a <B>uss add</B> or
+<B>uss bulk</B> command that references the template. Possibilities
+for grouping home directories include the following:
+<A NAME="IDX7657"></A>
+<P>
+<UL>
+<P><LI>Placing all user home directories in a single parent directory; the
+name <B>/afs/</B><VAR>cellname</VAR><B>/usr</B> is an AFS-appropriate
+variation on the UNIX <B>/usr</B> convention. This choice is most
+appropriate for a cell with a small number of user accounts. The
+simplest way to implement this choice is to combine a constant string and the
+$USER variable, as in <B>/afs/.abc.com/usr/$USER</B>.
+<P><LI>Distributing home directories evenly into a set of parent directories that
+do not correspond to workplace divisions. This choice is appropriate in
+cells with tens of thousands of accounts, where the number of home directories
+is large enough to slow directory lookup significantly if they all reside
+together in one parent directory, but distribution according to workplace
+divisions is not feasible.
+<P>The $AUTO variable is designed to distribute home directories evenly in
+this manner. As explained in <A HREF="#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A>, the <B>uss</B> command interpreter substitutes the
+directory that is defined by a preceding <B>G</B> template instruction and
+that currently has the fewest entries. The example ABC Corporation
+template illustrates this choice by using the value
+<B>/afs/.abc.com/$AUTO/$USER</B>.
+<P><LI>Distributing home directories into multiple directories that reflect
+divisions like academic or corporate departments. Perhaps the simplest
+way to implement this scheme is to use the $MTPT variable to represent the
+department, as in
+<B>/afs/.ghi.com/usr/$MTPT/$USER</B>. You then
+provide <B>-user smith</B> and <B>-mount acctg</B> arguments to the
+<B>uss add</B> command to create the mount point
+<B>/afs/.ghi.com/usr/acctg/smith</B>.
+<P><LI>Distributing home directories into alphabetic subdirectories of
+<B>usr</B> (<B>usr/a</B>, <B>usr/b</B> and so on), based on the
+first letter or letters in the username. The advantage is that knowing
+the username enables you easily to locate a home directory. A potential
+drawback is that the distribution is not likely to be even, and if there are a
+large number of accounts, then slowed directory lookup unfairly affects users
+whose names begins with popular letters.
+<P>Perhaps the simplest way to implement this scheme is to use the $MTPT
+variable to represent the letter or letters, as in
+<B>/afs/.jkl.com/usr/$MTPT/$USER</B>. Then provide
+the <B>-user smith</B> and <B>-mount s/m</B> arguments to the <B>uss
+add</B> command to create the mount point
+<B>/afs/.jkl.com/usr/s/m/smith</B>.
+</UL>
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UID of the user to be designated the mount
+point's owner in the output from the UNIX <B>ls -ld</B>
+command. To follow the standard convention for home directory
+ownership, use the $UID variable in this field, as in the ABC Corporation
+example template. The Protection Server then automatically assigns an
+AFS UID unless you provide the <B>-uid</B> argument to the <B>uss
+add</B> command or fill in the <VAR>uid</VAR> field in the bulk input file
+<B>add</B> instruction. (If you are converting existing UNIX
+accounts, see the discussion of additional considerations in <A HREF="#HDRWQ459">Converting Existing UNIX Accounts with uss</A>.)
+<A NAME="IDX7658"></A>
+<A NAME="IDX7659"></A>
+<A NAME="IDX7660"></A>
+<A NAME="IDX7661"></A>
+<P><DT><B><VAR>ACL</VAR>
+</B><DD>Sets the ACL on the new home directory. Provide one or more paired
+values, each pair consisting of an AFS username or group name and the desired
+permissions, in that order (a group name must already exist in the Protection
+Database to be used). Separate the two parts of the pair, and each
+pair, with a space. For a discussion of the available permissions, see <A HREF="auagd020.htm#HDRWQ567">The AFS ACL Permissions</A>.
+<P>At minimum, grant all permissions to the new user by including the value
+<B>$USER all</B> in this field. The File Server automatically
+grants all permissions to the <B>system:administrators</B> group as
+well. You cannot grant permissions to the issuer of the <B>uss</B>
+command, because as the last step in account creation the <B>uss</B>
+command interpreter automatically deletes that user from any ACLs set during
+the creation process.
+<P>The ABC Corporation example uses the following value to grant all
+permissions to the new user and <B>r</B> (<B>read</B>) and
+<B>l</B> (<B>lookup</B>) permissions to the members of the
+<B>abc:staff</B> group:
+<P><B>$USER all abc:staff rl</B>
+</DL>
+<A NAME="IDX7662"></A>
+<A NAME="IDX7663"></A>
+<A NAME="IDX7664"></A>
+<A NAME="IDX7665"></A>
+<A NAME="IDX7666"></A>
+<A NAME="IDX7667"></A>
+<P><H3><A NAME="HDRWQ474" HREF="auagd002.htm#ToC_558">Creating a Directory with the D Instruction</A></H3>
+<P>Each <B>D</B> instruction in the template file creates a
+directory; there is no limit on the number of them in the
+template. If a <B>D</B> instruction creates a subdirectory in a new
+user's home directory (its intended use), then it must follow the
+<B>V</B> instruction. Creating a directory on the local disk of the
+machine where the <B>uss</B> command runs is not recommended for the
+reasons outlined in <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P>The following discussion of the fields in a <B>D</B> instruction refers
+to one of the examples in the full account template in <A HREF="#HDRWQ471">Example uss Templates</A>:
+<PRE> D $MTPT/Mailbox 0700 $UID $USER all abc:staff none system:anyuser lik
+</PRE>
+<P>The <B>D</B> instruction's syntax is as follows:
+<PRE> D <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>D</B>
+</B><DD>Indicates a directory creation instruction.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the directory's full pathname. If it is a
+subdirectory of the user's home directory, it is simplest to use the
+$MTPT variable to specify the home directory pathname. When the $MTPT
+variable appears in a <B>D</B> instruction, it takes its value from the
+preceding <B>V</B> instruction's <VAR>mount_point</VAR> field (this
+dependency is why a <B>D</B> instruction must follow the <B>V</B>
+instruction).
+<P>Specify the read/write pathname to the directory, to avoid the failure that
+results when you attempt to create a new directory in a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). If you use the $MTPT variable
+in this field, the value in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field possibly already indicates the read/write
+path. For further discussion of the concept of read/write and read-only
+paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P>The ABC Corporation example uses the value <B>$MTPT/Mailbox</B> to
+place the <B>Mailbox</B> subdirectory in the user's home
+directory.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the directory's UNIX mode bits. Acceptable values are
+the standard three- or four-digit numbers corresponding to a combination of
+permissions. Examples: <B>0755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>0644</B> to <B>rw-r--r--</B>. The
+first (owner) <B>x</B> bit must be turned on to enable access to a
+directory.
+<P>The ABC Corporation example uses the value <B>0700</B> to set the mode
+bits on the <B>Mailbox</B> subdirectory to <B>rwxr-----</B>.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UID of the user to be designated the
+directory's owner in the output from the UNIX <B>ls -ld</B>
+command.
+<P>If the directory resides in AFS, place the $UID variable in this field, as
+in the ABC Corporation example template. The Protection Server then
+automatically assigns an AFS UID unless you provide the <B>-uid</B>
+argument to the <B>uss add</B> command or fill in the <VAR>uid</VAR> field
+in the bulk input file <B>add</B> instruction. (If you are
+converting existing UNIX accounts, see the discussion of additional
+considerations in <A HREF="#HDRWQ459">Converting Existing UNIX Accounts with uss</A>.)
+<P>If the directory resides on the local disk, it is simplest to specify the
+username or UNIX UID under which you are issuing the <B>uss</B>
+command. For a discussion of the complications that arise from
+designating another user, see <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<A NAME="IDX7668"></A>
+<A NAME="IDX7669"></A>
+<A NAME="IDX7670"></A>
+<A NAME="IDX7671"></A>
+<P><DT><B><VAR>ACL</VAR>
+</B><DD>Sets the ACL on the new directory. Provide one or more paired
+values, each pair consisting of an AFS username or group name and the desired
+permissions, in that order (a group name must already exist in the Protection
+Database to be used). Separate the two parts of the pair, and each
+pair, with a space. For a description of the available permissions, see
+<A HREF="auagd020.htm#HDRWQ567">The AFS ACL Permissions</A>.
+<P>At minimum, grant all permissions to the new user by including the value
+<B>$USER all</B>. You cannot grant permissions to the issuer of the
+<B>uss</B> command, because as the last step in account creation the
+<B>uss</B> command interpreter automatically deletes that user from any
+ACLs set during the creation process. An error message always appears
+if the directory is on the local disk, as detailed in <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P>The ABC Corporation example uses the following value to grant all
+permissions to the new user, no permissions to the members of the
+<B>abc:staff</B> group, and the <B>l</B> (<B>lookup</B>),
+<B>i</B> (<B>insert</B>), and <B>k</B> (<B>lock</B>)
+permissions to the members of the <B>system:anyuser</B> group:
+<P><B>$USER all abc:staff none system:anyuser lik</B>
+<P>It grants such extensive permissions to the <B>system:anyuser</B>
+group to enable any system user (including a mail-delivery daemon) to insert
+mail into the <B>Mailbox</B> directory. The absence of the
+<B>r</B> (<B>read</B>) permission prevents members of the
+<B>system:anyuser</B> group from reading the mail files.
+</DL>
+<A NAME="IDX7672"></A>
+<A NAME="IDX7673"></A>
+<A NAME="IDX7674"></A>
+<A NAME="IDX7675"></A>
+<A NAME="IDX7676"></A>
+<A NAME="IDX7677"></A>
+<P><H3><A NAME="HDRWQ475" HREF="auagd002.htm#ToC_559">Creating a File from a Prototype with the F Instruction</A></H3>
+<P>Each <B>F</B> instruction in the template file creates a
+file by copying the contents of an existing prototype file; there is no
+limit on the number of them in the template, and each can refer to a different
+prototype. If an <B>F</B> instruction creates a file in a new
+user's home directory or a subdirectory of it (the intended use), then it
+must follow the <B>V</B> or <B>D</B> instruction that creates the
+parent directory. Creating a file on the local disk of the machine
+where the <B>uss</B> command runs is not recommended for the reasons
+detailed in <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P>The <B>E</B> instruction also creates a file, but the two types of
+instruction have complementary advantages. Files created with an
+<B>E</B> instruction can be customized for each user, because variables
+can appear in the field that specifies the contents of the file. In
+contrast, the contents of a file created using the <B>F</B> instruction
+are the same for every user. An <B>E</B> file can be only a single
+line, however, whereas an <B>F</B> file can be any length.
+<P>The following discussion of the fields in a <B>F</B> instruction refers
+to one of the examples in the full account template in <A HREF="#HDRWQ471">Example uss Templates</A>:
+<PRE> F $MTPT/.login 0755 $UID /afs/abc.com/admin/user/proto
+</PRE>
+<P>The <B>F</B> instruction's syntax is as follows:
+<PRE> F <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>prototype_file</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>F</B>
+</B><DD>Indicates a file creation instruction.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the full pathname of the file to create, including the
+filename. If it resides in the user's home directory or a
+subdirectory of it, it is simplest to use the $MTPT variable to specify the
+home directory pathname. When the $MTPT variable appears in an
+<B>F</B> instruction, it takes its value from the preceding <B>V</B>
+instruction's <VAR>mount_point</VAR> field (this dependency is why an
+<B>F</B> instruction must follow the <B>V</B> instruction).
+<P>Specify the read/write path to the file, to avoid the failure that results
+when you attempt to create a new file in a read-only volume. By
+convention, you indicate the read/write path by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). If you use the $MTPT variable
+in this field, the value in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field possibly already indicates the read/write
+path. For further discussion of the concept of read/write and read-only
+paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P>The ABC Corporation example uses the value <B>$MTPT/.login</B>
+to place a file called <B>.login</B> in the user's home
+directory.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the file's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to a combination of
+permissions. Examples: <B>0755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>0644</B> to <B>rw-r--r--</B>.
+<P>The ABC Corporation example uses the value <B>0755</B> to set the mode
+bits on the <B>.login</B> file to <B>rwxr-xr-x</B>.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UID of the user to be designated the file's
+owner in the output from the UNIX <B>ls -l</B> command.
+<P>If the file resides in AFS, place the $UID variable in this field, as in
+the ABC Corporation example template. The Protection Server then
+automatically assigns an AFS UID unless you provide the <B>-uid</B>
+argument to the <B>uss add</B> command or fill in the <VAR>uid</VAR> field
+in the bulk input file <B>add</B> instruction. (If you are
+converting existing UNIX accounts, see the discussion of additional
+considerations in <A HREF="#HDRWQ459">Converting Existing UNIX Accounts with uss</A>.)
+<P>If the file resides on the local disk, it is simplest to specify the
+username or UNIX UID under which you are issuing the <B>uss</B>
+command. For a discussion of the complications that arise from
+designating another user, see <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P><DT><B><VAR>prototype_file</VAR>
+</B><DD>Names the AFS or local directory that houses the prototype file to
+copy. The prototype file's name must match the final element in
+the <VAR>pathname</VAR> field.
+<P>The ABC Corporation example references a prototype file called
+<B>.login</B> in the directory
+<B>/afs/abc.com/admin/user/proto</B>.
+</DL>
+<A NAME="IDX7678"></A>
+<A NAME="IDX7679"></A>
+<A NAME="IDX7680"></A>
+<A NAME="IDX7681"></A>
+<A NAME="IDX7682"></A>
+<A NAME="IDX7683"></A>
+<P><H3><A NAME="HDRWQ476" HREF="auagd002.htm#ToC_560">Creating One-Line Files with the E Instruction</A></H3>
+<P>Each <B>E</B> instruction in the template file creates a
+file by echoing a specified single line into it; there is no limit on the
+number of them in the template. If an <B>E</B> instruction creates
+a file in a new user's home directory or a subdirectory of it (the
+intended use), then it must follow the <B>V</B> or <B>D</B>
+instruction that creates the parent directory. Creating a file on the
+local disk of the machine where the <B>uss</B> command runs is not
+recommended for the reasons detailed in <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P>The <B>F</B> instruction also creates a file, but the two types of
+instruction have complementary advantages. Files created with an
+<B>E</B> instruction can be customized for each user, because variables
+can appear in the field that specifies the contents of the file. The
+command interpreter replaces the variables with appropriate values before
+creating the file. In contrast, the contents of a file created using
+the <B>F</B> instruction are the same for every user. An
+<B>E</B> file can be only a single line, however, whereas an <B>F</B>
+file can be any length.
+<P>The <B>E</B> instruction is particularly suited to creating an entry
+for the new user in the cell's common source password file, which is then
+copied to client machines to serve as the local password file
+(<B>/etc/passwd</B> or equivalent). The following discussion of the
+fields refers to an example of this type of use, from the ABC
+Corporation's full account template shown in <A HREF="#HDRWQ471">Example uss Templates</A>. For further discussion of how to
+incorporate the files created in this way into a common source password file,
+see <A HREF="#HDRWQ458">Creating a Common Source Password File</A>.
+<PRE> E /afs/.abc.com/common/etc/newaccts/passwd_$USER 0644 root \
+ "$USER:X:$UID:11:$NAME:$MTPT:/bin/csh"
+</PRE>
+<P>The <B>E</B> instruction's syntax is as follows:
+<PRE> E <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> "<VAR>contents</VAR>"
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>E</B>
+</B><DD>Indicates a file creation instruction.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the full pathname of the file to create, including the
+filename. It can include variables. If it resides in the
+user's home directory or a subdirectory of it, it is simplest to use the
+$MTPT variable to specify the home directory pathname. When the $MTPT
+variable appears in an <B>E</B> instruction, it takes its value from the
+preceding <B>V</B> instruction's <VAR>mount_point</VAR> field (this
+dependency is why an <B>E</B> instruction must follow the <B>V</B>
+instruction.)
+<P>Specify the read/write path to the file, to avoid the failure that results
+when you attempt to create a new file in a read-only volume. By
+convention, you indicate the read/write path by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). If you use the $MTPT variable
+in this field, the value in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field possibly already indicates the read/write
+path. For further discussion of the concept of read/write and read-only
+paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P>The ABC Corporation example writes the file created by the <B>E</B>
+instruction to <B>/afs/.abc.com/common/etc/newaccts</B>
+directory, naming it after the new user:
+<PRE> /afs/.abc.com/common/etc/newaccts/passwd_$USER
+</PRE>
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the file's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to a combination of
+permissions. Examples: <B>0755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>0644</B> to <B>rw-r--r--</B>.
+<P>The ABC Corporation example uses the value <B>0644</B> to set the mode
+bits on the <B>passwd_</B><VAR>user</VAR> file to
+<B>r-xr--r--</B>.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UID of the user to be designated the file's
+owner in the output from the UNIX <B>ls -l</B> command.
+<P>If the file resides in AFS and is to be owned by the user, place the $UID
+variable in this field. The Protection Server then automatically
+assigns an AFS UID unless you provide the <B>-uid</B> argument to the
+<B>uss add</B> command or fill in the <VAR>uid</VAR> field in the bulk input
+file <B>add</B> instruction. (If you are converting existing UNIX
+accounts, see the discussion of additional considerations in <A HREF="#HDRWQ459">Converting Existing UNIX Accounts with uss</A>.)
+<P>If the file resides on the local disk, specify the username or UNIX UID
+under which you are issuing the <B>uss</B> command. For a
+discussion of the complications that arise from designating another user, see <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P>The ABC Corporation example is creating an AFS file intended for
+incorporation into the common password file, rather than for direct use by the
+new user. It therefore designates the local superuser <B>root</B>
+as the owner of the new file. Designating an alternate owner on an AFS
+file does not introduce complications: issuing the <B>chown</B>
+command on AFS files requires membership in the
+<B>system:administrators</B> group, but the issuer of the
+<B>uss</B> command is necessarily authenticated as a member of that
+group.
+<P><DT><B><VAR>contents</VAR>
+</B><DD>Specifies the one-line character string to write into the new file.
+Surround it with double quotes if it contains one or more spaces. It
+cannot contain the newline character, but can contain any of the standard
+variables, which the command interpreter resolves as it creates the
+file.
+<P>The ABC Corporation example has the following value in the
+<VAR>contents</VAR> field, to create a password file entry:
+<PRE> $USER:X:$UID:10:$NAME:$MTPT:/bin/csh
+</PRE>
+</DL>
+<A NAME="IDX7684"></A>
+<A NAME="IDX7685"></A>
+<A NAME="IDX7686"></A>
+<A NAME="IDX7687"></A>
+<A NAME="IDX7688"></A>
+<A NAME="IDX7689"></A>
+<A NAME="IDX7690"></A>
+<A NAME="IDX7691"></A>
+<A NAME="IDX7692"></A>
+<A NAME="IDX7693"></A>
+<A NAME="IDX7694"></A>
+<P><H3><A NAME="HDRWQ477" HREF="auagd002.htm#ToC_561">Creating Links with the L and S Instructions</A></H3>
+<P>Each <B>L</B> instruction in the template file creates a
+hard link between two files, as achieved by the standard UNIX <B>ln</B>
+command. The <B>S</B> instruction creates a symbolic link between
+two files, as achieved by the standard UNIX <B>ln -s</B> command.
+An explanation of links is beyond the scope of this document, but the basic
+effect in both cases is to create a second name for an existing file, so that
+it can be accessed via either name. Creating a link does not create a
+second copy of the file.
+<P>There is no limit on the number of <B>L</B> or <B>S</B>
+instructions in a template file. If the link is in a new user's
+home directory or a subdirectory of it (the intended use), then it must follow
+the <B>V</B> or <B>D</B> instruction that creates the parent
+directory, and the <B>F</B>, <B>E</B>, or <B>X</B> instruction
+that creates the file being linked to. Creating a file on the local
+disk of the machine where the <B>uss</B> command runs is not recommended,
+for the reasons detailed in <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P>Note that AFS allows hard links only between files that reside in the same
+directory. This restriction is necessary to eliminate the confusion
+that results from associating two potentially different ACLs (those of the two
+directories) with the same file. Symbolic links are legal between two
+files that reside in different directories and even in different
+volumes. The ACL on the actual file applies to the link as well.
+<P>You do not set the owner or mode bits on a link created with an
+<B>L</B> or <B>S</B> instruction, as you do for directories or
+files. The <B>uss</B> command interpreter automatically records the
+UNIX UID of the <B>uss</B> command's issuer as the owner, and sets
+the mode bits to <B>lrwxrwxrwx</B> (777).
+<P>The following discussion of the fields in an <B>L</B> or <B>S</B>
+instruction refers to an example in the full account template from <A HREF="#HDRWQ471">Example uss Templates</A>, namely
+<PRE> S /afs/abc.com/public/$USER $MTPT/public
+</PRE>
+<P>The <B>L</B> and <B>S</B> instructions' syntax is as
+follows:
+<PRE> L <VAR>existing_file</VAR> <VAR>link</VAR>
+ S <VAR>existing_file</VAR> <VAR>link</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>L</B>
+</B><DD>Indicates a hard link creation instruction.
+<P><DT><B><B>S</B>
+</B><DD>Indicates a symbolic link creation instruction.
+<P><DT><B><VAR>existing_file</VAR>
+</B><DD>Specifies the complete pathname of the existing file. If it resides
+in the user's home directory or a subdirectory of it, it is simplest to
+use the $MTPT variable to specify the home directory pathname. When the
+$MTPT variable appears in an <B>L</B> or <B>S</B> instruction, it
+takes its value from the preceding <B>V</B> instruction's
+<VAR>mount_point</VAR> field (this dependency is why the instruction must follow
+the <B>V</B> instruction).
+<P>Do not create a symbolic link to a file whose name begins with the number
+sign (<B>#</B>) or percent sign (<B>%</B>). When the Cache
+Manager reads a symbolic link whose contents begin with one of those
+characters, it interprets it as a regular or read/write mount point,
+respectively.
+<P>The ABC Corporation example creates a link to the publicly readable volume
+created and mounted by a preceding <B>X</B> instruction, by specifying the
+path to its mount point:
+<PRE> /afs/abc.com/public/$USER
+</PRE>
+<P><DT><B><VAR>link</VAR>
+</B><DD>Specifies the complete pathname of the second name for the file. If
+it resides in the user's home directory or a subdirectory of it, it is
+simplest to use the $MTPT variable to specify the home directory
+pathname.
+<P>Specify the read/write path to the link, to avoid the failure that results
+when you attempt to create a new link in a read-only volume. By
+convention, you indicate the read/write path by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). If you use the $MTPT variable
+in this field, the value in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field possibly already indicates the read/write
+path. For further discussion of the concept of read/write and read-only
+paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P>The ABC Corporation example creates a link called <B>public</B> in the
+user's home directory:
+<PRE> $MTPT/public
+</PRE>
+</DL>
+<A NAME="IDX7695"></A>
+<A NAME="IDX7696"></A>
+<A NAME="IDX7697"></A>
+<A NAME="IDX7698"></A>
+<P><H3><A NAME="HDRWQ478" HREF="auagd002.htm#ToC_562">Increasing Account Security with the A Instruction</A></H3>
+<P>The <B>A</B> instruction in the template file enhances
+cell security by imposing the following restrictions on users' password
+choice and authentication attempts.
+<UL>
+<P><LI>Limiting the user's password lifetime. When the lifetime
+expires, the user can no longer use the password to authenticate and must
+change it.
+<P><LI>Prohibiting the reuse of the user's 20 most-recently used
+passwords.
+<P><LI>Limiting the number of consecutive times that a user can provide an
+incorrect password during authentication, and for how long the Authentication
+Server refuses further authentication attempts after the limit is exceeded
+(referred to as an <I>account lockout</I>). For regular user
+accounts in most cells, the recommended limit is nine and lockout time is 25
+minutes.
+</UL>
+<P>The following discussion of the fields in an <B>A</B> instruction
+refers to the example in the full account template from <A HREF="#HDRWQ471">Example uss Templates</A>, which sets a password lifetime of 250 days, prohibits reuse
+of passwords, limits the number of failed authentication attempts to nine, and
+creates a lockout time of 25 minutes if the authentication limit is
+exceeded:
+<PRE> A $USER 250 noreuse 9 25
+</PRE>
+<P>The <B>A</B> instruction's syntax is as follows:
+<PRE> A <VAR>username</VAR> <VAR>password_lifetime</VAR> <VAR>password_reuse</VAR> <VAR>failures</VAR> <VAR>locktime</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>A</B>
+</B><DD>Indicates a security enhancing instruction.
+<P><DT><B><VAR>username</VAR>
+</B><DD>Names the Authentication Database entry on which to impose security
+restrictions. Use the $USER variable to read in the username from the
+<B>uss add</B> command's <B>-user</B> argument, or from the
+<VAR>username</VAR> field of an <B>add</B> instruction in the bulk input
+file. The ABC Corporation example uses this value.
+<P><DT><B><VAR>password_lifetime</VAR>
+</B><DD>Sets the number of days after the user's password is changed that it
+remains valid. When the password becomes invalid (expires), the user is
+unable to authenticate, but has 30 more days in which to issue the
+<B>kpasswd</B> command to change the password (after that, only an
+administrator can change it).
+<P>Specify an integer from the range <B>1</B> through <B>254</B> to
+specify the number of days until expiration, the value <B>0</B> to
+indicate that the password never expires, or the value $PWEXPIRES to read in
+the number of days from the <B>uss add</B> or <B>uss bulk</B>
+command's <B>-pwexpires</B> argument. If the <B>A</B>
+instruction does not appear in the template file, by default the user's
+password never expires.
+<P>The ABC Corporation example sets a password lifetime of 250 days.
+<P><DT><B><VAR>password_reuse</VAR>
+</B><DD>Determines whether or not the user can change his or her password (using
+the <B>kpasswd</B> or <B>kas setpassword</B> command) to one that is
+similar to any of his or her last 20 passwords. The acceptable values
+are <B>reuse</B> to allow reuse and <B>noreuse</B> to prohibit
+it. If the <B>A</B> instruction does not appear in the template
+file, the default is to allow password reuse.
+<P>The ABC Corporation example prohibits password reuse.
+<P><DT><B><VAR>failures</VAR>
+</B><DD>Sets the number of consecutive times the user can provide an incorrect
+password during authentication (using the <B>klog</B> command or a login
+utility that grants AFS tokens). When the user exceeds the limit, the
+Authentication Server rejects further authentication attempts for the amount
+of time specified in the <VAR>locktime</VAR> field.
+<P>Specify an integer from the range <B>1</B> through <B>254</B> to
+specify the number of failures permitted, or the value <B>0</B> to
+indicate that there is no limit to the number of unsuccessful attempts.
+If the <B>A</B> instruction does not appear in the template file, the
+default is to allow an unlimited number of failures.
+<P>The ABC Corporation example sets the limit to nine failed attempts.
+<P><DT><B><VAR>locktime</VAR>
+</B><DD>Specifies how long the Authentication Server refuses authentication
+attempts from a user who has exceeded the failure limit set in the
+<VAR>failures</VAR> field.
+<P>Specify a number of hours and minutes (<VAR>hh</VAR>:<VAR>mm</VAR>) or
+minutes only (<VAR>mm</VAR>), from the range <B>01</B> (one minute) through
+<B>36:00</B> (36 hours). The Authentication Server
+automatically reduces any larger value to <B>36:00</B> and also
+rounds up any nonzero value to the next highest multiple of 8.5
+minutes. A value of <B>0</B> (zero) sets an infinite lockout time,
+in which case an administrator must always issue the <B>kas unlock</B>
+command to unlock the account.
+<P>The ABC Corporation example sets the lockout time to 25 minutes, which is
+rounded up to 25 minutes 30 seconds (the next highest multiple of 8.5
+minutes).
+</DL>
+<A NAME="IDX7699"></A>
+<A NAME="IDX7700"></A>
+<A NAME="IDX7701"></A>
+<A NAME="IDX7702"></A>
+<A NAME="IDX7703"></A>
+<A NAME="IDX7704"></A>
+<P><H3><A NAME="HDRWQ479" HREF="auagd002.htm#ToC_563">Executing Commands with the X Instruction</A></H3>
+<P>The <B>X</B> instruction in the template file executes a
+command, which can be a standard UNIX command, a shell script or program, or
+an AFS command. The command string can include standard template
+variables, and any number of <B>X</B> instructions can appear in a
+template file. If an instruction manipulates an element created by
+another instruction, it must appear after that instruction.
+<P>The following discussion of the field in an <B>X</B> instruction refers
+to the example in the full account template from <A HREF="#HDRWQ471">Example uss Templates</A>:
+<PRE> X "create_public_vol $USER $1 $2"
+</PRE>
+<P>The <B>X</B> instruction's syntax is as follows:
+<PRE> X "<VAR>command</VAR>"
+</PRE>
+<P>where <VAR>command</VAR> specifies the command to execute. Surround it
+with double quotes if it contains spaces. The command string can
+contain any of the standard variables, which the <B>uss</B> command
+interpreter resolves before passing the command on to the appropriate other
+command interpreter, but it cannot contain newline characters.
+<P>The ABC Corporation example invokes a script called
+<B>create_public_vol</B>, which creates another volume associated with the
+new user and mounts it in a publicly readable part of the ABC
+Corporation's filespace:
+<PRE> "create_public_vol $USER $1 $2"
+</PRE>
+<P>It uses the $USER variable to read in the username and make it part of both
+the volume name and mount point name. The <B>uss</B> command issuer
+supplies a file server machine name for the $1 variable and a partition name
+for the $2 variable, to specify the site for the new volume.
+<A NAME="IDX7705"></A>
+<A NAME="IDX7706"></A>
+<A NAME="IDX7707"></A>
+<A NAME="IDX7708"></A>
+<A NAME="IDX7709"></A>
+<A NAME="IDX7710"></A>
+<A NAME="IDX7711"></A>
+<A NAME="IDX7712"></A>
+<A NAME="IDX7713"></A>
+<A NAME="IDX7714"></A>
+<A NAME="IDX7715"></A>
+<HR><H2><A NAME="HDRWQ480" HREF="auagd002.htm#ToC_564">Creating Individual Accounts with the uss add Command</A></H2>
+<P>After you have created a template file, you can create an
+individual account by issuing the <B>uss add</B> command (for template
+creation instructions see <A HREF="#HDRWQ463">Constructing a uss Template File</A>). When you issue the command, the <B>uss</B>
+command interpreter contacts various AFS servers to perform the following
+actions:
+<UL>
+<P><LI>Create a Protection Database entry. By default, the Protection
+Server assigns an AFS UID which becomes the value of the $UID variable used in
+the template.
+<P><LI>Create an Authentication Database entry, recording an encrypted version of
+the initial password.
+<P><LI>Create the account components defined in the indicated template file,
+contacting the File Server, Volume Server, and Volume Location (VL) Server as
+necessary.
+</UL>
+<P>To review which types of instructions to include in a template to create
+different file system objects, see <A HREF="#HDRWQ463">Constructing a uss Template File</A>. If the template is empty, the <B>uss add</B>
+command creates an authentication-only account consisting of Protection
+Database and Authentication Database entries.
+<P>When you issue the <B>uss add</B> command, provide a value for each
+variable in the template file by including the corresponding command-line
+argument. If you fail to supply a value for a variable, the
+<B>uss</B> command interpreter substitutes a null string, which usually
+causes the account creation to fail. If you include a command line
+argument for which the corresponding variable does not appear in the template,
+it is ignored.
+<P><A HREF="#TBLWQ481">Table 4</A> summarizes the mappings between variables and the arguments
+to the <B>uss add</B> command. It is adapted from <A HREF="#TBLWQ466">Table 3</A>, but includes only those variables that take their value
+from command line arguments.
+<BR>
+<P><B><A NAME="TBLWQ481" HREF="auagd004.htm#FT_TBLWQ481">Table 4. Command-line argument sources for uss template variables</A></B><BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>Variable</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>Command-line Argument</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$MTPT
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-mount</B> (for occurrence in <B>V</B> instruction)
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$NAME
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-realname</B> if provided; otherwise <B>-user</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$PART
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-partition</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$PWEXPIRES
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-pwexpires</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$SERVER
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-server</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$UID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-uid</B> if provided; otherwise allocated by Protection
+Server
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$USER
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-user</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">$1 through $9
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%"><B>-var</B>
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ483" HREF="auagd002.htm#ToC_565">To create an AFS account with the uss add command</A></H3>
+<OL TYPE=1>
+<P><LI>Authenticate as an AFS identity with all of the following
+privileges. In the conventional configuration, the <B>admin</B>
+user account has them, or you possibly have a personal administrative
+account. (To increase cell security, it is best to create special
+privileged accounts for use only while performing administrative
+procedures; for further discussion, see <A HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>.) If necessary, issue the <B>klog</B>
+command to authenticate.
+<PRE> % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+</PRE>
+<P>The following list specifies the necessary privileges and indicates how to
+check that you have them.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>The <TT>ADMIN</TT> flag on the Authentication Database entry.
+However, the Authentication Server always prompts you for a password in order
+to perform its own authentication. The following instructions direct
+you to specify the administrative identity on the <B>uss</B> command line
+itself.
+<P><LI>The <B>i</B> (<B>insert</B>) and <B>l</B> (<B>lookup</B>)
+permissions on the ACL of the directory in which you are mounting the
+user's volume. If necessary, issue the <B>fs listacl</B>
+command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+</UL>
+<P><LI><B>(Optional)</B> Log in as the local superuser
+<B>root</B>. This is necessary only if you are creating new files
+or directories in the local file system and want to designate an alternate
+owner as the object is created. For a discussion of the issues
+involved, see <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P><LI>Verify the location and functionality of the template file you are
+using. For a description of where the <B>uss</B> command
+interpreter expects to find the template, see <A HREF="#HDRWQ468">Where to Place Template Files</A>. You can always provide an alternate pathname if you
+wish. Also note the variables used in the template, to be sure that you
+provide the corresponding arguments on the <B>uss</B> command line.
+<P><LI><A NAME="LIWQ484"></A><B>(Optional)</B> Change to the directory where the
+template resides. This affects the type of pathname you must type in
+Step <A HREF="#LIWQ485">6</A>.
+<PRE> % <B>cd</B> <VAR>template_directory</VAR>
+</PRE>
+<P><LI><B>(Optional)</B> Run the <B>uss add</B> command with the
+<B>-dryrun</B> flag to preview the creation of the account. Note
+any error messages and correct the cause before reissuing the command without
+the <B>-dryrun</B> flag. The next step describes the <B>uss
+add</B> command's syntax. For more information on the
+<B>-dryrun</B> flag, see <A HREF="#HDRWQ454">Avoiding and Recovering from Errors and Interrupted Operations</A>.
+<A NAME="IDX7716"></A>
+<A NAME="IDX7717"></A>
+<P><LI><A NAME="LIWQ485"></A>Issue the <B>uss add</B> command to create the
+account. Enter the command on a single line; it appears here on
+multiple lines only for legibility.
+<P>The <B>uss add</B> operation creates an Authentication Database
+entry. The Authentication Server performs its own authentication rather
+than accepting your existing AFS token. By default, it authenticates
+your local (UNIX) identity, which possibly does not correspond to an
+AFS-privileged administrator. Include the <B>-admin</B> argument to
+name an identity that has the <TT>ADMIN</TT> flag on its Authentication
+Database entry. To verify that an entry has the flag, issue the
+<B>kas examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>uss add</B> <B>-user</B> <<VAR>login name</VAR>> <B>-admin</B> <<VAR>administrator to authenticate</VAR>> \
+ [<B>-realname</B> <<VAR>full name in quotes</VAR>>] [<B>-pass</B> <<VAR>initial passwd</VAR>>] \
+ [<B>-pwexpires</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>] \
+ [<B>-server</B> <<VAR>FileServer for home volume</VAR>>] \
+ [<B>-partition</B> <<VAR>FileServer's disk partition for home volume</VAR>>] \
+ [<B>-mount</B> <<VAR>home directory mount point</VAR>>] \
+ [<B>-uid</B> <<VAR>uid to assign the user</VAR>>] \
+ [<B>-template</B> <<VAR>pathname of template file</VAR>>] \
+ [<B>-var</B> <<VAR>auxiliary argument pairs (Numval)</VAR>><SUP>+</SUP>] [<B>-dryrun</B>] \
+ [<B>-overwrite</B>]
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ad
+</B><DD>Is the shortest acceptable abbreviation of <B>add</B>.
+<P><DT><B>-user
+</B><DD>Names the user's Authentication Database and Protection Database
+entries. Because it becomes the username (the name under which a user
+logs in), it must obey the restrictions that many operating systems impose on
+usernames (usually, to contain no more than eight lowercase letters).
+Also avoid the following characters: colon (<B>:</B>),
+semicolon (<B>;</B>), comma (<B>,</B>), at sign (<B>@</B>),
+space, newline, and the period (<B>.</B>), which is conventionally
+used only in special administrative names.
+<P>This argument provides the value for the $USER variable in the template
+file. For suggestions on standardizing usernames, see <A HREF="auagd007.htm#HDRWQ58">Choosing Usernames and Naming Other Account Components</A>.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+<P><DT><B>-realname
+</B><DD>Specifies the user's actual full name. If it contains spaces
+or punctuation, surround it with double quotes. If you do not provide
+it, it defaults to the username provided with the <B>-user</B>
+argument.
+<P>This argument provides the value for the $NAME variable in the template
+file. For information about using this argument and variable as part of
+an automated process for creating entries in a local password file such as
+<B>/etc/passwd</B>, see <A HREF="#HDRWQ458">Creating a Common Source Password File</A>.
+<P><DT><B>-pass
+</B><DD>Specifies the user's initial password. Although the AFS
+commands that handle passwords accept strings of virtually unlimited length,
+it is best to use a password of eight characters or less, which is the maximum
+length that many applications and utilities accept.
+<P>Possible choices for initial passwords include the username, a string of
+digits such as those from a Social Security number, or a standard string such
+as <B>changeme</B>, which is the default if you do not provide this
+argument. There is no corresponding variable in the template
+file.
+<P>Instruct users to change their passwords to a truly secret string as soon
+as they authenticate with AFS for the first time. The <I>IBM AFS User
+Guide</I> explains how to use the <B>kpasswd</B> command to change an
+AFS password.
+<P><DT><B>-pwexpires
+</B><DD>Sets the number of days after a user's password is changed that it
+remains valid. Provide an integer from the range <B>1</B> through
+<B>254</B> to specify the number of days until expiration, or the value
+<B>0</B> to indicate that the password never expires (the default if you
+do not provide this argument). When the password becomes invalid
+(expires), the user is unable to authenticate, but has 30 more days in which
+to issue the <B>kpasswd</B> command to change the password; after
+that, only an administrator can change it.
+<P>This argument provides the value for the $PWEXPIRES variable in the
+template file.
+<P><DT><B>-server
+</B><DD>Names the file server machine on which to create the new user's home
+volume. It is best to provide a fully qualified hostname (for example,
+<B>fs1.abc.com</B>), but an abbreviated form is acceptable
+provided that the cell's naming service is available to resolve it when
+you issue the <B>uss add</B> command.
+<P>This argument provides the value for the $SERVER variable in the template
+file. To avoid having to type a fully qualified hostname on the command
+line, combine the $SERVER variable with a constant (for example, the
+cell's domain name) in the <VAR>server</VAR> field of the <B>V</B>
+instruction in the template file. For an example, see <A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P><DT><B>-partition
+</B><DD>Specifies the partition on which to create the user's home
+volume; it must be on the file server machine named by the
+<B>-server</B> argument. Identify the partition by its complete
+name (for example, <B>/vicepa</B>), or use one of the abbreviations listed
+in <A HREF="auagd023.htm#HDRWQ615">Rules for Using Abbreviations and Aliases</A>.
+<P>This argument provides the value for the $PART variable in the template
+file.
+<P><DT><B>-mount
+</B><DD>Specifies the pathname for the user's home directory in the
+cell's read/write filespace. Partial pathnames are interpreted
+relative to the current working directory.
+<P>This argument provides the value for the $MTPT variable in the template
+file, but only when it appears in the <B>V</B> instruction's
+<VAR>mount_point</VAR> field. When the $MTPT variable appears in any
+subsequent instructions, it takes its value from the <B>V</B>
+instruction's <VAR>mount_point</VAR> field, rather than directly from this
+argument. For more details, and for suggestions about how to use this
+argument and the $MTPT variable, see <A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P><DT><B>-uid
+</B><DD>Specifies a positive integer other than <B>0</B> (zero) to assign as
+the user's AFS UID. It is best to omit this argument and allow the
+Protection Server to assign an AFS UID that is one greater than the current
+value of the <TT>max user id</TT> counter. (To display the counter,
+use the <B>pts listmax</B> command as described in <A HREF="auagd019.htm#HDRWQ561">To display the AFS ID counters</A>.)
+<P>If you have a reason to use this argument (perhaps because the user already
+has a UNIX UID), first use the <B>pts examine</B> command to verify that
+there is no existing account with the desired AFS UID; if there is, the
+account creation process terminates with an error.
+<P>This argument provides the value for the $UID variable in the template
+file.
+<P><DT><B>-template
+</B><DD>Specifies the pathname of the template file. If you omit this
+argument, the command interpreter searches for a template file called
+<B>uss.template</B> in each of the following directories in
+turn:
+<OL TYPE=a>
+<P><LI>The current working directory
+<P><LI><B>/afs/</B><VAR>cellname</VAR><B>/common/uss</B>, where
+<VAR>cellname</VAR> names the local cell
+<P><LI><B>/etc</B>
+</OL>
+<P>If you specify a filename other than <B>uss.template</B> but
+without a pathname, the command interpreter searches for it in the indicated
+directories. If you provide a full or partial pathname, the command
+interpreter consults the specified file only; it interprets partial
+pathnames relative to the current working directory.
+<P>If the specified template file is empty (zero-length), the command creates
+Protection and Authentication Database entries only.
+<P>To learn how to construct a template file, see <A HREF="#HDRWQ463">Constructing a uss Template File</A>.
+<P><DT><B>-var
+</B><DD>Specifies values for each of the number variables $1 through $9 that can
+appear in the template file. You can use the number variables to assign
+values to variables in the <B>uss</B> template file that are not part of
+the standard set.
+<P>For each instance of this argument, provide two parts in the indicated
+order, separated by a space:
+<UL>
+<P><LI>The integer from the range <B>1</B> through <B>9</B> that matches
+the variable in the template file. Do not precede it with a dollar
+sign.
+<P><LI>A string of alphanumeric characters to assign as the value of the
+variable.
+</UL>
+<P>To learn about suggested uses for the number variables, see the description
+of the <B>V</B> instruction's <VAR>quota</VAR> field in <A HREF="#HDRWQ473">Creating a Volume with the V Instruction</A>.
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform to run the
+command, without actually performing them.
+<P><DT><B>-overwrite
+</B><DD>Overwrites any directories, files, and links that exist in the file system
+and for which there are definitions in <B>D</B>, <B>E</B>,
+<B>F</B>, <B>L</B>, or <B>S</B> instructions in the template file
+named by the <B>-template</B> argument. If you omit this flag, the
+command interpreter prompts you once for confirmation that you want to
+overwrite all such elements.
+</DL>
+<P><LI>If the new user home directory resides in a replicated volume, use the
+<B>vos release</B> command to release the volume, as described in <A HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This step can be necessary even if the home directory's parent directory
+is not itself a mount point for a replicated volume (and is easier to overlook
+in that case). For example, the ABC Corporation template puts the mount
+points for user volumes in the <B>/afs/abc.com/usr</B>
+directory. Because that is a regular directory rather than a mount
+point, it resides in the <B>root.cell</B> volume mounted at the
+<B>/afs/abc.com</B> directory. That volume is replicated, so
+after changing it by creating a new mount point the administrator must issue
+the <B>vos release</B> command.
+</TD></TR></TABLE>
+<P><LI>Create an entry for the new user in the local password file
+(<B>/etc/passwd</B> or equivalent) on each AFS client machine that he or
+she can log into. For suggestions on automating this step, see <A HREF="#HDRWQ458">Creating a Common Source Password File</A>.
+<P>Even if you do not use the automated method, set the user's UNIX UID
+to match the AFS UID assigned automatically by the Protection Server or
+assigned with the <B>-uid</B> argument. The new user's AFS UID
+appears in the trace produced by the <B>uss add</B> output, or you can use
+the <B>pts examine</B> command to display it, as described in <A HREF="auagd019.htm#HDRWQ537">To display a Protection Database entry</A>.
+</OL>
+<A NAME="IDX7718"></A>
+<A NAME="IDX7719"></A>
+<A NAME="IDX7720"></A>
+<A NAME="IDX7721"></A>
+<A NAME="IDX7722"></A>
+<A NAME="IDX7723"></A>
+<A NAME="IDX7724"></A>
+<HR><H2><A NAME="HDRWQ486" HREF="auagd002.htm#ToC_566">Deleting Individual Accounts with the uss delete Command</A></H2>
+<P>The <B>uss delete</B> command deletes an AFS user
+account according to the arguments you provide on the command line;
+unlike the <B>uss add</B> command, it does not use a template file.
+When you issue the command, the <B>uss</B> command interpreter contacts
+various AFS servers to perform the following actions:
+<UL>
+<P><LI>Remove the mount point for the user's home volume
+<P><LI>Remove the user's home volume and delete the associated VLDB entry,
+unless you include the <B>-savevolume</B> flag
+<P><LI>Delete the user's Authentication Database entry
+<P><LI>Delete the user's Protection Database entry
+</UL>
+<P>Before issuing the <B>uss delete</B> command, you can also perform the
+following optional tasks:
+<UL>
+<P><LI>Copy the user's home volume to tape or another permanent medium and
+record the username and UID on a reserved list. This information
+enables you to restore the user's account easily if he or she returns to
+your cell. For information about using the AFS Backup System to back up
+volumes, see <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+<P><LI>If the user has exclusive use of any other volumes (such as a volume for
+storing project-related data), make a backup copy of each one and then remove
+it and its mount point as instructed in <A HREF="auagd010.htm#HDRWQ235">Removing Volumes and their Mount Points</A>.
+<P><LI>Use the <B>pts listowned</B> command to display any groups that the
+user owns; instructions appear in <A HREF="auagd019.htm#HDRWQ540">To list the groups that a user or group owns</A>. Decide whether to use the <B>pts delete</B>
+command to remove the groups or the <B>pts chown</B> command to transfer
+ownership to another user or group. Instructions appear in <A HREF="auagd019.htm#HDRWQ553">To delete Protection Database entries</A> and <A HREF="auagd019.htm#HDRWQ555">To change a group's owner</A>. Alternatively, you can have the
+user remove or transfer ownership of the groups before leaving. A group
+that remains in the Protection Database after its owner is removed is
+considered <VAR>orphaned</VAR>, and only members of the
+<B>system:administrators</B> group can administer it.
+</UL>
+<P>You can automate some of these tasks by including <B>exec</B>
+instructions in the bulk input file and using the <B>uss bulk</B> command
+to delete the account. See <A HREF="#HDRWQ488">Creating and Deleting Multiple Accounts with the uss bulk Command</A>.
+<P><H3><A NAME="HDRWQ487" HREF="auagd002.htm#ToC_567">To delete an AFS account</A></H3>
+<OL TYPE=1>
+<P><LI>Authenticate as an AFS identity with all of the following
+privileges. In the conventional configuration, the <B>admin</B>
+user account has them, or you possibly have a personal administrative
+account. (To increase cell security, it is best to create special
+privileged accounts for use only while performing administrative
+procedures; for further discussion, see <A HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>.) If necessary, issue the <B>klog</B>
+command to authenticate.
+<PRE> % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+</PRE>
+<P>The following list specifies the necessary privileges and indicates how to
+check that you have them.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>The <TT>ADMIN</TT> flag on the Authentication Database entry.
+However, the Authentication Server always prompts you for a password in order
+to perform its own authentication. The following instructions direct
+you to specify the administrative identity on the <B>uss</B> command line
+itself.
+<P><LI>The <B>d</B> (<B>delete</B>) permission on the ACL of the
+directory that houses the user's home directory. If necessary,
+issue the <B>fs listacl</B> command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+</UL>
+<P><LI>Consider and resolve the issues discussed in the introduction to this
+section concerning the continued maintenance of a deleted user's account
+information, owned groups, and volumes.
+<P><LI><B>(Optional)</B> Run the <B>uss delete</B> command with the
+<B>-dryrun</B> flag to preview the deletion of the account. Note
+any error messages and correct the cause before reissuing the command without
+the <B>-dryrun</B> flag. The next step describes the <B>uss
+delete</B> command's syntax.
+<A NAME="IDX7725"></A>
+<A NAME="IDX7726"></A>
+<P><LI>Issue the <B>uss delete</B> command to delete the account.
+Enter the command on a single line; it appears here on multiple lines
+only for legibility.
+<P>The delete operation always removes the user's entry from the
+Authentication Database. The Authentication Server performs its own
+authentication rather than accepting your existing AFS token. By
+default, it authenticates your local (UNIX) identity, which possibly does not
+correspond to an AFS-privileged administrator. Include the
+<B>-admin</B> argument to name an identity that has the <TT>ADMIN</TT>
+flag on its Authentication Database entry. To verify that an entry has
+the flag, issue the <B>kas examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>uss delete</B> <B>-user</B> <<VAR>login name</VAR>> \
+ <B>-mountpoint</B> <<VAR>mountpoint for user's volume</VAR>> \
+ [<B>-savevolume</B>] <B>-admin </B> <<VAR>administrator to authenticate</VAR>> \
+ [<B>-dryrun</B>]
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>d
+</B><DD>Is the shortest acceptable abbreviation of <B>delete</B>.
+<P><DT><B>-user
+</B><DD>Names the entry to delete from the Protection and Authentication
+Databases.
+<P><DT><B>-mountpoint
+</B><DD>Specifies the pathname of the mount point to delete (the user's home
+directory). Unless the <B>-savevolume</B> argument is included, the
+volume mounted there is also deleted from the file server machine where it
+resides, as is its record from the VLDB. Partial pathnames are
+interpreted relative to the current working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to delete a mount point from a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+<P><DT><B>-savevolume
+</B><DD>Retains the user's volume and VLDB entry.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform to run the
+command, without actually performing them.
+</DL>
+<P><LI>If the deleted user home directory resided in a replicated volume, use the
+<B>vos release</B> command to release the volume, as described in <A HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This step can be necessary even if the home directory's parent directory
+is not itself a mount point for a replicated volume (and is easier to overlook
+in that case). For example, the ABC Corporation template puts the mount
+points for user volumes in the <B>/afs/abc.com/usr</B>
+directory. Because that is a regular directory rather than a mount
+point, it resides in the <B>root.cell</B> volume mounted at the
+<B>/afs/abc.com</B> directory. That volume is replicated, so
+after changing it by deleting a mount point the administrator must issue the
+<B>vos release</B> command.
+</TD></TR></TABLE>
+<P><LI>Delete the user's entry from the local password file
+(<B>/etc/passwd</B> or equivalent) of each client machine. If you
+use the AFS <B>package</B> utility, it is sufficient to remove the entry
+from the common source version of the file. If you intend to reactivate
+the user's account in the future, it is simpler to comment out the entry
+or place an asterisk (*) in the password field.
+</OL>
+<A NAME="IDX7727"></A>
+<A NAME="IDX7728"></A>
+<A NAME="IDX7729"></A>
+<A NAME="IDX7730"></A>
+<A NAME="IDX7731"></A>
+<HR><H2><A NAME="HDRWQ488" HREF="auagd002.htm#ToC_568">Creating and Deleting Multiple Accounts with the uss bulk Command</A></H2>
+<P>The <B>uss bulk</B> command allows you to create and
+delete many accounts at once. Before executing the command, you must
+<UL>
+<P><LI>Construct a template if you plan to create any accounts, just as you must
+do before running the <B>uss add</B> command. The same template
+applies to all accounts created by a single <B>uss bulk</B>
+command.
+<P><LI>Construct a bulk input file of instructions that create and delete
+accounts and execute any related commands, as described in <A HREF="#HDRWQ489">Constructing a Bulk Input File</A>.
+</UL>
+<A NAME="IDX7732"></A>
+<A NAME="IDX7733"></A>
+<P><H3><A NAME="HDRWQ489" HREF="auagd002.htm#ToC_569">Constructing a Bulk Input File</A></H3>
+<P>You can include five types of instructions in a bulk input
+file: <B>add</B>, <B>delete</B>, <B>exec</B>,
+<B>savevolume</B>, and <B>delvolume</B>. The following sections
+discuss their uses.
+<P><B>Creating a User Account with the add Instruction</B>
+<P>Each <B>add</B> instruction creates a single user account, and so is
+basically the equivalent of issuing one <B>uss add</B> command.
+There is no limit to the number of <B>add</B> instructions in the bulk
+input file.
+<P>As indicated by the following syntax statement, the order of the
+instruction's fields matches the order of arguments to the <B>uss
+add</B> command (though some of the command's arguments do not have a
+corresponding field). Like the <B>uss add</B> command's
+arguments, many of the fields provide a value for a variable in the
+<B>uss</B> template file. Each instruction must be a single line in
+the file (have a newline character only at its end); it appears on
+multiple lines here only for legibility.
+<PRE> <B>add</B> <VAR>username</VAR>[<B>:</B><VAR>full_name</VAR>][<B>:</B><VAR>initial_password</VAR>][<B>:</B><VAR>password_expires</VAR>]
+ [<B>:</B><VAR>file_server</VAR>][<B>:</B><VAR>partition</VAR>][<B>:</B><VAR>mount_point</VAR>][<B>:</B><VAR>uid</VAR>]
+ [<B>:</B><VAR>var1</VAR>][<B>:</B><VAR>var2</VAR>][<B>:</B><VAR>var3</VAR>][<B>:</B><VAR>var4</VAR>][<B>:</B><VAR>var5</VAR>][<B>:</B><VAR>var6</VAR>][<B>:</B><VAR>var7</VAR>][<B>:</B><VAR>var8</VAR>][<B>:</B><VAR>var9</VAR>][<B>:</B>]
+</PRE>
+<P>For a complete description of the acceptable values in each field, see the
+<B>uss Bulk Input File</B> reference page in the <I>IBM AFS
+Administration Reference</I>, or the description of the corresponding
+arguments to the <B>uss add</B> command, in <A HREF="#HDRWQ483">To create an AFS account with the uss add command</A>. Following are some basic notes:
+<UL>
+<P><LI>Begin the line with the string <B>add</B> only, not <B>uss
+add</B>.
+<P><LI>Only the first argument, <VAR>username</VAR>, is required. It
+corresponds to the <B>-user</B> argument to the <B>uss add</B>
+command.
+<P><LI>Do not surround the <VAR>full_name</VAR> value with double quotes, even
+though you must use them around the value for the <B>-realname</B>
+argument to the <B>uss add</B> command.
+<P><LI>If you want to omit a value for an argument, indicate an empty field by
+using two colons with nothing between them. Leaving a field empty is
+acceptable if the corresponding command line argument is optional or if the
+corresponding variable does not appear in the template file. For every
+field that precedes the last one to which you assign an actual value, you must
+either provide a value or indicate an empty field. It is acceptable,
+but not necessary, to indicate empty fields after the last one in which you
+assign a value.
+<P><LI>After the last field, end the line with either a colon and newline
+character (<B><Return></B>), or a newline alone.
+<P><LI>The final nine fields are for assigning values to the number variables ($1
+through $9), with the fields listed in increasing numerical order.
+Specify the value only, not the variable number.
+</UL>
+<P><B>Deleting a User Account with the delete Instruction</B>
+<P>Each <B>delete</B> instruction deletes a single user account, and so is
+basically the equivalent of issuing one <B>uss delete</B> command.
+There is no limit to the number of <B>delete</B> instructions in the bulk
+input file.
+<P>Like all instructions in the bulk input file, each <B>delete</B>
+instruction must be a single line in the file (have a newline character only
+at its end), even though it can cover multiple lines on a display
+screen. The curly braces (<B>{ }</B>) indicate two mutually
+exclusive choices.
+<PRE> <B>delete</B> <VAR>username</VAR><B>:</B><VAR>mount_point_path</VAR>[:{ <B>savevolume</B> | <B>delvolume</B> }][<B>:</B>]
+</PRE>
+<P>For a complete description of the acceptable values in each field, see the
+<B>uss Bulk Input File</B> reference page in the <I>IBM AFS
+Administration Reference</I> or the description of the corresponding
+arguments to the <B>uss delete</B> command, in <A HREF="#HDRWQ487">To delete an AFS account</A>. Following are some basic notes:
+<UL>
+<P><LI>Begin the line with the string <B>delete</B> only, not <B>uss
+delete</B>.
+<P><LI>The first two arguments, <VAR>username</VAR> and <VAR>mount_point_path</VAR>,
+are required. They correspond to the <B>-user</B> and
+<B>-mountpoint</B> arguments to the <B>uss delete</B> command.
+<P><LI>The third field, which is optional, controls whether the user's home
+volume is removed from the file server where it resides, along with the
+corresponding VLDB entry. There are three possible values:
+<UL>
+<P><LI>No value treats the volume and VLDB entry according to the prevailing
+default, which is established by a preceding <B>savevolume</B> or
+<B>delvolume</B> instruction in the template file. See the
+following discussion of those instructions to learn how the default is
+set.
+<P><LI>The string <B>savevolume</B> preserves the volume and VLDB entry,
+overriding the default.
+<P><LI>The string <B>delvolume</B> removes the volume and VLDB entry,
+overriding the default.
+</UL>
+<P><LI>After the last field, end the line with either a colon and newline
+character (<B><Return></B>), or a newline alone.
+</UL>
+<P><B>Running a Command or Script with the exec Instruction</B>
+<P>The <B>exec</B> instruction runs the indicated AFS command, compiled
+program, or UNIX shell script or command. The command processor assumes
+the AFS and local identities of the issuer of the <B>uss bulk</B> command,
+who must have the privileges required to run the command.
+<P>The instruction's syntax is as follows:
+<PRE> <B>exec</B> <VAR>command</VAR>
+</PRE>
+<P>It is not necessary to surround the <VAR>command</VAR> string with double
+quotes (" ") or other delimiters.
+<P><B>Setting the Default Treatment of Volumes with the delvolume and
+savevolume Instructions</B>
+<P>The <B>savevolume</B> and <B>delvolume</B> instructions set the
+default treatment of volumes referenced by the <B>delete</B> instructions
+that follow them in the bulk input file. Their syntax is as
+follows:
+<PRE> <B>savevolume</B>
+ <B>delvolume</B>
+</PRE>
+<P>Both instructions are optional and take no arguments. If neither
+appears in the bulk input file, then by default all volumes and VLDB entries
+referenced by <B>delete</B> instructions are removed. If the
+<B>savevolume</B> instruction appears in the file, it prevents the removal
+of the volume and VLDB entry referenced by all subsequent <B>delete</B>
+instructions in the file. The <B>delvolume</B> instruction
+explicitly establishes the default (which is deletion) for subsequent
+<B>delete</B> instructions.
+<P>The effect of either instruction lasts until the end of the bulk input
+file, or until its opposite appears. To override the prevailing default
+for a particular <B>delete</B> instruction, put the <B>savevolume</B>
+or <B>delvolume</B> string in the instruction's third field.
+(You can also use multiple instances of the <B>savevolume</B> and
+<B>delvolume</B> instructions to toggle back and forth between default
+preservation and deletion of volumes.)
+<P><H3><A NAME="Header_570" HREF="auagd002.htm#ToC_570">Example Bulk Input File Instructions</A></H3>
+<P>To create an authentication-only account, use an <B>add</B>
+instruction like the following example, which includes only the first
+(<VAR>username</VAR>) argument. The user's real name is set to match
+the username (<B>anderson</B>) and her initial password is set to the
+string <B>changeme</B>.
+<PRE> add anderson
+</PRE>
+<P>The following example also creates an authentication-only account, but sets
+nondefault values for the real name and initial password.
+<PRE> add smith:John Smith:js_pswd
+</PRE>
+<P>The next two example <B>add</B> instructions require that the
+administrator of the ABC Corporation cell (<B>abc.com</B>) has
+written a <B>uss</B> template file with the following <B>V</B>
+instruction in it:
+<PRE> V user.$USER $SERVER.abc.com /vicep$PART 10000 /afs/.abc.com/usr/$3/$USER \
+ $UID $USER all
+</PRE>
+<P>To create accounts for users named John Smith from the Marketing Department
+and Pat Jones from the Finance Department, the appropriate <B>add</B>
+instructions in the bulk input file are as follows:
+<PRE> add smith:John Smith:::fs1:a:::::marketing
+ add jones:Pat Jones:::fs3:c:::::finance
+</PRE>
+<P>The new account for Smith consists of Protection and Authentication
+Database entries called <B>smith</B>. His initial password is the
+default string <B>changeme</B>, and the Protection Server generates his
+AFS UID. His home volume, called <B>user.smith</B>, has a
+10,000 KB quota, resides on partition <B>/vicepa</B> of file server
+machine <B>fs1.abc.com</B>, and is mounted at
+<B>/afs/.abc.com/usr/marketing/smith</B>. The final
+<B>$UID $USER all</B> part of the <B>V</B> instruction gives him
+ownership of his home directory and all permissions on its ACL. The
+account for <B>jones</B> is similar, except that it resides on partition
+<B>/vicepc</B> of file server machine <B>fs3.abc.com</B>
+and is mounted at
+<B>/afs/.abc.com/usr/finance/jones</B>.
+<P>Notice that the fields corresponding to <VAR>mount_point</VAR>, <VAR>uid</VAR>,
+<VAR>var1</VAR>, and <VAR>var2</VAR> are empty (between the values <TT>a</TT>
+and <TT>marketing</TT> on the first example line) because the corresponding
+variables do not appear in the <B>V</B> instruction in the template
+file. The <VAR>initial_passwd</VAR> and <VAR>password_expires</VAR> fields
+are also empty.
+<P>If you wish, you can specify values or empty fields for all nine number
+variables in an <B>add</B> instruction. In that case, the bulk
+input file instructions are as follows:
+<PRE> add smith:John Smith:::fs1:a:::::marketing::::::
+ add jones:Pat Jones:::fs3:c:::::finance::::::
+</PRE>
+<P>The following example is a section of a bulk input file with a number of
+<B>delete</B> instructions and a <B>savevolume</B> instruction.
+Because the first three instructions appear before the <B>savevolume</B>
+instruction and their third field is blank, the corresponding volumes and VLDB
+entries are removed. The <B>delete</B> instruction for user
+<B>terry</B> follows the <B>savevolume</B> instruction, so her volume
+is not removed, but the volume for user <B>johnson</B> is, because the
+<B>delvolume</B> string in the third field of the <B>delete</B>
+instruction overrides the current default.
+<PRE> delete smith:/afs/abc.com/usr/smith
+ delete pat:/afs/abc.com/usr/pat
+ delete rogers:/afs/abc.com/usr/rogers
+ savevolume
+ delete terry:/afs/abc.com/usr/terry
+ delete johnson:/afs/abc.com/usr/johnson:delvolume
+</PRE>
+<P>The following example <B>exec</B> instruction is useful as a separator
+between a set of <B>add</B> instructions and a set of <B>delete</B>
+instructions. It generates a message on the standard output stream that
+informs you of the <B>uss bulk</B> command's progress.
+<PRE> exec echo "Additions completed; beginning deletions..."
+</PRE>
+<P><H3><A NAME="Header_571" HREF="auagd002.htm#ToC_571">To create and delete multiple AFS user accounts</A></H3>
+<OL TYPE=1>
+<P><LI>Authenticate as an AFS identity with all of the following
+privileges. In the conventional configuration, the <B>admin</B>
+user account has them, or you possibly have a personal administrative
+account. (To increase cell security, it is best to create special
+privileged accounts for use only while performing administrative
+procedures; for further discussion, see <A HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>.) If necessary, issue the <B>klog</B>
+command to authenticate.
+<PRE> % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+</PRE>
+<P>The following list specifies the necessary privileges and indicates how to
+check that you have them.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>The <TT>ADMIN</TT> flag on the Authentication Database entry.
+However, the Authentication Server always prompts you for a password in order
+to perform its own authentication. The following instructions direct
+you to specify the administrative identity on the <B>uss</B> command line
+itself.
+<P><LI>The <B>d</B> (<B>delete</B>), <B>i</B> (<B>insert</B>) and
+<B>l</B> (<B>lookup</B>) permissions on the ACL of the parent
+directory for each volume mount point. If necessary, issue the <B>fs
+listacl</B> command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+</UL>
+<P><LI><B>(Optional.)</B> Log in as the local superuser
+<B>root</B>. This is necessary only if you are creating new files
+or directories in the local file system and want to designate an alternate
+owner as the object is created. For a discussion of the issues
+involved, see <A HREF="#HDRWQ470">About Creating Local Disk Directories and Files</A>.
+<P><LI>If the bulk input file includes <B>add</B> instructions, verify the
+location and functionality of the template you are using. For a
+description of where the <B>uss</B> command interpreter expects to find
+the template, see <A HREF="#HDRWQ468">Where to Place Template Files</A>. You can always provide an alternate pathname if you
+wish. Also note which variables appear in the template, to be sure that
+you provide the corresponding arguments in the <B>add</B> instruction or
+on the <B>uss bulk</B> command line.
+<P><LI>Create a bulk input file that complies with the rules listed in <A HREF="#HDRWQ489">Constructing a Bulk Input File</A>. It is simplest to put the file in the same directory
+as the template file you are using.
+<P><LI><B>(Optional.)</B> Change to the directory where the bulk input
+file and template file reside.
+<PRE> % <B>cd</B> <VAR>template_directory</VAR>
+</PRE>
+<A NAME="IDX7734"></A>
+<A NAME="IDX7735"></A>
+<P><LI><A NAME="LIWQ490"></A>Issue the <B>uss bulk</B> command to create or delete
+accounts, or both. Enter the command on a single line; it appears
+here on multiple lines only for legibility.
+<P>The bulk operation always manipulates user entries in the Authentication
+Database. The Authentication Server performs its own authentication
+rather than accepting your existing AFS token. By default, it
+authenticates your local (UNIX) identity, which possibly does not correspond
+to an AFS-privileged administrator. Include the <B>-admin</B>
+argument to name an identity that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry. To verify that an entry has the flag,
+issue the <B>kas examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>uss bulk</B> <<VAR>bulk input file</VAR>> \
+ [<B>-template</B> <<VAR>pathname of template file</VAR>>] \
+ <B>-admin</B> <<VAR>administrator to authenticate</VAR>> \
+ [<B>-dryrun</B>] [<B>-overwrite</B>] \
+ [<B>-pwexpires</B> <<VAR>password expires in [0..254] days (0 => never)></VAR>] \
+ [<B>-pipe</B>]
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>b</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>bulk</B>.
+<P><DT><B><VAR>bulk input file</VAR>
+</B><DD>Specifies the pathname of the bulk input file. Partial pathnames
+are interpreted relative to the current working directory. For a
+discussion of the required file format, see <A HREF="#HDRWQ489">Constructing a Bulk Input File</A>.
+<P><DT><B>-template
+</B><DD>Specifies the pathname of the template file for any <B>uss add</B>
+commands that appear in the bulk input file. Partial pathnames are
+interpreted relative to the current working directory. For a discussion
+of the required file format, see <A HREF="#HDRWQ463">Constructing a uss Template File</A>.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as the <B>admin</B> account.
+The password prompt echoes it as <VAR>admin_user</VAR>. Enter the
+appropriate password as <VAR>admin_password</VAR>.
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform to run the
+command, without actually performing them.
+<P><DT><B><B>-overwrite</B>
+</B><DD>Overwrites any directories, files and links that exist in the file system
+and for which there are also <B>D</B>, <B>E</B>, <B>F</B>,
+<B>L</B>, or <B>S</B> instructions in the template file named by the
+<B>-template</B> argument. If this flag is omitted, the command
+interpreter prompts, once for each <B>add</B> instruction in the bulk
+input file, for confirmation that it is to overwrite such elements. Do
+not include this flag if there are no <B>add</B> instructions in the bulk
+input file.
+<P><DT><B><B>-pwexpires</B>
+</B><DD>Sets the number of days after a user's password is changed that it
+remains valid, for each user named by an <B>add</B> instruction in the
+bulk input file. Provide an integer from the range <B>1</B> through
+<B>254</B> to specify the number of days until expiration, or the value
+<B>0</B> to indicate that the password never expires (the default).
+<P>When the password becomes invalid (expires), the user is unable to
+authenticate, but has 30 more days in which to issue the <B>kpasswd</B>
+command to change the password (after that, only an administrator can change
+it).
+<P><DT><B><B>-pipe</B>
+</B><DD>Suppresses the Authentication Server's prompt for the password of the
+issuer or the user named by the <B>-admin</B> argument (the Authentication
+Server always separately authenticates the user who is creating or deleting an
+entry in the Authentication Database). Instead, the command interpreter
+accepts the password as piped input from another program, enabling you to run
+the <B>uss bulk</B> command in unattended batch jobs.
+</DL>
+<P><LI>If a newly created or deleted user home directory resides in a replicated
+volume, use the <B>vos release</B> command to release the volume, as
+described in <A HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This step can be necessary even if the home directory's parent directory
+is not itself a mount point for a replicated volume (and is easier to overlook
+in that case). For example, the ABC Corporation template puts the mount
+points for user volumes in the <B>/afs/abc.com/usr</B>
+directory. Because that is a regular directory rather than a mount
+point, it resides in the <B>root.cell</B> volume mounted at the
+<B>/afs/abc.com</B> directory. That volume is replicated, so
+after changing it by creating or deleting a mount point, the administrator
+must issue the <B>vos release</B> command.
+</TD></TR></TABLE>
+<P><LI>If you are creating accounts, create an entry for the new user in the
+local password file (<B>/etc/passwd</B> or equivalent) on each AFS client
+machine that he or she can log into. For suggestions on automating this
+step, see <A HREF="#HDRWQ458">Creating a Common Source Password File</A>.
+<P>Even if you do not use the automated method, set the user's UNIX UID
+to match the AFS UID assigned automatically by the Protection Server or
+assigned with the <B>-uid</B> argument. The new user's AFS UID
+appears in the trace produced by the <B>uss add</B> output or you can use
+the <B>pts examine</B> command to display it, as described in <A HREF="auagd019.htm#HDRWQ537">To display a Protection Database entry</A>.
+<P><LI>If you are deleting accounts, delete the user's entry from the local
+password file (<B>/etc/passwd</B> or equivalent) of each client
+machine. If you use the AFS <B>package</B> utility, it is
+sufficient to remove the entry from the common source version of the
+file. If you intend to reactivate the user's account in the
+future, it is simpler to comment out the entry or place an asterisk (*) in the
+password field.
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd016.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd018.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd017.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd019.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX7736"></A>
+<HR><H1><A NAME="HDRWQ491" HREF="auagd002.htm#ToC_572">Administering User Accounts</A></H1>
+<P>This chapter explains how to create and maintain user
+accounts in your cell.
+<P>The preferred method for creating user accounts is the <B>uss</B>
+program, which enables you to create multiple accounts with a single
+command. See <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A>. If you prefer to create each account
+component individually, follow the instructions in <A HREF="#HDRWQ502">Creating AFS User Accounts</A>.
+<HR><H2><A NAME="HDRWQ492" HREF="auagd002.htm#ToC_573">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Create Protection Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>pts createuser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Create Authentication Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas create</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Create volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>vos create</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Mount volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs mkmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Create entry on ACL
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs setacl</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Examine Protection Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Change directory ownership
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>/etc/chown</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Limit failed authentication attempts
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas setfields</B> with <B>-attempts</B> and
+<B>-locktime</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Unlock Authentication Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas unlock</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Set password lifetime
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas setfields</B> with <B>-pwexpires</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Prohibit password reuse
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas setfields</B> with <B>-reuse</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Change AFS password
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas setpassword</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">List groups owned by user
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>pts listowned</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Rename Protection Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>pts rename</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Delete Authentication Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>kas delete</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Rename volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>vos rename</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Remove mount point
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs rmmount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Delete Protection Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>pts delete</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">List volume location
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>vos listvldb</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Remove volume
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>vos remove</B>
+</TD></TR></TABLE>
+<P>
+<A NAME="IDX7737"></A>
+<HR><H2><A NAME="HDRWQ494" HREF="auagd002.htm#ToC_574">The Components of an AFS User Account</A></H2>
+<P>The differences between AFS and the UNIX file system imply
+that a complete AFS user account is not the same as a UNIX user
+account. The following list describes the components of an AFS
+account. The same information appears in a corresponding section of <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A>, but is repeated here for your convenience.
+<UL>
+<P><LI>A <I>Protection Database entry</I> defines the username (the name
+provided when authenticating with AFS), and maps it to an AFS user ID (AFS
+UID), a number that the AFS servers use internally when referencing
+users. The Protection Database also tracks the groups to which the user
+belongs. For details, see <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P><LI>An <I>Authentication Database entry</I> records the user's AFS
+password in a scrambled form suitable for use as an encryption key.
+<P><LI>A home <I>volume</I> stores all the files in the user's home
+directory together on a single partition of a file server machine. The
+volume has an associated <VAR>quota</VAR> that limits its size. For a
+complete discussion of volumes, see <A HREF="auagd010.htm#HDRWQ174">Managing Volumes</A>.
+<P><LI>A <I>mount point</I> makes the contents of the user's volume
+visible and accessible in the AFS filespace, and acts as the user's home
+directory. For more details about mount points, see <A HREF="auagd010.htm#HDRWQ183">About Mounting Volumes</A>.
+<P><LI>Full access permissions on the home directory's <I>access control
+list (ACL)</I> and ownership of the directory (as displayed by the UNIX
+<B>ls -ld</B> command) enable the user to manage his or her files.
+For details on AFS file protection, see <A HREF="auagd020.htm#HDRWQ562">Managing Access Control Lists</A>.
+<P><LI>A <I>local password file entry</I> (in the <B>/etc/passwd</B> file
+or equivalent) of each AFS client machine enables the user to log in and
+access AFS files through the Cache Manager. A subsequent section in
+this chapter further discusses local password file entries.
+<P><LI>Other optional <I>configuration files</I> make the account more
+convenient to use. Such files help the user log in and log out more
+easily, receive electronic mail, print, and so on.
+</UL>
+<A NAME="IDX7738"></A>
+<A NAME="IDX7739"></A>
+<HR><H2><A NAME="HDRWQ495" HREF="auagd002.htm#ToC_575">Creating Local Password File Entries</A></H2>
+<P>To obtain authenticated access to a cell's AFS
+filespace, a user must not only have a valid AFS token, but also an entry in
+the local password file (<B>/etc/passwd</B> or equivalent) of the machine
+whose Cache Manager is representing the user. This section discusses
+why it is important for the user's AFS UID to match to the UNIX UID
+listed in the local password file, and describes the appropriate value to put
+in the file's password field.
+<P>One reason to use <B>uss</B> commands is that they enable you to
+generate local password file entries automatically as part of account
+creation. See <A HREF="auagd017.htm#HDRWQ458">Creating a Common Source Password File</A>.
+<P>Information similar to the information in this section appears in a
+corresponding section of <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A>, but is repeated here for your convenience
+<P><H3><A NAME="HDRWQ496" HREF="auagd002.htm#ToC_576">Assigning AFS and UNIX UIDs that Match</A></H3>
+<P>A user account is easiest to administer and use if the AFS
+user ID number (AFS UID) and UNIX UID match. All instructions in the
+AFS documentation assume that they do.
+<P>The most basic reason to make AFS and UNIX UIDs the same is so that the
+owner name reported by the UNIX <B>ls -l</B> and <B>ls -ld</B>
+commands makes sense for AFS files and directories. Following standard
+UNIX practice, the File Server records a number rather than a username in an
+AFS file or directory's owner field: the owner's AFS
+UID. When you issue the <B>ls -l</B> command, it translates the UID
+to a username according to the mapping in the local password file, not the AFS
+Protection Database. If the AFS and UNIX UIDs do not match, the <B>ls
+-l</B> command reports an unexpected (and incorrect) owner. The
+output can even vary on different client machines if their local password
+files map the same UNIX UID to different names.
+<P>Follow the recommendations in the indicated sections to make AFS and UNIX
+UIDs match when creating accounts for various types of users:
+<UL>
+<P><LI>If creating an AFS account for a user who already has a UNIX UID, see <A HREF="#HDRWQ499">Making UNIX and AFS UIDs Match</A>.
+<P><LI>If some users in your cell have existing UNIX accounts but the user for
+whom you are creating an AFS account does not, then it is best to allow the
+Protection Server to allocate an AFS UID automatically. To avoid
+overlap of AFS UIDs with existing UNIX UIDs, set the Protection
+Database's <TT>max user id</TT> counter higher than the largest UNIX
+UID, using the instructions in <A HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<P><LI>If none of your users have existing UNIX accounts, allow the Protection
+Server to allocate AFS UIDs automatically, starting either at its default or
+at the value you have set for the <TT>max user id</TT> counter.
+</UL>
+<A NAME="IDX7740"></A>
+<A NAME="IDX7741"></A>
+<P><H3><A NAME="HDRWQ497" HREF="auagd002.htm#ToC_577">Specifying Passwords in the Local Password File</A></H3>
+<P>Authenticating with AFS is easiest for your users if you
+install and configure an AFS-modified login utility, which logs a user into
+the local file system and obtains an AFS token in one step. In this
+case, the local password file no longer controls a user's ability to
+login in most circumstances, because the AFS-modified login utility does not
+consult the local password file if the user provides the correct AFS
+password. You can nonetheless use a password file entry's password
+field (usually, the second field) in the following ways to control login and
+authentication:
+<UL>
+<P><LI>To prevent both local login and AFS authentication, place an asterisk ( *
+) in the field. This is useful mainly in emergencies, when you want to
+prevent a certain user from logging into the machine.
+<P><LI>To prevent login to the local file system if the user does not provide the
+correct AFS password, place a character string of any length other than the
+standard thirteen characters in the field. This is appropriate if you
+want to allow only people with local AFS accounts to log into to your
+machines. A single <B>X</B> or other character is the most easily
+recognizable way to do this.
+<P><LI>To enable a user to log into the local file system even after providing an
+incorrect AFS password, record a standard UNIX encrypted password in the field
+by issuing the standard UNIX password-setting command (<B>passwd</B> or
+equivalent).
+</UL>
+<P>If you do not use an AFS-modified login utility, you must place a standard
+UNIX password in the local password file of every client machine the user will
+use. The user logs into the local file system only, and then must issue
+the <B>klog</B> command to authenticate with AFS. It is simplest if
+the passwords in the local password file and the Authentication Database are
+the same, but this is not required.
+<A NAME="IDX7742"></A>
+<A NAME="IDX7743"></A>
+<HR><H2><A NAME="HDRWQ498" HREF="auagd002.htm#ToC_578">Converting Existing UNIX Accounts</A></H2>
+<P>This section discusses the three main issues you need to
+consider if your cell has existing UNIX accounts that you wish to convert to
+AFS accounts.
+<P><H3><A NAME="HDRWQ499" HREF="auagd002.htm#ToC_579">Making UNIX and AFS UIDs Match</A></H3>
+<P>As previously mentioned, AFS users must have an entry in the
+local password file on every client machine from which they access the AFS
+filespace as an authenticated user. Both administration and use are
+much simpler if the UNIX UID and AFS UID match. When converting
+existing UNIX accounts, you have two alternatives:
+<UL>
+<P><LI>Make the AFS UIDs match the existing UNIX UIDs. In this case, you
+need to assign the AFS UID yourself by including the <B>-id</B> argument
+to the <B>pts createuser</B> command as you create the AFS account.
+<P>
+<P>Because you are retaining the user's UNIX UID, you do not need to
+alter the UID in the local password file entry. However, if you are
+using an AFS-modified login utility, you possibly need to change the password
+field in the entry. For a discussion of how the value in the password
+field affects login with an AFS-modified login utility, see <A HREF="#HDRWQ497">Specifying Passwords in the Local Password File</A>.
+<P>If now or in the future you need to create AFS accounts for users who do
+not have an existing UNIX UID, then you must guarantee that new AFS UIDs do
+not conflict with any existing UNIX UIDs. The simplest way is to set
+the <TT>max user id</TT> counter in the Protection Database to a value
+higher than the largest existing UNIX UID. See <A HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<P><LI>Change the existing UNIX UIDs to match the new AFS UIDs that the
+Protection Server assigns automatically.
+<P>Allow the Protection Server to allocate the AFS UIDs automatically as you
+create AFS accounts. You must then alter the user's entry in the
+local password file on every client machine to include the new UID.
+<P>There is one drawback to changing the UNIX UID: any files and
+directories that the user owned in the local file system before becoming an
+AFS user still have the former UID in their owner field. If you want
+the <B>ls -l</B> and <B>ls -ld</B> commands to display the correct
+owner, you must use the <B>chown</B> command to change the value to the
+user's new UID, whether you are leaving the file in the local file system
+or moving it to AFS. See <A HREF="#HDRWQ501">Moving Local Files into AFS</A>.
+</UL>
+<P><H3><A NAME="HDRWQ500" HREF="auagd002.htm#ToC_580">Setting the Password Field Appropriately</A></H3>
+<P>Existing UNIX accounts already have an entry in the local
+password file, probably with a (scrambled) password in the password
+field. You possibly need to change the value in the field, depending on
+the type of login utility you use:
+<UL>
+<P><LI>If the login utility is not modified for use with AFS, the actual password
+must appear (in scrambled form) in the local password file entry.
+<P><LI>If the login utility is modified for use with AFS, choose one of the
+values discussed in <A HREF="#HDRWQ497">Specifying Passwords in the Local Password File</A>.
+</UL>
+<P><H3><A NAME="HDRWQ501" HREF="auagd002.htm#ToC_581">Moving Local Files into AFS</A></H3>
+<P>New AFS users with existing UNIX accounts probably already
+own files and directories stored in a machine's local file system, and it
+usually makes sense to transfer them into the new home volume. The
+easiest method is to move them onto the local disk of an AFS client machine,
+and then use the UNIX <B>mv</B> command to transfer them into the
+user's new AFS home directory.
+<P>As you move files and directories into AFS, keep in mind that the meaning
+of their mode bits changes. AFS ignores the second and third sets of
+mode bits (group and other), and does not use the first set (the owner bits)
+directly, but only in conjunction with entries on the ACL (for details, see <A HREF="auagd020.htm#HDRWQ580">How AFS Interprets the UNIX Mode Bits</A>). Be sure that the ACL protects the file or directory
+at least as securely as the mode bits.
+<P>If you have chosen to change a user's UNIX UID to match a new AFS UID,
+you must change the ownership of UNIX files and directories as well.
+Only members of the <B>system:administrators</B> group can issue the
+<B>chown</B> command on files and directories once they reside in
+AFS.
+<HR><H2><A NAME="HDRWQ502" HREF="auagd002.htm#ToC_582">Creating AFS User Accounts</A></H2>
+<P>There are two methods for creating user accounts. The
+preferred method--using the <B>uss</B> commands--enables you to
+create multiple accounts with a single command. It uses a template to
+define standard values for the account components that are the same for each
+user (such as quota), but provide differing values for more variable
+components (such as username). See <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A>.
+<P>The second method involves issuing a separate command to create each
+component of the account. It is best suited to creation of one account
+at a time, since some of the commands can create only one instance of the
+relevant component. To review the function of each component, see <A HREF="#HDRWQ494">The Components of an AFS User Account</A>.
+<P>Use the following instructions to create any of the three types of user
+account, which differ in their levels of functionality. For a
+description of the types, see <A HREF="auagd007.htm#HDRWQ57">Configuring AFS User Accounts</A>.
+<UL>
+<P><LI>To create an authentication-only account, perform Step <A HREF="#LIWQ504">1</A> through Step <A HREF="#LIWQ507">4</A> and also Step <A HREF="#LIWQ514">14</A>. This type of
+account consists only of entries in the Authentication Database and Protection
+Database.
+<P><LI>To create a basic account, perform Step <A HREF="#LIWQ504">1</A> through Step <A HREF="#LIWQ510">8</A> and Step <A HREF="#LIWQ512">11</A> through Step <A HREF="#LIWQ514">14</A>.
+In addition to Authentication Database and Protection Database entries, this
+type of account includes a volume mounted at the home directory with owner and
+ACL set appropriately.
+<P><LI>To create a full account, perform all steps in the following
+instructions. This type of account includes configuration files for
+basic functions such as logging in, printing, and mail delivery, making it
+more convenient and useful. For a discussion of some useful types of
+configuration files, see <A HREF="auagd007.htm#HDRWQ60">Creating Standard Files in New AFS Accounts</A>.
+</UL>
+<A NAME="IDX7744"></A>
+<A NAME="IDX7745"></A>
+<A NAME="IDX7746"></A>
+<A NAME="IDX7747"></A>
+<A NAME="IDX7748"></A>
+<A NAME="IDX7749"></A>
+<A NAME="IDX7750"></A>
+<A NAME="IDX7751"></A>
+<A NAME="IDX7752"></A>
+<A NAME="IDX7753"></A>
+<P><H3><A NAME="HDRWQ503" HREF="auagd002.htm#ToC_583">To create one user account with individual commands</A></H3>
+<OL TYPE=1>
+<P><LI><A NAME="LIWQ504"></A>Decide on the value to assign to each of the following account
+components. If you are creating an authentication-only account, you
+need to pick only a username, AFS UID, and initial password.
+<UL>
+<P><LI>The username. By convention, the names of many components of the
+user account incorporate this name. For a discussion of restrictions
+and suggested naming schemes, see <A HREF="auagd007.htm#HDRWQ58">Choosing Usernames and Naming Other Account Components</A>.
+<P><LI>The AFS UID, if you want to assign a specific one. It is generally
+best to have the Protection Server allocate one instead, except when you are
+creating an AFS account for a user who already has an existing UNIX
+account. In that case, migrating the user's files into AFS is
+simplest if you set the AFS UID to match the existing UNIX UID. See <A HREF="#HDRWQ498">Converting Existing UNIX Accounts</A>.
+<P><LI>The initial password. Advise the user to change this at the first
+login, using the password changing instructions in the <I>IBM AFS User
+Guide</I>.
+<P><LI>The name of the user's home volume. The conventional name is
+<B>user.</B><VAR>username</VAR> (for example,
+<B>user.smith</B>).
+<P><LI>The volume's site (disk partition on a file server machine).
+Some cells designate certain machines or partitions for user volumes only, or
+it possibly makes sense to place the volume on the emptiest partition that
+meets your other criteria. To display the size and available space on a
+partition, use the <B>vos partinfo</B> command, which is fully described
+in <A HREF="auagd010.htm#HDRWQ185">Creating Read/write Volumes</A>.
+<P><LI>The name of the user's home directory (the mount point for the home
+volume). The conventional location is a directory (or one of a set of
+directories) directly under the cell directory, such as
+<B>/afs/</B><VAR>cellname</VAR><B>/usr</B>. For suggestions on
+how to avoid the slowed directory lookup that can result from having large
+numbers of user home directories in a single <B>usr</B> directory, see <A HREF="auagd017.htm#HDRWQ472">Evenly Distributing User Home Directories with the G Instruction</A>.
+<P><LI>The volume's space quota. Include the <B>-maxquota</B>
+argument to the <B>vos create</B> command, or accept the default quota of
+5000 KB.
+<P><LI>The ACL on the home directory. By default, the ACL on every new
+volume grants all seven permissions to the
+<B>system:administrators</B> group. After volume creation,
+use the <B>fs setacl</B> command to remove the entry if desired, and to
+grant all seven permissions to the user.
+</UL>
+<P><LI><A NAME="LIWQ505"></A>Authenticate as an AFS identity with all of the following
+privileges. In the conventional configuration, the <B>admin</B>
+user account has them, or you possibly have a personal administrative
+account. (To increase cell security, it is best to create special
+privileged accounts for use only while performing administrative
+procedures; for further discussion, see <A HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>.) If necessary, issue the <B>klog</B>
+command to authenticate.
+<PRE> % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+</PRE>
+<P>The following list specifies the necessary privileges and indicates how to
+check that you have them.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>The <TT>ADMIN</TT> flag on your Authentication Database entry.
+However, the Authentication Server performs its own authentication, so in Step
+<A HREF="#LIWQ507">4</A> you specify an administrative identity on the <B>kas</B>
+command line itself.
+<P><LI>The <B>i</B> (<B>insert</B>) and <B>a</B>
+(<B>administer</B>) permissions on the ACL of the directory where you are
+mounting the user's volume. If necessary, issue the <B>fs
+listacl</B> command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+<P><LI>Knowledge of the password for the local superuser <B>root</B>.
+</UL>
+<A NAME="IDX7754"></A>
+<A NAME="IDX7755"></A>
+<P><LI><A NAME="LIWQ506"></A>Issue the <B>pts createuser</B> command to create an entry
+in the Protection Database. For a discussion of setting AFS UIDs, see <A HREF="#HDRWQ496">Assigning AFS and UNIX UIDs that Match</A>. If you are converting an existing UNIX account into
+an AFS account, also see <A HREF="#HDRWQ498">Converting Existing UNIX Accounts</A>.
+<PRE> % <B>pts createuser</B> <<VAR>user name</VAR>> [<<VAR>user id</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cu
+</B><DD>Is an acceptable alias for <B>createuser</B> (and <B>createu</B>
+is the shortest acceptable abbreviation).
+<P><DT><B><VAR>user name</VAR>
+</B><DD>Specifies the user's username (the character string typed at
+login). It is best to limit the name to eight or fewer lowercase
+letters, because many application programs impose that limit. The AFS
+servers themselves accept names of up to 63 lowercase letters. Also
+avoid the following characters: colon (<B>:</B>), semicolon
+(<B>;</B>), comma (<B>,</B>), at sign (<B>@</B>), space,
+newline, and the period (<B>.</B>), which is conventionally used
+only in special administrative names.
+<P><DT><B><VAR>user id</VAR>
+</B><DD>Is optional and appropriate only if the user already has a UNIX UID that
+the AFS UID must match. If you do not provide this argument, the
+Protection Server assigns one automatically based on the counter described in <A HREF="auagd019.htm#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>. If the ID you specify is less than <B>1</B>
+(one) or is already in use, an error results.
+</DL>
+<A NAME="IDX7756"></A>
+<A NAME="IDX7757"></A>
+<P><LI><A NAME="LIWQ507"></A>Issue the <B>kas create</B> command to create an entry in
+the Authentication Database. To avoid having the user's temporary
+initial password echo visibly on the screen, omit the
+<B>-initial_password</B> argument; instead enter the password at the
+prompts that appear when you omit the argument, as shown in the following
+syntax specification.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas create</B> <<VAR>name of user</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+ initial_password: <VAR>initial_password</VAR>
+ Verifying, please re-enter initial_password: <VAR>initial_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cr
+</B><DD>Is the shortest acceptable abbreviation for <B>create</B>.
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Specifies the same username as in Step <A HREF="#LIWQ506">3</A>.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+<P><DT><B><VAR>initial_password</VAR>
+</B><DD>Specifies the initial password as a string of eight characters or less, to
+comply with the length restriction that some applications impose.
+Possible choices for an initial password include the username, a string of
+digits from a personal identification number such as the Social Security
+number, or a standard string such as <B>changeme</B>. Instruct the
+user to change the string to a truly secret password as soon as possible by
+using the <B>kpasswd</B> command as described in the <I>IBM AFS User
+Guide</I>.
+</DL>
+<A NAME="IDX7758"></A>
+<A NAME="IDX7759"></A>
+<P><LI><A NAME="LIWQ508"></A>Issue the <B>vos create</B> command to create the
+user's volume.
+<PRE> % <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <<VAR>volume name</VAR>> \
+ [<B>-maxquota</B> <<VAR>initial quota (KB)</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cr
+</B><DD>Is the shortest acceptable abbreviation of <B>create</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine on which to place the new volume.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names the partition on which to place the new volume.
+<P><DT><B><VAR>volume name</VAR>
+</B><DD>Names the new volume. The name can include up to 22
+characters. By convention, user volume names have the form
+<B>user.</B><VAR>username</VAR>, where <VAR>username</VAR> is the name
+assigned in Step <A HREF="#LIWQ506">3</A>.
+<P><DT><B>-maxquota
+</B><DD>Sets the volume's quota, as a number of kilobyte blocks. If
+you omit this argument, the default is 5000 KB.
+</DL>
+<A NAME="IDX7760"></A>
+<A NAME="IDX7761"></A>
+<P><LI><A NAME="LIWQ509"></A>Issue the <B>fs mkmount</B> command to mount the volume in
+the filespace and create the user's home directory.
+<PRE> % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>mk
+</B><DD>Is the shortest acceptable abbreviation for <B>mkmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point to create. A directory of the same name must
+not already exist. Partial pathnames are interpreted relative to the
+current working directory. By convention, user home directories are
+mounted in a directory called something like
+<B>/afs/.</B><VAR>cellname</VAR><B>/usr</B>, and the home
+directory name matches the username assigned in Step <A HREF="#LIWQ506">3</A>.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to create the new mount point in a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P><DT><B><VAR>volume name</VAR>
+</B><DD>Is the name of the volume created in Step <A HREF="#LIWQ508">5</A>.
+</DL>
+<P><LI><B>(Optional)</B> Issue the <B>fs setvol</B> command with the
+<B>-offlinemsg</B> argument to record auxiliary information about the
+volume in its volume header. For example, you can record who owns the
+volume or where you have mounted it in the filespace. To display the
+information, use the <B>fs examine</B> command.
+<PRE> % <B>fs setvol</B> <<VAR>dir/file path</VAR>> <B>-offlinemsg</B> <<VAR>offline message</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sv
+</B><DD>Is an acceptable alias for <B>setvol</B> (and <B>setv</B> the
+shortest acceptable abbreviation).
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names the mount point of the volume with which to associate the
+message. Partial pathnames are interpreted relative to the current
+working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to change a read-only volume. By convention,
+you indicate the read/write path by placing a period before the cell name at
+the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P><DT><B>-offlinemsg
+</B><DD>Specifies up to 128 characters of auxiliary information to record in the
+volume header.
+</DL>
+<P><LI><A NAME="LIWQ510"></A>Issue the <B>fs setacl</B> command to set the ACL on the
+new home directory. At the least, create an entry that grants all
+permissions to the user, as shown.
+<P>You can also use the command to edit or remove the entry that the <B>vos
+create</B> command automatically places on the ACL for a new volume's
+root directory, which grants all permissions to the
+<B>system:administrators</B> group. Keep in mind that even if
+you remove the entry, the members of the group by default have implicit
+<B>a</B> (<B>administer</B>) and by default <B>l</B>
+(<B>lookup</B>) permissions on every ACL, and can grant themselves other
+permissions as required.
+<P>For detailed instructions for the <B>fs setacl</B> command, see <A HREF="auagd020.htm#HDRWQ573">Setting ACL Entries</A>.
+<PRE> % <B>fs setacl</B> <<VAR>directory</VAR>> <B>-acl</B> <<VAR>user name</VAR>> <B>all</B> \
+ [<B>system:administrators</B> <VAR>desired_permissions</VAR>]
+</PRE>
+<P><LI><A NAME="LIWQ511"></A><B>(Optional)</B> Create configuration files and
+subdirectories in the new home directory. Possibilities include
+<B>.login</B> and <B>.logout</B> files, a
+shell-initialization file such as <B>.cshrc</B>, files to help with
+printing and mail delivery, and so on.
+<P>If you are converting an existing UNIX account into an AFS account, you
+possibly wish to move some files and directories into the user's new AFS
+home directory. See <A HREF="#HDRWQ498">Converting Existing UNIX Accounts</A>.
+<P><LI><B>(Optional)</B> In the new <B>.login</B> or shell
+initialization file, define the user's $PATH environment variable to
+include the directories where AFS binaries are kept (for example, the
+<B>/usr/afsws/bin</B> and <B>/usr/afsws/etc</B> directories).
+<P><LI><A NAME="LIWQ512"></A>In Step <A HREF="#LIWQ513">12</A> and Step <A HREF="#LIWQ514">14</A>, you must know the user's AFS
+UID. If you had the Protection Server assign it in Step <A HREF="#LIWQ506">3</A>, you probably do not know it. If necessary, issue
+the <B>pts examine</B> command to display it.
+<PRE> % <B>pts examine</B> <<VAR>user or group name or id</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>e
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B>.
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Is the username that you assigned in Step <A HREF="#LIWQ506">3</A>.
+</DL>
+<P>The first line of the output displays the username and AFS UID. For
+further discussion and an example of the output, see <A HREF="auagd019.htm#HDRWQ536">Displaying Information from the Protection Database</A>.
+<P><LI><A NAME="LIWQ513"></A>Designate the user as the owner of the home directory and any
+files and subdirectories created or moved in Step <A HREF="#LIWQ511">9</A>. Specify the owner by the AFS UID you learned in Step
+<A HREF="#LIWQ512">11</A> rather than by username. This is necessary for new
+accounts because the user does not yet have an entry in your local
+machine's password file (<B>/etc/passwd</B> or equivalent). If
+you are converting an existing UNIX account, an entry possibly already exists,
+but the UID is possibly incorrect. In that case, specifying a username
+means that the corresponding (possibly incorrect) UID is recorded as the
+owner.
+<P>Some operating systems allow only the local superuser <B>root</B> to
+issue the <B>chown</B> command. If necessary, issuing the
+<B>su</B> command before the <B>chown</B> command.
+<PRE> % <B>chown</B> <VAR>new_owner_ID</VAR> <VAR>directory</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>new_owner_ID</VAR>
+</B><DD>Is the user's AFS UID, which you learned in Step <A HREF="#LIWQ512">11</A>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the home directory you created in Step <A HREF="#LIWQ509">6</A>, plus each subdirectory or file you created in Step <A HREF="#LIWQ511">9</A>.
+</DL>
+<P><LI>If the new user home directory resides in a replicated volume, use the
+<B>vos release</B> command to release the volume, as described in <A HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This step can be necessary even if the home directory's parent directory
+is not itself a mount point for a replicated volume (and is easier to overlook
+in that case). Suppose, for example, that the ABC Corporation puts the
+mount points for user volumes in the <B>/afs/abc.com/usr</B>
+directory. Because that is a regular directory rather than a mount
+point, it resides in the <B>root.cell</B> volume mounted at the
+<B>/afs/abc.com</B> directory. That volume is replicated, so
+after changing it by creating a new mount point the administrator must issue
+the <B>vos release</B> command.
+</TD></TR></TABLE>
+<P><LI><A NAME="LIWQ514"></A>Create or modify an entry for the new user in the local
+password file (<B>/etc/passwd</B> or equivalent) of each machine the user
+can log onto. Remember to make the UNIX UID the same as the AFS UID you
+learned in Step <A HREF="#LIWQ512">11</A>, and to fill the password field appropriately (for
+instructions, see <A HREF="#HDRWQ497">Specifying Passwords in the Local Password File</A>).
+<P>If you use the <B>package</B> utility to distribute a common version of
+the password file to all client machines, then you need to make the change
+only in the common version. See <A HREF="auagd016.htm#HDRWQ419">Configuring Client Machines with the package Program</A>.
+</OL>
+<A NAME="IDX7762"></A>
+<A NAME="IDX7763"></A>
+<A NAME="IDX7764"></A>
+<A NAME="IDX7765"></A>
+<HR><H2><A NAME="HDRWQ515" HREF="auagd002.htm#ToC_584">Improving Password and Authentication Security</A></H2>
+<P>AFS provides several optional features than can help to
+protect your cell's filespace against unauthorized access. The
+following list summarizes them, and instructions follow.
+<UL>
+<P><LI>Limit the number of consecutive failed login attempts.
+<P>One of the most common ways for an unauthorized user to access your
+filespace is to guess an authorized user's password. This method
+of attack is most dangerous if the attacker can use many login processes in
+parallel or use the RPC interfaces directly.
+<P>To protect against this type of attack, use the <B>-attempts</B>
+argument to the <B>kas setfields</B> command to limit the number of times
+that a user can consecutively fail to enter the correct password when using
+either an AFS-modified login utility or the <B>klog</B> command.
+When the limit is exceeded, the Authentication Server locks the user's
+Authentication Database entry (disallows authentication attempts) for a period
+of time that you define with the <B>-locktime</B> argument to the <B>kas
+setfields</B> command. If desired, system administrators can use the
+<B>kas unlock</B> command to unlock the entry before the complete lockout
+time passes.
+<P>In certain circumstances, the mechanism used to enforce the number of
+failed authentication attempts can cause a lockout even though the number of
+failed attempts is less than the limit set by the <B>-attempts</B>
+argument. Client-side authentication programs such as <B>klog</B>
+and an AFS-modified login utility normally choose an Authentication Server at
+random for each authentication attempt, and in case of a failure are likely to
+choose a different Authentication Server for the next attempt. The
+Authentication Servers running on the various database server machines do not
+communicate with each other about how many times a user has failed to provide
+the correct password to them. Instead, each Authentication Server
+maintains its own separate copy of the auxiliary database file
+<B>kaserverauxdb</B> (located in the <B>/usr/afs/local</B> directory
+by default), which records the number of consecutive authentication failures
+for each user account and the time of the most recent failure. This
+implementation means that on average each Authentication Server knows about
+only a fraction of the total number of failed attempts. The only way to
+avoid allowing more than the number of attempts set by the
+<B>-attempts</B> argument is to have each Authentication Server allow only
+some fraction of the total. More specifically, if the limit on failed
+attempts is <I>f</I>, and the number of Authentication Servers is
+<I>S</I>, then each Authentication Server can only permit a number of
+attempts equal to <I>f</I> divided by <I>S</I> (the Ubik
+synchronization site for the Authentication Server tracks any remainder,
+<I>fmodS</I>).
+<P>Normally, this implementation does not reduce the number of allowed
+attempts to less than the configured limit (<I>f</I>). If one
+Authentication Server refuses an attempt, the client contacts another instance
+of the server, continuing until either it successfully authenticates or has
+contacted all of the servers. However, if one or more of the
+Authentication Server processes is unavailable, the limit is effectively
+reduced by a percentage equal to the quantity <I>U</I> divided by
+<I>S</I>, where <I>U</I> is the number of unavailable servers and
+<I>S</I> is the number normally available.
+<P>To avoid the undesirable consequences of setting a limit on failed
+authentication attempts, note the following recommendations:
+<UL>
+<P><LI>Do not set the <B>-attempts</B> argument (the limit on failed
+authentication attempts) too low. A limit of nine failed attempts is
+recommended for regular user accounts, to allow three failed attempts per
+Authentication Server in a cell with three database server machines.
+<P><LI>Set fairly short lockout times when including the <B>-locktime</B>
+argument. Although guessing passwords is a common method of attack, it
+is not a very sophisticated one. Setting a lockout time can help
+discourage attackers, but excessively long times are likely to be more of a
+burden to authorized users than to potential attackers. A lockout time
+of 25 minutes is recommended for regular user accounts.
+<P><LI>Do not assign an infinite lockout time on an account (by setting the
+<B>-locktime</B> argument to <B>0</B> [zero]) unless there is a highly
+compelling reason. Such accounts almost inevitably become locked at
+some point, because each Authentication Server never resets the account's
+failure counter in its copy of the <B>kaauxdb</B> file (in contrast, when
+the lockout time is not infinite, the counter resets after the specified
+amount of time has passed since the last failed attempt to that Authentication
+Server). Furthermore, the only way to unlock an account with an
+infinite lockout time is for an administrator to issue the <B>kas
+unlock</B> command. It is especially dangerous to set an infinite
+lockout time on an administrative account; if all administrative accounts
+become locked, the only way to unlock them is to shut down all instances of
+the Authentication Server and remove the <B>kaauxdb</B> file on
+each.
+</UL>
+<P>In summary, the recommended limit on authentication attempts is nine and
+lockout time 25 minutes.
+<P><LI>Limit password lifetime.
+<P>The longer a password is in use, the more time an attacker has to try to
+learn it. To protect against this type of attack, use the
+<B>-pwexpires</B> argument to the <B>kas setfields</B> command to
+limit how many days a user's password is valid. The user becomes
+unable to authenticate with AFS after the password expires, but has up to 30
+days to use the <B>kpasswd</B> command to set a new password. After
+the 30 days pass, only an administrator who has the <TT>ADMIN</TT> flag on
+the Authentication Database entry can change the password.
+<P>If you set a password lifetime, many AFS-modified login utilities (but not
+the <B>klog</B> command) set the PASSWORD_EXPIRES environment variable to
+the number of days remaining until the password expires. A setting of
+zero means that the password expires today. If desired, you can
+customize your users' login scripts to display the number of days
+remaining before expiration and even prompt for a password change when a small
+number of days remain before expiration.
+<P><LI>Prohibit reuse of passwords.
+<P>Forcing users to select new passwords periodically is not effective if they
+simply set the new password to the current value. To prevent a user
+from setting a new password to a string similar to any of the last 20
+passwords, use the <B>-reuse</B> argument to the <B>kas setfields</B>
+command.
+<P>If you prohibit password reuse and the user specifies an excessively
+similar password, the Authentication Server generates the following message to
+reject it:
+<PRE> Password was not changed because it seems like a reused password
+</PRE>
+<P>A persistent user can try to bypass this restriction by changing the
+password 20 times in quick succession (or running a script to do so).
+If you believe this is likely to be a problem, you can include the
+<B>-minhours</B> argument to the <B>kaserver</B> initialization
+command (for details, see the command's reference page in the <I>IBM
+AFS Administration Reference</I>. If the user attempts to change
+passwords too frequently, the following message appears.
+<PRE> Password was not changed because you changed it too recently; see
+ your systems administrator
+</PRE>
+<P><LI>Check the quality of new passwords.
+<P>You can impose a minimum quality standard on passwords by writing a script
+or program called <B>kpwvalid</B>. If the <B>kpwvalid</B> file
+exists, the <B>kpasswd</B> and <B>kas setpassword</B> command
+interpreters invoke it to check a new password. If the password does
+not comply with the quality standard, the <B>kpwvalid</B> program returns
+an appropriate code and the command interpreter rejects the password.
+<P>The <B>kpwvalid</B> file must be executable, must reside in the same
+AFS directory as the <B>kpasswd</B> and <B>kas</B> binaries, and its
+directory's ACL must grant the <B>w</B> (<B>write</B>) permission
+only to the <B>system:administrators</B> group.
+<P>If you choose to write a <B>kpwvalid</B> program, consider imposing
+standards such as the following.
+<UL>
+<P><LI>A minimum length
+<P><LI>Words found in the dictionary are prohibited
+<P><LI>Numbers, punctuation, or both must appear along with letters
+</UL>
+<P>The AFS distribution includes an example <B>kpwvalid</B>
+program. See the <B>kpwvalid</B> reference page in the <I>IBM AFS
+Administration Reference</I>.
+</UL>
+<A NAME="IDX7766"></A>
+<A NAME="IDX7767"></A>
+<P><H3><A NAME="Header_585" HREF="auagd002.htm#ToC_585">To limit the number of consecutive failed authentication attempts</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas setfields</B> command with the <B>-attempts</B>
+and <B>-locktime</B> arguments.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas setfields</B> <<VAR>name of user</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>> \
+ <B>-attempts</B> <<VAR>maximum successive failed login tries ([0..254])</VAR>> \
+ <B>-locktime</B> <<VAR>failure penalty [hh:mm or minutes]</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the Authentication Database entry to edit.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as the <B>admin</B> account.
+The password prompt echoes it as <VAR>admin_user</VAR>. Enter the
+appropriate password as <VAR>admin_password</VAR>.
+<P><DT><B>-attempts
+</B><DD>Specifies the maximum consecutive number of times that a user can fail to
+provide the correct password during authentication (via the <B>klog</B>
+command or an AFS-modified login utility) before the Authentication Server
+refuses further attempts for the amount of time specified by the
+<B>-locktime</B> argument. The range of valid values is
+<B>0</B> (zero) through <B>254</B>. If you omit this argument
+or specify <B>0</B>, the Authentication Server allows an unlimited number
+of failures.
+<P><DT><B><B>-locktime</B>
+</B><DD>Specifies how long the Authentication Server refuses authentication
+attempts after the user exceeds the failure limit specified by the
+<B>-attempts</B> argument.
+<P>Specify a time in either hours and minutes (<VAR>hh</VAR>:<VAR>mm</VAR>)
+or minutes only (<VAR>mm</VAR>), from the range <B>01</B> (one minute)
+through <B>36:00</B> (36 hours). The <B>kas</B> command
+interpreter automatically reduces any larger value to 36:00 and also
+rounds up each nonzero value to the next-higher multiple of 8.5
+minutes.
+<P>It is best not to provide a value of <B>0</B> (zero), especially on
+administrative accounts, because it sets an infinite lockout time. An
+administrator must always issue the <B>kas unlock</B> command to unlock
+such an account.
+</DL>
+</OL>
+<P><H3><A NAME="Header_586" HREF="auagd002.htm#ToC_586">To unlock a locked user account</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas</B> command to enter interactive mode.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas -admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+ ka>
+</PRE>
+<P>where <B>-admin</B> names an administrative account that has the
+<TT>ADMIN</TT> flag on its Authentication Database entry, such as
+<B>admin</B>. The password prompt echoes it as
+<VAR>admin_user</VAR>. Enter the appropriate password as
+<VAR>admin_password</VAR>.
+<P><LI>Issue the <B>(kas) examine</B> command to verify that the user's
+account is in fact locked, as indicated by the message shown:
+<PRE> ka> <B>examine</B> <<VAR>name of user</VAR>>
+ User is locked until <VAR>time</VAR>
+</PRE>
+<A NAME="IDX7768"></A>
+<A NAME="IDX7769"></A>
+<P><LI>Issue the <B>(kas) unlock</B> command to unlock the account.
+<PRE> ka> <B>unlock</B> <<VAR>authentication ID</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>u
+</B><DD>Is the shortest acceptable abbreviation of <B>unlock</B>.
+<P><DT><B><VAR>authentication ID</VAR>
+</B><DD>Names the Authentication Database entry to unlock.
+</DL>
+</OL>
+<A NAME="IDX7770"></A>
+<A NAME="IDX7771"></A>
+<A NAME="IDX7772"></A>
+<P><H3><A NAME="Header_587" HREF="auagd002.htm#ToC_587">To set password lifetime</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas setfields</B> command with the <B>-pwexpires</B>
+argument.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas setfields</B> <<VAR>name of user</VAR>> \
+ <B>-pwexpires</B> <<VAR>number days password is valid [0..254])</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Specifies the Authentication Database entry on which to impose a password
+expiration.
+<P><DT><B>-pwexpires
+</B><DD>Sets the number of days after the user's password was last changed
+that it remains valid. Provide an integer from the range <B>1</B>
+through <B>254</B> to specify the number of days until expiration.
+<P>When the password becomes invalid (expires), the user is unable to
+authenticate, but has 30 more days in which to issue the <B>kpasswd</B> or
+<B>kas setpassword</B> command to change the password (after that, only an
+administrator can change it). Note that the clock starts at the time
+the password was last changed, not when the <B>kas setfields</B> command
+is issued. To avoid retroactive expiration, have the user change the
+password just before issuing the command.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+</DL>
+</OL>
+<A NAME="IDX7773"></A>
+<A NAME="IDX7774"></A>
+<P><H3><A NAME="Header_588" HREF="auagd002.htm#ToC_588">To prohibit reuse of passwords</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas setfields</B> command with the <B>-reuse</B>
+argument.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas setfields</B> <<VAR>name of user</VAR>> <B>-reuse</B> <<VAR> permit password reuse (yes/no)</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the Authentication Database entry for which to set the password
+reuse policy.
+<P><DT><B>-reuse
+</B><DD>Specifies whether the Authentication Server allows reuse of passwords
+similar to any of the user's last 20 passwords. Specify the value
+<B>no</B> to prohibit reuse, or the value <B>yes</B> to reinstate the
+default of allowing password reuse.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+</DL>
+</OL>
+<A NAME="IDX7775"></A>
+<A NAME="IDX7776"></A>
+<A NAME="IDX7777"></A>
+<HR><H2><A NAME="HDRWQ516" HREF="auagd002.htm#ToC_589">Changing AFS Passwords</A></H2>
+<P>After setting an initial password during account creation,
+you normally do not need to change user passwords, since they can use the
+<B>kpasswd</B> command themselves by following the instructions in the
+<I>IBM AFS User Guide</I>. In the rare event that a user forgets
+the password or otherwise cannot log in, you can use the <B>kas
+setpassword</B> command to set a new password.
+<P>If entries in the local password file (<B>/etc/passwd</B> or
+equivalent) have actual scrambled passwords in their password field, remember
+to change the password there also. For further discussion, see <A HREF="#HDRWQ497">Specifying Passwords in the Local Password File</A>.
+<A NAME="IDX7778"></A>
+<A NAME="IDX7779"></A>
+<P><H3><A NAME="Header_590" HREF="auagd002.htm#ToC_590">To change an AFS password</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas setpassword</B> command to change the
+password. To avoid having the new password echo visibly on the screen,
+omit the <B>-new_password</B> argument; instead enter the password at
+the prompts that appear when you omit the argument, as shown.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas setpassword</B> <<VAR>name of user</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+ new_password: <VAR>new_password</VAR>
+ Verifying, please re-enter new_password: <VAR>new_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sp
+</B><DD>Is an acceptable alias for <B>setpassword</B> (<B>setp</B> is the
+shortest acceptable abbreviation).
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the Authentication Database entry for which to set the
+password.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+<P><DT><B><VAR>new_password</VAR>
+</B><DD>Specifies the user's new password. It is subject to the
+restrictions imposed by the <B>kpwvalid</B> program, if you use it.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ517" HREF="auagd002.htm#ToC_591">Displaying and Setting the Quota on User Volumes</A></H2>
+<P>User volumes are like all other volumes with respect to
+quota. Each new AFS volume has a default quota of 5000 KB, unless you
+use the <B>-maxquota</B> argument to the <B>vos create</B> command to
+set a different quota. You can also use either of the following
+commands to change quota at any time:
+<UL>
+<P><LI><B>fs setquota</B>
+<P><LI><B>fs setvol</B>
+</UL>
+<P>You can use any of the three following commands to display a volume's
+quota:
+<UL>
+<P><LI><B>fs quota</B>
+<P><LI><B>fs listquota</B>
+<P><LI><B>fs examine</B>
+</UL>
+<P>For instructions, see <A HREF="auagd010.htm#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>.
+<A NAME="IDX7780"></A>
+<A NAME="IDX7781"></A>
+<A NAME="IDX7782"></A>
+<A NAME="IDX7783"></A>
+<A NAME="IDX7784"></A>
+<HR><H2><A NAME="HDRWQ518" HREF="auagd002.htm#ToC_592">Changing Usernames</A></H2>
+<P>By convention, many components of a user account incorporate
+the username, including the Protection and Authentication Database entries,
+the volume name and the home directory name. When changing a username,
+it is best to maintain consistency by changing the names of all components, so
+the procedure for changing a username has almost as many steps as the
+procedure for creating a new user account.
+<P><H3><A NAME="Header_593" HREF="auagd002.htm#ToC_593">To change a username</A></H3>
+<OL TYPE=1>
+<A NAME="IDX7785"></A>
+<A NAME="IDX7786"></A>
+<P><LI>Authenticate as an AFS identity with all of the following
+privileges. In the conventional configuration, the <B>admin</B>
+user account has them, or you possibly have a personal administrative
+account. (To increase cell security, it is best to create special
+privileged accounts for use only while performing administrative
+procedures; for further discussion, see <A HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>.) If necessary, issue the <B>klog</B>
+command to authenticate.
+<PRE> % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+</PRE>
+<P>The following list specifies the necessary privileges and indicates how to
+check that you have them.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>The <TT>ADMIN</TT> flag on the Authentication Database entry.
+However, the Authentication Server performs its own authentication, so the
+following instructions direct you to specify an administrative identity on the
+<B>kas</B> command line itself.
+<P><LI>The <B>a</B> (<B>administer</B>), <B>d</B>
+(<B>delete</B>), and <B>i</B> (<B>insert</B>) permissions on the
+ACL of the directory where you are removing the current mount point and
+creating a new one. If necessary, issue the <B>fs listacl</B>
+command, which is fully described in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+</UL>
+<P><LI><A NAME="LIWQ519"></A>Issue the <B>pts listowned</B> command to display the names
+of the groups the user owns. After you change the username in the
+Protection Database in Step <A HREF="#LIWQ520">3</A>, you must issue the <B>pts rename</B> command to change
+each group's owner prefix to match the new name, because the Protection
+Server does not automatically make this change. For a complete
+description of the <B>pts listowned</B> command, see <A HREF="auagd019.htm#HDRWQ536">Displaying Information from the Protection Database</A>.
+<PRE> % <B>pts listowned</B> <<VAR>user or group name or id</VAR>>
+</PRE>
+<P><LI><A NAME="LIWQ520"></A>Issue the <B>pts rename</B> command to change the
+user's name in the Protection Database.
+<PRE> % <B>pts rename</B> <<VAR>old name</VAR>> <<VAR>new name</VAR>>
+</PRE>
+<P><LI>Issue the <B>pts rename</B> command to change the group names you
+noted in Step <A HREF="#LIWQ519">2</A>, so that their owner prefix (the part of the group name
+before the colon) accurately reflects the owner's new name.
+<P>Repeat the command for each group. Step <A HREF="#LIWQ520">3</A> details its syntax.
+<PRE> % <B>pts rename</B> <<VAR>old name</VAR>> <<VAR>new name</VAR>>
+</PRE>
+<P><LI>Issue the <B>kas</B> command to enter interactive mode.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas -admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+ ka>
+</PRE>
+<P>where <B>-admin</B> names an administrative account that has the
+<TT>ADMIN</TT> flag on its Authentication Database entry, such as
+<B>admin</B>. The password prompt echoes it as
+<VAR>admin_user</VAR>. Enter the appropriate password as
+<VAR>admin_password</VAR>.
+<A NAME="IDX7787"></A>
+<A NAME="IDX7788"></A>
+<P><LI>Issue the <B>(kas) delete</B> command to delete the user's
+existing Authentication Database entry.
+<P>
+<PRE> ka> <B>delete</B> <<VAR>name of user</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>del
+</B><DD>Is the shortest acceptable abbreviation for <B>delete</B>, or you can
+use the alias <B>rm</B>.
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the Authentication Database entry to delete.
+</DL>
+<A NAME="IDX7789"></A>
+<A NAME="IDX7790"></A>
+<P><LI>Issue the <B>(kas) create</B> command to create an Authentication
+Database entry for the new username. To avoid having the user's
+password echo visibly on the screen, do not include the
+<B>-initial_password</B> argument; instead enter the password at the
+prompts that appear in that case, as shown in the following syntax
+specification.
+<PRE> ka> <B>create</B> <<VAR>name of user</VAR>>
+ initial_password: <VAR>password</VAR>
+ Verifying, please re-enter initial_password: <VAR>password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cr
+</B><DD>Is the shortest acceptable abbreviation for <B>create</B>.
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Specifies the new username.
+<P><DT><B><VAR>password</VAR>
+</B><DD>Specifies the password for the new user account. If the user is
+willing to tell you his or her current password, you can retain it.
+Otherwise, provide a string of eight characters or less to comply with the
+length restriction that some applications impose. Possible choices for
+an initial password include the username, a string of digits from a personal
+identification number such as the Social Security number, or a standard string
+such as <B>changeme</B>. Instruct the user to change the string to
+a truly secret password as soon as possible by using the <B>kpasswd</B>
+command as instructed in the <I>IBM AFS User Guide</I>.
+</DL>
+<P><LI>Issue the <B>quit</B> command to leave interactive mode.
+<PRE> ka> <B>quit</B>
+</PRE>
+<A NAME="IDX7791"></A>
+<A NAME="IDX7792"></A>
+<A NAME="IDX7793"></A>
+<A NAME="IDX7794"></A>
+<A NAME="IDX7795"></A>
+<P><LI><A NAME="LIWQ521"></A>Issue the <B>vos rename</B> command to change the name of
+the user's volume. For complete syntax, see <A HREF="auagd010.htm#HDRWQ246">To rename a volume</A>.
+<PRE> % <B>vos rename</B> <<VAR>old volume name</VAR>> <<VAR>new volume name</VAR>>
+</PRE>
+<A NAME="IDX7796"></A>
+<A NAME="IDX7797"></A>
+<A NAME="IDX7798"></A>
+<A NAME="IDX7799"></A>
+<A NAME="IDX7800"></A>
+<P><LI><A NAME="LIWQ522"></A>Issue the <B>fs rmmount</B> command to remove the existing
+mount point. For the <VAR>directory</VAR> argument, specify the
+read/write path to the mount point, to avoid the failure that results when you
+attempt to delete a mount point from a read-only volume.
+<PRE> % <B>fs rmmount</B> <<VAR>directory</VAR>>
+</PRE>
+<A NAME="IDX7801"></A>
+<A NAME="IDX7802"></A>
+<A NAME="IDX7803"></A>
+<P><LI><A NAME="LIWQ523"></A>Issue the <B>fs mkmount</B> command to create a mount point
+for the volume's new name. Specify the read/write path to the
+mount point for the <VAR>directory</VAR> argument, as in the previous
+step. For complete syntax, see Step <A HREF="#LIWQ509">6</A> in <A HREF="#HDRWQ503">To create one user account with individual commands</A>.
+<PRE> % <B>fs mkmount</B> <<VAR>directory</VAR>> <<VAR>volume name</VAR>>
+</PRE>
+<P><LI>If the changes you made in Step <A HREF="#LIWQ522">10</A> and Step <A HREF="#LIWQ523">11</A> are to a mount point that resides in a
+replicated volume, use the <B>vos release</B> command to release the
+volume, as described in <A HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This step can be necessary even if the home directory's parent directory
+is not itself a mount point for a replicated volume (and is easier to overlook
+in that case). For example, the ABC Corporation template puts the mount
+points for user volumes in the <B>/afs/abc.com/usr</B>
+directory. Because that is a regular directory rather than a mount
+point, it resides in the <B>root.cell</B> volume mounted at the
+<B>/afs/abc.com</B> directory. That volume is replicated, so
+after changing it the administrator must issue the <B>vos release</B>
+command.
+</TD></TR></TABLE>
+</OL>
+<HR><H2><A NAME="HDRWQ524" HREF="auagd002.htm#ToC_594">Removing a User Account</A></H2>
+<A NAME="IDX7804"></A>
+<A NAME="IDX7805"></A>
+<P>Before removing an account, it is best to make a backup copy of the
+user's home volume on a permanent storage medium such as tape. If
+you need to remove several accounts, it is probably more efficient to use the
+<B>uss delete</B> command instead; see <A HREF="auagd017.htm#HDRWQ486">Deleting Individual Accounts with the uss delete Command</A>.
+<P><H3><A NAME="Header_595" HREF="auagd002.htm#ToC_595">To remove a user account</A></H3>
+<OL TYPE=1>
+<P><LI>Authenticate as an AFS identity with all of the following
+privileges. In the conventional configuration, the <B>admin</B>
+user account has them, or you possibly have a personal administrative
+account. (To increase cell security, it is best to create special
+privileged accounts for use only while performing administrative
+procedures; for further discussion, see <A HREF="auagd021.htm#HDRWQ584">An Overview of Administrative Privilege</A>.) If necessary, issue the <B>klog</B>
+command to authenticate.
+<PRE> % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+</PRE>
+<P>The following list specifies the necessary privileges and indicates how to
+check that you have them.
+<UL>
+<P><LI>Membership in the <B>system:administrators</B> group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Inclusion in the <B>/usr/afs/etc/UserList</B> file. If
+necessary, issue the <B>bos listusers</B> command, which is fully
+described in <A HREF="auagd021.htm#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>The <TT>ADMIN</TT> flag on the Authentication Database entry.
+However, the Authentication Server performs its own authentication, so the
+following instructions direct you to specify an administrative identity on the
+<B>kas</B> command line itself.
+<P><LI>The <B>d</B> (<B>delete</B>) permission on the ACL of the
+directory where you are removing the user volume's mount point. If
+necessary, issue the <B>fs listacl</B> command, which is fully described
+in <A HREF="auagd020.htm#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P>Members of the <B>system:administrators</B> group always
+implicitly have the <B>a</B> (<B>administer</B>) and by default also
+the <B>l</B> (<B>lookup</B>) permission on every ACL and can use the
+<B>fs setacl</B> command to grant other rights as necessary.
+</UL>
+<P><LI><B>(Optional)</B> If it is possible you need to restore the
+user's account someday, note the username and AFS UID, possibly in a file
+designated for that purpose. You can later restore the account with its
+original AFS UID.
+<P><LI><B>(Optional)</B> Copy the contents of the user's volume to
+tape. You can use the <B>vos dump</B> command as described in <A HREF="auagd010.htm#HDRWQ240">Dumping and Restoring Volumes</A> or the AFS Backup System as described in <A HREF="auagd012.htm#HDRWQ296">Backing Up Data</A>.
+<P><LI><A NAME="LIWQ525"></A><B>(Optional)</B> If you intend to remove groups that the
+user owns from the Protection Database after removing the user's entry,
+issue the <B>pts listowned</B> command to display them. For
+complete instructions, see <A HREF="auagd019.htm#HDRWQ536">Displaying Information from the Protection Database</A>.
+<PRE> % <B>pts listowned</B> <<VAR>user or group name or id</VAR>>
+</PRE>
+<P><LI><A NAME="LIWQ526"></A>(<B>Optional)</B> Issue the <B>pts delete</B> command
+to remove the groups the user owns. However, if it is likely that other
+users have placed the groups on the ACLs of directories they own, it is best
+not to remove them.
+<PRE> % <B>pts delete</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>del
+</B><DD>Is the shortest acceptable abbreviation for <B>delete</B>.
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Specifies the name or AFS UID of each group displayed in the output from
+Step <A HREF="#LIWQ525">4</A>.
+</DL>
+<A NAME="IDX7806"></A>
+<A NAME="IDX7807"></A>
+<A NAME="IDX7808"></A>
+<P><LI>Issue the <B>kas delete</B> command to remove the user's
+Authentication Database entry.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="auagd021.htm#HDRWQ590">To check if the ADMIN flag is set</A>.
+<PRE> % <B>kas delete</B> <<VAR>name of user</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>d
+</B><DD>Is the shortest acceptable abbreviation for <B>delete</B>.
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the Authentication Database entry to delete.
+<P><DT><B>-admin
+</B><DD>Names an administrative account that has the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as <B>admin</B>. The password
+prompt echoes it as <VAR>admin_user</VAR>. Enter the appropriate password
+as <VAR>admin_password</VAR>.
+</DL>
+<P><LI><A NAME="LIWQ527"></A>Issue the <B>vos listvldb</B> command to display the site
+of the user's home volume in preparation for removing it. By
+convention, user volumes are named
+<B>user</B>.<VAR>username</VAR>.
+<PRE> % <B>vos listvldb</B> <<VAR>volume name or ID</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listvl
+</B><DD>Is the shortest acceptable abbreviation of <B>listvldb</B>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Specifies the volume's name or volume ID number.
+</DL>
+<A NAME="IDX7809"></A>
+<A NAME="IDX7810"></A>
+<A NAME="IDX7811"></A>
+<A NAME="IDX7812"></A>
+<P><LI><A NAME="LIWQ528"></A>Issue the <B>vos remove</B> command to remove the
+user's volume. It automatically removes the backup version of the
+volume, if it exists. It is not conventional to replicate user volumes,
+so the command usually also completely removes the volume's entry from
+the Volume Location Database (VLDB). If there are ReadOnly replicas of
+the volume, you must repeat the <B>vos remove</B> command to remove each
+one individually.
+<PRE> % <B>vos remove</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <<VAR>volume name or ID</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>remo
+</B><DD>Is the shortest acceptable abbreviation of <B>remove</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the file server machine that houses the volume, as specified in the
+output from Step <A HREF="#LIWQ527">7</A>.
+<P><DT><B><VAR>partition name</VAR>
+</B><DD>Names the partition that houses the volume, as specified in the output
+from Step <A HREF="#LIWQ527">7</A>.
+<P><DT><B><VAR>volume name or ID</VAR>
+</B><DD>Specifies the volume's name or ID number.
+</DL>
+<A NAME="IDX7813"></A>
+<A NAME="IDX7814"></A>
+<A NAME="IDX7815"></A>
+<A NAME="IDX7816"></A>
+<P><LI><A NAME="LIWQ529"></A>Issue the <B>fs rmmount</B> command to remove the
+volume's mount point.
+<P>If you mounted the user's backup volume as a subdirectory of the home
+directory, then this command is sufficient to unmount the backup version as
+well. If you mounted the backup version at an unrelated location in the
+filespace, repeat the <B>fs rmmount</B> command for it.
+<PRE> % <B>fs rmmount</B> <<VAR>directory</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>rmm
+</B><DD>Is the shortest acceptable abbreviation of <B>rmmount</B>.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names the mount point for the volume's previous name (the former home
+directory). Partial pathnames are interpreted relative to the current
+working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results when you attempt to delete a mount point from a read-only
+volume. By convention, you indicate the read/write path by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ208">Mounting Volumes</A>.
+</DL>
+<A NAME="IDX7817"></A>
+<A NAME="IDX7818"></A>
+<A NAME="IDX7819"></A>
+<A NAME="IDX7820"></A>
+<P><LI><A NAME="LIWQ530"></A>Issue the <B>pts delete</B> command to remove the
+user's Protection Database entry. A complete description of this
+command appears in Step <A HREF="#LIWQ526">5</A>.
+<PRE> % <B>pts delete</B> <<VAR>user or group name or id</VAR>>
+</PRE>
+<P><LI>If the deleted user home directory resided in a replicated volume, use the
+<B>vos release</B> command to release the volume, as described in <A HREF="auagd010.htm#HDRWQ194">To replicate a read/write volume (create a read-only volume)</A>.
+<PRE>
+ % <B>vos release</B> <<VAR>volume name or ID</VAR>>
+
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This step can be necessary even if the home directory's parent directory
+is not itself a mount point for a replicated volume (and is easier to overlook
+in that case). For example, the ABC Corporation template puts the mount
+points for user volumes in the <B>/afs/abc.com/usr</B>
+directory. Because that is a regular directory rather than a mount
+point, it resides in the <B>root.cell</B> volume mounted at the
+<B>/afs/abc.com</B> directory. That volume is replicated, so
+after changing it by deleting a mount point the administrator must issue the
+<B>vos release</B> command.
+</TD></TR></TABLE>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd017.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd019.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd018.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd020.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ531" HREF="auagd002.htm#ToC_596">Administering the Protection Database</A></H1>
+<P>This chapter explains how to create and maintain user,
+machine, and group entries in the Protection Database.
+<HR><H2><A NAME="HDRWQ532" HREF="auagd002.htm#ToC_597">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display Protection Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Map user, machine or group name to AFS ID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display entry's owner or creator
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display number of users or machines belonging to group
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display number of groups user or machine belongs to
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display group-creation quota
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display entry's privacy flags
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display members of group, or groups that user or machine belongs to
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts membership</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display groups that user or group owns
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts listowned</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display all entries in Protection Database
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts listentries</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Create machine entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts createuser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Create group entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts creategroup</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Add users and machines to groups
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts adduser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove users and machines from groups
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts removeuser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Delete machine or group entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts delete</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Change a group's owner
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts chown</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Change an entry's name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts rename</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set group creation quota
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts setfields</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set entry's privacy flags
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts setfields</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display AFS ID counters
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts listmax</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set AFS ID counters
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts setmax</B>
+</TD></TR></TABLE>
+<P>
+<A NAME="IDX7821"></A>
+<A NAME="IDX7822"></A>
+<A NAME="IDX7823"></A>
+<A NAME="IDX7824"></A>
+<A NAME="IDX7825"></A>
+<A NAME="IDX7826"></A>
+<A NAME="IDX7827"></A>
+<A NAME="IDX7828"></A>
+<A NAME="IDX7829"></A>
+<A NAME="IDX7830"></A>
+<HR><H2><A NAME="HDRWQ534" HREF="auagd002.htm#ToC_598">About the Protection Database</A></H2>
+<P>The Protection Database stores information about AFS users,
+client machines, and groups which the File Server process uses to determine
+whether clients are authorized to access AFS data.
+<P>To obtain authenticated access to an AFS cell, a user must have an entry in
+the cell's Protection Database. The first time that a user
+requests access to the data stored on a file server machine, the File Server
+on that machine contacts the Protection Server to request the user's
+<I>current protection subgroup</I> (<I>CPS</I>), which lists all the
+groups to which the user belongs. The File Server scans the access
+control list (ACL) of the directory that houses the data, looking for groups
+on the CPS. It grants access in accordance with the permissions that
+the ACL extends to those groups or to the user individually. (The File
+Server stores the CPS and uses it as long as the user has the same
+tokens. When a user's group membership changes, he or she must
+reauthenticate for the File Server to recognize the change.)
+<P>Only administrators who belong to the cell's
+<B>system:administrators</B> group can create user entries (the
+group is itself defined in the Protection Database, as discussed in <A HREF="#HDRWQ535">The System Groups</A>). Members of the
+<B>system:administrators</B> group can also create machine entries,
+which can then be used to control access based on the machine from which the
+access request originates. After creating a machine entry, add it to a
+Protection Database group and place the group on ACLs (a machine cannot appear
+on ACLs directly). A machine entry can represent a single machine or
+multiple machines with consecutive IP addresses as specified by a wildcard
+notation. For instructions, see <A HREF="#HDRWQ542">Creating User and Machine Entries</A>. Because all replicas of a volume share the same ACL
+(the one on the volume's root directory mount point), machine entries
+enable you to replicate the volume that houses a program's binary file
+while still complying with a machine-based license agreement as required by
+the program's manufacturer. See <A HREF="#HDRWQ542">Creating User and Machine Entries</A>.
+<P>A group entry is a list of user entries, machine entries, or both (groups
+cannot belong to other groups). Putting a group on an ACL is a
+convenient way to extend or deny access to a set of users without listing them
+on the ACL individually. Similarly, adding users to a group
+automatically grants them access to all files and directories for which the
+associated ACL lists that group. Both administrators and regular users
+can create groups.
+<A NAME="IDX7831"></A>
+<A NAME="IDX7832"></A>
+<A NAME="IDX7833"></A>
+<A NAME="IDX7834"></A>
+<A NAME="IDX7835"></A>
+<A NAME="IDX7836"></A>
+<P><H3><A NAME="HDRWQ535" HREF="auagd002.htm#ToC_599">The System Groups</A></H3>
+<P>In addition to the groups that users and administrators can
+create, AFS defines the following three system groups. The Protection
+Server creates them automatically when it builds the first version of a
+cell's Protection Database, and always assigns them the same AFS
+GIDs.
+<DL>
+<P><DT><B>system:anyuser
+</B><DD>Represents all users able to access the cell's filespace from the
+local and foreign cells, authenticated or not. Its AFS GID is
+<B>-101</B>. The group has no stable membership listed in the
+Protection Database. Accordingly, the <B>pts examine</B> command
+displays <B>0</B> in its <TT>membership</TT> field, and the <B>pts
+membership</B> command does not list any members for it.
+<P>Placing this group on an ACL is a convenient way to extend access to all
+users. The File Server automatically places this group on the CPS of
+any user who requests access to data stored on a file server machine.
+(Every unauthenticated user is assigned the identity <B>anonymous</B> and
+this group is the only entry on the CPS for <B>anonymous</B>.)
+<P><DT><B>system:authuser
+</B><DD>Represents all users who are able to access the cell's filespace from
+the local and foreign cells and who have successfully obtained an AFS token in
+the local cell (are authenticated). Its AFS GID is
+<B>-102</B>. Like the <B>system:anyuser</B> group, it has
+no stable membership listed in the Protection Database. Accordingly,
+the <B>pts examine</B> command displays <B>0</B> in its
+<TT>membership</TT> field, and the <B>pts membership</B> command does
+not list any members for it.
+<P>Placing this group on an ACL is therefore a convenient way to extend access
+to all authenticated users. The File Server automatically places this
+group on the CPS of any authenticated user who requests access to data stored
+on a file server machine.
+<P><DT><B>system:administrators
+</B><DD>Represents the small number of cell administrators authorized to issue
+privileged <B>pts</B> commands and the <B>fs</B> commands that set
+quota. The ACL on the root directory of every newly created volume
+grants all permissions to the group. Even if you remove that entry, the
+group implicitly retains the <B>a</B> (<B>administer</B>), and by
+default also the <B>l</B> (<B>lookup</B>), permission on every
+ACL. Its AFS GID is <B>-204</B>. For instructions on
+administering this group, see <A HREF="auagd021.htm#HDRWQ586">Administering the system:administrators Group</A>.
+</DL>
+<HR><H2><A NAME="HDRWQ536" HREF="auagd002.htm#ToC_600">Displaying Information from the Protection Database</A></H2>
+<P>This section describes the commands you can use to display
+Protection Database entries and associated information. In addition to
+name and AFS ID, the Protection Database stores the following information
+about each user, machine, or group entry.
+<UL>
+<P><LI>The entry's owner, which is the user or group of users who can
+administer the entry
+<P><LI>The entry's creator, which serves mostly as an audit trail
+<P><LI>A membership count, which indicates how many groups a user or machine
+belongs to, or how many members belong to a group
+<P><LI>A set of privacy flags, which control which users can administer or
+display information about the entry
+<P><LI>A group-creation quota, which defines how many groups a user can create
+<P><LI>A list of the groups to which a user or machine belongs, or of the users
+and machines that belong to a group
+<P><LI>A list of the groups that a user or group owns
+</UL>
+<A NAME="IDX7837"></A>
+<A NAME="IDX7838"></A>
+<A NAME="IDX7839"></A>
+<A NAME="IDX7840"></A>
+<A NAME="IDX7841"></A>
+<A NAME="IDX7842"></A>
+<A NAME="IDX7843"></A>
+<A NAME="IDX7844"></A>
+<A NAME="IDX7845"></A>
+<A NAME="IDX7846"></A>
+<A NAME="IDX7847"></A>
+<A NAME="IDX7848"></A>
+<A NAME="IDX7849"></A>
+<A NAME="IDX7850"></A>
+<A NAME="IDX7851"></A>
+<A NAME="IDX7852"></A>
+<A NAME="IDX7853"></A>
+<A NAME="IDX7854"></A>
+<A NAME="IDX7855"></A>
+<A NAME="IDX7856"></A>
+<A NAME="IDX7857"></A>
+<A NAME="IDX7858"></A>
+<A NAME="IDX7859"></A>
+<A NAME="IDX7860"></A>
+<A NAME="IDX7861"></A>
+<A NAME="IDX7862"></A>
+<A NAME="IDX7863"></A>
+<A NAME="IDX7864"></A>
+<A NAME="IDX7865"></A>
+<A NAME="IDX7866"></A>
+<A NAME="IDX7867"></A>
+<A NAME="IDX7868"></A>
+<A NAME="IDX7869"></A>
+<A NAME="IDX7870"></A>
+<A NAME="IDX7871"></A>
+<A NAME="IDX7872"></A>
+<A NAME="IDX7873"></A>
+<A NAME="IDX7874"></A>
+<P><H3><A NAME="HDRWQ537" HREF="auagd002.htm#ToC_601">To display a Protection Database entry</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group, which enables you to display an entry regardless of the setting of its
+first (<B>s</B>) privacy flag. By default, any user can display a
+Protection Database entry. If necessary, issue the <B>pts
+membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts examine</B> command to display one or more Protection
+Database entries.
+<PRE> % <B>pts examine</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>e
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B> (and
+<B>check</B> is an alias).
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Specifies the name or AFS ID of each entry to display. Precede any
+AFS GID with a hyphen (<B>-</B>) because it is a negative integer.
+</DL>
+</OL>
+<P>The output includes the following fields. Examples follow.
+<DL>
+<P><DT><B><TT>Name</TT>
+</B><DD>Specifies the entry's name.
+<UL>
+<P><LI>For a user, this is the name used when authenticating with AFS and the
+name that appears on ACL entries.
+<P><LI>For a machine, this is the IP address of a single machine, or a wildcard
+notation that represents a group of machines with consecutive IP addresses, as
+described in <A HREF="#HDRWQ542">Creating User and Machine Entries</A>.
+<P><LI>For a group, this is the name that appears on ACL entries and in the list
+of groups output by the <B>pts membership</B> command. The names of
+<I>regular</I> groups have two parts, separated by a colon
+(<B>:</B>). The part before the colon indicates the
+group's owner, and the part after is the unique name. A
+<I>prefix-less</I> group's name does not have the owner prefix;
+only members of the <B>system:administrators</B> group can create
+prefix-less groups. For further discussion of group names, see <A HREF="#HDRWQ544">Creating Groups</A>.
+</UL>
+<A NAME="IDX7875"></A>
+<A NAME="IDX7876"></A>
+<A NAME="IDX7877"></A>
+<P><DT><B><TT>id</TT>
+</B><DD>Specifies the entry's unique AFS identification number. For
+user and machine entries, the AFS user ID (AFS UID) is a positive
+integer; for groups, the AFS group ID (AFS GID) is a negative
+integer. AFS UIDs and GIDs have the same function as their counterparts
+in the UNIX file system, but are used by the AFS servers and the Cache Manager
+only.
+<P>Normally, the Protection Server assigns an AFS UID or GID automatically
+when you create Protection Database entries. Members of the
+<B>system:administrators</B> group can specify an ID if
+desired. For further discussion, see <A HREF="#HDRWQ542">Creating User and Machine Entries</A> and <A HREF="#HDRWQ544">Creating Groups</A>.
+<P><DT><B><TT>owner</TT>
+</B><DD>Names the user or group who owns the entry and therefore can administer it
+(for more information about a group owning another group, see <A HREF="#HDRWQ545">Using Groups Effectively</A>). Other users possibly have administrative
+privileges, too, depending on the setting of the entry's privacy
+flags. For instructions on changing the owner, see <A HREF="#HDRWQ554">Changing a Group's Owner</A>.
+<P><DT><B><TT>creator</TT>
+</B><DD>Names the user who created the entry, and serves as an audit trail.
+If the entry is deleted from the Protection Database, the creator's group
+creation quota increases by one, even if the creator no longer owns the
+entry; see <A HREF="#HDRWQ558">Setting Group-Creation Quota</A>.
+<P>The value <TT>anonymous</TT> in this field generally indicates that the
+entry was created when the Protection Server was running in no-authentication
+mode, probably during initial configuration of the cell's first file
+server machine. For a description of no-authentication mode, see <A HREF="auagd008.htm#HDRWQ123">Managing Authentication and Authorization Requirements</A>.
+<P><DT><B><TT>membership</TT>
+</B><DD>Specifies the number of groups to which the user or machine belongs, or
+the number of users or machines that belong to the group.
+<P><DT><B><TT>flags</TT>
+</B><DD>Specifies who can display or change information in a Protection Database
+entry. The five flags, each representing a different capability, always
+appear in the same order.
+<UL>
+<P><LI>For user entries, the default value is <TT>S----</TT>, which indicates
+that anyone can issue the <B>pts examine</B> command on the entry, but
+only the user and members of the <B>system:administrators</B> group
+can perform any other action.
+<P><LI>For machine entries, the default value is <TT>S----</TT>, which
+indicates that anyone can issue the <B>pts examine</B> command on the
+entry, but only members of the <B>system:administrators</B> group
+can perform any other action.
+<P><LI>For group entries, the default value is <TT>S-M--</TT>, which indicates
+that anyone can issue the <B>pts examine</B> and <B>pts membership</B>
+commands on the entry, but only the group's owner and members of the
+<B>system:administrators</B> group can perform any other
+action.
+</UL>
+<P>For a complete description of possible values for the flags, see <A HREF="#HDRWQ559">Setting the Privacy Flags on Database Entries</A>.
+<P><DT><B><TT>group quota</TT>
+</B><DD>Specifies how many more groups a user can create in the Protection
+Database. The value for a newly created user entry is 20, but members
+of the <B>system:administrators</B> group can issue the <B>pts
+setfields</B> command at any time to change the value; see <A HREF="#HDRWQ558">Setting Group-Creation Quota</A>.
+<P>Group creation quota has no meaning for a machine or group entry: the
+Protection Server recognizes the issuer of the <B>pts creategroup</B>
+command only as an authenticated user or as the <B>anonymous</B> user,
+never as a machine or group. The default value for group entries is 0
+(zero), and there is no reason to change it.
+</DL>
+<P>The following examples show the output for a user called <B>pat</B>, a
+machine with IP address <B>192.12.108.133</B> and a
+group called <B>terry:friends</B>:
+<PRE> % <B>pts examine pat</B>
+ Name: pat, id: 1020, owner: system:administrators, creator: admin,
+ membership: 12, flags: S----, group quota: 15.
+ % <B>pts ex 192.12.108.133</B>
+ Name: 192.12.108.133, id: 5151, owner: system:administrators, creator: admin,
+ membership: 1, flags: S----, group quota: 20.
+ % <B>pts examine terry:friends</B>
+ Name: terry:friends, id: -567, owner: terry, creator: terry,
+ membership: 12, flags: SOm--, group quota: 0.
+</PRE>
+<A NAME="IDX7878"></A>
+<A NAME="IDX7879"></A>
+<A NAME="IDX7880"></A>
+<A NAME="IDX7881"></A>
+<A NAME="IDX7882"></A>
+<A NAME="IDX7883"></A>
+<A NAME="IDX7884"></A>
+<A NAME="IDX7885"></A>
+<A NAME="IDX7886"></A>
+<P><H3><A NAME="HDRWQ538" HREF="auagd002.htm#ToC_602">To display group membership</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group, which enables you to display an entry's group membership
+information regardless of the setting of its third (<B>m</B>) privacy
+flag. By default the owner and the user can display group membership
+for a user entry, the owner for a machine entry, and anyone for a group
+entry. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI><A NAME="LIWQ539"></A>Issue the <B>pts membership</B> command to display the list
+of groups to which a user or machine belongs, or the list of users and
+machines that belong to a group.
+<PRE> % <B>pts membership</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>m
+</B><DD>Is the shortest acceptable abbreviation of <B>membership</B>.
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Specifies the name or AFS UID of each user or machine for which to list
+the groups it belongs to, or the name or AFS GID of each group for which to
+list the members.
+</DL>
+</OL>
+<P>For user and machine entries, the output begins with the following string,
+and then each group appears on its own line:
+<PRE> Groups <VAR>user_or_machine</VAR> (id: <VAR>AFS_UID</VAR>) is a member of:
+</PRE>
+<P>For group entries, the output begins with the following string, and then
+each member appears on its own line:
+<PRE> Members of <VAR>group</VAR> (id: <VAR>AFS_GID</VAR>) are:
+</PRE>
+<P>For the system groups <B>system:anyuser</B> and
+<B>system:authuser</B>, the output includes the initial header
+string only, because these groups do not have a stable membership listed in
+their Protection Database entry. See <A HREF="#HDRWQ535">The System Groups</A>.
+<P>The following examples show the output for a user called <B>terry</B>
+and a group called <B>terry:friends</B>:
+<PRE> % <B>pts mem terry</B>
+ Groups terry (id: 5347) is a member of:
+ pat:friends
+ sales
+ acctg:general
+ % <B>pts mem terry:friends</B>
+ Members of terry:friends (id: -567) are:
+ pat
+ smith
+ johnson
+</PRE>
+<A NAME="IDX7887"></A>
+<A NAME="IDX7888"></A>
+<A NAME="IDX7889"></A>
+<A NAME="IDX7890"></A>
+<A NAME="IDX7891"></A>
+<A NAME="IDX7892"></A>
+<A NAME="IDX7893"></A>
+<A NAME="IDX7894"></A>
+<P><H3><A NAME="HDRWQ540" HREF="auagd002.htm#ToC_603">To list the groups that a user or group owns</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group, which enables you to display an entry's group ownership
+information regardless of the setting of its second (<B>o</B>) privacy
+flag. By default the owner can list the groups owned by group, and a
+user the groups he or she owns. If necessary, issue the <B>pts
+membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts listowned</B> command to list the groups owned by
+each user or group.
+<PRE> % <B>pts listowned</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listo
+</B><DD>Is the shortest acceptable abbreviation of <B>listowned</B>.
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Specifies the name or AFS UID of each user, or the name or AFS GID or each
+group, for which to list the groups owned.
+</DL>
+</OL>
+<P>The output begins with the following string, and then each group appears on
+its own line:
+<PRE> Groups owned by <VAR>user_or_group</VAR> (id: <VAR>AFS_ID</VAR>) are:
+</PRE>
+<P>The following examples show the output for a user called <B>terry</B>
+and a group called <B>terry:friends</B>:
+<PRE> % <B>pts listo terry</B>
+ Groups owned by terry (id: 5347) are:
+ terry:friends
+ terry:co-workers
+ % <B>pts listo terry:friends</B>
+ Groups owned by terry:friends (id: -567) are:
+ terry:pals
+ terry:buddies
+</PRE>
+<A NAME="IDX7895"></A>
+<A NAME="IDX7896"></A>
+<A NAME="IDX7897"></A>
+<A NAME="IDX7898"></A>
+<A NAME="IDX7899"></A>
+<A NAME="IDX7900"></A>
+<A NAME="IDX7901"></A>
+<A NAME="IDX7902"></A>
+<A NAME="IDX7903"></A>
+<A NAME="IDX7904"></A>
+<A NAME="IDX7905"></A>
+<A NAME="IDX7906"></A>
+<A NAME="IDX7907"></A>
+<A NAME="IDX7908"></A>
+<A NAME="IDX7909"></A>
+<A NAME="IDX7910"></A>
+<A NAME="IDX7911"></A>
+<A NAME="IDX7912"></A>
+<P><H3><A NAME="HDRWQ541" HREF="auagd002.htm#ToC_604">To display all Protection Database entries</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts listentries</B> command to display all Protection
+Database entries.
+<PRE> % <B>pts listentries</B> [<B>-users</B>] [<B>-groups</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>liste
+</B><DD>Is the shortest acceptable abbreviation of <B>listentries</B>.
+<P><DT><B>-users
+</B><DD>Displays user and machine entries. The same output results if you
+omit both this flag and the <B>-groups</B> flag.
+<P><DT><B>-groups
+</B><DD>Displays group entries.
+</DL>
+</OL>
+<P>The output is a table that includes the following columns. Examples
+follow.
+<DL>
+<P><DT><B><TT>Name</TT>
+</B><DD>Specifies the entry's name.
+<P><DT><B><TT>ID</TT>
+</B><DD>Specifies the entry's AFS identification number. For user and
+machine entries, the AFS user ID (AFS UID) is a positive integer; for
+groups, the AFS group ID (AFS GID) is a negative integer.
+<P><DT><B><TT>Owner</TT>
+</B><DD>Specifies the AFS ID of the user or group who owns the entry and therefore
+can administer it.
+<P><DT><B><TT>Creator</TT>
+</B><DD>Specifies the AFS UID of the user who created the entry.
+</DL>
+<P>The following example is from the ABC Corporation cell. The issuer
+provides no options, so the output includes user and machine entries.
+<PRE> % <B>pts listentries</B>
+ Name ID Owner Creator
+ anonymous 32766 -204 -204
+ admin 1 -204 32766
+ pat 1000 -204 1
+ terry 1001 -204 1
+ smith 1003 -204 1
+ jones 1004 -204 1
+ 192.12.105.33 2000 -204 1
+ 192.12.105.46 2001 -204 1
+</PRE>
+<A NAME="IDX7913"></A>
+<A NAME="IDX7914"></A>
+<A NAME="IDX7915"></A>
+<A NAME="IDX7916"></A>
+<A NAME="IDX7917"></A>
+<HR><H2><A NAME="HDRWQ542" HREF="auagd002.htm#ToC_605">Creating User and Machine Entries</A></H2>
+<P>An entry in the Protection Database is one of the two
+required components of every AFS user account, along with an entry in the
+Authentication Database. It is best to create a Protection Database
+user entry only in the context of creating a complete user account, by using
+the <B>uss add</B> or <B>uss bulk</B> command as described in <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A>, or the <B>pts createuser</B> command as described in <A HREF="auagd018.htm#HDRWQ502">Creating AFS User Accounts</A>.
+<P>You can also use the <B>pts createuser</B> command to create Protection
+Database machine entries, which can then be used to control access based on
+the machine from which the access request originates. After creating a
+machine entry, add it to a Protection Database group and place the group on
+ACLs ( a machine cannot appear on ACLs directly). Because all replicas
+of a volume share the same ACL (the one on the volume's root directory
+mount point), you can replicate the volume that houses a program's binary
+file while still complying with a machine-based license agreement as required
+by the program's manufacturer. If you do not place any other
+entries on the ACL, then only users working on the designated machines can
+access the file.
+<P>Keep in mind that creating an ACL entry for a group with machine entries in
+it extends access to both authenticated and unauthenticated users working on
+the machine. However, you can deny access to unauthenticated users by
+omitting an entry for the <B>system:anyuser</B> group from the ACLs
+of the parent directories in the file's pathname. Conversely, if
+you want to enable unauthenticated users on the machine to access a file, then
+the ACL on every directory leading to it must include an entry for either the
+<B>system:anyuser</B> group or a group to which the machine entry
+belongs. For more information on the <B>system:anyuser</B>
+group, see <A HREF="#HDRWQ535">The System Groups</A>.
+<P>Because a machine entry can include unauthenticated users, it is best not
+to add both machine entries and user entries to the same group. In
+general, it is easier to use and administer nonmixed groups. A machine
+entry can represent a single machine, or multiple machines with consecutive IP
+addresses (that is, all machines on a network or subnet) specified by a
+wildcard notation. See the instructions in <A HREF="#HDRWQ543">To create machine entries in the Protection Database</A>.
+<P>By default, the Protection Server assigns the next available AFS UID to a
+new user or machine entry. It is best to allow this, especially for
+machine entries. For user entries, it makes sense to assign an AFS UID
+only if the user already has a UNIX UID that the AFS UID needs to match (see <A HREF="auagd018.htm#HDRWQ496">Assigning AFS and UNIX UIDs that Match</A>). When automatically allocating an AFS UID, the
+Protection Server increments the <TT>max user id</TT> counter by one and
+assigns the result to the new entry. Use the <B>pts listmax</B>
+command to display the counter, as described in <A HREF="#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<A NAME="IDX7918"></A>
+<P>Do not reuse the AFS UIDs of users who have left your cell permanently or
+machine entries you have removed, even though doing so seems to avoid the
+apparent waste of IDs. When you remove a user or machine entry from the
+Protection Database, the <B>fs listacl</B> command displays the AFS UID
+associated with the former entry, rather than the name. If you then
+assign the AFS UID to a new user or machine, the new user or machine
+automatically inherits permissions that were granted to the previous possessor
+of the ID. To remove obsolete AFS UIDs from ACLs, use the <B>fs
+cleanacl</B> command described in <A HREF="auagd020.htm#HDRWQ579">Removing Obsolete AFS IDs from ACLs</A>.
+<P>In addition to the name and AFS UID, the Protection Server records the
+following values in the indicated fields of a new user or machine's
+entry. For more information and instructions on displaying an entry,
+see <A HREF="#HDRWQ537">To display a Protection Database entry</A>.
+<UL>
+<P><LI>It sets the <TT>owner</TT> field to the
+<B>system:administrators</B> group, indicating that the group's
+members administer the entry.
+<P><LI>It sets the <TT>creator</TT> field to the username of the user who
+issued the <B>pts createuser</B> command (or the <B>uss add</B> or
+<B>uss bulk</B> command).
+<P><LI>It sets the <TT>membership</TT> field to <B>0</B> (zero), because
+the new entry does not yet belong to any groups.
+<P><LI>It sets the <TT>flags</TT> field to <B>S----</B>; for
+explanation, see <A HREF="#HDRWQ559">Setting the Privacy Flags on Database Entries</A>.
+<P><LI>It sets the <TT>group quota</TT> field to <B>20</B>, meaning that
+the new user can create 20 groups. This field has no meaning for
+machine entries. For further discussion, see <A HREF="#HDRWQ558">Setting Group-Creation Quota</A>.
+</UL>
+<A NAME="IDX7919"></A>
+<A NAME="IDX7920"></A>
+<P><H3><A NAME="HDRWQ543" HREF="auagd002.htm#ToC_606">To create machine entries in the Protection Database</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts createuser</B> command to create one or more machine
+entries.
+<PRE> % <B>pts createuser -name</B> <<VAR>user name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cu
+</B><DD>Is an alias for <B>createuser</B> (and <B>createu</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-name
+</B><DD>Specifies an IP address in dotted-decimal notation for each machine
+entry. An entry can represent a single machine or a set of several
+machines with consecutive IP addresses, using the wildcard notation described
+in the following list. The letters <B>W</B>, <B>X</B>,
+<B>Y</B>, and <B>Z</B> each represent an actual number value in the
+field:
+<UL>
+<P><LI><B>W.X.Y.Z</B> represents a single machine, for
+example <B>192.12.108.240</B>.
+<P><LI><B>W.X.Y.0</B> matches all machines whose IP
+addresses start with the first three numbers. For example,
+<B>192.12.108.0</B> matches both
+<B>192.12.108.119</B> and
+<B>192.12.108.120</B>, but does not match
+<B>192.12.105.144</B>.
+<P><LI><B>W.X.0.0</B> matches all machines whose IP
+addresses start with the first two numbers. For example, the address
+<B>192.12.0.0</B> matches both
+<B>192.12.106.23</B> and
+<B>192.12.108.120</B>, but does not match
+<B>192.5.30.95</B>.
+<P><LI><B>W.0.0.0</B> matches all machines whose IP
+addresses start with the first number in the specified address. For
+example, the address <B>192.0.0.0</B> matches both
+<B>192.5.30.95</B> and
+<B>192.12.108.120</B>, but does not match
+<B>138.255.63.52</B>.
+</UL>
+<P>Do not define a machine entry with the name
+<B>0.0.0.0</B> to match every machine. The
+<B>system:anyuser</B> group is equivalent.
+</DL>
+</OL>
+<P>The following example creates a machine entry that includes all of the
+machines in the <B>192.12</B> network.
+<PRE> % <B>pts cu 192.12.0.0</B>
+</PRE>
+<A NAME="IDX7921"></A>
+<A NAME="IDX7922"></A>
+<A NAME="IDX7923"></A>
+<A NAME="IDX7924"></A>
+<A NAME="IDX7925"></A>
+<A NAME="IDX7926"></A>
+<A NAME="IDX7927"></A>
+<A NAME="IDX7928"></A>
+<A NAME="IDX7929"></A>
+<HR><H2><A NAME="HDRWQ544" HREF="auagd002.htm#ToC_607">Creating Groups</A></H2>
+<P>Before you can add members to a group, you must create the
+group entry itself. The instructions in this section explain how to
+create both regular and prefix-less groups:
+<UL>
+<P><LI>A <I>regular group</I>'s name is preceded by a prefix that
+indicates who owns the group, in the following format:
+<P><VAR>owner_name</VAR><B>:</B><VAR>group_name</VAR>
+<P>Any user can create a regular group. Group names must always be
+typed in full, so a short <VAR>group_name</VAR> that indicates the group's
+purpose or its members' common interest is practical. Groups with
+names like <B>terry:1</B> and <B>terry:2</B> are less
+useful because their purpose is unclear. For more details on the
+required format for regular group names, see the instructions in <A HREF="#HDRWQ546">To create groups</A>.
+<P><LI>A <I>prefix-less group</I>, as its name suggests, has only one field
+in its name, equivalent to a regular group's <VAR>group_name</VAR>
+field.
+<P>Only members of the <B>system:administrators</B> group can create
+prefix-less groups. For a discussion of their purpose, see <A HREF="#HDRWQ548">Using Prefix-Less Groups</A>.
+</UL>
+<P>By default, the Protection Server assigns the next available AFS GID to a
+new group entry, and it is best to allow this. When automatically
+allocating an AFS GID (which is a negative integer), the Protection Server
+decrements the <TT>max group id</TT> counter by one and assigns the result
+to the new group. Use the <B>pts listmax</B> command to display the
+counter, as described in <A HREF="#HDRWQ560">Displaying and Setting the AFS UID and GID Counters</A>.
+<P>In addition to the name and AFS GID, the Protection Server records the
+following values in the indicated fields of a new group's entry.
+See <A HREF="#HDRWQ537">To display a Protection Database entry</A>.
+<UL>
+<P><LI>It sets the <TT>owner</TT> field to the issuer of the <B>pts
+creategroup</B> command, or to the user or group specified by the
+<B>-owner</B> argument.
+<P><LI>It sets the <TT>creator</TT> field to the username of the user who
+issued the <B>pts creategroup</B> command.
+<P><LI>It sets the <TT>membership</TT> field to <B>0</B> (zero), because
+the group currently has no members.
+<P><LI>It sets the <TT>flags</TT> field to <B>S-M--</B>; for
+explanation, see <A HREF="#HDRWQ559">Setting the Privacy Flags on Database Entries</A>.
+<P><LI>It sets the <TT>group quota</TT> field to <B>0</B>, because this
+field has no meaning for group entries.
+</UL>
+<A NAME="IDX7930"></A>
+<A NAME="IDX7931"></A>
+<A NAME="IDX7932"></A>
+<A NAME="IDX7933"></A>
+<A NAME="IDX7934"></A>
+<A NAME="IDX7935"></A>
+<A NAME="IDX7936"></A>
+<A NAME="IDX7937"></A>
+<P><H3><A NAME="HDRWQ545" HREF="auagd002.htm#ToC_608">Using Groups Effectively</A></H3>
+<P>The main reason to create groups is to place them on ACLs,
+which enables you to control access for multiple users without having to list
+them individually on the ACL. There are three basic ways to use groups,
+each suited to a different purpose:
+<UL>
+<P><LI><I>Private use</I>: you create a group and place it on the ACL
+of directories you own, without necessarily informing the group's members
+that they belong to it. Members notice only that they can or cannot
+access the directory in a certain way. You retain sole administrative
+control over the group, since you are the owner.
+<P>The existence of the group and the identity of its members is not
+necessarily secret. Other users can use the <B>fs listacl</B>
+command and see the group's name on a directory's ACL, or use the
+<B>pts membership</B> command to list the groups they themselves belong
+to. You can set the group's third privacy flag to limit who can
+use the <B>pts membership</B> command to list the group's membership,
+but a member of the <B>system:administrators</B> group always
+can; see <A HREF="#HDRWQ559">Setting the Privacy Flags on Database Entries</A>.
+<P><LI><I>Shared use</I>: you inform the group's members that they
+belong to the group, but you still remain the sole administrator. For
+example, the manager of a work group can create a group of all the members in
+the work group, and encourage them to use it on the ACLs of directories that
+house information they want to share with other members of the group.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you place a group owned by someone else on your ACLs, the group's
+owner can change the group's membership without informing you.
+Someone new can gain or lose access in a way you did not intend and without
+your knowledge.
+</TD></TR></TABLE>
+<P><LI><I>Group use</I>: you create a group and then use the <B>pts
+chown</B> command to assign ownership to a group, either another group or
+the group itself (the latter type is a <I>self-owned</I> group).
+You inform the members of the owning group that they all can administer the
+owned group.
+<P>The main advantage of designating a group as an owner is that it spreads
+responsibility for administering a group among several people. A single
+person does not have to perform all administrative tasks, and if the original
+creator leaves the group, ownership does not have to be transferred.
+<P>However, everyone in the owner group can make changes that affect others
+negatively, such as adding or removing people from the group inappropriately
+or changing the group's ownership to themselves exclusively. These
+problems can be particularly sensitive in a self-owned group. Using an
+owner group works best if all the members know and trust each other; it
+is probably wise to keep the number of people in an owner group small.
+</UL>
+<A NAME="IDX7938"></A>
+<A NAME="IDX7939"></A>
+<P><H3><A NAME="HDRWQ546" HREF="auagd002.htm#ToC_609">To create groups</A></H3>
+<OL TYPE=1>
+<P><LI>If creating a prefix-less group, verify that you belong to the
+<B>system:administrators</B> group. If necessary, issue the
+<B>pts membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts creategroup</B> command to create each group.
+All of the groups have the same owner.
+<PRE> % <B>pts creategroup -name</B> <<VAR>group name</VAR>><SUP>+</SUP> [<B>-owner</B> <<VAR>owner of the group</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cg
+</B><DD>Is an alias for <B>creategroup</B> (and <B>createg</B> is the
+shortest acceptable abbreviation).
+<A NAME="IDX7940"></A>
+<A NAME="IDX7941"></A>
+<A NAME="IDX7942"></A>
+<P><DT><B>-name
+</B><DD>Names each group to create. The name can include up to 63 lowercase
+letters or numbers, but it is best not to include punctuation characters,
+especially those that have a special meaning to the shell.
+<P>A prefix-less group name cannot include the colon (<B>:</B>),
+because it is used to separate the two parts of a regular group name:
+<P><VAR>owner_name</VAR><B>:</B><VAR>group_name</VAR>
+<P>The Protection Server requires that the <VAR>owner_name</VAR> prefix of a
+regular group name accurately indicate the group's owner. By
+default, you are recorded as the owner, and the <VAR>owner_name</VAR> must be
+your AFS username. You can include the <B>-owner</B> argument to
+designate another AFS user, a regular group, or a prefix-less group as the
+owner, providing the required value in the <VAR>owner_name</VAR> field:
+<UL>
+<P><LI>If the owner is a user, it must be the AFS username.
+<P><LI>If the owner is another regular group, it must match the owning
+group's <VAR>owner_name</VAR> field. For example, if the owner is
+the group <B>terry:associates</B>, the owner field must be
+<B>terry</B>.
+<P><LI>If the owner is a prefix-less group, it must be the owning group's
+name.
+</UL>
+<P>(For a discussion of why it is useful for a group to own another group, see
+<A HREF="#HDRWQ545">Using Groups Effectively</A>.)
+<P><DT><B>-owner
+</B><DD>Is optional and designates an owner other than the issuer of the
+command. Specify either an AFS username or the name of a regular or
+prefix-less group that already has at least one member. Do not include
+this argument if you want to make the group self-owned as described in <A HREF="#HDRWQ545">Using Groups Effectively</A>. For instructions, see <A HREF="#HDRWQ547">To create a self-owned group</A>.
+<P>Do not designate a machine as a group's owner. Because a
+machine cannot authenticate, there is no way for a machine to administer the
+group.
+</DL>
+</OL>
+<A NAME="IDX7943"></A>
+<A NAME="IDX7944"></A>
+<A NAME="IDX7945"></A>
+<P><H3><A NAME="HDRWQ547" HREF="auagd002.htm#ToC_610">To create a self-owned group</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>pts creategroup</B> command to create a group. Do
+not include the <B>-owner</B> argument, because you must own a group to
+reassign ownership. For complete instructions, see <A HREF="#HDRWQ546">To create groups</A>.
+<PRE> % <B>pts creategroup</B> <<VAR>group name</VAR>>
+</PRE>
+<P><LI>Issue the <B>pts adduser</B> command to add one or more members to the
+group (a group must already have at least one member before owning another
+group). For complete instructions, see <A HREF="#HDRWQ549">Adding and Removing Group Members</A>.
+<PRE> % <B>pts adduser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+</PRE>
+<P><LI>Issue the <B>pts chown</B> command to assign group ownership to the
+group itself. For complete instructions, see <A HREF="#HDRWQ555">To change a group's owner</A>.
+<PRE> % <B>pts chown</B> <<VAR>group name</VAR>> <<VAR>new owner</VAR>>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRWQ548" HREF="auagd002.htm#ToC_611">Using Prefix-Less Groups</A></H3>
+<P>Members of the <B>system:administrators</B> group
+can create prefix-less groups, which are particularly suitable for <I>group
+use</I>, which is described in <A HREF="#HDRWQ545">Using Groups Effectively</A>.
+<P>Suppose, for example, that the manager of the ABC Corporation's
+Accounting Department, user <B>smith</B>, creates a group that includes
+all of the corporation's accountants and places the group on the ACLs of
+directories that house departmental records. Using a prefix-less group
+rather than a regular group is appropriate for the following reasons:
+<UL>
+<P><LI>The fact that <B>smith</B> created and owns the group is irrelevant,
+and a regular group must be called <B>smith:acctg</B>. A
+prefix-less name like <B>acctg</B> is more appropriate.
+<P><LI>If another user (say <B>jones</B>) ever replaces <B>smith</B> as
+manager of the Accounting Department, <B>jones</B> needs to become the new
+owner of the group. If the group is a regular one, its
+<VAR>owner_name</VAR> prefix automatically changes to <B>jones</B>, but the
+change in the <VAR>owner_name</VAR> prefix does not propagate to any regular
+groups owned by the group. Someone must use the <B>pts rename</B>
+command to change each one's <VAR>owner_name</VAR> prefix from
+<B>smith</B> to <B>jones</B>.
+</UL>
+<P>A possible solution is to create an authentication account for a fictional
+user called <B>acctg</B> and make it the owner of regular groups which
+have <B>acctg</B> as their <VAR>owner_name</VAR> prefix. However, if
+the <B>acctg</B> account is also used for other purposes, then the number
+of people who need to know user <B>acctg</B>'s password is possibly
+larger than the number of people who need to administer the groups it
+owns.
+<P>A prefix-less group called <B>acctg</B> solves the problem of
+inappropriate owner names. The groups that it owns have
+<B>acctg</B> as their <VAR>owner_name</VAR> prefix, which more accurately
+reflects their purpose than having the manager's name there.
+Prefix-less groups are also more accountable than dummy authentication
+accounts. Belonging to the group enables individuals to exercise the
+permissions granted to the group on ACLs, but users continue to perform tasks
+under their own names rather than under the dummy username. Even if the
+group owns itself, only a finite number of people can administer the group
+entry.
+<HR><H2><A NAME="HDRWQ549" HREF="auagd002.htm#ToC_612">Adding and Removing Group Members</A></H2>
+<P>Users and machines can be members of groups; groups
+cannot belong to other groups. Newly created groups have no members at
+all. To add them, use the <B>pts adduser</B> command; to
+remove them, use the <B>pts removeuser</B> command.
+<A NAME="IDX7946"></A>
+<A NAME="IDX7947"></A>
+<A NAME="IDX7948"></A>
+<A NAME="IDX7949"></A>
+<A NAME="IDX7950"></A>
+<A NAME="IDX7951"></A>
+<A NAME="IDX7952"></A>
+<P><H3><A NAME="HDRWQ550" HREF="auagd002.htm#ToC_613">To add users and machines to groups</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group, which enables you to add members to a group regardless of the setting
+of its fourth (<B>a</B>) privacy flag. By default the group's
+owner also has the necessary privilege. If necessary, issue the
+<B>pts membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts adduser</B> command to add one or more members to one
+or more groups.
+<PRE> % <B>pts adduser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ad
+</B><DD>Is the shortest acceptable abbreviation of <B>adduser</B>.
+<P><DT><B>-user
+</B><DD>Specifies each username or machine IP address to add as a member of each
+group named by the <B>-group</B> argument. A group cannot belong to
+another group.
+<P><DT><B><VAR>group name</VAR>
+</B><DD>Names each group to which to add the new members.
+</DL>
+</OL>
+<A NAME="IDX7953"></A>
+<A NAME="IDX7954"></A>
+<A NAME="IDX7955"></A>
+<A NAME="IDX7956"></A>
+<A NAME="IDX7957"></A>
+<A NAME="IDX7958"></A>
+<A NAME="IDX7959"></A>
+<P><H3><A NAME="HDRWQ551" HREF="auagd002.htm#ToC_614">To remove users and machines from groups</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group, which enables you to remove members from a group regardless of the
+setting of its fifth (<B>r</B>) privacy flag. By default the
+group's owner also has the necessary privilege. If necessary,
+issue the <B>pts membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts removeuser</B> command to remove one or more members
+from one or more groups.
+<PRE> % <B>pts removeuser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>rem
+</B><DD>Is the shortest acceptable abbreviation of <B>removeuser</B>.
+<P><DT><B>-user
+</B><DD>Specifies each user or machine IP address to remove from each group named
+by the <B>-group</B> argument.
+<P><DT><B>-group
+</B><DD>Names each group from which to remove members.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ552" HREF="auagd002.htm#ToC_615">Deleting Protection Database Entries</A></H2>
+<P>It is best to delete a Protection Database user entry only
+if you are removing the complete user account. Use either the <B>uss
+delete</B> command as described in <A HREF="auagd017.htm#HDRWQ486">Deleting Individual Accounts with the uss delete Command</A>, or the <B>pts delete</B> command as described in <A HREF="auagd018.htm#HDRWQ524">Removing a User Account</A>.
+<P>To remove machine and group entries, use the <B>pts delete</B> command
+as described in this section. The operation has the following
+results:
+<UL>
+<P><LI>When you delete a machine entry, its name (IP address wildcard) is removed
+from groups.
+<P><LI>When you delete a group entry, its AFS GID appears on ACLs instead of the
+name. The group-creation quota of the user who created the group
+increases by one, even if the user no longer owns the group.
+<P>To remove obsolete AFS IDs from ACLs, use the <B>fs cleanacl</B>
+command as described in <A HREF="auagd020.htm#HDRWQ579">Removing Obsolete AFS IDs from ACLs</A>.
+</UL>
+<A NAME="IDX7960"></A>
+<A NAME="IDX7961"></A>
+<A NAME="IDX7962"></A>
+<A NAME="IDX7963"></A>
+<A NAME="IDX7964"></A>
+<A NAME="IDX7965"></A>
+<A NAME="IDX7966"></A>
+<P><H3><A NAME="HDRWQ553" HREF="auagd002.htm#ToC_616">To delete Protection Database entries</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B> group
+or own the group you are deleting. If necessary, issue the <B>pts
+membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts delete</B> command to delete one or more entries from
+the Protection Database.
+<PRE> % <B>pts delete</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>del
+</B><DD>Is the shortest acceptable abbreviation of <B>delete</B>.
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Specifies the IP address or AFS UID of each machine or the name or AFS GID
+or each group to remove.
+</DL>
+</OL>
+<A NAME="IDX7967"></A>
+<A NAME="IDX7968"></A>
+<HR><H2><A NAME="HDRWQ554" HREF="auagd002.htm#ToC_617">Changing a Group's Owner</A></H2>
+<P>For user and machine entries, the Protection Server
+automatically assigns ownership to the <B>system:administrators</B>
+group at creation time, and this cannot be changed. For group entries,
+you can change ownership. This transfers administrative responsibility
+for it to another user or group (for information on group ownership of other
+groups, see <A HREF="#HDRWQ545">Using Groups Effectively</A>).
+<P>When you create a regular group, its <VAR>owner_name</VAR> prefix must
+accurately reflect its owner, as described in <A HREF="#HDRWQ546">To create groups</A>:
+<UL>
+<P><LI>If the owner is a user, <VAR>owner_name</VAR> is the username.
+<P><LI>If the owner is a regular group, <VAR>owner_name</VAR> is the owning
+group's <VAR>owner_name</VAR> prefix.
+<P><LI>If the owner is a prefix-less group, <VAR>owner_name</VAR> is the owner
+group's name.
+</UL>
+<P>When you change a regular group's owner, the Protection Server
+automatically changes its <VAR>owner_name</VAR> prefix appropriately. For
+example, if the user <B>pat</B> becomes the new owner of the group
+<B>terry:friends</B>, its name automatically changes to
+<B>pat:friends</B>, both in the Protection Database and on
+ACLs.
+<P>However, the Protection Server does not automatically change the
+<VAR>owner_name</VAR> prefix of any regular groups that the group owns.
+To continue with the previous example, suppose that the group
+<B>terry:friends</B> owns the group
+<B>terry:pals</B>. When <B>pat</B> becomes the new owner
+of <B>terry:friends</B>, the name <B>terry:pals</B> does
+not change. To change the <VAR>owner_name</VAR> prefix of a regular group
+that is owned by another group (in the example, to change the group's
+name to <B>pat:pals</B>), use the <B>pts rename</B> command as
+described in <A HREF="#HDRWQ556">Changing a Protection Database Entry's Name</A>.
+<A NAME="IDX7969"></A>
+<A NAME="IDX7970"></A>
+<A NAME="IDX7971"></A>
+<P><H3><A NAME="HDRWQ555" HREF="auagd002.htm#ToC_618">To change a group's owner</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B> group
+or own the group for which you are changing the owner. If necessary,
+issue the <B>pts membership</B> command, which is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> If you are changing the group's owner to
+another group (or to itself) and want to retain administrative privilege on
+the owned group, verify that you belong to the new owner group. If
+necessary, issue the <B>pts membership</B> command, which is fully
+described in <A HREF="#HDRWQ538">To display group membership</A>.
+<PRE> % <B>pts membership</B> <<VAR>user or group name or id</VAR>>
+</PRE>
+<P>Use the <B> pts adduser</B> command to add yourself if necessary, as
+fully described in <A HREF="#HDRWQ550">To add users and machines to groups</A>.
+<PRE> % <B>pts adduser</B> <<VAR>user name</VAR>> <<VAR>group name</VAR>>
+</PRE>
+<P><LI>Issue the <B>pts chown</B> command to change the group's
+owner.
+<PRE> % <B>pts chown</B> <<VAR>group name</VAR>> <<VAR>new owner</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cho
+</B><DD>Is the shortest acceptable abbreviation of <B>chown</B>.
+<P><DT><B><VAR>group name</VAR>
+</B><DD>Specifies the current name of the group.
+<P><DT><B><VAR>new owner</VAR>
+</B><DD>Names the user or group to become the group's owner.
+</DL>
+<P><LI><B>(Optional)</B> Issue the <B>pts listowned</B> command to
+display any groups that the group owns. As discussed in the
+introduction to this section, the <B>pts chown</B> command does not
+automatically change the <VAR>owner_name</VAR> prefix of any regular groups that
+a group owns.
+<PRE> % <B>pts listowned</B> <<VAR>user or group name or id</VAR>>
+</PRE>
+<P>If you want to change their names to match the new owning group, use the
+<B>pts rename</B> command on each one, as described in <A HREF="#HDRWQ557">To change the name of a machine or group entry</A>.
+<PRE> % <B>pts rename</B> <<VAR>old name</VAR>> <<VAR>new name</VAR>>
+</PRE>
+</OL>
+<A NAME="IDX7972"></A>
+<A NAME="IDX7973"></A>
+<A NAME="IDX7974"></A>
+<A NAME="IDX7975"></A>
+<A NAME="IDX7976"></A>
+<HR><H2><A NAME="HDRWQ556" HREF="auagd002.htm#ToC_619">Changing a Protection Database Entry's Name</A></H2>
+<P>To change the name of a Protection Database entry, use the
+<B>pts rename</B> command. It is best to change a user entry's
+name only when renaming the entire user account, since so many components of
+the account (Authentication Database entry, volume name, home directory mount
+point, and so on) share the name. For instructions, see <A HREF="auagd018.htm#HDRWQ518">Changing Usernames</A>. A machine entry's name maps to the actual IP
+address of one or more machine, so changing the entry's name is
+appropriate only if the IP addresses have changed.
+<P>It is likely, then, that most often you need to change group names.
+The following types of name changes are possible:
+<UL>
+<P><LI>Changing a regular group's name to another regular group name.
+The most common reason for this type of change is that you have used the
+<B>pts chown</B> command to change the owner of the group. That
+operation does not change the <VAR>owner_name</VAR> prefix of a regular group
+owned by the group whose name has been changed. Therefore, you must use
+the <B>pts rename</B> command to change it appropriately. For
+example, when user <B>pat</B> becomes the owner of the
+<B>terry:friends</B> group, its name changes automatically to
+<B>pat:friends</B>, but the name of a group it owns,
+<B>terry:pals</B>, does not change. Use the <B>pts
+rename</B> command to rename <B>terry:pals</B> to
+<B>pat:pals</B>. The Protection Server does not accept
+changes to the <VAR>owner_name</VAR> prefix that do not reflect the true
+ownership (changing <B>terry:pals</B> to <B>smith:pals</B>
+is not possible).
+<P>You can also use the <B>pts rename</B> command to change the
+<VAR>group_name</VAR> portion of a regular group name, with or without changing
+the <VAR>owner_name</VAR> prefix.
+<P>Both the group's owner and the members of the
+<B>system:administrators</B> group can change its name to another
+regular group name.
+<P><LI>Changing a regular group's name to a prefix-less name. If you
+change a group's name in this way, you must also use the <B>pts
+rename</B> command to change the name of any regular group that the group
+owns. Only members of the <B>system:administrators</B> group
+can make this type of name change.
+<P><LI>Changing a prefix-less name to another prefix-less name. As with
+other name changes, the <VAR>owner_name</VAR> prefix of any regular groups that
+the prefix-less group owns does not change automatically. You must
+issue the <B>pts rename</B> command on them to maintain
+consistency.
+<P>Both the group's owner and the members of the
+<B>system:administrators</B> group can change its name to another
+prefix-less name.
+<P><LI>Changing a prefix-less name to a regular name. The
+<VAR>owner_name</VAR> prefix on the new name must accurately reflect the
+group's ownership. As with other name changes, the
+<VAR>owner_name</VAR> prefix of any regular groups that the prefix-less group
+owns does not change automatically. You must issue the <B>pts
+rename</B> command on them to maintain consistency.
+<P>Only members of the <B>system:administrators</B> group can make
+this type of name change.
+</UL>
+<A NAME="IDX7977"></A>
+<A NAME="IDX7978"></A>
+<P><H3><A NAME="HDRWQ557" HREF="auagd002.htm#ToC_620">To change the name of a machine or group entry</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts rename</B> command to change the entry's
+name.
+<PRE> % <B>pts rename</B> <<VAR>old name</VAR>> <<VAR>new name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ren
+</B><DD>Is the shortest acceptable abbreviation of <B>rename</B>.
+<P><DT><B><VAR>old name</VAR>
+</B><DD>Specifies the entry's current name.
+<P><DT><B><VAR>new name</VAR>
+</B><DD>Specifies the new name. If the new name is for a regular group, the
+<VAR>owner_name</VAR> prefix must correctly indicate the owner.
+</DL>
+</OL>
+<A NAME="IDX7979"></A>
+<A NAME="IDX7980"></A>
+<A NAME="IDX7981"></A>
+<A NAME="IDX7982"></A>
+<A NAME="IDX7983"></A>
+<A NAME="IDX7984"></A>
+<HR><H2><A NAME="HDRWQ558" HREF="auagd002.htm#ToC_621">Setting Group-Creation Quota</A></H2>
+<P>To prevent abuse of system resources, the Protection Server
+imposes a <I>group-creation quota</I> that limits how many more groups a
+user can create. When a new user entry is created, the quota is set to
+20, but members of the <B>system:administrators</B> group can use
+the <B>pts setfields</B> command to increase or decrease it at any
+time.
+<P>It is pointless to change group-creation quota for machine or group
+entries. It is not possible to authenticate as a group or machine and
+then create groups.
+<P>To display the group-creation quota, use the <B>pts examine</B> command
+to display a user entry's <TT>group quota</TT> field, as described in <A HREF="#HDRWQ537">To display a Protection Database entry</A>.
+<A NAME="IDX7985"></A>
+<A NAME="IDX7986"></A>
+<P><H3><A NAME="Header_622" HREF="auagd002.htm#ToC_622">To set group-creation quota</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts setfields</B> command to specify how many more groups
+each of one or more users can create.
+<PRE> % <B>pts setfields -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> \
+ <B>-groupquota</B> <<VAR>set limit on group creation</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>setf
+</B><DD>Is the shortest acceptable abbreviation of <B>setfields</B>.
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS UID of each user for which to set group-creation
+quota.
+<P><DT><B>-groupquota
+</B><DD>Defines how many groups each user can create in addition to existing
+groups (in other words, groups that already exist do not count against the
+quota). The value you specify overwrites the current value, rather than
+incrementing it.
+</DL>
+</OL>
+<A NAME="IDX7987"></A>
+<A NAME="IDX7988"></A>
+<A NAME="IDX7989"></A>
+<A NAME="IDX7990"></A>
+<A NAME="IDX7991"></A>
+<A NAME="IDX7992"></A>
+<HR><H2><A NAME="HDRWQ559" HREF="auagd002.htm#ToC_623">Setting the Privacy Flags on Database Entries</A></H2>
+<P>Members of the <B>system:administrators</B> group
+can always display and administer Protection Database entries in any way, and
+regular users can display and administer their own entries and any group
+entries they own. The <I>privacy flags</I> on a Protection Database
+entry determine who else can display certain information from the entry, and
+who can add and remove members in a group.
+<P>To display the flags, use the <B>pts examine</B> command as described
+in <A HREF="#HDRWQ537">To display a Protection Database entry</A>. The flags appear in the output's
+<TT>flags</TT> field. To set the flags, include the
+<B>-access</B> argument to the <B>pts setfields</B> command.
+<P>The five flags always appear, and always must be set, in the following
+order:
+<DL>
+<P><DT><B>s
+</B><DD>Controls who can issue the <B>pts examine</B> command to display the
+entry.
+<P><DT><B>o
+</B><DD>Controls who can issue the <B>pts listowned</B> command to display the
+groups that a user or group owns.
+<P><DT><B>m
+</B><DD>Controls who can issue the <B>pts membership</B> command to display
+the groups a user or machine belongs to, or which users or machines belong to
+a group.
+<P><DT><B>a
+</B><DD>Controls who can issue the <B>pts adduser</B> command to add a user or
+machine to a group. It is meaningful only for groups, but a value must
+always be set for it even on user and machine entries.
+<P><DT><B>r
+</B><DD>Controls who can issue the <B>pts removeuser</B> command to remove a
+user or machine from a group. It is meaningful only for groups, but a
+value must always be set for it even on user and machine entries.
+</DL>
+<P>Each flag can take three possible types of values to enable a different set
+of users to issue the corresponding command:
+<UL>
+<P><LI>A hyphen (<B>-</B>) designates the members of the
+<B>system:administrators</B> group and the entry's
+owner. For user entries, it designates the user in addition.
+<P><LI>The lowercase version of the letter applies meaningfully to groups only,
+and designates members of the group in addition to the individuals designated
+by the hyphen.
+<P><LI>The uppercase version of the letter designates everyone.
+</UL>
+<P>For example, the flags <TT>SOmar</TT> on a group entry indicate that
+anyone can examine the group's entry and display the groups that it owns,
+and that only the group's members can display, add, or remove its
+members.
+<P>The default privacy flags for user and machine entries are
+<TT>S----</TT>, meaning that anyone can display the entry. The
+ability to perform any other functions is restricted to members of the
+<B>system:administrators</B> group and the entry's owner (as
+well as the user for a user entry).
+<P>The default privacy flags for group entries are <TT>S-M--</TT>, meaning
+that all users can display the entry and the members of the group, but only
+the entry owner and members of the <B>system:administrators</B>
+group can perform other functions.
+<A NAME="IDX7993"></A>
+<A NAME="IDX7994"></A>
+<P><H3><A NAME="Header_624" HREF="auagd002.htm#ToC_624">To set a Protection Database entry's privacy flags</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts setfields</B> command to set the privacy
+flags.
+<PRE> % <B>pts setfields</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> <B>-access</B> <<VAR>set privacy flags</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>setf
+</B><DD>Is the shortest acceptable abbreviation of <B>setfields</B>.
+<P><DT><B><VAR>user or group name or id</VAR>
+</B><DD>Specifies the name or AFS UID of each user, the IP address or AFS UID of
+each machine, or the name or AFS GID of each group for which to set the
+privacy flags.
+<P><DT><B>-access
+</B><DD>Specifies the set of privacy flags to associate with each entry.
+Provide a value for each of the five flags, observing the following
+constraints:
+<UL>
+<P><LI>Provide a value for all five flags, even though the fourth and fifth flags
+are not meaningful for user and machine entries.
+<P><LI>For self-owned groups, the hyphen is equivalent to a lowercase letter,
+because all the members of a self-owned group own it.
+<P><LI>Set the first flag to lowercase <B>s</B> or uppercase <B>S</B>
+only. For user and machine entries, the Protection Server interprets
+the lowercase <B>s</B> as equivalent to the hyphen.
+<P><LI>Set the second flag to the hyphen (<B>-</B>) or uppercase <B>O</B>
+only. For groups, the Protection Server interprets the hyphen as
+equivalent to lowercase <B>o</B> (that is, members of a group can always
+list the groups that it owns).
+<P><LI>Set the third flag to the hyphen (<B>-</B>), lowercase <B>m</B>,
+or uppercase <B>M</B>. For user and machine entries, the lowercase
+<B>m</B> does not have a meaningful interpretation, because they have no
+members.
+<P><LI>Set the fourth flag to the hyphen (<B>-</B>), lowercase <B>a</B>,
+or uppercase <B>A</B>. Although this flag does not have a
+meaningful interpretation for user and machine entries (because they have no
+members), it must be set, preferably to the hyphen.
+<P><LI>Set the fifth flag to the hyphen (<B>-</B>) or lowercase <B>r</B>
+only. Although this flag does not have a meaningful interpretation for
+user and machine entries (because they have no members), it must be set,
+preferably to the hyphen.
+</UL>
+</DL>
+</OL>
+<A NAME="IDX7995"></A>
+<A NAME="IDX7996"></A>
+<A NAME="IDX7997"></A>
+<A NAME="IDX7998"></A>
+<HR><H2><A NAME="HDRWQ560" HREF="auagd002.htm#ToC_625">Displaying and Setting the AFS UID and GID Counters</A></H2>
+<P>When you use the <B>pts createuser</B> command to create
+a user or machine entry in the Protection Database, the Protection Server by
+default automatically allocates an AFS user ID (AFS UID) for it;
+similarly, it allocates an AFS group ID (AFS GID) for each group entry you
+create with the <B>pts creategroup</B> command. It tracks the next
+available AFS UID (which is a positive integer) and AFS GID (which is a
+negative integer) with the <TT>max user id</TT> and <TT>max group id</TT>
+counters, respectively.
+<P>Members of the <B>system:administrators</B> group can include the
+<B>-id</B> argument to either <B>pts</B> creation command to assign a
+specific ID to a new user, machine, or group. It often makes sense to
+assign AFS UIDs explicitly when creating AFS accounts for users with existing
+UNIX accounts, as discussed in <A HREF="auagd017.htm#HDRWQ456">Assigning AFS and UNIX UIDs that Match</A>. It is also useful if you want to establish ranges of
+IDs that correspond to departmental affiliations (for example, assigning AFS
+UIDs from 300 to 399 to members of one department, AFS UIDs from 400 to 499 to
+another department, and so on).
+<P>To display the current value of the counters, use the <B>pts
+listmax</B> command. When you next create a user or machine entry and
+do not specify its AFS UID, the Protection Server increments the <TT>max user
+id</TT> counter by one and assigns that number to the new entry. When
+you create a new group and do not specify its AFS GID, the Protection Server
+decrements the <TT>max group id</TT> counter by one (makes it more
+negative), and assigns that number to the new group.
+<P>You can change the value of either counter, or both, in one of two
+ways:
+<UL>
+<P><LI>Directly, using the <B>pts setmax</B> command.
+<P><LI>Indirectly, by using the <B>-id</B> argument to the <B>pts
+createuser</B> command to assign an AFS UID that is larger than the <TT>max
+user id</TT> counter, or by using the <B>-id</B> to the <B>pts
+creategroup</B> command to assign an AFS GID that is less (more negative)
+than the <TT>max group id</TT> counter. In either case, the
+Protection Server changes the counter to the value of the <B>-id</B>
+argument. The Protection Server does not use the IDs between the
+previous value of the counter and the new one when allocating IDs
+automatically, unless you use the <B>pts setmax</B> command to move the
+counter back to its old value.
+<P>If the value you specify with the <B>-id</B> argument is less than the
+<TT>max user id</TT> counter or greater (less negative) than the <TT>max
+group id</TT> counter, then the counter does not change.
+</UL>
+<A NAME="IDX7999"></A>
+<A NAME="IDX8000"></A>
+<A NAME="IDX8001"></A>
+<A NAME="IDX8002"></A>
+<A NAME="IDX8003"></A>
+<A NAME="IDX8004"></A>
+<P><H3><A NAME="HDRWQ561" HREF="auagd002.htm#ToC_626">To display the AFS ID counters</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>pts listmax</B> command to display the counters.
+<PRE> % <B>pts listmax</B>
+</PRE>
+<P>where <B>listm</B> is an acceptable abbreviation of
+<B>listmax</B>.
+</OL>
+<P>The following example illustrates the output's format. In this
+case, the next automatically assigned AFS UID is 5439 and AFS GID is
+-469.
+<PRE> % <B>pts listmax</B>
+ Max user id is 5438 and max group id is -468.
+</PRE>
+<A NAME="IDX8005"></A>
+<A NAME="IDX8006"></A>
+<A NAME="IDX8007"></A>
+<A NAME="IDX8008"></A>
+<A NAME="IDX8009"></A>
+<A NAME="IDX8010"></A>
+<A NAME="IDX8011"></A>
+<A NAME="IDX8012"></A>
+<A NAME="IDX8013"></A>
+<A NAME="IDX8014"></A>
+<A NAME="IDX8015"></A>
+<P><H3><A NAME="Header_627" HREF="auagd002.htm#ToC_627">To set the AFS ID counters</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="auagd021.htm#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts setmax</B> command to set the <TT>max user id</TT>
+counter, the <TT>max group id</TT> counter, or both.
+<PRE> % <B>pts setmax</B> [<B>-group</B> <<VAR>group max</VAR>>] [<B>-user</B> <<VAR>user max</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>setm
+</B><DD>Is the shortest acceptable abbreviation of <B>setmax</B>.
+<P><DT><B>-group
+</B><DD>Specifies an integer one greater (less negative) than the AFS GID that the
+Protection Server is to assign to the next group entry. Because the
+value is a negative integer, precede it with a hyphen (<B>-</B>).
+<P><DT><B>-user
+</B><DD>Specifies an integer one less than the AFS UID that the Protection Server
+is to assign to the next user or machine entry.
+</DL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd018.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd020.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd019.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd021.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ562" HREF="auagd002.htm#ToC_628">Managing Access Control Lists</A></H1>
+<P>To control access to a directory and all of the files in it,
+AFS associates an <I>access control list</I> (<I>ACL</I>) with it,
+rather than the mode bits that the UNIX file system (UFS) associates with
+individual files or directories. AFS ACLs provide more refined access
+control because there are seven access permissions rather than UFS's
+three, and there is room for approximately 20 user or group entries on an ACL,
+rather than just the three UFS entries (<B>owner</B>, <B>group</B>,
+and <B>other</B>).
+<HR><H2><A NAME="HDRWQ563" HREF="auagd002.htm#ToC_629">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Examine access control list
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs listacl</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Edit ACL's normal permissions section
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs setacl</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Edit ACL's negative permissions section
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs setacl</B> with <B>-negative</B> flag
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Replace an ACL
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs setacl</B> with <B>-clear</B> flag
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Copy an ACL
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs copyacl</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="57%">Remove obsolete AFS UIDs
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="43%"><B>fs cleanacl</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ565" HREF="auagd002.htm#ToC_630">Protecting Data in AFS</A></H2>
+<A NAME="IDX8016"></A>
+<A NAME="IDX8017"></A>
+<P>This section describes the main differences between the AFS and UFS file
+protection systems, discusses the implications of directory-level protections,
+and describes the seven access permissions.
+<P><H3><A NAME="HDRWQ566" HREF="auagd002.htm#ToC_631">Differences Between UFS and AFS Data Protection</A></H3>
+<A NAME="IDX8018"></A>
+<A NAME="IDX8019"></A>
+<A NAME="IDX8020"></A>
+<P>The UFS mode bits data protection system and the AFS ACL system differ in
+the following ways:
+<UL>
+<P><LI>Protection at the file level (UFS) versus the directory level (AFS)
+<P>UFS associates a set of nine mode bits with each file element, three
+(<B>rwx</B>) for each of the element's owner, owning group, and all
+other users. A similar set of mode bits on the file's directory
+applies to the file only in an oblique way.
+<P>An AFS ACL instead protects all files in a directory in the same
+way. If a certain file is more sensitive than others, store it in a
+directory with a more restrictive ACL.
+<P>Defining access at the directory level has important consequences:
+<A NAME="IDX8021"></A>
+<UL>
+<P><LI>The permissions on a directory's ACL apply to all of the files in the
+directory. When you move a file to a different directory, you
+effectively change the access permissions that apply to it to those on its new
+directory's ACL. Changing a directory's ACL changes the
+protection on all the files in it.
+<P><LI>When you create a subdirectory, its initial ACL is created as a copy of
+its parent directory's ACL. You can then change the
+subdirectory's ACL independently. However, the parent
+directory's ACL continues to control access to the subdirectory in the
+following way: the parent directory's ACL must grant the
+<B>l</B> (<B>lookup</B>) permission to a user (or a group the user
+belongs to) in order for the user to access the subdirectory at all.
+<P>In general, then, it is best to assign fairly liberal access permissions to
+high-level directories (including user home directories). In
+particular, it often makes sense to grant at least the <B>l</B> permission
+to the <B>system:anyuser</B> or <B>system:authuser</B>
+group on high-level directories. For further discussion, see <A HREF="#HDRWQ571">Using Groups on ACLs</A>.
+</UL>
+<P><LI>How the mode bits are interpreted
+<P>Mode bits are the only file-protection system in UFS. AFS allows you
+to set the UNIX mode bits on a file in addition to the ACL on its directory,
+but it interprets them differently. See <A HREF="#HDRWQ580">How AFS Interprets the UNIX Mode Bits</A>.
+<P><LI>Three access permissions (UFS) versus seven (AFS)
+<P>UFS defines three access permissions in the form of mode bits:
+<B>r</B> (<B>read</B>), <B>w</B> (<B>write</B>), and
+<B>x</B> (<B>execute</B>). AFS defines seven permissions, which
+makes access control more precise. For detailed descriptions, see <A HREF="#HDRWQ567">The AFS ACL Permissions</A>.
+<DL>
+<DD><P><B>a</B> (<B>administer</B>)
+<DD><P><B>d</B> (<B>delete</B>)
+<DD><P><B>i</B> (<B>insert</B>)
+<DD><P><B>k</B> (<B>lock</B>)
+<DD><P><B>l</B> (<B>lookup</B>)
+<DD><P><B>r</B> (<B>read</B>)
+<DD><P><B>w</B> (<B>write</B>)
+</DL>
+<P><LI>Three defined users and groups (UFS) versus many (AFS)
+<P>UFS controls access for one user and two groups by providing a set of mode
+bits for each: the user who owns the file or directory, a single defined
+group, and everyone who has an account on the system.
+<P>AFS, in contrast, allows you to place many entries (individual users or
+groups) on an ACL, granting a different set of access permissions to each
+one. The number of possible entries is about 20, and depends on how
+much space each entry occupies in the memory allocated for the ACL
+itself.
+<P>AFS defines two system groups, <B>system:anyuser</B> and
+<B>system:authuser</B>, which represent all users and all
+authenticated users, respectively; for further discussion, see <A HREF="#HDRWQ571">Using Groups on ACLs</A>. In addition, users can define their own groups in
+the Protection Database, consisting of individual users or machine IP
+addresses. Users who have the <B>a</B> permission on an ACL can
+create entries for the system groups as well as groups defined by themselves
+or other users. For information on defining groups, see <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P>When a user requests access to a file or directory, the File Server sums
+together all of the permissions that the relevant ACL extends to the user and
+to groups to which the user belongs. Placing group entries on ACLs
+therefore can control access for many more users than the ACL can accommodate
+as individual entries.
+</UL>
+<P><H3><A NAME="HDRWQ567" HREF="auagd002.htm#ToC_632">The AFS ACL Permissions</A></H3>
+<A NAME="IDX8022"></A>
+<A NAME="IDX8023"></A>
+<A NAME="IDX8024"></A>
+<P>Functionally, the seven standard ACL permissions fall into two
+groups: one that applies to the directory itself and one that applies to
+the files it contains.
+<P><H4><A NAME="HDRWQ568">The Four Directory Permissions</A></H4>
+<P>The four permissions in this group are meaningful with
+respect to the directory itself. For example, the <B>i</B>
+(<B>insert</B>) permission does not control addition of data to a file,
+but rather creation of a new file or subdirectory.
+<DL>
+<P><DT><B>The l (lookup) permission
+</B><DD>This permission functions as something of a gate keeper for access to the
+directory and its files, because a user must have it in order to exercise any
+other permissions. In particular, a user must have this permission to
+access anything in the directory's subdirectories, even if the ACL on a
+subdirectory grants extensive permissions.
+<A NAME="IDX8025"></A>
+<A NAME="IDX8026"></A>
+<P>This permission enables a user to issue the following commands:
+<UL>
+<P><LI>The <B>ls</B> command to list the names of the files and
+subdirectories in the directory
+<P><LI>The <B>ls -ld</B> command to obtain complete status information for
+the directory element itself
+<P><LI>The <B>fs listacl</B> command to examine the directory's ACL
+</UL>
+<P>This permission does not enable a user to read the contents of a file in
+the directory, to issue the <B>ls -l</B> command on a file in the
+directory, or to issue the <B>fs listacl</B> command with the filename as
+the <B>-path</B> argument. Those operations require the
+<B>r</B> (<B>read</B>) permission which is described in <A HREF="#HDRWQ569">The Three File Permissions</A>.
+<P>Similarly, this permission does not enable a user to issue the
+<B>ls</B>, <B>ls -l</B>, <B>ls -ld</B>, or <B>fs listacl</B>
+commands against a subdirectory of the directory. Those operations
+require the <B>l</B> permission on the ACL of the subdirectory
+itself.
+<P><DT><B>The i (insert) permission
+</B><DD>This permission enables a user to add new files to the directory, either
+by creating or copying, and to create new subdirectories. It does not
+extend into any subdirectories, which are protected by their own ACLs.
+<A NAME="IDX8027"></A>
+<A NAME="IDX8028"></A>
+<P><DT><B>The d (delete) permission
+</B><DD>This permission enables a user to remove files and subdirectories from the
+directory or move them into other directories (assuming that the user has the
+<B>i</B> permission on the ACL of the other directories).
+<A NAME="IDX8029"></A>
+<A NAME="IDX8030"></A>
+<P><DT><B>The a (administer) permission
+</B><DD>This permission enables a user to change the directory's ACL.
+Members of the <B>system:administrators</B> group implicitly have
+this permission on every directory (that is, even if that group does not
+appear on the ACL). Similarly, the owner of a directory implicitly has
+this permission on its ACL and those of all directories below it that he or
+she owns.
+<A NAME="IDX8031"></A>
+<A NAME="IDX8032"></A>
+</DL>
+<P><H4><A NAME="HDRWQ569">The Three File Permissions</A></H4>
+<P>The three permissions in this group are meaningful with
+respect to files in a directory, rather than the directory itself or its
+subdirectories.
+<DL>
+<P><DT><B>The r (read) permission
+</B><DD>This permission enables a user to read the contents of files in the
+directory and to issue the <B>ls -l</B> command to stat the file
+elements.
+<A NAME="IDX8033"></A>
+<A NAME="IDX8034"></A>
+<P><DT><B>The w (write) permission
+</B><DD>This permission enables a user to modify the contents of files in the
+directory and to issue the <B>chmod</B> command to change their UNIX mode
+bits.
+<A NAME="IDX8035"></A>
+<A NAME="IDX8036"></A>
+<P><DT><B>The k (lock) permission
+</B><DD>This permission enables the user to run programs that issue system calls
+to lock files in the directory.
+<A NAME="IDX8037"></A>
+<A NAME="IDX8038"></A>
+</DL>
+<P><H4><A NAME="Header_635">The Eight Auxiliary Permissions</A></H4>
+<A NAME="IDX8039"></A>
+<A NAME="IDX8040"></A>
+<A NAME="IDX8041"></A>
+<P>AFS provides eight additional permissions that do not have a defined
+meaning, denoted by the uppercase letters <B>A</B>, <B>B</B>,
+<B>C</B>, <B>D</B>, <B>E</B>, <B>F</B>, <B>G</B>, and
+<B>H</B>.
+<P>You can write application programs that assign a meaning to one or more of
+the permissions, and then place them on ACLs to control file access by those
+programs. For example, you can modify a print program to recognize and
+interpret the permissions, and then place them on directories that house files
+that the program accesses. Use the <B>fs listacl</B> and <B>fs
+setacl</B> commands to display and set the auxiliary permissions on ACLs
+just like the standard seven.
+<P><H4><A NAME="Header_636">Shorthand Notation for Sets of Permissions</A></H4>
+<A NAME="IDX8042"></A>
+<A NAME="IDX8043"></A>
+<P>You can combine the seven permissions in any way in an ACL entry, but
+certain combinations are more useful than others. Four of the more
+common combinations have corresponding shorthand forms. When using the
+<B>fs setacl</B> command to define ACL entries, you can provide either one
+or more of the individual letters that represent the permissions, or one of
+the following shorthand forms:
+<DL>
+<A NAME="IDX8044"></A>
+<P><DT><B>all
+</B><DD>Represents all seven standard permissions (<B>rlidwka</B>).
+<A NAME="IDX8045"></A>
+<P><DT><B>none
+</B><DD>Removes the entry from the ACL, leaving the user or group with no
+permissions.
+<A NAME="IDX8046"></A>
+<P><DT><B>read
+</B><DD>Represents the <B>r</B> (<B>read</B>) and <B>l</B>
+(<B>lookup</B>) permissions.
+<A NAME="IDX8047"></A>
+<P><DT><B>write
+</B><DD>Represents all permissions except <B>a</B>
+(<B>administer</B>): <B>rlidwk</B>.
+</DL>
+<P><H3><A NAME="HDRWQ570" HREF="auagd002.htm#ToC_637">Using Normal and Negative Permissions</A></H3>
+<A NAME="IDX8048"></A>
+<A NAME="IDX8049"></A>
+<A NAME="IDX8050"></A>
+<P>ACLs enable you both to grant and to deny access to a directory and the
+files in it. To grant access, use the <B>fs setacl</B> command to
+create an ACL entry that associates a set of permissions with a user or group,
+as described in <A HREF="#HDRWQ573">Setting ACL Entries</A>. When you use the <B>fs listacl</B> command to
+display an ACL (as described in <A HREF="#HDRWQ572">Displaying ACLs</A>), such entries appear underneath the following header, which
+uses the term <I>rights</I> to refer to permissions:
+<PRE> Normal rights
+</PRE>
+<P>There are two ways to deny access:
+<OL TYPE=1>
+<P><LI>The recommended method is simply to omit an entry for the user or group
+from the ACL, or to omit the appropriate permissions from the entry.
+Use the <B>fs setacl</B> command to remove or edit an existing entry,
+using the instructions in <A HREF="#HDRWQ574">To add, remove, or edit normal ACL permissions</A>. In most circumstances, this method is enough to
+prevent access of certain kinds or by certain users. You must take
+care, however, not to grant the undesired permissions to any groups to which
+such users belong.
+<P><LI>The more explicit method for denying access is to use the
+<B>-negative</B> flag to the <B>fs setacl</B> command to create an
+entry that associates <I>negative permissions</I> with the user or
+group; for instructions, see <A HREF="#HDRWQ575">To add, remove, or edit negative ACL permissions</A>. The output from the <B>fs listacl</B>
+command lists negative entries underneath the following header:
+<PRE> Negative rights
+</PRE>
+<P>When determining what type of access to grant to a user, the File Server
+first compiles a set of permissions by examining all of the entries in the
+<TT>Normal rights</TT> section of the ACL. It then subtracts any
+permissions associated with the user (or with groups to which the user
+belongs) on the <TT>Negative rights</TT> section of the ACL.
+Therefore, negative permissions always cancel out normal permissions.
+<P>Using negative permissions reverses the usual semantics of the <B>fs
+setacl</B> command, introducing the potential for confusion. In
+particular, combining the <B>none</B> shorthand and the
+<B>-negative</B> flag constitutes a double negative: by removing an
+entry from the <TT>Negative rights</TT> section of the ACL, you enable a
+user once again to obtain permissions via entries in the <TT>Normal
+rights</TT> section. Combining the <B>all</B> shorthand with the
+<B>-negative</B> flag explicitly denies all permissions.
+<P>Note also that it is pointless to create an entry in the <TT>Negative
+rights</TT> section if an entry in the <TT>Normal rights</TT> section
+grants the denied permissions to the <B>system:anyuser</B>
+group. In this case, users can obtain the permissions simply by using
+the <B>unlog</B> command to discard their tokens. When they do so,
+the File Server recognizes them as the <B>anonymous</B> user, who belongs
+to the <B>system:anyuser</B> group but does not match the entries on
+the <TT>Negative rights</TT> section of the ACL.
+</OL>
+<P><H3><A NAME="HDRWQ571" HREF="auagd002.htm#ToC_638">Using Groups on ACLs</A></H3>
+<A NAME="IDX8051"></A>
+<A NAME="IDX8052"></A>
+<P>As previously mentioned, placing a group entry on an ACL enables you to
+control access for many users at once. You can grant a new user access
+to many files and directories simply by adding the user to a group that
+appears on the relevant ACLs. You can also create groups of machines,
+in which case any user logged on to the machine obtains the access that is
+granted to the group. On directories where they have the <B>a</B>
+permission on the ACL, users can define their own groups and can create ACL
+entries for any groups, not just groups that they create or own
+themselves. For instructions on creating groups of users or machines,
+and a discussion of the most effective ways to use different types of groups,
+see <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<A NAME="IDX8053"></A>
+<A NAME="IDX8054"></A>
+<A NAME="IDX8055"></A>
+<A NAME="IDX8056"></A>
+<A NAME="IDX8057"></A>
+<P>AFS also defines the following two system groups, which can be very useful
+on ACLs because they potentially represent a large group of people. For
+more information about these groups, see <A HREF="auagd019.htm#HDRWQ535">The System Groups</A>.
+<DL>
+<P><DT><B>system:anyuser
+</B><DD>Includes anyone who can access the cell's file tree, including users
+who have logged in as the local superuser <B>root</B>, have connected to a
+local machine from somewhere outside the cell, and AFS users who belong to a
+foreign cell. This group includes users who do not have tokens that are
+valid for the local AFS servers; the servers recognize them as the user
+<B>anonymous</B>.
+<P>Note that creating an ACL entry for this group is the only way to extend
+access to AFS users from foreign cells, unless you create local authentication
+accounts for them.
+<A NAME="IDX8058"></A>
+<P><DT><B>system:authuser
+</B><DD>Includes all users who have a valid AFS token obtained from the local
+cell's authentication service.
+</DL>
+<P>It is particularly useful to grant the <B>l</B> (<B>lookup</B>)
+permission to the <B>system:anyuser</B> group on the ACL of most
+directories in the file system, especially at the upper levels. This
+permission enables users only to learn the names of files and subdirectories
+in a directory, but without it they cannot traverse their way through the
+directories in the path to a target file.
+<P>A slightly more restrictive alternative is to grant the <B>l</B>
+permission to the <B>system:authuser</B> group. If that is
+still not restrictive enough, you can grant the <B>l</B> to specific users
+or groups, which cannot exceed about 20 in number on a given ACL.
+<P>Another reason to grant certain permissions to the
+<B>system:anyuser</B> group is to enable the correct operation of
+processes that provide services such as printing and mail delivery. For
+example, in addition to the <B>l</B> permission, a print process possibly
+needs the <B>r</B> (<B>read</B>) permission in order to access the
+contents of files, and a mail delivery process possibly requires the
+<B>i</B> (<B>insert</B>) permission to deliver new pieces of
+mail.
+<P>The ACL on the root directory of every newly created volume grants all
+permissions to the <B>system:administrators</B> group. You
+can remove this entry if you wish, but members of the
+<B>system:administrators</B> group always implicitly have the
+<B>a</B> (<B>administer</B>), and by default also the <B>l</B>,
+permission on every directory's ACL. The <B>a</B> permission
+enables them to grant themselves other permissions explicitly when
+necessary. To learn about changing this default set of permissions, see
+<A HREF="auagd021.htm#HDRWQ586">Administering the system:administrators Group</A>.
+<HR><H2><A NAME="HDRWQ572" HREF="auagd002.htm#ToC_639">Displaying ACLs</A></H2>
+<A NAME="IDX8059"></A>
+<A NAME="IDX8060"></A>
+<P>To display the ACL associated with a file, directory or symbolic link,
+issue the <B>fs listacl</B> command. The output for a symbolic link
+displays the ACL that applies to its target file or directory, rather than the
+ACL on the directory that houses the symbolic link.
+<P><B>Note for AFS/DFS Migration Toolkit users:</B> If the machine
+on which you issue the <B>fs listacl</B> command is configured to access a
+DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, you can use
+the command to display the ACL on DFS files and directories. To display
+a DFS directory's Initial Container and Initial Object ACL instead of the
+regular one, include the <B>fs listacl</B> command's <B>-id</B>
+or <B>-if</B> flag. For instructions, see the <I>IBM AFS/DFS
+Migration Toolkit Administration Guide and Reference</I>. The
+<B>fs</B> command interpreter ignores the <B>-id</B> and
+<B>-if</B> flags if you include them when displaying an AFS ACL.
+<A NAME="IDX8061"></A>
+<A NAME="IDX8062"></A>
+<P><H3><A NAME="Header_640" HREF="auagd002.htm#ToC_640">To display an ACL</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs listacl</B> command.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>la
+</B><DD>Is an acceptable alias for <B>listacl</B> (and <B>lista</B> is the
+shortest acceptable abbreviation).
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names one or more files or directories for which to display the
+ACL. For files, the output displays the ACL for its directory.
+If you omit this argument, the output is for the current working
+directory. Partial pathnames are interpreted relative to the current
+working directory. You can also use the following notation on its own
+or as part of a pathname:
+<DL>
+<P><DT><B>.
+</B><DD>(A single period). Specifies the current working directory.
+<P><DT><B>..
+</B><DD>(Two periods). Specifies the current working directory's
+parent directory.
+<P><DT><B>*
+</B><DD>(The asterisk). Specifies each file and subdirectory in the current
+working directory. The ACL displayed for a file is always the same as
+for its directory, but the ACL for each subdirectory can differ.
+</DL>
+</DL>
+</OL>
+<P>The following error message indicates that you do not have the permissions
+needed to display an ACL. To specify a directory name as the
+<VAR>dir/file path</VAR> argument, you must have the <B>l</B>
+(<B>lookup</B>) permission on the ACL. To specify a filename, you
+must also have the <B>r</B> (<B>read</B>) permission on its
+directory's ACL.
+<PRE> fs: You don't have the required access permissions on '<VAR>dir/file path</VAR>'
+</PRE>
+<P>Members of the <B>system:administrators</B> group and the
+directory's owner (as reported by the <B>ls -ld</B> command)
+implicitly have the <B>a</B> (<B>administer</B>) permission on every
+directory's ACL, and can use the <B>fs setacl</B> command to grant
+themselves the required permissions; for instructions, see <A HREF="#HDRWQ573">Setting ACL Entries</A>.
+<P>The output for each file or directory specified as <VAR>dir/file path</VAR>
+begins with the following header to identify it:
+<PRE> Access list for <VAR>dir/file path</VAR> is
+</PRE>
+<P>The <TT>Normal rights</TT> header appears on the next line, followed by
+lines that each pair a user or group name and a set of permissions. The
+permissions appear as the single letters defined in <A HREF="#HDRWQ567">The AFS ACL Permissions</A>, and always in the order <B>rlidwka</B>. If there
+are any negative permissions, the <TT>Negative rights</TT> header appears
+next, followed by pairs of negative permissions.
+<P>The following example displays the ACL on user <B>terry</B>'s home
+directory in the ABC Corporation cell:
+<PRE> % <B>fs la /afs/abc.com/usr/terry</B>
+ Access list for /afs/abc.com/usr/terry is
+ Normal permissions:
+ system:authuser rl
+ pat rlw
+ terry rlidwka
+ Negative permissions:
+ terry:other-dept rl
+ jones rl
+</PRE>
+<P>where <B>pat</B>, <B>terry</B>, and <B>jones</B> are individual
+users, <B>system:authuser</B> is a system group, and
+<B>terry:other-dept</B> is a group that <B>terry</B>
+owns. The list of normal permissions grants all permissions to
+<B>terry</B>, the <B>r</B> (<B>read</B>), <B>l</B>
+(<B>lookup</B>), and <B>w</B> (<B>write</B>) permissions to
+<B>pat</B>, and the <B>r</B> and <B>l</B> permissions to the
+members of the <B>system:authuser</B> group.
+<P>The list of negative permissions denies the <B>r</B> and <B>l</B>
+permissions to <B>jones</B> and the members of the
+<B>terry:other-dept</B> group. These entries effectively
+prevent them from accessing <B>terry</B>'s home directory in any way,
+because they cancel out the <B>r</B> and <B>l</B> permissions extended
+to the <B>system:authuser</B> group, which is the only entry on the
+<TT>Normal rights</TT> section of the ACL that possibly applies to
+them.
+<HR><H2><A NAME="HDRWQ573" HREF="auagd002.htm#ToC_641">Setting ACL Entries</A></H2>
+<A NAME="IDX8063"></A>
+<A NAME="IDX8064"></A>
+<A NAME="IDX8065"></A>
+<A NAME="IDX8066"></A>
+<A NAME="IDX8067"></A>
+<A NAME="IDX8068"></A>
+<A NAME="IDX8069"></A>
+<A NAME="IDX8070"></A>
+<A NAME="IDX8071"></A>
+<A NAME="IDX8072"></A>
+<P>To add, remove, or edit ACL entries, use the <B>fs setacl</B>
+command. By default, the command manipulates entries on the normal
+permissions section of the ACL. To manipulate entries on the negative
+permissions section, include the <B>-negative</B> flag.
+<P>You must have the <B>a</B> (<B>administer</B>) permission on an ACL
+to edit it. The owner of a directory (as reported by the <B>ls
+-ld</B>) command and members of the <B>system:administrators</B>
+group always implicitly have it on every ACL. By default, members of
+the <B>system:administrators</B> group also implicitly have the
+<B>l</B> (<B>lookup</B>) permission.
+<P><B>Note for AFS/DFS Migration Toolkit users:</B> If the machine
+on which you issue the <B>fs setacl</B> command is configured to access a
+DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, you can use
+the command to set the ACL on DFS files and directories. To set a DFS
+directory's Initial Container and Initial Object ACL instead of the
+regular one, include the <B>fs setacl</B> command's <B>-id</B> or
+<B>-if</B> flag. For instructions, see the <I>IBM AFS/DFS
+Migration Toolkit Administration Guide and Reference</I>. The
+<B>fs</B> command interpreter ignores the <B>-id</B> and
+<B>-if</B> flags if you include them when setting an AFS ACL.
+<A NAME="IDX8073"></A>
+<A NAME="IDX8074"></A>
+<P><H3><A NAME="HDRWQ574" HREF="auagd002.htm#ToC_642">To add, remove, or edit normal ACL permissions</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>a</B> (<B>administer</B>) permission
+on each directory for which you are editing the ACL. If necessary,
+issue the <B>fs listacl</B> command, which is fully described in <A HREF="#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command to edit entries in the normal
+permissions section of the ACL. To remove an entry, specify the
+<B>none</B> shorthand as the permissions. If an ACL entry already
+exists, the permissions you specify completely replace those in the existing
+entry.
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is an acceptable alias for <B>setacl</B> (and <B>seta</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-dir
+</B><DD>Names one or more directories to which to apply the ACL entries defined by
+the <B>-acl</B> argument. Partial pathnames are interpreted
+relative to the current working directory.
+<P>Specify the read/write path to each directory, to avoid the failure that
+results when you attempt to change a read-only volume. By convention,
+you indicate the read/write path by placing a period before the cell name at
+the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P>You can also use the following notation on its own or as part of a
+pathname:
+<DL>
+<P><DT><B>.
+</B><DD>(A single period). If used by itself, sets the ACL on the current
+working directory.
+<P><DT><B>..
+</B><DD>(Two periods). If used by itself, sets the ACL on the current
+working directory's parent directory.
+<P><DT><B>*
+</B><DD>(The asterisk). Sets the ACL on each of the subdirectories in the
+current working directory. You must precede it with the <B>-dir</B>
+switch, since it potentially designates multiple directories. The
+<B>fs</B> command interpreter generates the following error message for
+each file in the directory:
+<PRE> fs: '<VAR>filename</VAR>': Not a directory
+</PRE>
+</DL>
+<P>If you specify only one directory or file name, you can omit the
+<B>-dir</B> and <B>-acl</B> switches.
+<P><DT><B>-acl
+</B><DD>Specifies one or more ACL entries, each of which pairs a user or group
+name and a set of permissions. Separate the pairs, and the two parts of
+each pair, with one or more spaces.
+<P>To define the permissions, provide either:
+<UL>
+<P><LI>One or more of the letters that represent the standard or auxiliary
+permissions (<B>rlidwka</B> and <B>ABCDEFGH</B>), in any order
+<P><LI>One of the four shorthand notations:
+<UL>
+<P><LI><B>all</B> (equals <B>rlidwka</B>)
+<P><LI><B>none</B> (removes the entry)
+<P><LI><B>read</B> (equals <B>rl</B>)
+<P><LI><B>write</B> (equals <B>rlidwk</B>)
+</UL>
+</UL>
+<P>For a more detailed description of the permissions and shorthand notations,
+see <A HREF="#HDRWQ567">The AFS ACL Permissions</A>.
+<P>On a single command line, you can combine user and group entries.
+You can also use individual letters in some pairs and the shorthand notations
+in other pairs, but cannot combine letters and shorthand notation within a
+single pair.
+</DL>
+</OL>
+<P>Either of the following examples grants user <B>pat</B> the
+<B>r</B> (<B>read</B>) and <B>l</B> (<B>lookup</B>)
+permissions on the ACL of the <B>notes</B> subdirectory in the
+issuer's home directory. They illustrate how it is possible to
+omit the <B>-dir</B> and <B>-acl</B> switches when you name only one
+directory.
+<PRE> % <B>fs sa ~/notes pat rl</B>
+
+ % <B>fs sa ~/notes pat read</B>
+</PRE>
+<P>The following example edits the ACL for the current working
+directory. It removes the entry for the <B>system:anyuser</B>
+group, and adds two entries: one grants all permissions except
+<B>a</B> (<B>administer</B>) to the members of the
+<B>terry:colleagues</B> group and the other grants the <B>r</B>
+(<B>read</B>) and <B>l</B> (<B>lookup</B>) permissions to the
+<B>system:authuser</B> group. The command appears on two
+lines here only for legibility.
+<PRE> % <B>fs sa -dir . -acl system:anyuser none terry:colleagues write \
+ system:authuser rl</B>
+</PRE>
+<A NAME="IDX8075"></A>
+<A NAME="IDX8076"></A>
+<A NAME="IDX8077"></A>
+<A NAME="IDX8078"></A>
+<A NAME="IDX8079"></A>
+<P><H3><A NAME="HDRWQ575" HREF="auagd002.htm#ToC_643">To add, remove, or edit negative ACL permissions</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>a</B> (<B>administer</B>) permission
+on each directory for which you are editing the ACL. If necessary,
+issue the <B>fs listacl</B> command, which is fully described in <A HREF="#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command with the <B>-negative</B> flag
+to edit entries in the negative permissions section of the ACL. To
+remove an entry, specify the <B>none</B> shorthand as the
+permissions. If an ACL entry already exists for a user or group, the
+permissions you specify completely replace those in the existing entry.
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP> <B>-negative</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is an acceptable alias for <B>setacl</B> (and <B>seta</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-dir
+</B><DD>Names one or more directories to which to apply the negative ACL entries
+defined by the <B>-acl</B> argument. Specify the read/write path to
+each directory, to avoid the failure that results when you attempt to change a
+read-only volume. For a detailed description of acceptable values, see <A HREF="#HDRWQ574">To add, remove, or edit normal ACL permissions</A>.
+<P><DT><B>-acl
+</B><DD>Specifies one or more ACL entries, each of which pairs a user or group
+name and a set of permissions. Separate the pairs, and the two parts of
+each pair, with one or more spaces. For a detailed description of
+acceptable values, see <A HREF="#HDRWQ574">To add, remove, or edit normal ACL permissions</A>. Keep in mind that the usual meaning of each
+permission is reversed.
+<P><DT><B>-negative
+</B><DD>Places the entries defined by the <B>-acl</B> argument on the negative
+permissions section of the ACL for each directory named by the <B>-dir</B>
+argument.
+</DL>
+</OL>
+<P>The following example denies user <B>pat</B> the <B>w</B>
+(<B>write</B>) and <B>d</B> (<B>delete</B>) permissions for the
+<B>project</B> subdirectory of the current working directory.
+<PRE> % <B>fs sa project pat wd -neg</B>
+</PRE>
+<HR><H2><A NAME="HDRWQ576" HREF="auagd002.htm#ToC_644">Completely Replacing an ACL</A></H2>
+<A NAME="IDX8080"></A>
+<A NAME="IDX8081"></A>
+<A NAME="IDX8082"></A>
+<A NAME="IDX8083"></A>
+<A NAME="IDX8084"></A>
+<A NAME="IDX8085"></A>
+<P>It is sometimes simplest to clear an ACL completely before defining new
+permissions on it, for instance if the mix of normal and negative permissions
+makes it difficult to understand how their interaction affects a user's
+access to the directory. To clear an ACL completely while you define
+new entries, include the <B>-clear</B> flag on the <B>fs setacl</B>
+command. When you include this flag, you can create entries on either
+the normal permissions or the negative permissions section of the ACL, but not
+on both at once.
+<P>Remember to create an entry that grants appropriate permissions to the
+directory's owner. The owner implicitly has the <B>a</B>
+(<B>administer</B>) permission required to replace a deleted entry, but
+the effects of a missing ACL entry (particularly the lack of the
+<B>lookup</B> permission) can be so confusing that it becomes difficult
+for the owner to realize that the missing entry is causing the
+problems.
+<A NAME="IDX8086"></A>
+<A NAME="IDX8087"></A>
+<P><H3><A NAME="Header_645" HREF="auagd002.htm#ToC_645">To replace an ACL completely</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>a</B> (<B>administer</B>) permission
+on each directory for which you are editing the ACL. If necessary,
+issue the <B>fs listacl</B> command, which is fully described in <A HREF="#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command with the <B>-clear</B> flag to
+clear the ACL completely before setting either normal or negative
+permissions. Because you need to grant the owner of the directory all
+permissions, it is better in most cases to set normal permissions at this
+point.
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP> <B>-clear</B> \
+ [<B>-negative</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is an acceptable alias for <B>setacl</B> (and <B>seta</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-dir
+</B><DD>Names one or more directories to which to apply the negative ACL entries
+defined by the <B>-acl</B> argument. Specify the read/write path to
+each directory, to avoid the failure that results when you attempt to change a
+read-only volume. For a detailed description of acceptable values, see <A HREF="#HDRWQ574">To add, remove, or edit normal ACL permissions</A>.
+<P><DT><B>-acl
+</B><DD>Specifies one or more ACL entries, each of which pairs a user or group
+name and a set of permissions. Separate the pairs, and the two parts of
+each pair, with one or more spaces. Remember to grant all permissions
+to the owner of the directory. For a detailed description of acceptable
+values, see <A HREF="#HDRWQ574">To add, remove, or edit normal ACL permissions</A>.
+<P><DT><B>-clear
+</B><DD>Removes all entries from each ACL before creating the entries indicated by
+the <B>-acl</B> argument.
+<P><DT><B>-negative
+</B><DD>Places the entries defined by the <B>-acl</B> argument on the negative
+permissions section of each ACL.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ577" HREF="auagd002.htm#ToC_646">Copying ACLs Between Directories</A></H2>
+<A NAME="IDX8088"></A>
+<A NAME="IDX8089"></A>
+<A NAME="IDX8090"></A>
+<P>The <B>fs copyacl</B> command copies a source directory's ACL to
+one or more destination directories. It does not affect the source ACL
+at all, but changes each destination ACL as follows:
+<UL>
+<P><LI>If an entry on the source ACL does not exist on the destination ACL, the
+command copies it to the destination ACL.
+<P><LI>If an entry on the destination ACL does not also exist on the source ACL,
+the command does not remove it unless you include the <B>-clear</B> flag
+to overwrite the destination ACL completely.
+<P><LI>If an entry is on both ACLs, the command changes the permissions on the
+destination ACL entry to match the source ACL entry.
+</UL>
+<P><B>Note for AFS/DFS Migration Toolkit users:</B> If the machine
+is configured to enable AFS users to access a DCE cell's DFS filespace
+via the AFS/DFS Migration Toolkit, then you can use the <B>fs copyacl</B>
+command to copy ACLs between DFS files and directories also. The
+command includes <B>-id</B> and <B>-if</B> flags for altering a DFS
+directory's Initial Container and Initial Object ACLs as well as its
+regular ACL; see the <I>IBM AFS/DFS Migration Toolkit Administration
+Guide and Reference</I>. You cannot copy ACLs between AFS and DFS
+directories, because they use different ACL formats. The <B>fs</B>
+command interpreter ignores the <B>-id</B> and <B>-if</B> flags if you
+include them when copying AFS ACLs.
+<A NAME="IDX8091"></A>
+<A NAME="IDX8092"></A>
+<P><H3><A NAME="Header_647" HREF="auagd002.htm#ToC_647">To copy an ACL between directories</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>l</B> (<B>lookup</B>) permission on
+the source ACL and the <B>a</B> (<B>administer</B>) permission on each
+destination ACL. To identify the source directory by naming a file in
+it, you must also have the <B>r</B> (<B>read</B>) permission on the
+source ACL. If necessary, issue the <B>fs listacl</B> command,
+which is fully described in <A HREF="#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI><A NAME="LIWQ578"></A>Issue the <B>fs copyacl</B> command to copy a source ACL to
+the ACL on one or more destination directories. (The command appears
+here on two lines only for legibility.)
+<PRE> % <B>fs copyacl -fromdir</B> <<VAR>source directory</VAR>> <B>-todir</B> <<VAR>destination directory</VAR>><SUP>+</SUP> \
+ [<B>-clear</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>co
+</B><DD>Is the shortest acceptable abbreviation for <B>copyacl</B>.
+<P><DT><B>-fromdir
+</B><DD>Names the source directory from which to copy the ACL. Partial
+pathnames are interpreted relative to the current working directory. If
+this argument names a file, the ACL is copied from its directory.
+<P><DT><B>-todir
+</B><DD>Names each destination directory to which to copy the source ACL.
+Partial pathnames are interpreted relative to the current working
+directory. Filenames are not acceptable.
+<P>Specify the read/write path to each directory, to avoid the failure that
+results when you attempt to change a read-only volume. By convention,
+you indicate the read/write path by placing a period before the cell name at
+the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P><DT><B>-clear
+</B><DD>Completely overwrites each destination directory's ACL with the
+source ACL.
+</DL>
+</OL>
+<P>The following example copies the ACL from the current working
+directory's <B>notes</B> subdirectory to the <B>plans</B>
+subdirectory. The issuer does not include the <B>-clear</B> flag,
+so the entry for user <B>pat</B> remains on the <B>plans</B>
+directory's ACL although there is no corresponding entry on the
+<B>notes</B> directory's ACL.
+<PRE> % <B>fs la notes plans</B>
+ Access list for notes is
+ Normal permissions:
+ terry rlidwka
+ smith rl
+ jones rl
+ Access list for plans is
+ Normal permissions:
+ terry rlidwk
+ pat rlidwk
+ % <B>fs copyacl notes plans</B>
+ % <B>fs la notes plans</B>
+ Access list for notes is
+ Normal permissions:
+ terry rlidwka
+ smith rl
+ jones rl
+ Access list for plans is
+ Normal permissions:
+ terry rlidwka
+ pat rlidwk
+ smith rl
+ jones rl
+</PRE>
+<A NAME="IDX8093"></A>
+<A NAME="IDX8094"></A>
+<A NAME="IDX8095"></A>
+<A NAME="IDX8096"></A>
+<A NAME="IDX8097"></A>
+<HR><H2><A NAME="HDRWQ579" HREF="auagd002.htm#ToC_648">Removing Obsolete AFS IDs from ACLs</A></H2>
+<P>When you remove a user or group entry from the Protection
+Database, the <B>fs listacl</B> command displays the user's AFS UID
+(or group's AFS GID) in ACL entries, rather than the name. In the
+following example, user <B>terry</B> has an ACL entry for the group
+<B>terry:friends</B> (AFS GID -567) on her home directory in the ABC
+Corporation cell, and then removes the group from the Protection
+Database.
+<PRE> % <B>fs listacl /afs/abc.com/usr/terry</B>
+ Access list for /afs/abc.com/usr/terry is
+ Normal permissions:
+ terry:friends rlik
+ system:anyuser l
+ terry rlidwka
+ % <B>pts delete terry:friends</B>
+ % <B>fs listacl /afs/abc.com/usr/terry</B>
+ Access list for /afs/abc.com/usr/terry is
+ Normal permissions:
+ -567 rlik
+ system:anyuser l
+ terry rlidwka
+</PRE>
+<P>Leaving AFS IDs on ACLs serves no function, because the ID no longer
+corresponds to an active user or group. Furthermore, if the ID is ever
+assigned to a new user or group, then the new possessor of the ID gains access
+that the owner of the directory actually intended for the previous
+possessor. (Reusing AFS IDs is not recommended precisely for this
+reason.)
+<P>To remove obsolete AFS UIDs from ACLs, use the <B>fs cleanacl</B>
+command.
+<A NAME="IDX8098"></A>
+<A NAME="IDX8099"></A>
+<P><H3><A NAME="Header_649" HREF="auagd002.htm#ToC_649">To clean obsolete AFS IDs from an ACL</A></H3>
+<OL TYPE=1>
+<P><LI>Verify that you have the <B>a</B> (<B>administer</B>) permission
+on each directory for which you are cleaning the ACL. If necessary,
+issue the <B>fs listacl</B> command, which is fully described in <A HREF="#HDRWQ572">Displaying ACLs</A>.
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>>]
+</PRE>
+<P><LI>Issue the <B>fs cleanacl</B> command to remove entries for obsolete
+AFS IDs.
+<PRE> % <B>fs cleanacl</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cl
+</B><DD>Is the shortest acceptable abbreviation of <B>cleanacl</B>.
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names each directory for which to clean the ACL. If this argument
+names a file, its directory's ACL is cleaned. Omit this argument
+to clean the current working directory's ACL.
+<P>Specify the read/write path to each directory, to avoid the failure that
+results when you attempt to change a read-only volume. By convention,
+you indicate the read/write path by placing a period before the cell name at
+the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see <A HREF="auagd010.htm#HDRWQ209">The Rules of Mount Point Traversal</A>.
+<P>You can also use the following notation on its own or as part of a
+pathname:
+<DL>
+<P><DT><B>.
+</B><DD>(A single period). If used by itself, cleans the current working
+directory's ACL.
+<P><DT><B>..
+</B><DD>(Two periods). If used by itself, cleans the ACL on the current
+working directory's parent directory.
+<P><DT><B>*
+</B><DD>(The asterisk). Cleans the ACL of each of the subdirectories in the
+current working directory. However, if you use the asterisk and there
+are obsolete AFS IDs on any directory's ACL, the following error message
+appears for every file in the directory:
+<PRE> fs: '<VAR>filename</VAR>': Not a directory
+</PRE>
+</DL>
+</DL>
+</OL>
+<P>If there are obsolete AFS IDs on a directory, the command interpreter
+displays its cleaned ACL under the following header.
+<PRE> Access list for <VAR>directory</VAR> is now
+</PRE>
+<P>If a directory's ACL has no obsolete AFS IDs on it, the following
+message appears for each.
+<PRE> Access list for <VAR>directory</VAR> is fine.
+</PRE>
+<HR><H2><A NAME="HDRWQ580" HREF="auagd002.htm#ToC_650">How AFS Interprets the UNIX Mode Bits</A></H2>
+<A NAME="IDX8100"></A>
+<A NAME="IDX8101"></A>
+<A NAME="IDX8102"></A>
+<P>Although AFS uses ACLs to protect file data rather than the mode bits that
+UFS uses, it does not ignore the mode bits entirely. When you issue the
+<B>chmod</B> command on an AFS file or directory, AFS changes the bits
+appropriately. To change a file's mode bits, you must have the AFS
+<B>w</B> (<B>write</B>) permission on the ACL of the file's
+directory. To change a directory's mode bits, you must have the
+<B>d</B> (<B>delete</B>), <B>i</B> (<B>insert</B>), and
+<B>l</B> (<B>lookup</B>) permissions on its ACL.
+<P>AFS also uses the UNIX mode bits as follows:
+<UL>
+<P><LI>It uses the initial bit to determine the element's type. This
+is the bit that appears first in the output from the <B>ls -l</B> command
+and shows the hyphen (<B>-</B>) for a file or the letter <B>d</B> for
+a directory.
+<P><LI>It does not use any of the mode bits on a directory.
+<P><LI>For a file, the first (owner) set of bits interacts with the ACL entries
+that apply to the file in the following way:
+<UL>
+<P><LI>If the first <B>r</B> mode bit is not set, no one (including the
+owner) can read the file, no matter what permissions they have on the
+ACL. If the bit is set, users also need the <B>r</B>
+(<B>read</B>) and <B>l</B> permissions on the ACL of the file's
+directory to read the file.
+<P><LI>If the first <B>w</B> mode bit is not set, no one (including the
+owner) can modify the file. If the <B>w</B> bit is set, users also
+need the <B>w</B> and <B>l</B> permissions on the ACL of the
+file's directory to modify the file.
+<P><LI>There is no ACL permission directly corresponding to the <B>x</B> mode
+bit, but to execute a file stored in AFS, the user must also have the
+<B>r</B> and <B>l</B> permissions on the ACL of the file's
+directory.
+</UL>
+</UL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd019.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd021.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd020.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd022.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ581" HREF="auagd002.htm#ToC_651">Managing Administrative Privilege</A></H1>
+<P>This chapter explains how to enable system administrators
+and operators to perform privileged AFS operations.
+<HR><H2><A NAME="HDRWQ582" HREF="auagd002.htm#ToC_652">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display members of <B>system:administrators</B> group
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts membership</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Add user to <B>system:administrators</B> group
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts adduser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove user from <B>system:administrators</B> group
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>pts removeuser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display <TT>ADMIN</TT> flag in Authentication Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>kas examine</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Set or remove <TT>ADMIN</TT> flag on Authentication Database entry
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>kas setfields</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Display users in <B>UserList</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos listusers</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Add user to <B>UserList</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos adduser</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Remove user from <B>UserList</B> file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>bos removeuser</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ584" HREF="auagd002.htm#ToC_653">An Overview of Administrative Privilege</A></H2>
+<A NAME="IDX8103"></A>
+<A NAME="IDX8104"></A>
+<P>A fully privileged AFS system administrator has the following
+characteristics:
+<UL>
+<P><LI>Membership in the cell's <B>system:administrators</B>
+group. See <A HREF="#HDRWQ586">Administering the system:administrators Group</A>.
+<P><LI>The <TT>ADMIN</TT> flag on his or her entry in the cell's
+Authentication Database. See <A HREF="#HDRWQ589">Granting Privilege for kas Commands: the ADMIN Flag</A>.
+<P><LI>Inclusion in the file <B>/usr/afs/etc/UserList</B> on the local disk
+of each AFS server machine in the cell. See <A HREF="#HDRWQ592">Administering the UserList File</A>.
+</UL>
+<P>This section describes the three privileges and explains why more than one
+privilege is necessary.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Never grant any administrative privilege to the user <B>anonymous</B>,
+even when a server outage makes it impossible to mutually authenticate.
+If you grant such privilege, then any user who can access a machine in your
+cell can issue privileged commands. The alternative solution is to put
+the affected server machine into no-authentication mode and use the
+<B>-noauth</B> flag available on many commands to prevent mutual
+authentication attempts. For further discussion, see <A HREF="auagd008.htm#HDRWQ123">Managing Authentication and Authorization Requirements</A>.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ585" HREF="auagd002.htm#ToC_654">The Reason for Separate Privileges</A></H3>
+<P>Often, a cell's administrators require full
+administrative privileges to perform their jobs effectively. However,
+separating the three types of privilege makes it possible to grant only the
+minimum set of privileges that a given administrator needs to complete his or
+her work.
+<P>The <B>system:administrators</B> group privilege is perhaps the
+most basic, and most frequently used during normal operation (when all the
+servers are running normally). When the Protection Database is
+unavailable due to machine or server outage, it is not possible to issue
+commands that require this type of privilege.
+<P>The <TT>ADMIN</TT> flag privilege is separate because of the extreme
+sensitivity of the information in the Authentication Database, especially the
+server encryption key in the <B>afs</B> entry. When the
+Authentication Database is unavailable due to machine or server outage, it is
+not possible to issue commands that require this type of privilege.
+<P>The ability to issue privileged <B>bos</B> and <B>vos</B> command
+is recorded in the <B>/usr/afs/etc/UserList</B> file on the local disk of
+each AFS server machine rather than in a database, so that in case of serious
+server or network problems administrators can still log onto server machines
+and use those commands while solving the problem.
+<HR><H2><A NAME="HDRWQ586" HREF="auagd002.htm#ToC_655">Administering the system:administrators Group</A></H2>
+<A NAME="IDX8105"></A>
+<A NAME="IDX8106"></A>
+<A NAME="IDX8107"></A>
+<A NAME="IDX8108"></A>
+<A NAME="IDX8109"></A>
+<A NAME="IDX8110"></A>
+<A NAME="IDX8111"></A>
+<P>The first type of AFS administrative privilege is membership .
+Members of the <B>system:administrators</B> group in the Protection
+Database have the following privileges:
+<UL>
+<P><LI>Permission to issue all <B>pts</B> commands, which are used to
+administer the Protection Database. See <A HREF="auagd019.htm#HDRWQ531">Administering the Protection Database</A>.
+<P><LI>Permission to issue the <B>fs setvol</B> and <B>fs setquota</B>
+commands, which set the space quota on volumes as described in <A HREF="auagd010.htm#HDRWQ234">Setting and Displaying Volume Quota and Current Size</A>.
+<P><LI>Implicit <B>a</B> (<B>administer</B>) and by default <B>l</B>
+(<B>lookup</B>) permissions on the access control list (ACL) on every
+directory in the cell's AFS filespace. Members of the group can
+use the <B>fs setacl</B> command to grant themselves any other permissions
+they require, as described in <A HREF="auagd020.htm#HDRWQ573">Setting ACL Entries</A>.
+<P>You can change the ACL permissions that the File Server on a given file
+server machine implicitly grants to the members of the
+<B>system:administrators</B> group for the data in volumes that it
+houses. When you issue the <B>bos create</B> command to create and
+start the <B>fs</B> process on the machine, include the
+<B>-implicit</B> argument to the <B>fileserver</B> initialization
+command. For syntax details, see the <B>fileserver</B> reference
+page in the <I>IBM AFS Administration Reference</I>. You can grant
+additional permissions, or remove the <B>l</B> permission. However,
+the File Server always implicitly grants the <B>a</B> permission to
+members of the group, even if you set the value of the <B>-implicit</B>
+argument to <B>none</B>.
+</UL>
+<A NAME="IDX8112"></A>
+<A NAME="IDX8113"></A>
+<A NAME="IDX8114"></A>
+<A NAME="IDX8115"></A>
+<P><H3><A NAME="HDRWQ587" HREF="auagd002.htm#ToC_656">To display the members of the system:administrators group</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>pts membership</B> command to display the
+<B>system:administrators</B> group's list of members.
+Any user can issue this command as long as the first privacy flag on the
+<B>system:administrators</B> group's Protection Database entry
+is not changed from the default value of uppercase <TT>S</TT>.
+<PRE> % <B>pts membership system:administrators</B>
+</PRE>
+<P>where <B>m</B> is the shortest acceptable abbreviation of
+<B>membership</B>.
+</OL>
+<P><H3><A NAME="Header_657" HREF="auagd002.htm#ToC_657">To add users to the system:administrators group</A></H3>
+<A NAME="IDX8116"></A>
+<A NAME="IDX8117"></A>
+<A NAME="IDX8118"></A>
+<A NAME="IDX8119"></A>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts adduser</B> group to add one or more users.
+<PRE> % <B>pts adduser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group system:administrators</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ad
+</B><DD>Is the shortest acceptable abbreviation of <B>adduser</B>.
+<P><DT><B>-user
+</B><DD>Names each user to add to the <B>system:administrators</B>
+group.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ588" HREF="auagd002.htm#ToC_658">To remove users from the system:administrators group</A></H3>
+<A NAME="IDX8120"></A>
+<A NAME="IDX8121"></A>
+<A NAME="IDX8122"></A>
+<A NAME="IDX8123"></A>
+<OL TYPE=1>
+<P><LI>Verify that you belong to the <B>system:administrators</B>
+group. If necessary, issue the <B>pts membership</B> command, which
+is fully described in <A HREF="#HDRWQ587">To display the members of the system:administrators group</A>.
+<PRE> % <B>pts membership system:administrators</B>
+
+</PRE>
+<P><LI>Issue the <B>pts removeuser</B> command to remove one or more
+users.
+<PRE> % <B>pts removeuser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group system:administrators</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><B>rem</B>
+</B><DD>Is the shortest acceptable abbreviation of <B>removeuser</B>.
+<P><DT><B>-user
+</B><DD>Names each user to remove from the <B>system:administrators</B>
+group.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ589" HREF="auagd002.htm#ToC_659">Granting Privilege for kas Commands: the ADMIN Flag</A></H2>
+<A NAME="IDX8124"></A>
+<P>Administrators who have the <TT>ADMIN</TT> flag on their Authentication
+Database entry can issue all <B>kas</B> commands, which enable them to
+administer the Authentication Database.
+<A NAME="IDX8125"></A>
+<A NAME="IDX8126"></A>
+<A NAME="IDX8127"></A>
+<P><H3><A NAME="HDRWQ590" HREF="auagd002.htm#ToC_660">To check if the ADMIN flag is set</A></H3>
+<A NAME="IDX8128"></A>
+<A NAME="IDX8129"></A>
+<A NAME="IDX8130"></A>
+<A NAME="IDX8131"></A>
+<OL TYPE=1>
+<P><LI><A NAME="LIWQ591"></A>Issue the <B>kas examine</B> command to display an entry
+from the Authentication Database.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UFS) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin_username</B> argument (here
+abbreviated to <B>-admin</B>) to name a user identity that has the
+<TT>ADMIN</TT> flag on its Authentication Database entry.
+<PRE> % <B>kas examine</B> <<VAR>name of user</VAR>> \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>e
+</B><DD>Is the shortest acceptable abbreviation of <B>examine</B>.
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the entry to display.
+<P><DT><B>-admin
+</B><DD>Names an administrative account with the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as the <B>admin</B> account.
+The password prompt echoes it as <VAR>admin_user</VAR>. Enter the
+appropriate password as <VAR>admin_password</VAR>.
+</DL>
+</OL>
+<P>If the <TT>ADMIN</TT> flag is turned on, it appears on the first line, as
+in this example:
+<PRE> % <B>kas e terry -admin admin</B>
+ Administrator's (admin) password: <VAR>admin_password</VAR>
+ User data for terry (ADMIN)
+ key version is 0, <VAR>etc...</VAR>
+</PRE>
+<A NAME="IDX8132"></A>
+<A NAME="IDX8133"></A>
+<A NAME="IDX8134"></A>
+<A NAME="IDX8135"></A>
+<A NAME="IDX8136"></A>
+<A NAME="IDX8137"></A>
+<P><H3><A NAME="Header_661" HREF="auagd002.htm#ToC_661">To set or remove the ADMIN flag</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>kas setfields</B> command to turn on the <TT>ADMIN</TT>
+flag in an Authentication Database entry.
+<P>The Authentication Server performs its own authentication rather than
+accepting your existing AFS token. By default, it authenticates your
+local (UNIX) identity, which possibly does not correspond to an AFS-privileged
+administrator. Include the <B>-admin</B> argument to name an
+identity that has the <TT>ADMIN</TT> flag on its Authentication Database
+entry. To verify that an entry has the flag, issue the <B>kas
+examine</B> command as described in <A HREF="#HDRWQ590">To check if the ADMIN flag is set</A>.
+<P>The following command appears on two lines only for legibility.
+<PRE> % <B>kas setfields</B> <<VAR>name of user</VAR>> {<B>ADMIN</B> | <B>NOADMIN</B>} \
+ <B>-admin</B> <<VAR>admin principal to use for authentication</VAR>>
+ Administrator's (<VAR>admin_user</VAR>) password: <VAR>admin_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sf
+</B><DD>Is an alias for <B>setfields</B> (and <B>setf</B> is the shortest
+acceptable abbreviation).
+<P><DT><B><VAR>name of user</VAR>
+</B><DD>Names the entry for which to set or remove the <TT>ADMIN</TT>
+flag.
+<P><DT><B>ADMIN | NOADMIN
+</B><DD>Sets or removes the <TT>ADMIN</TT> flag, respectively.
+<P><DT><B>-admin
+</B><DD>Names an administrative account with the <TT>ADMIN</TT> flag on its
+Authentication Database entry, such as the <B>admin</B> account.
+The password prompt echoes it as <VAR>admin_user</VAR>. Enter the
+appropriate password as <VAR>admin_password</VAR>.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ592" HREF="auagd002.htm#ToC_662">Administering the UserList File</A></H2>
+<A NAME="IDX8138"></A>
+<P>Inclusion in the file <B>/usr/afs/etc/UserList</B> on the local disk of
+each AFS server machine enables an administrator to issue commands from the
+indicated suites.
+<UL>
+<P><LI>The <B>bos</B> commands enable the administrator to manage server
+processes and the server configuration files that define the cell's
+database server machines, server encryption keys, and privileged users.
+See <A HREF="auagd008.htm#HDRWQ80">Administering Server Machines</A> and <A HREF="auagd009.htm#HDRWQ142">Monitoring and Controlling Server Processes</A>.
+<P><LI>The <B>vos</B> commands enable the administrator to manage volumes and
+the Volume Location Database (VLDB). See <A HREF="auagd010.htm#HDRWQ174">Managing Volumes</A>.
+<P><LI>The <B>backup</B> commands enable the administrator to use the AFS
+Backup System to copy data to permanent storage. See <A HREF="auagd011.htm#HDRWQ248">Configuring the AFS Backup System</A> and <A HREF="auagd012.htm#HDRWQ283">Backing Up and Restoring AFS Data</A>.
+</UL>
+<A NAME="IDX8139"></A>
+<A NAME="IDX8140"></A>
+<A NAME="IDX8141"></A>
+<A NAME="IDX8142"></A>
+<A NAME="IDX8143"></A>
+<A NAME="IDX8144"></A>
+<A NAME="IDX8145"></A>
+<A NAME="IDX8146"></A>
+<A NAME="IDX8147"></A>
+<A NAME="IDX8148"></A>
+<P>Although each AFS server machine maintains a separate copy of the file on
+its local disk, it is conventional to keep all copies the same. It can
+be confusing for an administrator to have the privilege on some machines but
+not others.
+<A NAME="IDX8149"></A>
+<P>If your cell runs the United States edition of AFS and uses the Update
+Server to distribute the contents of the system control machine's
+<B>/usr/afs/etc</B> directory, then edit only the copy of the
+<B>UserList</B> file stored on the system control machine. If you
+have forgotten which machine is the system control machine, see <A HREF="auagd008.htm#HDRWQ90">The Four Roles for File Server Machines</A>.
+<P>If your cell runs the international edition of AFS, or does not use a
+system control machine, then you must edit the <B>UserList</B> file on
+each server machine individually.
+<P>To avoid making formatting errors that can result in performance problems,
+never edit the <B>UserList</B> file directly. Instead, use the
+<B>bos adduser</B> or <B>bos removeuser</B> commands as described in
+this section.
+<A NAME="IDX8150"></A>
+<A NAME="IDX8151"></A>
+<A NAME="IDX8152"></A>
+<A NAME="IDX8153"></A>
+<P><H3><A NAME="HDRWQ593" HREF="auagd002.htm#ToC_663">To display the users in the UserList file</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos listusers</B> command to display the contents of the
+<B>/usr/afs/etc/UserList</B> file.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>listu
+</B><DD>Is the shortest acceptable abbreviation of <B>listusers</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names an AFS server machine. In the normal case, any machine is
+acceptable because the file is the same on all of them.
+</DL>
+</OL>
+<P><H3><A NAME="HDRWQ594" HREF="auagd002.htm#ToC_664">To add users to the UserList file</A></H3>
+<A NAME="IDX8154"></A>
+<A NAME="IDX8155"></A>
+<A NAME="IDX8156"></A>
+<A NAME="IDX8157"></A>
+<OL TYPE=1>
+<P><LI>Verify you are listed in the <B>/usr/afs/etc/UserList</B> file.
+If not, you must have a qualified administrator add you before you can add
+entries to it yourself. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos adduser</B> command to add one or more users to the
+<B>UserList</B> file.
+<PRE> % <B>bos adduser</B> <<VAR>machine name</VAR>> <<VAR>user names</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>addu
+</B><DD>Is the shortest acceptable abbreviation of <B>adduser</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the system control machine if you use the Update Server to
+distribute the contents of the <B>/usr/afs/etc</B> directory (possible
+only in cells running the United States edition of AFS). By default, it
+can take up to five minutes for the Update Server to distribute the changes,
+so newly added users must wait that long before attempting to issue privileged
+commands.
+<P>If you are running the international edition of AFS, or do not use the
+Update Server, repeat the command, substituting the name of each AFS server
+machine for <VAR>machine name</VAR> in turn.
+<P><DT><B><VAR>user names</VAR>
+</B><DD>Specifies the username of each administrator to add to the
+<B>UserList</B> file.
+</DL>
+</OL>
+<P><H3><A NAME="Header_665" HREF="auagd002.htm#ToC_665">To remove users from the UserList file</A></H3>
+<A NAME="IDX8158"></A>
+<A NAME="IDX8159"></A>
+<A NAME="IDX8160"></A>
+<A NAME="IDX8161"></A>
+<OL TYPE=1>
+<P><LI>Verify you are listed in the <B>/usr/afs/etc/UserList</B> file.
+If not, you must have a qualified administrator add you before you can remove
+entries from it yourself. If necessary, issue the <B>bos
+listusers</B> command, which is fully described in <A HREF="#HDRWQ593">To display the users in the UserList file</A>.
+<PRE> % <B>bos listusers</B> <<VAR>machine name</VAR>>
+</PRE>
+<P><LI>Issue the <B>bos removeuser</B> command to remove one or more users
+from the <B>UserList</B> file.
+<PRE> % <B>bos removeuser</B> <<VAR>machine name</VAR>> <<VAR>user names</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>removeu
+</B><DD>Is the shortest acceptable abbreviation of <B>removeuser</B>.
+<P><DT><B><VAR>machine name</VAR>
+</B><DD>Names the system control machine if you use the Update Server to
+distribute the contents of the <B>/usr/afs/etc</B> directory (possible
+only in cells running the United States edition of AFS). By default, it
+can take up to five minutes for the Update Server to distribute the change, so
+newly removed users can continue to issue privileged commands during that
+time.
+<P>If you are running the international edition of AFS, or do not use the
+Update Server, repeat the command, substituting the name of each AFS server
+machine for <VAR>machine name</VAR> in turn.
+<P><DT><B><VAR>user names</VAR>
+</B><DD>Specifies the username of each administrator to add to the
+<B>UserList</B> file.
+</DL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd020.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd022.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd021.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd023.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRWQ595" HREF="auagd002.htm#ToC_666">Appendix A. Managing the NFS/AFS Translator</A></H1>
+<A NAME="IDX8162"></A>
+<A NAME="IDX8163"></A>
+<P>The NFS<SUP><SUP>(R)</SUP></SUP>/AFS<SUP><SUP>(R)</SUP></SUP> Translator enables users
+working on NFS client machines to access, create and remove files stored in
+AFS. This chapter assumes familiarity with both NFS and AFS.
+<HR><H2><A NAME="HDRWQ596" HREF="auagd002.htm#ToC_667">Summary of Instructions</A></H2>
+<P>This chapter explains how to perform the following tasks by
+using the indicated commands:
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Mount directory on translator machine
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>mount</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Examine value of <B>@sys</B> variable
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fs sysname</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Enable/disable reexport of AFS, set other parameters
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>fs exportafs</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%">Assign AFS tokens to user on NFS client machine
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><B>knfs</B>
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ598" HREF="auagd002.htm#ToC_668">Overview</A></H2>
+<P>The NFS/AFS Translator enables users on NFS client machines
+to access the AFS filespace as if they are working on an AFS client machine,
+which facilitates collaboration with other AFS users.
+<P>An <I>NFS/AFS translator machine</I> (or simply <I>translator
+machine</I>) is a machine configured as both an AFS client and an NFS
+server:
+<UL>
+<P><LI>Its AFS client functionality enables it to access the AFS
+filespace. The Cache Manager requests and caches files from AFS file
+server machines, and can even maintain tokens for NFS users, if you have made
+the configuration changes that enable NFS users to authenticate with
+AFS.
+<P><LI>Its NFS server functionality makes it possible for the translator machine
+to export the AFS filespace to NFS client machines. When a user on an
+NFS client machine mounts the translator machine's <B>/afs</B>
+directory (or one of its subdirectories, if that feature is enabled), access
+to AFS is immediate and transparent. The NFS client machine does not
+need to run any AFS software.
+</UL>
+<P><H3><A NAME="HDRWQ599" HREF="auagd002.htm#ToC_669">Enabling Unauthenticated or Authenticated AFS Access</A></H3>
+<P>By configuring the translation environment appropriately,
+you can provide either unauthenticated or authenticated access to AFS from NFS
+client machines. The sections of this chapter on configuring translator
+machines, NFS client machines, and AFS user accounts explain how to configure
+the translation environment appropriately.
+<UL>
+<P><LI>If you configure the environment for unauthenticated access, the AFS File
+Server considers the NFS users to be the user <B>anonymous</B>.
+They can access only those AFS files and directories for which the access
+control list (ACL) extends the required permissions to the
+<B>system:anyuser</B> group. They can issue only those AFS
+commands that do not require privilege, and then only if their NFS client
+machine is a system type for which AFS binaries are available and accessible
+by the <B>system:anyuser</B> group. Such users presumably do
+not have AFS accounts.
+<P><LI>If you configure the environment for authenticated access, you must create
+entries in the AFS Authentication and Protection Databases for the NFS
+users. The authentication procedure they use depends on whether the NFS
+client machine is a supported system type (one for which AFS binaries are
+available):
+<UL>
+<P><LI>If AFS binaries are available for the NFS client machine, NFS users can
+issue the <B>klog</B> command on the NFS client machine. They can
+access the filespace and issue AFS commands to the same extent as
+authenticated users working on AFS client machines.
+<P><LI>If AFS binaries are not available for the NFS client machine, NFS users
+must establish a connection with the translator machine (using the
+<B>telnet</B> utility, for example) and then issue the <B>klog</B> and
+<B>knfs</B> commands on the translator machine to make its Cache Manager
+use the tokens correctly while users work on the NFS client. They can
+access the AFS filespace as authenticated users, but cannot issue AFS
+commands. For instructions, see <A HREF="#HDRWQ612">Authenticating on Unsupported NFS Client Machines</A>.
+</UL>
+</UL>
+<P><H3><A NAME="HDRWQ600" HREF="auagd002.htm#ToC_670">Setting the AFSSERVER and AFSCONF Environment Variables</A></H3>
+<P>If you wish to enable your NFS users to issue AFS commands,
+you must define the AFSSERVER and AFSCONF environment variables in their
+command shell. This section explains the variables' function and
+outlines the various methods for setting them.
+<P>Issuing AFS commands also requires that the NFS client machine is a
+supported system type (one for which AFS binaries are available and
+accessible). Users working on NFS client machines of unsupported system
+types can access AFS as authenticated users, but they cannot issue AFS
+commands. It is not necessary to define the AFSSERVER and AFSCONF
+variables for such users. For instructions on using the <B>knfs</B>
+command to obtain authenticated access on unsupported system types, see <A HREF="#HDRWQ612">Authenticating on Unsupported NFS Client Machines</A>.
+<A NAME="IDX8164"></A>
+<P><H4><A NAME="HDRWQ601">The AFSSERVER Variable</A></H4>
+<P>The AFSSERVER variable designates the AFS client machine
+that performs two functions for NFS clients:
+<UL>
+<P><LI>It acts as the NFS client's <I>remote executor</I> by executing
+AFS-specific system calls on its behalf, such as those invoked by the
+<B>klog</B> and <B>tokens</B> commands and by many commands in the AFS
+suites.
+<P><LI>Its stores the tokens that NFS users obtain when they authenticate with
+AFS. This implies that the remote executor machine and the translator
+machine must be the same if the user needs authenticated access to AFS.
+</UL>
+<P>The choice of remote executor most directly affects commands that display
+or change Cache Manager configuration, such as the <B>fs
+getcacheparms</B>, <B>fs getcellstatus</B>, and <B>fs setcell</B>
+commands. When issued on an NFS client, these commands affect the Cache
+Manager on the designated remote executor machine. (Note, however, that
+several such commands require the issuer to be logged into the remote
+executor's local file system as the local superuser
+<B>root</B>. The ability of NFS client users to log in as
+<B>root</B> is controlled by NFS, not by the NFS/AFS Translator, so
+setting the remote executor properly does not necessarily enable users on the
+NFS client to issue such commands.)
+<P>The choice of remote executor is also relevant for AFS commands that do not
+concern Cache Manager configuration but rather have the same result on every
+machine, such as the <B>fs</B> commands that display or set ACLs and
+volume quota. These commands take an AFS path as one of their
+arguments. If the Cache Manager on the remote executor machine mounts
+the AFS filespace at the <B>/afs</B> directory, as is conventional for AFS
+clients, then the pathname specified on the NFS client must begin with the
+string <B>/afs</B> for the Cache Manager to understand it. This
+implies that the remote executor must be the NFS client's primary
+translator machine (the one whose <B>/afs</B> directory is mounted at
+<B>/afs</B> on the NFS client).
+<A NAME="IDX8165"></A>
+<A NAME="IDX8166"></A>
+<P><H4><A NAME="Header_672">The AFSCONF Variable</A></H4>
+<P>The AFSCONF environment variable names the directory that houses the
+<B>ThisCell</B> and <B>CellServDB</B> files to use when running AFS
+commands issued on the NFS client machine. As on an AFS client, these
+files determine the default cell for command execution.
+<P>For predictable performance, it is best that the files in the directory
+named by the AFSCONF variable match those in the <B>/usr/vice/etc</B>
+directory on the translator machine. If your cell has an AFS directory
+that serves as the central update source for files in the
+<B>/usr/vice/etc</B> directory, it is simplest to set the AFSCONF variable
+to refer to it. In the conventional configuration, this directory is
+called <B>/afs/</B><VAR>cellname</VAR><B>/common/etc</B>.
+<P><H4><A NAME="Header_673">Setting Values for the Variables</A></H4>
+<P>To learn the values of the AFSSERVER and AFSCONF variables, AFS command
+interpreters consult the following three sources in sequence:
+<OL TYPE=1>
+<P><LI>The current command shell's environment variable definitions
+<P><LI>The <B>.AFSSERVER</B> or <B>.AFSCONF</B> file in the
+issuer's home directory
+<P><LI>The <B>/.AFSSERVER</B> or <B>/.AFSCONF</B> file in
+the NFS client machine's root (<I>/</I>) directory. If the
+client machine is diskless, its root directory can reside on an NFS server
+machine.
+</OL>
+<P>(Actually, before consulting these sources, the NFS client looks for the
+<B>CellServDB</B> and <B>ThisCell</B> files in its own
+<B>/usr/vice/etc</B> directory. If the directory exists, the NFS
+client does not use the value of the AFSCONF variable. However, the
+<B>/usr/vice/etc</B> directory usually exists only on AFS clients, not NFS
+clients.)
+<P>As previously detailed, correct performance generally requires that the
+remote executor machine be the NFS client's primary translator machine
+(the one whose <B>/afs</B> directory is mounted at the <B>/afs</B>
+directory on the NFS client). The requirement holds for all users
+accessing AFS from the NFS client, so it is usually simplest to create the
+<B>.AFSSERVER</B> file in the NFS client's root
+directory. The main reason to create the file in a user's home
+directory or to set the AFSSERVER environment variable in the current command
+shell is that the user needs to switch to a different translator machine,
+perhaps because the original one has become inaccessible.
+<P>Similarly, it generally makes sense to create the
+<B>.AFSCONF</B> file in the NFS client's root
+directory. Creating it in the user's home directory or setting the
+AFSCONF environment variable in the current command shell is useful mostly
+when there is a reason to specify a different set of database server machines
+for the cell, perhaps in a testing situation.
+<P><H3><A NAME="HDRWQ602" HREF="auagd002.htm#ToC_674">Delayed Writes for Files Saved on NFS Client Machines</A></H3>
+<A NAME="IDX8167"></A>
+<A NAME="IDX8168"></A>
+<A NAME="IDX8169"></A>
+<A NAME="IDX8170"></A>
+<A NAME="IDX8171"></A>
+<A NAME="IDX8172"></A>
+<A NAME="IDX8173"></A>
+<P>When an application running on an AFS client machine issues the
+<B>close</B> or <B>fsync</B> system call on a file, the Cache Manager
+by default performs a synchronous write of the data to the File Server.
+(For further discussion, see <A HREF="auagd007.htm#HDRWQ33">AFS Implements Save on Close</A> and <A HREF="auagd015.htm#HDRWQ418">Enabling Asynchronous Writes</A>.)
+<P>To avoid degrading performance for the AFS users working on a translator
+machine, AFS does not perform synchronous writes for applications running on
+the translator machine's NFS clients. Instead, one of the Cache
+Manager daemons (the <I>maintenance daemon</I>) checks every 60 seconds
+for chunks in the cache that contain data saved on NFS clients, and writes
+their contents to the File Server. This does not guarantee that data
+saved on NFS clients is written to the File Server within 60 seconds, but only
+that the maintenance daemon checks for and begins the write of data at that
+interval.
+<P>Furthermore, AFS always ignores the <B>fsync</B> system call as issued
+on an NFS client. The call requires an immediate and possibly
+time-consuming response from the File Server, which potentially causes delays
+for other AFS clients of the File Server. NFS version 3 automatically
+issues the <B>fsync</B> system call directly after the <B>close</B>
+call, but the Cache Manager ignores it and handles the operation just like a
+regular <B>close</B>.
+<P>The delayed write mechanism means that there is usually a delay between the
+time when an NFS application issues the <B>close</B> or <B>fsync</B>
+system call on a file and the time when the changes are recorded at the File
+Server, which is when they become visible to users working on other AFS client
+machines (either directly or on its NFS clients). The delay is likely
+to be longer than for files saved by users working directly on an AFS client
+machine.
+<P>The exact amount of delay is difficult to predict. The NFS protocol
+itself allows a standard delay before saved data must be transferred from the
+NFS client to the NFS server (the translator machine). The modified
+data remains in the translator machine's AFS client cache until the
+maintenance daemon's next scheduled check for such data, and it takes
+additional time to transfer the data to the File Server. The
+maintenance daemon uses a single thread, so there can be additional delay if
+it takes more than 60 seconds to write out all of the modified NFS
+data. That is, if the maintenance daemon is still writing data at the
+time of the next scheduled check, it cannot notice any additional modified
+data until the scheduled time after it completes the long write
+operation.
+<P>The Cache Manager's response to the <B>write</B> system call is
+the same whether it is issued on an AFS client machine or on an NFS client of
+a translator machine: it records the modifications in the local AFS
+client cache only.
+<HR><H2><A NAME="HDRWQ603" HREF="auagd002.htm#ToC_675">Configuring NFS/AFS Translator Machines</A></H2>
+<P>To act as an NFS/AFS translator machine, a machine must
+configured as follows:
+<UL>
+<P><LI>It must be an AFS client. Many system types supported as AFS
+clients can be translator machines. To learn about possible
+restrictions in a specific release of AFS, see the <I>IBM AFS Release
+Notes</I>.
+<P><LI>It must be an NFS server. The appropriate number of NFS server
+daemons (<B>nfsd</B> and others) depends on the anticipated NFS client
+load.
+<P><LI>It must export the local directory on which the AFS filespace is mounted,
+<B>/afs</B> by convention.
+</UL>
+<P>If users on a translator machine's NFS clients are to issue AFS
+commands, the translator machine must also meet the requirements discussed in <A HREF="#HDRRMTSYS">Configuring the Translator Machine to Accept AFS Commands</A>.
+<P><H3><A NAME="Header_676" HREF="auagd002.htm#ToC_676">Loading NFS and AFS Kernel Extensions</A></H3>
+<P>The AFS distribution for system types that can act as NFS/AFS
+Translator machines usually includes two versions of the AFS kernel extensions
+file, one for machines where the kernel supports NFS server functionality, and
+one for machines not using NFS (the latter AFS kernel extensions file
+generally has the string <B>nonfs</B> in its name). A translator
+machine must use the NFS-enabled version of the AFS extensions file. On
+some system types, you select the appropriate file by moving it to a certain
+location, whereas on other system types you set a variable that results in
+automatic selection of the correct file. See the instructions in the
+<I>IBM AFS Quick Beginnings</I> for incorporating AFS into the kernel on
+each system type.
+<P>On many system types, NFS is included in the kernel by default, so it is
+not necessary to load NFS kernel extensions explicitly. On system types
+where you must load NFS extensions, then in general you must load them before
+loading the AFS kernel extensions. The <I>IBM AFS Quick
+Beginnings</I> describes how to incorporate the AFS initialization script
+into a machine's startup sequence so that it is ordered correctly with
+respect to the script that handles NFS.
+<P>In addition, the AFS extensions must be loaded into the kernel before the
+<B>afsd</B> command runs. The AFS initialization script included in
+the AFS distribution correctly orders the loading and <B>afsd</B>
+commands.
+<P><H3><A NAME="HDRRMTSYS" HREF="auagd002.htm#ToC_677">Configuring the Translator Machine to Accept AFS Commands</A></H3>
+<P>For users working on a translator machine's NFS
+clients to issue AFS commands, the <B>-rmtsys</B> flag must be included on
+the <B>afsd</B> command which initializes the translator machine's
+Cache Manager. The flag starts an additional daemon (the <I>remote
+executor daemon</I>), which executes AFS-specific system calls on behalf of
+NFS clients. For a discussion of the implications of NFS users issuing
+AFS commands, see <A HREF="#HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</A>.
+<P>The instructions in the <I>IBM AFS Quick Beginnings</I> for configuring
+the Cache Manager explain how to add options such as the <B>-rmtsys</B>
+flag to the <B>afsd</B> command in the AFS initialization script.
+On many system types, it is simplest to list the flag on the line in the
+script that defines the OPTIONS variable. The remote executor daemon
+does not consume many resources, so it is simplest to add it to the
+<B>afsd</B> command on every translator machine, even if not all users on
+the machine's NFS clients issue AFS commands.
+<P><H3><A NAME="HDRWQ604" HREF="auagd002.htm#ToC_678">Controlling Optional Translator Features</A></H3>
+<P>After an AFS client machine is configured as a translator
+machine, it by default exports the AFS filespace to NFS clients. You
+can disable and reenable translator functionality by using the <B>fs
+exportafs</B> command's <B>-start</B> argument. The
+command's other arguments control other aspects of translator
+behavior.
+<UL>
+<P><LI>The <B>-convert</B> argument controls whether the second and third
+(<B>group</B> and <B>other</B>) sets of UNIX mode bits on an AFS file
+or directory being exported to NFS are set to match the first
+(<B>owner</B>) mode bits. By default, the mode bits are set to
+match.
+<P>Unlike AFS, NFS uses all three sets of mode bits when determining whether a
+user can read or write a file, even one stored in AFS. Some AFS files
+possibly do not have any <B>group</B> and <B>other</B> mode bits
+turned on, because AFS uses only the <B>owner</B> bits in combination with
+the ACL on the file's directory. If only the <B>owner</B> mode
+bits are set, NFS allows only the file's owner of the file to read or
+write it. Setting the <B>-convert</B> argument to the value
+<B>on</B> enables other users to access the file in the same manner as the
+owner. Setting the value <B>off</B> preserves the mode bits set on
+the file as stored in AFS.
+<P><LI>The <B>-uidcheck</B> argument controls whether tokens can be assigned
+to an NFS user whose local UID on the NFS client machine differs from the
+local UID associated with the tokens on the translator machine. By
+default, this is possible.
+<P>If you turn on UID checking by setting the value <B>on</B>, then tokens
+can be assigned only to an NFS user whose local UID matches the local UID of
+the process on the translator machine that is assigning the tokens. One
+consequence is that there is no point in including the <B>-id</B> argument
+to the <B>knfs</B> command: the only acceptable value is the local
+UID of the command's issuer, which is the value used when the
+<B>-id</B> argument is omitted. Requiring matching UIDs in this way
+is effective only when users have the same local UID on the translator machine
+as on NFS client machines. In that case, it guarantees that users
+assign their tokens only to their own NFS sessions. For instructions,
+see <A HREF="#HDRWQ612">Authenticating on Unsupported NFS Client Machines</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Turning on UID checking also prevents users on supported NFS clients from
+using the <B>klog</B> command to authenticate on the NFS client
+directly. They must authenticated and use the <B>knfs</B> command
+on the translator machine instead. This is because after the
+<B>klog</B> command interpreter obtains the token on the NFS client, it
+passes it to the Cache Manager's remote executor daemon, which makes the
+system call that stores the token in a credential structure on the translator
+machine. The remote executor generally runs as the local superuser
+<B>root</B>, so in most cases its local UID (normally zero) does not match
+the local UID of the user who issued the <B>klog</B> command on the NFS
+client machine.
+<P>On the other hand, although using the <B>knfs</B> command instead of
+the <B>klog</B> command is possibly less convenient for users, it
+eliminates a security exposure: the <B>klog</B> command interpreter
+passes the token across the network to the remote executor daemon in clear
+text mode.
+</TD></TR></TABLE>
+<P>If you disable UID checking by assigning the value <B>off</B> , the
+issuer of the <B>knfs</B> command can assign tokens to a user who has a
+different local UID on the NFS client machine, such as the local superuser
+<B>root</B>. Indeed, more than one issuer of the <B>knfs</B>
+command can assign tokens to the same user on the NFS client machine.
+Each time a different user issues the <B>knfs</B> command with the same
+value for the <B>-id</B> argument, that user's tokens overwrite the
+existing ones. This can result in unpredictable access for the NFS
+user.
+<P><LI>The <B>-submounts</B> argument controls whether users on the NFS
+client can mount AFS directories other than the top-level <B>/afs</B>
+directory. By default, the translator does not permit these
+submounts.
+<P>Submounts can be useful in a couple of circumstances. If, for
+example, NFS users need to access their own AFS home directories only, then
+creating a submount to it eliminates the need for them to know or enter the
+complete path. Similarly, you can use a submount to prevent users from
+accessing parts of the filespace higher in the AFS hierarchy than the
+submount.
+</UL>
+<P><H3><A NAME="Header_679" HREF="auagd002.htm#ToC_679">To configure an NFS/AFS translator machine</A></H3>
+<P>The following instructions configure the translator to enable users to
+issue AFS commands. Omit Step <A HREF="#LIWQ605">6</A> if you do not want to enable this functionality.
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Configure the NFS/AFS translator machine as an NFS server, if it is not
+already. Follow the instructions provided by your NFS supplier.
+The appropriate number of NFS server daemons (such as <B>nfsd</B>) depends
+on the number of potential NFS clients.
+<P><LI>Configure the NFS/AFS translator machine as an AFS client, if it is not
+already. For the most predictable performance, the translator
+machine's local copies of the <B>/usr/vice/etc/CellServDB</B> and
+<B>/usr/vice/etc/ThisCell</B> files must be the same as on other client
+machines in the cell.
+<P><LI><A NAME="LITRANS-MOUNTFILE"></A>Modify the file that controls mounting of directories
+on the machine by remote NFS clients.
+<UL>
+<A NAME="IDX8174"></A>
+<A NAME="IDX8175"></A>
+<P><LI>On systems that use the <B>/etc/exports</B> file, edit it to enable
+export of the <B>/afs</B> directory to NFS clients. You can list
+the names of specific NFS client machines if you want to provide access only
+to certain users. For a description of the file's format, see the
+NFS manual page for <B>exports(5)</B>.
+<P>The following example enables any NFS client machine to mount the
+machine's <B>/afs</B>, <B>/usr</B>, and <B>/usr2</B>
+directories:
+<PRE> /afs
+ /usr
+ /usr2
+</PRE>
+<A NAME="IDX8176"></A>
+<A NAME="IDX8177"></A>
+<P><LI>On system types that use the <B>share</B> command, edit the
+<B>/etc/dfs/dfstab</B> file or equivalent to include <B>share</B>
+instructions that enable remote mounts of the <B>/afs</B>
+directory. Most distributions include the binary as
+<B>/usr/sbin/share</B>. The following example commands enable
+remote mounts of the root ( <B>/</B> ) and <B>/afs</B>
+directories. To verify the correct syntax, consult the manual page for
+the <B>share</B> command.
+<PRE> share -F nfs -o rw -d "root" /
+ share -F nfs -o rw -d "afs gateway" /afs
+</PRE>
+</UL>
+<P><LI>Edit the machine's AFS initialization file to invoke the standard
+UNIX <B>exportfs</B> command after the <B>afsd</B> program
+runs. On some system types, the modifications you made in Step <A HREF="#LITRANS-MOUNTFILE">4</A> are not enough to enable exporting the AFS filespace
+via the <B>/afs</B> directory, because the resulting configuration changes
+are made before the <B>afsd</B> program runs during machine
+initialization. Only after the <B>afsd</B> program runs does the
+<B>/afs</B> directory become the mount point for the entire AFS
+filespace; before, it is a local directory like any other.
+<P><LI><A NAME="LIWQ605"></A>Modify the <B>afsd</B> command in the AFS initialization
+file to include the <B>-rmtsys</B> flag.
+<P>For system types other than IRIX, the instructions in the <I>IBM AFS
+Quick Beginnings</I> for configuring the Cache Manager explain how to add
+the <B>-rmtsys</B> flag, for example by adding it to the line in the
+script that defines the value for the OPTIONS variable.
+<P>On IRIX systems, the AFS initialization script automatically adds the
+<B>-rmtsys</B> flag if you have activated the <B>afsxnfs</B>
+configuration variable as instructed in the <I>IBM AFS Quick
+Beginnings</I> instructions for incorporating AFS extensions into the
+kernel. If the variable is not already activated, issue the following
+command.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+</PRE>
+<P><LI><B>(Optional)</B> Depending on the number of NFS clients you expect
+this machine to serve, it can be beneficial to add other arguments to the
+<B>afsd</B> command in the machine's initialization file, such as the
+<B>-daemons</B> argument to set the number of background daemons.
+See <A HREF="auagd015.htm#HDRWQ387">Administering Client Machines and the Cache Manager</A> and the <B>afsd</B> reference page in the <I>IBM AFS
+Administration Reference</I>.
+<P><LI>Reboot the machine. On many system types, the appropriate command
+is <B>shutdown</B>; consult your operating system
+administrator's guide.
+<PRE> # <B>shutdown</B> <VAR>appropriate_options</VAR>
+</PRE>
+</OL>
+<A NAME="IDX8178"></A>
+<A NAME="IDX8179"></A>
+<P><H3><A NAME="Header_680" HREF="auagd002.htm#ToC_680">To disable or enable Translator functionality, or set optional features</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Issue the <B>fs exportafs</B> command.
+<PRE> # <B>fs exportafs nfs</B> [<B>-start</B> {<B>on</B> | <B>off</B>}} ] [<B>-convert</B> {<B>on</B> | <B>off</B>}]
+ [<B>-uidcheck</B> {<B>on</B> | <B>off</B>}] [<B>-submounts</B> {<B>on</B> | <B>off</B>}]
+</PRE>
+<DL>
+<P><DT><B>-start
+</B><DD>Disables translator functionality if the value is <B>off</B> or
+reenables it if the value is <B>on</B>. Omit this argument to
+display the current setting of all parameters set by this command.
+<P><DT><B>-convert
+</B><DD>Controls the setting of the second and third (<B>group</B> and
+<B>other</B>) sets of UNIX mode bits on AFS files and directories as
+exported to NFS clients If the value is <B>on</B>, they are set to match
+the <B>owner</B> mode bits. If the value is <B>off</B>, the
+bits are not changed. If this argument is omitted, the default value is
+<B>on</B>.
+<P><DT><B>-uidcheck
+</B><DD>Controls whether issuers of the <B>knfs</B> command can specify a
+value for its <B>-id</B> argument that does not match their AFS UID:
+<UL>
+<P><LI>If the value is <B>on</B>, the value of the <B>-id</B> argument
+must match the issuer's local UID.
+<P><LI>If the value is <B>off</B>, the issuer of the <B>knfs</B> command
+can use the <B>-id</B> argument to assign tokens to a user who has a
+different local UID on the NFS client machine, such as the local superuser
+<B>root</B>.
+</UL>
+<P>If this argument is omitted, the default value is <B>off</B>.
+<P><DT><B>-submounts
+</B><DD>Controls whether the translator services an NFS mount of any directory in
+the AFS filespace other than the top-level <B>/afs</B> directory.
+If the value is <B>on</B>, such submounts are allowed. If the value
+is off, only mounts of the <B>/afs</B> directory are allowed. If
+this argument is omitted, the default value is <B>off</B>.
+</DL>
+</OL>
+<HR><H2><A NAME="HDRWQ606" HREF="auagd002.htm#ToC_681">Configuring NFS Client Machines</A></H2>
+<P>Any NFS client machine that meets the following requirements
+can access files in AFS via the NFS/AFS Translator. It does not need to
+be configured as an AFS client machine.
+<UL>
+<P><LI>It must NFS-mount a translator machine's <B>/afs</B> directory on
+a local directory, which by convention is also called <B>/afs</B>.
+The following instructions explain how to add the <B>mount</B> command to
+the NFS client machine's <B>/etc/fstab</B> file or equivalent.
+<P>
+<P>The directory on which an NFS client mounts the translator's
+machine's <B>/afs</B> directory can be called something other than
+<B>/afs</B>. For instance, to make it easy to switch to another
+translator machine if the original one becomes inaccessible, you can mount
+more than one translator machine's <B>/afs</B> directory. Name
+the mount <B>/afs</B> for the translator machine that you normally use,
+and use a different name the mount to each alternate translator
+machine.
+<P>Mounting the AFS filespace on a directory other than <B>/afs</B>
+introduces another requirement, however: when issuing a command that
+takes an AFS pathname argument, you must specify the full pathname, starting
+with <B>/afs</B>, rather than a relative pathname. Suppose, for
+example, that a translator machine's AFS filespace is mounted at
+<B>/afs2</B> on an NFS client machine and you issue the following command
+to display the ACL on the current working directory, which is in AFS:
+<PRE> % <B>fs listacl .</B>
+</PRE>
+<P>The <B>fs</B> command interpreter on the NFS client must construct a
+full pathname before passing the request to the Cache Manager on the
+translator machine. The AFS filespace is mounted at <B>/afs2</B>,
+so the full pathname starts with that string. However, the Cache
+Manager on the translator cannot find a directory called <B>/afs2</B>,
+because its mount of the AFS filespace is called <B>/afs</B>. The
+command fails. To prevent the failure, provide the file's complete
+pathname, starting with the string <B>/afs</B>.
+<P><LI>It must run an appropriate number of NFS client <B>biod</B> daemons,
+which improve performance by handling pre-reading and delayed writing.
+Most NFS vendors recommend running four such daemons, and most NFS
+initialization scripts start them automatically. Consult your NFS
+documentation.
+</UL>
+<P>To enable users to issue AFS commands, the NFS client machine must also be
+a supported system type (one for which AFS binaries are available) and able to
+access the AFS command binaries. The <I>IBM AFS Release Notes</I>
+list the supported system types in each release.
+<P>In addition, the AFSSERVER and AFSCONF environment variables must be set
+appropriately, as discussed in <A HREF="#HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</A>.
+<P><H3><A NAME="Header_682" HREF="auagd002.htm#ToC_682">To configure an NFS client machine to access AFS</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The following instructions enable NFS users to issue AFS commands.
+Omit Step <A HREF="#LIWQ608">5</A> and Step <A HREF="#LIWQ609">6</A> if you do not want to enable this
+functionality.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B> on the machine, if you are not
+already, by issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Configure the machine as an NFS client machine, if it is not
+already. Follow the instructions provided by your NFS vendor.
+The number of NFS client (<B>biod</B>) daemons needs to be appropriate for
+the expected load on this machine. The usual recommended number is
+four.
+<P><LI>Create a directory called <B>/afs</B> on the machine, if one does not
+already exist, to act as the mount point for the translator machine's
+<B>/afs</B> directory. It is acceptable to use other names, but
+doing so introduces the limitation discussed in the introduction to this
+section.
+<PRE> # <B>mkdir /afs</B>
+</PRE>
+<A NAME="IDX8180"></A>
+<A NAME="IDX8181"></A>
+<P><LI><A NAME="LIWQ607"></A>Modify the machine's file systems registry file
+(<B>/etc/fstab</B> or equivalent) to include a command that mounts a
+translator machine's <B>/afs</B> directory. To verify the
+correct syntax of the <B>mount</B> command, see the operating
+system's <B>mount(5)</B> manual page. The following example
+includes options that are appropriate on many system types.
+<PRE> mount -o hard,intr,timeo=300 <VAR>translator_machine</VAR>:/afs /afs
+</PRE>
+<P>where
+<DL>
+<P><DT><B><TT>hard</TT>
+</B><DD>Indicates that the NFS client retries NFS requests until the NFS server
+(translator machine) responds. When using the translator, file
+operations possibly take longer than with NFS alone, because they must also
+pass through the AFS Cache Manager. With a soft mount, a delayed
+response from the translator machine can cause the request to abort.
+Many NFS versions use hard mounts by default; if your version does not,
+it is best to add this option.
+<P><DT><B><TT>intr</TT>
+</B><DD>Enables the user to use a keyboard interrupt signal (such as
+<<B>Ctrl-c</B>>) to break the mount when the translator machine is
+inaccessible. Include this option only if the <TT>hard</TT> option is
+used, in which case the connection does not automatically break off when a
+translator machine goes down.
+<P><DT><B><TT>timeo</TT>
+</B><DD>Sets the maximum time (in tenths of seconds) the translator can take to
+respond to the NFS client's request before the client considers the
+request timed out. With a hard mount, setting this option to a high
+number like 300 reduces the number of error messages like the following, which
+are generated when the translator does not respond immediately.
+<PRE> NFS server <VAR>translator</VAR> is not responding, still trying
+</PRE>
+<P>
+<P>With a soft mount, it reduces the number of actual errors returned on
+timed-out requests.
+<P><DT><B><VAR>translator_machine</VAR>
+</B><DD>Specifies the fully-qualified hostname of the translator machine whose
+<B>/afs</B> directory is to be mounted on the client machine's
+<B>/afs</B> directory.
+</DL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To mount the translator machine's <B>/afs</B> directory onto a
+directory on the NFS client other than <B>/afs</B>, substitute the
+alternate directory name for the second instance of <TT>/afs</TT> in the
+<B>mount</B> command.
+</TD></TR></TABLE>
+<P><LI><A NAME="LIWQ608"></A><B>(Optional)</B> If appropriate, create the
+<B>/.AFSSERVER</B> file to set the AFSSERVER environment variable
+for all of the machine's users. For a discussion, see <A HREF="#HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</A>. Place a single line in the file, specifying the
+fully-qualified hostname of the translator machine that is to serve as the
+remote executor. To enable users to issue commands that handle tokens,
+it must be the machine named as <VAR>translator_machine</VAR> in Step <A HREF="#LIWQ607">4</A>.
+<P><LI><A NAME="LIWQ609"></A><B>(Optional)</B> If appropriate, create the
+<B>/.AFSCONF</B> file to set the AFSCONF environment variable for
+all of the machine's users. For a discussion, see <A HREF="#HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</A>. Place a single line in the file, specifying the name
+of the directory where the <B>CellServDB</B> and <B>ThisCell</B> files
+reside. If you use a central update source for these files (by
+convention, <B>/afs/</B><VAR>cellname</VAR><B>/common/etc</B>), name it
+here.
+</OL>
+<HR><H2><A NAME="HDRWQ610" HREF="auagd002.htm#ToC_683">Configuring User Accounts</A></H2>
+<P>There are no requirements for NFS users to access AFS as
+unauthenticated users. To take advantage of more AFS functionality,
+however, they must meet the indicated requirements.
+<UL>
+<P><LI>To access AFS as authenticated users, they must of course authenticate
+with AFS, which requires an entry in the Protection and Authentication
+Databases.
+<P><LI>To create and store files, they need the required ACL permissions.
+If you are providing a home directory for storage of personal files, it is
+conventional to create a dedicated volume and mount it at the user's home
+directory location in the AFS filespace.
+<P><LI>To issue AFS commands, they must meet several additional
+requirements:
+<UL>
+<P><LI>They must be working on an NFS client machine of a supported system type
+and from which the AFS command binaries are accessible.
+<P><LI>Their command shell must define values for the AFSSERVER and AFSCONF
+environment variables, as described in <A HREF="#HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</A>. It is often simplest to define the variables by
+creating <B>/.AFSSERVER</B> and <B>/.AFSCONF</B> file in
+the NFS client machine's root directory, but you can also either set the
+variables in each user's shell initialization file
+(<B>.cshrc</B> or equivalent), or create files called
+<B>.AFSSERVER</B> and <B>.AFSCONF</B> in each
+user's home directory.
+<P><LI>They must have an entry in the AFS Protection and Authentication
+Databases, so that they can authenticate if the command requires AFS
+privilege. Other commands instead require assuming the local
+<B>root</B> identity on the translator machine; for further
+discussion, see <A HREF="#HDRWQ601">The AFSSERVER Variable</A>.
+<P><LI>Their PATH environment variable must include the pathname to the
+appropriate AFS binaries. If a user works on NFS client machines of
+different system types, include the <B>@sys</B> variable in the pathname
+rather than an actual system type name.
+</UL>
+</UL>
+<P><H3><A NAME="Header_684" HREF="auagd002.htm#ToC_684">To configure a user account for issuing AFS commands</A></H3>
+<OL TYPE=1>
+<P><LI>Create entries for the user in the Protection and Authentication
+Databases, or create a complete AFS account. See the instructions for
+account creation in <A HREF="auagd017.htm#HDRWQ449">Creating and Deleting User Accounts with the uss Command Suite</A> or <A HREF="auagd018.htm#HDRWQ491">Administering User Accounts</A>.
+<P><LI><A NAME="LIWQ611"></A>Modify the user's PATH environment variable to include the
+pathname of AFS binaries, such as
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/bin</B>.
+If the user works on NFS client machines of different system types,
+considering replacing the specific <VAR>sysname</VAR> value with the
+<B>@sys</B> variable. The PATH variable is commonly defined in a
+login or shell initialization file (such as the <B>.login</B> or
+<B>.cshrc</B> file).
+<P><LI><B>(Optional)</B> Set the AFSSERVER and AFSCONF environment variables
+if appropriate. This is required if the NFS client machines on which
+the user works do not have the <B>/.AFSSERVER</B> and <B>
+/.AFSCONF</B> files in their root directories, or if you want
+user-specific values to override those settings.
+<P>Either define the variables in the user's login or shell
+initialization file, or create the files <B>.AFSSERVER</B> and
+<B>.AFSCONF</B> files in the user's home directory.
+<P>For the AFSSERVER variable, specify the fully-qualified hostname of the
+translator machine that is to serve as the remote executor. For the
+AFSCONF variable, specify the name of the directory where the
+<B>CellServDB</B> and <B>ThisCell</B> files reside. If you use
+a central update source for these files (by convention,
+<B>/afs/</B><VAR>cellname</VAR><B>/common/etc</B>), name it here.
+<P><LI>If the pathname you defined in Step <A HREF="#LIWQ611">2</A> includes the <B>@sys</B> variable, instruct users to
+check that their system name is defined correctly before they issue AFS
+commands. They issue the following command:
+<PRE> % <B>fs sysname</B>
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ612" HREF="auagd002.htm#ToC_685">Authenticating on Unsupported NFS Client Machines</A></H2>
+<P>The <B>knfs</B> command enables users to authenticate
+with AFS when they are working on NFS clients of unsupported system types
+(those for which AFS binaries are not available). This enables such
+users to access the AFS file tree to the same extent as any other AFS
+user. They cannot, however, issue AFS commands, which is possible only
+on NFS client machines of supported system types.
+<P>To authenticate on an unsupported system type, establish a connection to
+the translator machine (using a facility such as <B>telnet</B>), and issue
+the <B>klog</B> command to obtain tokens for all the cells you wish to
+contact during the upcoming NFS session. Then issue the <B>knfs</B>
+command, which stores the tokens in a credential structure associated with
+your NFS session. The Cache Manager uses the tokens when performing AFS
+access requests that originate from your NFS session.
+<P>More specifically, the credential structure is identified by a process
+authentication group (PAG) number associated with a particular local UID on a
+specific NFS client machine. By default, the NFS UID recorded in the
+credential structure is the same as your local UID on the translator
+machine. You can include the <B>-id</B> argument to specify an
+alternate NFS UID, unless the translator machine's administrator has used
+the <B>fs exportafs</B> command's <B>-uidcheck</B> argument to
+enable UID checking. In that case, the value of the <B>-id</B>
+argument must match your local UID on the translator machine (so there is not
+point to including the <B>-id</B> argument). Enforcing matching
+UIDs prevents someone else from placing their tokens in your credential
+structure, either accidentally or on purpose. However, it means that
+your cell's administrators must set your local UID on the NFS client to
+match your local UID on the translator machine. It also makes it
+impossible to authenticate by issuing the <B>klog</B> command on supported
+NFS clients, meaning that all NFS users must use the <B>knfs</B>
+command. See <A HREF="#HDRWQ604">Controlling Optional Translator Features</A>.
+<P>After issuing the <B>knfs</B> command, you can begin working on the NFS
+client with authenticated access to AFS. When you are finished working,
+it is a good policy to destroy your tokens by issuing the <B>knfs</B>
+command on the translator machine again, this time with the <B>-unlog</B>
+flag. This is simpler if you have left the connection to the translator
+machine open, but you can always establish a new connection if you closed the
+original one.
+<P>If your NFS client machine is a supported system type and you wish to issue
+AFS commands on it, include the <B>-sysname</B> argument to the
+<B>knfs</B> command. The remote executor daemon on the translator
+machine substitutes its value for the <B>@sys</B> variable in pathnames
+when executing AFS commands that you issue on the NFS client machine.
+If your PATH environment variable uses the <B>@sys</B> variable in the
+pathnames for directories that house AFS binaries (as recommended), then
+setting this argument enables the remote executor daemon to access the AFS
+binaries appropriate for your NFS client machine even if its system type
+differs from the translator machine's.
+<P>If you do not issue the <B>knfs</B> command (or the <B>klog</B>
+command on the NFS client machine itself, if it is a supported system type),
+then you are not authenticated with AFS. For a description of
+unauthenticated access, see <A HREF="#HDRWQ599">Enabling Unauthenticated or Authenticated AFS Access</A>.
+<A NAME="IDX8182"></A>
+<A NAME="IDX8183"></A>
+<P><H3><A NAME="Header_686" HREF="auagd002.htm#ToC_686">To authenticate using the knfs command</A></H3>
+<OL TYPE=1>
+<P><LI>Log on to the relevant translator machine, either on the console or
+remotely by using a program such as <B>telnet</B>.
+<P><LI>Obtain tokens for every cell you wish to access while working on the NFS
+client. AFS-modified login utilities acquire a token for the translator
+machine's local cell by default; use <B>klog</B> command to
+obtain tokens for other cells if desired.
+<P><LI>Issue the <B>knfs</B> command to create a credential structure in the
+translator machine's kernel memory for storing the tokens obtained in the
+previous step. Include the <B>-id</B> argument to associate the
+structure with a UID on the NFS client that differs from your local UID on the
+translator machine. This is possible unless the translator
+machine's administrator has enabled UID checking on the translator
+machine; see <A HREF="#HDRWQ604">Controlling Optional Translator Features</A>. If the NFS client machine is a supported system type
+and you wish to issue AFS commands on it, include the <B>-sysname</B>
+argument to specify its system type.
+<PRE> % <B>knfs -host</B> <<VAR>host name</VAR>> [<B>-id</B> <<VAR>user ID (decimal)</VAR>>] [<B>-sysname</B> <<VAR>host's '@sys' value</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-host
+</B><DD>Specifies the fully-qualified hostname of the NFS client machine on which
+you are working.
+<P><DT><B>-id
+</B><DD>Specifies a local UID number on the NFS client machine with which to
+associate the tokens, if different from your local UID on the translator
+machine. If this argument is omitted, the tokens are associated with an
+NFS UID that matches your local UID on the translator machine. In both
+cases, the NFS client software marks your AFS access requests with the NFS UID
+when it forwards them to the Cache Manager on the translator machine.
+<P><DT><B>-sysname
+</B><DD>Specifies the value that the local machine's remote executor daemon
+substitutes for the <B>@sys</B> variable in pathnames when executing AFS
+commands issued on the NFS client machine (which must be a supported system
+type).
+</DL>
+<P>The following error message indicates that the translator machine's
+administrator has enabled UID checking and you have provided a value that
+differs from your local UID on the translator machine.
+<PRE>
+ knfs: Translator in 'passwd sync' mode; remote uid must be the same as local uid
+</PRE>
+<P><LI>Close the connection to the translator machine (if desired) and work on
+the NFS client machine.
+</OL>
+<A NAME="IDX8184"></A>
+<P><H3><A NAME="Header_687" HREF="auagd002.htm#ToC_687">To display tokens using the knfs command</A></H3>
+<OL TYPE=1>
+<P><LI>Log on to the relevant translator machine, either on the console or
+remotely by using a program such as <B>telnet</B>.
+<P><LI>Issue the <B>knfs</B> command with the <B>-tokens</B> flag to
+display the tokens associated with either the NFS UID that matches your local
+UID on the translator machine or the NFS UID specified by the <B>-id</B>
+argument.
+<PRE> % <B>knfs -host</B> <<VAR>host name</VAR>> [<B>-id</B> <<VAR>user ID (decimal)</VAR>>] <B>-tokens</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-host
+</B><DD>Specifies the fully-qualified hostname of the NFS client machine on which
+you are working.
+<P><DT><B>-id
+</B><DD>Specifies the local UID on the NFS client machine for which to display
+tokens, if different from your local UID on the translator machine. If
+this argument is omitted, the tokens are for the NFS UID that matches your
+local UID on the translator machine.
+<P><DT><B>-tokens
+</B><DD>Displays the tokens.
+</DL>
+<P><LI>Close the connection to the translator machine if desired.
+</OL>
+<A NAME="IDX8185"></A>
+<P><H3><A NAME="Header_688" HREF="auagd002.htm#ToC_688">To discard tokens using the knfs command</A></H3>
+<OL TYPE=1>
+<P><LI>If you closed your connection to the translator machine after issuing the
+<B>knfs</B> command, reopen it.
+<P><LI>Issue the <B>knfs</B> command with the <B>-unlog</B> flag.
+<PRE> % <B>knfs -host</B> <<VAR>host name</VAR>> [<B>-id</B> <<VAR>user ID (decimal)</VAR>>] <B>-unlog</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-host
+</B><DD>Specifies the fully-qualified hostname of the NFS client machine you are
+working on.
+<P><DT><B>-id
+</B><DD>Specifies the local UID number on the NFS client machine for which to
+discard the associated tokens, if different from your local UID on the
+translator machine. If this argument is omitted, the tokens associated
+with an NFS UID that matches your local UID on the translator machine are
+discarded.
+<P><DT><B>-unlog
+</B><DD>Discards the tokens.
+</DL>
+<P><LI>If desired, close the connection to the translator machine.
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd021.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd023.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd022.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd024.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRCOMMANDS" HREF="auagd002.htm#ToC_689">Appendix B. Using AFS Commands</A></H1>
+<P>This section describes the components of AFS commands and
+how to make entering commands more efficient by using shortened forms.
+It has the following sections:
+<DL>
+<DD><P><A HREF="#HDRWQ613">AFS Command Syntax</A>
+<DD><P><A HREF="#HDRWQ614">Rules for Entering AFS Commands</A>
+<DD><P><A HREF="#HDRWQ615">Rules for Using Abbreviations and Aliases</A>
+<DD><P><A HREF="#HDRWQ616">Displaying Online Help for AFS Commands</A>
+</DL>
+<HR><H2><A NAME="HDRWQ613" HREF="auagd002.htm#ToC_690">AFS Command Syntax</A></H2>
+<P>AFS commands that belong to suites have the following
+structure:
+<PRE> <B>command_suite operation_code</B> <B>-switch</B> <<VAR>value</VAR>><SUP>[+]</SUP> [<B>-flag</B>]
+
+</PRE>
+<P><H3><A NAME="Header_691" HREF="auagd002.htm#ToC_691">Command Names</A></H3>
+<P>Together, the <B>command_suite</B> and <B>operation_code</B>
+make up the <I>command name</I>.
+<P>The <B>command_suite</B> specifies the group of related commands to
+which the command belongs, and indicates which command interpreter and server
+process perform the command. AFS has several command suites, including
+<B>bos</B>, <B>fs</B>, <B>kas</B>, <B>package</B>,
+<B>pts</B>, <B>scout</B>, <B>uss</B> and <B>vos</B>.
+Some of these suites have an interactive mode in which the issuer omits the
+<B>command_suite</B> portion of the command name.
+<P>The <B>operation_code</B> tells the command interpreter and server
+process which action to perform. Most command suites include several
+operation codes. The <I>IBM AFS Administration Reference</I>
+describes each operation code in detail, and the <I>IBM AFS Administration
+Guide</I> describes how to use them in the context of performing
+administrative tasks.
+<P>Several AFS commands do not belong to a suite and so their names do not
+have a <B>command_suite</B> portion. Their structure is otherwise
+similar to the commands in the suites.
+<P><H3><A NAME="Header_692" HREF="auagd002.htm#ToC_692">Options</A></H3>
+<P>The term <I>option</I> refers to both arguments and flags, which
+are described in the following sections.
+<P><H3><A NAME="Header_693" HREF="auagd002.htm#ToC_693">Arguments</A></H3>
+<P>One or more arguments can follow the command name. Arguments
+specify the entities on which to act while performing the command (for
+example, which server machine, server process, or file). To minimize
+the potential for error, provide a command's arguments in the order
+prescribed in its syntax definition.
+<P>Each argument has two parts, which appear in the indicated order:
+<UL>
+<P><LI>The <I>switch</I> specifies the argument's type and is preceded
+by a hyphen ( <B>-</B> ). For instance, the switch
+<B>-server</B> usually indicates that the argument names a server
+machine. Switches can often be omitted, subject to the rules outlined
+in <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>.
+<P><LI>The <I>value</I> names a particular entity of the type specified by
+the preceding switch. For example, the proper value for a
+<B>-server</B> switch is a server machine name like
+<B>fs3.abc.com</B>. Unlike switches (which have a
+required form), values vary depending on what the issuer wants to
+accomplish. Values appear surrounded by angle brackets (<B><
+></B>) in command descriptions and the online help to show that they are
+user-supplied variable information.
+</UL>
+<P>Some arguments accept multiple values, as indicated by trailing plus sign (
+<B>+</B> ) in the command descriptions and online help. How many of
+a command's arguments take multiple values, and their ordering with
+respect to other arguments, determine when it is acceptable to omit
+switches. See <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>.
+<P>Some commands have optional as well as required arguments; the command
+descriptions and online help show optional arguments in square brackets ([
+]).
+<P><H3><A NAME="Header_694" HREF="auagd002.htm#ToC_694">Flags</A></H3>
+<P>Some commands have one or more flags, which specify the manner in which
+the command interpreter and server process perform the command, or what kind
+of output it produces. Flags are preceded by hyphens like switches, but
+they take no values. Although the command descriptions and online help
+generally list a command's flags after its arguments, there is no
+prescribed order for flags. They can appear anywhere on the command
+line following the operation code, except in between the parts of an
+argument. Flags are always optional.
+<P><H3><A NAME="HDRCOMMAND-EX" HREF="auagd002.htm#ToC_695">An Example Command</A></H3>
+<P>The following example illustrates the different parts
+of a command that belongs to an AFS command suite.
+<PRE> % <B>bos getdate -server fs1.abc.com -file ptserver kaserver </B>
+
+</PRE>
+<P>where
+<UL>
+<P><LI><B>bos</B> is the command suite. The BOS Server executes most
+of the commands in this suite.
+<P><LI><B>getdate</B> is the operation code. It tells the BOS Server
+on the specified server machine (in this case
+<B>fs1.abc.com</B>) to report the modification dates of
+binary files in the local <B>/usr/afs/bin</B> directory.
+<P><LI><B>-server fs1.abc.com</B> is one argument, with
+<B>-server</B> as the switch and <B>fs1.abc.com</B> as
+the value. This argument specifies the server machine on which BOS
+Server is to collect and report binary dates.
+<P><LI><B>-file ptserver kaserver</B> is an argument that takes multiple
+values. The switch is <B>-file</B> and the values are
+<B>ptserver</B> and <B>kaserver</B>. This argument tells the
+BOS Server to report the modification dates on the files
+<B>/usr/afs/bin/kaserver</B> and <B>/usr/afs/bin/ptserver</B>.
+</UL>
+<P><H3><A NAME="HDRWQ614" HREF="auagd002.htm#ToC_696">Rules for Entering AFS Commands</A></H3>
+<P>Enter each AFS command on a single line (press
+<B><Return></B> only at the end of the command). Some commands
+in this document appear broken across multiple lines, but that is for
+legibility only.
+<P>Use a space to separate each element on a command line from its
+neighbors. Spaces rather than commas also separate multiple values of
+an argument.
+<P>In many cases, the issuer of a command can reduce the amount of typing
+necessary by using one or both of the following methods:
+<UL>
+<P><LI>Omitting switches
+<P><LI>Using accepted abbreviations for operation codes, switches (if they are
+included at all), and some types of values
+</UL>
+<P>The following sections explain the conditions for omitting or shortening
+parts of the command line. It is always acceptable to type a command in
+full, with all of its switches and no abbreviations.
+<P><H4><A NAME="HDRNOSWITCH">Conditions for Omitting Switches</A></H4>
+<P>It is always acceptable to type the switch part of an
+argument, but in many cases it is not necessary. Specifically, switches
+can be omitted if the following conditions are met.
+<UL>
+<P><LI>All of the command's required arguments appear in the order
+prescribed by the syntax statement
+<P><LI>No switch is provided for any argument
+<P><LI>There is only one value for each argument (but note the important
+exception discussed in the following paragraph)
+</UL>
+<P>Omitting switches is possible only because there is a prescribed order for
+each command's arguments. When the issuer does not include
+switches, the command interpreter relies instead on the order of
+arguments; it assumes that the first element after the operation code is
+the command's first argument, the next element is the command's
+second argument, and so on. The important exception is when a
+command's final required argument accepts multiple values. In this
+case, the command interpreter assumes that the issuer has correctly provided
+one value for each argument up through the final one, so any additional values
+at the end belong to the final argument.
+<P>The following list describes the rules for omitting switches from the
+opposite perspective: an argument's switch must be provided when
+any of the following conditions apply.
+<UL>
+<P><LI>The command's arguments do not appear in the prescribed order
+<P><LI>An optional argument is omitted but a subsequent optional argument is
+provided
+<P><LI>A switch is provided for a preceding argument
+<P><LI>More than one value is supplied for a preceding argument (which must take
+multiple values, of course); without a switch on the current argument,
+the command interpreter assumes that the current argument is another value for
+the preceding argument
+</UL>
+<P><H4><A NAME="Header_698">An Example of Omitting Switches</A></H4>
+<P>Consider again the example command from <A HREF="#HDRCOMMAND-EX">An Example Command</A>.
+<PRE> % <B> bos getdate -server fs1.abc.com -file ptserver kaserver</B>
+
+</PRE>
+<P>This command has two required arguments: the server machine name
+(identified by the <B>-server</B> switch) and binary file name (identified
+by the <B>-file</B> switch). The second argument accepts multiple
+values. By complying with all three conditions, the issuer can omit the
+switches:
+<PRE> % <B>bos getdate fs1.abc.com ptserver kaserver</B>
+
+</PRE>
+<P>Because there are no switches, the <B>bos</B> command interpreter
+relies on the order of arguments. It assumes that the first element
+following the operation code, <B>fs1.abc.com</B>, is the
+server machine name, and that the next argument, <B>ptserver</B>, is a
+binary file name. Then, because the command's second (and last)
+argument accepts multiple values, the command interpreter correctly interprets
+<B>kaserver</B> as an additional value for it.
+<P>On the other hand, the following is not acceptable because it violates the
+first two conditions in <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>: even though there is only one value per argument, the
+arguments do not appear in the prescribed order, and a switch is provided for
+one argument but not the other.
+<PRE> % <B>bos getdate ptserver -server fs1.abc.com</B>
+
+</PRE>
+<P><H3><A NAME="HDRWQ615" HREF="auagd002.htm#ToC_699">Rules for Using Abbreviations and Aliases</A></H3>
+<P>This section explains how to abbreviate operation codes,
+option names, server machine names, partition names, and cell names. It
+is not possible to abbreviate other types of values.
+<P><H4><A NAME="Header_700">Abbreviating Operation Codes</A></H4>
+<P>It is acceptable to abbreviate an operation code to the shortest form
+that still distinguishes it from the other operation codes in its
+suite.
+<P>For example, it is acceptable to shorten <B>bos install</B> to <B>bos
+i</B> because there are no other operation codes in the <B>bos</B>
+command suite that begin with the letter <B>i</B>. In contrast,
+there are several <B>bos</B> operation codes that start with the letter
+<B>s</B>, so the abbreviations must be longer to remain unambiguous:
+<DL>
+<DD><P><B>bos sa</B> for <B>bos salvage</B>
+<DD><P><B>bos seta</B> for <B>bos setauth</B>
+<DD><P><B>bos setc</B> for <B>bos setcellname</B>
+<DD><P><B>bos setr</B> for <B>bos setrestart</B>
+<DD><P><B>bos sh</B> for <B>bos shutdown</B>
+<DD><P><B>bos start</B> for <B>bos start</B>
+<DD><P><B>bos startu</B> for <B>bos startup</B>
+<DD><P><B>bos stat</B> for <B>bos status</B>
+<DD><P><B>bos sto</B> for <B>bos stop</B>
+</DL>
+<P>In addition to abbreviations, some operation codes have an
+<I>alias</I>, a short form that is not derived by abbreviating the
+operation code to its shortest unambiguous form. For example, the alias
+for the <B>fs setacl</B> command is <B>fs sa</B>, whereas the shortest
+unambiguous abbreviation is <B>fs seta</B>.
+<P>There are two usual reasons an operation code has an alias:
+<UL>
+<P><LI>Because the command is frequently issued, it is convenient to have a form
+shorter than the one derived by abbreviating. The <B>fs setacl</B>
+command is an example.
+<P><LI>Because the command's name has changed, but users of previous
+versions of AFS know the former name. For example, <B>bos
+listhosts</B> has the alias <B>bos getcell</B>, its former name.
+It is acceptable to abbreviate aliases to their shortest unambiguous form (for
+example, <B>bos getcell</B> to <B>bos getc</B>).
+</UL>
+<P>Even if an operation code has an alias, it is still acceptable to use the
+shortest unambiguous form. Thus, the <B>fs setacl</B> command has
+three acceptable forms: <B>fs setacl</B> (the full form), <B>fs
+seta</B> (the shortest abbreviation), and <B>fs sa</B> (the
+alias).
+<P><H4><A NAME="Header_701">Abbreviating Switches and Flags</A></H4>
+<P>It is acceptable to shorten a switch or flag to the shortest form that
+distinguishes it from the other switches and flags for its operation
+code. It is often possible to omit switches entirely, subject to the
+conditions listed in <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>.
+<P><H4><A NAME="HDRFMSABBREV">Abbreviating Server Machine Names</A></H4>
+<P>AFS server machines must have fully-qualified
+Internet-style host names (for example, <B>fs1.abc.com</B>),
+but it is not always necessary to type the full name on the command
+line. AFS commands accept unambiguous shortened forms, but depend on
+the cell's name service (such as the Domain Name Service) or a local host
+table to resolve a shortened name to the fully-qualified equivalent when the
+command is issued.
+<P>Most commands also accept the dotted decimal form of the machine's IP
+address as an identifier.
+<P><H4><A NAME="HDRPARTABBREV">Abbreviating Partition Names</A></H4>
+<P>Partitions that house AFS volumes must have names of
+the form <B>/vicep</B><VAR>x</VAR> or <B>/vicep</B><VAR>xx</VAR>, where
+the variable final portion is one or two lowercase letters. By
+convention, the first server partition created on a file server machine is
+called <B>/vicepa</B>, the second <B>/vicepb</B>, and so on.
+The <I>IBM AFS Quick Beginnings</I> explains how to configure and name a
+file server machine's partitions in preparation for storing AFS volumes
+on them.
+<P>When issuing AFS commands, you can abbreviate a partition name using any of
+the following forms:
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P><H4><A NAME="HDRCELLABBREV">Abbreviating Cell Names</A></H4>
+<P>A cell's full name usually matches its Internet
+domain name (such as <B>stateu.edu</B> for the State University or
+<B>abc.com</B> for ABC Corporation). Some AFS commands
+accept unambiguous shortened forms, usually with respect to the local
+<B>/usr/vice/etc/CellServDB file</B> but sometimes depending on the
+ability of the local name service to resolve the corresponding domain
+name.
+<P><H3><A NAME="HDRWQ616" HREF="auagd002.htm#ToC_705">Displaying Online Help for AFS Commands</A></H3>
+<P>To display online help for AFS commands that belong to
+suites, use the <B>help</B> and <B>apropos</B> operation codes.
+A <B>-help</B> flag is also available on every almost every AFS
+command.
+<P>The online help entry for a command consists of two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes what it does
+<P><LI>If the command has aliases, they appear on the next line
+<P><LI>The final line, which begins with the string <TT>Usage:</TT>,
+lists the command's options in the prescribed order; online help
+entries use the same typographical symbols (brackets and so on) as this
+documentation.
+</UL>
+<P>If no operation code is specified, the <B>help</B> operation code
+displays the first line (short description) for every operation code in the
+suite:
+<PRE>
+ % <VAR>command_suite</VAR> <B>help</B>
+
+</PRE>
+<P>If the issuer specifies one or more operation codes, the <B>help</B>
+operation code displays each command's complete online entry (short
+description, alias if any, and syntax):
+<PRE>
+ % <VAR>command_suite</VAR> <B>help</B> <VAR>operation_code</VAR><SUP>+</SUP>
+
+</PRE>
+<P>The <B>-help</B> flag displays a command's syntax but not the
+short description or alias:
+<PRE> % <VAR>command_name</VAR> <B>-help</B>
+
+</PRE>
+<P>The <B>apropos</B> operation code displays the short description of any
+command in a suite whose operation code or short description includes the
+specified keyword:
+<PRE> % <VAR>command_suite</VAR> <B>apropos</B> <VAR>"<help string>"</VAR>
+
+</PRE>
+<P>The following example command displays the complete online help entry for
+the <B>fs setacl</B> command:
+<PRE>
+ % <B>fs help setacl </B>
+ fs setacl: set access control list
+ aliases: sa
+ Usage: fs setacl -dir <directory>+ -acl <access list entries>+
+ [-clear] [-negative] [-id] [-if] [-help]
+
+</PRE>
+<P>To see only the syntax statement, use the <B>-help</B> flag:
+<PRE> % <B>fs setacl -help</B>
+ Usage: fs setacl -dir <directory>+ -acl <access list entries>+
+ [-clear] [-negative] [-id] [-if] [-help]
+
+</PRE>
+<P>In the following example, a user wants to display the quota for her home
+volume. She knows that the relevant command belongs to the
+<B>fs</B> suite, but cannot remember the operation code. She uses
+<B>quota</B> as the keyword:
+<PRE>
+ % <B>fs apropos quota</B>
+ listquota: list volume quota
+ quota: show volume quota usage
+ setquota: set volume quota
+
+</PRE>
+<P>The following illustrates the error message that results if no command name
+or short description contains the keyword:
+<PRE>
+ % <B>fs apropos "list quota"</B>
+ Sorry, no commands found
+
+</PRE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd022.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd024.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd023.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd025.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ617" HREF="auagd002.htm#ToC_706">Appendix C. The afsmonitor Program Statistics</A></H1>
+<P>This Appendix lists the statistics you can gather with the
+<B>afsmonitor</B> program, grouping them by category and section, and
+briefly describing each field, group, and section. For instructions on
+using the <B>afsmonitor</B> program, see <A HREF="auagd013.htm#HDRWQ323">Monitoring and Auditing AFS Performance</A>
+<A NAME="IDX8186"></A>
+<HR><H2><A NAME="HDRWQ618" HREF="auagd002.htm#ToC_707">The Cache Manager Statistics</A></H2>
+<A NAME="IDX8187"></A>
+<P>Cache Manager statistics fields are classified into the following sections
+and groups:
+<UL>
+<P><LI>PerfStats_section - Performance Statistics Section.
+<UL>
+<P><LI>PerfStats_group - Performance Statistics Group.
+<P><LI>misc_group - Miscellaneous Group.
+</UL>
+<P><LI>Server_UpDown_section - Server Up/Down Statistics Section.
+<UL>
+<P><LI>FS_upDown_SC_group - File Server Up/Down Statistics in Same Cell
+Group.
+<P><LI>FS_upDown_OC_group - File Server Up/Down Statistics in Other Cells
+Group.
+<P><LI>VL_upDown_SC_group - VL Server Up/Down Statistics in Same Cell
+Group.
+<P><LI>VL_upDown_OC_group - VL Server Up/Down Statistics in Other Cells
+Group.
+</UL>
+<P><LI>RPCop_section - RPC Operation Measurements Section.
+<UL>
+<P><LI>FS_RPCopTimes_group - File Server RPC Operation Timings
+Group.
+<P><LI>FS_RPCopErrors_group - File Server RPC Operation Errors
+Group.
+<P><LI>FS_RPCopBytes_group - File Server RPC Transfer Timings Group.
+<P><LI>CM_RPCopTimes_group - Cache Manager RPC Operation Timings
+Group.
+</UL>
+<P><LI>Auth_Access_section - Authentication and Replicated File Access
+Section.
+<UL>
+<P><LI>Auth_Stats_group - Authentication Information for Cache Manager
+Group.
+<P><LI>Access_Stats_group - Unreplicated File Access Group.
+</UL>
+</UL>
+<P>All Cache Manager variables categorized under these sections and groups
+names are listed below.
+<P><H3><A NAME="Header_708" HREF="auagd002.htm#ToC_708">Performance Statistics Section (PerfStats_section)</A></H3>
+<P>Performance Statistics Group (PerfStats_group)
+<UL>
+<P><LI>dlocalAccesses: Number of data accesses to files within local
+cell.
+<P><LI>vlocalAccesses: Number of stat accesses to files within local
+cell.
+<P><LI>dremoteAccesses: Number of data accesses to files outside of local
+cell.
+<P><LI>vremoteAccesses: Number of stat accesses to files outside of local
+cell.
+<P><LI>cacheNumEntries: Number of cache entries.
+<P><LI>cacheBlocksTotal: Number of (1K) blocks configured for cache.
+<P><LI>cacheBlocksInUse: Number of cache blocks actively in use.
+<P><LI>cacheBlocksOrig: Number of cache blocks at bootup.
+<P><LI>cacheMaxDirtyChunks: Maximum number of dirty cache chunks
+tolerated.
+<P><LI>cacheCurrDirtyChunks: Current number of dirty cache chunks.
+<P><LI>dcacheHits: Number of data files found in local cache.
+<P><LI>vcacheHits: Number of stat entries found in local cache.
+<P><LI>dcacheMisses: Number of data files <B>not</B> found in local
+cache.
+<P><LI>vcacheMisses: Number of stat entries <B>not</B> found in local
+cache.
+<P><LI>cacheFlushes: Number of files flushed from cache.
+<P><LI>cacheFilesReused: Number of cache files reused.
+<P><LI>ProtServerAddr: Address of Protection Server used.
+<P><LI>vcacheXAllocs: Additionally allocated vcaches.
+<P><LI>bufAlloced: Number of buffers allocated by AFS.
+<P><LI>bufHits: Number of pages found on buffer cache.
+<P><LI>bufMisses: Number of pages <B>not</B> found on buffer
+cache.
+<P><LI>bufFlushDirty: Number of cached dirty buffers flushed because all
+were busy.
+<P><LI>LargeBlocksActive: Number of currently used large free pool
+entries.
+<P><LI>LargeBlocksAlloced: Number of allocated large free pool
+entries.
+<P><LI>SmallBlocksActive: Number of currently used small free pool
+entries.
+<P><LI>SmallBlocksAlloced: Number of allocated used small free pool
+entries.
+<P><LI>OutStandingMemUsage: Amount of allocated memory.
+<P><LI>OutStandingAllocs: Outstanding osi_allocs (no osi_frees yet).
+<P><LI>CallBackAlloced: Number of callback structures allocated.
+<P><LI>CallBackFlushes: Number of callback flush operations
+performed.
+<P><LI>srvRecords: Number of servers currently on record.
+<P><LI>srvRecordsHWM: Server record high water mark.
+<P><LI>srvNumBuckets: Number of server hash chain buckets.
+<P><LI>srvMaxChainLength: Maximum server hash chain length.
+<P><LI>srvMaxChainLengthHWM: Server hash chain high water mark.
+<P><LI>sysName_ID: Sysname ID for host hardware.
+</UL>
+<P>Miscellaneous Group (misc_group)
+<UL>
+<P><LI>numPerfCalls: Number of performance calls received.
+<P><LI>epoch: Cache Manager epoch time.
+<P><LI>numCellsVisible: Number of cells we know about.
+<P><LI>numCellsContacted: Number of cells contacted.
+</UL>
+<P><H3><A NAME="Header_709" HREF="auagd002.htm#ToC_709">Server Up/Down Statistics Section (Server_UpDown_section)</A></H3>
+<P>File Server Up/Down Statistics in Same Cell Group (FS_upDown_SC_group)
+<P><B>Note:</B> The <I>records</I> referred to in this section
+are the internal records kept by the <B>afsmonitor</B> program to track
+the processes from which data is being gathered.
+<UL>
+<P><LI>fs_sc_numTtlRecords: Number of fileserver records, active or
+inactive.
+<P><LI>fs_sc_numUpRecords: Number of (active) fileserver records currently
+marked up.
+<P><LI>fs_sc_numDownRecords: Number of (active) fileserver records
+currently marked down.
+<P><LI>fs_sc_sumOfRecordAges: Sum of fileserver record lifetimes.
+<P><LI>fs_sc_ageOfYoungestRecord: Age of youngest fileserver record.
+<P><LI>fs_sc_ageOfOldestRecord: Age of oldest fileserver record.
+<P><LI>fs_sc_numDowntimeIncidents: Number of (completed) downtime
+incidents.
+<P><LI>fs_sc_numRecordsNeverDown: Number of fileserver records never marked
+down.
+<P><LI>fs_sc_maxDowntimesInARecord: Maximum downtimes seen by any
+fileserver record.
+<P><LI>fs_sc_sumOfDowntimes: Sum of all (completed) downtimes, in
+seconds.
+<P><LI>fs_sc_shortestDowntime: Shortest downtime, in seconds.
+<P><LI>fs_sc_longestDowntime: Longest downtime, in seconds.
+<P><LI>fs_sc_down_0_10_min: Down time incidents: 0-10 minutes.
+<P><LI>fs_sc_down_10_30_min: Down time incidents: 10-30
+minutes.
+<P><LI>fs_sc_down_half_1_hr: Down time incidents: 30-60
+minutes.
+<P><LI>fs_sc_down_1_2_hr: Down time incidents: 1-2 hours.
+<P><LI>fs_sc_down_2_4_hr: Down time incidents: 2-4 hours.
+<P><LI>fs_sc_down_4_8_hr: Down time incidents: 4-8 hours.
+<P><LI>fs_sc_down_more_8_hr: Down time incidents: more than 8
+hours.
+<P><LI>fs_sc_downDst_0: Down time incidents: 0 times.
+<P><LI>fs_sc_downDst_1: Down time incidents: 1 time.
+<P><LI>fs_sc_downDst_2_5: Down time incidents: 2-5 times.
+<P><LI>fs_sc_downDst_6_10: Down time incidents: 6-10 times.
+<P><LI>fs_sc_downDst_10_50: Down time incidents: 10-50 times.
+<P><LI>fs_sc_downDst_more_50: Down time incidents: more than 50
+times.
+</UL>
+<P>File Server Up/Down Statistics in Other Cells Group (FS_upDown_OC_group)
+<UL>
+<P><LI>fs_oc_numTtlRecords: Number of fileserver records, active or
+inactive.
+<P><LI>fs_oc_numUpRecords: Number of (active) fileserver records currently
+marked up.
+<P><LI>fs_oc_numDownRecords: Number of (active) fileserver records
+currently marked down.
+<P><LI>fs_oc_sumOfRecordAges: Sum of server record lifetimes.
+<P><LI>fs_oc_ageOfYoungestRecord: Age of youngest fileserver record.
+<P><LI>fs_oc_ageOfOldestRecord: Age of oldest fileserver record.
+<P><LI>fs_oc_numDowntimeIncidents: Number of (completed) downtime
+incidents.
+<P><LI>fs_oc_numRecordsNeverDown: Number of fileserver records never marked
+down.
+<P><LI>fs_oc_maxDowntimesInARecord: Maximum downtimes seen by any
+fileserver.
+<P><LI>fs_oc_sumOfDowntimes: Sum of all (completed) downtimes, in
+seconds.
+<P><LI>fs_oc_shortestDowntime: Shortest downtime, in seconds.
+<P><LI>fs_oc_longestDowntime: Longest downtime, in seconds.
+<P><LI>fs_oc_down_0_10_min: Down time incidents: 0-10 minutes.
+<P><LI>fs_oc_down_10_30_min: Down time incidents: 10-30
+minutes.
+<P><LI>fs_oc_down_half_1_hr: Down time incidents: 30-60
+minutes.
+<P><LI>fs_oc_down_1_2_hr: Down time incidents: 1-2 hours.
+<P><LI>fs_oc_down_2_4_hr: Down time incidents: 2-4 hours.
+<P><LI>fs_oc_down_4_8_hr: Down time incidents: 4-8 hours.
+<P><LI>fs_oc_down_more_8_hr: Down time incidents: more than 8
+hours.
+<P><LI>fs_oc_downDst_0: Down time incidents: 0 times.
+<P><LI>fs_oc_downDst_1: Down time incidents: 1 time.
+<P><LI>fs_oc_downDst_2_5: Down time incidents: 2-5 times.
+<P><LI>fs_oc_downDst_6_10: Down time incidents: 6-10 times.
+<P><LI>fs_oc_downDst_10_50: Down time incidents: 10-50 times.
+<P><LI>fs_oc_downDst_more_50: Down time incidents: more than 50
+times.
+</UL>
+<P>VL Server Up/Down Statistics in Same Cell Group (VL_upDown_SC_group)
+<UL>
+<P><LI>vl_sc_numTtlRecords: Number of vlserver records, active or
+inactive.
+<P><LI>vl_sc_numUpRecords: Number of (active) vlserver records currently
+marked up.
+<P><LI>vl_sc_numDownRecords: Number of (active) vlserver records currently
+marked down.
+<P><LI>vl_sc_sumOfRecordAges: Sum of vlserver record lifetimes.
+<P><LI>vl_sc_ageOfYoungestRecord: Age of youngest vlserver record.
+<P><LI>vl_sc_ageOfOldestRecord: Age of oldest vlserver record.
+<P><LI>vl_sc_numDowntimeIncidents: Number of (completed) downtime
+incidents.
+<P><LI>vl_sc_numRecordsNeverDown: Number of vlserver records never marked
+down.
+<P><LI>vl_sc_maxDowntimesInARecord: Maximum downtimes seen by any vlserver
+record.
+<P><LI>vl_sc_sumOfDowntimes: Sum of all (completed) downtimes, in
+seconds.
+<P><LI>vl_sc_shortestDowntime: Shortest downtime, in seconds.
+<P><LI>vl_sc_longestDowntime: Longest downtime, in seconds.
+<P><LI>vl_sc_down_0_10_min: Down time incidents: 0-10 minutes.
+<P><LI>vl_sc_down_10_30_min: Down time incidents: 10-30
+minutes.
+<P><LI>vl_sc_down_half_1_hr: Down time incidents: 30-60
+minutes.
+<P><LI>vl_sc_down_1_2_hr: Down time incidents: 1-2 hours.
+<P><LI>vl_sc_down_2_4_hr: Down time incidents: 2-4 hours.
+<P><LI>vl_sc_down_4_8_hr: Down time incidents: 4-8 hours.
+<P><LI>vl_sc_down_more_8_hr: Down time incidents: more than 8
+hours.
+<P><LI>vl_sc_downDst_0: Down time incidents: 0 times.
+<P><LI>vl_sc_downDst_1: Down time incidents: 1 time.
+<P><LI>vl_sc_downDst_2_5: Down time incidents: 2-5 times.
+<P><LI>vl_sc_downDst_6_10: Down time incidents: 6-10 times.
+<P><LI>vl_sc_downDst_10_50: Down time incidents: 10-50 times.
+<P><LI>vl_sc_downDst_more_50: Down time incidents: more than 50
+times.
+</UL>
+<P>VL Server Up/Down Statistics in Other Cells Group (VL_upDown_DC_group)
+<UL>
+<P><LI>vl_oc_numTtlRecords: Number of vlserver records, active or
+inactive.
+<P><LI>vl_oc_numUpRecords: Number of (active) vlserver records currently
+marked up.
+<P><LI>vl_oc_numDownRecords: Number of (active) vlserver records currently
+marked down.
+<P><LI>vl_oc_sumOfRecordAges: Sum of vlserver record lifetimes.
+<P><LI>vl_oc_ageOfYoungestRecord: Age of youngest vlserver record.
+<P><LI>vl_oc_ageOfOldestRecord: Age of oldest vlserver record.
+<P><LI>vl_oc_numDowntimeIncidents: Number of (completed) downtime
+incidents.
+<P><LI>vl_oc_numRecordsNeverDown: Number of vlserver records never marked
+down.
+<P><LI>vl_oc_maxDowntimesInARecord: Maximum downtimes seen by any vlserver
+record.
+<P><LI>vl_oc_sumOfDowntimes: Sum of all (completed) downtimes, in
+seconds.
+<P><LI>vl_oc_shortestDowntime: Shortest downtime, in seconds.
+<P><LI>vl_oc_longestDowntime: Longest downtime, in seconds.
+<P><LI>vl_oc_down_0_10_min: Down time incidents: 0-10 minutes.
+<P><LI>vl_oc_down_10_30_min: Down time incidents: 10-30
+minutes.
+<P><LI>vl_oc_down_half_1_hr: Down time incidents: 30-60
+minutes.
+<P><LI>vl_oc_down_1_2_hr: Down time incidents: 1-2 hours.
+<P><LI>vl_oc_down_2_4_hr: Down time incidents: 2-4 hours.
+<P><LI>vl_oc_down_4_8_hr: Down time incidents: 4-8 hours.
+<P><LI>vl_oc_down_more_8_hr: Down time incidents: more than 8
+hours.
+<P><LI>vl_oc_downDst_0: Down time incidents: 0 times.
+<P><LI>vl_oc_downDst_1: Down time incidents: 1 time.
+<P><LI>vl_oc_downDst_2_5: Down time incidents: 2-5 times.
+<P><LI>vl_oc_downDst_6_10: Down time incidents: 6-10 times.
+<P><LI>vl_oc_downDst_10_50: Down time incidents: 10-50 times.
+<P><LI>vl_oc_downDst_more_50: Down time incidents: more than 50
+times.
+</UL>
+<P><H3><A NAME="Header_710" HREF="auagd002.htm#ToC_710">RPC Operation Measurements Section (RPCop_section)</A></H3>
+<P>File Server RPC Operation Timings Group (FS_RPCopTimes_group)
+<UL>
+<P><LI>FetchData_ops: Number of FetchData operations executed.
+<P><LI>FetchData_ops_ok: Number of successful FetchData operations.
+<P><LI>FetchData_sum: Sum of timings for FetchData operations.
+<P><LI>FetchData_sqr: Sum of squares of sample timings for FetchData
+operations.
+<P><LI>FetchData_min: Minimum execution time observed for FetchData
+operations.
+<P><LI>FetchData_max: Maximum execution time observed for FetchData
+operations.
+<P><LI>FetchACL_ops: Number of FetchACL operations executed.
+<P><LI>FetchACL_ops_ok: Number of successful FetchACL operations.
+<P><LI>FetchACL_sum: Sum of timings for FetchACL operations.
+<P><LI>FetchACL_sqr: Sum of squares of sample timings for FetchACL
+operations.
+<P><LI>FetchACL_min: Minimum execution time observed for FetchACL
+operations.
+<P><LI>FetchACL_max: Maximum execution time observed for FetchACL
+operations.
+<P><LI>FetchStatus_ops: Number of FetchStatus operations executed.
+<P><LI>FetchStatus_ops_ok: Number of successful FetchStatus
+operations.
+<P><LI>FetchStatus_sum: Sum of timings for FetchStatus operations.
+<P><LI>FetchStatus_sqr: Sum of squares of sample timings for FetchStatus
+operations.
+<P><LI>FetchStatus_min: Minimum execution time observed for FetchStatus
+operations.
+<P><LI>FetchStatus_max: Maximum execution time observed for FetchStatus
+operations.
+<P><LI>StoreData_ops: Number of StoreData operations executed.
+<P><LI>StoreData_ops_ok: Number of successful StoreData operations.
+<P><LI>StoreData_sum: Sum of timings for StoreData operations.
+<P><LI>StoreData_sqr: Sum of squares of sample timings for StoreData
+operations.
+<P><LI>StoreData_min: Minimum execution time observed for StoreData
+operations.
+<P><LI>StoreData_max: Maximum execution time observed for StoreData
+operations.
+<P><LI>StoreACL_ops: Number of StoreACL operations executed.
+<P><LI>StoreACL_ops_ok: Number of successful StoreACL operation.
+<P><LI>StoreACL_sum: Sum of timings for StoreACL operations.
+<P><LI>StoreACL_sqr: Sum of squares of sample timings for StoreACL
+operations.
+<P><LI>StoreACL_min: Minimum execution time observed for StoreACL
+operations.
+<P><LI>StoreACL_max: Maximum execution time observed for StoreACL
+operations.
+<P><LI>StoreStatus_ops: Number of StoreStatus operations executed.
+<P><LI>StoreStatus_ops_ok: Number of successful StoreStatus
+operations.
+<P><LI>StoreStatus_sum: Sum of timings for StoreStatus operations.
+<P><LI>StoreStatus_sqr: Sum of squares of sample timings for StoreStatus
+operations.
+<P><LI>StoreStatus_min: Minimum execution time observed for StoreStatus
+operations.
+<P><LI>StoreStatus_max: Maximum execution time observed for StoreStatus
+operations.
+<P><LI>RemoveFile_ops: Number of RemoveFile operations executed.
+<P><LI>RemoveFile_ops_ok: Number of successful RemoveFile
+operations.
+<P><LI>RemoveFile_sum: Sum of timings for RemoveFile operations.
+<P><LI>RemoveFile_sqr: Sum of squares of sample timings for RemoveFile
+operations.
+<P><LI>RemoveFile_min: Minimum execution time observed for RemoveFile
+operations.
+<P><LI>RemoveFile_max: Maximum execution time observed for RemoveFile
+operations.
+<P><LI>CreateFile_ops: Number of CreateFile operations executed.
+<P><LI>CreateFile_ops_ok: Number of successful CreateFile
+operations.
+<P><LI>CreateFile_sum: Sum of timings for CreateFile operations.
+<P><LI>CreateFile_sqr: Sum of squares of sample timings for CreateFile
+operations.
+<P><LI>CreateFile_min: Minimum execution time observed for CreateFile
+operations.
+<P><LI>CreateFile_max: Maximum execution time observed for CreateFile
+operations.
+<P><LI>Rename_ops: Number of Rename operations executed.
+<P><LI>Rename_ops_ok: Number of successful Rename operations.
+<P><LI>Rename_sum: Sum of timings for Rename operations.
+<P><LI>Rename_sqr: Sum of squares of sample timings for Rename
+operations.
+<P><LI>Rename_min: Minimum execution time observed for Rename
+operations.
+<P><LI>Rename_max: Maximum execution time observed for Rename
+operations.
+<P><LI>Symlink_ops: Number of Symlink operations executed.
+<P><LI>Symlink_ops_ok: Number of successful Symlink operations.
+<P><LI>Symlink_sum: Sum of timings for Symlink operations.
+<P><LI>Symlink_sqr: Sum of squares of sample timings for Symlink
+operations.
+<P><LI>Symlink_min: Minimum execution time observed for Symlink
+operations.
+<P><LI>Symlink_max: Maximum execution time observed for Symlink
+operations.
+<P><LI>Link_ops: Number of Link operations executed.
+<P><LI>Link_ops_ok: Number of successful Link operations.
+<P><LI>Link_sum: Sum of timings for Link operations.
+<P><LI>Link_sqr: Sum of squares of sample timings for Link
+operations.
+<P><LI>Link_min: Minimum execution time observed for Link
+operations.
+<P><LI>Link_max: Maximum execution time observed for Link
+operations.
+<P><LI>MakeDir_ops: Number of MakeDir operations executed.
+<P><LI>MakeDir_ops_ok: Number of successful MakeDir operations.
+<P><LI>MakeDir_sum: Sum of timings for MakeDir operations.
+<P><LI>MakeDir_sqr: Sum of squares of sample timings for MakeDir
+operations.
+<P><LI>MakeDir_min: Minimum execution time observed for MakeDir
+operations.
+<P><LI>MakeDir_max: Maximum execution time observed for MakeDir
+operations.
+<P><LI>RemoveDir_ops: Number of RemoveDir operations executed.
+<P><LI>RemoveDir_ops_ok: Number of successful RemoveDir operations.
+<P><LI>RemoveDir_sum: Sum of timings for RemoveDir operations.
+<P><LI>RemoveDir_sqr: Sum of squares of sample timings for RemoveDir
+operations.
+<P><LI>RemoveDir_min: Minimum execution time observed for RemoveDir
+operations.
+<P><LI>RemoveDir_max: Maximum execution time observed for RemoveDir
+operations.
+<P><LI>SetLock_ops: Number of SetLock operations executed.
+<P><LI>SetLock_ops_ok: Number of successful SetLock operations.
+<P><LI>SetLock_sum: Sum of timings for SetLock operations.
+<P><LI>SetLock_sqr: Sum of squares of sample timings for SetLock
+operations.
+<P><LI>SetLock_min: Minimum execution time observed for SetLock
+operations.
+<P><LI>SetLock_max: Maximum execution time observed for SetLock
+operations.
+<P><LI>ExtendLock_ops: Number of ExtendLock operations executed.
+<P><LI>ExtendLock_ops_ok: Number of successful ExtendLock
+operations.
+<P><LI>ExtendLock_sum: Sum of timings for ExtendLock operations.
+<P><LI>ExtendLock_sqr: Sum of squares of sample timings for ExtendLock
+operations.
+<P><LI>ExtendLock_min: Minimum execution time observed for ExtendLock
+operations.
+<P><LI>ExtendLock_max: Maximum execution time observed for ExtendLock
+operations.
+<P><LI>ReleaseLock_ops: Number of ReleaseLock operations executed.
+<P><LI>ReleaseLock_ops_ok: Number of successful ReleaseLock
+operations.
+<P><LI>ReleaseLock_sum: Sum of timings for ReleaseLock operations.
+<P><LI>ReleaseLock_sqr: Sum of squares of sample timings for StoreStatus
+operations.
+<P><LI>ReleaseLock_min: Minimum execution time observed for ReleaseLock
+operations.
+<P><LI>ReleaseLock_max: Maximum execution time observed for ReleaseLock
+operations.
+<P><LI>GetStatistics_ops: Number of GetStatistics operations
+executed.
+<P><LI>GetStatistics_ops_ok: Number of successful GetStatistics
+operations.
+<P><LI>GetStatistics_sum: Sum of timings for GetStatistics
+operations.
+<P><LI>GetStatistics_sqr: Sum of squares of sample timings for
+GetStatistics operations.
+<P><LI>GetStatistics_min: Minimum execution time observed for GetStatistics
+operations.
+<P><LI>GetStatistics_max: Maximum execution time observed for GetStatistics
+operations.
+<P><LI>GiveUpCallbacks_ops: Number of GiveUpCallbacks operations
+executed.
+<P><LI>GiveUpCallbacks_ops_ok: Number of successful GiveUpCallbacks
+operations.
+<P><LI>GiveUpCallbacks_sum: Sum of timings for GiveUpCallbacks
+operations.
+<P><LI>GiveUpCallbacks_sqr: Sum of squares of sample timings for
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_min: Minimum execution time observed for
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_max: Maximum execution time observed for
+GiveUpCallbacks operations.
+<P><LI>GetVolumeInfo_ops: Number of GetVolumeInfo operations
+executed.
+<P><LI>GetVolumeInfo_ops_ok: Number of successful GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_sum: Sum of timings for GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_sqr: Sum of squares of sample timings for
+GetVolumeInfo operations.
+<P><LI>GetVolumeInfo_min: Minimum execution time observed for GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_max: Maximum execution time observed for GetVolumeInfo
+operations.
+<P><LI>GetVolumeStatus_ops: Number of GetVolumeStatus operations
+executed.
+<P><LI>GetVolumeStatus_ops_ok: Number of successful GetVolumeStatus
+operations.
+<P><LI>GetVolumeStatus_sum: Sum of timings for GetVolumeStatus
+operations.
+<P><LI>GetVolumeStatus_sqr: Sum of squares of sample timings for
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_min: Minimum execution time observed for
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_max: Maximum execution time observed for
+GetVolumeStatus operations.
+<P><LI>SetVolumeStatus_ops: Number of SetVolumeStatus operations
+executed.
+<P><LI>SetVolumeStatus_ops_ok: Number of successful SetVolumeStatus
+operations.
+<P><LI>SetVolumeStatus_sum: Sum of timings for SetVolumeStatus
+operations.
+<P><LI>SetVolumeStatus_sqr: Sum of squares of sample timings for
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_min: Minimum execution time observed for
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_max: Maximum execution time observed for
+SetVolumeStatus operations.
+<P><LI>GetRootVolume_ops: Number of GetRootVolume operations
+executed.
+<P><LI>GetRootVolume_ops_ok: Number of successful GetRootVolume
+operations.
+<P><LI>GetRootVolume_sum: Sum of timings for GetRootVolume
+operations.
+<P><LI>GetRootVolume_sqr: Sum of squares of sample timings for
+GetRootVolume operations.
+<P><LI>GetRootVolume_min: Minimum execution time observed for GetRootVolume
+operations.
+<P><LI>GetRootVolume_max: Maximum execution time observed for GetRootVolume
+operations.
+<P><LI>CheckToken_ops: Number of CheckToken operations executed.
+<P><LI>CheckToken_ops_ok: Number of successful CheckToken
+operations.
+<P><LI>CheckToken_sum: Sum of timings for CheckToken operations.
+<P><LI>CheckToken_sqr: Sum of squares of sample timings for CheckToken
+operations.
+<P><LI>CheckToken_min: Minimum execution time observed for CheckToken
+operations.
+<P><LI>CheckToken_max: Maximum execution time observed for CheckToken
+operations.
+<P><LI>GetTime_ops: Number of GetTime operations executed.
+<P><LI>GetTime_ops_ok: Number of successful GetTime operations.
+<P><LI>GetTime_sum: Sum of timings for GetTime operations.
+<P><LI>GetTime_sqr: Sum of squares of sample timings for GetTime
+operations.
+<P><LI>GetTime_min: Minimum execution time observed for GetTime
+operations.
+<P><LI>GetTime_max: Maximum execution time observed for GetTime
+operations.
+<P><LI>NGetVolumeInfo_ops: Number of NGetVolumeInfo operations
+executed.
+<P><LI>NGetVolumeInfo_ops_ok: Number of successful NGetVolumeInfo
+operations.
+<P><LI>NGetVolumeInfo_sum: Sum of timings for NGetVolumeInfo
+operations.
+<P><LI>NGetVolumeInfo_sqr: Sum of squares of sample timings for
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_min: Minimum execution time observed for
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_max: Maximum execution time observed for
+NGetVolumeInfo operations.
+<P><LI>BulkStatus_ops: Number of BulkStatus operations executed.
+<P><LI>BulkStatus_ops_ok: Number of successful BulkStatus
+operations.
+<P><LI>BulkStatus_sum: Sum of timings for BulkStatus operations.
+<P><LI>BulkStatus_sqr: Sum of squares of sample timings for BulkStatus
+operations.
+<P><LI>BulkStatus_min: Minimum execution time observed for BulkStatus
+operations.
+<P><LI>BulkStatus_max: Maximum execution time observed for BulkStatus
+operations.
+<P><LI>XStatsVersion_ops: Number of XStatsVersion operations
+executed.
+<P><LI>XStatsVersion_ops_ok: Number of successful XStatsVersion
+operations.
+<P><LI>XStatsVersion_sum: Sum of timings for XStatsVersion
+operations.
+<P><LI>XStatsVersion_sqr: Sum of squares of sample timings for
+XStatsVersion operations.
+<P><LI>XStatsVersion_min: Minimum execution time observed for XStatsVersion
+operations.
+<P><LI>XStatsVersion_max: Maximum execution time observed for XStatsVersion
+operations.
+<P><LI>GetXStats_ops: Number of GetXStats operations executed.
+<P><LI>GetXStats_ops_ok: Number of successful GetXStats operations.
+<P><LI>GetXStats_sum: Sum of timings for GetXStats operations.
+<P><LI>GetXstats_sqr: Sum of squares of sample timings for GetXStats
+operations.
+<P><LI>GetXStats_min: Minimum execution time observed for GetXStats
+operations.
+<P><LI>GetXStats_max: Maximum execution time observed for GetXStats
+operations.
+</UL>
+<P>File Server RPC Operation Errors Group (FS_RPCopErrors_group)
+<UL>
+<P><LI>FetchData_srv_err: Number of server-down errors during FetchData
+operations.
+<P><LI>FetchData_net_err: Number of network errors during FetchData
+operations.
+<P><LI>FetchData_prot_err_err: Number of protection violations during
+FetchData operations.
+<P><LI>FetchData_vol_err: Number of volume related errors during FetchData
+operations.
+<P><LI>FetchData_busy_err: Number of volume busy conditions during
+FetchData operations.
+<P><LI>FetchData_other_err: Number of miscellaneous other errors during
+FetchData operations.
+<P><LI>FetchACL_srv_err: Number of server-down errors during FetchACL
+operations.
+<P><LI>FetchACL_net_err: Number of network errors during FetchACL
+operations.
+<P><LI>FetchACL_prot_err: Number of protection violations during FetchACL
+operations.
+<P><LI>FetchACL_vol_err: Number of volume related errors during FetchACL
+operations.
+<P><LI>FetchACL_busy_err: Number of volume busy conditions encountered
+during FetchACL operations.
+<P><LI>FetchACL_other_err: Number of miscellaneous other errors during
+FetchACL operations.
+<P><LI>FetchStatus_srv_err: Number of server-down errors during FetchStatus
+operations.
+<P><LI>FetchStatus_net_err: Number of network errors during FetchStatus
+operations.
+<P><LI>FetchStatus_prot_err: Number of protection violations during
+FetchStatus operations.
+<P><LI>FetchStatus_vol_err: Number of volume related errors during
+FetchStatus operations.
+<P><LI>FetchStatus_busy_err: Number of volume busy conditions encountered
+during FetchStatus operations.
+<P><LI>FetchStatus_other_err: Number of miscellaneous other errors during
+FetchStatus operations.
+<P><LI>StoreData_srv_err: Number of server-down errors during StoreData
+operations.
+<P><LI>StoreData_net_err: Number of network errors during StoreData
+operations.
+<P><LI>StoreData_prot_err: Number of protection violations during StoreData
+operations.
+<P><LI>StoreData_vol_err: Number of volume related errors during StoreData
+operations.
+<P><LI>StoreData_busy_err: Number of volume busy conditions encountered
+during StoreData operations.
+<P><LI>StoreData_other_err: Number of miscellaneous other errors during
+StoreData operations.
+<P><LI>StoreACL_srv_err: Number of server-down errors during StoreACL
+operations.
+<P><LI>StoreACL_net_err: Number of network errors during StoreACL
+operations.
+<P><LI>StoreACL_prot_err: Number of protection violations during StoreACL
+operations.
+<P><LI>StoreACL_vol_err: Number of volume related errors during StoreACL
+operations.
+<P><LI>StoreACL_busy_err: Number of volume busy conditions encountered
+during StoreACL operations.
+<P><LI>StoreACL_other_err: Number of miscellaneous other errors during
+StoreACL operations.
+<P><LI>StoreStatus_srv_err: Number of server-down errors during StoreStatus
+operations.
+<P><LI>StoreStatus_net_err: Number of network errors during StoreStatus
+operations.
+<P><LI>StoreStatus_prot_err: Number of protection violations during
+StoreStatus operations.
+<P><LI>StoreStatus_vol_err: Number of volume related errors during
+StoreStatus operations.
+<P><LI>StoreStatus_busy_err: Number of volume busy conditions encountered
+during StoreStatus operations.
+<P><LI>StoreStatus_other_err: Number of miscellaneous other errors during
+StoreStatus operations.
+<P><LI>RemoveFile_srv_err: Number of server-down errors during RemoveFile
+operations.
+<P><LI>RemoveFile_net_err: Number of network errors during RemoveFile
+operations.
+<P><LI>RemoveFile_prot_err: Number of protection violations during
+RemoveFile operations.
+<P><LI>RemoveFile_vol_err: Number of volume related errors during
+RemoveFile operations.
+<P><LI>RemoveFile_busy_err: Number of volume busy conditions encountered
+during RemoveFile operations.
+<P><LI>RemoveFile_other_err: Number of miscellaneous other errors during
+RemoveFile operations.
+<P><LI>CreateFile_srv_err: Number of server-down errors during CreateFile
+operations.
+<P><LI>CreateFile_net_err: Number of network errors during CreateFile
+operations.
+<P><LI>CreateFile_prot_err: Number of protection violations during
+CreateFile operations.
+<P><LI>CreateFile_vol_err: Number of volume related errors during
+CreateFile operations.
+<P><LI>CreateFile_busy_err: Number of volume busy conditions encountered
+during CreateFile operations.
+<P><LI>CreateFile_other_err: Number of miscellaneous other errors during
+CreateFile operations.
+<P><LI>Rename_srv_err: Number of server-down errors during Rename
+operations.
+<P><LI>Rename_net_err: Number of network errors during Rename
+operations.
+<P><LI>Rename_prot_err: Number of protection violations during Rename
+operations.
+<P><LI>Rename_vol_err: Number of volume related errors during Rename
+operations.
+<P><LI>Rename_busy_err: Number of volume busy conditions encountered during
+Rename operations.
+<P><LI>Rename_other_err: Number of miscellaneous other errors during Rename
+operations.
+<P><LI>Symlink_srv_err: Number of server-down errors during Symlink
+operations.
+<P><LI>Symlink_net_err: Number of network errors during Symlink
+operations.
+<P><LI>Symlink_prot_err: Number of protection violations during Symlink
+operations.
+<P><LI>Symlink_vol_err: Number of volume related errors during Symlink
+operations.
+<P><LI>Symlink_busy_err: Number of volume busy conditions encountered
+during Symlink operations.
+<P><LI>Symlink_other_err: Number of miscellaneous other errors during
+Symlink operations.
+<P><LI>Link_srv_err: Number of server-down errors during Link
+operations.
+<P><LI>Link_net_err: Number of network errors during Link
+operations.
+<P><LI>Link_prot_err: Number of protection violations during Link
+operations.
+<P><LI>Link_vol_err: Number of volume related errors during Link
+operations.
+<P><LI>Link_busy_err: Number of volume busy conditions encountered during
+Link operations.
+<P><LI>Link_other_err: Number of miscellaneous other errors during Link
+operations.
+<P><LI>MakeDir_srv_err: Number of server-down errors during MakeDir
+operations.
+<P><LI>MakeDir_net_err: Number of network errors during MakeDir
+operations.
+<P><LI>MakeDir_prot_err: Number of protection violations during MakeDir
+operations.
+<P><LI>MakeDir_vol_err: Number of volume related errors during MakeDir
+operations.
+<P><LI>MakeDir_busy_err: Number of volume busy conditions encountered
+during MakeDir operations.
+<P><LI>MakeDir_other_err: Number of miscellaneous other errors during
+MakeDir operations.
+<P><LI>RemoveDir_srv_err: Number of server-down errors during RemoveDir
+operations.
+<P><LI>RemoveDir_net_err: Number of network errors during RemoveDir
+operations.
+<P><LI>RemoveDir_prot_err: Number of protection violations during RemoveDir
+operations.
+<P><LI>RemoveDir_vol_err: Number of volume related errors during RemoveDir
+operations.
+<P><LI>RemoveDir_busy_err: Number of volume busy conditions encountered
+during RemoveDir operations.
+<P><LI>RemoveDir_other_err: Number of miscellaneous other errors during
+RemoveDir operations.
+<P><LI>SetLock_srv_err: Number of server-down errors during SetLock
+operations.
+<P><LI>SetLock_net_err: Number of network errors during SetLock
+operations.
+<P><LI>SetLock_prot_err: Number of protection violations during SetLock
+operations.
+<P><LI>SetLock_vol_err: Number of volume related errors during SetLock
+operations.
+<P><LI>SetLock_busy_err: Number of volume busy conditions encountered
+during SetLock operations.
+<P><LI>SetLock_other_err: Number of miscellaneous other errors during
+SetLock operations.
+<P><LI>ExtendLock_srv_err: Number of server-down errors during ExtendLock
+operations.
+<P><LI>ExtendLock_net_err: Number of network errors during ExtendLock
+operations.
+<P><LI>ExtendLock_prot_err: Number of protection violations during
+ExtendLock operations.
+<P><LI>ExtendLock_vol_err: Number of volume related errors during
+ExtendLock operations.
+<P><LI>ExtendLock_busy_err: Number of volume busy conditions encountered
+during ExtendLock operations.
+<P><LI>ExtendLock_other_err: Number of miscellaneous other errors during
+ExtendLock operations.
+<P><LI>ReleaseLock_srv_err: Number of server-down errors during ReleaseLock
+operations.
+<P><LI>ReleaseLock_net_err: Number of network errors during ReleaseLock
+operations.
+<P><LI>ReleaseLock_prot_err: Number of protection violations during
+ReleaseLock operations.
+<P><LI>ReleaseLock_vol_err: Number of volume related errors during
+ReleaseLock operations.
+<P><LI>ReleaseLock_busy_err: Number of volume busy conditions encountered
+during ReleaseLock operations.
+<P><LI>ReleaseLock_other_err: Number of miscellaneous other errors during
+ReleaseLock operations.
+<P><LI>GetStatistics_srv_err: Number of server-down errors during
+GetStatistics operations.
+<P><LI>GetStatistics_net_err: Number of network errors during GetStatistics
+operations.
+<P><LI>GetStatistics_prot_err: Number of protection violations during
+GetStatistics operations.
+<P><LI>GetStatistics_vol_err: Number of volume related errors during
+GetStatistics operations.
+<P><LI>GetStatistics_busy_err: Number of volume busy conditions encountered
+during GetStatistics operations.
+<P><LI>GetStatistics_other_err: Number of miscellaneous other errors during
+GetStatistics operations.
+<P><LI>GiveUpCallbacks_srv_err: Number of server-down errors during
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_net_err: Number of network errors during
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_prot_err: Number of protection violations during
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_vol_err: Number of volume related errors during
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_busy_err: Number of volume busy conditions
+encountered during GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_other_err: Number of miscellaneous other errors
+during GiveUpCallbacks operations.
+<P><LI>GetVolumeInfo_srv_err: Number of server-down errors during
+GetVolumeInfo operations.
+<P><LI>GetVolumeInfo_net_err: Number of network errors during GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_prot_err: Number of protection violations during
+GetVolumeInfo operations.
+<P><LI>GetVolumeInfo_vol_err: Number of volume related errors during
+GetVolumeInfo operations.
+<P><LI>GetVolumeInfo_busy_err: Number of volume busy conditions encountered
+during GetVolumeInfo operations.
+<P><LI>GetVolumeInfo_other_err: Number of miscellaneous other errors during
+GetVolumeInfo operations.
+<P><LI>GetVolumeStatus_srv_err: Number of server-down errors during
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_net_err: Number of network errors during
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_prot_err: Number of protection violations during
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_vol_err: Number of volume related errors during
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_busy_err: Number of volume busy conditions
+encountered during GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_other_err: Number of miscellaneous other errors
+during GetVolumeStatus operations.
+<P><LI>SetVolumeStatus_srv_err : Number of server-down errors during
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_net_err: Number of network errors during
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_prot_err: Number of protection violations during
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_vol_err: Number of volume related errors during
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_busy_err: Number of volume busy conditions
+encountered during SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_other_err: Number of miscellaneous other errors
+during SetVolumeStatus operations.
+<P><LI>GetRootVolume_srv_err: Number of server-down errors during
+GetRootVolume operations.
+<P><LI>GetRootVolume_net_err: Number of network errors during GetRootVolume
+operations.
+<P><LI>GetRootVolume_prot_err: Number of protection violations during
+GetRootVolume operations.
+<P><LI>GetRootVolume_vol_err: Number of volume related errors during
+GetRootVolume operations.
+<P><LI>GetRootVolume_busy_err: Number of volume busy conditions encountered
+during GetRootVolume operations.
+<P><LI>GetRootVolume_other_err: Number of miscellaneous other errors during
+GetRootVolume operations.
+<P><LI>CheckToken_srv_err: Number of server-down errors during CheckToken
+operations.
+<P><LI>CheckToken_net_err: Number of network errors during CheckToken
+operations.
+<P><LI>CheckToken_prot_err: Number of protection violations during
+CheckToken operations.
+<P><LI>CheckToken_vol_err: Number of volume related errors during
+CheckToken operations.
+<P><LI>CheckToken_busy_err: Number of volume busy conditions encountered
+during CheckToken operations.
+<P><LI>CheckToken_other_err: Number of miscellaneous other errors during
+CheckToken operations.
+<P><LI>GetTime_srv_err: Number of server-down errors during GetTime
+operations.
+<P><LI>GetTime_net_err: Number of network errors during GetTime
+operations.
+<P><LI>GetTime_prot_err: Number of protection violations during GetTime
+operations.
+<P><LI>GetTime_vol_err: Number of volume related errors during GetTime
+operations.
+<P><LI>GetTime_busy_err: Number of volume busy conditions encountered
+during GetTime operations.
+<P><LI>GetTime_other_err: Number of miscellaneous other errors during
+GetTime operations.
+<P><LI>NGetVolumeInfo_srv_err: Number of server-down errors during
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_net_err: Number of network errors during
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_prot_err: Number of protection violations during
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_vol_err: Number of volume related errors during
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_busy_err: Number of volume busy conditions
+encountered during NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_other_err: Number of miscellaneous other errors
+during NGetVolumeInfo operations.
+<P><LI>BulkStatus_srv_err: Number of server-down errors during BulkStatus
+operations.
+<P><LI>BulkStatus_net_err: Number of network errors during BulkStatus
+operations.
+<P><LI>BulkStatus_prot_err: Number of protection violations during
+BulkStatus operations.
+<P><LI>BulkStatus_vol_err: Number of volume related errors during
+BulkStatus operations.
+<P><LI>BulkStatus_busy_err: Number of volume busy conditions encountered
+during BulkStatus operations.
+<P><LI>BulkStatus_other_err: Number of miscellaneous other errors during
+BulkStatus operations.
+<P><LI>XStatsVersion_srv_err: Number of server-down errors during
+XStatsVersion operations.
+<P><LI>XStatsVersion_net_err: Number of network errors during XStatsVersion
+operations.
+<P><LI>XStatsVersion_prot_err: Number of protection violations during
+XStatsVersion operations.
+<P><LI>XStatsVersion_vol_err: Number of volume related errors during
+XStatsVersion operations.
+<P><LI>XStatsVersion_busy_err: Number of volume busy conditions encountered
+during XStatsVersion operations.
+<P><LI>XStatsVersion_other_err: Number of miscellaneous other errors during
+XStatsVersion operations.
+<P><LI>GetXStats_srv_err: Number of server-down errors during GetXStats
+operations.
+<P><LI>GetXStats_net_err: Number of network errors during GetXStats
+operations.
+<P><LI>GetXStats_prot_err: Number of protection violations during GetXStats
+operations.
+<P><LI>GetXStats_vol_err: Number of volume related errors during GetXStats
+operations.
+<P><LI>GetXStats_busy_err: Number of volume busy conditions encountered
+during GetXStats operations.
+<P><LI>GetXStats_other_err: Number of miscellaneous other errors during
+GetXStats operations.
+</UL>
+<P>File Server RPC Transfer Timings Group (FS_RPCopBytes_group)
+<UL>
+<P><LI>FetchData_xfers: Number of FetchData operations.
+<P><LI>FetchData_xfers_ok: Number of successful FetchData
+operations.
+<P><LI>FetchData_xfers_sum: Sum of timing values for FetchData
+operations.
+<P><LI>FetchData_xfers_sqr: Sum of squares of sample timings for FetchData
+operations.
+<P><LI>FetchData_xfers_min: Minimum transfer time observed for FetchData
+operations.
+<P><LI>FetchData_xfers_max: Maximum transfer time observed for FetchData
+operations.
+<P><LI>FetchData_xfers_bytes_sum: Sum of bytes transferred for FetchData
+operations.
+<P><LI>FetchData_xfers_bytes_min: Minimum byte transfer observed for
+FetchData operations.
+<P><LI>FetchData_xfers_bytes_max: Maximum byte transfer observed for
+FetchData operations.
+<P><LI>FetchData_xfers_bucket0: Tally in bucket0 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket1: Tally in bucket1 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket2: Tally in bucket2 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket3: Tally in bucket3 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket4: Tally in bucket4 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket5: Tally in bucket5 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket6: Tally in bucket6 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket7: Tally in bucket7 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket8: Tally in bucket8 for FetchData
+operations.
+<P><LI>StoreData_xfers: Number of StoreData operations.
+<P><LI>StoreData_xfers_ok: Number of successful StoreData
+operations.
+<P><LI>StoreData_xfers_sum: Sum of timing values for StoreData
+operations.
+<P><LI>StoreData_xfers_sqr: Sum of squares of sample timings for StoreData
+operations.
+<P><LI>StoreData_xfers_min: Minimum transfer time observed for StoreData
+operations.
+<P><LI>StoreData_xfers_max: Maximum transfer time observed for StoreData
+operations.
+<P><LI>StoreData_xfers_bytes_sum: Sum of bytes transferred for StoreData
+operations.
+<P><LI>StoreData_xfers_bytes_min: Minimum byte transfer observed for
+StoreData operations.
+<P><LI>StoreData_xfers_bytes_max: Maximum byte transfer observed for
+StoreData operations.
+<P><LI>StoreData_xfers_bucket0: Tally in bucket0 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket1: Tally in bucket1 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket2: Tally in bucket2 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket3: Tally in bucket3 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket4: Tally in bucket4 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket5: Tally in bucket5 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket6: Tally in bucket6 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket7: Tally in bucket7 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket8: Tally in bucket8 for StoreData
+operations.
+</UL>
+<P>Cache Manager RPC Operation Timings Group (CM_RPCopTimes_group)
+<UL>
+<P><LI>CallBack_ops: Number of CallBack operations executed.
+<P><LI>CallBack_ops_ok: Number of successful CallBack operations.
+<P><LI>CallBack_ops_sum: Sum of timings for CallBack operations.
+<P><LI>CallBack_ops_min: Minimum execution time observed for CallBack
+operations.
+<P><LI>CallBack_ops_max: Maximum execution time observed for CallBack
+operations.
+<P><LI>InitCallBackState_ops: Number of InitCallBackState operations
+executed.
+<P><LI>InitCallBackState_ops_ok: Number of successful InitCallBackState
+operations.
+<P><LI>InitCallBackState_ops_sum: Sum of timings for InitCallBackState
+operations.
+<P><LI>InitCallBackState_ops_min: Minimum execution time observed for
+InitCallBackState operations.
+<P><LI>InitCallBackState_ops_max: Maximum execution time observed for
+InitCallBackState operations.
+<P><LI>Probe_ops: Number of Probe operations executed.
+<P><LI>Probe_ops_ok: Number of successful Probe operations.
+<P><LI>Probe_ops_sum: Sum of timings for Probe operations.
+<P><LI>Probe_ops_min: Minimum execution time observed for Probe
+operations.
+<P><LI>Probe_ops_max: Maximum execution time observed for Probe
+operations.
+<P><LI>GetLock_ops: Number of GetLock operations executed.
+<P><LI>GetLock_ops_ok: Number of successful GetLock operations.
+<P><LI>GetLock_ops_sum: Sum of timings for GetLock operations.
+<P><LI>GetLock_ops_min: Minimum execution time observed for GetLock
+operations.
+<P><LI>GetLock_ops_max: Maximum execution time observed for GetLock
+operations.
+<P><LI>GetCE_ops: Number of GetCE operations executed.
+<P><LI>GetCE_ops_ok: Number of successful GetCE operations.
+<P><LI>GetCE_ops_sum: Sum of timings for GetCE operations.
+<P><LI>GetCE_ops_min: Minimum execution time observed for GetCE
+operations.
+<P><LI>GetCE_ops_max: Maximum execution time observed for GetCE
+operations.
+<P><LI>XStatsVersion_CM_ops: Number of XStatsVersion operations
+executed.
+<P><LI>XStatsVersion_CM_ops_ok: Number of successful XStatsVersion
+operations.
+<P><LI>XStatsVersion_CM_ops_sum: Sum of timings for XStatsVersion
+operations.
+<P><LI>XStatsVersion_CM_ops_min: Minimum execution time observed for
+XStatsVersion operations.
+<P><LI>XStatsVersion_CM_ops_max: Maximum execution time observed for
+XStatsVersion operations.
+<P><LI>GetXStats_CM_ops: Number of GetXStats operations executed.
+<P><LI>GetXStats_CM_ops_ok: Number of successful GetXStats
+operations.
+<P><LI>GetXStats_CM_ops_sum: Sum of timings for GetXStats
+operations.
+<P><LI>GetXStats_CM_ops_min: Minimum execution time observed for GetXStats
+operations.
+<P><LI>GetXStats_CM_ops_max: Maximum execution time observed for GetXStats
+operations.
+</UL>
+<P><H3><A NAME="Header_711" HREF="auagd002.htm#ToC_711">Authentication and Replicated File Access Section (Auth_Access_section)</A></H3>
+<P>Authentication Information for Cache Manager Group (Auth_Stats_group)
+<UL>
+<P><LI>curr_PAGs: Current number of PAGs.
+<P><LI>curr_Records: Current number of records in table.
+<P><LI>curr_AuthRecords: Current number of of authenticated records (with
+valid ticket).
+<P><LI>curr_UnauthRecords: Current number of of unauthenticated records
+(without any ticket at all).
+<P><LI>curr_MaxRecordsInPAG: Maximum records for a single PAG.
+<P><LI>curr_LongestChain: Length of longest current hash chain.
+<P><LI>PAGCreations: Number of PAG creations.
+<P><LI>TicketUpdates: Number of ticket additions/refreshes.
+<P><LI>HWM_PAGS: High water mark - number of PAGs.
+<P><LI>HWM_Records: High water mark - number of records.
+<P><LI>HWM_MaxRecordsInPAG: High water mark - maximum records for a
+single PAG.
+<P><LI>HWM_LongestChain: High water mark - longest hash chain.
+</UL>
+<P>Unreplicated File Access Group (Access_Stats_group)
+<UL>
+<P><LI>unreplicatedRefs: Number of references to unreplicated data.
+<P><LI>replicatedRefs: Number of references to replicated data.
+<P><LI>numReplicasAccessed: Number of replicas accessed.
+<P><LI>maxReplicasPerRef: Maximum number of replicas accessed per
+reference.
+<P><LI>refFirstReplicaOK: Number of references satisfied by 1st
+replica.
+</UL>
+<HR><H2><A NAME="HDRWQ619" HREF="auagd002.htm#ToC_712">The File Server Statistics</A></H2>
+<A NAME="IDX8188"></A>
+<P>File Server statistics are classified into the following sections and
+groups:
+<UL>
+<P><LI>PerfStats_section: Performance Statistics Section.
+<UL>
+<P><LI>VnodeCache_group: Vnode Cache Group.
+<P><LI>Directory_group: Directory Package Group.
+<P><LI>Rx_group: Rx Group.
+<P><LI>HostModule_group: Host Module Fields Group.
+<P><LI>misc_group: Miscellaneous Variables Group.
+</UL>
+<P><LI>RPCop_section: RPC Operations Section.
+<UL>
+<P><LI>RPCopTimes_group: Individual RPC Operation Timings.
+<P><LI>RPCopBytes_group: Byte Information for Certain RPC
+Operations.
+</UL>
+</UL>
+<P>All File Server variables categorized under the above sections and groups
+names are listed below.
+<P><H3><A NAME="Header_713" HREF="auagd002.htm#ToC_713">Performance Statistics Section (PerfStats_section)</A></H3>
+<P>Vnode Cache Group (VnodeCache_group)
+<UL>
+<P><LI>vcache_L_Entries: Number of entries in LARGE vnode cache.
+<P><LI>vcache_L_Allocs: Number of allocs (large).
+<P><LI>vcache_L_Gets: Number of gets (large).
+<P><LI>vcache_L_Reads: Number of reads (large).
+<P><LI>vcache_L_Writes: Number of writes (large).
+<P><LI>vcache_S_Entries: Number of entries in SMALL vnode cache.
+<P><LI>vcache_S_Allocs: Number of allocs (small).
+<P><LI>vcache_S_Gets: Number of gets (small).
+<P><LI>vcache_S_Reads: Number of reads (small).
+<P><LI>vcache_S_Writes: Number of writes (small).
+<P><LI>vcache_H_Entries: Number of entries in HEADER vnode cache.
+<P><LI>vcache_H_Gets: Number of gets (header)
+<P><LI>vcache_H_Replacements: Number of replacements (header)
+</UL>
+<P>Directory Package Group (Directory_group)
+<UL>
+<P><LI>dir_Buffers: Number of buffers in use.
+<P><LI>dir_Calls: Number of read calls made.
+<P><LI>dir_IOs: I/O operations performed.
+</UL>
+<P>Rx Group (Rx_group)
+<UL>
+<P><LI>rx_packetRequests: Packet allocation requests.
+<P><LI>rx_noPackets_RcvClass: Failed packet requests (receive
+class).
+<P><LI>rx_noPackets_SendClass: Failed packet requests (send class).
+<P><LI>rx_noPackets_SpecialClass: Failed packet requests (special
+class).
+<P><LI>rx_socketGreedy: Did SO_GREEDY succeed?
+<P><LI>rx_bogusPacketOnRead: Short packets received.
+<P><LI>rx_bogusHost: Host address from bogus packets.
+<P><LI>rx_noPacketOnRead: Read packets with no packet there.
+<P><LI>rx_noPacketBuffersOnRead: Packets dropped due to buffer
+shortage.
+<P><LI>rx_selects: Selects waiting on packet or timeout.
+<P><LI>rx_sendSelects: Selects forced upon sends.
+<P><LI>rx_packetsRead_RcvClass: Packets read (receive class).
+<P><LI>rx_packetsRead_SendClass: Packets read (send class).
+<P><LI>rx_packetsRead_SpecialClass: Packets read (special class).
+<P><LI>rx_dataPacketsRead: Unique data packets read off wire.
+<P><LI>rx_ackPacketsRead: ACK packets read.
+<P><LI>rx_dupPacketsRead: Duplicate data packets read.
+<P><LI>rx_spuriousPacketsRead: Inappropriate packets read.
+<P><LI>rx_packetsSent_RcvClass: Packets sent (receive class).
+<P><LI>rx_packetsSent_SendClass: Packets sent (send class).
+<P><LI>rx_packetsSent_SpecialClass: Packets sent (special class).
+<P><LI>rx_ackPacketsSent: ACK packets sent.
+<P><LI>rx_pingPacketsSent: Ping packets sent.
+<P><LI>rx_abortPacketsSent: Abort packets sent.
+<P><LI>rx_busyPacketsSent: Busy packets sent.
+<P><LI>rx_dataPacketsSent: Unique data packets sent.
+<P><LI>rx_dataPacketsReSent: Retransmissions sent.
+<P><LI>rx_dataPacketsPushed: Retransmissions pushed by NACK.
+<P><LI>rx_ignoreAckedPacket: Packets with ACKed flag on rxi_Start.
+<P><LI>rx_totalRtt_Sec and rx_totalRtt_Usec: Total round trip time (in
+seconds and milliseconds).
+<P><LI>rx_minRtt_Sec and rx_minRtt_Usec: Minimum round trip time (in
+seconds and milliseconds).
+<P><LI>rx_maxRtt_Sec and rx_maxRtt_Usec: Maximum round trip time (in
+seconds and milliseconds).
+<P><LI>rx_nRttSamples: Round trip samples.
+<P><LI>rx_nServerConns: Total server connections.
+<P><LI>rx_nClientConns: Total client connections.
+<P><LI>rx_nPeerStructs: Total peer structures.
+<P><LI>rx_nCallStructs: Total call structures.
+<P><LI>rx_nFreeCallStructs: Total free call structures.
+</UL>
+<P>Host Module Fields Group (HostModule_group)
+<UL>
+<P><LI>host_NumHostEntries: Number of host entries.
+<P><LI>host_HostBlocks: Blocks in use for hosts.
+<P><LI>host_NonDeletedHosts: Non-deleted hosts.
+<P><LI>host_HostsInSameNetOrSubnet: Hosts in same subnet as server.
+<P><LI>host_HostsInDiffSubnet: Hosts in different subnet than
+server.
+<P><LI>host_HostsInDiffNetwork: Hosts in different network than
+server.
+<P><LI>host_NumClients: Number of client entries.
+<P><LI>host_ClientBlocks: Blocks in use for clients.
+</UL>
+<P>Miscellaneous Variables Group (misc_group)
+<UL>
+<P><LI>numPerfCalls: Number of performance calls received.
+</UL>
+<P><H3><A NAME="Header_714" HREF="auagd002.htm#ToC_714">RPC Operations Section (RPCop_section)</A></H3>
+<P>Individual RPC Operation Timings Group (RPCopTimes_group)
+<UL>
+<P><LI>epoch: Time when data collection began.
+<P><LI>FetchData_ops: Number of FetchData operations executed.
+<P><LI>FetchData_ops_ok: Number of successful FetchData operations.
+<P><LI>FetchData_sum: Sum of timings for FetchData operations.
+<P><LI>FetchData_sqr: Sum of squares of sample timings for FetchData
+operations.
+<P><LI>FetchData_min: Minimum execution time observed for FetchData
+operations.
+<P><LI>FetchData_max: Maximum execution time observed for FetchData
+operations.
+<P><LI>FetchACL_ops: Number of FetchACL operations executed.
+<P><LI>FetchACL_ops_ok: Number of successful FetchACL operations.
+<P><LI>FetchACL_sum: Sum of timings for FetchACL operations.
+<P><LI>FetchACL_sqr: Sum of squares of sample timings for FetchACL
+operations.
+<P><LI>FetchACL_min: Minimum execution time observed for FetchACL
+operations.
+<P><LI>FetchACL_max: Maximum execution time observed for FetchACL
+operations.
+<P><LI>FetchStatus_ops: Number of FetchStatus operations executed.
+<P><LI>FetchStatus_ops_ok: Number of successful FetchStatus
+operations.
+<P><LI>FetchStatus_sum: Sum of timings for FetchStatus operations.
+<P><LI>FetchStatus_sqr: Sum of squares of sample timings for FetchStatus
+operations.
+<P><LI>FetchStatus_min: Minimum execution time observed for FetchStatus
+operations.
+<P><LI>FetchStatus_max: Maximum execution time observed for FetchStatus
+operations.
+<P><LI>StoreData_ops: Number of StoreData operations executed.
+<P><LI>StoreData_ops_ok: Number of successful StoreData operations.
+<P><LI>StoreData_sum: Sum of timings for StoreData operations.
+<P><LI>StoreData_sqr: Sum of squares of sample timings for StoreData
+operations.
+<P><LI>StoreData_min: Minimum execution time observed for StoreData
+operations.
+<P><LI>StoreData_max: Maximum execution time observed for StoreData
+operations.
+<P><LI>StoreACL_ops: Number of StoreACL operations executed.
+<P><LI>StoreACL_ops_ok: Number of successful StoreACL operations.
+<P><LI>StoreACL_sum: Sum of timings for StoreACL operations.
+<P><LI>StoreACL_sqr: Sum of squares of sample timings for StoreACL
+operations.
+<P><LI>StoreACL_min: Minimum execution time observed for StoreACL
+operations.
+<P><LI>StoreACL_max: Maximum execution time observed for StoreACL
+operations.
+<P><LI>StoreStatus_ops: Number of StoreStatus operations executed.
+<P><LI>StoreStatus_ops_ok: Number of successful StoreStatus
+operations.
+<P><LI>StoreStatus_sum: Sum of timings for StoreStatus operations.
+<P><LI>StoreStatus_sqr: Sum of squares of sample timings for StoreStatus
+operations.
+<P><LI>StoreStatus_min: Minimum execution time observed for StoreStatus
+operations.
+<P><LI>StoreStatus_max: Maximum execution time observed for StoreStatus
+operations.
+<P><LI>RemoveFile_ops: Number of RemoveFile operations executed.
+<P><LI>RemoveFile_ops_ok: Number of successful RemoveFile
+operations.
+<P><LI>RemoveFile_sum: Sum of timings for RemoveFile operations.
+<P><LI>RemoveFile_sqr: Sum of squares of sample timings for RemoveFile
+operations.
+<P><LI>RemoveFile_min: Minimum execution time observed for RemoveFile
+operations.
+<P><LI>RemoveFile_max: Maximum execution time observed for RemoveFile
+operations.
+<P><LI>CreateFile_ops: Number of CreateFile operations executed.
+<P><LI>CreateFile_ops_ok: Number of successful CreateFile
+operations.
+<P><LI>CreateFile_sum: Sum of timings for CreateFile operations.
+<P><LI>CreateFile_sqr: Sum of squares of sample timings for CreateFile
+operations.
+<P><LI>CreateFile_min: Minimum execution time observed for CreateFile
+operations.
+<P><LI>CreateFile_max: Maximum execution time observed for CreateFile
+operations.
+<P><LI>Rename_ops: Number of Rename operations executed.
+<P><LI>Rename_ops_ok: Number of successful Rename operations.
+<P><LI>Rename_sum: Sum of timings for Rename operations.
+<P><LI>Rename_sqr: Sum of squares of sample timings for Rename
+operations.
+<P><LI>Rename_min: Minimum execution time observed for Rename
+operations.
+<P><LI>Rename_max: Maximum execution time observed for Rename
+operations.
+<P><LI>Symlink_ops: Number of Symlink operations executed.
+<P><LI>Symlink_ops_ok: Number of successful Symlink operations.
+<P><LI>Symlink_sum: Sum of timings for Symlink operations.
+<P><LI>Symlink_sqr: Sum of squares of sample timings for Symlink
+operations.
+<P><LI>Symlink_min: Minimum execution time observed for Symlink
+operations.
+<P><LI>Symlink_max: Maximum execution time observed for Symlink
+operations.
+<P><LI>Link_ops: Number of Link operations executed.
+<P><LI>Link_ops_ok: Number of successful Link operations.
+<P><LI>Link_sum: Sum of timings for Link operations.
+<P><LI>Link_sqr: Sum of squares of sample timings for Link
+operations.
+<P><LI>Link_min: Minimum execution time observed for Link
+operations.
+<P><LI>Link_max: Maximum execution time observed for Link
+operations.
+<P><LI>MakeDir_ops: Number of MakeDir operations executed.
+<P><LI>MakeDir_ops_ok: Number of successful MakeDir operations.
+<P><LI>MakeDir_sum: Sum of timings for MakeDir operations.
+<P><LI>MakeDir_sqr: Sum of squares of sample timings for MakeDir
+operations.
+<P><LI>MakeDir_min: Minimum execution time observed for MakeDir
+operations.
+<P><LI>MakeDir_max: Maximum execution time observed for MakeDir
+operations.
+<P><LI>RemoveDir_ops: Number of RemoveDir operations executed.
+<P><LI>RemoveDir_ops_ok: Number of successful RemoveDir operations.
+<P><LI>RemoveDir_sum: Sum of timings for RemoveDir operations.
+<P><LI>RemoveDir_sqr: Sum of squares of sample timings for RemoveDir
+operations.
+<P><LI>RemoveDir_min: Minimum execution time observed for RemoveDir
+operations.
+<P><LI>RemoveDir_max: Maximum execution time observed for RemoveDir
+operations.
+<P><LI>SetLock_ops: Number of SetLock operations executed.
+<P><LI>SetLock_ops_ok: Number of successful SetLock operations.
+<P><LI>SetLock_sum: Sum of timings for SetLock operations.
+<P><LI>SetLock_sqr: Sum of squares of sample timings for SetLock
+operations.
+<P><LI>SetLock_min: Minimum execution time observed for SetLock
+operations.
+<P><LI>SetLock_max: Maximum execution time observed for SetLock
+operations.
+<P><LI>ExtendLock_ops: Number of ExtendLock operations executed.
+<P><LI>ExtendLock_ops_ok: Number of successful ExtendLock
+operations.
+<P><LI>ExtendLock_sum: Sum of timings for ExtendLock operations.
+<P><LI>ExtendLock_sqr: Sum of squares of sample timings for ExtendLock
+operations.
+<P><LI>ExtendLock_min: Minimum execution time observed for ExtendLock
+operations.
+<P><LI>ExtendLock_max: Maximum execution time observed for ExtendLock
+operations.
+<P><LI>ReleaseLock_ops: Number of ReleaseLock operations executed.
+<P><LI>ReleaseLock_ops_ok: Number of successful ReleaseLock
+operations.
+<P><LI>ReleaseLock_sum: Sum of timings for ReleaseLock operations.
+<P><LI>ReleaseLock_sqr: Sum of squares of sample timings for ReleaseLock
+operations.
+<P><LI>ReleaseLock_min: Minimum execution time observed for ReleaseLock
+operations.
+<P><LI>ReleaseLock_max: Maximum execution time observed for ReleaseLock
+operations.
+<P><LI>GetStatistics_ops: Number of GetStatistics operations
+executed.
+<P><LI>GetStatistics_ops_ok: Number of successful GetStatistics
+operations.
+<P><LI>GetStatistics_sum: Sum of timings for GetStatistics
+operations.
+<P><LI>GetStatistics_sqr: Sum of squares of sample timings for
+GetStatistics operations.
+<P><LI>GetStatistics_min: Minimum execution time observed for GetStatistics
+operations.
+<P><LI>GetStatistics_max: Maximum execution time observed for GetStatistics
+operations.
+<P><LI>GiveUpCallbacks_ops: Number of GiveUpCallbacks operations
+executed.
+<P><LI>GiveUpCallbacks_ops_ok: Number of successful GiveUpCallbacks
+operations.
+<P><LI>GiveUpCallbacks_sum: Sum of timings for GiveUpCallbacks
+operations.
+<P><LI>GiveUpCallbacks_sqr: Sum of squares of sample timings for
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_min: Minimum execution time observed for
+GiveUpCallbacks operations.
+<P><LI>GiveUpCallbacks_max: Maximum execution time observed for
+GiveUpCallbacks operations.
+<P><LI>GetVolumeInfo_ops: Number of GetVolumeInfo operations
+executed.
+<P><LI>GetVolumeInfo_ops_ok: Number of successful GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_sum: Sum of timings for GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_sqr: Sum of squares of sample timings for
+GetVolumeInfo operations.
+<P><LI>GetVolumeInfo_min: Minimum execution time observed for GetVolumeInfo
+operations.
+<P><LI>GetVolumeInfo_max: Maximum execution time observed for GetVolumeInfo
+operations.
+<P><LI>GetVolumeStatus_ops: Number of GetVolumeStatus operations
+executed.
+<P><LI>GetVolumeStatus_ops_ok: Number of successful GetVolumeStatus
+operations.
+<P><LI>GetVolumeStatus_sum: Sum of timings for GetVolumeStatus
+operations.
+<P><LI>GetVolumeStatus_sqr: Sum of squares of sample timings for
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_min: Minimum execution time observed for
+GetVolumeStatus operations.
+<P><LI>GetVolumeStatus_max: Maximum execution time observed for
+GetVolumeStatus operations.
+<P><LI>SetVolumeStatus_ops: Number of SetVolumeStatus operations
+executed.
+<P><LI>SetVolumeStatus_ops_ok: Number of successful SetVolumeStatus
+operations.
+<P><LI>SetVolumeStatus_sum: Sum of timings for SetVolumeStatus
+operations.
+<P><LI>SetVolumeStatus_sqr: Sum of squares of sample timings for
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_min: Minimum execution time observed for
+SetVolumeStatus operations.
+<P><LI>SetVolumeStatus_max: Maximum execution time observed for
+SetVolumeStatus operations.
+<P><LI>GetRootVolume_ops: Number of GetRootVolume operations
+executed.
+<P><LI>GetRootVolume_ops_ok: Number of successful GetRootVolume
+operations.
+<P><LI>GetRootVolume_sum: Sum of timings for GetRootVolume
+operations.
+<P><LI>GetRootVolume_sqr: Sum of squares of sample timings for
+GetRootVolume operations.
+<P><LI>GetRootVolume_min: Minimum execution time observed for GetRootVolume
+operations.
+<P><LI>GetRootVolume_max: Maximum execution time observed for GetRootVolume
+operations.
+<P><LI>CheckToken_ops: Number of CheckToken operations executed.
+<P><LI>CheckToken_ops_ok: Number of successful CheckToken
+operations.
+<P><LI>CheckToken_sum: Sum of timings for CheckToken operations.
+<P><LI>CheckToken_sqr: Sum of squares of sample timings for CheckToken
+operations.
+<P><LI>CheckToken_min: Minimum execution time observed for CheckToken
+operations.
+<P><LI>CheckToken_max: Maximum execution time observed for CheckToken
+operations.
+<P><LI>GetTime_ops: Number of GetTime operations executed.
+<P><LI>GetTime_ops_ok: Number of successful GetTime operations.
+<P><LI>GetTime_sum: Sum of timings for GetTime operations.
+<P><LI>GetTime_sqr: Sum of squares of sample timings for GetTime
+operations.
+<P><LI>GetTime_min: Minimum execution time observed for GetTime
+operations.
+<P><LI>GetTime_max: Maximum execution time observed for GetTime
+operations.
+<P><LI>NGetVolumeInfo_ops: Number of NGetVolumeInfo operations
+executed.
+<P><LI>NGetVolumeInfo_ops_ok: Number of successful NGetVolumeInfo
+operations.
+<P><LI>NGetVolumeInfo_sum: Sum of timings for NGetVolumeInfo
+operations.
+<P><LI>NGetVolumeInfo_sqr: Sum of squares of sample timings for
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_min: Minimum execution time observed for
+NGetVolumeInfo operations.
+<P><LI>NGetVolumeInfo_max: Maximum execution time observed for
+NGetVolumeInfo operations.
+<P><LI>BulkStatus_ops: Number of BulkStatus operations executed.
+<P><LI>BulkStatus_ops_ok: Number of successful BulkStatus
+operations.
+<P><LI>BulkStatus_sum: Sum of timings for BulkStatus operations.
+<P><LI>BulkStatus_sqr: Sum of squares of sample timings for BulkStatus
+operations.
+<P><LI>BulkStatus_min: Minimum execution time observed for BulkStatus
+operations.
+<P><LI>BulkStatus_max: Maximum execution time observed for BulkStatus
+operations.
+<P><LI>XStatsVersion_ops: Number of XStatsVersion operations
+executed.
+<P><LI>XStatsVersion_ops_ok: Number of successful XStatsVersion
+operations.
+<P><LI>XStatsVersion_sum: Sum of timings for XStatsVersion
+operations.
+<P><LI>XStatsVersion_sqr: Sum of squares of sample timings for
+XStatsVersion operations.
+<P><LI>XStatsVersion_min: Minimum execution time observed for XStatsVersion
+operations.
+<P><LI>XStatsVersion_max: Maximum execution time observed for XStatsVersion
+operations.
+<P><LI>GetXStats_ops: Number of GetXStats operations executed.
+<P><LI>GetXStats_ops_ok: Number of successful GetXStats operations.
+<P><LI>GetXStats_sum: Sum of timings for GetXStats operations.
+<P><LI>GetXStats_sqr: Sum of squares of sample timings for GetXStats
+operations.
+<P><LI>GetXStats_min: Minimum execution time observed for GetXStats
+operations.
+<P><LI>GetXStats_max: Maximum execution time observed for GetXStats
+operations.
+</UL>
+<P>Byte Information for Certain RPC Operations Group (RPCopBytes_group)
+<UL>
+<P><LI>FetchData_xfers: Number of FetchData operations.
+<P><LI>FetchData_xfers_ok: Number of successful FetchData
+operations.
+<P><LI>FetchData_xfers_sum: Sum of timing values for FetchData
+operations.
+<P><LI>FetchData_xfers_sqr: Sum of squares of sample timings for FetchData
+operations.
+<P><LI>FetchData_xfers_min: Minimum transfer time observed for FetchData
+operations.
+<P><LI>FetchData_xfers_max: Maximum transfer time observed for FetchData
+operations.
+<P><LI>FetchData_xfers_bytes_sum: Sum of bytes transferred for FetchData
+operations.
+<P><LI>FetchData_xfers_bytes_min: Minimum byte transfer observed for
+FetchData operations.
+<P><LI>FetchData_xfers_bytes_max: Maximum byte transfer observed for
+FetchData operations.
+<P><LI>FetchData_xfers_bucket0: Tally in bucket0 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket1: Tally in bucket1 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket2: Tally in bucket2 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket3: Tally in bucket3 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket4: Tally in bucket4 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket5: Tally in bucket5 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket6: Tally in bucket6 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket7: Tally in bucket7 for FetchData
+operations.
+<P><LI>FetchData_xfers_bucket8: Tally in bucket8 for FetchData
+operations.
+<P><LI>StoreData_xfers: Number of StoreData operations.
+<P><LI>StoreData_xfers_ok: Number of successful StoreData
+operations.
+<P><LI>StoreData_xfers_sum: Sum of timing values for StoreData
+operations.
+<P><LI>StoreData_xfers_sqr: Sum of squares of sample timings for StoreData
+operations.
+<P><LI>StoreData_xfers_min: Minimum transfer time observed for StoreData
+operations.
+<P><LI>StoreData_xfers_max: Maximum transfer time observed for StoreData
+operations.
+<P><LI>StoreData_xfers_bytes_sum: Sum of bytes transferred for StoreData
+operations.
+<P><LI>StoreData_xfers_bytes_min: Minimum byte transfer observed for
+StoreData operations.
+<P><LI>StoreData_xfers_bytes_max: Maximum byte transfer observed for
+StoreData operations.
+<P><LI>StoreData_xfers_bucket0: Tally in bucket0 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket1: Tally in bucket1 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket2: Tally in bucket2 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket3: Tally in bucket3 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket4: Tally in bucket4 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket5: Tally in bucket5 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket6: Tally in bucket6 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket7: Tally in bucket7 for StoreData
+operations.
+<P><LI>StoreData_xfers_bucket8: Tally in bucket8 for StoreData
+operations.
+</UL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd023.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd025.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd024.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auagd026.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ620" HREF="auagd002.htm#ToC_715">Appendix D. AIX Audit Events</A></H1>
+<P>This Appendix provides a complete listing of the AFS events
+that can be audited on AIX file server machines. See Chapter <A HREF="auagd013.htm#HDRWQ323">Monitoring and Auditing AFS Performance</A> for instructions on auditing AFS events on AIX file server
+machines.
+<A NAME="IDX8189"></A>
+<HR><H2><A NAME="HDRWQ621" HREF="auagd002.htm#ToC_716">Introduction</A></H2>
+<P>Below is a list of the AFS events contained in the file
+<B>/afs/usr/local/audit/events.sample</B>. Each entry
+contains information on the event class, the name of the event, the parameters
+associated with the event, and a description of the event.
+<P>Most events have an associated error code that shows the outcome of the
+event (since each event is recorded after it occurs), an AFSName (the
+authentication identify of the requesting process), and a host ID (from which
+the request originated). Many events follow the RPC server entry calls
+defined in the <I>AFS Programmer's Reference Manual</I>.
+<P>Events are classed by functionality (this is AIX specific). Some
+events possibly fall into one of more of the following classes which are
+defined by the file <B>/usr/afs/local/config.sample</B>:
+<UL>
+<P><LI>A (afsauthent): Authentication and Identification Events
+<P><LI>S (afssecurity): Security Events
+<P><LI>P (afsprivilege): Privilege Required Events
+<P><LI>O (afsobjects): Object Creation and Deletion Events
+<P><LI>M (afsattributes): Attribute modification
+<P><LI>C (afsprocess): Process Control Events
+</UL>
+<HR><H2><A NAME="HDRWQ622" HREF="auagd002.htm#ToC_717">Audit-Specific Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Audit_WR
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%"><string>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The file "/usr/afs/Audit" has been written to (AIX specific
+event).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_On
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Auditing is on for this server process (recorded on startup of a
+server).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_Off
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Auditing is off for this server process (recorded on startup of a
+server).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_Unauth
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Event triggered by an unauthorized user.
+</TD></TR></TABLE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The following audit-specific events indicate an error has occurred while
+recording the event. Most events have an AFSName associated with them
+and a host ID. If this information cannot be gathered out of the Rx
+structure, one of these events is raised.
+</TD></TR></TABLE>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_NoCall
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">No rx call structure with this event. Cannot get security, AFS ID,
+or origin of call.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_NoConn
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">No connection info associated with rx call. Cannot get security,
+AFS ID, or origin of call.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_UnknSec
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Security of call is unknown (must be authorized or unauthorized
+caller).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_NoAFSId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">No AFS ID/name associated with a secure event.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_NoHost
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">No information about origin (machine) of caller.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Aud_EINVAL
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">Event
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Error in audit event parameter (can't record the event
+parameter).
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ627" HREF="auagd002.htm#ToC_718">Volume Server Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Start
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The volume server has started.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Finish
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The volume server has finished. Finish events are rare since the
+server process is normally aborted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Exit
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The volume server has exited. Exit events are rare since the
+server process is normally aborted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_TransCr
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans VolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolTransCreate - Create transaction for a [volume, partition]
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_EndTrn
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolEndTrans - End a transaction.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_CrVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans VolID VolName Type ParentID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolCreateVolume - Create a volume (volumeId volumeName)
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_DelVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolDeleteVolume - Delete a volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_NukVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID VolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolNukeVolume - Obliterate a volume completely (volume ID).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Dump
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolDump - Dump the contents of a volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_SigRst
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID VolName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolSignalRestore - Show intention to call AFSVolRestore.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Restore
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolRestore - Recreate a volume from a dump.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Forward
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID FromTrans Host DestTrans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolForward - Dump a volume, then restore to a given server and
+volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Clone
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans Purge NewName NewType NewVolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolClone - Clone (and optionally purge) a volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_ReClone
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans CloneVolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolReClone - Reclone a volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_SetForw
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans NewHost
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolSetForwarding - Set forwarding information for a moved
+volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_GetFlgs
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolGetFlags - Get volume flags for a transaction.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_SetFlgs
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans Flags
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolSetFlags - Set volume flags for a transaction.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_GetName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolGetName - Get the volume name associated with a transaction.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_GetStat
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolGetStatus - Get status of a transaction/volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_SetIdTy
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans VolName Type ParentId CloneID BackupID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolSetIdsTypes - Set header information for a volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_SetDate
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans Date
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolSetDate - Set creation date in a volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_ListPar
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolListPartitions - Return a list of AFS partitions on a
+server.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_ParInf
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID PartName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolPartitionInfo - Get partition information.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_ListVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolListVolumes - Return a list of volumes on a server.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_XLstVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolXListVolumes - Return a (detailed) list of volumes on a
+server.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Lst1Vol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID VolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolListOneVolume - Return header information for a single
+volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_XLst1Vl
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID VolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolXListOneVolume - Return (detailed) header information for a single
+volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_GetNVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID VolID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolGetNthVolume - Get volume header given its index.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_Monitor
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolMonitor - Collect server transaction state.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VS_SetInfo
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Trans
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">AFSVolSetInfo - Set volume status.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ630" HREF="auagd002.htm#ToC_719">Backup Server Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_Start
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The backup server has started.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_Finish
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The backup server has finished. Finish events are rare since the
+server process is normally aborted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_Exit
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The backup server has exited. Exit events are rare since the
+server process is normally aborted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_CrDmp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_CreateDump - Create a new dump.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_AppDmp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_makeDumpAppended - Make the dump an appended dump.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_DelDmp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_DeleteDump - Delete a dump.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FinDmp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FinishDump- Notify buserver that dump is finished.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_UseTpe
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_UseTape - Create/add a tape entry to a dump.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_DelTpe
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_DeleteTape - Remove a tape from the database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FinTpe
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FinishTape - Writing to a tape is completed.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_AddVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_AddVolume - Add a volume to a particular dump and tape.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetTxV
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Type
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetTextVersion - Get the version number for
+hosts/volume-sets/dump-hierarchy.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetTxt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Type
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetText - Get the information about
+hosts/volume-sets/dump-hierarchy.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_SavTxt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Type
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_SaveText - Overwrite the information about
+hosts/volume-sets/dump-hierarchy.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetLck
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetLock - Take a lock for reading/writing text information.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FrALck
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FreeLock - Free a lock.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FreLck
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FreeAllLocks - Free all locks.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetIId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetInstanceId - Get lock instance id.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_DmpDB
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_DumpDB - Start dumping the database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_RstDBH
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_RestoreDbHeader - Restore the database header.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_DBVfy
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_DbVerify - Verify the database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FndDmp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FindDump - Find the dump a volume belongs to.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetDmp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetDumps - Get a list of dumps in the database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FnLTpe
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FindLastTape - Find last tape, and last volume on tape of a
+dump.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetTpe
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetTapes - Find a list of tapes based on name or dump ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_GetVol
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_GetVolumes - Find a list of volumes based on dump or tape
+name.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_DelVDP
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID dumpSetName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_DeleteVDP - Delete dumps with given name and dump path.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FndCln
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FindClone - Find clone time of volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_FndLaD
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_FindLatestDump - Find the latest dump a volume belongs to.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_TGetVr
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_T_GetVersion - Test Get version.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_TDmpHa
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_T_DumpHashTable - Test dump of hash table.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BUDB_TDmpDB
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID file
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BUDB_T_DumpDatabase - Test dump of database.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ633" HREF="auagd002.htm#ToC_720">Protection Server Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_Start
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The protection server has started.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_Finish
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The protection server has finished. Finish events are rare since
+the server process is normally aborted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_Exit
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The protection server has exited. Exit events are rare since the
+server process is normally aborted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_NmToId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_NameToID - Perform one or more name-to-ID translations.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_IdToNm
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_IDToName - Perform one or more ID-to-name translations.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_NewEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId Name OwnerId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_NewEntry - Create a PDB (Protection DataBase) entry for the given
+name.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_INewEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId Name OwnerId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_INewEntry - Create a PDB entry for the given name and ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_LstEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_ListEntry - Get the contents of a PDB entry based on its ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_DmpEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Position
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_DumpEntry - Get the contents of a PDB entry based on its
+offset.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_ChgEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId NewName NewOwnerId NewId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_ChangeEntry - Change an existing PDB entry's ID, name, owner, or
+a combination.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_SetFEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_SetFieldsEntry - Change miscellaneous fields in an existing PDB
+entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_Del
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_Delete - Delete an existing PDB entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">FS_PTS_WheIsIt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId Position
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_WhereIsIt - Get the PDB byte offset of the entry for a given
+ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_AdToGrp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId UserId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_AddToGroup - Add a user to a group.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_RmFmGrp
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId UserId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_RemoveFromGroup - Remove a user from a chosen group.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_LstMax
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_ListMax - Get the largest allocated user and group ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_SetMax
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId flag
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_SetMax - Set the largest allocated user and group ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_LstEle
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_ListElements - List all IDs associated with a user or group.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_GetCPS
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_GetCPS - Get the CPS (Current Protection Subdomain) for the given
+ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_GetCPS2
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId Host
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_GetCPS2 - Get the CPS for the given id and host.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_GetHCPS
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID Host
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_GetHostCPS - Get the CPS for the given host.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_LstOwn
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_ListOwned - Get all IDs owned by the given ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PTS_IsMemOf
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID UserId GroupId
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">PR_IsAMemberOf - Is a given user ID a member of a specified group?
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ636" HREF="auagd002.htm#ToC_721">Authentication Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAA_ChPswd
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAA_ChangePassword - Change password.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAA_Auth
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">A S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAA_Authenticate - Authenticate to the cell.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAA_AuthO
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAA_Authenticate_old - Old style authentication.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAT_GetTkt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">A S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAT_GetTicket - An attempt was made to get an AFS ticket for some
+principal listed in the Authentication Database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAT_GetTktO
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAT_GetTicket_old - An attempt was made to get an AFS ticket for some
+principal listed in the Authentication Database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_CrUser
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_CreateUser - Create a user.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_DelUser
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_DeleteUser - Delete a user.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_SetPswd
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_SetPassword - Set the password for a user.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_GetPswd
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_GetPassword - Get the password of a user.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_GetEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_GetEntry - The RPC made by the <B>kas examine</B> command to get
+one entry from the Authentication Database (by index entry).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_LstEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID index
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_ListEntry - The RPC made to list one or more entries in the
+Authentication Database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_Dbg
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_Debug - The RPC that produces a debugging trace for the
+Authentication Server.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_SetFld
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance flags date lifetime maxAssoc
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_SetFields - The RPC used by the <B>kas setfields</B> command to
+manipulate the Authentication Database.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_GetStat
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_GetStatus - An RPC used to get statistics on the Authentication
+Server.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_KAM_GRnKey
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_GetRandomKey - An RPC used to generate a random encryption
+key.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_UnlockUser
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_Unlock - The RPC used to initiate the <B>kas unlock</B>
+command.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_LockStatus
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">KAM_LockStatus - The RPC used to determine whether a user's
+Authentication Database entry is locked.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_UseOfPriv
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance cell
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">An authorized command was issued and allowed because the user had
+privilege.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_UnAth
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name instance cell
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">An authorized command was issued and allowed because the system was
+running in noauth mode.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_UDPAuth
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">A S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">An authentication attempt was made with a Kerberos client.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_UDPGetTckt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">A S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode name instance cell name instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">An attempt was made to get a Kerberos ticket.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_RunNoAuth
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Check was made and some random server is running noauth.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_NoAuthDsbl
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Server is set to run in authenticated mode.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_NoAuthEnbl
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Server is set to run in unauthenticated mode.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ639" HREF="auagd002.htm#ToC_722">File Server and Cache Manager Interface Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_FchACL
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_FetchACL - Fetch the ACL associated with the given AFS file
+identifier.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_FchStat
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_FetchStatus - Fetch the status information for a file system
+object.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_StACL
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_StoreACL - Associate an ACL with the names directory.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_StStat
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_StoreStatus - Store status information for the specified
+file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_RmFile
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_RemoveFile - Delete the given file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_CrFile
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_CreateFile - Create the given file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_RNmFile
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (oldFID) oldName (newFID) newName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_Rename - Rename the specified file in the given directory.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_SymLink
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_Symlink - Create a symbolic link.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_Link
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) name (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_Link - Create a hard link.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_MakeDir
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_MakeDir - Create a directory.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_RmDir
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_RemoveDir - Remove a directory.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_SetLock
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID) type
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_SetLock - Set an advisory lock on the given file identifier.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_ExtLock
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_ExtendLock - Extend an advisory lock on a file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_RelLock
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_ReleaseLock - Release the advisory lock on a file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_FchData
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">StartRXAFS_FetchData - Begin a request to fetch file data.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_StData
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">StartRXAFS_StoreData - Begin a request to store file data.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_BFchSta
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID (FID)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_BulkStatus - Fetch status information regarding a set of file
+system objects.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_SRX_SetVolS
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volId volName
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">RXAFS_SetVolumeStatus - Set the basic status information for the named
+volume.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_Priv
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode viceId callRoutine
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Checking Permission Rights of user - user has permissions.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_PrivSet
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode viceId callRoutine
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">Set the privileges of a user.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ642" HREF="auagd002.htm#ToC_723">BOS Server Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_CreBnod
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_CreateBnode - Create a process instance.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_DelBnod
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_DeleteBnode - Delete a process instance.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_SetReSt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_Restart - Restart a given process instance.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_GetLog
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">StartBOZO_GetLog - Pass the IN params when fetching a BOS Server log
+file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_SetStat
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_SetStatus - Set process instance status and goal.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_SetTSta
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_SetTStatus - Temporarily set process instance status and
+goal.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_StartAl
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_StartupAll - Start all existing process instances.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_ShtdAll
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_ShutdownAll - Shut down all process instances.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_ReStAll
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_RestartAll - Shut down, then restart all process instances.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_ReBos
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_ReBozo - Shut down, then restart all process instances and the BOS
+Server itself.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_ReBosIn
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_ReBozo - Same as AFS_BOS_ReBos but done internally (server
+restarts).
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_ReStart
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID instance
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_Restart - Restart a given process instance.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_WaitAll
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_WaitAll - Wait until all process instances have reached their
+goals.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_AddSUsr
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_AddSUser - Add a user to the UserList.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_DelSUsr
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_DeleteSUser - Delete a user from the UserList.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_LstSUsr
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_ListSUsers - Get the name of the user in the given position in the
+UserList file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_LstKey
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_ListKeys - List information about the key at a given index in the
+key file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_LstKeyU
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_ListKeys - Same as AFS_BOS_LstKey, but unauthorized.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_AddKey
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_AddKey - Add a key to the key file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_DelKey
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_DeleteKey - Delete the entry for an AFS key.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_SetNoAu
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID flag
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_SetNoAuthFlag - Enable or disable authenticated call
+requirements.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_SetCell
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_SetCellName - Set the name of the cell to which the BOS Server
+belongs.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_AddHst
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_AddCellHost - Add an entry to the list of database server
+hosts.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_DelHst
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">S P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_DeleteCellHost - Delete an entry from the list of database server
+hosts.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_Inst
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">
+<P>StartBOZO_Install - Pass the IN parameters when installing a server
+binary.
+<P>EndBOZO_Install - Get the OUT parameters when installing a server
+binary.
+<BR></TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_UnInst
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_UnInstall - Roll back from a server binary installation.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_PrnLog
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P O
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_Prune - Throw away old versions of server binaries and core
+file.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_Exec
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID cmd
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">BOZO_Exec - Execute a shell command at the server.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_DoExec
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode exec
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">The <B>bosserver</B> process was restarted.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_BOS_StpProc
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P C
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode cmd
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">An RPC to stop any process controlled by the BOS Server.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ645" HREF="auagd002.htm#ToC_724">Volume Location Server Events</A></H2>
+<BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="28%"><B>Event</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="10%"><B>Class</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="25%"><B>Parameters</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="38%"><B>Description</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_CreEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID name
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_CreateEntry - Create a VLDB entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_DelEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_DeleteEntry - Delete a VLDB entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_GetNVlID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">None
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_GetNewVolumeId - Generate a new volume ID.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_RepEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_ReplaceEntry - Replace entire contents of VLDB entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_UpdEnt
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P M
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_UpdateEntry - Update contents of VLDB entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_SetLck
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_SetLock - Lock VLDB entry.
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="28%">AFS_VL_RelLck
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="10%">P
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="25%">ECode AFSName HostID volID
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="38%">VL_ReleaseLock - Unlock VLDB entry.
+</TD></TR></TABLE>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd024.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auagd026.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auagd026.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3570/auagd000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 11:42:14 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 11:42:13">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 11:42:13">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 11:42:13">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd025.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <P>
+<HR><H1><A NAME="HDRINDEX" HREF="auagd002.htm#ToC_725">Index</A></H1>
+<A NAME="IDX0_41" HREF="#IDX1_41">A</A>
+<A NAME="IDX0_42" HREF="#IDX1_42">B</A>
+<A NAME="IDX0_43" HREF="#IDX1_43">C</A>
+<A NAME="IDX0_44" HREF="#IDX1_44">D</A>
+<A NAME="IDX0_45" HREF="#IDX1_45">E</A>
+<A NAME="IDX0_46" HREF="#IDX1_46">F</A>
+<A NAME="IDX0_47" HREF="#IDX1_47">G</A>
+<A NAME="IDX0_48" HREF="#IDX1_48">H</A>
+<A NAME="IDX0_49" HREF="#IDX1_49">I</A>
+<A NAME="IDX0_4A" HREF="#IDX1_4A">J</A>
+<A NAME="IDX0_4B" HREF="#IDX1_4B">K</A>
+<A NAME="IDX0_4C" HREF="#IDX1_4C">L</A>
+<A NAME="IDX0_4D" HREF="#IDX1_4D">M</A>
+<A NAME="IDX0_4E" HREF="#IDX1_4E">N</A>
+<A NAME="IDX0_4F" HREF="#IDX1_4F">O</A>
+<A NAME="IDX0_50" HREF="#IDX1_50">P</A>
+<A NAME="IDX0_51" HREF="#IDX1_51">Q</A>
+<A NAME="IDX0_52" HREF="#IDX1_52">R</A>
+<A NAME="IDX0_53" HREF="#IDX1_53">S</A>
+<A NAME="IDX0_54" HREF="#IDX1_54">T</A>
+<A NAME="IDX0_55" HREF="#IDX1_55">U</A>
+<A NAME="IDX0_56" HREF="#IDX1_56">V</A>
+<A NAME="IDX0_57" HREF="#IDX1_57">W</A>
+<A NAME="IDX0_58" HREF="#IDX1_58">X</A>
+<HR>
+<STRONG><A NAME="IDX1_41" HREF="#IDX0_41">A</A></STRONG>
+<MENU>
+<LI>a ACL permission
+<A HREF="auagd020.htm#IDX8032">(8032)</A>
+<LI>A instruction
+<MENU>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7695">(7695)</A>
+</MENU>
+<LI>access
+<MENU>
+<LI> permissions on ACL (see entries: <I>permissions on ACL</I>, <I>ACL</I>)
+<A HREF="auagd020.htm#IDX8022">(8022)</A>
+<LI>control list, see entry: <I>ACL</I>
+<A HREF="auagd006.htm#IDX5594">(5594)</A>
+<LI>count, in volume header
+<A HREF="auagd010.htm#IDX6623">(6623)</A>
+<LI>transparent (AFS feature)
+<A HREF="auagd006.htm#IDX5558">(5558)</A>
+</MENU>
+<LI>ACL
+<MENU>
+<LI>adding entries
+<A HREF="auagd020.htm#IDX8065">(8065)</A>
+<LI>auxiliary permissions
+<A HREF="auagd020.htm#IDX8041">(8041)</A>
+<LI>cleaning
+<A HREF="auagd020.htm#IDX8097">(8097)</A>
+<LI>clearing
+<A HREF="auagd020.htm#IDX8081">(8081)</A>
+<LI>compared to UNIX protection
+<A HREF="auagd020.htm#IDX8020">(8020)</A>
+<LI>copying between directories
+<A HREF="auagd020.htm#IDX8088">(8088)</A>
+<LI>default on new volume
+<A HREF="auagd010.htm#IDX6467">(6467)</A>
+<LI>displaying
+<A HREF="auagd020.htm#IDX8059">(8059)</A>
+<LI>editing entries
+<A HREF="auagd020.htm#IDX8064">(8064)</A>
+<LI>foreign users on
+<A HREF="auagd020.htm#IDX8058">(8058)</A>
+<LI>group entries, usefulness
+<A HREF="auagd020.htm#IDX8052">(8052)</A>
+<LI>normal vs. negative permissions
+<A HREF="auagd020.htm#IDX8048">(8048)</A>
+<LI>permissions defined
+<A HREF="auagd020.htm#IDX8024">(8024)</A>
+<LI>removing entries
+<A HREF="auagd020.htm#IDX8066">(8066)</A>
+<LI>removing obsolete AFS IDs
+<A HREF="auagd020.htm#IDX8093">(8093)</A>
+<LI>replacing all entries
+<A HREF="auagd020.htm#IDX8080">(8080)</A>
+<LI>setting entries
+<A HREF="auagd020.htm#IDX8063">(8063)</A>
+<LI>setting for directory with uss
+<A HREF="auagd017.htm#IDX7668">(7668)</A>
+<LI>setting on user home directory with uss
+<A HREF="auagd017.htm#IDX7659">(7659)</A>
+<LI>shorthand notation for grouping permissions
+<A HREF="auagd020.htm#IDX8042">(8042)</A>
+<LI>system groups on
+<A HREF="auagd020.htm#IDX8055">(8055)</A>
+</MENU>
+<LI>active
+<MENU>
+<LI>clients statistic from scout program
+<A HREF="auagd013.htm#IDX7122">(7122)</A>
+<LI>state of fstrace event set
+<A HREF="auagd013.htm#IDX7158">(7158)</A>
+</MENU>
+<LI>adding
+<MENU>
+<LI>ACL entry
+<MENU>
+<LI>negative permissions
+<A HREF="auagd020.htm#IDX8078">(8078)</A>
+<LI>normal permissions
+<A HREF="auagd020.htm#IDX8071">(8071)</A>
+</MENU>
+<LI>ADMIN flag to Authentication Database entry
+<A HREF="auagd021.htm#IDX8135">(8135)</A>
+<LI>CellServDB file (server) entry for database server machine
+<A HREF="auagd008.htm#IDX6153">(6153)</A>
+<LI>database server machine
+<MENU>
+<LI>to client CellServDB file and kernel memory
+<A HREF="auagd015.htm#IDX7422">(7422)</A>
+<LI>to server CellServDB file
+<A HREF="auagd008.htm#IDX6150">(6150)</A>
+</MENU>
+<LI>disk to file server machine
+<A HREF="auagd008.htm#IDX6202">(6202)</A>
+<LI>members to groups
+<A HREF="auagd019.htm#IDX7946">(7946)</A>
+<LI>read-only site definition in VLDB
+<A HREF="auagd010.htm#IDX6521">(6521)</A>
+<LI>server encryption key to KeyFile file
+<A HREF="auagd014.htm#IDX7280">(7280)</A>
+<LI>system:administrators group members
+<A HREF="auagd021.htm#IDX8117">(8117)</A>
+<LI>UserList file users
+<A HREF="auagd021.htm#IDX8155">(8155)</A>
+</MENU>
+<LI>ADMIN flag in Authentication Database entry
+<MENU>
+<LI>displaying
+<A HREF="auagd021.htm#IDX8128">(8128)</A>
+<LI>privileges resulting
+<A HREF="auagd021.htm#IDX8124">(8124)</A>
+<LI>setting or removing
+<A HREF="auagd021.htm#IDX8134">(8134)</A>
+</MENU>
+<LI>administer ACL permission
+<MENU>
+<LI>see entry: <I>a ACL permission</I>
+<A HREF="auagd020.htm#IDX8031">(8031)</A>
+</MENU>
+<LI>administering
+<MENU>
+<LI>client machine
+<A HREF="auagd015.htm#IDX7309">(7309)</A>
+<LI>server machine
+<A HREF="auagd008.htm#IDX5841">(5841)</A>
+<LI>user accounts
+<A HREF="auagd018.htm#IDX7736">(7736)</A>
+</MENU>
+<LI>administrative database
+<MENU>
+<LI>about replicating
+<A HREF="auagd008.htm#IDX6055">(6055)</A>
+<LI>backing up
+<A HREF="auagd008.htm#IDX6081">(6081)</A>
+<LI>restoring
+<A HREF="auagd008.htm#IDX6083">(6083)</A>
+</MENU>
+<LI>administrative privilege
+<MENU>
+<LI>three types
+<A HREF="auagd021.htm#IDX8103">(8103)</A>
+</MENU>
+<LI>AFS
+<MENU>
+<LI> root directory (/afs)
+<MENU>
+<LI>on client machine
+<A HREF="auagd007.htm#IDX5663">(5663)</A>
+</MENU>
+<LI>auditing events on AIX server machines
+<A HREF="auagd013.htm#IDX7242">(7242)</A>
+<LI>authentication separate from UNIX
+<A HREF="auagd007.htm#IDX5756">(5756)</A>
+<LI>differences from UNIX summarized
+<A HREF="auagd007.htm#IDX5609">(5609)</A>
+<LI>global namespace
+<A HREF="auagd007.htm#IDX5660">(5660)</A>
+<LI>initialization script
+<A HREF="auagd015.htm#IDX7333">(7333)</A>
+<LI>reducing traffic in
+<A HREF="auagd006.htm#IDX5575">(5575)</A>
+<LI>root directory (/afs)
+<MENU>
+<LI>in cell filespace
+<A HREF="auagd007.htm#IDX5684">(5684)</A>
+</MENU>
+<LI>security features
+<A HREF="auagd007.htm#IDX5814">(5814)</A>
+<LI>server encryption key (see entry: <I>server encryption key</I>)
+<A HREF="auagd014.htm#IDX7247">(7247)</A>
+<LI>server processes used in
+<A HREF="auagd006.htm#IDX5580">(5580)</A>
+<LI>UID see entry: <I>AFS UID</I>
+<A HREF="auagd006.htm#IDX5587">(5587)</A>
+</MENU>
+<LI>afs entry in Authentication Database
+<MENU>
+<LI>displaying
+<A HREF="auagd014.htm#IDX7276">(7276)</A>
+<LI>setting server encryption key
+<A HREF="auagd014.htm#IDX7287">(7287)</A>
+</MENU>
+<LI>AFS GID
+<MENU>
+<LI>counter for automatic allocation, displaying and setting
+<A HREF="auagd019.htm#IDX7998">(7998)</A>
+<LI>definition
+<A HREF="auagd019.htm#IDX7876">(7876)</A>
+<LI>displaying
+<MENU>
+<LI>for all groups in Protection Database
+<A HREF="auagd019.htm#IDX7904">(7904)</A>
+<LI>for one group
+<A HREF="auagd019.htm#IDX7856">(7856)</A>
+</MENU>
+<LI>removing obsolete from ACL
+<A HREF="auagd020.htm#IDX8096">(8096)</A>
+</MENU>
+<LI>AFS UID
+<MENU>
+<LI>assigning
+<MENU>
+<LI>with pts createuser command
+<A HREF="auagd018.htm#IDX7751">(7751)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7714">(7714)</A>
+</MENU>
+<LI>counter for automatic allocation, displaying and setting
+<A HREF="auagd019.htm#IDX7997">(7997)</A>
+<LI>definition
+<A HREF="auagd019.htm#IDX7875">(7875)</A>
+<LI>displaying
+<MENU>
+<LI>for all users and machines in Protection Database
+<A HREF="auagd019.htm#IDX7903">(7903)</A>
+<LI>for one user or machine
+<A HREF="auagd019.htm#IDX7855">(7855)</A>
+</MENU>
+<LI>matching with UNIX UID
+<A HREF="auagd017.htm#IDX7605">(7605)</A>, <A HREF="auagd018.htm#IDX7738">(7738)</A>
+<LI>removing obsolete from ACL
+<A HREF="auagd020.htm#IDX8095">(8095)</A>
+<LI>reserved
+<MENU>
+<LI>anonymous user
+<A HREF="auagd007.htm#IDX5736">(5736)</A>
+<LI>system-defined groups
+<A HREF="auagd007.htm#IDX5754">(5754)</A>
+</MENU>
+<LI>reusing, about
+<A HREF="auagd019.htm#IDX7918">(7918)</A>
+<LI>setting counters for automatic allocation
+<A HREF="auagd019.htm#IDX8012">(8012)</A>
+</MENU>
+<LI>AFSCELL environment variable
+<A HREF="auagd012.htm#IDX6975">(6975)</A>
+<LI>AFSCONF environment variable (NFS/AFS Translator)
+<A HREF="auagd022.htm#IDX8166">(8166)</A>
+<LI>afsd program
+<A HREF="auagd015.htm#IDX7318">(7318)</A>
+<LI>afsmonitor program
+<MENU>
+<LI>available statistics
+<A HREF="auagd024.htm#IDX8186">(8186)</A>
+<LI>Cache Manager statistics
+<A HREF="auagd024.htm#IDX8187">(8187)</A>
+<LI>command syntax
+<A HREF="auagd013.htm#IDX7205">(7205)</A>
+<LI>creating an output file
+<A HREF="auagd013.htm#IDX7204">(7204)</A>
+<LI>creating configuration files for
+<A HREF="auagd013.htm#IDX7202">(7202)</A>
+<LI>features summarized
+<A HREF="auagd013.htm#IDX7193">(7193)</A>
+<LI>file server statistics
+<A HREF="auagd024.htm#IDX8188">(8188)</A>
+<LI>requirements for running
+<A HREF="auagd013.htm#IDX7194">(7194)</A>
+<LI>screen layout
+<A HREF="auagd013.htm#IDX7201">(7201)</A>
+<LI>setting terminal type
+<A HREF="auagd013.htm#IDX7197">(7197)</A>
+<LI>stopping
+<A HREF="auagd013.htm#IDX7207">(7207)</A>
+</MENU>
+<LI>AFSSERVER environment variable (NFS/AFS Translator)
+<A HREF="auagd022.htm#IDX8164">(8164)</A>
+<LI>afszcm.cat file
+<A HREF="auagd015.htm#IDX7339">(7339)</A>
+<LI>AIX
+<MENU>
+<LI>auditing AFS events
+<MENU>
+<LI>about
+<A HREF="auagd013.htm#IDX7243">(7243)</A>
+<LI>list of available events
+<A HREF="auagd025.htm#IDX8189">(8189)</A>
+</MENU>
+<LI>configuring tape device
+<A HREF="auagd011.htm#IDX6857">(6857)</A>
+</MENU>
+<LI>all shorthand for ACL permissions
+<A HREF="auagd020.htm#IDX8044">(8044)</A>
+<LI>all-or-nothing release of read-only volumes
+<A HREF="auagd010.htm#IDX6497">(6497)</A>
+<LI>anonymous user
+<MENU>
+<LI>AFS UID reserved
+<A HREF="auagd007.htm#IDX5735">(5735)</A>
+<LI>identity assigned to unauthenticated user
+<A HREF="auagd008.htm#IDX6177">(6177)</A>
+</MENU>
+<LI>archiving
+<MENU>
+<LI>tapes in Backup System
+<A HREF="auagd011.htm#IDX6913">(6913)</A>
+</MENU>
+<LI>ASK instruction in CFG_<I>device_name</I> file
+<A HREF="auagd011.htm#IDX6967">(6967)</A>
+<LI>assigning
+<MENU>
+<LI>AFS GID to group
+<A HREF="auagd019.htm#IDX7923">(7923)</A>
+<LI>AFS UID to machine
+<A HREF="auagd019.htm#IDX7915">(7915)</A>
+<LI>AFS UID to user
+<A HREF="auagd018.htm#IDX7753">(7753)</A>
+<LI>AFS UID with uss
+<A HREF="auagd017.htm#IDX7608">(7608)</A>
+</MENU>
+<LI>asynchrony
+<MENU>
+<LI>enabling for Cache Manager write operations
+<A HREF="auagd015.htm#IDX7508">(7508)</A>
+<LI>when AFS files saved on NFS clients
+<A HREF="auagd022.htm#IDX8167">(8167)</A>
+</MENU>
+<LI>at-sys (@sys) variable in pathnames
+<A HREF="auagd007.htm#IDX5728">(5728)</A>
+<LI>auditing AFS events on AIX server machines
+<A HREF="auagd013.htm#IDX7244">(7244)</A>
+<LI>authenticated identity
+<MENU>
+<LI>acquiring with klog command
+<A HREF="auagd007.htm#IDX5779">(5779)</A>
+</MENU>
+<LI>authentication
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5613">(5613)</A>
+<LI>AFS separate from UNIX
+<A HREF="auagd007.htm#IDX5755">(5755)</A>
+<LI>compared to authorization checking
+<A HREF="auagd008.htm#IDX6174">(6174)</A>
+<LI>consequences of multiple failures
+<A HREF="auagd007.htm#IDX5799">(5799)</A>
+<LI>improving security
+<A HREF="auagd018.htm#IDX7763">(7763)</A>
+</MENU>
+<LI>Authentication Database
+<MENU>
+<LI>afs entry
+<A HREF="auagd014.htm#IDX7262">(7262)</A>
+<LI>changing username
+<A HREF="auagd018.htm#IDX7784">(7784)</A>
+<LI>entry
+<MENU>
+<LI>creating with kas create command
+<A HREF="auagd018.htm#IDX7749">(7749)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7712">(7712)</A>
+<LI>deleting with uss
+<A HREF="auagd017.htm#IDX7723">(7723)</A>
+<LI>removing
+<A HREF="auagd018.htm#IDX7808">(7808)</A>
+</MENU>
+<LI>password
+<MENU>
+<LI>setting
+<A HREF="auagd018.htm#IDX7777">(7777)</A>
+</MENU>
+<LI>password lifetime, setting
+<A HREF="auagd007.htm#IDX5794">(5794)</A>, <A HREF="auagd018.htm#IDX7772">(7772)</A>
+<LI>server encryption key
+<MENU>
+<LI>displaying
+<A HREF="auagd014.htm#IDX7274">(7274)</A>
+<LI>setting
+<A HREF="auagd014.htm#IDX7285">(7285)</A>
+</MENU>
+<LI>site for AFS server encryption key
+<A HREF="auagd014.htm#IDX7261">(7261)</A>
+</MENU>
+<LI>Authentication Server
+<MENU>
+<LI>about starting and stopping
+<A HREF="auagd009.htm#IDX6315">(6315)</A>
+<LI>as kaserver process
+<A HREF="auagd009.htm#IDX6272">(6272)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5874">(5874)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5586">(5586)</A>
+<LI>displaying log file
+<A HREF="auagd009.htm#IDX6422">(6422)</A>
+<LI>restarting after adding entry to server CellServDB file
+<A HREF="auagd008.htm#IDX6157">(6157)</A>
+<LI>restarting after removing entry from server CellServDB file
+<A HREF="auagd008.htm#IDX6168">(6168)</A>
+<LI>runs on database server machine
+<A HREF="auagd008.htm#IDX6024">(6024)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6274">(6274)</A>
+</MENU>
+<LI>AuthLog file
+<A HREF="auagd008.htm#IDX5994">(5994)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6421">(6421)</A>
+</MENU>
+<LI>authorization checking
+<MENU>
+<LI>and restarting processes
+<A HREF="auagd008.htm#IDX6182">(6182)</A>
+<LI>compared to authentication
+<A HREF="auagd008.htm#IDX6173">(6173)</A>
+<LI>controlling cell-wide
+<A HREF="auagd008.htm#IDX6180">(6180)</A>
+<LI>defined
+<A HREF="auagd008.htm#IDX6178">(6178)</A>
+<LI>disabling
+<A HREF="auagd008.htm#IDX6185">(6185)</A>
+<LI>enabling
+<A HREF="auagd008.htm#IDX6188">(6188)</A>
+</MENU>
+<LI>automatic
+<MENU>
+<LI>process restarts by BOS Server
+<A HREF="auagd009.htm#IDX6395">(6395)</A>
+<LI>update to admin. databases by Ubik
+<A HREF="auagd008.htm#IDX6062">(6062)</A>
+</MENU>
+<LI>automating
+<MENU>
+<LI> tape mounting and unmounting by Backup System
+<A HREF="auagd011.htm#IDX6962">(6962)</A>
+<LI>creation of backup volumes
+<A HREF="auagd010.htm#IDX6537">(6537)</A>
+</MENU>
+<LI>AUTOQUERY instruction in CFG_<I>device_name</I> file
+<A HREF="auagd011.htm#IDX6966">(6966)</A>
+<LI>auxiliary ACL permissions
+<A HREF="auagd020.htm#IDX8040">(8040)</A>
+<LI>availability of data
+<MENU>
+<LI>interrupted by dumping
+<A HREF="auagd010.htm#IDX6764">(6764)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_42" HREF="#IDX0_42">B</A></STRONG>
+<MENU>
+<LI>B instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auagd016.htm#IDX7554">(7554)</A>
+</MENU>
+<LI>backing up
+<MENU>
+<LI>administrative databases
+<A HREF="auagd008.htm#IDX6082">(6082)</A>
+<LI>Backup Database to tape
+<A HREF="auagd012.htm#IDX7081">(7081)</A>
+<LI>data from AFS volumes
+<A HREF="auagd012.htm#IDX7019">(7019)</A>
+</MENU>
+<LI>backup commands
+<MENU>
+<LI>adddump
+<A HREF="auagd011.htm#IDX6922">(6922)</A>
+<LI>addhost
+<A HREF="auagd011.htm#IDX6863">(6863)</A>
+<LI>addvolentry
+<A HREF="auagd011.htm#IDX6883">(6883)</A>
+<LI>addvolset
+<A HREF="auagd011.htm#IDX6879">(6879)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5846">(5846)</A>
+<LI>dbverify
+<A HREF="auagd012.htm#IDX7084">(7084)</A>
+<LI>deldump
+<A HREF="auagd011.htm#IDX6933">(6933)</A>
+<LI>deletedump
+<A HREF="auagd012.htm#IDX7092">(7092)</A>
+<LI>delhost
+<A HREF="auagd011.htm#IDX6866">(6866)</A>
+<LI>delvolentry
+<A HREF="auagd011.htm#IDX6898">(6898)</A>
+<LI>delvolset
+<A HREF="auagd011.htm#IDX6893">(6893)</A>
+<LI>diskrestore
+<A HREF="auagd012.htm#IDX7073">(7073)</A>
+<LI>dump
+<A HREF="auagd012.htm#IDX7031">(7031)</A>
+<LI>dumpinfo
+<A HREF="auagd012.htm#IDX7036">(7036)</A>
+<LI>granting privilege for
+<A HREF="auagd021.htm#IDX8142">(8142)</A>
+<LI>interactive mode
+<MENU>
+<LI>entering
+<A HREF="auagd012.htm#IDX6982">(6982)</A>
+<LI>exiting
+<A HREF="auagd012.htm#IDX6989">(6989)</A>
+</MENU>
+<LI>jobs
+<A HREF="auagd012.htm#IDX6994">(6994)</A>
+<LI>kill
+<A HREF="auagd012.htm#IDX6999">(6999)</A>
+<LI>labeltape
+<A HREF="auagd011.htm#IDX6947">(6947)</A>
+<LI>listdumps
+<A HREF="auagd011.htm#IDX6939">(6939)</A>
+<LI>listhosts
+<A HREF="auagd011.htm#IDX6872">(6872)</A>
+<LI>listvolsets
+<A HREF="auagd011.htm#IDX6888">(6888)</A>
+<LI>quit
+<A HREF="auagd012.htm#IDX6986">(6986)</A>
+<LI>readlabel
+<A HREF="auagd011.htm#IDX6949">(6949)</A>
+<LI>restoredb
+<A HREF="auagd012.htm#IDX7089">(7089)</A>
+<LI>savedb
+<A HREF="auagd012.htm#IDX7087">(7087)</A>
+<LI>scantape
+<A HREF="auagd012.htm#IDX7049">(7049)</A>
+<LI>setexp
+<A HREF="auagd011.htm#IDX6928">(6928)</A>
+<LI>status
+<A HREF="auagd012.htm#IDX7009">(7009)</A>
+<LI>volinfo
+<A HREF="auagd012.htm#IDX7042">(7042)</A>
+<LI>volrestore
+<A HREF="auagd012.htm#IDX7069">(7069)</A>
+<LI>volsetrestore
+<A HREF="auagd012.htm#IDX7075">(7075)</A>
+</MENU>
+<LI>Backup Database
+<MENU>
+<LI>administering
+<A HREF="auagd012.htm#IDX7077">(7077)</A>
+<LI>backing up
+<A HREF="auagd012.htm#IDX7079">(7079)</A>
+<LI>described
+<A HREF="auagd011.htm#IDX6841">(6841)</A>
+<LI>dump hierarchy
+<MENU>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6935">(6935)</A>
+</MENU>
+<LI>dump ID numbers, displaying
+<A HREF="auagd012.htm#IDX7038">(7038)</A>
+<LI>dump levels
+<MENU>
+<LI>adding
+<A HREF="auagd011.htm#IDX6915">(6915)</A>
+<LI>deleting
+<A HREF="auagd011.htm#IDX6930">(6930)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6936">(6936)</A>
+</MENU>
+<LI>dump records
+<MENU>
+<LI>creating as part of dump operation
+<A HREF="auagd012.htm#IDX7028">(7028)</A>
+<LI>displaying
+<A HREF="auagd012.htm#IDX7033">(7033)</A>
+</MENU>
+<LI>expiration dates
+<A HREF="auagd011.htm#IDX6902">(6902)</A>
+<MENU>
+<LI>changing
+<A HREF="auagd011.htm#IDX6925">(6925)</A>
+<LI>setting
+<A HREF="auagd011.htm#IDX6919">(6919)</A>
+</MENU>
+<LI>port offset numbers
+<MENU>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6871">(6871)</A>
+</MENU>
+<LI>restoring
+<A HREF="auagd012.htm#IDX7078">(7078)</A>
+<LI>Tape Coordinator
+<MENU>
+<LI>adding entry
+<A HREF="auagd011.htm#IDX6865">(6865)</A>
+<LI>removing entry
+<A HREF="auagd011.htm#IDX6869">(6869)</A>
+</MENU>
+<LI>verifying integrity
+<A HREF="auagd012.htm#IDX7083">(7083)</A>
+<LI>volume dump history
+<MENU>
+<LI>displaying
+<A HREF="auagd012.htm#IDX7040">(7040)</A>
+<LI>recovering from tapes
+<A HREF="auagd012.htm#IDX7047">(7047)</A>
+</MENU>
+<LI>volume entry
+<MENU>
+<LI>creating
+<A HREF="auagd011.htm#IDX6881">(6881)</A>
+<LI>deleting from volume set
+<A HREF="auagd011.htm#IDX6894">(6894)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6885">(6885)</A>
+</MENU>
+<LI>volume set
+<MENU>
+<LI>creating
+<A HREF="auagd011.htm#IDX6876">(6876)</A>
+<LI>deleting
+<A HREF="auagd011.htm#IDX6890">(6890)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6884">(6884)</A>
+</MENU>
+</MENU>
+<LI>Backup field in volume header
+<A HREF="auagd010.htm#IDX6615">(6615)</A>
+<LI>Backup Server
+<MENU>
+<LI>about starting and stopping
+<A HREF="auagd009.htm#IDX6318">(6318)</A>
+<LI>as buserver process
+<A HREF="auagd009.htm#IDX6256">(6256)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5860">(5860)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5605">(5605)</A>
+<LI>displaying log file
+<A HREF="auagd009.htm#IDX6423">(6423)</A>
+<LI>restarting after adding entry to server CellServDB file
+<A HREF="auagd008.htm#IDX6159">(6159)</A>
+<LI>restarting after removing entry from server CellServDB file
+<A HREF="auagd008.htm#IDX6170">(6170)</A>
+<LI>runs on database server machine
+<A HREF="auagd008.htm#IDX6023">(6023)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6258">(6258)</A>
+</MENU>
+<LI>Backup System
+<MENU>
+<LI>automating operations
+<A HREF="auagd011.htm#IDX6951">(6951)</A>
+<LI>automating tape mounting and unmounting
+<A HREF="auagd011.htm#IDX6959">(6959)</A>
+<LI>Backup Database (see entry: <I>Backup Database</I>)
+<A HREF="auagd011.htm#IDX6842">(6842)</A>
+<LI>Backup Server described
+<A HREF="auagd006.htm#IDX5604">(5604)</A>
+<LI>configuration overview
+<A HREF="auagd011.htm#IDX6843">(6843)</A>
+<LI>data
+<MENU>
+<LI>backing up/dumping
+<A HREF="auagd012.htm#IDX7012">(7012)</A>
+<LI>recovering
+<A HREF="auagd012.htm#IDX7056">(7056)</A>
+<LI>restoring
+<A HREF="auagd012.htm#IDX7055">(7055)</A>
+</MENU>
+<LI>dump (see entry: <I>dump</I>)
+<A HREF="auagd011.htm#IDX6811">(6811)</A>
+<LI>dump hierarchy (see entry: <I>dump hierarchy</I>)
+<A HREF="auagd011.htm#IDX6821">(6821)</A>
+<LI>dump history
+<MENU>
+<LI>recovering from tapes
+<A HREF="auagd012.htm#IDX7046">(7046)</A>
+</MENU>
+<LI>dump ID number
+<MENU>
+<LI>assigning as part of dump operation
+<A HREF="auagd012.htm#IDX7027">(7027)</A>
+</MENU>
+<LI>dump ID number (see entry: <I>dump</I>)
+<A HREF="auagd011.htm#IDX6829">(6829)</A>
+<LI>dump level (see entry: <I>dump hierarchy</I>)
+<A HREF="auagd011.htm#IDX6822">(6822)</A>
+<LI>dump name (see entry: <I>dump</I>)
+<A HREF="auagd011.htm#IDX6827">(6827)</A>
+<LI>dump operation, overview
+<A HREF="auagd012.htm#IDX7024">(7024)</A>
+<LI>dump records
+<MENU>
+<LI>deleting
+<A HREF="auagd012.htm#IDX7091">(7091)</A>
+</MENU>
+<LI>dump set (see entry: <I>dump set</I>)
+<A HREF="auagd011.htm#IDX6812">(6812)</A>
+<LI>dumps, full and incremental defined
+<A HREF="auagd012.htm#IDX7014">(7014)</A>
+<LI>eliminating check for proper tape name
+<A HREF="auagd011.htm#IDX6971">(6971)</A>
+<LI>eliminating search/prompt for initial tape
+<A HREF="auagd011.htm#IDX6963">(6963)</A>
+<LI>filemarks (see entry: <I>Tape Coordinator</I>)
+<A HREF="auagd011.htm#IDX6835">(6835)</A>
+<LI>interactive mode
+<A HREF="auagd012.htm#IDX6978">(6978)</A>
+<MENU>
+<LI>canceling operations
+<A HREF="auagd012.htm#IDX6997">(6997)</A>
+<LI>displaying pending/running operations
+<A HREF="auagd012.htm#IDX6991">(6991)</A>
+</MENU>
+<LI>interfaces
+<A HREF="auagd012.htm#IDX6974">(6974)</A>
+<LI>introduction
+<A HREF="auagd011.htm#IDX6805">(6805)</A>
+<LI>job ID numbers
+<MENU>
+<LI>about
+<A HREF="auagd012.htm#IDX6981">(6981)</A>
+<LI>displaying
+<A HREF="auagd012.htm#IDX6992">(6992)</A>
+</MENU>
+<LI>port offsets (see entry: <I>Tape Coordinator</I>)
+<A HREF="auagd011.htm#IDX6839">(6839)</A>
+<LI>recycling schedule for tapes
+<A HREF="auagd011.htm#IDX6907">(6907)</A>
+<LI>reducing operator intervention
+<A HREF="auagd011.htm#IDX6952">(6952)</A>
+<LI>regular expressions
+<A HREF="auagd011.htm#IDX6875">(6875)</A>
+<LI>restores
+<MENU>
+<LI>date-specific
+<A HREF="auagd012.htm#IDX7058">(7058)</A>
+<LI>full
+<A HREF="auagd012.htm#IDX7057">(7057)</A>
+</MENU>
+<LI>restoring
+<MENU>
+<LI>backed up data
+<A HREF="auagd012.htm#IDX7062">(7062)</A>
+<LI>backup data
+<A HREF="auagd012.htm#IDX7063">(7063)</A>
+<LI>data
+<A HREF="auagd012.htm#IDX7054">(7054)</A>
+</MENU>
+<LI>running in foreign cell
+<A HREF="auagd012.htm#IDX6977">(6977)</A>
+<LI>scanning tapes
+<A HREF="auagd012.htm#IDX7044">(7044)</A>
+<LI>suggestions for improving efficiency
+<A HREF="auagd012.htm#IDX7023">(7023)</A>
+<LI>Tape Coordinator (see entry: <I>Tape Coordinator</I>)
+<A HREF="auagd011.htm#IDX6838">(6838)</A>
+<LI>tape name (see entry: <I>tapes</I>)
+<A HREF="auagd011.htm#IDX6828">(6828)</A>
+<LI>useCount counter on tape label
+<A HREF="auagd011.htm#IDX6910">(6910)</A>
+<LI>using default responses to errors
+<A HREF="auagd011.htm#IDX6968">(6968)</A>
+<LI>volume dump history
+<MENU>
+<LI>recovering from tapes
+<A HREF="auagd012.htm#IDX7048">(7048)</A>
+</MENU>
+<LI>volume entry (see entry: <I>volume entry</I>)
+<A HREF="auagd011.htm#IDX6810">(6810)</A>
+<LI>volume set (see entry: <I>volume set</I>)
+<A HREF="auagd011.htm#IDX6809">(6809)</A>
+</MENU>
+<LI>backup volume
+<MENU>
+<LI>automating creation of
+<A HREF="auagd010.htm#IDX6538">(6538)</A>
+<LI>changing name of
+<A HREF="auagd010.htm#IDX6786">(6786)</A>
+<LI>creating
+<A HREF="auagd010.htm#IDX6533">(6533)</A>
+<LI>creating multiple at once
+<A HREF="auagd010.htm#IDX6536">(6536)</A>
+<LI>defined
+<A HREF="auagd010.htm#IDX6435">(6435)</A>
+<LI>dumping
+<A HREF="auagd010.htm#IDX6763">(6763)</A>
+<LI>ID number in volume header
+<A HREF="auagd010.htm#IDX6611">(6611)</A>
+<LI>mounting
+<A HREF="auagd010.htm#IDX6544">(6544)</A>
+<LI>moving
+<A HREF="auagd010.htm#IDX6680">(6680)</A>
+<LI>removed by read/write move
+<A HREF="auagd010.htm#IDX6678">(6678)</A>
+<LI>removed by read/write removal
+<A HREF="auagd010.htm#IDX6745">(6745)</A>
+<LI>space-saving nature of
+<A HREF="auagd010.htm#IDX6481">(6481)</A>
+<LI>suggested schedule for creation of
+<A HREF="auagd010.htm#IDX6540">(6540)</A>
+</MENU>
+<LI>BackupLog file
+<A HREF="auagd008.htm#IDX5996">(5996)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6419">(6419)</A>
+</MENU>
+<LI>BAK version of binary file
+<MENU>
+<LI>created by bos install command
+<A HREF="auagd008.htm#IDX6098">(6098)</A>
+<LI>removing obsolete
+<A HREF="auagd008.htm#IDX6121">(6121)</A>
+<LI>used by bos uninstall command
+<A HREF="auagd008.htm#IDX6109">(6109)</A>
+</MENU>
+<LI>banner line on the scout program screen
+<A HREF="auagd013.htm#IDX7116">(7116)</A>
+<LI>basenames in scout program
+<A HREF="auagd013.htm#IDX7112">(7112)</A>
+<LI>bdb.DB0 file
+<A HREF="auagd008.htm#IDX5973">(5973)</A>
+<LI>bdb.DBSYS1 file
+<A HREF="auagd008.htm#IDX5975">(5975)</A>
+<LI>binary distribution machine
+<MENU>
+<LI>defined
+<A HREF="auagd008.htm#IDX6027">(6027)</A>
+<LI>identifying with bos status
+<A HREF="auagd008.htm#IDX6046">(6046)</A>
+</MENU>
+<LI>block special device
+<MENU>
+<LI>creating with package
+<A HREF="auagd016.htm#IDX7557">(7557)</A>
+</MENU>
+<LI>bos commands
+<MENU>
+<LI> install
+<A HREF="auagd008.htm#IDX6101">(6101)</A>
+<LI>addhost
+<A HREF="auagd008.htm#IDX6160">(6160)</A>
+<LI>addkey
+<MENU>
+<LI>basic instructions
+<A HREF="auagd014.htm#IDX7289">(7289)</A>
+<LI>when handling key emergency
+<A HREF="auagd014.htm#IDX7306">(7306)</A>
+</MENU>
+<LI>adduser
+<A HREF="auagd021.htm#IDX8156">(8156)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5848">(5848)</A>
+<LI>create
+<A HREF="auagd009.htm#IDX6344">(6344)</A>
+<LI>delete
+<A HREF="auagd009.htm#IDX6354">(6354)</A>
+<LI>exec
+<A HREF="auagd008.htm#IDX6246">(6246)</A>
+<LI>getdate
+<A HREF="auagd008.htm#IDX6119">(6119)</A>
+<LI>getlog
+<A HREF="auagd009.htm#IDX6428">(6428)</A>
+<LI>getrestart
+<A HREF="auagd009.htm#IDX6404">(6404)</A>
+<LI>granting privilege for
+<A HREF="auagd021.htm#IDX8140">(8140)</A>
+<LI>listhosts
+<A HREF="auagd008.htm#IDX6144">(6144)</A>
+<LI>listkeys
+<A HREF="auagd014.htm#IDX7273">(7273)</A>
+<LI>listusers
+<A HREF="auagd021.htm#IDX8152">(8152)</A>
+<LI>mutual authentication, bypassing
+<A HREF="auagd008.htm#IDX6193">(6193)</A>
+<LI>prune
+<A HREF="auagd008.htm#IDX6130">(6130)</A>
+<LI>removehost
+<A HREF="auagd008.htm#IDX6171">(6171)</A>
+<LI>removekey
+<A HREF="auagd014.htm#IDX7297">(7297)</A>
+<LI>removeuser
+<A HREF="auagd021.htm#IDX8160">(8160)</A>
+<LI>restart
+<MENU>
+<LI>excluding BOS Server
+<A HREF="auagd009.htm#IDX6384">(6384)</A>
+<LI>including BOS Server
+<A HREF="auagd009.htm#IDX6382">(6382)</A>
+<LI>selected processes
+<A HREF="auagd009.htm#IDX6388">(6388)</A>
+<LI>with -bosserver flag
+<A HREF="auagd009.htm#IDX6381">(6381)</A>
+</MENU>
+<LI>salvage
+<A HREF="auagd010.htm#IDX6709">(6709)</A>
+<LI>setauth
+<A HREF="auagd008.htm#IDX6183">(6183)</A>
+<LI>setrestart
+<A HREF="auagd009.htm#IDX6407">(6407)</A>
+<LI>shutdown
+<A HREF="auagd009.htm#IDX6372">(6372)</A>
+<LI>start
+<A HREF="auagd009.htm#IDX6370">(6370)</A>
+<LI>startup
+<A HREF="auagd009.htm#IDX6374">(6374)</A>
+<LI>status
+<A HREF="auagd009.htm#IDX6328">(6328)</A>
+<LI>stop
+<A HREF="auagd009.htm#IDX6364">(6364)</A>
+<LI>summary of functions
+<A HREF="auagd009.htm#IDX6255">(6255)</A>
+<LI>uninstall
+<A HREF="auagd008.htm#IDX6111">(6111)</A>
+</MENU>
+<LI>BOS Server
+<MENU>
+<LI>as bosserver process
+<A HREF="auagd009.htm#IDX6250">(6250)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5854">(5854)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5583">(5583)</A>
+<LI>displaying log file
+<A HREF="auagd009.htm#IDX6424">(6424)</A>
+<LI>maintainer of server process binaries
+<A HREF="auagd008.htm#IDX6087">(6087)</A>
+<LI>memory state
+<A HREF="auagd009.htm#IDX6312">(6312)</A>
+<LI>monitoring server processes
+<A HREF="auagd009.htm#IDX6248">(6248)</A>
+<LI>restart times, displaying and setting
+<A HREF="auagd009.htm#IDX6394">(6394)</A>
+<LI>role in reboot of server machine
+<A HREF="auagd008.htm#IDX6244">(6244)</A>
+<LI>use of BosConfig file
+<A HREF="auagd009.htm#IDX6311">(6311)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6253">(6253)</A>
+</MENU>
+<LI>BosConfig file
+<A HREF="auagd008.htm#IDX5950">(5950)</A>
+<MENU>
+<LI>changing status flag from NotRun to Run
+<A HREF="auagd009.htm#IDX6368">(6368)</A>
+<LI>changing status flag from Run to NotRun
+<A HREF="auagd009.htm#IDX6362">(6362)</A>
+<LI>creating server process entry
+<A HREF="auagd009.htm#IDX6343">(6343)</A>
+<LI>displaying entries
+<A HREF="auagd009.htm#IDX6327">(6327)</A>
+<LI>information
+<A HREF="auagd009.htm#IDX6295">(6295)</A>
+<LI>removing server process entry
+<A HREF="auagd009.htm#IDX6350">(6350)</A>
+<LI>restart times defined
+<A HREF="auagd009.htm#IDX6403">(6403)</A>
+</MENU>
+<LI>BosLog file
+<A HREF="auagd008.htm#IDX5998">(5998)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6420">(6420)</A>
+</MENU>
+<LI>bosserver
+<MENU>
+<LI>(see entry: <I>BOS Server</I>)
+<A HREF="auagd008.htm#IDX5850">(5850)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5849">(5849)</A>
+</MENU>
+<LI>bulk mode in uss
+<A HREF="auagd017.htm#IDX7729">(7729)</A>
+<LI>buserver
+<MENU>
+<LI>(see entry: <I>Backup Server</I>)
+<A HREF="auagd008.htm#IDX5856">(5856)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5855">(5855)</A>
+</MENU>
+<LI>butc command
+<A HREF="auagd012.htm#IDX7005">(7005)</A>
+</MENU>
+<STRONG><A NAME="IDX1_43" HREF="#IDX0_43">C</A></STRONG>
+<MENU>
+<LI>C instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auagd016.htm#IDX7558">(7558)</A>
+</MENU>
+<LI>cache files (client)
+<A HREF="auagd015.htm#IDX7344">(7344)</A>
+<LI>Cache Manager
+<MENU>
+<LI>afsd initialization program
+<A HREF="auagd015.htm#IDX7319">(7319)</A>
+<LI>as interpreter of mount points
+<A HREF="auagd010.htm#IDX6456">(6456)</A>
+<LI>CellServDB file (client), using
+<A HREF="auagd015.htm#IDX7405">(7405)</A>
+<LI>collecting data with xstat data collection facility
+<A HREF="auagd013.htm#IDX7214">(7214)</A>
+<LI>configuring and customizing
+<A HREF="auagd015.htm#IDX7310">(7310)</A>
+<LI>data cache
+<MENU>
+<LI>displaying size set at reboot
+<A HREF="auagd015.htm#IDX7359">(7359)</A>
+</MENU>
+<LI>data cache size
+<MENU>
+<LI>displaying current
+<A HREF="auagd015.htm#IDX7379">(7379)</A>
+<LI>resetting to default value (for disk cache only)
+<A HREF="auagd015.htm#IDX7399">(7399)</A>
+<LI>setting in cacheinfo file
+<A HREF="auagd015.htm#IDX7385">(7385)</A>
+<LI>setting until next reboot
+<A HREF="auagd015.htm#IDX7391">(7391)</A>
+</MENU>
+<LI>database server processes, contacting
+<A HREF="auagd015.htm#IDX7404">(7404)</A>
+<LI>described
+<A HREF="auagd015.htm#IDX7312">(7312)</A>
+<LI>displaying
+<MENU>
+<LI>cache size from cacheinfo file
+<A HREF="auagd015.htm#IDX7357">(7357)</A>
+</MENU>
+<LI>enabling asynchrony for write operations
+<A HREF="auagd015.htm#IDX7510">(7510)</A>
+<LI>flushing cache
+<A HREF="auagd015.htm#IDX7455">(7455)</A>
+<LI>functions of
+<A HREF="auagd006.htm#IDX5608">(5608)</A>
+<LI>interfaces registered with File Server
+<A HREF="auagd015.htm#IDX7482">(7482)</A>
+<LI>messages displayed, controlling
+<A HREF="auagd015.htm#IDX7498">(7498)</A>
+<LI>monitoring performance
+<A HREF="auagd013.htm#IDX7099">(7099)</A>
+<LI>preference ranks for File Server and VL Server
+<A HREF="auagd015.htm#IDX7469">(7469)</A>
+<LI>setting
+<MENU>
+<LI>cache size in cacheinfo file
+<A HREF="auagd015.htm#IDX7358">(7358)</A>
+<LI>disk cache location
+<A HREF="auagd015.htm#IDX7356">(7356)</A>
+<LI>home cell
+<A HREF="auagd015.htm#IDX7450">(7450)</A>
+<LI>probe interval for File Server
+<A HREF="auagd015.htm#IDX7444">(7444)</A>
+</MENU>
+<LI>setuid programs
+<A HREF="auagd015.htm#IDX7436">(7436)</A>
+<LI>system type name stored in kernel memory
+<A HREF="auagd015.htm#IDX7502">(7502)</A>
+<LI>use of NetInfo file
+<A HREF="auagd015.htm#IDX7480">(7480)</A>
+<LI>use of NetRestrict file
+<A HREF="auagd015.htm#IDX7481">(7481)</A>
+<LI>xstat data collection facility libraries
+<A HREF="auagd013.htm#IDX7216">(7216)</A>
+<LI>xstat data collections
+<A HREF="auagd013.htm#IDX7222">(7222)</A>
+<LI>xstat example commands
+<A HREF="auagd013.htm#IDX7233">(7233)</A>
+<LI>xstat_cm_test example command
+<A HREF="auagd013.htm#IDX7240">(7240)</A>
+</MENU>
+<LI>cacheinfo file
+<A HREF="auagd015.htm#IDX7324">(7324)</A>
+<MENU>
+<LI>displaying contents
+<A HREF="auagd015.htm#IDX7361">(7361)</A>
+<LI>format
+<A HREF="auagd015.htm#IDX7387">(7387)</A>
+<LI>resetting disk cache to size specified
+<A HREF="auagd015.htm#IDX7397">(7397)</A>
+<LI>setting
+<MENU>
+<LI>cache size
+<A HREF="auagd015.htm#IDX7362">(7362)</A>
+<LI>disk cache location
+<A HREF="auagd015.htm#IDX7360">(7360)</A>
+</MENU>
+</MENU>
+<LI>CacheItems file
+<A HREF="auagd015.htm#IDX7346">(7346)</A>
+<LI>caching
+<A HREF="auagd006.htm#IDX5574">(5574)</A>
+<LI>callback
+<A HREF="auagd006.htm#IDX5578">(5578)</A>
+<LI>cell
+<A HREF="auagd006.htm#IDX5552">(5552)</A>
+<MENU>
+<LI>changing list in client kernel memory
+<A HREF="auagd015.htm#IDX7427">(7427)</A>
+<LI>filespace configuration issues
+<A HREF="auagd007.htm#IDX5681">(5681)</A>
+<LI>foreign
+<A HREF="auagd006.htm#IDX5556">(5556)</A>
+<LI>granting local access to foreign users
+<A HREF="auagd007.htm#IDX5679">(5679)</A>
+<LI>local
+<A HREF="auagd006.htm#IDX5554">(5554)</A>
+<LI>making foreign visible to local
+<A HREF="auagd007.htm#IDX5675">(5675)</A>
+<LI>making local visible to foreign
+<A HREF="auagd007.htm#IDX5668">(5668)</A>
+<LI>name
+<MENU>
+<LI>at second level in file tree
+<A HREF="auagd007.htm#IDX5665">(5665)</A>, <A HREF="auagd007.htm#IDX5667">(5667)</A>, <A HREF="auagd007.htm#IDX5686">(5686)</A>
+<LI>choosing
+<A HREF="auagd007.htm#IDX5648">(5648)</A>
+<LI>setting
+<A HREF="auagd007.htm#IDX5655">(5655)</A>
+</MENU>
+<LI>setting home cell for client machine
+<A HREF="auagd015.htm#IDX7447">(7447)</A>
+</MENU>
+<LI>CellServDB file (client)
+<MENU>
+<LI>about
+<A HREF="auagd015.htm#IDX7325">(7325)</A>, <A HREF="auagd015.htm#IDX7400">(7400)</A>
+<LI>central update source for clients
+<A HREF="auagd015.htm#IDX7413">(7413)</A>
+<LI>changing
+<A HREF="auagd015.htm#IDX7429">(7429)</A>
+<LI>copied into kernel memory
+<A HREF="auagd015.htm#IDX7407">(7407)</A>
+<LI>correct format
+<A HREF="auagd015.htm#IDX7409">(7409)</A>
+<LI>displaying
+<A HREF="auagd015.htm#IDX7415">(7415)</A>
+<LI>global source from AFS Support
+<A HREF="auagd015.htm#IDX7414">(7414)</A>
+<LI>maintaining
+<A HREF="auagd015.htm#IDX7412">(7412)</A>
+<LI>updating with or without package
+<A HREF="auagd015.htm#IDX7431">(7431)</A>
+</MENU>
+<LI>CellServDB file (server)
+<MENU>
+<LI>about
+<A HREF="auagd008.htm#IDX5937">(5937)</A>
+<LI>adding database server machine
+<A HREF="auagd008.htm#IDX6152">(6152)</A>
+<LI>displaying
+<A HREF="auagd008.htm#IDX6146">(6146)</A>
+<LI>effect of wrong information in
+<A HREF="auagd008.htm#IDX6140">(6140)</A>
+<LI>importance to Ubik operation
+<A HREF="auagd008.htm#IDX6065">(6065)</A>
+<LI>maintaining
+<A HREF="auagd008.htm#IDX6135">(6135)</A>
+<LI>removing database server machine
+<A HREF="auagd008.htm#IDX6164">(6164)</A>
+</MENU>
+<LI>CellServDB file maintained by AFS Product Support
+<MENU>
+<LI>as global update source
+<A HREF="auagd007.htm#IDX5672">(5672)</A>
+</MENU>
+<LI>CellServDB.local file
+<A HREF="auagd007.htm#IDX5674">(5674)</A>
+<LI>cellular mount point
+<MENU>
+<LI>see entry: <I>mount point</I>
+<A HREF="auagd010.htm#IDX6557">(6557)</A>
+</MENU>
+<LI>CFG_<I>device_name</I> file
+<A HREF="auagd011.htm#IDX6953">(6953)</A>
+<LI>changing
+<MENU>
+<LI>ACL entries
+<A HREF="auagd020.htm#IDX8067">(8067)</A>
+<LI>data cache size specified in cacheinfo file
+<A HREF="auagd015.htm#IDX7363">(7363)</A>
+<LI>data cache size temporarily
+<A HREF="auagd015.htm#IDX7389">(7389)</A>
+<LI>disk cache location, in cacheinfo file
+<A HREF="auagd015.htm#IDX7364">(7364)</A>
+<LI>disk cache size to default value
+<A HREF="auagd015.htm#IDX7395">(7395)</A>
+<LI>group ownership to self-owned
+<A HREF="auagd019.htm#IDX7945">(7945)</A>
+<LI>group-creation quota
+<A HREF="auagd019.htm#IDX7984">(7984)</A>
+<LI>mount point when renaming user
+<A HREF="auagd018.htm#IDX7800">(7800)</A>
+<LI>Protection Database entry
+<MENU>
+<LI>name
+<A HREF="auagd019.htm#IDX7972">(7972)</A>
+<LI>owner
+<A HREF="auagd019.htm#IDX7967">(7967)</A>
+</MENU>
+<LI>username
+<A HREF="auagd018.htm#IDX7781">(7781)</A>
+<LI>volume name
+<A HREF="auagd010.htm#IDX6782">(6782)</A>
+<LI>volume name when renaming user
+<A HREF="auagd018.htm#IDX7795">(7795)</A>
+</MENU>
+<LI>character special device
+<MENU>
+<LI>creating with package
+<A HREF="auagd016.htm#IDX7561">(7561)</A>
+</MENU>
+<LI>checksum
+<A HREF="auagd014.htm#IDX7266">(7266)</A>
+<LI>chgrp command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5620">(5620)</A>
+</MENU>
+<LI>chmod command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5615">(5615)</A>
+</MENU>
+<LI>choosing
+<MENU>
+<LI>name
+<MENU>
+<LI>cell
+<A HREF="auagd007.htm#IDX5649">(5649)</A>
+<LI>user
+<A HREF="auagd007.htm#IDX5734">(5734)</A>
+<LI>user volume
+<A HREF="auagd007.htm#IDX5738">(5738)</A>
+<LI>user volume mount point
+<A HREF="auagd007.htm#IDX5740">(5740)</A>
+</MENU>
+</MENU>
+<LI>chown command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5618">(5618)</A>
+</MENU>
+<LI>clearing
+<MENU>
+<LI>all ACL entries
+<A HREF="auagd020.htm#IDX8084">(8084)</A>
+<LI>contents of trace log (fstrace)
+<A HREF="auagd013.htm#IDX7190">(7190)</A>
+</MENU>
+<LI>client
+<MENU>
+<LI>configuring local disk with package
+<A HREF="auagd016.htm#IDX7520">(7520)</A>
+<LI>definition
+<A HREF="auagd006.htm#IDX5547">(5547)</A>
+<LI>machine
+<MENU>
+<LI>definition
+<A HREF="auagd006.htm#IDX5550">(5550)</A>
+</MENU>
+<LI>modifying to run package
+<A HREF="auagd016.htm#IDX7578">(7578)</A>
+</MENU>
+<LI>client machine
+<MENU>
+<LI>/usr/vice/etc directory
+<A HREF="auagd015.htm#IDX7317">(7317)</A>
+<LI>administering
+<A HREF="auagd015.htm#IDX7308">(7308)</A>
+<LI>cache files
+<A HREF="auagd015.htm#IDX7345">(7345)</A>
+<LI>CellServDB file, displaying
+<A HREF="auagd015.htm#IDX7418">(7418)</A>
+<LI>changing CellServDB file
+<A HREF="auagd015.htm#IDX7428">(7428)</A>
+<LI>changing list of cells in kernel memory
+<A HREF="auagd015.htm#IDX7426">(7426)</A>
+<LI>configuration files
+<A HREF="auagd015.htm#IDX7316">(7316)</A>
+<LI>configuration issues
+<A HREF="auagd007.htm#IDX5722">(5722)</A>
+<LI>controlling running of setuid programs
+<A HREF="auagd015.htm#IDX7435">(7435)</A>
+<LI>data cache size
+<MENU>
+<LI>displaying current
+<A HREF="auagd015.htm#IDX7378">(7378)</A>
+<LI>setting in cacheinfo file
+<A HREF="auagd015.htm#IDX7384">(7384)</A>
+<LI>setting until next reboot
+<A HREF="auagd015.htm#IDX7390">(7390)</A>
+</MENU>
+<LI>data cache size set at reboot
+<MENU>
+<LI>displaying
+<A HREF="auagd015.htm#IDX7366">(7366)</A>
+</MENU>
+<LI>database server machines, displaying knowledge of
+<A HREF="auagd015.htm#IDX7419">(7419)</A>
+<LI>database server processes, contacting
+<A HREF="auagd015.htm#IDX7403">(7403)</A>
+<LI>disk cache size
+<MENU>
+<LI>resetting to default value
+<A HREF="auagd015.htm#IDX7398">(7398)</A>
+</MENU>
+<LI>disk versus memory cache
+<A HREF="auagd015.htm#IDX7354">(7354)</A>
+<LI>displaying
+<MENU>
+<LI>data cache size from cacheinfo file
+<A HREF="auagd015.htm#IDX7367">(7367)</A>
+</MENU>
+<LI>enabling access to foreign cell
+<A HREF="auagd007.htm#IDX5727">(5727)</A>
+<LI>files required on local disk
+<A HREF="auagd007.htm#IDX5724">(5724)</A>
+<LI>flushing data cache
+<A HREF="auagd015.htm#IDX7460">(7460)</A>
+<LI>making foreign cell visible
+<A HREF="auagd007.htm#IDX5678">(5678)</A>
+<LI>messages displayed, controlling
+<A HREF="auagd015.htm#IDX7499">(7499)</A>
+<LI>monitoring performance
+<A HREF="auagd013.htm#IDX7100">(7100)</A>
+<LI>setting
+<MENU>
+<LI>data cache size in cacheinfo file
+<A HREF="auagd015.htm#IDX7368">(7368)</A>
+<LI>disk cache location
+<A HREF="auagd015.htm#IDX7365">(7365)</A>
+<LI>home cell
+<A HREF="auagd015.htm#IDX7451">(7451)</A>
+</MENU>
+<LI>setting home cell
+<A HREF="auagd007.htm#IDX5657">(5657)</A>
+<LI>system type name stored in Cache Manager memory
+<A HREF="auagd015.htm#IDX7503">(7503)</A>
+</MENU>
+<LI>client machines statistic from scout program
+<A HREF="auagd013.htm#IDX7123">(7123)</A>
+<LI>clocks
+<MENU>
+<LI>need to synchronize for Ubik
+<A HREF="auagd008.htm#IDX6066">(6066)</A>
+</MENU>
+<LI>clone
+<A HREF="auagd006.htm#IDX5573">(5573)</A>, <A HREF="auagd010.htm#IDX6479">(6479)</A>
+<MENU>
+<LI>forcing creation of new
+<A HREF="auagd010.htm#IDX6504">(6504)</A>
+</MENU>
+<LI>cloning
+<MENU>
+<LI>defined
+<A HREF="auagd010.htm#IDX6478">(6478)</A>
+<LI>for backup
+<A HREF="auagd010.htm#IDX6530">(6530)</A>
+<LI>for replication
+<A HREF="auagd010.htm#IDX6487">(6487)</A>
+</MENU>
+<LI>close system call
+<MENU>
+<LI>for files saved on AFS client
+<A HREF="auagd007.htm#IDX5645">(5645)</A>
+<LI>for files saved on NFS client
+<A HREF="auagd022.htm#IDX8173">(8173)</A>
+</MENU>
+<LI>cm event set (fstrace)
+<A HREF="auagd013.htm#IDX7156">(7156)</A>
+<LI>cmfx trace log (fstrace)
+<A HREF="auagd013.htm#IDX7154">(7154)</A>
+<LI>collecting
+<MENU>
+<LI>data with xstat data collection facility
+<A HREF="auagd013.htm#IDX7212">(7212)</A>
+</MENU>
+<LI>command interpreters
+<MENU>
+<LI>CellServDB file (client), using
+<A HREF="auagd015.htm#IDX7406">(7406)</A>
+</MENU>
+<LI>command parameters
+<MENU>
+<LI>in BosConfig file
+<A HREF="auagd009.htm#IDX6310">(6310)</A>
+</MENU>
+<LI>command suite
+<MENU>
+<LI>binaries
+<MENU>
+<LI>displaying time stamp
+<A HREF="auagd008.htm#IDX6114">(6114)</A>
+<LI>installing
+<A HREF="auagd008.htm#IDX6093">(6093)</A>
+<LI>removing obsolete
+<A HREF="auagd008.htm#IDX6125">(6125)</A>
+<LI>uninstalling
+<A HREF="auagd008.htm#IDX6107">(6107)</A>
+</MENU>
+</MENU>
+<LI>commands
+<MENU>
+<LI>afsd
+<A HREF="auagd015.htm#IDX7321">(7321)</A>
+<LI>afsmonitor
+<A HREF="auagd013.htm#IDX7206">(7206)</A>
+<LI>backup
+<MENU>
+<LI>to enter interactive mode
+<A HREF="auagd012.htm#IDX6983">(6983)</A>
+</MENU>
+<LI>backup adddump
+<A HREF="auagd011.htm#IDX6923">(6923)</A>
+<LI>backup addhost
+<A HREF="auagd011.htm#IDX6862">(6862)</A>
+<LI>backup addvolentry
+<A HREF="auagd011.htm#IDX6882">(6882)</A>
+<LI>backup addvolset
+<A HREF="auagd011.htm#IDX6878">(6878)</A>
+<LI>backup dbverify
+<A HREF="auagd012.htm#IDX7085">(7085)</A>
+<LI>backup deldump
+<A HREF="auagd011.htm#IDX6934">(6934)</A>
+<LI>backup deletedump
+<A HREF="auagd012.htm#IDX7093">(7093)</A>
+<LI>backup delhost
+<A HREF="auagd011.htm#IDX6867">(6867)</A>
+<LI>backup delvolentry
+<A HREF="auagd011.htm#IDX6897">(6897)</A>
+<LI>backup delvolset
+<A HREF="auagd011.htm#IDX6892">(6892)</A>
+<LI>backup diskrestore
+<A HREF="auagd012.htm#IDX7074">(7074)</A>
+<LI>backup dump
+<A HREF="auagd012.htm#IDX7032">(7032)</A>
+<LI>backup dumpinfo
+<A HREF="auagd012.htm#IDX7037">(7037)</A>
+<LI>backup interactive
+<A HREF="auagd012.htm#IDX6984">(6984)</A>
+<LI>backup jobs
+<A HREF="auagd012.htm#IDX6995">(6995)</A>
+<LI>backup kill
+<A HREF="auagd012.htm#IDX7000">(7000)</A>
+<LI>backup labeltape
+<A HREF="auagd011.htm#IDX6948">(6948)</A>
+<LI>backup listdumps
+<A HREF="auagd011.htm#IDX6940">(6940)</A>
+<LI>backup listhosts
+<A HREF="auagd011.htm#IDX6873">(6873)</A>
+<LI>backup listvolsets
+<A HREF="auagd011.htm#IDX6889">(6889)</A>
+<LI>backup quit
+<A HREF="auagd012.htm#IDX6987">(6987)</A>
+<LI>backup readlabel
+<A HREF="auagd011.htm#IDX6950">(6950)</A>
+<LI>backup restoredb
+<A HREF="auagd012.htm#IDX7088">(7088)</A>
+<LI>backup savedb
+<A HREF="auagd012.htm#IDX7086">(7086)</A>
+<LI>backup scantape
+<A HREF="auagd012.htm#IDX7050">(7050)</A>
+<LI>backup setexp
+<A HREF="auagd011.htm#IDX6929">(6929)</A>
+<LI>backup status
+<A HREF="auagd012.htm#IDX7010">(7010)</A>
+<LI>backup volinfo
+<A HREF="auagd012.htm#IDX7043">(7043)</A>
+<LI>backup volrestore
+<A HREF="auagd012.htm#IDX7070">(7070)</A>
+<LI>backup volsetrestore
+<A HREF="auagd012.htm#IDX7076">(7076)</A>
+<LI>bos addhost
+<A HREF="auagd008.htm#IDX6161">(6161)</A>
+<LI>bos addkey
+<A HREF="auagd014.htm#IDX7290">(7290)</A>
+<LI>bos adduser
+<A HREF="auagd021.htm#IDX8157">(8157)</A>
+<LI>bos create
+<A HREF="auagd009.htm#IDX6345">(6345)</A>
+<LI>bos delete
+<A HREF="auagd009.htm#IDX6355">(6355)</A>
+<LI>bos exec
+<A HREF="auagd008.htm#IDX6245">(6245)</A>
+<LI>bos getdate
+<A HREF="auagd008.htm#IDX6120">(6120)</A>
+<LI>bos getlog
+<A HREF="auagd009.htm#IDX6429">(6429)</A>
+<LI>bos getrestart
+<A HREF="auagd009.htm#IDX6405">(6405)</A>
+<LI>bos install
+<A HREF="auagd008.htm#IDX6102">(6102)</A>, <A HREF="auagd008.htm#IDX6112">(6112)</A>
+<LI>bos listhosts
+<A HREF="auagd008.htm#IDX6145">(6145)</A>
+<LI>bos listkeys
+<A HREF="auagd014.htm#IDX7272">(7272)</A>
+<LI>bos listusers
+<A HREF="auagd021.htm#IDX8153">(8153)</A>
+<LI>bos prune
+<A HREF="auagd008.htm#IDX6129">(6129)</A>
+<LI>bos removehost
+<A HREF="auagd008.htm#IDX6172">(6172)</A>
+<LI>bos removekey
+<A HREF="auagd014.htm#IDX7296">(7296)</A>
+<LI>bos removeuser
+<A HREF="auagd021.htm#IDX8161">(8161)</A>
+<LI>bos restart
+<MENU>
+<LI>excluding BOS Server
+<A HREF="auagd009.htm#IDX6385">(6385)</A>
+<LI>including BOS Server
+<A HREF="auagd009.htm#IDX6383">(6383)</A>
+<LI>selected processes
+<A HREF="auagd009.htm#IDX6389">(6389)</A>
+</MENU>
+<LI>bos salvage
+<A HREF="auagd010.htm#IDX6710">(6710)</A>
+<LI>bos setauth
+<A HREF="auagd008.htm#IDX6184">(6184)</A>
+<LI>bos setrestart
+<A HREF="auagd009.htm#IDX6408">(6408)</A>
+<LI>bos shutdown
+<A HREF="auagd009.htm#IDX6371">(6371)</A>
+<LI>bos start
+<A HREF="auagd009.htm#IDX6369">(6369)</A>
+<LI>bos startup
+<A HREF="auagd009.htm#IDX6373">(6373)</A>
+<LI>bos status
+<A HREF="auagd009.htm#IDX6329">(6329)</A>
+<LI>bos stop
+<A HREF="auagd009.htm#IDX6365">(6365)</A>
+<LI>butc
+<A HREF="auagd012.htm#IDX7006">(7006)</A>
+<LI>chgrp (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5621">(5621)</A>
+<LI>chmod (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5616">(5616)</A>
+<LI>chown (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5619">(5619)</A>
+<LI>executing from uss template file
+<A HREF="auagd017.htm#IDX7701">(7701)</A>
+<LI>fms
+<A HREF="auagd011.htm#IDX6852">(6852)</A>
+<LI>fs checkservers
+<A HREF="auagd015.htm#IDX7446">(7446)</A>
+<LI>fs checkvolumes
+<A HREF="auagd015.htm#IDX7466">(7466)</A>
+<LI>fs cleanacl
+<A HREF="auagd020.htm#IDX8098">(8098)</A>
+<LI>fs copyacl
+<A HREF="auagd020.htm#IDX8092">(8092)</A>
+<LI>fs examine
+<A HREF="auagd010.htm#IDX6661">(6661)</A>, <A HREF="auagd010.htm#IDX6737">(6737)</A>
+<LI>fs exportafs
+<A HREF="auagd022.htm#IDX8179">(8179)</A>
+<LI>fs flush
+<A HREF="auagd015.htm#IDX7462">(7462)</A>
+<LI>fs flushmount
+<A HREF="auagd015.htm#IDX7468">(7468)</A>
+<LI>fs flushvolume
+<A HREF="auagd015.htm#IDX7464">(7464)</A>
+<LI>fs getcacheparms
+<A HREF="auagd015.htm#IDX7382">(7382)</A>
+<LI>fs getcellstatus
+<A HREF="auagd015.htm#IDX7439">(7439)</A>
+<LI>fs getclientaddrs
+<A HREF="auagd015.htm#IDX7495">(7495)</A>
+<LI>fs getserverprefs
+<A HREF="auagd015.htm#IDX7476">(7476)</A>
+<LI>fs listacl
+<A HREF="auagd020.htm#IDX8062">(8062)</A>
+<LI>fs listcells
+<A HREF="auagd015.htm#IDX7421">(7421)</A>
+<LI>fs listquota
+<A HREF="auagd010.htm#IDX6655">(6655)</A>, <A HREF="auagd010.htm#IDX6726">(6726)</A>
+<LI>fs lsmount
+<A HREF="auagd010.htm#IDX6564">(6564)</A>
+<LI>fs messages
+<A HREF="auagd015.htm#IDX7501">(7501)</A>
+<LI>fs mkmount
+<A HREF="auagd010.htm#IDX6476">(6476)</A>
+<MENU>
+<LI>general instructions
+<A HREF="auagd010.htm#IDX6570">(6570)</A>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7802">(7802)</A>
+<LI>when creating user account
+<A HREF="auagd018.htm#IDX7761">(7761)</A>
+<LI>when mounting backup volume
+<A HREF="auagd010.htm#IDX6548">(6548)</A>
+<LI>when renaming volume
+<A HREF="auagd010.htm#IDX6791">(6791)</A>
+<LI>when restoring volume
+<A HREF="auagd010.htm#IDX6776">(6776)</A>
+</MENU>
+<LI>fs newcell
+<A HREF="auagd015.htm#IDX7434">(7434)</A>
+<LI>fs quota
+<A HREF="auagd010.htm#IDX6722">(6722)</A>
+<LI>fs rmmount
+<A HREF="auagd010.htm#IDX6578">(6578)</A>, <A HREF="auagd010.htm#IDX6757">(6757)</A>, <A HREF="auagd010.htm#IDX6789">(6789)</A>, <A HREF="auagd018.htm#IDX7797">(7797)</A>, <A HREF="auagd018.htm#IDX7814">(7814)</A>
+<LI>fs setacl
+<A HREF="auagd020.htm#IDX8074">(8074)</A>
+<MENU>
+<LI>with -clear flag
+<A HREF="auagd020.htm#IDX8087">(8087)</A>
+<LI>with -negative flag
+<A HREF="auagd020.htm#IDX8076">(8076)</A>
+</MENU>
+<LI>fs setcachesize
+<A HREF="auagd015.htm#IDX7393">(7393)</A>
+<LI>fs setcell
+<A HREF="auagd015.htm#IDX7441">(7441)</A>
+<LI>fs setclientaddrs
+<A HREF="auagd015.htm#IDX7497">(7497)</A>
+<LI>fs setquota
+<A HREF="auagd010.htm#IDX6716">(6716)</A>
+<LI>fs setserverprefs
+<A HREF="auagd015.htm#IDX7478">(7478)</A>
+<LI>fs setvol
+<A HREF="auagd010.htm#IDX6720">(6720)</A>
+<LI>fs storebehind
+<MENU>
+<LI>displaying asynchrony for specific files
+<A HREF="auagd015.htm#IDX7518">(7518)</A>
+<LI>displaying default asynchrony
+<A HREF="auagd015.htm#IDX7516">(7516)</A>
+<LI>setting asynchrony for specific files
+<A HREF="auagd015.htm#IDX7514">(7514)</A>
+<LI>setting default asynchrony
+<A HREF="auagd015.htm#IDX7512">(7512)</A>
+</MENU>
+<LI>fs sysname
+<A HREF="auagd015.htm#IDX7505">(7505)</A>
+<LI>fs whereis
+<A HREF="auagd010.htm#IDX6668">(6668)</A>
+<LI>fsck (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5637">(5637)</A>
+<LI>fsck (AFS version)
+<A HREF="auagd007.htm#IDX5639">(5639)</A>
+<LI>fstrace clear
+<A HREF="auagd013.htm#IDX7188">(7188)</A>
+<LI>fstrace dump
+<A HREF="auagd013.htm#IDX7183">(7183)</A>
+<LI>fstrace lslog
+<A HREF="auagd013.htm#IDX7179">(7179)</A>
+<LI>fstrace lsset
+<A HREF="auagd013.htm#IDX7175">(7175)</A>
+<LI>fstrace setlog
+<A HREF="auagd013.htm#IDX7167">(7167)</A>
+<LI>fstrace setset
+<A HREF="auagd013.htm#IDX7171">(7171)</A>
+<LI>ftp (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5829">(5829)</A>
+<LI>ftpd (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5623">(5623)</A>, <A HREF="auagd007.htm#IDX5831">(5831)</A>
+<LI>groups (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5625">(5625)</A>
+<LI>inetd (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5627">(5627)</A>, <A HREF="auagd007.htm#IDX5833">(5833)</A>
+<LI>kas create
+<A HREF="auagd018.htm#IDX7757">(7757)</A>
+<MENU>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7790">(7790)</A>
+</MENU>
+<LI>kas delete
+<A HREF="auagd018.htm#IDX7807">(7807)</A>
+<MENU>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7788">(7788)</A>
+</MENU>
+<LI>kas examine
+<A HREF="auagd014.htm#IDX7278">(7278)</A>
+<MENU>
+<LI>to display ADMIN flag
+<A HREF="auagd021.htm#IDX8131">(8131)</A>
+</MENU>
+<LI>kas interactive
+<A HREF="auagd008.htm#IDX6198">(6198)</A>
+<LI>kas setfields
+<A HREF="auagd007.htm#IDX5793">(5793)</A>, <A HREF="auagd007.htm#IDX5798">(5798)</A>
+<MENU>
+<LI>limiting failed authentication attempts
+<A HREF="auagd018.htm#IDX7767">(7767)</A>
+<LI>prohibiting password reuse
+<A HREF="auagd018.htm#IDX7774">(7774)</A>
+<LI>setting ADMIN flag
+<A HREF="auagd021.htm#IDX8132">(8132)</A>
+<LI>setting password lifetime
+<A HREF="auagd018.htm#IDX7771">(7771)</A>
+</MENU>
+<LI>kas setpassword
+<A HREF="auagd007.htm#IDX5789">(5789)</A>, <A HREF="auagd014.htm#IDX7292">(7292)</A>, <A HREF="auagd018.htm#IDX7779">(7779)</A>
+<LI>kas unlock
+<A HREF="auagd018.htm#IDX7769">(7769)</A>
+<LI>klog
+<A HREF="auagd007.htm#IDX5774">(5774)</A>
+<LI>klog with -setpag flag
+<A HREF="auagd007.htm#IDX5760">(5760)</A>
+<LI>klog.krb
+<A HREF="auagd007.htm#IDX5807">(5807)</A>
+<LI>knfs
+<A HREF="auagd022.htm#IDX8183">(8183)</A>
+<LI>kpasswd
+<A HREF="auagd007.htm#IDX5787">(5787)</A>, <A HREF="auagd007.htm#IDX5802">(5802)</A>, <A HREF="auagd007.htm#IDX5803">(5803)</A>
+<LI>ln (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5629">(5629)</A>
+<LI>mount
+<A HREF="auagd022.htm#IDX8180">(8180)</A>
+<LI>package
+<A HREF="auagd016.htm#IDX7581">(7581)</A>
+<LI>pagsh
+<A HREF="auagd007.htm#IDX5758">(5758)</A>
+<LI>pagsh.krb
+<A HREF="auagd007.htm#IDX5808">(5808)</A>
+<LI>privileged, defined
+<A HREF="auagd008.htm#IDX6176">(6176)</A>
+<LI>pts adduser
+<A HREF="auagd019.htm#IDX7952">(7952)</A>
+<MENU>
+<LI>for system:administrators group
+<A HREF="auagd021.htm#IDX8119">(8119)</A>
+</MENU>
+<LI>pts chown
+<A HREF="auagd019.htm#IDX7970">(7970)</A>
+<LI>pts creategroup
+<A HREF="auagd019.htm#IDX7939">(7939)</A>
+<LI>pts createuser
+<MENU>
+<LI>machine entry
+<A HREF="auagd019.htm#IDX7920">(7920)</A>
+<LI>user account
+<A HREF="auagd018.htm#IDX7755">(7755)</A>
+</MENU>
+<LI>pts delete
+<A HREF="auagd018.htm#IDX7818">(7818)</A>, <A HREF="auagd019.htm#IDX7966">(7966)</A>
+<LI>pts examine
+<A HREF="auagd019.htm#IDX7874">(7874)</A>
+<LI>pts listentries
+<A HREF="auagd019.htm#IDX7912">(7912)</A>
+<LI>pts listmax
+<A HREF="auagd019.htm#IDX8000">(8000)</A>
+<LI>pts listowned
+<A HREF="auagd019.htm#IDX7894">(7894)</A>
+<LI>pts membership
+<A HREF="auagd019.htm#IDX7886">(7886)</A>
+<MENU>
+<LI>displaying system:administrators group
+<A HREF="auagd021.htm#IDX8115">(8115)</A>
+</MENU>
+<LI>pts removeuser
+<A HREF="auagd019.htm#IDX7959">(7959)</A>
+<MENU>
+<LI>for system:administrators group
+<A HREF="auagd021.htm#IDX8123">(8123)</A>
+</MENU>
+<LI>pts rename
+<MENU>
+<LI>machine or group name
+<A HREF="auagd019.htm#IDX7977">(7977)</A>
+<LI>username
+<A HREF="auagd018.htm#IDX7786">(7786)</A>
+</MENU>
+<LI>pts setfields
+<MENU>
+<LI>setting group creation quota
+<A HREF="auagd019.htm#IDX7986">(7986)</A>
+<LI>setting privacy flags
+<A HREF="auagd019.htm#IDX7994">(7994)</A>
+</MENU>
+<LI>pts setmax
+<A HREF="auagd019.htm#IDX8015">(8015)</A>
+<LI>rcp (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5631">(5631)</A>, <A HREF="auagd007.htm#IDX5835">(5835)</A>
+<LI>rlogind (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5633">(5633)</A>, <A HREF="auagd007.htm#IDX5837">(5837)</A>
+<LI>rsh (AFS compared to UNIX)
+<A HREF="auagd007.htm#IDX5635">(5635)</A>, <A HREF="auagd007.htm#IDX5839">(5839)</A>
+<LI>scout
+<A HREF="auagd013.htm#IDX7147">(7147)</A>
+<LI>share
+<A HREF="auagd022.htm#IDX8177">(8177)</A>
+<LI>strings
+<A HREF="auagd008.htm#IDX6132">(6132)</A>
+<LI>sys
+<A HREF="auagd015.htm#IDX7507">(7507)</A>
+<LI>tokens
+<A HREF="auagd007.htm#IDX5772">(5772)</A>
+<LI>tokens.krb
+<A HREF="auagd007.htm#IDX5809">(5809)</A>
+<LI>udebug
+<A HREF="auagd008.htm#IDX5904">(5904)</A>
+<LI>umount
+<A HREF="auagd008.htm#IDX6219">(6219)</A>
+<LI>unlog
+<A HREF="auagd007.htm#IDX5781">(5781)</A>
+<LI>uss add
+<A HREF="auagd017.htm#IDX7717">(7717)</A>
+<LI>uss bulk
+<A HREF="auagd017.htm#IDX7735">(7735)</A>
+<LI>uss delete
+<A HREF="auagd017.htm#IDX7726">(7726)</A>
+<LI>vos addsite
+<A HREF="auagd010.htm#IDX6523">(6523)</A>
+<LI>vos backup
+<A HREF="auagd010.htm#IDX6546">(6546)</A>
+<LI>vos backupsys
+<A HREF="auagd010.htm#IDX6550">(6550)</A>
+<LI>vos changeaddr
+<A HREF="auagd008.htm#IDX6241">(6241)</A>
+<LI>vos create
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6473">(6473)</A>
+<LI>when creating user account
+<A HREF="auagd018.htm#IDX7759">(7759)</A>
+</MENU>
+<LI>vos delentry
+<A HREF="auagd010.htm#IDX6752">(6752)</A>
+<LI>vos dump
+<A HREF="auagd010.htm#IDX6770">(6770)</A>
+<LI>vos examine
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6633">(6633)</A>
+</MENU>
+<LI>vos listaddrs
+<A HREF="auagd008.htm#IDX6239">(6239)</A>
+<LI>vos listpart
+<A HREF="auagd008.htm#IDX6207">(6207)</A>
+<LI>vos listvldb
+<MENU>
+<LI>syntax
+<A HREF="auagd010.htm#IDX6586">(6586)</A>
+</MENU>
+<LI>vos listvol
+<MENU>
+<LI>syntax
+<A HREF="auagd010.htm#IDX6600">(6600)</A>
+</MENU>
+<LI>vos lock
+<A HREF="auagd010.htm#IDX6799">(6799)</A>
+<LI>vos move
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6681">(6681)</A>
+</MENU>
+<LI>vos partinfo
+<A HREF="auagd010.htm#IDX6470">(6470)</A>
+<LI>vos release
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6527">(6527)</A>
+</MENU>
+<LI>vos remove
+<A HREF="auagd018.htm#IDX7810">(7810)</A>
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6755">(6755)</A>
+</MENU>
+<LI>vos remsite
+<A HREF="auagd010.htm#IDX6750">(6750)</A>
+<LI>vos rename
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6787">(6787)</A>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7792">(7792)</A>
+</MENU>
+<LI>vos restore
+<A HREF="auagd010.htm#IDX6774">(6774)</A>, <A HREF="auagd010.htm#IDX6778">(6778)</A>
+<LI>vos syncserv
+<A HREF="auagd010.htm#IDX6699">(6699)</A>
+<LI>vos syncvldb
+<A HREF="auagd010.htm#IDX6697">(6697)</A>
+<LI>vos unlock
+<A HREF="auagd010.htm#IDX6801">(6801)</A>
+<LI>vos unlockvldb
+<A HREF="auagd010.htm#IDX6803">(6803)</A>
+<LI>vos zap
+<A HREF="auagd010.htm#IDX6748">(6748)</A>
+<LI>which
+<A HREF="auagd008.htm#IDX6131">(6131)</A>
+<LI>xstat_cm_test
+<A HREF="auagd013.htm#IDX7238">(7238)</A>
+<LI>xstat_fs_test
+<A HREF="auagd013.htm#IDX7234">(7234)</A>
+</MENU>
+<LI>common configuration files (server)
+<A HREF="auagd008.htm#IDX5934">(5934)</A>
+<LI>compilation
+<MENU>
+<LI>date of, listing on binary file
+<A HREF="auagd008.htm#IDX6117">(6117)</A>
+</MENU>
+<LI>compiling
+<MENU>
+<LI>package prototype file
+<A HREF="auagd016.htm#IDX7575">(7575)</A>
+</MENU>
+<LI>configuration file
+<MENU>
+<LI>instructions for package program
+<A HREF="auagd016.htm#IDX7541">(7541)</A>
+<LI>see entry: <I>CFG_<device_name> configuration file</I>
+<A HREF="auagd011.htm#IDX6956">(6956)</A>
+</MENU>
+<LI>configuration files
+<MENU>
+<LI>client machine
+<A HREF="auagd015.htm#IDX7315">(7315)</A>
+<LI>package program
+<A HREF="auagd016.htm#IDX7529">(7529)</A>
+<LI>server machine, common
+<A HREF="auagd008.htm#IDX6032">(6032)</A>
+</MENU>
+<LI>configuring
+<MENU>
+<LI>afsmonitor program
+<A HREF="auagd013.htm#IDX7203">(7203)</A>
+<LI>Cache Manager
+<A HREF="auagd015.htm#IDX7311">(7311)</A>
+<LI>client machine, issues
+<A HREF="auagd007.htm#IDX5723">(5723)</A>
+<LI>file server machine, issues
+<A HREF="auagd007.htm#IDX5707">(5707)</A>
+<LI>filespace, issues
+<A HREF="auagd007.htm#IDX5682">(5682)</A>
+<LI>local disk of client with package
+<A HREF="auagd016.htm#IDX7519">(7519)</A>
+<LI>trace log (fstrace)
+<A HREF="auagd013.htm#IDX7169">(7169)</A>
+</MENU>
+<LI>Conn statistic from scout program
+<A HREF="auagd013.htm#IDX7119">(7119)</A>
+<LI>consistency guarantees
+<MENU>
+<LI>administrative databases
+<A HREF="auagd008.htm#IDX6070">(6070)</A>
+<LI>cached data
+<A HREF="auagd006.htm#IDX5579">(5579)</A>
+</MENU>
+<LI>constants
+<MENU>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7626">(7626)</A>
+</MENU>
+<LI>contacting processes
+<MENU>
+<LI>Authentication Server
+<A HREF="auagd009.htm#IDX6275">(6275)</A>
+<LI>Backup Server
+<A HREF="auagd009.htm#IDX6259">(6259)</A>
+<LI>BOS Server
+<A HREF="auagd009.htm#IDX6254">(6254)</A>
+<LI>File Server
+<A HREF="auagd009.htm#IDX6267">(6267)</A>
+<LI>NTPD
+<A HREF="auagd009.htm#IDX6284">(6284)</A>
+<LI>Protection Server
+<A HREF="auagd009.htm#IDX6279">(6279)</A>
+<LI>Salvager
+<A HREF="auagd009.htm#IDX6271">(6271)</A>
+<LI>Update Server
+<A HREF="auagd009.htm#IDX6289">(6289)</A>
+<LI>VL Server
+<A HREF="auagd009.htm#IDX6293">(6293)</A>
+<LI>Volume Server
+<A HREF="auagd009.htm#IDX6269">(6269)</A>
+</MENU>
+<LI>controlling
+<MENU>
+<LI>authorization checking for entire cell
+<A HREF="auagd008.htm#IDX6179">(6179)</A>
+<LI>server machine interfaces registered in VLDB
+<A HREF="auagd008.htm#IDX6228">(6228)</A>
+</MENU>
+<LI>conventions
+<MENU>
+<LI>AFS pathnames
+<A HREF="auagd007.htm#IDX5662">(5662)</A>
+<LI>cell name
+<A HREF="auagd007.htm#IDX5650">(5650)</A>
+<LI>volume names
+<A HREF="auagd007.htm#IDX5692">(5692)</A>, <A HREF="auagd010.htm#IDX6461">(6461)</A>
+</MENU>
+<LI>converting
+<MENU>
+<LI>existing UNIX accounts to AFS accounts
+<MENU>
+<LI>with manual account creation
+<A HREF="auagd018.htm#IDX7742">(7742)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7618">(7618)</A>
+</MENU>
+</MENU>
+<LI>coordinator (Ubik)
+<MENU>
+<LI>defined
+<A HREF="auagd008.htm#IDX6060">(6060)</A>
+</MENU>
+<LI>coordinator (Ubik)
+<MENU>
+<LI>election procedure described
+<A HREF="auagd008.htm#IDX6073">(6073)</A>
+</MENU>
+<LI>copying
+<MENU>
+<LI>ACL between directories
+<A HREF="auagd020.htm#IDX8090">(8090)</A>
+</MENU>
+<LI>core files
+<MENU>
+<LI>for server processes
+<A HREF="auagd008.htm#IDX5993">(5993)</A>
+<LI>removing from /usr/afs/logs directory
+<A HREF="auagd008.htm#IDX6127">(6127)</A>
+</MENU>
+<LI>core leak
+<MENU>
+<LI>preventing with scheduled restarts
+<A HREF="auagd009.htm#IDX6392">(6392)</A>
+</MENU>
+<LI>correspondence
+<MENU>
+<LI>of volumes and directories
+<A HREF="auagd006.htm#IDX5563">(5563)</A>
+</MENU>
+<LI>corruption
+<MENU>
+<LI>symptoms and types
+<A HREF="auagd010.htm#IDX6702">(6702)</A>
+</MENU>
+<LI>counter
+<MENU>
+<LI>Protection Database (max user id, max group id)
+<A HREF="auagd019.htm#IDX7995">(7995)</A>
+</MENU>
+<LI>CPS
+<A HREF="auagd019.htm#IDX7822">(7822)</A>
+<LI>creating
+<MENU>
+<LI>ACL as copy of another
+<A HREF="auagd020.htm#IDX8089">(8089)</A>
+<LI>ACL entry
+<A HREF="auagd020.htm#IDX8070">(8070)</A>
+<LI>ACL entry in negative permissions section
+<A HREF="auagd020.htm#IDX8077">(8077)</A>
+<LI>Authentication Database entry
+<MENU>
+<LI>with kas create command
+<A HREF="auagd018.htm#IDX7747">(7747)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7710">(7710)</A>
+</MENU>
+<LI>backup volume
+<A HREF="auagd010.htm#IDX6531">(6531)</A>
+<LI>cellular mount point
+<A HREF="auagd010.htm#IDX6572">(6572)</A>
+<LI>common local password file with uss
+<A HREF="auagd017.htm#IDX7612">(7612)</A>
+<LI>directory with uss
+<A HREF="auagd017.htm#IDX7665">(7665)</A>
+<LI>file with uss
+<A HREF="auagd017.htm#IDX7673">(7673)</A>, <A HREF="auagd017.htm#IDX7679">(7679)</A>
+<LI>group, self-owned
+<A HREF="auagd019.htm#IDX7944">(7944)</A>
+<LI>link (hard or symbolic) with uss
+<A HREF="auagd017.htm#IDX7687">(7687)</A>
+<LI>mount point when changing username
+<A HREF="auagd018.htm#IDX7803">(7803)</A>
+<LI>mount point with uss
+<A HREF="auagd017.htm#IDX7654">(7654)</A>
+<LI>multiple backup volumes at once
+<A HREF="auagd010.htm#IDX6534">(6534)</A>
+<LI>NetInfo file (client version)
+<A HREF="auagd015.htm#IDX7488">(7488)</A>
+<LI>NetInfo file (server version)
+<A HREF="auagd008.htm#IDX6233">(6233)</A>
+<LI>NetRestrict file (client version)
+<A HREF="auagd015.htm#IDX7492">(7492)</A>
+<LI>NetRestrict file (server version)
+<A HREF="auagd008.htm#IDX6236">(6236)</A>
+<LI>PAG with klog or pagsh command
+<A HREF="auagd007.htm#IDX5763">(5763)</A>
+<LI>Protection Database group entry
+<A HREF="auagd019.htm#IDX7921">(7921)</A>
+<LI>Protection Database machine entry
+<A HREF="auagd019.htm#IDX7913">(7913)</A>
+<LI>Protection Database user entry
+<MENU>
+<LI>with pts createuser command
+<A HREF="auagd018.htm#IDX7746">(7746)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7709">(7709)</A>
+</MENU>
+<LI>read-only volume
+<A HREF="auagd010.htm#IDX6486">(6486)</A>
+<LI>read/write or regular mount point
+<A HREF="auagd010.htm#IDX6566">(6566)</A>
+<LI>read/write volume
+<A HREF="auagd010.htm#IDX6463">(6463)</A>
+<LI>server encryption key
+<A HREF="auagd014.htm#IDX7282">(7282)</A>
+<LI>server process
+<A HREF="auagd009.htm#IDX6331">(6331)</A>
+<LI>standard files in new user account
+<A HREF="auagd007.htm#IDX5745">(5745)</A>
+<LI>tape label (Backup System)
+<A HREF="auagd011.htm#IDX6945">(6945)</A>
+<LI>user account
+<MENU>
+<LI> with uss
+<A HREF="auagd017.htm#IDX7705">(7705)</A>
+<LI>with individual commands
+<A HREF="auagd018.htm#IDX7744">(7744)</A>
+</MENU>
+<LI>user account types with uss
+<A HREF="auagd017.htm#IDX7625">(7625)</A>
+<LI>user accounts in bulk with uss
+<A HREF="auagd017.htm#IDX7727">(7727)</A>
+<LI>volume with uss
+<A HREF="auagd017.htm#IDX7644">(7644)</A>
+</MENU>
+<LI>creation date
+<MENU>
+<LI>recorded in volume header
+<A HREF="auagd010.htm#IDX6619">(6619)</A>
+</MENU>
+<LI>creator
+<MENU>
+<LI>Protection Database entry
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7858">(7858)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7906">(7906)</A>
+</MENU>
+</MENU>
+<LI>criteria for replicating volumes
+<A HREF="auagd010.htm#IDX6508">(6508)</A>
+<LI>cron process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auagd009.htm#IDX6348">(6348)</A>
+</MENU>
+<LI>cron server process
+<MENU>
+<LI>defining in BosConfig file
+<A HREF="auagd009.htm#IDX6341">(6341)</A>
+</MENU>
+<LI>cron-type server process
+<MENU>
+<LI>defined
+<A HREF="auagd009.htm#IDX6304">(6304)</A>
+<LI>used to automate volume backup
+<A HREF="auagd010.htm#IDX6542">(6542)</A>
+</MENU>
+<LI>current protection subgroup
+<A HREF="auagd019.htm#IDX7821">(7821)</A>
+<LI>curses graphics utility
+<MENU>
+<LI>afsmonitor program
+<A HREF="auagd013.htm#IDX7195">(7195)</A>
+<LI>scout program requirements
+<A HREF="auagd013.htm#IDX7105">(7105)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_44" HREF="#IDX0_44">D</A></STRONG>
+<MENU>
+<LI>d ACL permission
+<A HREF="auagd020.htm#IDX8030">(8030)</A>
+<LI>D instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auagd016.htm#IDX7542">(7542)</A>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7667">(7667)</A>
+</MENU>
+<LI>daily restart for new binaries
+<MENU>
+<LI>displaying and setting time
+<A HREF="auagd009.htm#IDX6399">(6399)</A>
+</MENU>
+<LI>data
+<MENU>
+<LI>availability interrupted by dumping
+<A HREF="auagd010.htm#IDX6765">(6765)</A>
+</MENU>
+<LI>data cache
+<MENU>
+<LI>changing location of disk cache
+<A HREF="auagd015.htm#IDX7372">(7372)</A>
+<LI>disk cache size
+<MENU>
+<LI>resetting to default value
+<A HREF="auagd015.htm#IDX7394">(7394)</A>
+</MENU>
+<LI>disk versus memory
+<A HREF="auagd015.htm#IDX7353">(7353)</A>
+<LI>displaying size specified in cacheinfo file
+<A HREF="auagd015.htm#IDX7374">(7374)</A>
+<LI>flushing (forcing update)
+<A HREF="auagd015.htm#IDX7454">(7454)</A>
+<LI>size
+<MENU>
+<LI>current, displaying
+<A HREF="auagd015.htm#IDX7377">(7377)</A>
+<LI>recommendations
+<A HREF="auagd015.htm#IDX7355">(7355)</A>
+<LI>set at reboot, displaying
+<A HREF="auagd015.htm#IDX7373">(7373)</A>
+<LI>setting in cacheinfo file
+<A HREF="auagd015.htm#IDX7371">(7371)</A>, <A HREF="auagd015.htm#IDX7383">(7383)</A>
+<LI>setting until next reboot
+<A HREF="auagd015.htm#IDX7388">(7388)</A>
+</MENU>
+<LI>Vn file in
+<A HREF="auagd015.htm#IDX7352">(7352)</A>
+</MENU>
+<LI>data collection
+<MENU>
+<LI>with xstat data collection facility
+<A HREF="auagd013.htm#IDX7211">(7211)</A>
+</MENU>
+<LI>database files
+<A HREF="auagd008.htm#IDX5968">(5968)</A>
+<LI>database server machine
+<MENU>
+<LI>adding
+<MENU>
+<LI>to client CellServDB file and kernel memory
+<A HREF="auagd015.htm#IDX7424">(7424)</A>
+<LI>to server CellServDB file
+<A HREF="auagd008.htm#IDX6151">(6151)</A>
+</MENU>
+<LI>CellServDB file (client), displaying
+<A HREF="auagd015.htm#IDX7417">(7417)</A>
+<LI>CellServDB file (server) entry
+<MENU>
+<LI>adding
+<A HREF="auagd008.htm#IDX6154">(6154)</A>
+<LI>removing
+<A HREF="auagd008.htm#IDX6165">(6165)</A>
+</MENU>
+<LI>client knowledge of
+<A HREF="auagd015.htm#IDX7402">(7402)</A>
+<LI>defined
+<A HREF="auagd008.htm#IDX6021">(6021)</A>
+<LI>displaying list in server CellServDB file
+<A HREF="auagd008.htm#IDX6148">(6148)</A>
+<LI>identifying with bos status
+<A HREF="auagd008.htm#IDX6040">(6040)</A>
+<LI>maintaining
+<A HREF="auagd008.htm#IDX6056">(6056)</A>
+<LI>reason to run three
+<A HREF="auagd007.htm#IDX5711">(5711)</A>
+<LI>removing
+<MENU>
+<LI>from client CellServDB file and kernel memory
+<A HREF="auagd015.htm#IDX7425">(7425)</A>
+<LI>from server CellServDB file
+<A HREF="auagd008.htm#IDX6163">(6163)</A>
+</MENU>
+<LI>use of NetInfo and NetRestrict files
+<A HREF="auagd008.htm#IDX6225">(6225)</A>
+</MENU>
+<LI>database server process
+<MENU>
+<LI>about starting and stopping
+<A HREF="auagd009.htm#IDX6314">(6314)</A>
+<LI>need to run all on every database server machine
+<A HREF="auagd008.htm#IDX6064">(6064)</A>
+<LI>restarting after adding entry to server CellServDB file
+<A HREF="auagd008.htm#IDX6155">(6155)</A>
+<LI>restarting after removing entry from server CellServDB file
+<A HREF="auagd008.htm#IDX6166">(6166)</A>
+<LI>use of CellServDB file
+<A HREF="auagd008.htm#IDX6137">(6137)</A>
+</MENU>
+<LI>database, distributed
+<MENU>
+<LI>see entry: <I>administrative database</I>
+<A HREF="auagd008.htm#IDX6053">(6053)</A>
+</MENU>
+<LI>databases, distributed
+<A HREF="auagd007.htm#IDX5713">(5713)</A>
+<LI>date
+<MENU>
+<LI>on binary file, listing
+<A HREF="auagd008.htm#IDX6116">(6116)</A>
+</MENU>
+<LI>date-specific restores
+<A HREF="auagd012.htm#IDX7060">(7060)</A>
+<LI>default
+<MENU>
+<LI>ACL
+<A HREF="auagd010.htm#IDX6466">(6466)</A>
+<LI>volume quota
+<A HREF="auagd010.htm#IDX6469">(6469)</A>, <A HREF="auagd010.htm#IDX6712">(6712)</A>
+</MENU>
+<LI>defining
+<MENU>
+<LI>directory for even distribution of accounts with uss
+<A HREF="auagd017.htm#IDX7639">(7639)</A>
+<LI>read-only site in VLDB
+<A HREF="auagd010.htm#IDX6520">(6520)</A>
+<LI>server encryption key
+<A HREF="auagd014.htm#IDX7281">(7281)</A>
+<LI>server encryption key in Authentication Database
+<A HREF="auagd014.htm#IDX7286">(7286)</A>
+<LI>server process in BosConfig file
+<A HREF="auagd009.htm#IDX6332">(6332)</A>
+</MENU>
+<LI>delayed write operations
+<MENU>
+<LI>when AFS files saved on NFS clients
+<A HREF="auagd022.htm#IDX8169">(8169)</A>
+</MENU>
+<LI>delete ACL permission
+<MENU>
+<LI>see entry: <I>d ACL permission</I>
+<A HREF="auagd020.htm#IDX8029">(8029)</A>
+</MENU>
+<LI>deleting
+<MENU>
+<LI>Authentication Database entry with uss
+<A HREF="auagd017.htm#IDX7721">(7721)</A>
+<LI>Protection Database user entry with uss
+<A HREF="auagd017.htm#IDX7720">(7720)</A>
+<LI>user accounts in bulk with uss
+<A HREF="auagd017.htm#IDX7730">(7730)</A>
+<LI>user accounts with uss
+<A HREF="auagd017.htm#IDX7718">(7718)</A>
+</MENU>
+<LI>denying
+<MENU>
+<LI>file access with negative ACL entry
+<A HREF="auagd020.htm#IDX8079">(8079)</A>
+</MENU>
+<LI>desynchronization of VLDB/volume headers
+<MENU>
+<LI>fixing
+<A HREF="auagd010.htm#IDX6693">(6693)</A>
+<LI>symptoms of
+<A HREF="auagd010.htm#IDX6689">(6689)</A>
+</MENU>
+<LI>determining
+<MENU>
+<LI>identity of database server machines
+<A HREF="auagd008.htm#IDX6041">(6041)</A>
+<LI>identity of binary distribution machine
+<A HREF="auagd008.htm#IDX6047">(6047)</A>
+<LI>identity of system control machine
+<A HREF="auagd008.htm#IDX6044">(6044)</A>
+<LI>identity of:
+<MENU>
+<LI> simple file server machines
+<A HREF="auagd008.htm#IDX6050">(6050)</A>
+</MENU>
+<LI>roles taken by server machine
+<A HREF="auagd008.htm#IDX6036">(6036)</A>
+<LI>success of replication
+<A HREF="auagd010.htm#IDX6495">(6495)</A>
+</MENU>
+<LI>differences
+<MENU>
+<LI>between AFS and UNIX, summarized
+<A HREF="auagd007.htm#IDX5611">(5611)</A>
+</MENU>
+<LI>directories
+<MENU>
+<LI>/afs
+<A HREF="auagd007.htm#IDX5664">(5664)</A>, <A HREF="auagd007.htm#IDX5685">(5685)</A>
+<LI>/afs/<I>cellname</I>
+<A HREF="auagd007.htm#IDX5666">(5666)</A>, <A HREF="auagd007.htm#IDX5687">(5687)</A>
+<LI>/usr/afs/backup
+<A HREF="auagd011.htm#IDX6861">(6861)</A>
+<LI>conventional under /afs/cell_name
+<A HREF="auagd007.htm#IDX5690">(5690)</A>
+<LI>for grouping user home directories
+<A HREF="auagd007.htm#IDX5741">(5741)</A>
+<LI>lost+found
+<A HREF="auagd007.htm#IDX5640">(5640)</A>
+</MENU>
+<LI>directories (server)
+<MENU>
+<LI>/usr/afs/bin
+<A HREF="auagd008.htm#IDX6089">(6089)</A>
+</MENU>
+<LI>directory
+<MENU>
+<LI>/usr/afs/bin on server machines
+<A HREF="auagd008.htm#IDX5843">(5843)</A>
+<LI>/usr/afs/db on server machines
+<A HREF="auagd008.htm#IDX5967">(5967)</A>
+<LI>/usr/afs/etc
+<A HREF="auagd008.htm#IDX5932">(5932)</A>
+<LI>/usr/afs/local on server machines
+<A HREF="auagd008.htm#IDX5947">(5947)</A>
+<LI>/usr/afs/logs on server machines
+<A HREF="auagd008.htm#IDX5989">(5989)</A>
+<LI>/usr/vice/cache
+<A HREF="auagd015.htm#IDX7342">(7342)</A>
+<LI>/usr/vice/etc
+<A HREF="auagd015.htm#IDX7314">(7314)</A>
+<LI>/vicep on server machines
+<A HREF="auagd008.htm#IDX6009">(6009)</A>
+<LI>correspondence with volume
+<A HREF="auagd006.htm#IDX5562">(5562)</A>
+<LI>creating with package
+<A HREF="auagd016.htm#IDX7545">(7545)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7666">(7666)</A>
+<LI>defining for even distribution of accounts with uss
+<A HREF="auagd017.htm#IDX7640">(7640)</A>
+<LI>disk cache
+<A HREF="auagd015.htm#IDX7343">(7343)</A>
+<LI>flushing from data cache on client machine
+<A HREF="auagd015.htm#IDX7457">(7457)</A>
+<LI>overwritten by uss if exists
+<A HREF="auagd017.htm#IDX7600">(7600)</A>
+<LI>root
+<A HREF="auagd006.htm#IDX5569">(5569)</A>
+</MENU>
+<LI>directory-level data protection
+<MENU>
+<LI>implications
+<A HREF="auagd020.htm#IDX8021">(8021)</A>
+</MENU>
+<LI>directory/file name
+<MENU>
+<LI>translating to volume ID number
+<A HREF="auagd010.htm#IDX6659">(6659)</A>
+<LI>translating to volume location
+<A HREF="auagd010.htm#IDX6665">(6665)</A>
+<LI>translating to volume name
+<A HREF="auagd010.htm#IDX6653">(6653)</A>
+</MENU>
+<LI>disabling
+<MENU>
+<LI>authorization checking
+<A HREF="auagd008.htm#IDX6187">(6187)</A>
+</MENU>
+<LI>discarding
+<MENU>
+<LI>tokens
+<A HREF="auagd007.htm#IDX5782">(5782)</A>
+</MENU>
+<LI>disk
+<MENU>
+<LI>file server machine
+<MENU>
+<LI>adding/installing
+<A HREF="auagd008.htm#IDX6204">(6204)</A>
+<LI>removing
+<A HREF="auagd008.htm#IDX6214">(6214)</A>
+</MENU>
+<LI>local (see entry: <I>local disk</I>)
+<A HREF="auagd016.htm#IDX7521">(7521)</A>
+</MENU>
+<LI>Disk attn statistic from scout program
+<A HREF="auagd013.htm#IDX7128">(7128)</A>
+<LI>disk partition
+<MENU>
+<LI>displaying size of single
+<A HREF="auagd010.htm#IDX6736">(6736)</A>
+<LI>grouping related volumes on
+<A HREF="auagd007.htm#IDX5701">(5701)</A>
+<LI>monitoring usage of
+<A HREF="auagd013.htm#IDX7125">(7125)</A>
+<LI>moving volumes to reduce overcrowding
+<A HREF="auagd010.htm#IDX6672">(6672)</A>
+</MENU>
+<LI>display layout in scout program window
+<A HREF="auagd013.htm#IDX7114">(7114)</A>
+<LI>displaying
+<MENU>
+<LI>ACL entries
+<A HREF="auagd020.htm#IDX8060">(8060)</A>
+<LI>ADMIN flag in Authentication Database entry
+<A HREF="auagd021.htm#IDX8129">(8129)</A>
+<LI>AFS user id and max group id counters
+<A HREF="auagd019.htm#IDX8004">(8004)</A>
+<LI>BOS Server's automatic restart times
+<A HREF="auagd009.htm#IDX6406">(6406)</A>
+<LI>Cache Manager preference ranks for file server machines
+<A HREF="auagd015.htm#IDX7471">(7471)</A>
+<LI>CellServDB file (client)
+<A HREF="auagd015.htm#IDX7416">(7416)</A>
+<LI>CellServDB file (server)
+<A HREF="auagd008.htm#IDX6147">(6147)</A>
+<LI>client interfaces registered with File Server
+<A HREF="auagd015.htm#IDX7485">(7485)</A>
+<LI>contents of trace log (fstrace)
+<A HREF="auagd013.htm#IDX7185">(7185)</A>
+<LI>counters for AFS UID and AFS GID
+<A HREF="auagd019.htm#IDX8003">(8003)</A>
+<LI>creator of Protection Database entry
+<A HREF="auagd019.htm#IDX7839">(7839)</A>, <A HREF="auagd019.htm#IDX7897">(7897)</A>
+<LI>data cache size
+<MENU>
+<LI>set at reboot
+<A HREF="auagd015.htm#IDX7369">(7369)</A>
+<LI>specified in cacheinfo file
+<A HREF="auagd015.htm#IDX7370">(7370)</A>
+</MENU>
+<LI>data cache size, current
+<A HREF="auagd015.htm#IDX7380">(7380)</A>
+<LI>database server machines in server CellServDB file
+<A HREF="auagd008.htm#IDX6149">(6149)</A>
+<LI>disk partition size
+<A HREF="auagd010.htm#IDX6735">(6735)</A>
+<LI>entries from BosConfig file
+<A HREF="auagd009.htm#IDX6325">(6325)</A>
+<LI>group-creation quota in Protection Database entry
+<A HREF="auagd019.htm#IDX7842">(7842)</A>
+<LI>groups owned by a user or group
+<A HREF="auagd019.htm#IDX7888">(7888)</A>
+<LI>groups to which user or machine belongs
+<A HREF="auagd019.htm#IDX7878">(7878)</A>
+<LI>KeyFile file
+<A HREF="auagd014.htm#IDX7269">(7269)</A>
+<LI>log files for server processes
+<A HREF="auagd009.htm#IDX6413">(6413)</A>
+<LI>members of group
+<A HREF="auagd019.htm#IDX7879">(7879)</A>
+<LI>membership count in Protection Database entry
+<A HREF="auagd019.htm#IDX7841">(7841)</A>
+<LI>mount point
+<A HREF="auagd010.htm#IDX6560">(6560)</A>, <A HREF="auagd010.htm#IDX6561">(6561)</A>
+<LI>owner of Protection Database entry
+<A HREF="auagd019.htm#IDX7838">(7838)</A>, <A HREF="auagd019.htm#IDX7896">(7896)</A>
+<LI>privacy flags on Protection Database entry
+<A HREF="auagd019.htm#IDX7840">(7840)</A>
+<LI>Protection Database entries (all)
+<A HREF="auagd019.htm#IDX7895">(7895)</A>
+<LI>Protection Database entry
+<A HREF="auagd019.htm#IDX7837">(7837)</A>
+<LI>server encryption key from Authentication Database
+<A HREF="auagd014.htm#IDX7275">(7275)</A>
+<LI>server encryption keys in KeyFile file
+<A HREF="auagd014.htm#IDX7271">(7271)</A>
+<LI>server entries from VLDB
+<A HREF="auagd008.htm#IDX6229">(6229)</A>
+<LI>server process status
+<A HREF="auagd009.htm#IDX6322">(6322)</A>
+<LI>state of event set (fstrace)
+<A HREF="auagd013.htm#IDX7177">(7177)</A>
+<LI>state of trace log (fstrace)
+<A HREF="auagd013.htm#IDX7181">(7181)</A>
+<LI>system:administrators group members
+<A HREF="auagd021.htm#IDX8113">(8113)</A>
+<LI>tape label (Backup System)
+<A HREF="auagd011.htm#IDX6946">(6946)</A>
+<LI>time stamp on binary file
+<A HREF="auagd008.htm#IDX6118">(6118)</A>
+<LI>UserList file
+<A HREF="auagd021.htm#IDX8151">(8151)</A>
+<LI>VLDB entry
+<MENU>
+<LI>with volume header
+<A HREF="auagd010.htm#IDX6626">(6626)</A>
+</MENU>
+<LI>VLDB entry with volume header
+<A HREF="auagd010.htm#IDX6627">(6627)</A>
+<LI>VLDB server entries
+<A HREF="auagd008.htm#IDX6230">(6230)</A>
+<LI>volume header
+<A HREF="auagd010.htm#IDX6598">(6598)</A>
+<MENU>
+<LI>with VLDB entry
+<A HREF="auagd010.htm#IDX6630">(6630)</A>
+</MENU>
+<LI>volume header with VLDB entry
+<A HREF="auagd010.htm#IDX6631">(6631)</A>
+<LI>volume information
+<A HREF="auagd010.htm#IDX6580">(6580)</A>
+<LI>volume quota
+<MENU>
+<LI>percent used
+<A HREF="auagd010.htm#IDX6724">(6724)</A>
+<LI>with volume & partition info
+<A HREF="auagd010.htm#IDX6732">(6732)</A>
+<LI>with volume size
+<A HREF="auagd010.htm#IDX6728">(6728)</A>
+</MENU>
+<LI>volume size
+<A HREF="auagd010.htm#IDX6730">(6730)</A>, <A HREF="auagd010.htm#IDX6733">(6733)</A>
+<LI>volume's VLDB entry
+<A HREF="auagd010.htm#IDX6582">(6582)</A>
+</MENU>
+<LI>distributed database
+<MENU>
+<LI>see entry: <I>administrative database</I>
+<A HREF="auagd008.htm#IDX6054">(6054)</A>
+</MENU>
+<LI>distributed databases
+<A HREF="auagd007.htm#IDX5714">(5714)</A>
+<LI>distributed file system
+<A HREF="auagd006.htm#IDX5544">(5544)</A>
+<MENU>
+<LI>security issues
+<A HREF="auagd007.htm#IDX5821">(5821)</A>
+</MENU>
+<LI>distribution
+<MENU>
+<LI>of CellServDB file (server)
+<A HREF="auagd008.htm#IDX6142">(6142)</A>
+<LI>of databases
+<A HREF="auagd007.htm#IDX5712">(5712)</A>, <A HREF="auagd008.htm#IDX6052">(6052)</A>
+</MENU>
+<LI>dormant (state of fstrace event set)
+<A HREF="auagd013.htm#IDX7160">(7160)</A>
+<LI>dumb terminal
+<MENU>
+<LI>use in scout program
+<A HREF="auagd013.htm#IDX7109">(7109)</A>
+<LI>use with afsmonitor
+<A HREF="auagd013.htm#IDX7199">(7199)</A>
+</MENU>
+<LI>dump (Backup System)
+<MENU>
+<LI>appended
+<MENU>
+<LI>creating
+<A HREF="auagd012.htm#IDX7030">(7030)</A>
+</MENU>
+<LI>appended, defined
+<A HREF="auagd011.htm#IDX6813">(6813)</A>
+<LI>creating Backup Database record
+<A HREF="auagd012.htm#IDX7029">(7029)</A>
+<LI>defined
+<A HREF="auagd011.htm#IDX6815">(6815)</A>
+<LI>displaying Backup Database record
+<A HREF="auagd012.htm#IDX7034">(7034)</A>
+<LI>full, defined
+<A HREF="auagd011.htm#IDX6816">(6816)</A>
+<LI>ID number, described
+<A HREF="auagd011.htm#IDX6831">(6831)</A>
+<LI>ID number, displaying
+<A HREF="auagd012.htm#IDX7035">(7035)</A>
+<LI>incremental, defined
+<A HREF="auagd011.htm#IDX6817">(6817)</A>
+<LI>initial, defined
+<A HREF="auagd011.htm#IDX6818">(6818)</A>
+<LI>label, described
+<A HREF="auagd011.htm#IDX6834">(6834)</A>
+<LI>name, described
+<A HREF="auagd011.htm#IDX6832">(6832)</A>
+<LI>parent, defined
+<A HREF="auagd011.htm#IDX6814">(6814)</A>
+<LI>set (see entry: <I>dump set</I>)
+<A HREF="auagd011.htm#IDX6819">(6819)</A>
+</MENU>
+<LI>dump hierarchy (Backup System)
+<MENU>
+<LI>creating
+<A HREF="auagd011.htm#IDX6899">(6899)</A>
+<LI>described
+<A HREF="auagd011.htm#IDX6824">(6824)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6937">(6937)</A>
+<LI>dump level
+<MENU>
+<LI>defined
+<A HREF="auagd011.htm#IDX6825">(6825)</A>
+</MENU>
+<LI>dump levels
+<MENU>
+<LI>adding
+<A HREF="auagd011.htm#IDX6917">(6917)</A>
+<LI>deleting
+<A HREF="auagd011.htm#IDX6932">(6932)</A>
+</MENU>
+<LI>expiration date on dump level
+<MENU>
+<LI>described
+<A HREF="auagd011.htm#IDX6826">(6826)</A>
+</MENU>
+<LI>expiration dates
+<A HREF="auagd011.htm#IDX6903">(6903)</A>
+<MENU>
+<LI>assigning to dump levels
+<A HREF="auagd011.htm#IDX6900">(6900)</A>
+<LI>changing
+<A HREF="auagd011.htm#IDX6926">(6926)</A>
+<LI>setting
+<A HREF="auagd011.htm#IDX6920">(6920)</A>
+</MENU>
+</MENU>
+<LI>dump ID number (Backup System)
+<MENU>
+<LI>displaying
+<A HREF="auagd012.htm#IDX7039">(7039)</A>
+</MENU>
+<LI>dump ID numbers (Backup System)
+<A HREF="auagd012.htm#IDX7025">(7025)</A>
+<LI>dump levels
+<MENU>
+<LI>defined
+<A HREF="auagd011.htm#IDX6823">(6823)</A>
+<LI>expiration dates
+<A HREF="auagd011.htm#IDX6904">(6904)</A>
+<MENU>
+<LI>changing
+<A HREF="auagd011.htm#IDX6927">(6927)</A>
+<LI>setting
+<A HREF="auagd011.htm#IDX6921">(6921)</A>
+</MENU>
+<LI>in Backup Database
+<MENU>
+<LI>adding
+<A HREF="auagd011.htm#IDX6916">(6916)</A>
+<LI>deleting
+<A HREF="auagd011.htm#IDX6931">(6931)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6938">(6938)</A>
+</MENU>
+</MENU>
+<LI>dump set (Backup System)
+<MENU>
+<LI>creating
+<A HREF="auagd012.htm#IDX7013">(7013)</A>
+<LI>defined
+<A HREF="auagd011.htm#IDX6820">(6820)</A>
+<LI>deleting from Backup Database
+<A HREF="auagd012.htm#IDX7090">(7090)</A>
+<LI>full dumps
+<A HREF="auagd012.htm#IDX7015">(7015)</A>
+<LI>incremental dumps
+<A HREF="auagd012.htm#IDX7016">(7016)</A>
+</MENU>
+<LI>dumping
+<MENU>
+<LI>Backup Database to tape
+<A HREF="auagd012.htm#IDX7080">(7080)</A>
+<LI>data
+<A HREF="auagd012.htm#IDX7020">(7020)</A>
+<LI>dump ID numbers
+<A HREF="auagd012.htm#IDX7026">(7026)</A>
+<LI>full dumps
+<A HREF="auagd012.htm#IDX7021">(7021)</A>
+<LI>incremental dumps
+<A HREF="auagd012.htm#IDX7022">(7022)</A>
+<LI>trace log contents (fstrace)
+<A HREF="auagd013.htm#IDX7186">(7186)</A>
+<LI>volumes
+<MENU>
+<LI>reasons
+<A HREF="auagd010.htm#IDX6766">(6766)</A>
+<LI>using vos command
+<A HREF="auagd010.htm#IDX6769">(6769)</A>
+<LI>without using AFS Backup System
+<A HREF="auagd010.htm#IDX6759">(6759)</A>
+</MENU>
+</MENU>
+<LI>dynamic kernel loader programs
+<MENU>
+<LI>directory for AFS library files
+<A HREF="auagd015.htm#IDX7337">(7337)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_45" HREF="#IDX0_45">E</A></STRONG>
+<MENU>
+<LI>E instruction
+<MENU>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7683">(7683)</A>
+</MENU>
+<LI>editing
+<MENU>
+<LI>NetInfo file (client version)
+<A HREF="auagd015.htm#IDX7489">(7489)</A>
+<LI>NetInfo file (server version)
+<A HREF="auagd008.htm#IDX6234">(6234)</A>
+<LI>NetRestrict file (client version)
+<A HREF="auagd015.htm#IDX7493">(7493)</A>
+<LI>NetRestrict file (server version)
+<A HREF="auagd008.htm#IDX6237">(6237)</A>
+</MENU>
+<LI>election of Ubik coordinator
+<A HREF="auagd008.htm#IDX6074">(6074)</A>
+<LI>emergency
+<MENU>
+<LI>server encryption keys mismatched
+<A HREF="auagd014.htm#IDX7298">(7298)</A>
+</MENU>
+<LI>enabling authorization checking
+<A HREF="auagd008.htm#IDX6189">(6189)</A>
+<LI>encrypted network communication
+<A HREF="auagd007.htm#IDX5816">(5816)</A>
+<LI>entering
+<MENU>
+<LI>kas interactive mode
+<A HREF="auagd008.htm#IDX6199">(6199)</A>
+</MENU>
+<LI>entry in VLDB
+<MENU>
+<LI>displaying, with volume header
+<A HREF="auagd010.htm#IDX6629">(6629)</A>
+<LI>for volume
+<A HREF="auagd010.htm#IDX6443">(6443)</A>
+<LI>locking/unlocking
+<A HREF="auagd010.htm#IDX6796">(6796)</A>
+</MENU>
+<LI>environment
+<MENU>
+<LI>types compared
+<A HREF="auagd006.htm#IDX5540">(5540)</A>
+</MENU>
+<LI>erasing
+<MENU>
+<LI>all ACL entries
+<A HREF="auagd020.htm#IDX8083">(8083)</A>
+</MENU>
+<LI>etc/exports file
+<A HREF="auagd022.htm#IDX8174">(8174)</A>
+<LI>etc/fstab file
+<MENU>
+<LI>(see entry: <I>file systems registry file</I>)
+<A HREF="auagd008.htm#IDX6211">(6211)</A>
+</MENU>
+<LI>event set (fstrace)
+<MENU>
+<LI>cm
+<A HREF="auagd013.htm#IDX7157">(7157)</A>
+<LI>displaying state
+<A HREF="auagd013.htm#IDX7176">(7176)</A>
+<LI>persistence
+<A HREF="auagd013.htm#IDX7163">(7163)</A>
+<LI>setting
+<A HREF="auagd013.htm#IDX7172">(7172)</A>
+</MENU>
+<LI>events
+<MENU>
+<LI>auditing AFS on AIX server machines
+<A HREF="auagd013.htm#IDX7245">(7245)</A>
+</MENU>
+<LI>examples
+<MENU>
+<LI>library files for package
+<A HREF="auagd016.htm#IDX7539">(7539)</A>
+<LI>prototype files for package
+<A HREF="auagd016.htm#IDX7535">(7535)</A>
+<LI>scout program display
+<A HREF="auagd013.htm#IDX7153">(7153)</A>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7636">(7636)</A>
+</MENU>
+<LI>executing
+<MENU>
+<LI>command using uss template line
+<A HREF="auagd017.htm#IDX7700">(7700)</A>
+</MENU>
+<LI>expiration dates
+<A HREF="auagd011.htm#IDX6901">(6901)</A>
+<MENU>
+<LI>absolute
+<A HREF="auagd011.htm#IDX6905">(6905)</A>
+<LI>changing
+<A HREF="auagd011.htm#IDX6924">(6924)</A>
+<LI>relative
+<A HREF="auagd011.htm#IDX6906">(6906)</A>
+<LI>setting
+<A HREF="auagd011.htm#IDX6918">(6918)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_46" HREF="#IDX0_46">F</A></STRONG>
+<MENU>
+<LI>F instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auagd016.htm#IDX7546">(7546)</A>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7677">(7677)</A>
+</MENU>
+<LI>failure
+<MENU>
+<LI>of file storage due to full partition
+<A HREF="auagd010.htm#IDX6675">(6675)</A>
+<LI>of uss account creation
+<MENU>
+<LI>recovering from
+<A HREF="auagd017.htm#IDX7595">(7595)</A>
+</MENU>
+</MENU>
+<LI>Fetch statistic from scout program
+<A HREF="auagd013.htm#IDX7120">(7120)</A>
+<LI>file
+<MENU>
+<LI>creating standard ones in new user account
+<A HREF="auagd007.htm#IDX5743">(5743)</A>
+<LI>creating with package
+<A HREF="auagd016.htm#IDX7549">(7549)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7674">(7674)</A>, <A HREF="auagd017.htm#IDX7680">(7680)</A>
+<LI>flushing from data cache on client machine
+<A HREF="auagd015.htm#IDX7456">(7456)</A>
+<LI>overwritten by uss if exists
+<A HREF="auagd017.htm#IDX7601">(7601)</A>
+<LI>required on client machine local disk
+<A HREF="auagd007.htm#IDX5726">(5726)</A>
+</MENU>
+<LI>file extension
+<MENU>
+<LI>.BAK
+<A HREF="auagd008.htm#IDX6096">(6096)</A>
+<LI>.OLD
+<A HREF="auagd008.htm#IDX6097">(6097)</A>
+</MENU>
+<LI>File Server
+<MENU>
+<LI>as part of fs process
+<A HREF="auagd009.htm#IDX6262">(6262)</A>, <A HREF="auagd009.htm#IDX6301">(6301)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5866">(5866)</A>
+<LI>client interfaces registered
+<A HREF="auagd015.htm#IDX7483">(7483)</A>
+<LI>collecting data with xstat data collection facility
+<A HREF="auagd013.htm#IDX7213">(7213)</A>
+<LI>CPS requested from Protection Server
+<A HREF="auagd019.htm#IDX7824">(7824)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5582">(5582)</A>
+<LI>displaying log file
+<A HREF="auagd009.htm#IDX6425">(6425)</A>
+<LI>interfaces registered in VLDB
+<MENU>
+<LI>listed in sysid file
+<A HREF="auagd008.htm#IDX5964">(5964)</A>
+</MENU>
+<LI>interfaces registered in VLDB server entry
+<A HREF="auagd008.htm#IDX6226">(6226)</A>
+<LI>monitoring with scout program
+<A HREF="auagd013.htm#IDX7138">(7138)</A>
+<LI>use of NetInfo file
+<A HREF="auagd008.htm#IDX6221">(6221)</A>
+<LI>use of NetRestrict file
+<A HREF="auagd008.htm#IDX6222">(6222)</A>
+<LI>use of sysid file
+<A HREF="auagd008.htm#IDX6223">(6223)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6266">(6266)</A>
+<LI>xstat data collection facility libraries
+<A HREF="auagd013.htm#IDX7215">(7215)</A>
+<LI>xstat data collections
+<A HREF="auagd013.htm#IDX7221">(7221)</A>
+<LI>xstat example commands
+<A HREF="auagd013.htm#IDX7232">(7232)</A>
+<LI>xstat_fs_test example command
+<A HREF="auagd013.htm#IDX7236">(7236)</A>
+</MENU>
+<LI>file server machine
+<A HREF="auagd006.htm#IDX5548">(5548)</A>
+<MENU>
+<LI> partitions, naming
+<A HREF="auagd008.htm#IDX6012">(6012)</A>
+<LI>Cache Manager preference ranks for
+<A HREF="auagd015.htm#IDX7470">(7470)</A>
+<LI>configuration files in /usr/afs/local
+<A HREF="auagd008.htm#IDX5949">(5949)</A>
+<LI>core files in /usr/afs/logs
+<A HREF="auagd008.htm#IDX5990">(5990)</A>
+<LI>database files in /usr/afs/db
+<A HREF="auagd008.htm#IDX5971">(5971)</A>
+<LI>disk
+<MENU>
+<LI>adding/installing
+<A HREF="auagd008.htm#IDX6205">(6205)</A>
+<LI>removing
+<A HREF="auagd008.htm#IDX6215">(6215)</A>
+</MENU>
+<LI>displaying log files
+<A HREF="auagd009.htm#IDX6410">(6410)</A>
+<LI>installing command and process binaries
+<A HREF="auagd008.htm#IDX6094">(6094)</A>
+<LI>log files in /usr/afs/logs
+<A HREF="auagd008.htm#IDX5991">(5991)</A>
+<LI>monitoring outages of
+<A HREF="auagd013.htm#IDX7139">(7139)</A>
+<LI>rebooting, about
+<A HREF="auagd007.htm#IDX5718">(5718)</A>
+<LI>restoring partitions using Backup System
+<A HREF="auagd012.htm#IDX7053">(7053)</A>
+<LI>salvaging volumes
+<A HREF="auagd010.htm#IDX6706">(6706)</A>
+</MENU>
+<LI>file server probe interval
+<MENU>
+<LI>setting for a client machine
+<A HREF="auagd015.htm#IDX7442">(7442)</A>
+</MENU>
+<LI>file storage
+<MENU>
+<LI>failed due to partition crowding
+<A HREF="auagd010.htm#IDX6676">(6676)</A>
+</MENU>
+<LI>file system
+<MENU>
+<LI>defined
+<A HREF="auagd006.htm#IDX5543">(5543)</A>
+<LI>monitoring activity
+<A HREF="auagd013.htm#IDX7101">(7101)</A>
+<LI>salvager (see entry: <I>Salvager</I>)
+<A HREF="auagd009.htm#IDX6265">(6265)</A>
+</MENU>
+<LI>file systems registry file
+<MENU>
+<LI>adding new disk to file server machine
+<A HREF="auagd008.htm#IDX6210">(6210)</A>
+<LI>removing disk from file server machine
+<A HREF="auagd008.htm#IDX6220">(6220)</A>
+</MENU>
+<LI>file tree
+<MENU>
+<LI>conventions
+<MENU>
+<LI> for configuring
+<A HREF="auagd007.htm#IDX5683">(5683)</A>
+<LI>third level
+<A HREF="auagd007.htm#IDX5689">(5689)</A>
+</MENU>
+<LI>creating volumes to match top level directories
+<A HREF="auagd007.htm#IDX5694">(5694)</A>
+</MENU>
+<LI>FileLog file
+<A HREF="auagd008.htm#IDX6001">(6001)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6415">(6415)</A>
+</MENU>
+<LI>files
+<MENU>
+<LI>/usr/afs/etc/KeyFile
+<A HREF="auagd014.htm#IDX7258">(7258)</A>
+<LI>AFS initialization script
+<A HREF="auagd015.htm#IDX7334">(7334)</A>
+<LI>AFS libraries used by dynamic kernel loader programs
+<A HREF="auagd015.htm#IDX7338">(7338)</A>
+<LI>afsd
+<A HREF="auagd015.htm#IDX7320">(7320)</A>
+<LI>afszcm.cat
+<A HREF="auagd015.htm#IDX7340">(7340)</A>
+<LI>AuthLog
+<A HREF="auagd008.htm#IDX5995">(5995)</A>
+<LI>backup command binary
+<A HREF="auagd008.htm#IDX5845">(5845)</A>
+<LI>BackupLog
+<A HREF="auagd008.htm#IDX5997">(5997)</A>
+<LI>bdb.DB0
+<A HREF="auagd008.htm#IDX5972">(5972)</A>
+<LI>bdb.DBSYS1
+<A HREF="auagd008.htm#IDX5974">(5974)</A>
+<LI>bos command binary
+<A HREF="auagd008.htm#IDX5847">(5847)</A>
+<LI>BosConfig
+<A HREF="auagd008.htm#IDX5951">(5951)</A>, <A HREF="auagd009.htm#IDX6296">(6296)</A>
+<LI>BosLog
+<A HREF="auagd008.htm#IDX5999">(5999)</A>
+<LI>bosserver binary
+<A HREF="auagd008.htm#IDX5851">(5851)</A>
+<LI>buserver
+<A HREF="auagd008.htm#IDX5857">(5857)</A>
+<LI>cacheinfo
+<A HREF="auagd015.htm#IDX7323">(7323)</A>
+<LI>CacheItems
+<A HREF="auagd015.htm#IDX7347">(7347)</A>
+<LI>CellServDB (client)
+<A HREF="auagd015.htm#IDX7326">(7326)</A>
+<LI>CellServDB (server)
+<A HREF="auagd008.htm#IDX5938">(5938)</A>, <A HREF="auagd008.htm#IDX6136">(6136)</A>
+<LI>CellServDB file (client)
+<A HREF="auagd015.htm#IDX7401">(7401)</A>
+<LI>CellServDB.local
+<A HREF="auagd007.htm#IDX5673">(5673)</A>
+<LI>CFG_<device_name>
+<A HREF="auagd011.htm#IDX6954">(6954)</A>
+<LI>displaying log files
+<A HREF="auagd009.htm#IDX6414">(6414)</A>
+<LI>exports
+<A HREF="auagd022.htm#IDX8175">(8175)</A>
+<LI>file systems registry (fstab)
+<A HREF="auagd008.htm#IDX6209">(6209)</A>
+<LI>FileLog
+<A HREF="auagd008.htm#IDX6000">(6000)</A>
+<LI>fileserver
+<A HREF="auagd008.htm#IDX5863">(5863)</A>
+<LI>fms.log
+<A HREF="auagd011.htm#IDX6850">(6850)</A>
+<LI>FORCESALVAGE
+<A HREF="auagd008.htm#IDX6016">(6016)</A>
+<LI>global CellServDB
+<A HREF="auagd007.htm#IDX5671">(5671)</A>
+<LI>kas command binary
+<A HREF="auagd008.htm#IDX5867">(5867)</A>
+<LI>kaserver binary file
+<A HREF="auagd008.htm#IDX5871">(5871)</A>
+<LI>kaserver.DB0
+<A HREF="auagd008.htm#IDX5976">(5976)</A>
+<LI>kaserver.DBSYS1
+<A HREF="auagd008.htm#IDX5978">(5978)</A>
+<LI>KeyFile
+<A HREF="auagd008.htm#IDX5940">(5940)</A>
+<LI>NetInfo (client version)
+<A HREF="auagd015.htm#IDX7328">(7328)</A>, <A HREF="auagd015.htm#IDX7486">(7486)</A>
+<LI>NetInfo (server version)
+<A HREF="auagd008.htm#IDX5953">(5953)</A>
+<LI>NetRestrict (client version)
+<A HREF="auagd015.htm#IDX7330">(7330)</A>, <A HREF="auagd015.htm#IDX7490">(7490)</A>
+<LI>NetRestrict (server version)
+<A HREF="auagd008.htm#IDX5955">(5955)</A>
+<LI>NoAuth
+<A HREF="auagd008.htm#IDX5957">(5957)</A>
+<LI>ntpd
+<A HREF="auagd008.htm#IDX5876">(5876)</A>
+<LI>ntpdc
+<A HREF="auagd008.htm#IDX5882">(5882)</A>
+<LI>package Makefile
+<A HREF="auagd016.htm#IDX7571">(7571)</A>
+<LI>prdb.DB0
+<A HREF="auagd008.htm#IDX5980">(5980)</A>
+<LI>prdb.DBSYS1
+<A HREF="auagd008.htm#IDX5982">(5982)</A>
+<LI>pts command binary
+<A HREF="auagd008.htm#IDX5884">(5884)</A>
+<LI>ptserver binary
+<A HREF="auagd008.htm#IDX5888">(5888)</A>
+<LI>runntp
+<A HREF="auagd008.htm#IDX5894">(5894)</A>
+<LI>SALVAGE.fs
+<A HREF="auagd008.htm#IDX5959">(5959)</A>
+<LI>salvage.lock
+<A HREF="auagd008.htm#IDX5961">(5961)</A>
+<LI>SalvageLog
+<A HREF="auagd008.htm#IDX6002">(6002)</A>
+<LI>salvager
+<A HREF="auagd008.htm#IDX5898">(5898)</A>
+<LI>server configuration, in /usr/afs/etc directory
+<A HREF="auagd008.htm#IDX5933">(5933)</A>
+<LI>sysid
+<A HREF="auagd008.htm#IDX5963">(5963)</A>
+<LI>tapeconfig
+<A HREF="auagd011.htm#IDX6847">(6847)</A>
+<LI>ThisCell (client)
+<A HREF="auagd015.htm#IDX7332">(7332)</A>
+<LI>ThisCell (server)
+<A HREF="auagd008.htm#IDX5943">(5943)</A>
+<LI>udebug
+<A HREF="auagd008.htm#IDX5903">(5903)</A>
+<LI>upclient
+<A HREF="auagd008.htm#IDX5908">(5908)</A>
+<LI>upserver
+<A HREF="auagd008.htm#IDX5914">(5914)</A>
+<LI>UserList
+<A HREF="auagd008.htm#IDX5945">(5945)</A>
+<LI>V.<I>vol_ID</I>.vol
+<A HREF="auagd008.htm#IDX6014">(6014)</A>
+<LI>vldb.DB0
+<A HREF="auagd008.htm#IDX5984">(5984)</A>
+<LI>vldb.DBSYS1
+<A HREF="auagd008.htm#IDX5986">(5986)</A>
+<LI>VLLog
+<A HREF="auagd008.htm#IDX6005">(6005)</A>
+<LI>vlserver
+<A HREF="auagd008.htm#IDX5918">(5918)</A>
+<LI>Vn
+<A HREF="auagd015.htm#IDX7350">(7350)</A>
+<LI>VolserLog
+<A HREF="auagd008.htm#IDX6007">(6007)</A>
+<LI>volserver
+<A HREF="auagd008.htm#IDX5925">(5925)</A>
+<LI>VolumeItems
+<A HREF="auagd015.htm#IDX7348">(7348)</A>
+<LI>vos command binary
+<A HREF="auagd008.htm#IDX5929">(5929)</A>
+</MENU>
+<LI>fileserver
+<MENU>
+<LI>(see entry: <I>File Server</I>)
+<A HREF="auagd008.htm#IDX5862">(5862)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5861">(5861)</A>
+</MENU>
+<LI>flexible synchronization site (Ubik)
+<A HREF="auagd008.htm#IDX6075">(6075)</A>
+<LI>flushing
+<MENU>
+<LI>data cache on client machine
+<A HREF="auagd015.htm#IDX7453">(7453)</A>
+</MENU>
+<LI>fms command
+<A HREF="auagd011.htm#IDX6853">(6853)</A>
+<LI>fms.log file
+<A HREF="auagd011.htm#IDX6849">(6849)</A>
+<LI>FORCESALVAGE file
+<A HREF="auagd008.htm#IDX6015">(6015)</A>
+<LI>foreign cell
+<A HREF="auagd006.htm#IDX5555">(5555)</A>
+<MENU>
+<LI>making local cell visible
+<A HREF="auagd007.htm#IDX5670">(5670)</A>
+<LI>making visible in local cell
+<A HREF="auagd007.htm#IDX5677">(5677)</A>
+</MENU>
+<LI>format of CellServDB file (client)
+<A HREF="auagd015.htm#IDX7410">(7410)</A>
+<LI>fs commands
+<MENU>
+<LI> examine
+<A HREF="auagd010.htm#IDX6662">(6662)</A>
+<LI> lsmount
+<A HREF="auagd010.htm#IDX6565">(6565)</A>
+<LI> setquota
+<A HREF="auagd010.htm#IDX6717">(6717)</A>
+<LI> setvol
+<A HREF="auagd010.htm#IDX6721">(6721)</A>
+<LI> whereis
+<A HREF="auagd010.htm#IDX6669">(6669)</A>
+<LI>checkservers
+<A HREF="auagd015.htm#IDX7445">(7445)</A>
+<LI>checkvolumes
+<A HREF="auagd015.htm#IDX7465">(7465)</A>
+<LI>cleanacl
+<A HREF="auagd020.htm#IDX8099">(8099)</A>
+<LI>copyacl
+<A HREF="auagd020.htm#IDX8091">(8091)</A>
+<LI>examine
+<A HREF="auagd010.htm#IDX6738">(6738)</A>
+<LI>exportafs
+<A HREF="auagd022.htm#IDX8178">(8178)</A>
+<LI>flush
+<A HREF="auagd015.htm#IDX7461">(7461)</A>
+<LI>flushmount
+<A HREF="auagd015.htm#IDX7467">(7467)</A>
+<LI>flushvolume
+<A HREF="auagd015.htm#IDX7463">(7463)</A>
+<LI>getcacheparms
+<A HREF="auagd015.htm#IDX7381">(7381)</A>
+<LI>getcellstatus
+<A HREF="auagd015.htm#IDX7438">(7438)</A>
+<LI>getclientaddrs
+<A HREF="auagd015.htm#IDX7494">(7494)</A>
+<LI>getserverprefs
+<A HREF="auagd015.htm#IDX7475">(7475)</A>
+<LI>granting privilege for
+<A HREF="auagd021.htm#IDX8106">(8106)</A>
+<LI>listacl
+<A HREF="auagd020.htm#IDX8061">(8061)</A>
+<LI>listcells
+<A HREF="auagd015.htm#IDX7420">(7420)</A>
+<LI>listquota
+<A HREF="auagd010.htm#IDX6656">(6656)</A>, <A HREF="auagd010.htm#IDX6727">(6727)</A>
+<LI>messages
+<A HREF="auagd015.htm#IDX7500">(7500)</A>
+<LI>mkmount
+<MENU>
+<LI>for read/write volume
+<A HREF="auagd010.htm#IDX6477">(6477)</A>
+<LI>general instructions
+<A HREF="auagd010.htm#IDX6571">(6571)</A>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7801">(7801)</A>
+<LI>when creating user account
+<A HREF="auagd018.htm#IDX7760">(7760)</A>
+<LI>when mounting backup volume
+<A HREF="auagd010.htm#IDX6549">(6549)</A>
+<LI>when renaming volume
+<A HREF="auagd010.htm#IDX6792">(6792)</A>
+<LI>when restoring volume
+<A HREF="auagd010.htm#IDX6777">(6777)</A>
+</MENU>
+<LI>mutual authentication, bypassing
+<A HREF="auagd008.htm#IDX6201">(6201)</A>
+<LI>newcell
+<A HREF="auagd015.htm#IDX7433">(7433)</A>
+<LI>quota
+<A HREF="auagd010.htm#IDX6723">(6723)</A>
+<LI>rmmount
+<A HREF="auagd010.htm#IDX6579">(6579)</A>
+<MENU>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7796">(7796)</A>
+<LI>when removing user account
+<A HREF="auagd018.htm#IDX7813">(7813)</A>
+<LI>when removing volume
+<A HREF="auagd010.htm#IDX6758">(6758)</A>
+<LI>when renaming volume
+<A HREF="auagd010.htm#IDX6790">(6790)</A>
+</MENU>
+<LI>setacl
+<A HREF="auagd020.htm#IDX8073">(8073)</A>
+<MENU>
+<LI>with -clear flag
+<A HREF="auagd020.htm#IDX8086">(8086)</A>
+<LI>with -negative flag
+<A HREF="auagd020.htm#IDX8075">(8075)</A>
+</MENU>
+<LI>setcachesize
+<A HREF="auagd015.htm#IDX7392">(7392)</A>
+<LI>setcell
+<A HREF="auagd015.htm#IDX7440">(7440)</A>
+<LI>setclientaddrs
+<A HREF="auagd015.htm#IDX7496">(7496)</A>
+<LI>setserverprefs
+<A HREF="auagd015.htm#IDX7477">(7477)</A>
+<LI>storebehind
+<MENU>
+<LI>displaying asynchrony for specific files
+<A HREF="auagd015.htm#IDX7517">(7517)</A>
+<LI>displaying default asynchrony
+<A HREF="auagd015.htm#IDX7515">(7515)</A>
+<LI>setting asynchrony for specific files
+<A HREF="auagd015.htm#IDX7513">(7513)</A>
+<LI>setting default asynchrony
+<A HREF="auagd015.htm#IDX7511">(7511)</A>
+</MENU>
+<LI>sysname
+<A HREF="auagd015.htm#IDX7504">(7504)</A>
+</MENU>
+<LI>fs process
+<A HREF="auagd009.htm#IDX6260">(6260)</A>
+<MENU>
+<LI>creating
+<A HREF="auagd009.htm#IDX6347">(6347)</A>
+</MENU>
+<LI>fs server process
+<MENU>
+<LI>defining in BosConfig file
+<A HREF="auagd009.htm#IDX6342">(6342)</A>
+</MENU>
+<LI>fs-type server process
+<MENU>
+<LI>defined
+<A HREF="auagd009.htm#IDX6299">(6299)</A>
+</MENU>
+<LI>fsck command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5636">(5636)</A>
+<LI>AFS version
+<A HREF="auagd007.htm#IDX5638">(5638)</A>
+</MENU>
+<LI>fstab file
+<MENU>
+<LI>(see entry: <I>file systems registry file</I>)
+<A HREF="auagd008.htm#IDX6212">(6212)</A>
+</MENU>
+<LI>fstrace commands
+<MENU>
+<LI>clear
+<A HREF="auagd013.htm#IDX7187">(7187)</A>
+<LI>dump
+<A HREF="auagd013.htm#IDX7182">(7182)</A>
+<LI>example of use
+<A HREF="auagd013.htm#IDX7192">(7192)</A>
+<LI>lslog
+<A HREF="auagd013.htm#IDX7178">(7178)</A>
+<LI>lsset
+<A HREF="auagd013.htm#IDX7174">(7174)</A>
+<LI>privilege requirements
+<A HREF="auagd013.htm#IDX7165">(7165)</A>
+<LI>setlog
+<A HREF="auagd013.htm#IDX7166">(7166)</A>
+<LI>setset
+<A HREF="auagd013.htm#IDX7170">(7170)</A>
+</MENU>
+<LI>fsync system call
+<MENU>
+<LI>for files saved on AFS client
+<A HREF="auagd007.htm#IDX5644">(5644)</A>
+<LI>for files saved on NFS client
+<A HREF="auagd022.htm#IDX8172">(8172)</A>
+</MENU>
+<LI>ftpd command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5622">(5622)</A>, <A HREF="auagd007.htm#IDX5830">(5830)</A>
+</MENU>
+<LI>full dump
+<A HREF="auagd012.htm#IDX7017">(7017)</A>
+<MENU>
+<LI>creating using vos command
+<A HREF="auagd010.htm#IDX6767">(6767)</A>
+</MENU>
+<LI>full restores
+<A HREF="auagd012.htm#IDX7059">(7059)</A>
+</MENU>
+<STRONG><A NAME="IDX1_47" HREF="#IDX0_47">G</A></STRONG>
+<MENU>
+<LI>global namespace
+<A HREF="auagd007.htm#IDX5661">(5661)</A>
+<LI>granting
+<MENU>
+<LI>file access by setting ACL
+<A HREF="auagd020.htm#IDX8069">(8069)</A>
+<LI>privilege for backup commands
+<A HREF="auagd021.htm#IDX8148">(8148)</A>
+<LI>privilege for bos commands
+<A HREF="auagd021.htm#IDX8146">(8146)</A>
+<LI>privilege for fs commands
+<A HREF="auagd021.htm#IDX8109">(8109)</A>
+<LI>privilege for kas commands
+<A HREF="auagd021.htm#IDX8127">(8127)</A>, <A HREF="auagd021.htm#IDX8139">(8139)</A>
+<LI>privilege for pts commands
+<A HREF="auagd021.htm#IDX8110">(8110)</A>
+<LI>privilege for vos commands
+<A HREF="auagd021.htm#IDX8147">(8147)</A>
+</MENU>
+<LI>group
+<MENU>
+<LI> Protection Database entry
+<MENU>
+<LI>name, changing
+<A HREF="auagd019.htm#IDX7975">(7975)</A>
+</MENU>
+<LI>ACL entry, usefulness of
+<A HREF="auagd020.htm#IDX8051">(8051)</A>
+<LI>AFS GID
+<A HREF="auagd007.htm#IDX5746">(5746)</A>
+<LI>AFS GID, assigning
+<A HREF="auagd019.htm#IDX7925">(7925)</A>
+<LI>creation quota (see entry: <I>quota</I>)
+<A HREF="auagd019.htm#IDX7863">(7863)</A>
+<LI>definition
+<A HREF="auagd006.htm#IDX5595">(5595)</A>
+<LI>group use
+<A HREF="auagd019.htm#IDX7936">(7936)</A>
+<LI>groups owned, displaying
+<A HREF="auagd019.htm#IDX7887">(7887)</A>
+<LI>members, adding
+<A HREF="auagd019.htm#IDX7947">(7947)</A>
+<LI>members, displaying
+<A HREF="auagd019.htm#IDX7880">(7880)</A>
+<LI>members, removing
+<A HREF="auagd019.htm#IDX7954">(7954)</A>
+<LI>membership of machine or user, displaying
+<A HREF="auagd019.htm#IDX7881">(7881)</A>
+<LI>name, assigning
+<A HREF="auagd019.htm#IDX7926">(7926)</A>
+<LI>orphaned, displaying
+<A HREF="auagd019.htm#IDX7889">(7889)</A>
+<LI>owned by user or group, displaying
+<A HREF="auagd019.htm#IDX7892">(7892)</A>
+<LI>owner
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7862">(7862)</A>
+<LI>displaying for all
+<A HREF="auagd019.htm#IDX7908">(7908)</A>
+</MENU>
+<LI>privacy flags
+<A HREF="auagd007.htm#IDX5748">(5748)</A>
+<LI>privacy flags on Protection Database entry
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7864">(7864)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7987">(7987)</A>
+</MENU>
+<LI>private use
+<A HREF="auagd019.htm#IDX7932">(7932)</A>
+<LI>Protection Database entry
+<MENU>
+<LI>deleting
+<A HREF="auagd019.htm#IDX7962">(7962)</A>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7861">(7861)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7907">(7907)</A>
+</MENU>
+<LI>Protection Database entry, creating
+<A HREF="auagd019.htm#IDX7924">(7924)</A>
+<LI>Protection Database entry, described
+<A HREF="auagd019.htm#IDX7829">(7829)</A>
+<LI>regular and prefix-less, defined
+<A HREF="auagd019.htm#IDX7927">(7927)</A>
+<LI>restrictions
+<A HREF="auagd007.htm#IDX5747">(5747)</A>
+<LI>rules for naming
+<A HREF="auagd019.htm#IDX7942">(7942)</A>
+<LI>self-owned, creating
+<A HREF="auagd019.htm#IDX7943">(7943)</A>
+<LI>shared use
+<A HREF="auagd019.htm#IDX7934">(7934)</A>
+<LI>system
+<A HREF="auagd019.htm#IDX7832">(7832)</A>
+<LI>system-defined
+<A HREF="auagd007.htm#IDX5753">(5753)</A>
+<LI>system-defined on ACLs
+<A HREF="auagd020.htm#IDX8054">(8054)</A>
+<LI>using effectively
+<A HREF="auagd019.htm#IDX7930">(7930)</A>
+</MENU>
+<LI>group use of group
+<A HREF="auagd019.htm#IDX7935">(7935)</A>
+<LI>groups command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5624">(5624)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_48" HREF="#IDX0_48">H</A></STRONG>
+<MENU>
+<LI>handling
+<MENU>
+<LI>server encryption key emergency
+<A HREF="auagd014.htm#IDX7302">(7302)</A>
+</MENU>
+<LI>hard link
+<MENU>
+<LI>AFS restrictions on
+<A HREF="auagd007.htm#IDX5642">(5642)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7688">(7688)</A>
+<LI>overwritten by uss if exists
+<A HREF="auagd017.htm#IDX7602">(7602)</A>
+</MENU>
+<LI>highlighting statistics in scout display
+<MENU>
+<LI>setting thresholds
+<A HREF="auagd013.htm#IDX7149">(7149)</A>
+<LI>use of reverse video
+<A HREF="auagd013.htm#IDX7132">(7132)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_49" HREF="#IDX0_49">I</A></STRONG>
+<MENU>
+<LI>i ACL permission
+<A HREF="auagd020.htm#IDX8028">(8028)</A>
+<LI>identifying
+<MENU>
+<LI>binary distribution machine
+<A HREF="auagd008.htm#IDX6048">(6048)</A>
+<LI>database server machine
+<A HREF="auagd008.htm#IDX6042">(6042)</A>
+<LI>roles taken by server machine
+<A HREF="auagd008.htm#IDX6037">(6037)</A>
+<LI>simple file server machine
+<A HREF="auagd008.htm#IDX6051">(6051)</A>
+<LI>system control machine
+<A HREF="auagd008.htm#IDX6045">(6045)</A>
+</MENU>
+<LI>inactive (state of fstrace event set)
+<A HREF="auagd013.htm#IDX7159">(7159)</A>
+<LI>incremental dump
+<MENU>
+<LI>creating using vos command
+<A HREF="auagd010.htm#IDX6768">(6768)</A>
+<LI>creating with Backup System
+<A HREF="auagd012.htm#IDX7018">(7018)</A>
+</MENU>
+<LI>inetd command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5626">(5626)</A>, <A HREF="auagd007.htm#IDX5832">(5832)</A>
+</MENU>
+<LI>initialization script for AFS
+<A HREF="auagd015.htm#IDX7335">(7335)</A>
+<LI>initializing
+<MENU>
+<LI>scout program
+<A HREF="auagd013.htm#IDX7145">(7145)</A>
+<LI>server process
+<A HREF="auagd009.htm#IDX6330">(6330)</A>
+</MENU>
+<LI>insert ACL permission
+<MENU>
+<LI>see entry: <I>i ACL permission</I>
+<A HREF="auagd020.htm#IDX8027">(8027)</A>
+</MENU>
+<LI>installing
+<MENU>
+<LI>disk on file server machine
+<A HREF="auagd008.htm#IDX6203">(6203)</A>
+<LI>server binaries
+<A HREF="auagd008.htm#IDX6091">(6091)</A>
+<LI>server process binaries, about
+<A HREF="auagd008.htm#IDX6085">(6085)</A>
+</MENU>
+<LI>intention flag in VLDB entry
+<A HREF="auagd010.htm#IDX6686">(6686)</A>
+<LI>interactive mode (Backup System)
+<MENU>
+<LI>entering
+<A HREF="auagd012.htm#IDX6985">(6985)</A>
+<LI>exiting
+<A HREF="auagd012.htm#IDX6988">(6988)</A>
+<LI>features
+<A HREF="auagd012.htm#IDX6979">(6979)</A>
+<LI>operations
+<MENU>
+<LI>canceling pending/running
+<A HREF="auagd012.htm#IDX6996">(6996)</A>
+<LI>displaying pending/running
+<A HREF="auagd012.htm#IDX6990">(6990)</A>
+</MENU>
+</MENU>
+<LI>interactive mode (kas commands)
+<A HREF="auagd008.htm#IDX6200">(6200)</A>
+<LI>Internet
+<MENU>
+<LI>conventions for cell name
+<A HREF="auagd007.htm#IDX5651">(5651)</A>
+<LI>Network Information Center
+<A HREF="auagd007.htm#IDX5652">(5652)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4A" HREF="#IDX0_4A">J</A></STRONG>
+<MENU>
+<LI>job ID numbers (Backup System)
+<A HREF="auagd012.htm#IDX6980">(6980)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd012.htm#IDX6993">(6993)</A>
+<LI>operations
+<MENU>
+<LI>canceling
+<A HREF="auagd012.htm#IDX6998">(6998)</A>
+</MENU>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4B" HREF="#IDX0_4B">K</A></STRONG>
+<MENU>
+<LI>k ACL permission
+<A HREF="auagd020.htm#IDX8038">(8038)</A>
+<LI>kas commands
+<MENU>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5868">(5868)</A>
+<LI>create
+<A HREF="auagd018.htm#IDX7756">(7756)</A>
+<MENU>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7789">(7789)</A>
+</MENU>
+<LI>delete
+<MENU>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7787">(7787)</A>
+<LI>when removing user account
+<A HREF="auagd018.htm#IDX7806">(7806)</A>
+</MENU>
+<LI>examine
+<MENU>
+<LI>to display ADMIN flag
+<A HREF="auagd021.htm#IDX8130">(8130)</A>
+</MENU>
+<LI>examine, to inspect afs key
+<A HREF="auagd014.htm#IDX7279">(7279)</A>
+<LI>granting privilege for
+<A HREF="auagd021.htm#IDX8125">(8125)</A>
+<LI>interactive
+<A HREF="auagd008.htm#IDX6197">(6197)</A>
+<LI>mutual authentication, bypassing
+<A HREF="auagd008.htm#IDX6194">(6194)</A>
+<LI>setfields
+<A HREF="auagd007.htm#IDX5792">(5792)</A>, <A HREF="auagd007.htm#IDX5797">(5797)</A>
+<MENU>
+<LI>limiting failed authentication attempts
+<A HREF="auagd018.htm#IDX7766">(7766)</A>
+<LI>prohibiting password reuse
+<A HREF="auagd018.htm#IDX7773">(7773)</A>
+<LI>setting ADMIN flag
+<A HREF="auagd021.htm#IDX8133">(8133)</A>
+<LI>setting password lifetime
+<A HREF="auagd018.htm#IDX7770">(7770)</A>
+</MENU>
+<LI>setpassword
+<A HREF="auagd007.htm#IDX5788">(5788)</A>, <A HREF="auagd007.htm#IDX5804">(5804)</A>, <A HREF="auagd014.htm#IDX7291">(7291)</A>, <A HREF="auagd018.htm#IDX7778">(7778)</A>
+<LI>setpassword , when handling key emergency
+<A HREF="auagd014.htm#IDX7307">(7307)</A>
+<LI>unlock
+<A HREF="auagd018.htm#IDX7768">(7768)</A>
+</MENU>
+<LI>kaserver process
+<MENU>
+<LI>(see entry: <I>Authentication Server</I>)
+<A HREF="auagd008.htm#IDX5870">(5870)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5869">(5869)</A>
+</MENU>
+<LI>kaserver.DB0 file
+<A HREF="auagd008.htm#IDX5977">(5977)</A>
+<LI>kaserver.DBSYS1 file
+<A HREF="auagd008.htm#IDX5979">(5979)</A>
+<LI>Kerberos
+<MENU>
+<LI>support for in AFS
+<A HREF="auagd007.htm#IDX5806">(5806)</A>
+<LI>use of usernames
+<A HREF="auagd006.htm#IDX5590">(5590)</A>
+</MENU>
+<LI>kernel memory (client)
+<MENU>
+<LI>CellServDB file, reading into
+<A HREF="auagd015.htm#IDX7408">(7408)</A>
+</MENU>
+<LI>key version number
+<MENU>
+<LI>defined
+<A HREF="auagd014.htm#IDX7255">(7255)</A>
+</MENU>
+<LI>KeyFile file
+<MENU>
+<LI>adding server encryption key
+<A HREF="auagd014.htm#IDX7284">(7284)</A>
+<LI>displaying
+<A HREF="auagd014.htm#IDX7268">(7268)</A>
+<LI>function of
+<A HREF="auagd008.htm#IDX5939">(5939)</A>
+<LI>removing server encryption key
+<A HREF="auagd014.htm#IDX7295">(7295)</A>
+<LI>storage site for server encryption keys
+<A HREF="auagd014.htm#IDX7257">(7257)</A>
+</MENU>
+<LI>klog command
+<A HREF="auagd007.htm#IDX5775">(5775)</A>
+<MENU>
+<LI>limiting failed attempts
+<A HREF="auagd018.htm#IDX7765">(7765)</A>
+<LI>when handling key emergency
+<A HREF="auagd014.htm#IDX7305">(7305)</A>
+<LI>with -setpag flag
+<A HREF="auagd007.htm#IDX5761">(5761)</A>
+</MENU>
+<LI>klog.krb command
+<A HREF="auagd007.htm#IDX5810">(5810)</A>
+<LI>knfs command
+<A HREF="auagd022.htm#IDX8182">(8182)</A>
+<LI>kpasswd command
+<A HREF="auagd007.htm#IDX5786">(5786)</A>, <A HREF="auagd007.htm#IDX5801">(5801)</A>
+<LI>kpwvalid program
+<A HREF="auagd007.htm#IDX5805">(5805)</A>
+<LI>kvno
+<MENU>
+<LI>see entry: <I>key version number</I>
+<A HREF="auagd014.htm#IDX7256">(7256)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4C" HREF="#IDX0_4C">L</A></STRONG>
+<MENU>
+<LI>l ACL permission
+<A HREF="auagd020.htm#IDX8026">(8026)</A>
+<LI>L instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auagd016.htm#IDX7550">(7550)</A>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7684">(7684)</A>
+</MENU>
+<LI>learning
+<MENU>
+<LI>volume ID
+<MENU>
+<LI>given directory/file name
+<A HREF="auagd010.htm#IDX6658">(6658)</A>
+<LI>given volume name
+<A HREF="auagd010.htm#IDX6636">(6636)</A>
+</MENU>
+<LI>volume location
+<MENU>
+<LI>given directory/file name
+<A HREF="auagd010.htm#IDX6664">(6664)</A>
+<LI>given volume name/ID number
+<A HREF="auagd010.htm#IDX6646">(6646)</A>
+</MENU>
+<LI>volume name
+<MENU>
+<LI>given directory/file name
+<A HREF="auagd010.htm#IDX6652">(6652)</A>
+<LI>given volume ID number
+<A HREF="auagd010.htm#IDX6641">(6641)</A>
+</MENU>
+</MENU>
+<LI>length restriction on volume names
+<A HREF="auagd010.htm#IDX6460">(6460)</A>
+<LI>library files in package
+<A HREF="auagd016.htm#IDX7533">(7533)</A>
+<MENU>
+<LI>constructing
+<A HREF="auagd016.htm#IDX7568">(7568)</A>
+<LI>examples
+<A HREF="auagd016.htm#IDX7537">(7537)</A>
+</MENU>
+<LI>libxstat_cm.a library
+<A HREF="auagd013.htm#IDX7218">(7218)</A>
+<MENU>
+<LI>data collections
+<A HREF="auagd013.htm#IDX7225">(7225)</A>
+<LI>example command using
+<A HREF="auagd013.htm#IDX7231">(7231)</A>
+<LI>obtaining more information
+<A HREF="auagd013.htm#IDX7228">(7228)</A>
+<LI>routines
+<A HREF="auagd013.htm#IDX7220">(7220)</A>
+<LI>xstat_cm_test example command
+<A HREF="auagd013.htm#IDX7239">(7239)</A>
+</MENU>
+<LI>libxstat_fs.a library
+<A HREF="auagd013.htm#IDX7217">(7217)</A>
+<MENU>
+<LI>data collections
+<A HREF="auagd013.htm#IDX7224">(7224)</A>
+<LI>example command using
+<A HREF="auagd013.htm#IDX7230">(7230)</A>
+<LI>obtaining more information
+<A HREF="auagd013.htm#IDX7227">(7227)</A>
+<LI>routines
+<A HREF="auagd013.htm#IDX7219">(7219)</A>
+<LI>xstat_fs_test example command
+<A HREF="auagd013.htm#IDX7235">(7235)</A>
+</MENU>
+<LI>listing
+<MENU>
+<LI>tokens held by issuer
+<A HREF="auagd007.htm#IDX5773">(5773)</A>
+</MENU>
+<LI>ln command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5628">(5628)</A>
+</MENU>
+<LI>local cell
+<A HREF="auagd006.htm#IDX5553">(5553)</A>
+<MENU>
+<LI>granting foreign users access to
+<A HREF="auagd007.htm#IDX5680">(5680)</A>
+<LI>making foreign cells visible in
+<A HREF="auagd007.htm#IDX5676">(5676)</A>
+<LI>making visible to foreign cells
+<A HREF="auagd007.htm#IDX5669">(5669)</A>
+</MENU>
+<LI>local configuration files (server)
+<A HREF="auagd008.htm#IDX5948">(5948)</A>
+<LI>local disk
+<MENU>
+<LI>configuring on client, using package
+<A HREF="auagd016.htm#IDX7522">(7522)</A>
+<LI>files required on client machine
+<A HREF="auagd007.htm#IDX5725">(5725)</A>
+<LI>protecting on file server machine
+<A HREF="auagd007.htm#IDX5716">(5716)</A>
+</MENU>
+<LI>local password file
+<MENU>
+<LI>creating common source version with uss
+<A HREF="auagd017.htm#IDX7613">(7613)</A>, <A HREF="auagd017.htm#IDX7615">(7615)</A>
+<LI>creating entry for AFS user
+<MENU>
+<LI>with manual account creation
+<A HREF="auagd018.htm#IDX7737">(7737)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7604">(7604)</A>
+</MENU>
+<LI>setting password in
+<MENU>
+<LI>with manual account creation
+<A HREF="auagd018.htm#IDX7741">(7741)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7611">(7611)</A>
+</MENU>
+<LI>when not using AFS-modified login utility
+<A HREF="auagd007.htm#IDX5769">(5769)</A>
+<LI>when using AFS--modified login utility
+<A HREF="auagd007.htm#IDX5766">(5766)</A>
+</MENU>
+<LI>location
+<MENU>
+<LI>setting for client
+<A HREF="auagd015.htm#IDX7375">(7375)</A>
+<LI>standard for uss template file
+<A HREF="auagd017.htm#IDX7632">(7632)</A>
+</MENU>
+<LI>lock ACL permission
+<MENU>
+<LI>see entry: <I>k ACL permission</I>
+<A HREF="auagd020.htm#IDX8037">(8037)</A>
+</MENU>
+<LI>locked VLDB entry
+<MENU>
+<LI>displaying
+<A HREF="auagd010.htm#IDX6585">(6585)</A>
+<LI>unlocking
+<A HREF="auagd010.htm#IDX6798">(6798)</A>
+</MENU>
+<LI>locking
+<MENU>
+<LI>VLDB entry
+<A HREF="auagd010.htm#IDX6793">(6793)</A>, <A HREF="auagd010.htm#IDX6794">(6794)</A>
+</MENU>
+<LI>log files
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6412">(6412)</A>
+<LI>fms.log
+<A HREF="auagd011.htm#IDX6851">(6851)</A>
+<LI>for replicated databases
+<A HREF="auagd008.htm#IDX5970">(5970)</A>
+<LI>for server processes
+<A HREF="auagd008.htm#IDX5992">(5992)</A>
+</MENU>
+<LI>login
+<MENU>
+<LI>limiting failed attempts
+<A HREF="auagd018.htm#IDX7764">(7764)</A>
+</MENU>
+<LI>login utility
+<MENU>
+<LI>AFS version
+<A HREF="auagd007.htm#IDX5765">(5765)</A>
+<LI>AFS version's interaction with local password file
+<A HREF="auagd007.htm#IDX5767">(5767)</A>
+</MENU>
+<LI>lookup ACL permission
+<MENU>
+<LI>see entry: <I>l ACL permission</I>
+<A HREF="auagd020.htm#IDX8025">(8025)</A>
+</MENU>
+<LI>lost+found directory
+<A HREF="auagd007.htm#IDX5641">(5641)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4D" HREF="#IDX0_4D">M</A></STRONG>
+<MENU>
+<LI>machine
+<MENU>
+<LI>adding to group
+<A HREF="auagd019.htm#IDX7950">(7950)</A>
+<LI>AFS UID, assigning
+<A HREF="auagd019.htm#IDX7917">(7917)</A>
+<LI>group memberships
+<MENU>
+<LI>displaying number
+<A HREF="auagd019.htm#IDX7865">(7865)</A>
+</MENU>
+<LI>group memberships, displaying
+<A HREF="auagd019.htm#IDX7883">(7883)</A>
+<LI>privacy flags on Protection Database entry
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7867">(7867)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7989">(7989)</A>
+</MENU>
+<LI>Protection Database entry
+<MENU>
+<LI>deleting
+<A HREF="auagd019.htm#IDX7964">(7964)</A>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7866">(7866)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7909">(7909)</A>
+<LI>name, changing
+<A HREF="auagd019.htm#IDX7976">(7976)</A>
+</MENU>
+<LI>Protection Database entry, creating
+<A HREF="auagd019.htm#IDX7916">(7916)</A>
+<LI>Protection Database entry, described
+<A HREF="auagd019.htm#IDX7827">(7827)</A>
+<LI>removing from group
+<A HREF="auagd019.htm#IDX7957">(7957)</A>
+</MENU>
+<LI>mainframe
+<MENU>
+<LI>computing environment
+<A HREF="auagd006.htm#IDX5541">(5541)</A>
+</MENU>
+<LI>maintaining
+<MENU>
+<LI>CellServDB file (client)
+<A HREF="auagd015.htm#IDX7411">(7411)</A>
+<LI>synchrony of VLDB with volume headers
+<A HREF="auagd010.htm#IDX6449">(6449)</A>
+</MENU>
+<LI>majority
+<MENU>
+<LI>defined for Ubik
+<A HREF="auagd008.htm#IDX6078">(6078)</A>
+</MENU>
+<LI>Makefile for package
+<A HREF="auagd016.htm#IDX7570">(7570)</A>
+<MENU>
+<LI>modifying
+<A HREF="auagd016.htm#IDX7573">(7573)</A>
+</MENU>
+<LI>mapping
+<MENU>
+<LI>AFS ID to group, machine, or username
+<A HREF="auagd019.htm#IDX7851">(7851)</A>
+<LI>group name to AFS GID
+<A HREF="auagd019.htm#IDX7854">(7854)</A>
+<LI>machine name to AFS UID
+<A HREF="auagd019.htm#IDX7853">(7853)</A>
+<LI>username to AFS UID
+<A HREF="auagd019.htm#IDX7852">(7852)</A>
+</MENU>
+<LI>max group id counter (Protection Database)
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX8002">(8002)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX8006">(8006)</A>
+</MENU>
+<LI>max user id counter (Protection Database)
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX8001">(8001)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX8005">(8005)</A>
+</MENU>
+<LI>maximum volume quota
+<A HREF="auagd010.htm#IDX6713">(6713)</A>
+<LI>MaxQuota field in volume header
+<A HREF="auagd010.htm#IDX6618">(6618)</A>
+<LI>members
+<MENU>
+<LI>group, adding
+<A HREF="auagd019.htm#IDX7948">(7948)</A>
+<LI>group, displaying
+<A HREF="auagd019.htm#IDX7859">(7859)</A>, <A HREF="auagd019.htm#IDX7884">(7884)</A>
+<LI>group, removing
+<A HREF="auagd019.htm#IDX7955">(7955)</A>
+</MENU>
+<LI>membership
+<MENU>
+<LI>system groups
+<A HREF="auagd019.htm#IDX7833">(7833)</A>
+</MENU>
+<LI>memory state of BOS Server
+<A HREF="auagd009.htm#IDX6313">(6313)</A>
+<LI>message line in scout program display
+<A HREF="auagd013.htm#IDX7130">(7130)</A>
+<LI>mode bits (UNIX)
+<MENU>
+<LI>interpretation in AFS
+<A HREF="auagd020.htm#IDX8102">(8102)</A>
+</MENU>
+<LI>modifying
+<MENU>
+<LI>clients to run package
+<A HREF="auagd016.htm#IDX7580">(7580)</A>
+<LI>package Makefile
+<A HREF="auagd016.htm#IDX7574">(7574)</A>
+</MENU>
+<LI>monitoring
+<MENU>
+<LI>Cache Manager performance
+<A HREF="auagd013.htm#IDX7098">(7098)</A>
+<LI>Cache Manager processes with afsmonitor
+<A HREF="auagd013.htm#IDX7097">(7097)</A>
+<LI>disk usage with scout program
+<A HREF="auagd013.htm#IDX7126">(7126)</A>
+<LI>file server processes with afsmonitor
+<A HREF="auagd013.htm#IDX7096">(7096)</A>
+<LI>file server processes with scout
+<A HREF="auagd013.htm#IDX7095">(7095)</A>
+<LI>outages with scout program
+<A HREF="auagd013.htm#IDX7137">(7137)</A>
+<LI>server processes
+<A HREF="auagd009.htm#IDX6247">(6247)</A>
+</MENU>
+<LI>mount command
+<A HREF="auagd022.htm#IDX8181">(8181)</A>
+<LI>MOUNT instruction in CFG_<I>device_name</I> file
+<A HREF="auagd011.htm#IDX6958">(6958)</A>
+<LI>mount point
+<MENU>
+<LI>cellular
+<MENU>
+<LI>creating
+<A HREF="auagd010.htm#IDX6574">(6574)</A>
+<LI>described
+<A HREF="auagd010.htm#IDX6558">(6558)</A>
+</MENU>
+<LI>changing when renaming user
+<A HREF="auagd018.htm#IDX7798">(7798)</A>
+<LI>choosing name for user volume
+<A HREF="auagd007.htm#IDX5739">(5739)</A>
+<LI>creating cellular
+<A HREF="auagd010.htm#IDX6573">(6573)</A>
+<LI>creating multiple per volume
+<A HREF="auagd010.htm#IDX6457">(6457)</A>
+<LI>creating read/write or regular
+<A HREF="auagd010.htm#IDX6567">(6567)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7656">(7656)</A>
+<LI>defined
+<A HREF="auagd010.htm#IDX6452">(6452)</A>
+<LI>definition
+<A HREF="auagd006.htm#IDX5567">(5567)</A>
+<LI>displaying
+<A HREF="auagd010.htm#IDX6562">(6562)</A>
+<LI>distinguishing different types
+<A HREF="auagd010.htm#IDX6563">(6563)</A>
+<LI>flushing from data cache on client machine
+<A HREF="auagd015.htm#IDX7459">(7459)</A>
+<LI>read/write
+<MENU>
+<LI>creating
+<A HREF="auagd010.htm#IDX6569">(6569)</A>
+<LI>described
+<A HREF="auagd010.htm#IDX6556">(6556)</A>
+</MENU>
+<LI>regular
+<MENU>
+<LI>creating
+<A HREF="auagd010.htm#IDX6568">(6568)</A>
+<LI>described
+<A HREF="auagd010.htm#IDX6554">(6554)</A>
+</MENU>
+<LI>removing
+<A HREF="auagd010.htm#IDX6577">(6577)</A>, <A HREF="auagd010.htm#IDX6742">(6742)</A>
+<LI>removing when removing user account
+<A HREF="auagd018.htm#IDX7815">(7815)</A>
+</MENU>
+<LI>mounting
+<MENU>
+<LI>backup volume
+<A HREF="auagd010.htm#IDX6543">(6543)</A>
+<LI>disk on file server machine
+<A HREF="auagd008.htm#IDX6206">(6206)</A>
+<LI>foreign volume in local cell
+<A HREF="auagd010.htm#IDX6559">(6559)</A>
+<LI>read-only volume
+<A HREF="auagd010.htm#IDX6512">(6512)</A>
+<LI>read/write volume
+<A HREF="auagd010.htm#IDX6474">(6474)</A>
+<LI>volume
+<MENU>
+<LI>about
+<A HREF="auagd010.htm#IDX6454">(6454)</A>
+<LI>general instructions
+<A HREF="auagd010.htm#IDX6552">(6552)</A>
+</MENU>
+</MENU>
+<LI>moving
+<MENU>
+<LI>volume
+<A HREF="auagd010.htm#IDX6670">(6670)</A>
+</MENU>
+<LI>mutual authentication
+<A HREF="auagd007.htm#IDX5820">(5820)</A>
+<MENU>
+<LI>failure due to mismatched keys
+<A HREF="auagd014.htm#IDX7300">(7300)</A>
+<LI>preventing
+<A HREF="auagd008.htm#IDX6191">(6191)</A>
+<LI>server encryption key's role
+<A HREF="auagd014.htm#IDX7248">(7248)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4E" HREF="#IDX0_4E">N</A></STRONG>
+<MENU>
+<LI>name
+<MENU>
+<LI>Protection Database entry
+<MENU>
+<LI>changing
+<A HREF="auagd019.htm#IDX7973">(7973)</A>
+</MENU>
+</MENU>
+<LI>NAME_CHECK instruction in CFG_<I>device_name</I> file
+<A HREF="auagd011.htm#IDX6970">(6970)</A>
+<LI>needs salvage status flag in volume header
+<A HREF="auagd010.htm#IDX6606">(6606)</A>
+<LI>negative ACL permissions
+<MENU>
+<LI>defined
+<A HREF="auagd020.htm#IDX8050">(8050)</A>
+</MENU>
+<LI>NetInfo file (client version)
+<A HREF="auagd015.htm#IDX7327">(7327)</A>, <A HREF="auagd015.htm#IDX7487">(7487)</A>
+<LI>NetInfo file (server version)
+<A HREF="auagd008.htm#IDX5952">(5952)</A>
+<MENU>
+<LI>creating/editing
+<A HREF="auagd008.htm#IDX6232">(6232)</A>
+</MENU>
+<LI>NetRestrict file (client version)
+<A HREF="auagd015.htm#IDX7329">(7329)</A>, <A HREF="auagd015.htm#IDX7491">(7491)</A>
+<LI>NetRestrict file (server version)
+<A HREF="auagd008.htm#IDX5954">(5954)</A>
+<MENU>
+<LI>creating/editing
+<A HREF="auagd008.htm#IDX6235">(6235)</A>
+</MENU>
+<LI>network
+<MENU>
+<LI>as computing environment
+<A HREF="auagd006.htm#IDX5539">(5539)</A>
+<LI>defined
+<A HREF="auagd006.htm#IDX5538">(5538)</A>
+<LI>encrypted communication in AFS
+<A HREF="auagd007.htm#IDX5815">(5815)</A>
+<LI>reducing traffic through caching
+<A HREF="auagd006.htm#IDX5576">(5576)</A>
+</MENU>
+<LI>Network Information Center (for Internet)
+<A HREF="auagd007.htm#IDX5653">(5653)</A>
+<LI>Network Time Protocol Daemon
+<MENU>
+<LI>(see entry: <I>NTPD</I>)
+<A HREF="auagd008.htm#IDX5880">(5880)</A>
+</MENU>
+<LI>New release
+<MENU>
+<LI>status flag on site definition in VLDB entry
+<A HREF="auagd010.htm#IDX6597">(6597)</A>
+</MENU>
+<LI>New release site flag in VLDB
+<MENU>
+<LI>as indicator of failed replication
+<A HREF="auagd010.htm#IDX6502">(6502)</A>
+</MENU>
+<LI>NFS/AFS Translator
+<A HREF="auagd022.htm#IDX8162">(8162)</A>
+<MENU>
+<LI>AFSCONF environment variable
+<A HREF="auagd022.htm#IDX8165">(8165)</A>
+</MENU>
+<LI>NoAuth file
+<A HREF="auagd008.htm#IDX5956">(5956)</A>
+<MENU>
+<LI>creating in emergencies
+<A HREF="auagd014.htm#IDX7303">(7303)</A>
+</MENU>
+<LI>none shorthand for ACL permissions
+<A HREF="auagd020.htm#IDX8045">(8045)</A>
+<LI>normal ACL permissions
+<MENU>
+<LI>defined
+<A HREF="auagd020.htm#IDX8049">(8049)</A>
+</MENU>
+<LI>Not released
+<MENU>
+<LI>status flag on site definition in VLDB entry
+<A HREF="auagd010.htm#IDX6595">(6595)</A>
+</MENU>
+<LI>NotRun status flag in BosConfig file
+<MENU>
+<LI>changing to Run
+<A HREF="auagd009.htm#IDX6366">(6366)</A>
+<LI>defined
+<A HREF="auagd009.htm#IDX6308">(6308)</A>
+</MENU>
+<LI>NTPD
+<A HREF="auagd008.htm#IDX5879">(5879)</A>
+<LI>ntpd
+<MENU>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5875">(5875)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5607">(5607)</A>
+<LI>invoked by runntp process
+<A HREF="auagd009.htm#IDX6281">(6281)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6283">(6283)</A>
+</MENU>
+<LI>ntpdc
+<MENU>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5881">(5881)</A>
+</MENU>
+<LI>number variables
+<MENU>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7630">(7630)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4F" HREF="#IDX0_4F">O</A></STRONG>
+<MENU>
+<LI>Off-line status flag in volume header
+<A HREF="auagd010.htm#IDX6605">(6605)</A>
+<LI>Old release
+<MENU>
+<LI>status flag on site definition in VLDB entry
+<A HREF="auagd010.htm#IDX6596">(6596)</A>
+</MENU>
+<LI>Old release site flag in VLDB
+<MENU>
+<LI>as indicator of failed replication
+<A HREF="auagd010.htm#IDX6503">(6503)</A>
+</MENU>
+<LI>OLD version of binary file
+<MENU>
+<LI>created by bos install command
+<A HREF="auagd008.htm#IDX6099">(6099)</A>
+<LI>removing obsolete
+<A HREF="auagd008.htm#IDX6122">(6122)</A>
+<LI>used by bos uninstall command
+<A HREF="auagd008.htm#IDX6110">(6110)</A>
+</MENU>
+<LI>OldFiles directory
+<MENU>
+<LI>as mount point for backup volume
+<A HREF="auagd010.htm#IDX6545">(6545)</A>
+</MENU>
+<LI>On-line status flag in volume header
+<A HREF="auagd010.htm#IDX6604">(6604)</A>
+<LI>orphaned group
+<A HREF="auagd019.htm#IDX7890">(7890)</A>
+<LI>outages
+<MENU>
+<LI>BOS Server role in,
+<A HREF="auagd006.htm#IDX5585">(5585)</A>
+<LI>due to automatic server restart
+<A HREF="auagd009.htm#IDX6401">(6401)</A>
+<LI>due to server process restart
+<A HREF="auagd009.htm#IDX6377">(6377)</A>
+<LI>due to Ubik election
+<A HREF="auagd008.htm#IDX6079">(6079)</A>
+<LI>monitoring with scout program
+<A HREF="auagd013.htm#IDX7135">(7135)</A>
+</MENU>
+<LI>overcrowding of disk partition
+<MENU>
+<LI>effect on users
+<A HREF="auagd010.htm#IDX6674">(6674)</A>
+<LI>moving volumes to reduce
+<A HREF="auagd010.htm#IDX6673">(6673)</A>
+</MENU>
+<LI>overwriting
+<MENU>
+<LI>existing directories/files/links with uss
+<A HREF="auagd017.htm#IDX7599">(7599)</A>
+</MENU>
+<LI>owner
+<MENU>
+<LI>Protection Database entry
+<MENU>
+<LI>changing
+<A HREF="auagd019.htm#IDX7968">(7968)</A>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7857">(7857)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7905">(7905)</A>
+<LI>rules for assigning
+<A HREF="auagd019.htm#IDX7940">(7940)</A>
+</MENU>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_50" HREF="#IDX0_50">P</A></STRONG>
+<MENU>
+<LI>package
+<MENU>
+<LI>B instruction in configuration file
+<A HREF="auagd016.htm#IDX7555">(7555)</A>
+<LI>C instruction in configuration file
+<A HREF="auagd016.htm#IDX7559">(7559)</A>
+<LI>compiling prototype files
+<A HREF="auagd016.htm#IDX7527">(7527)</A>, <A HREF="auagd016.htm#IDX7576">(7576)</A>
+<LI>configuration file instructions
+<A HREF="auagd016.htm#IDX7540">(7540)</A>
+<LI>configuration files
+<A HREF="auagd016.htm#IDX7528">(7528)</A>
+<LI>constructing prototype and library files
+<A HREF="auagd016.htm#IDX7566">(7566)</A>
+<LI>D instruction in configuration file
+<A HREF="auagd016.htm#IDX7543">(7543)</A>
+<LI>defining block special device in configuration file
+<A HREF="auagd016.htm#IDX7556">(7556)</A>
+<LI>defining character special device in configuration file
+<A HREF="auagd016.htm#IDX7560">(7560)</A>
+<LI>defining directory in configuration file
+<A HREF="auagd016.htm#IDX7544">(7544)</A>
+<LI>defining file in configuration file
+<A HREF="auagd016.htm#IDX7548">(7548)</A>
+<LI>defining socket in configuration file
+<A HREF="auagd016.htm#IDX7564">(7564)</A>
+<LI>defining symbolic link in configuration file
+<A HREF="auagd016.htm#IDX7552">(7552)</A>
+<LI>directory structure
+<A HREF="auagd016.htm#IDX7530">(7530)</A>
+<LI>example library files
+<A HREF="auagd016.htm#IDX7536">(7536)</A>
+<LI>example prototype files
+<A HREF="auagd016.htm#IDX7531">(7531)</A>
+<LI>F instruction in configuration file
+<A HREF="auagd016.htm#IDX7547">(7547)</A>
+<LI>L instruction in configuration file
+<A HREF="auagd016.htm#IDX7551">(7551)</A>
+<LI>library files
+<A HREF="auagd016.htm#IDX7534">(7534)</A>
+<LI>Makefile
+<A HREF="auagd016.htm#IDX7569">(7569)</A>
+<LI>modifying clients to run
+<A HREF="auagd016.htm#IDX7579">(7579)</A>
+<LI>modifying the Makefile
+<A HREF="auagd016.htm#IDX7572">(7572)</A>
+<LI>preparing prototype files
+<A HREF="auagd016.htm#IDX7525">(7525)</A>, <A HREF="auagd016.htm#IDX7538">(7538)</A>
+<LI>prototype file
+<A HREF="auagd016.htm#IDX7523">(7523)</A>
+<LI>S instruction in configuration file
+<A HREF="auagd016.htm#IDX7563">(7563)</A>
+<LI>to update client
+<A HREF="auagd015.htm#IDX7430">(7430)</A>
+</MENU>
+<LI>package command
+<A HREF="auagd016.htm#IDX7582">(7582)</A>
+<LI>package directory
+<A HREF="auagd016.htm#IDX7577">(7577)</A>
+<LI>PAG
+<MENU>
+<LI>creating with klog or pagsh command
+<A HREF="auagd007.htm#IDX5762">(5762)</A>
+</MENU>
+<LI>pagsh command
+<A HREF="auagd007.htm#IDX5759">(5759)</A>
+<LI>pagsh.krb command
+<A HREF="auagd007.htm#IDX5811">(5811)</A>
+<LI>participation
+<MENU>
+<LI>in AFS global namespace
+<A HREF="auagd007.htm#IDX5659">(5659)</A>
+</MENU>
+<LI>partition
+<MENU>
+<LI>housing AFS volumes
+<A HREF="auagd008.htm#IDX6011">(6011)</A>
+<LI>restoring contents using Backup System
+<A HREF="auagd012.htm#IDX7052">(7052)</A>
+<LI>restoring using Backup System
+<MENU>
+<LI>to a new location
+<A HREF="auagd012.htm#IDX7072">(7072)</A>
+<LI>to the same location
+<A HREF="auagd012.htm#IDX7071">(7071)</A>
+</MENU>
+<LI>salvaging all volumes
+<A HREF="auagd010.htm#IDX6708">(6708)</A>
+</MENU>
+<LI>passwd file
+<MENU>
+<LI>see entry: <I>local password file</I>
+<A HREF="auagd017.htm#IDX7616">(7616)</A>
+</MENU>
+<LI>password
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5614">(5614)</A>
+<LI>changing in AFS
+<A HREF="auagd007.htm#IDX5785">(5785)</A>
+<LI>checking quality of
+<A HREF="auagd007.htm#IDX5800">(5800)</A>
+<LI>consequences of multiple failed authentication attempts
+<A HREF="auagd007.htm#IDX5796">(5796)</A>
+<LI>expiration
+<A HREF="auagd007.htm#IDX5790">(5790)</A>
+<LI>improving security
+<A HREF="auagd018.htm#IDX7762">(7762)</A>
+<LI>lifetime
+<A HREF="auagd007.htm#IDX5791">(5791)</A>
+<LI>local password file
+<A HREF="auagd007.htm#IDX5768">(5768)</A>
+<LI>restricting reuse
+<A HREF="auagd007.htm#IDX5795">(5795)</A>
+<LI>setting in Authentication Database
+<A HREF="auagd018.htm#IDX7775">(7775)</A>
+<LI>setting in local password file
+<MENU>
+<LI>with manual account creation
+<A HREF="auagd018.htm#IDX7740">(7740)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7610">(7610)</A>
+</MENU>
+</MENU>
+<LI>permissions on ACL
+<MENU>
+<LI>defined
+<A HREF="auagd020.htm#IDX8023">(8023)</A>
+</MENU>
+<LI>persistent fstrace event set or trace log
+<A HREF="auagd013.htm#IDX7161">(7161)</A>
+<LI>personal
+<MENU>
+<LI>computing environment
+<A HREF="auagd006.htm#IDX5542">(5542)</A>
+<LI>workstation
+<MENU>
+<LI>as typical AFS machine
+<A HREF="auagd006.htm#IDX5551">(5551)</A>
+</MENU>
+</MENU>
+<LI>possible variations
+<MENU>
+<LI>on replication
+<A HREF="auagd010.htm#IDX6516">(6516)</A>
+</MENU>
+<LI>prdb.DB0 file
+<A HREF="auagd008.htm#IDX5981">(5981)</A>
+<LI>prdb.DBSYS1 file
+<A HREF="auagd008.htm#IDX5983">(5983)</A>
+<LI>preferences
+<MENU>
+<LI>setting
+<A HREF="auagd015.htm#IDX7479">(7479)</A>
+</MENU>
+<LI>prefix-less group
+<MENU>
+<LI>see entry: <I>group</I>
+<A HREF="auagd019.htm#IDX7929">(7929)</A>
+</MENU>
+<LI>preventing
+<MENU>
+<LI>core leaks, with scheduled BOS Server restarts
+<A HREF="auagd009.htm#IDX6393">(6393)</A>
+<LI>mutual authentication
+<A HREF="auagd008.htm#IDX6192">(6192)</A>
+</MENU>
+<LI>previewing
+<MENU>
+<LI>user account creation/deletion with uss
+<A HREF="auagd017.htm#IDX7590">(7590)</A>
+</MENU>
+<LI>privacy flags on Protection Database entry
+<A HREF="auagd007.htm#IDX5749">(5749)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7860">(7860)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7991">(7991)</A>
+</MENU>
+<LI>private use of group
+<A HREF="auagd019.htm#IDX7931">(7931)</A>
+<LI>privilege
+<MENU>
+<LI>granting for backup commands
+<A HREF="auagd021.htm#IDX8145">(8145)</A>
+<LI>granting for bos commands
+<A HREF="auagd021.htm#IDX8143">(8143)</A>
+<LI>granting for fs commands
+<A HREF="auagd021.htm#IDX8108">(8108)</A>
+<LI>granting for kas commands
+<A HREF="auagd021.htm#IDX8126">(8126)</A>
+<LI>granting for pts commands
+<A HREF="auagd021.htm#IDX8107">(8107)</A>
+<LI>granting for vos commands
+<A HREF="auagd021.htm#IDX8144">(8144)</A>
+<LI>required for afsmonitor program
+<A HREF="auagd013.htm#IDX7200">(7200)</A>
+<LI>required for fstrace commands
+<A HREF="auagd013.htm#IDX7164">(7164)</A>
+<LI>required for scout program
+<A HREF="auagd013.htm#IDX7110">(7110)</A>
+<LI>required for uss commands
+<A HREF="auagd017.htm#IDX7587">(7587)</A>
+<LI>see entry: <I>administrative privilege</I>
+<A HREF="auagd021.htm#IDX8104">(8104)</A>
+</MENU>
+<LI>privileged commands
+<A HREF="auagd008.htm#IDX6175">(6175)</A>
+<LI>process
+<MENU>
+<LI>lightweight Ubik
+<A HREF="auagd008.htm#IDX6068">(6068)</A>
+<LI>status flag in BosConfig file
+<A HREF="auagd009.htm#IDX6309">(6309)</A>
+</MENU>
+<LI>process authentication group
+<MENU>
+<LI>see entry: <I>PAG</I>
+<A HREF="auagd007.htm#IDX5764">(5764)</A>
+</MENU>
+<LI>processes
+<MENU>
+<LI>Authentication Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5873">(5873)</A>
+<LI>Backup Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5859">(5859)</A>
+<LI>BOS Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5853">(5853)</A>
+<LI>File Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5865">(5865)</A>
+<LI>NTPD, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5878">(5878)</A>
+<LI>Protection Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5890">(5890)</A>
+<LI>Salvager, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5900">(5900)</A>
+<LI>Update Server, binaries in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5910">(5910)</A>
+<LI>VL Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5920">(5920)</A>
+<LI>Volume Server, binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5927">(5927)</A>
+</MENU>
+<LI>programs
+<MENU>
+<LI>afsd
+<A HREF="auagd015.htm#IDX7322">(7322)</A>
+<LI>bosserver
+<A HREF="auagd008.htm#IDX5852">(5852)</A>
+<LI>buserver
+<A HREF="auagd008.htm#IDX5858">(5858)</A>
+<LI>fileserver
+<A HREF="auagd008.htm#IDX5864">(5864)</A>
+<LI>kaserver
+<A HREF="auagd008.htm#IDX5872">(5872)</A>
+<LI>ntpd
+<A HREF="auagd008.htm#IDX5877">(5877)</A>
+<LI>ntpdc
+<A HREF="auagd008.htm#IDX5883">(5883)</A>
+<LI>ptserver
+<A HREF="auagd008.htm#IDX5889">(5889)</A>
+<LI>runntp
+<A HREF="auagd008.htm#IDX5895">(5895)</A>
+<LI>salvager
+<A HREF="auagd008.htm#IDX5899">(5899)</A>
+<LI>udebug
+<A HREF="auagd008.htm#IDX5905">(5905)</A>
+<LI>upclient
+<A HREF="auagd008.htm#IDX5909">(5909)</A>
+<LI>upserver
+<A HREF="auagd008.htm#IDX5915">(5915)</A>
+<LI>vlserver
+<A HREF="auagd008.htm#IDX5919">(5919)</A>
+<LI>volserver
+<A HREF="auagd008.htm#IDX5926">(5926)</A>
+</MENU>
+<LI>protection
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5612">(5612)</A>
+<LI>in AFS
+<A HREF="auagd006.htm#IDX5591">(5591)</A>
+<LI>in UNIX
+<A HREF="auagd006.htm#IDX5593">(5593)</A>
+</MENU>
+<LI>Protection Database
+<A HREF="auagd006.htm#IDX5596">(5596)</A>
+<MENU>
+<LI> user entry
+<MENU>
+<LI>deleting
+<A HREF="auagd018.htm#IDX7819">(7819)</A>
+</MENU>
+<LI>changing username
+<A HREF="auagd018.htm#IDX7783">(7783)</A>
+<LI>creator of entry
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7848">(7848)</A>
+</MENU>
+<LI>creator of entry
+<MENU>
+<LI>displaying for all
+<A HREF="auagd019.htm#IDX7902">(7902)</A>
+</MENU>
+<LI>entry name
+<MENU>
+<LI>changing
+<A HREF="auagd019.htm#IDX7974">(7974)</A>
+</MENU>
+<LI>entry, deleting
+<A HREF="auagd019.htm#IDX7961">(7961)</A>
+<LI>group creation quota
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7850">(7850)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7980">(7980)</A>, <A HREF="auagd019.htm#IDX7982">(7982)</A>
+</MENU>
+<LI>group entry
+<A HREF="auagd019.htm#IDX7830">(7830)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7844">(7844)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7898">(7898)</A>
+</MENU>
+<LI>group entry, creating
+<A HREF="auagd019.htm#IDX7922">(7922)</A>
+<LI>ID counters, setting
+<A HREF="auagd019.htm#IDX8009">(8009)</A>
+<LI>machine entry
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7845">(7845)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7899">(7899)</A>
+</MENU>
+<LI>machine entry, creating
+<A HREF="auagd019.htm#IDX7914">(7914)</A>
+<LI>machine entry, described
+<A HREF="auagd019.htm#IDX7828">(7828)</A>
+<LI>max user id and max group id counters, displaying and setting
+<A HREF="auagd019.htm#IDX7996">(7996)</A>
+<LI>membership count
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7843">(7843)</A>
+</MENU>
+<LI>owner of entry
+<MENU>
+<LI>changing
+<A HREF="auagd019.htm#IDX7969">(7969)</A>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7847">(7847)</A>
+<LI>displaying for all
+<A HREF="auagd019.htm#IDX7901">(7901)</A>
+</MENU>
+<LI>privacy flags
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7849">(7849)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7992">(7992)</A>
+</MENU>
+<LI>setting
+<MENU>
+<LI>counters for AFS UIDs
+<A HREF="auagd019.htm#IDX8011">(8011)</A>
+</MENU>
+<LI>user entry
+<MENU>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7711">(7711)</A>
+<LI>creating with pts createuser command
+<A HREF="auagd018.htm#IDX7748">(7748)</A>
+<LI>deleting with uss
+<A HREF="auagd017.htm#IDX7722">(7722)</A>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7846">(7846)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7900">(7900)</A>
+</MENU>
+<LI>user entry, described
+<A HREF="auagd019.htm#IDX7825">(7825)</A>
+</MENU>
+<LI>protection of file data
+<MENU>
+<LI>AFS compared to UFS<I>ACL</I>
+<A HREF="auagd020.htm#IDX8017">(8017)</A>, <A HREF="auagd020.htm#IDX8019">(8019)</A>
+<LI>see also: <I>ACL</I>
+<A HREF="auagd020.htm#IDX8016">(8016)</A>
+</MENU>
+<LI>Protection Server
+<MENU>
+<LI>about starting and stopping
+<A HREF="auagd009.htm#IDX6316">(6316)</A>
+<LI>as ptserver process
+<A HREF="auagd009.htm#IDX6276">(6276)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5891">(5891)</A>
+<LI>building CPS
+<A HREF="auagd019.htm#IDX7823">(7823)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5592">(5592)</A>
+<LI>restarting after adding entry to server CellServDB file
+<A HREF="auagd008.htm#IDX6156">(6156)</A>
+<LI>restarting after removing entry from server CellServDB file
+<A HREF="auagd008.htm#IDX6167">(6167)</A>
+<LI>runs on database server machine
+<A HREF="auagd008.htm#IDX6025">(6025)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6278">(6278)</A>
+</MENU>
+<LI>prototype files in package
+<MENU>
+<LI>about
+<A HREF="auagd016.htm#IDX7524">(7524)</A>
+<LI>constructing
+<A HREF="auagd016.htm#IDX7567">(7567)</A>
+<LI>examples
+<A HREF="auagd016.htm#IDX7532">(7532)</A>
+<LI>preparing
+<A HREF="auagd016.htm#IDX7526">(7526)</A>
+</MENU>
+<LI>pts commands
+<MENU>
+<LI>adduser
+<A HREF="auagd019.htm#IDX7951">(7951)</A>
+<MENU>
+<LI>for system:administrators group
+<A HREF="auagd021.htm#IDX8118">(8118)</A>
+</MENU>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5885">(5885)</A>
+<LI>chown
+<A HREF="auagd019.htm#IDX7971">(7971)</A>
+<LI>creategroup
+<A HREF="auagd019.htm#IDX7938">(7938)</A>
+<LI>createuser
+<MENU>
+<LI>machine entry
+<A HREF="auagd019.htm#IDX7919">(7919)</A>
+<LI>user account
+<A HREF="auagd018.htm#IDX7754">(7754)</A>
+</MENU>
+<LI>delete
+<A HREF="auagd019.htm#IDX7965">(7965)</A>
+<MENU>
+<LI>when removing user account
+<A HREF="auagd018.htm#IDX7817">(7817)</A>
+</MENU>
+<LI>examine
+<A HREF="auagd019.htm#IDX7873">(7873)</A>
+<LI>granting privilege for
+<A HREF="auagd021.htm#IDX8105">(8105)</A>
+<LI>listentries
+<A HREF="auagd019.htm#IDX7911">(7911)</A>
+<LI>listmax
+<A HREF="auagd019.htm#IDX7999">(7999)</A>
+<LI>listowned
+<A HREF="auagd019.htm#IDX7893">(7893)</A>
+<LI>membership
+<A HREF="auagd019.htm#IDX7885">(7885)</A>
+<MENU>
+<LI>displaying system:administrators group
+<A HREF="auagd021.htm#IDX8114">(8114)</A>
+</MENU>
+<LI>mutual authentication, bypassing
+<A HREF="auagd008.htm#IDX6195">(6195)</A>
+<LI>removeuser
+<A HREF="auagd019.htm#IDX7958">(7958)</A>
+<MENU>
+<LI>for system:administrators group
+<A HREF="auagd021.htm#IDX8122">(8122)</A>
+</MENU>
+<LI>rename
+<MENU>
+<LI>machine or group name
+<A HREF="auagd019.htm#IDX7978">(7978)</A>
+<LI>username
+<A HREF="auagd018.htm#IDX7785">(7785)</A>
+</MENU>
+<LI>setfields
+<MENU>
+<LI>setting group creation quota
+<A HREF="auagd019.htm#IDX7985">(7985)</A>
+<LI>setting privacy flags
+<A HREF="auagd019.htm#IDX7993">(7993)</A>
+</MENU>
+<LI>setmax
+<A HREF="auagd019.htm#IDX8014">(8014)</A>
+</MENU>
+<LI>ptserver process
+<MENU>
+<LI>(see entry: <I>Protection Server</I>)
+<A HREF="auagd008.htm#IDX5887">(5887)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5886">(5886)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_51" HREF="#IDX0_51">Q</A></STRONG>
+<MENU>
+<LI>quota
+<MENU>
+<LI>group-creation
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7868">(7868)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7981">(7981)</A>
+</MENU>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_52" HREF="#IDX0_52">R</A></STRONG>
+<MENU>
+<LI>r ACL permission
+<A HREF="auagd020.htm#IDX8034">(8034)</A>
+<LI>RClone field in volume header
+<A HREF="auagd010.htm#IDX6616">(6616)</A>
+<LI>rcp command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5630">(5630)</A>, <A HREF="auagd007.htm#IDX5834">(5834)</A>
+</MENU>
+<LI>read
+<MENU>
+<LI>ACL permission (see entry: <I>r ACL permission)</I>
+<A HREF="auagd020.htm#IDX8033">(8033)</A>
+<LI>shorthand for ACL permissions
+<A HREF="auagd020.htm#IDX8046">(8046)</A>
+</MENU>
+<LI>read-only volume
+<MENU>
+<LI>changing name of
+<A HREF="auagd010.htm#IDX6785">(6785)</A>
+<LI>creating
+<A HREF="auagd010.htm#IDX6485">(6485)</A>
+<MENU>
+<LI>instructions
+<A HREF="auagd010.htm#IDX6517">(6517)</A>
+</MENU>
+<LI>defined
+<A HREF="auagd010.htm#IDX6432">(6432)</A>
+<LI>defining site for in VLDB
+<A HREF="auagd010.htm#IDX6519">(6519)</A>
+<LI>dumping
+<A HREF="auagd010.htm#IDX6762">(6762)</A>
+<LI>ID number in volume header
+<A HREF="auagd010.htm#IDX6610">(6610)</A>
+<LI>mounting
+<A HREF="auagd010.htm#IDX6513">(6513)</A>
+<LI>moving
+<A HREF="auagd010.htm#IDX6679">(6679)</A>
+<LI>need for atomic release
+<A HREF="auagd010.htm#IDX6498">(6498)</A>
+<LI>releasing
+<A HREF="auagd010.htm#IDX6526">(6526)</A>
+<LI>removing
+<MENU>
+<LI>effect of
+<A HREF="auagd010.htm#IDX6746">(6746)</A>
+</MENU>
+<LI>selecting site
+<A HREF="auagd007.htm#IDX5705">(5705)</A>
+</MENU>
+<LI>read/write mount point
+<MENU>
+<LI>see entry: <I>mount point</I>
+<A HREF="auagd010.htm#IDX6555">(6555)</A>
+</MENU>
+<LI>read/write volume
+<MENU>
+<LI>changing name of
+<A HREF="auagd010.htm#IDX6784">(6784)</A>
+<LI>cloning
+<MENU>
+<LI>for backup version
+<A HREF="auagd010.htm#IDX6529">(6529)</A>
+<LI>for replication
+<A HREF="auagd010.htm#IDX6488">(6488)</A>
+</MENU>
+<LI>creating
+<A HREF="auagd010.htm#IDX6465">(6465)</A>
+<LI>defined
+<A HREF="auagd010.htm#IDX6431">(6431)</A>
+<LI>dumping
+<A HREF="auagd010.htm#IDX6761">(6761)</A>
+<LI>ID number in volume header
+<A HREF="auagd010.htm#IDX6609">(6609)</A>
+<LI>mounting
+<A HREF="auagd010.htm#IDX6475">(6475)</A>
+<LI>moving
+<A HREF="auagd010.htm#IDX6677">(6677)</A>
+<LI>removing
+<MENU>
+<LI>effect of
+<A HREF="auagd010.htm#IDX6744">(6744)</A>
+<LI>instructions
+<A HREF="auagd010.htm#IDX6754">(6754)</A>
+</MENU>
+<LI>replication instructions
+<A HREF="auagd010.htm#IDX6518">(6518)</A>
+<LI>types suitable for replication
+<A HREF="auagd010.htm#IDX6511">(6511)</A>
+</MENU>
+<LI>rebooting
+<MENU>
+<LI>file server machine, limiting
+<A HREF="auagd007.htm#IDX5719">(5719)</A>
+<LI>server machine, instructions
+<A HREF="auagd008.htm#IDX6242">(6242)</A>
+</MENU>
+<LI>recycling
+<MENU>
+<LI>useCounts of tapes (Backup System)
+<A HREF="auagd011.htm#IDX6911">(6911)</A>
+</MENU>
+<LI>regular expression
+<MENU>
+<LI>Backup System
+<A HREF="auagd011.htm#IDX6874">(6874)</A>
+</MENU>
+<LI>regular group
+<MENU>
+<LI>see entry: <I>group</I>
+<A HREF="auagd019.htm#IDX7928">(7928)</A>
+</MENU>
+<LI>regular mount point
+<MENU>
+<LI>see entry: <I>mount point</I>
+<A HREF="auagd010.htm#IDX6553">(6553)</A>
+</MENU>
+<LI>release
+<MENU>
+<LI>status flags on site definitions in VLDB entry
+<A HREF="auagd010.htm#IDX6592">(6592)</A>
+</MENU>
+<LI>release stage in replication
+<A HREF="auagd010.htm#IDX6492">(6492)</A>
+<LI>ReleaseClone
+<A HREF="auagd010.htm#IDX6500">(6500)</A>
+<LI>ReleaseClone volume
+<MENU>
+<LI>ID number in volume header
+<A HREF="auagd010.htm#IDX6612">(6612)</A>
+</MENU>
+<LI>releasing
+<MENU>
+<LI>read-only volume
+<A HREF="auagd010.htm#IDX6525">(6525)</A>
+<LI>read-only volume, forcing new cloning
+<A HREF="auagd010.htm#IDX6507">(6507)</A>
+<LI>read-only volume, need for atomicity
+<A HREF="auagd010.htm#IDX6499">(6499)</A>
+</MENU>
+<LI>remote services
+<MENU>
+<LI>modifications for AFS
+<A HREF="auagd007.htm#IDX5828">(5828)</A>
+</MENU>
+<LI>removing
+<MENU>
+<LI>ACL entry
+<A HREF="auagd020.htm#IDX8072">(8072)</A>
+<LI>ADMIN flag from Authentication Database entry
+<A HREF="auagd021.htm#IDX8137">(8137)</A>
+<LI>all ACL entries
+<A HREF="auagd020.htm#IDX8085">(8085)</A>
+<LI>core files from /usr/afs/logs
+<A HREF="auagd008.htm#IDX6126">(6126)</A>
+<LI>database server machine
+<MENU>
+<LI>from client CellServDB file and kernel memory
+<A HREF="auagd015.htm#IDX7423">(7423)</A>
+<LI>from server CellServDB file
+<A HREF="auagd008.htm#IDX6162">(6162)</A>
+</MENU>
+<LI>disk from file server machine
+<A HREF="auagd008.htm#IDX6213">(6213)</A>
+<LI>group members
+<A HREF="auagd019.htm#IDX7953">(7953)</A>
+<LI>mount point
+<A HREF="auagd010.htm#IDX6575">(6575)</A>, <A HREF="auagd010.htm#IDX6740">(6740)</A>
+<MENU>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7799">(7799)</A>
+</MENU>
+<LI>mount point when removing user account
+<A HREF="auagd018.htm#IDX7816">(7816)</A>
+<LI>obsolete .BAK and .OLD version of binaries
+<A HREF="auagd008.htm#IDX6123">(6123)</A>
+<LI>obsolete AFS IDs from ACL
+<A HREF="auagd020.htm#IDX8094">(8094)</A>
+<LI>Protection Database entry
+<A HREF="auagd018.htm#IDX7820">(7820)</A>, <A HREF="auagd019.htm#IDX7960">(7960)</A>
+<LI>server encryption key from KeyFile file
+<A HREF="auagd014.htm#IDX7293">(7293)</A>
+<LI>server process from BosConfig file
+<A HREF="auagd009.htm#IDX6349">(6349)</A>
+<LI>system:administrators group members
+<A HREF="auagd021.htm#IDX8121">(8121)</A>
+<LI>trace log contents (fstrace)
+<A HREF="auagd013.htm#IDX7191">(7191)</A>
+<LI>user account components
+<A HREF="auagd018.htm#IDX7804">(7804)</A>
+<LI>UserList file users
+<A HREF="auagd021.htm#IDX8159">(8159)</A>
+<LI>volume
+<A HREF="auagd010.htm#IDX6743">(6743)</A>
+<LI>volume when removing user account
+<A HREF="auagd018.htm#IDX7812">(7812)</A>
+</MENU>
+<LI>renaming
+<MENU>
+<LI>user account components
+<A HREF="auagd018.htm#IDX7782">(7782)</A>
+<LI>volume
+<A HREF="auagd010.htm#IDX6780">(6780)</A>
+<LI>volume when changing username
+<A HREF="auagd018.htm#IDX7794">(7794)</A>
+</MENU>
+<LI>replacing
+<MENU>
+<LI>all entries on ACL
+<A HREF="auagd020.htm#IDX8082">(8082)</A>
+</MENU>
+<LI>replicated database files
+<A HREF="auagd008.htm#IDX5969">(5969)</A>
+<LI>replication
+<MENU>
+<LI>appropriate volumes
+<A HREF="auagd007.htm#IDX5702">(5702)</A>
+<LI>defined
+<A HREF="auagd010.htm#IDX6439">(6439)</A>
+<LI>definition
+<A HREF="auagd006.htm#IDX5572">(5572)</A>
+<LI>detailed discussion
+<A HREF="auagd010.htm#IDX6482">(6482)</A>
+<LI>determining success of
+<A HREF="auagd010.htm#IDX6494">(6494)</A>
+<LI>forcing creation of new clone
+<A HREF="auagd010.htm#IDX6505">(6505)</A>
+<LI>need for all-or-nothing release
+<A HREF="auagd010.htm#IDX6496">(6496)</A>
+<LI>release stage
+<A HREF="auagd010.htm#IDX6493">(6493)</A>
+<LI>role of ReleaseClone
+<A HREF="auagd010.htm#IDX6501">(6501)</A>
+<LI>site definition stage
+<A HREF="auagd010.htm#IDX6491">(6491)</A>
+<LI>suitable types of volumes
+<A HREF="auagd010.htm#IDX6509">(6509)</A>
+<LI>variations possible in
+<A HREF="auagd010.htm#IDX6515">(6515)</A>
+</MENU>
+<LI>requirements
+<MENU>
+<LI>scout program
+<A HREF="auagd013.htm#IDX7104">(7104)</A>
+</MENU>
+<LI>resetting
+<MENU>
+<LI>disk cache size to default value
+<A HREF="auagd015.htm#IDX7396">(7396)</A>
+</MENU>
+<LI>resizing
+<MENU>
+<LI>scout display
+<A HREF="auagd013.htm#IDX7142">(7142)</A>
+</MENU>
+<LI>restart time for BOS Server (automatic)
+<MENU>
+<LI>displaying and setting time
+<A HREF="auagd009.htm#IDX6397">(6397)</A>
+</MENU>
+<LI>restart times for BOS Server
+<MENU>
+<LI>about
+<A HREF="auagd007.htm#IDX5721">(5721)</A>
+<LI>displaying and setting
+<A HREF="auagd009.htm#IDX6398">(6398)</A>
+<LI>setting
+<A HREF="auagd009.htm#IDX6400">(6400)</A>
+</MENU>
+<LI>restarting
+<MENU>
+<LI>server process
+<MENU>
+<LI>except BOS Server
+<A HREF="auagd009.htm#IDX6387">(6387)</A>
+<LI>including BOS Server
+<A HREF="auagd009.htm#IDX6380">(6380)</A>
+<LI>when changing authorization checking
+<A HREF="auagd008.htm#IDX6181">(6181)</A>
+</MENU>
+<LI>server processes
+<A HREF="auagd009.htm#IDX6390">(6390)</A>
+</MENU>
+<LI>restoring
+<MENU>
+<LI>administrative databases
+<A HREF="auagd008.htm#IDX6084">(6084)</A>
+<LI>Backup Database from tape
+<A HREF="auagd012.htm#IDX7082">(7082)</A>
+<LI>data
+<MENU>
+<LI>that no longer exists
+<A HREF="auagd012.htm#IDX7068">(7068)</A>
+</MENU>
+<LI>data using Backup System
+<A HREF="auagd012.htm#IDX7061">(7061)</A>
+<LI>existing data
+<MENU>
+<LI>overwriting
+<A HREF="auagd012.htm#IDX7064">(7064)</A>
+<LI>preserving
+<A HREF="auagd012.htm#IDX7066">(7066)</A>
+</MENU>
+<LI>synchrony of VLDB and volume headers
+<A HREF="auagd010.htm#IDX6692">(6692)</A>
+<LI>volumes without using AFS Backup System
+<A HREF="auagd010.htm#IDX6773">(6773)</A>
+</MENU>
+<LI>restrictions
+<MENU>
+<LI>on hard links in AFS
+<A HREF="auagd007.htm#IDX5643">(5643)</A>
+<LI>on volume names
+<A HREF="auagd007.htm#IDX5696">(5696)</A>
+</MENU>
+<LI>reverse video
+<MENU>
+<LI>use in scout program display
+<A HREF="auagd013.htm#IDX7134">(7134)</A>
+</MENU>
+<LI>reverting
+<MENU>
+<LI>to old version of server process and command binaries
+<A HREF="auagd008.htm#IDX6104">(6104)</A>
+</MENU>
+<LI>rlogind command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5632">(5632)</A>, <A HREF="auagd007.htm#IDX5836">(5836)</A>
+</MENU>
+<LI>roles for server machine
+<A HREF="auagd008.htm#IDX6017">(6017)</A>
+<MENU>
+<LI>determining
+<A HREF="auagd008.htm#IDX6039">(6039)</A>
+<LI>summary
+<A HREF="auagd007.htm#IDX5708">(5708)</A>
+</MENU>
+<LI>ROnly field in volume header
+<A HREF="auagd010.htm#IDX6614">(6614)</A>
+<LI>root directory
+<A HREF="auagd006.htm#IDX5568">(5568)</A>, <A HREF="auagd010.htm#IDX6455">(6455)</A>
+<LI>root superuser
+<MENU>
+<LI>limiting logins
+<A HREF="auagd007.htm#IDX5819">(5819)</A>
+</MENU>
+<LI>root volumes (root.afs and root.cell)
+<A HREF="auagd007.htm#IDX5699">(5699)</A>
+<LI>rsh command
+<MENU>
+<LI>AFS compared to UNIX
+<A HREF="auagd007.htm#IDX5634">(5634)</A>, <A HREF="auagd007.htm#IDX5838">(5838)</A>
+</MENU>
+<LI>rules
+<MENU>
+<LI>for uss bulk input file
+<A HREF="auagd017.htm#IDX7732">(7732)</A>
+<LI>group names, assigning
+<A HREF="auagd019.htm#IDX7941">(7941)</A>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7634">(7634)</A>
+</MENU>
+<LI>Run status flag in BosConfig file
+<MENU>
+<LI>changing to NotRun
+<A HREF="auagd009.htm#IDX6360">(6360)</A>
+<LI>defined
+<A HREF="auagd009.htm#IDX6307">(6307)</A>
+</MENU>
+<LI>runntp
+<MENU>
+<LI>(see entry: <I>NTPD</I>)
+<A HREF="auagd008.htm#IDX5893">(5893)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5892">(5892)</A>
+</MENU>
+<LI>runntp process
+<A HREF="auagd009.htm#IDX6280">(6280)</A>
+<LI>RWrite field in volume header
+<A HREF="auagd010.htm#IDX6613">(6613)</A>
+</MENU>
+<STRONG><A NAME="IDX1_53" HREF="#IDX0_53">S</A></STRONG>
+<MENU>
+<LI>S instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auagd016.htm#IDX7562">(7562)</A>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7685">(7685)</A>
+</MENU>
+<LI>SALVAGE.fs file
+<A HREF="auagd008.htm#IDX5958">(5958)</A>
+<LI>salvage.lock file
+<A HREF="auagd008.htm#IDX5960">(5960)</A>
+<LI>SalvageLog file
+<A HREF="auagd008.htm#IDX6003">(6003)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6416">(6416)</A>
+</MENU>
+<LI>Salvager
+<MENU>
+<LI> instructions for invoking
+<A HREF="auagd010.htm#IDX6705">(6705)</A>
+<LI>(see entry: <I>Salvager</I>)
+<A HREF="auagd008.htm#IDX5897">(5897)</A>
+<LI>as part of fs process
+<A HREF="auagd009.htm#IDX6264">(6264)</A>, <A HREF="auagd009.htm#IDX6303">(6303)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5896">(5896)</A>, <A HREF="auagd008.htm#IDX5901">(5901)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5606">(5606)</A>
+<LI>displaying log file
+<A HREF="auagd009.htm#IDX6426">(6426)</A>
+<LI>running before VLDB/volume header resynchronization
+<A HREF="auagd010.htm#IDX6694">(6694)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6270">(6270)</A>
+</MENU>
+<LI>salvaging
+<MENU>
+<LI>volumes
+<A HREF="auagd010.htm#IDX6707">(6707)</A>
+</MENU>
+<LI>saving
+<MENU>
+<LI>previous version of server binaries
+<A HREF="auagd008.htm#IDX6100">(6100)</A>
+</MENU>
+<LI>scheduling
+<MENU>
+<LI>creation of backup volumes
+<A HREF="auagd010.htm#IDX6541">(6541)</A>
+</MENU>
+<LI>scout program
+<A HREF="auagd013.htm#IDX7094">(7094)</A>
+<MENU>
+<LI>attention levels, setting
+<A HREF="auagd013.htm#IDX7148">(7148)</A>
+<LI>banner line
+<A HREF="auagd013.htm#IDX7115">(7115)</A>
+<LI>basename
+<A HREF="auagd013.htm#IDX7111">(7111)</A>
+<LI>command syntax
+<A HREF="auagd013.htm#IDX7146">(7146)</A>
+<LI>display layout
+<A HREF="auagd013.htm#IDX7113">(7113)</A>
+<LI>display, resizing
+<A HREF="auagd013.htm#IDX7140">(7140)</A>
+<LI>examples (command and display)
+<A HREF="auagd013.htm#IDX7152">(7152)</A>
+<LI>features summarized
+<A HREF="auagd013.htm#IDX7102">(7102)</A>
+<LI>highlighting in
+<A HREF="auagd013.htm#IDX7131">(7131)</A>
+<LI>monitoring disk usage
+<A HREF="auagd013.htm#IDX7127">(7127)</A>
+<LI>outages, monitoring
+<A HREF="auagd013.htm#IDX7136">(7136)</A>
+<LI>probe reporting line
+<A HREF="auagd013.htm#IDX7129">(7129)</A>
+<LI>requirements
+<A HREF="auagd013.htm#IDX7103">(7103)</A>
+<LI>reverse video
+<A HREF="auagd013.htm#IDX7133">(7133)</A>
+<LI>setting terminal type
+<A HREF="auagd013.htm#IDX7106">(7106)</A>
+<LI>starting
+<A HREF="auagd013.htm#IDX7144">(7144)</A>
+<LI>statistics displayed
+<A HREF="auagd013.htm#IDX7117">(7117)</A>
+<LI>stopping
+<A HREF="auagd013.htm#IDX7151">(7151)</A>
+</MENU>
+<LI>script for AFS initialization
+<A HREF="auagd015.htm#IDX7336">(7336)</A>
+<LI>secondary site (Ubik)
+<A HREF="auagd008.htm#IDX6059">(6059)</A>
+<LI>security
+<MENU>
+<LI>AFS features
+<A HREF="auagd007.htm#IDX5813">(5813)</A>
+<LI>encrypted network communication
+<A HREF="auagd007.htm#IDX5817">(5817)</A>
+<LI>suggestions for improving
+<A HREF="auagd007.htm#IDX5818">(5818)</A>
+</MENU>
+<LI>self-owned group
+<A HREF="auagd019.htm#IDX7937">(7937)</A>
+<LI>server
+<MENU>
+<LI>definition
+<A HREF="auagd006.htm#IDX5546">(5546)</A>
+<LI>process
+<MENU>
+<LI>definition
+<A HREF="auagd006.htm#IDX5549">(5549)</A>
+<LI>list of AFS
+<A HREF="auagd006.htm#IDX5581">(5581)</A>
+</MENU>
+</MENU>
+<LI>server encryption key
+<A HREF="auagd007.htm#IDX5825">(5825)</A>, <A HREF="auagd008.htm#IDX5941">(5941)</A>
+<MENU>
+<LI>adding to KeyFile file
+<A HREF="auagd014.htm#IDX7283">(7283)</A>
+<LI>Authentication Database
+<A HREF="auagd014.htm#IDX7260">(7260)</A>
+<LI>changing frequently
+<A HREF="auagd014.htm#IDX7254">(7254)</A>
+<LI>checksum displayed
+<A HREF="auagd014.htm#IDX7267">(7267)</A>
+<LI>defined
+<A HREF="auagd007.htm#IDX5823">(5823)</A>, <A HREF="auagd014.htm#IDX7246">(7246)</A>
+<LI>displaying from Authentication Database
+<A HREF="auagd014.htm#IDX7277">(7277)</A>
+<LI>displaying from KeyFile file
+<A HREF="auagd014.htm#IDX7270">(7270)</A>
+<LI>emergency need to replace
+<A HREF="auagd014.htm#IDX7299">(7299)</A>
+<LI>KeyFile file
+<A HREF="auagd014.htm#IDX7259">(7259)</A>
+<LI>password-like nature
+<A HREF="auagd014.htm#IDX7263">(7263)</A>
+<LI>removing from KeyFile file
+<A HREF="auagd014.htm#IDX7294">(7294)</A>
+<LI>role in mutual authentication
+<A HREF="auagd014.htm#IDX7249">(7249)</A>
+<LI>setting in Authentication Database
+<A HREF="auagd014.htm#IDX7288">(7288)</A>
+</MENU>
+<LI>server entry in VLDB
+<A HREF="auagd008.htm#IDX6231">(6231)</A>
+<LI>server machine
+<MENU>
+<LI>administering
+<A HREF="auagd008.htm#IDX5840">(5840)</A>
+<LI>binary distribution role
+<A HREF="auagd008.htm#IDX6028">(6028)</A>
+<LI>configuration files in /usr/afs/etc
+<A HREF="auagd008.htm#IDX5935">(5935)</A>
+<LI>configuration issues
+<A HREF="auagd007.htm#IDX5706">(5706)</A>
+<LI>database server role
+<A HREF="auagd008.htm#IDX6022">(6022)</A>
+<LI>determining roles
+<A HREF="auagd008.htm#IDX6038">(6038)</A>
+<LI>first installed
+<A HREF="auagd007.htm#IDX5710">(5710)</A>
+<LI>monitoring
+<A HREF="auagd007.htm#IDX5717">(5717)</A>
+<LI>need for consistent version of software
+<A HREF="auagd008.htm#IDX6090">(6090)</A>
+<LI>protecting directories on local disk
+<A HREF="auagd007.htm#IDX5715">(5715)</A>
+<LI>rebooting
+<A HREF="auagd008.htm#IDX6243">(6243)</A>
+<LI>roles for
+<MENU>
+<LI>summary
+<A HREF="auagd007.htm#IDX5709">(5709)</A>
+</MENU>
+<LI>roles summarized
+<A HREF="auagd008.htm#IDX6018">(6018)</A>
+<LI>setting home cell
+<A HREF="auagd007.htm#IDX5656">(5656)</A>
+<LI>simple file server role
+<A HREF="auagd008.htm#IDX6020">(6020)</A>
+<LI>system control role
+<A HREF="auagd008.htm#IDX6033">(6033)</A>
+<LI>uninstalling command & process binaries
+<A HREF="auagd008.htm#IDX6108">(6108)</A>
+</MENU>
+<LI>server preference ranks
+<A HREF="auagd015.htm#IDX7473">(7473)</A>
+<LI>server process
+<MENU>
+<LI>binaries (see entry: <I>server process binaries</I>)
+<A HREF="auagd008.htm#IDX6088">(6088)</A>
+<LI>bosserver
+<A HREF="auagd009.htm#IDX6251">(6251)</A>
+<LI>buserver
+<A HREF="auagd009.htm#IDX6257">(6257)</A>
+<LI>creating
+<A HREF="auagd009.htm#IDX6334">(6334)</A>
+<LI>creating and starting
+<A HREF="auagd009.htm#IDX6338">(6338)</A>
+<LI>creating ticket (tokens) for
+<A HREF="auagd007.htm#IDX5776">(5776)</A>
+<LI>cron type, defined
+<A HREF="auagd009.htm#IDX6305">(6305)</A>
+<LI>defining in BosConfig file
+<A HREF="auagd009.htm#IDX6339">(6339)</A>
+<LI>different names for
+<A HREF="auagd009.htm#IDX6249">(6249)</A>
+<LI>displaying entry in BosConfig
+<A HREF="auagd009.htm#IDX6326">(6326)</A>
+<LI>displaying log files
+<A HREF="auagd009.htm#IDX6411">(6411)</A>
+<LI>displaying status
+<A HREF="auagd009.htm#IDX6323">(6323)</A>
+<LI>fs
+<A HREF="auagd009.htm#IDX6261">(6261)</A>
+<LI>fs type, defined
+<A HREF="auagd009.htm#IDX6300">(6300)</A>
+<LI>kaserver
+<A HREF="auagd009.htm#IDX6273">(6273)</A>
+<LI>ptserver
+<A HREF="auagd009.htm#IDX6277">(6277)</A>
+<LI>removing from BosConfig file
+<A HREF="auagd009.htm#IDX6337">(6337)</A>, <A HREF="auagd009.htm#IDX6352">(6352)</A>
+<LI>restarting
+<MENU>
+<LI>except BOS Server
+<A HREF="auagd009.htm#IDX6386">(6386)</A>
+</MENU>
+<LI>restarting by restarting BOS Server
+<A HREF="auagd009.htm#IDX6379">(6379)</A>
+<LI>restarting for changed binaries
+<A HREF="auagd008.htm#IDX6095">(6095)</A>
+<LI>restarting immediately after stopping
+<A HREF="auagd009.htm#IDX6375">(6375)</A>
+<LI>restarting specific processes
+<A HREF="auagd009.htm#IDX6391">(6391)</A>
+<LI>runntp
+<A HREF="auagd009.htm#IDX6282">(6282)</A>
+<LI>simple type, defined
+<A HREF="auagd009.htm#IDX6298">(6298)</A>
+<LI>starting
+<A HREF="auagd009.htm#IDX6335">(6335)</A>
+<LI>starting up
+<A HREF="auagd009.htm#IDX6357">(6357)</A>
+<LI>stopping permanently
+<A HREF="auagd009.htm#IDX6336">(6336)</A>, <A HREF="auagd009.htm#IDX6353">(6353)</A>, <A HREF="auagd009.htm#IDX6358">(6358)</A>, <A HREF="auagd009.htm#IDX6363">(6363)</A>
+<LI>upclient
+<A HREF="auagd009.htm#IDX6287">(6287)</A>
+<LI>upserver
+<A HREF="auagd009.htm#IDX6286">(6286)</A>
+<LI>use of CellServDB file
+<A HREF="auagd008.htm#IDX6139">(6139)</A>
+<LI>vlserver
+<A HREF="auagd009.htm#IDX6291">(6291)</A>
+</MENU>
+<LI>server process binaries
+<MENU>
+<LI>displaying time stamp
+<A HREF="auagd008.htm#IDX6113">(6113)</A>
+<LI>in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5844">(5844)</A>
+<LI>installing
+<A HREF="auagd008.htm#IDX6086">(6086)</A>, <A HREF="auagd008.htm#IDX6092">(6092)</A>
+<LI>removing obsolete
+<A HREF="auagd008.htm#IDX6124">(6124)</A>
+<LI>reverting to old version
+<A HREF="auagd008.htm#IDX6106">(6106)</A>
+<LI>uninstalling
+<A HREF="auagd008.htm#IDX6105">(6105)</A>
+</MENU>
+<LI>server ticket
+<A HREF="auagd014.htm#IDX7252">(7252)</A>
+<LI>server/client model
+<A HREF="auagd006.htm#IDX5545">(5545)</A>
+<LI>session key
+<A HREF="auagd007.htm#IDX5827">(5827)</A>, <A HREF="auagd014.htm#IDX7253">(7253)</A>
+<LI>setting
+<MENU>
+<LI> event set (fstrace)
+<A HREF="auagd013.htm#IDX7173">(7173)</A>
+<LI>ACL entries
+<A HREF="auagd020.htm#IDX8068">(8068)</A>
+<LI>ACL for directory with uss
+<A HREF="auagd017.htm#IDX7669">(7669)</A>
+<LI>ACL on home directory with uss
+<A HREF="auagd017.htm#IDX7661">(7661)</A>
+<LI>ADMIN flag in Authentication Database entry
+<A HREF="auagd021.htm#IDX8136">(8136)</A>
+<LI>AFS UID and AFS GID counters
+<A HREF="auagd019.htm#IDX8010">(8010)</A>
+<LI>AFS UID counters
+<A HREF="auagd019.htm#IDX8013">(8013)</A>
+<LI>AFS user id and max group id counters
+<A HREF="auagd019.htm#IDX8008">(8008)</A>
+<LI>BOS Server's automatic restart times
+<A HREF="auagd009.htm#IDX6409">(6409)</A>
+<LI>Cache Manager preferences for file server machines
+<A HREF="auagd015.htm#IDX7472">(7472)</A>
+<LI>cell name
+<A HREF="auagd007.htm#IDX5654">(5654)</A>
+<LI>client interfaces registered with File Server
+<A HREF="auagd015.htm#IDX7484">(7484)</A>
+<LI>client-to-file-server probe interval
+<A HREF="auagd015.htm#IDX7443">(7443)</A>
+<LI>counters for AFS UID and AFS GID
+<A HREF="auagd019.htm#IDX8007">(8007)</A>
+<LI>data cache size in cacheinfo file
+<A HREF="auagd015.htm#IDX7386">(7386)</A>
+<LI>disk cache location in cacheinfo file
+<A HREF="auagd015.htm#IDX7376">(7376)</A>
+<LI>group-creation quota in Protection Database entry
+<A HREF="auagd019.htm#IDX7979">(7979)</A>
+<LI>home cell for client machine
+<A HREF="auagd015.htm#IDX7448">(7448)</A>
+<LI>password
+<MENU>
+<LI>in Authentication Database
+<A HREF="auagd018.htm#IDX7776">(7776)</A>
+</MENU>
+<LI>privacy flags on Protection Database entry
+<A HREF="auagd019.htm#IDX7990">(7990)</A>
+<LI>server machine interfaces registered in VLDB
+<A HREF="auagd008.htm#IDX6227">(6227)</A>
+<LI>terminal type for scout
+<A HREF="auagd013.htm#IDX7107">(7107)</A>
+<LI>ThisCell file (client), value in
+<A HREF="auagd015.htm#IDX7449">(7449)</A>
+<LI>volume quota
+<MENU>
+<LI>on multiple volumes
+<A HREF="auagd010.htm#IDX6718">(6718)</A>
+<LI>on single volume
+<A HREF="auagd010.htm#IDX6714">(6714)</A>
+</MENU>
+<LI>volume quota with uss
+<A HREF="auagd017.htm#IDX7652">(7652)</A>
+</MENU>
+<LI>setuid programs
+<A HREF="auagd015.htm#IDX7437">(7437)</A>
+<MENU>
+<LI>restrictions on
+<A HREF="auagd007.htm#IDX5647">(5647)</A>
+<LI>setting mode bits
+<A HREF="auagd007.htm#IDX5617">(5617)</A>
+</MENU>
+<LI>share command
+<A HREF="auagd022.htm#IDX8176">(8176)</A>
+<LI>shared secret
+<A HREF="auagd007.htm#IDX5822">(5822)</A>
+<LI>shared use of group
+<A HREF="auagd019.htm#IDX7933">(7933)</A>
+<LI>shorthand notation
+<MENU>
+<LI>ACL permissions
+<A HREF="auagd020.htm#IDX8043">(8043)</A>
+</MENU>
+<LI>simple file server machine
+<A HREF="auagd008.htm#IDX6019">(6019)</A>
+<MENU>
+<LI>identifying with bos status
+<A HREF="auagd008.htm#IDX6049">(6049)</A>
+</MENU>
+<LI>simple process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auagd009.htm#IDX6346">(6346)</A>
+</MENU>
+<LI>simple server process
+<MENU>
+<LI>defining in BosConfig file
+<A HREF="auagd009.htm#IDX6340">(6340)</A>
+</MENU>
+<LI>simple-type server process
+<MENU>
+<LI>defined
+<A HREF="auagd009.htm#IDX6297">(6297)</A>
+</MENU>
+<LI>site
+<MENU>
+<LI>count in VLDB
+<A HREF="auagd010.htm#IDX6588">(6588)</A>
+<LI>volume, defined
+<A HREF="auagd010.htm#IDX6433">(6433)</A>
+</MENU>
+<LI>site definition stage in replication
+<A HREF="auagd010.htm#IDX6490">(6490)</A>
+<LI>slowed performance
+<MENU>
+<LI>preventing in AFS
+<A HREF="auagd006.htm#IDX5577">(5577)</A>
+</MENU>
+<LI>socket
+<MENU>
+<LI>creating with package
+<A HREF="auagd016.htm#IDX7565">(7565)</A>
+</MENU>
+<LI>stages in volume replication
+<A HREF="auagd010.htm#IDX6489">(6489)</A>
+<LI>starting
+<MENU>
+<LI>database server process, about
+<A HREF="auagd009.htm#IDX6319">(6319)</A>
+<LI>scout program
+<A HREF="auagd013.htm#IDX7143">(7143)</A>
+<LI>server process
+<A HREF="auagd009.htm#IDX6333">(6333)</A>, <A HREF="auagd009.htm#IDX6356">(6356)</A>
+</MENU>
+<LI>statistics display by scout program
+<A HREF="auagd013.htm#IDX7118">(7118)</A>
+<LI>status
+<MENU>
+<LI>displaying for server process
+<A HREF="auagd009.htm#IDX6324">(6324)</A>
+</MENU>
+<LI>status flag
+<MENU>
+<LI>release, on site definitions in VLDB entry
+<A HREF="auagd010.htm#IDX6594">(6594)</A>
+</MENU>
+<LI>status flag for process in BosConfig file
+<MENU>
+<LI>Run and Not Run, meaning of
+<A HREF="auagd009.htm#IDX6306">(6306)</A>
+</MENU>
+<LI>status flag in BosConfig file
+<MENU>
+<LI>changing NotRun to Run
+<A HREF="auagd009.htm#IDX6367">(6367)</A>
+<LI>changing Run to NotRun
+<A HREF="auagd009.htm#IDX6361">(6361)</A>
+</MENU>
+<LI>status flags in volume header
+<A HREF="auagd010.htm#IDX6603">(6603)</A>
+<LI>stopping
+<MENU>
+<LI>database server process, about
+<A HREF="auagd009.htm#IDX6320">(6320)</A>
+<LI>server process
+<MENU>
+<LI>permanently
+<A HREF="auagd009.htm#IDX6351">(6351)</A>, <A HREF="auagd009.htm#IDX6359">(6359)</A>
+</MENU>
+<LI>server process and immediately restarting
+<A HREF="auagd009.htm#IDX6376">(6376)</A>
+</MENU>
+<LI>Store statistic from scout program
+<A HREF="auagd013.htm#IDX7121">(7121)</A>
+<LI>strings command
+<A HREF="auagd008.htm#IDX6133">(6133)</A>
+<LI>suitability of volumes for replication
+<A HREF="auagd010.htm#IDX6510">(6510)</A>
+<LI>symbolic link
+<MENU>
+<LI>at second level of AFS pathname
+<A HREF="auagd007.htm#IDX5688">(5688)</A>
+<LI>creating with package
+<A HREF="auagd016.htm#IDX7553">(7553)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7692">(7692)</A>
+<LI>overwritten by uss if exists
+<A HREF="auagd017.htm#IDX7603">(7603)</A>
+</MENU>
+<LI>symptoms
+<MENU>
+<LI>of VLDB/volume header desynchronization
+<A HREF="auagd010.htm#IDX6688">(6688)</A>
+<LI>volume corruption
+<A HREF="auagd010.htm#IDX6703">(6703)</A>
+</MENU>
+<LI>synchronization site (Ubik)
+<MENU>
+<LI>defined
+<A HREF="auagd008.htm#IDX6058">(6058)</A>
+<LI>flexibility
+<A HREF="auagd008.htm#IDX6076">(6076)</A>
+</MENU>
+<LI>synchrony
+<MENU>
+<LI>controlling for Cache Manager write operations
+<A HREF="auagd015.htm#IDX7509">(7509)</A>
+<LI>when AFS files saved on NFS clients
+<A HREF="auagd022.htm#IDX8168">(8168)</A>
+</MENU>
+<LI>synchrony of VLDB and volume headers
+<MENU>
+<LI>maintained by VL and Volume Servers
+<A HREF="auagd010.htm#IDX6446">(6446)</A>
+<LI>restoring
+<A HREF="auagd010.htm#IDX6691">(6691)</A>
+<LI>symptoms of lack of
+<A HREF="auagd010.htm#IDX6690">(6690)</A>
+</MENU>
+<LI>sys (@sys) variable in pathnames
+<A HREF="auagd007.htm#IDX5729">(5729)</A>
+<LI>sys command
+<A HREF="auagd015.htm#IDX7506">(7506)</A>
+<LI>sysid file
+<A HREF="auagd008.htm#IDX5962">(5962)</A>
+<LI>system control machine
+<A HREF="auagd008.htm#IDX6031">(6031)</A>
+<MENU>
+<LI>as distributor of UserList file
+<A HREF="auagd021.htm#IDX8149">(8149)</A>
+<LI>CellServDB file, distributing to server machines
+<A HREF="auagd008.htm#IDX6141">(6141)</A>
+<LI>identifying with bos status
+<A HREF="auagd008.htm#IDX6043">(6043)</A>
+<LI>source for common KeyFile file
+<A HREF="auagd014.htm#IDX7265">(7265)</A>
+</MENU>
+<LI>system groups
+<MENU>
+<LI>defined
+<A HREF="auagd019.htm#IDX7831">(7831)</A>
+<LI>using on ACLs
+<A HREF="auagd020.htm#IDX8053">(8053)</A>
+</MENU>
+<LI>system outages
+<MENU>
+<LI>due to automatic server restart
+<A HREF="auagd009.htm#IDX6402">(6402)</A>
+<LI>due to server process restart
+<A HREF="auagd009.htm#IDX6378">(6378)</A>
+<LI>due to Ubik election
+<A HREF="auagd008.htm#IDX6080">(6080)</A>
+<LI>reducing
+<A HREF="auagd006.htm#IDX5584">(5584)</A>
+</MENU>
+<LI>system:administrators group
+<A HREF="auagd019.htm#IDX7836">(7836)</A>
+<MENU>
+<LI> privileges resulting
+<A HREF="auagd021.htm#IDX8111">(8111)</A>
+<LI>about
+<A HREF="auagd007.htm#IDX5750">(5750)</A>
+<LI>members
+<MENU>
+<LI>adding
+<A HREF="auagd021.htm#IDX8116">(8116)</A>
+<LI>displaying
+<A HREF="auagd021.htm#IDX8112">(8112)</A>
+<LI>removing
+<A HREF="auagd021.htm#IDX8120">(8120)</A>
+</MENU>
+</MENU>
+<LI>system:anyuser group
+<A HREF="auagd019.htm#IDX7834">(7834)</A>
+<MENU>
+<LI>about
+<A HREF="auagd007.htm#IDX5751">(5751)</A>
+<LI>using on ACLs
+<A HREF="auagd020.htm#IDX8056">(8056)</A>
+</MENU>
+<LI>system:authuser group
+<A HREF="auagd019.htm#IDX7835">(7835)</A>
+<MENU>
+<LI>about
+<A HREF="auagd007.htm#IDX5752">(5752)</A>
+<LI>using on ACLs
+<A HREF="auagd020.htm#IDX8057">(8057)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_54" HREF="#IDX0_54">T</A></STRONG>
+<MENU>
+<LI>tape (Backup System)
+<MENU>
+<LI>automating mounting and unmounting
+<A HREF="auagd011.htm#IDX6960">(6960)</A>
+<LI>eliminating check for proper name
+<A HREF="auagd011.htm#IDX6972">(6972)</A>
+<LI>scanning
+<A HREF="auagd012.htm#IDX7045">(7045)</A>
+</MENU>
+<LI>Tape Coordinator (Backup System)
+<MENU>
+<LI>adding to Backup Database
+<A HREF="auagd011.htm#IDX6864">(6864)</A>
+<LI>assigning file ownership
+<A HREF="auagd011.htm#IDX6858">(6858)</A>
+<LI>automating tape mounting and unmounting
+<A HREF="auagd011.htm#IDX6961">(6961)</A>
+<LI>configuring
+<MENU>
+<LI>AIX system
+<A HREF="auagd011.htm#IDX6856">(6856)</A>
+<LI>machine
+<A HREF="auagd011.htm#IDX6854">(6854)</A>
+<LI>tape device
+<A HREF="auagd011.htm#IDX6855">(6855)</A>
+</MENU>
+<LI>described
+<A HREF="auagd011.htm#IDX6837">(6837)</A>
+<LI>device configuration file (CFG)
+<A HREF="auagd011.htm#IDX6955">(6955)</A>
+<LI>eliminating check for proper tape name
+<A HREF="auagd011.htm#IDX6973">(6973)</A>
+<LI>eliminating search/prompt for initial tape
+<A HREF="auagd011.htm#IDX6964">(6964)</A>
+<LI>filemark
+<MENU>
+<LI>described
+<A HREF="auagd011.htm#IDX6836">(6836)</A>
+<LI>determining size
+<A HREF="auagd011.htm#IDX6845">(6845)</A>
+</MENU>
+<LI>port offset number
+<MENU>
+<LI>assigning
+<A HREF="auagd011.htm#IDX6846">(6846)</A>
+<LI>defined
+<A HREF="auagd011.htm#IDX6840">(6840)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6870">(6870)</A>
+</MENU>
+<LI>process
+<MENU>
+<LI>starting
+<A HREF="auagd012.htm#IDX7001">(7001)</A>
+</MENU>
+<LI>removing from Backup Database
+<A HREF="auagd011.htm#IDX6868">(6868)</A>
+<LI>starting
+<A HREF="auagd012.htm#IDX7004">(7004)</A>
+<LI>status
+<MENU>
+<LI>displaying
+<A HREF="auagd012.htm#IDX7008">(7008)</A>
+</MENU>
+<LI>stopping
+<A HREF="auagd012.htm#IDX7007">(7007)</A>
+<LI>task ID numbers
+<A HREF="auagd012.htm#IDX7003">(7003)</A>
+<LI>using default responses to errors
+<A HREF="auagd011.htm#IDX6969">(6969)</A>
+</MENU>
+<LI>tape labels
+<MENU>
+<LI>useCounts of tapes
+<A HREF="auagd011.htm#IDX6912">(6912)</A>
+</MENU>
+<LI>tape recycling schedules
+<A HREF="auagd011.htm#IDX6908">(6908)</A>
+<LI>tapeconfig file
+<A HREF="auagd011.htm#IDX6848">(6848)</A>
+<MENU>
+<LI>ownership, assigning
+<A HREF="auagd011.htm#IDX6860">(6860)</A>
+</MENU>
+<LI>tapes (Backup System)
+<MENU>
+<LI>archiving
+<A HREF="auagd011.htm#IDX6914">(6914)</A>
+<LI>capacity
+<MENU>
+<LI>determining
+<A HREF="auagd011.htm#IDX6844">(6844)</A>
+<LI>recording on label
+<A HREF="auagd011.htm#IDX6943">(6943)</A>
+</MENU>
+<LI>eliminating search/prompt for initial
+<A HREF="auagd011.htm#IDX6965">(6965)</A>
+<LI>label
+<MENU>
+<LI>creating
+<A HREF="auagd011.htm#IDX6941">(6941)</A>
+<LI>described
+<A HREF="auagd011.htm#IDX6833">(6833)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6942">(6942)</A>
+</MENU>
+<LI>names
+<MENU>
+<LI>assigning
+<A HREF="auagd011.htm#IDX6944">(6944)</A>
+<LI>described
+<A HREF="auagd011.htm#IDX6830">(6830)</A>
+</MENU>
+</MENU>
+<LI>task ID numbers (Backup System)
+<A HREF="auagd012.htm#IDX7002">(7002)</A>
+<LI>terminal type
+<MENU>
+<LI>setting for afsmonitor
+<A HREF="auagd013.htm#IDX7198">(7198)</A>
+<LI>setting for scout program
+<A HREF="auagd013.htm#IDX7108">(7108)</A>
+</MENU>
+<LI>TGS
+<A HREF="auagd014.htm#IDX7251">(7251)</A>
+<LI>ThisCell file (client)
+<A HREF="auagd015.htm#IDX7331">(7331)</A>
+<MENU>
+<LI>how used by programs
+<A HREF="auagd007.htm#IDX5658">(5658)</A>
+<LI>setting value in
+<A HREF="auagd015.htm#IDX7452">(7452)</A>
+</MENU>
+<LI>ThisCell file (server)
+<A HREF="auagd008.htm#IDX5942">(5942)</A>
+<LI>thresholds for statistics in scout display
+<MENU>
+<LI>setting
+<A HREF="auagd013.htm#IDX7150">(7150)</A>
+</MENU>
+<LI>Ticket Granting Service
+<A HREF="auagd014.htm#IDX7250">(7250)</A>
+<LI>ticket-granter
+<A HREF="auagd007.htm#IDX5824">(5824)</A>
+<LI>tickets
+<MENU>
+<LI>see entry: <I>tokens</I>
+<A HREF="auagd007.htm#IDX5777">(5777)</A>
+</MENU>
+<LI>time stamp
+<MENU>
+<LI>on binary file, listing
+<A HREF="auagd008.htm#IDX6115">(6115)</A>
+</MENU>
+<LI>tokens
+<MENU>
+<LI>command
+<A HREF="auagd007.htm#IDX5771">(5771)</A>
+<LI>creating for server process
+<A HREF="auagd007.htm#IDX5778">(5778)</A>
+<LI>data in
+<A HREF="auagd007.htm#IDX5826">(5826)</A>
+<LI>discarding with knfs command
+<A HREF="auagd022.htm#IDX8185">(8185)</A>
+<LI>discarding with unlog command
+<A HREF="auagd007.htm#IDX5783">(5783)</A>
+<LI>displaying for user
+<A HREF="auagd007.htm#IDX5770">(5770)</A>
+<LI>displaying with knfs command
+<A HREF="auagd022.htm#IDX8184">(8184)</A>
+<LI>one-per-cell rule
+<A HREF="auagd007.htm#IDX5757">(5757)</A>
+<LI>setting default lifetimes for users
+<A HREF="auagd007.htm#IDX5784">(5784)</A>
+</MENU>
+<LI>tokens.krb command
+<A HREF="auagd007.htm#IDX5812">(5812)</A>
+<LI>trace log (fstrace)
+<MENU>
+<LI>clearing contents
+<A HREF="auagd013.htm#IDX7189">(7189)</A>
+<LI>configuring
+<A HREF="auagd013.htm#IDX7168">(7168)</A>
+<LI>displaying state
+<A HREF="auagd013.htm#IDX7180">(7180)</A>
+<LI>dumping
+<A HREF="auagd013.htm#IDX7184">(7184)</A>
+<LI>persistence
+<A HREF="auagd013.htm#IDX7162">(7162)</A>
+</MENU>
+<LI>trace log from (fstrace)
+<MENU>
+<LI>cmfx
+<A HREF="auagd013.htm#IDX7155">(7155)</A>
+</MENU>
+<LI>translating
+<MENU>
+<LI>directory/file name to volume ID number
+<A HREF="auagd010.htm#IDX6657">(6657)</A>
+<LI>directory/file name to volume location
+<A HREF="auagd010.htm#IDX6663">(6663)</A>
+<LI>directory/file name to volume name
+<A HREF="auagd010.htm#IDX6651">(6651)</A>
+<LI>volume ID number to name
+<A HREF="auagd010.htm#IDX6640">(6640)</A>
+<LI>volume name to ID number
+<A HREF="auagd010.htm#IDX6635">(6635)</A>
+<LI>volume name/ID number to volume location
+<A HREF="auagd010.htm#IDX6645">(6645)</A>
+</MENU>
+<LI>translator
+<MENU>
+<LI>NFS/AFS
+<A HREF="auagd022.htm#IDX8163">(8163)</A>
+</MENU>
+<LI>transparent access as AFS feature
+<A HREF="auagd006.htm#IDX5557">(5557)</A>
+<LI>turning off authorization checking
+<A HREF="auagd008.htm#IDX6186">(6186)</A>
+<LI>turning on authorization checking
+<A HREF="auagd008.htm#IDX6190">(6190)</A>
+<LI>type flag for volume
+<MENU>
+<LI>VLDB entry
+<A HREF="auagd010.htm#IDX6590">(6590)</A>
+<LI>volume header
+<A HREF="auagd010.htm#IDX6602">(6602)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_55" HREF="#IDX0_55">U</A></STRONG>
+<MENU>
+<LI>Ubik
+<MENU>
+<LI>automatic updates
+<A HREF="auagd008.htm#IDX6061">(6061)</A>
+<LI>consistency guarantees
+<A HREF="auagd008.htm#IDX6071">(6071)</A>
+<LI>election of coordinator
+<A HREF="auagd008.htm#IDX6072">(6072)</A>
+<LI>failure due to mismatched server encryption keys
+<A HREF="auagd014.htm#IDX7301">(7301)</A>
+<LI>features summarized
+<A HREF="auagd008.htm#IDX6067">(6067)</A>
+<LI>majority defined
+<A HREF="auagd008.htm#IDX6077">(6077)</A>
+<LI>operation described
+<A HREF="auagd008.htm#IDX6057">(6057)</A>
+<LI>requirements summarized
+<A HREF="auagd008.htm#IDX6063">(6063)</A>
+<LI>server and client portions
+<A HREF="auagd008.htm#IDX6069">(6069)</A>
+<LI>use of CellServDB file
+<A HREF="auagd008.htm#IDX6138">(6138)</A>
+<LI>use of NetInfo and NetRestrict files
+<A HREF="auagd008.htm#IDX6224">(6224)</A>
+</MENU>
+<LI>udebug
+<MENU>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5902">(5902)</A>
+</MENU>
+<LI>UFS
+<MENU>
+<LI>file protection compared to AFS
+<A HREF="auagd020.htm#IDX8018">(8018)</A>
+<LI>mode bits, interpretation in AFS
+<A HREF="auagd020.htm#IDX8101">(8101)</A>
+</MENU>
+<LI>umount command
+<A HREF="auagd008.htm#IDX6218">(6218)</A>
+<LI>undefined ACL permissions
+<A HREF="auagd020.htm#IDX8039">(8039)</A>
+<LI>uninstalling
+<MENU>
+<LI>server process and command suite binaries
+<A HREF="auagd008.htm#IDX6103">(6103)</A>
+</MENU>
+<LI>UNIX
+<MENU>
+<LI>differences from AFS summarized
+<A HREF="auagd007.htm#IDX5610">(5610)</A>
+<LI>mode bits, interpretation in AFS
+<A HREF="auagd020.htm#IDX8100">(8100)</A>
+<LI>UID
+<MENU>
+<LI>functional difference from AFS UID
+<A HREF="auagd006.htm#IDX5589">(5589)</A>
+</MENU>
+</MENU>
+<LI>UNIX UID
+<MENU>
+<LI>difference from AFS UID
+<A HREF="auagd019.htm#IDX7877">(7877)</A>
+<LI>matching with AFS UID
+<A HREF="auagd017.htm#IDX7609">(7609)</A>, <A HREF="auagd018.htm#IDX7739">(7739)</A>
+</MENU>
+<LI>unlocking
+<MENU>
+<LI>VLDB entry
+<A HREF="auagd010.htm#IDX6797">(6797)</A>
+</MENU>
+<LI>unlog command
+<A HREF="auagd007.htm#IDX5780">(5780)</A>
+<MENU>
+<LI>when handling key emergency
+<A HREF="auagd014.htm#IDX7304">(7304)</A>
+</MENU>
+<LI>UNMOUNT instruction in CFG_<I>device_name</I> file
+<A HREF="auagd011.htm#IDX6957">(6957)</A>
+<LI>unmounting
+<MENU>
+<LI> file server machine disk
+<A HREF="auagd008.htm#IDX6216">(6216)</A>
+<LI>volume
+<A HREF="auagd010.htm#IDX6576">(6576)</A>, <A HREF="auagd010.htm#IDX6741">(6741)</A>
+</MENU>
+<LI>upclient
+<MENU>
+<LI>(see entry: <I>Update Server</I>)
+<A HREF="auagd008.htm#IDX5907">(5907)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5906">(5906)</A>
+</MENU>
+<LI>update date
+<MENU>
+<LI>recorded in volume header
+<A HREF="auagd010.htm#IDX6621">(6621)</A>
+</MENU>
+<LI>Update Server
+<MENU>
+<LI>about starting and stopping
+<A HREF="auagd009.htm#IDX6321">(6321)</A>
+<LI>as upserver and upclient processes
+<A HREF="auagd009.htm#IDX6285">(6285)</A>
+<LI>binaries in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5911">(5911)</A>
+<LI>CellServDB file (server), distributing
+<A HREF="auagd008.htm#IDX6143">(6143)</A>
+<LI>client portion
+<A HREF="auagd006.htm#IDX5603">(5603)</A>
+<MENU>
+<LI>for binaries
+<A HREF="auagd008.htm#IDX6030">(6030)</A>
+<LI>for configuration files
+<A HREF="auagd008.htm#IDX6035">(6035)</A>
+</MENU>
+<LI>description
+<A HREF="auagd006.htm#IDX5601">(5601)</A>
+<LI>distributing server configuration files
+<A HREF="auagd008.htm#IDX5936">(5936)</A>
+<LI>distributor of KeyFile file
+<A HREF="auagd014.htm#IDX7264">(7264)</A>
+<LI>server portion
+<A HREF="auagd006.htm#IDX5602">(5602)</A>
+<MENU>
+<LI>on binary distribution machine
+<A HREF="auagd008.htm#IDX6029">(6029)</A>
+<LI>on system control machine
+<A HREF="auagd008.htm#IDX6034">(6034)</A>
+</MENU>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6288">(6288)</A>
+</MENU>
+<LI>updating
+<MENU>
+<LI>CellServDB file (client) with or without package
+<A HREF="auagd015.htm#IDX7432">(7432)</A>
+</MENU>
+<LI>upserver
+<MENU>
+<LI>(see entry: <I>Update Server</I>)
+<A HREF="auagd008.htm#IDX5913">(5913)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5912">(5912)</A>
+</MENU>
+<LI>useCount counter on tape label (Backup System)
+<A HREF="auagd011.htm#IDX6909">(6909)</A>
+<LI>user
+<MENU>
+<LI>account (see entry: <I>user account</I>)
+<A HREF="auagd017.htm#IDX7585">(7585)</A>, <A HREF="auagd017.htm#IDX7706">(7706)</A>
+<LI>adding to group
+<A HREF="auagd019.htm#IDX7949">(7949)</A>
+<LI>AFS UID, assigning
+<A HREF="auagd017.htm#IDX7715">(7715)</A>, <A HREF="auagd018.htm#IDX7752">(7752)</A>
+<LI>group memberships
+<MENU>
+<LI>displaying number
+<A HREF="auagd019.htm#IDX7872">(7872)</A>
+</MENU>
+<LI>group memberships, displaying
+<A HREF="auagd019.htm#IDX7882">(7882)</A>
+<LI>group-creation quota
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7869">(7869)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7983">(7983)</A>
+</MENU>
+<LI>groups owned, displaying
+<A HREF="auagd019.htm#IDX7891">(7891)</A>
+<LI>name (see entry: <I>username</I>)
+<A HREF="auagd007.htm#IDX5733">(5733)</A>
+<LI>privacy flags on Protection Database entry
+<MENU>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7871">(7871)</A>
+<LI>setting
+<A HREF="auagd019.htm#IDX7988">(7988)</A>
+</MENU>
+<LI>Protection Database entry
+<MENU>
+<LI>deleting
+<A HREF="auagd019.htm#IDX7963">(7963)</A>
+<LI>displaying
+<A HREF="auagd019.htm#IDX7870">(7870)</A>
+<LI>displaying all
+<A HREF="auagd019.htm#IDX7910">(7910)</A>
+</MENU>
+<LI>Protection Database entry, described
+<A HREF="auagd019.htm#IDX7826">(7826)</A>
+<LI>removing from group
+<A HREF="auagd019.htm#IDX7956">(7956)</A>
+</MENU>
+<LI>user account
+<MENU>
+<LI>components
+<A HREF="auagd017.htm#IDX7584">(7584)</A>
+<LI>configuration issues
+<A HREF="auagd007.htm#IDX5731">(5731)</A>
+<LI>converting existing UNIX to AFS
+<MENU>
+<LI>with manual account creation
+<A HREF="auagd018.htm#IDX7743">(7743)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7619">(7619)</A>
+</MENU>
+<LI>creating
+<MENU>
+<LI> with uss
+<A HREF="auagd017.htm#IDX7707">(7707)</A>
+<LI>standard files in
+<A HREF="auagd007.htm#IDX5744">(5744)</A>
+<LI>with individual commands
+<A HREF="auagd018.htm#IDX7745">(7745)</A>
+</MENU>
+<LI>creating different types with uss
+<A HREF="auagd017.htm#IDX7624">(7624)</A>
+<LI>creating/deleting many at once
+<A HREF="auagd017.htm#IDX7728">(7728)</A>
+<LI>creation using uss
+<MENU>
+<LI>previewing
+<A HREF="auagd017.htm#IDX7592">(7592)</A>
+</MENU>
+<LI>deleting with uss
+<A HREF="auagd017.htm#IDX7719">(7719)</A>
+<LI>deletion using uss
+<MENU>
+<LI>previewing
+<A HREF="auagd017.htm#IDX7593">(7593)</A>
+</MENU>
+<LI>matching AFS and UNIX UIDs
+<A HREF="auagd017.htm#IDX7606">(7606)</A>
+<LI>methods for grouping
+<A HREF="auagd017.htm#IDX7657">(7657)</A>
+<LI>removing from system
+<A HREF="auagd018.htm#IDX7805">(7805)</A>
+<LI>suggestions for grouping home directories
+<A HREF="auagd007.htm#IDX5742">(5742)</A>
+<LI>two methods for creating and deleting
+<A HREF="auagd017.htm#IDX7583">(7583)</A>
+<LI>uss commands to create/delete
+<MENU>
+<LI>previewing
+<A HREF="auagd017.htm#IDX7591">(7591)</A>
+</MENU>
+</MENU>
+<LI>UserList file
+<A HREF="auagd008.htm#IDX5944">(5944)</A>
+<MENU>
+<LI>adding users
+<A HREF="auagd021.htm#IDX8154">(8154)</A>
+<LI>displaying
+<A HREF="auagd021.htm#IDX8150">(8150)</A>
+<LI>privileges resulting
+<A HREF="auagd021.htm#IDX8138">(8138)</A>
+<LI>removing users
+<A HREF="auagd021.htm#IDX8158">(8158)</A>
+</MENU>
+<LI>username
+<MENU>
+<LI>assigning
+<MENU>
+<LI> with uss
+<A HREF="auagd017.htm#IDX7708">(7708)</A>
+<LI>with pts createuser command
+<A HREF="auagd018.htm#IDX7750">(7750)</A>
+</MENU>
+<LI>changing
+<A HREF="auagd018.htm#IDX7780">(7780)</A>
+<LI>choosing
+<A HREF="auagd007.htm#IDX5732">(5732)</A>
+<LI>part of volume name
+<A HREF="auagd007.htm#IDX5737">(5737)</A>
+<LI>use by Kerberos
+<A HREF="auagd006.htm#IDX5588">(5588)</A>
+</MENU>
+<LI>usr/afs/backup directory
+<MENU>
+<LI>ownership, assigning
+<A HREF="auagd011.htm#IDX6859">(6859)</A>
+</MENU>
+<LI>usr/afs/bin directory
+<MENU>
+<LI>removing obsolete .BAK and .OLD files
+<A HREF="auagd008.htm#IDX6128">(6128)</A>
+</MENU>
+<LI>usr/afs/bin directory on server machines
+<MENU>
+<LI>contents listed
+<A HREF="auagd008.htm#IDX5842">(5842)</A>
+</MENU>
+<LI>usr/afs/bin/bosserver
+<A HREF="auagd009.htm#IDX6252">(6252)</A>
+<LI>usr/afs/db directory on server machines
+<MENU>
+<LI>contents listed
+<A HREF="auagd008.htm#IDX5966">(5966)</A>
+</MENU>
+<LI>usr/afs/etc directory on server machines
+<MENU>
+<LI>contents listed
+<A HREF="auagd008.htm#IDX5931">(5931)</A>
+</MENU>
+<LI>usr/afs/local directory on server machines
+<MENU>
+<LI>contents listed
+<A HREF="auagd008.htm#IDX5946">(5946)</A>
+</MENU>
+<LI>usr/afs/logs directory on server machines
+<MENU>
+<LI>contents listed
+<A HREF="auagd008.htm#IDX5988">(5988)</A>
+</MENU>
+<LI>usr/vice/cache directory
+<A HREF="auagd015.htm#IDX7341">(7341)</A>
+<LI>usr/vice/etc directory
+<A HREF="auagd015.htm#IDX7313">(7313)</A>
+<LI>uss
+<MENU>
+<LI>account
+<MENU>
+<LI>recovering from account creation failure
+<A HREF="auagd017.htm#IDX7596">(7596)</A>
+</MENU>
+<LI>AFS UID, assigning
+<A HREF="auagd017.htm#IDX7607">(7607)</A>
+<LI>command
+<MENU>
+<LI>reissuing, effect of
+<A HREF="auagd017.htm#IDX7597">(7597)</A>
+</MENU>
+<LI>hard link, creating
+<A HREF="auagd017.htm#IDX7686">(7686)</A>
+<LI>previewing effect of command
+<A HREF="auagd017.htm#IDX7594">(7594)</A>
+<LI>symbolic link, creating
+<A HREF="auagd017.htm#IDX7691">(7691)</A>
+</MENU>
+<LI>uss bulk input file
+<MENU>
+<LI>rules for constructing
+<A HREF="auagd017.htm#IDX7733">(7733)</A>
+</MENU>
+<LI>uss commands
+<MENU>
+<LI>ACL, setting for directory
+<A HREF="auagd017.htm#IDX7671">(7671)</A>
+<LI>ACL, setting on home directory
+<A HREF="auagd017.htm#IDX7658">(7658)</A>
+<LI>add
+<A HREF="auagd017.htm#IDX7716">(7716)</A>
+<MENU>
+<LI>avoiding interruption
+<A HREF="auagd017.htm#IDX7588">(7588)</A>
+</MENU>
+<LI>advantages over individual account-creation commands
+<A HREF="auagd017.htm#IDX7620">(7620)</A>
+<LI>bulk
+<A HREF="auagd017.htm#IDX7734">(7734)</A>
+<LI>command, executing with X instruction
+<A HREF="auagd017.htm#IDX7699">(7699)</A>
+<LI>converting existing UNIX accounts
+<A HREF="auagd017.htm#IDX7617">(7617)</A>
+<LI>creating individual user account
+<A HREF="auagd017.htm#IDX7713">(7713)</A>
+<LI>creating/deleting user accounts in bulk
+<A HREF="auagd017.htm#IDX7731">(7731)</A>
+<LI>delete
+<A HREF="auagd017.htm#IDX7725">(7725)</A>
+<MENU>
+<LI>avoiding interruption
+<A HREF="auagd017.htm#IDX7589">(7589)</A>
+</MENU>
+<LI>deleting individual user account
+<A HREF="auagd017.htm#IDX7724">(7724)</A>
+<LI>directory
+<MENU>
+<LI>creating
+<A HREF="auagd017.htm#IDX7663">(7663)</A>
+<LI>distributing evenly with G instruction
+<A HREF="auagd017.htm#IDX7638">(7638)</A>
+</MENU>
+<LI>file, creating by echoing one line
+<A HREF="auagd017.htm#IDX7678">(7678)</A>
+<LI>file, creating from prototype
+<A HREF="auagd017.htm#IDX7672">(7672)</A>
+<LI>local password file
+<MENU>
+<LI>creating common source version
+<A HREF="auagd017.htm#IDX7614">(7614)</A>
+</MENU>
+<LI>overwriting existing account components
+<A HREF="auagd017.htm#IDX7598">(7598)</A>
+<LI>password/authentication security, setting with A instruction
+<A HREF="auagd017.htm#IDX7696">(7696)</A>
+<LI>privilege required
+<A HREF="auagd017.htm#IDX7586">(7586)</A>
+<LI>volume
+<MENU>
+<LI>creating with V instruction
+<A HREF="auagd017.htm#IDX7643">(7643)</A>
+<LI>mounting
+<A HREF="auagd017.htm#IDX7653">(7653)</A>
+<LI>setting quota
+<A HREF="auagd017.htm#IDX7649">(7649)</A>
+</MENU>
+</MENU>
+<LI>uss template file
+<MENU>
+<LI>A instruction
+<A HREF="auagd017.htm#IDX7697">(7697)</A>
+<LI>ACL, setting
+<MENU>
+<LI> directory created by D instruction
+<A HREF="auagd017.htm#IDX7670">(7670)</A>
+<LI>user home directory with V instruction
+<A HREF="auagd017.htm#IDX7660">(7660)</A>
+</MENU>
+<LI>advantages
+<A HREF="auagd017.htm#IDX7621">(7621)</A>
+<LI>command, executing with X instruction
+<A HREF="auagd017.htm#IDX7703">(7703)</A>
+<LI>constants
+<A HREF="auagd017.htm#IDX7627">(7627)</A>
+<LI>D instruction
+<A HREF="auagd017.htm#IDX7662">(7662)</A>
+<LI>directory
+<MENU>
+<LI>creating with D instruction
+<A HREF="auagd017.htm#IDX7664">(7664)</A>
+<LI>G instruction for even distribution
+<A HREF="auagd017.htm#IDX7642">(7642)</A>
+</MENU>
+<LI>E instruction
+<A HREF="auagd017.htm#IDX7681">(7681)</A>
+<LI>examples
+<A HREF="auagd017.htm#IDX7637">(7637)</A>
+<LI>F instruction
+<A HREF="auagd017.htm#IDX7675">(7675)</A>
+<LI>file
+<MENU>
+<LI>creating by echoing one line
+<A HREF="auagd017.htm#IDX7682">(7682)</A>
+<LI>creating from prototype
+<A HREF="auagd017.htm#IDX7676">(7676)</A>
+</MENU>
+<LI>G instruction
+<A HREF="auagd017.htm#IDX7641">(7641)</A>
+<LI>hard link, creating
+<A HREF="auagd017.htm#IDX7690">(7690)</A>
+<LI>instructions for different account types
+<A HREF="auagd017.htm#IDX7623">(7623)</A>
+<LI>instructions summarized
+<A HREF="auagd017.htm#IDX7622">(7622)</A>
+<LI>L instruction
+<A HREF="auagd017.htm#IDX7689">(7689)</A>
+<LI>mount point, creating with V instruction
+<A HREF="auagd017.htm#IDX7655">(7655)</A>
+<LI>number variables
+<A HREF="auagd017.htm#IDX7631">(7631)</A>
+<LI>password/authentication security, setting with A instruction
+<A HREF="auagd017.htm#IDX7698">(7698)</A>
+<LI>quota on volume, setting with V instruction
+<A HREF="auagd017.htm#IDX7651">(7651)</A>
+<LI>rules for constructing
+<A HREF="auagd017.htm#IDX7635">(7635)</A>
+<LI>S instruction
+<A HREF="auagd017.htm#IDX7693">(7693)</A>
+<LI>standard locations
+<A HREF="auagd017.htm#IDX7633">(7633)</A>
+<LI>symbolic link, creating
+<A HREF="auagd017.htm#IDX7694">(7694)</A>
+<LI>V instruction
+<A HREF="auagd017.htm#IDX7646">(7646)</A>
+<LI>variables
+<A HREF="auagd017.htm#IDX7629">(7629)</A>
+<LI>volume
+<MENU>
+<LI>creating with V instruction
+<A HREF="auagd017.htm#IDX7647">(7647)</A>
+</MENU>
+<LI>X instruction
+<A HREF="auagd017.htm#IDX7702">(7702)</A>
+<LI>zero-length
+<A HREF="auagd017.htm#IDX7648">(7648)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_56" HREF="#IDX0_56">V</A></STRONG>
+<MENU>
+<LI>V.<I>vol_ID</I>.vol file
+<A HREF="auagd008.htm#IDX6013">(6013)</A>
+<LI>variable
+<MENU>
+<LI>AFSCELL
+<A HREF="auagd012.htm#IDX6976">(6976)</A>
+</MENU>
+<LI>variables
+<MENU>
+<LI>@sys in pathnames
+<A HREF="auagd007.htm#IDX5730">(5730)</A>
+<LI>in uss template file
+<A HREF="auagd017.htm#IDX7628">(7628)</A>
+</MENU>
+<LI>variations possible
+<MENU>
+<LI>in replication
+<A HREF="auagd010.htm#IDX6514">(6514)</A>
+</MENU>
+<LI>vicep directory on server machines
+<MENU>
+<LI>contents listed
+<A HREF="auagd008.htm#IDX6008">(6008)</A>
+</MENU>
+<LI>VL Server
+<MENU>
+<LI>about starting and stopping
+<A HREF="auagd009.htm#IDX6317">(6317)</A>
+<LI>as vlserver process
+<A HREF="auagd009.htm#IDX6290">(6290)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5921">(5921)</A>
+<LI>Cache Manager preference ranks for
+<A HREF="auagd015.htm#IDX7474">(7474)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5598">(5598)</A>
+<LI>importance to transparent access
+<A HREF="auagd006.htm#IDX5600">(5600)</A>
+<LI>restarting after adding entry to server CellServDB file
+<A HREF="auagd008.htm#IDX6158">(6158)</A>
+<LI>restarting after removing entry from server CellServDB file
+<A HREF="auagd008.htm#IDX6169">(6169)</A>
+<LI>role in VLDB/volume header synchronization
+<A HREF="auagd010.htm#IDX6450">(6450)</A>
+<LI>runs on database server machine
+<A HREF="auagd008.htm#IDX6026">(6026)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6292">(6292)</A>
+</MENU>
+<LI>VLDB
+<A HREF="auagd006.htm#IDX5599">(5599)</A>
+<MENU>
+<LI>defining read-only site in
+<A HREF="auagd010.htm#IDX6522">(6522)</A>
+<LI>displaying entry
+<MENU>
+<LI>with volume header
+<A HREF="auagd010.htm#IDX6628">(6628)</A>
+</MENU>
+<LI>displaying volume entry
+<A HREF="auagd010.htm#IDX6583">(6583)</A>
+<LI>intention flag set by VL Server
+<A HREF="auagd010.htm#IDX6687">(6687)</A>
+<LI>locking/unlocking entry
+<A HREF="auagd010.htm#IDX6795">(6795)</A>
+<LI>release status flags in volume entry
+<A HREF="auagd010.htm#IDX6593">(6593)</A>
+<LI>server machine interfaces registered
+<MENU>
+<LI>listed in sysid file
+<A HREF="auagd008.htm#IDX5965">(5965)</A>
+</MENU>
+<LI>site count for volume
+<A HREF="auagd010.htm#IDX6589">(6589)</A>
+<LI>synchronizing with volume headers
+<A HREF="auagd010.htm#IDX6447">(6447)</A>, <A HREF="auagd010.htm#IDX6683">(6683)</A>
+<LI>volume entry
+<A HREF="auagd010.htm#IDX6441">(6441)</A>
+<LI>volume type flags
+<A HREF="auagd010.htm#IDX6591">(6591)</A>
+</MENU>
+<LI>vldb.DB0 file
+<A HREF="auagd008.htm#IDX5985">(5985)</A>
+<LI>vldb.DBSYS1 file
+<A HREF="auagd008.htm#IDX5987">(5987)</A>
+<LI>VLLog file
+<A HREF="auagd008.htm#IDX6004">(6004)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6417">(6417)</A>
+</MENU>
+<LI>vlserver
+<MENU>
+<LI>(see entry: <I>VL Server</I>)
+<A HREF="auagd008.htm#IDX5917">(5917)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5916">(5916)</A>
+</MENU>
+<LI>Vn file (data cache)
+<A HREF="auagd015.htm#IDX7351">(7351)</A>
+<LI>vnode index
+<A HREF="auagd010.htm#IDX6480">(6480)</A>
+<LI>VolserLog file
+<A HREF="auagd008.htm#IDX6006">(6006)</A>
+<MENU>
+<LI>displaying
+<A HREF="auagd009.htm#IDX6418">(6418)</A>
+</MENU>
+<LI>volserver
+<MENU>
+<LI>(see entry: <I>Volume Server</I>)
+<A HREF="auagd008.htm#IDX5924">(5924)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5923">(5923)</A>
+</MENU>
+<LI>volume
+<MENU>
+<LI>as unit of
+<MENU>
+<LI>backup
+<A HREF="auagd006.htm#IDX5565">(5565)</A>
+<LI>replication
+<A HREF="auagd006.htm#IDX5564">(5564)</A>
+<LI>resource management
+<A HREF="auagd006.htm#IDX5566">(5566)</A>
+</MENU>
+<LI>as unit of backup
+<A HREF="auagd010.htm#IDX6440">(6440)</A>
+<LI>as unit of replication
+<A HREF="auagd010.htm#IDX6438">(6438)</A>
+<LI>automating creation of backup version
+<A HREF="auagd010.htm#IDX6539">(6539)</A>
+<LI>backing up using Backup System
+<A HREF="auagd012.htm#IDX7011">(7011)</A>
+<LI>backup (see entry: <I>backup volume</I>)
+<A HREF="auagd010.htm#IDX6532">(6532)</A>
+<LI>Backup System dump history, displaying
+<A HREF="auagd012.htm#IDX7041">(7041)</A>
+<LI>benefits for efficiency
+<A HREF="auagd010.htm#IDX6436">(6436)</A>
+<LI>correspondence with directory
+<A HREF="auagd006.htm#IDX5561">(5561)</A>
+<LI>counter in header for number of accesses
+<A HREF="auagd010.htm#IDX6624">(6624)</A>
+<LI>creating backup version of many at once
+<A HREF="auagd010.htm#IDX6535">(6535)</A>
+<LI>creating with uss
+<A HREF="auagd017.htm#IDX7645">(7645)</A>
+<LI>Creation date in volume header
+<A HREF="auagd010.htm#IDX6620">(6620)</A>
+<LI>defined
+<A HREF="auagd010.htm#IDX6430">(6430)</A>
+<LI>definition
+<A HREF="auagd006.htm#IDX5559">(5559)</A>
+<LI>displaying information about
+<A HREF="auagd010.htm#IDX6581">(6581)</A>
+<LI>dumping without AFS Backup System
+<A HREF="auagd010.htm#IDX6760">(6760)</A>
+<LI>entry in VLDB
+<A HREF="auagd010.htm#IDX6442">(6442)</A>
+<LI>flushing from data cache on client machine
+<A HREF="auagd015.htm#IDX7458">(7458)</A>
+<LI>grouping related on same partition
+<A HREF="auagd007.htm#IDX5700">(5700)</A>
+<LI>header (see entry: <I>volume header</I>)
+<A HREF="auagd010.htm#IDX6444">(6444)</A>
+<LI>in load balancing
+<A HREF="auagd006.htm#IDX5560">(5560)</A>, <A HREF="auagd010.htm#IDX6437">(6437)</A>
+<LI>Last Update date in volume header
+<A HREF="auagd010.htm#IDX6622">(6622)</A>
+<LI>location (see entry: <I>volume location</I>)
+<A HREF="auagd010.htm#IDX6667">(6667)</A>
+<LI>mounting
+<A HREF="auagd006.htm#IDX5571">(5571)</A>
+<MENU>
+<LI>about
+<A HREF="auagd010.htm#IDX6453">(6453)</A>
+<LI>more than once
+<A HREF="auagd010.htm#IDX6458">(6458)</A>
+</MENU>
+<LI>moving
+<A HREF="auagd010.htm#IDX6671">(6671)</A>
+<LI>name (see entry: <I>volume name</I>)
+<A HREF="auagd010.htm#IDX6459">(6459)</A>
+<LI>overwriting contents during Backup System restore
+<A HREF="auagd012.htm#IDX7065">(7065)</A>
+<LI>preserving contents during Backup System restore
+<A HREF="auagd012.htm#IDX7067">(7067)</A>
+<LI>quota (see entry: <I>volume quota</I>)
+<A HREF="auagd010.htm#IDX6711">(6711)</A>
+<LI>read-only (see entry: <I>read-only volume</I>)
+<A HREF="auagd010.htm#IDX6484">(6484)</A>
+<LI>read/write (see entry: <I>read/write volume</I>)
+<A HREF="auagd010.htm#IDX6464">(6464)</A>
+<LI>removing
+<MENU>
+<LI>alternate commands
+<A HREF="auagd010.htm#IDX6747">(6747)</A>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6739">(6739)</A>
+<LI>when removing user account
+<A HREF="auagd018.htm#IDX7811">(7811)</A>
+</MENU>
+<LI>renaming
+<A HREF="auagd010.htm#IDX6781">(6781)</A>
+<LI>replicating
+<A HREF="auagd010.htm#IDX6483">(6483)</A>
+<LI>restoring
+<MENU>
+<LI>using Backup System
+<A HREF="auagd012.htm#IDX7051">(7051)</A>
+<LI>with vos restore command
+<A HREF="auagd010.htm#IDX6772">(6772)</A>
+</MENU>
+<LI>root (root.afs and root.cell)
+<A HREF="auagd007.htm#IDX5698">(5698)</A>
+<LI>root directory of
+<A HREF="auagd006.htm#IDX5570">(5570)</A>
+<LI>salvaging
+<A HREF="auagd010.htm#IDX6701">(6701)</A>
+<LI>separate for each top level directory
+<A HREF="auagd007.htm#IDX5693">(5693)</A>
+<LI>site, defined
+<A HREF="auagd010.htm#IDX6434">(6434)</A>
+<LI>size, displaying
+<A HREF="auagd010.htm#IDX6731">(6731)</A>
+<LI>symptoms of corruption
+<A HREF="auagd010.htm#IDX6704">(6704)</A>
+<LI>synchronizing VLDB and volume header
+<A HREF="auagd010.htm#IDX6685">(6685)</A>
+<LI>type to replicate
+<A HREF="auagd007.htm#IDX5703">(5703)</A>
+<LI>where to place replicated
+<A HREF="auagd007.htm#IDX5704">(5704)</A>
+</MENU>
+<LI>volume entry (Backup System)
+<MENU>
+<LI>creating
+<A HREF="auagd011.htm#IDX6880">(6880)</A>
+<LI>defined
+<A HREF="auagd011.htm#IDX6808">(6808)</A>
+<LI>deleting
+<A HREF="auagd011.htm#IDX6896">(6896)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6887">(6887)</A>
+</MENU>
+<LI>volume entry (VLDB)
+<MENU>
+<LI>displaying
+<A HREF="auagd010.htm#IDX6584">(6584)</A>
+</MENU>
+<LI>volume header
+<MENU>
+<LI>about
+<A HREF="auagd010.htm#IDX6445">(6445)</A>
+<LI>displaying
+<MENU>
+<LI>only
+<A HREF="auagd010.htm#IDX6599">(6599)</A>
+<LI>with VLDB entry
+<A HREF="auagd010.htm#IDX6632">(6632)</A>
+</MENU>
+<LI>in /vicep directories
+<A HREF="auagd008.htm#IDX6010">(6010)</A>
+<LI>synchronizing with VLDB
+<A HREF="auagd010.htm#IDX6448">(6448)</A>, <A HREF="auagd010.htm#IDX6684">(6684)</A>
+</MENU>
+<LI>volume ID number
+<MENU>
+<LI>learning
+<MENU>
+<LI>from volume name
+<A HREF="auagd010.htm#IDX6638">(6638)</A>
+</MENU>
+<LI>learning from directory/file name
+<A HREF="auagd010.htm#IDX6660">(6660)</A>
+<LI>translating
+<MENU>
+<LI>to volume location
+<A HREF="auagd010.htm#IDX6648">(6648)</A>
+<LI>to volume name
+<A HREF="auagd010.htm#IDX6643">(6643)</A>
+</MENU>
+</MENU>
+<LI>volume location
+<MENU>
+<LI>learning from directory/file name
+<A HREF="auagd010.htm#IDX6666">(6666)</A>
+<LI>learning from volume name/ID number
+<A HREF="auagd010.htm#IDX6649">(6649)</A>
+</MENU>
+<LI>Volume Location Server
+<MENU>
+<LI>(see entry: <I>VL Server</I>)
+<A HREF="auagd008.htm#IDX5922">(5922)</A>
+</MENU>
+<LI>volume name
+<MENU>
+<LI>changing
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6783">(6783)</A>
+<LI>when renaming user
+<A HREF="auagd018.htm#IDX7793">(7793)</A>
+</MENU>
+<LI>conventions
+<A HREF="auagd010.htm#IDX6462">(6462)</A>
+<LI>conventions for
+<A HREF="auagd007.htm#IDX5691">(5691)</A>
+<LI>learning
+<MENU>
+<LI>from directory/file name
+<A HREF="auagd010.htm#IDX6654">(6654)</A>
+<LI>from volume ID number
+<A HREF="auagd010.htm#IDX6642">(6642)</A>
+</MENU>
+<LI>restrictions
+<A HREF="auagd007.htm#IDX5695">(5695)</A>
+<LI>translating
+<MENU>
+<LI>to volume ID number
+<A HREF="auagd010.htm#IDX6637">(6637)</A>
+<LI>to volume location
+<A HREF="auagd010.htm#IDX6647">(6647)</A>
+</MENU>
+<LI>two required
+<A HREF="auagd007.htm#IDX5697">(5697)</A>
+</MENU>
+<LI>volume quota
+<MENU>
+<LI>default for new volume
+<A HREF="auagd010.htm#IDX6468">(6468)</A>
+<LI>displaying
+<MENU>
+<LI>percent used
+<A HREF="auagd010.htm#IDX6725">(6725)</A>
+<LI>with volume &partition info
+<A HREF="auagd010.htm#IDX6734">(6734)</A>
+<LI>with volume size
+<A HREF="auagd010.htm#IDX6729">(6729)</A>
+</MENU>
+<LI>recorded in volume header
+<A HREF="auagd010.htm#IDX6617">(6617)</A>
+<LI>setting
+<MENU>
+<LI>on multiple volumes
+<A HREF="auagd010.htm#IDX6719">(6719)</A>
+<LI>on single volume
+<A HREF="auagd010.htm#IDX6715">(6715)</A>
+<LI>with uss
+<A HREF="auagd017.htm#IDX7650">(7650)</A>
+</MENU>
+</MENU>
+<LI>Volume Server
+<MENU>
+<LI>as part of fs process
+<A HREF="auagd009.htm#IDX6263">(6263)</A>, <A HREF="auagd009.htm#IDX6302">(6302)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5928">(5928)</A>
+<LI>description
+<A HREF="auagd006.htm#IDX5597">(5597)</A>
+<LI>displaying log file
+<A HREF="auagd009.htm#IDX6427">(6427)</A>
+<LI>role in VLDB/volume header synchronization
+<A HREF="auagd010.htm#IDX6451">(6451)</A>
+<LI>when to contact
+<A HREF="auagd009.htm#IDX6268">(6268)</A>
+</MENU>
+<LI>volume set (Backup System)
+<MENU>
+<LI>creating
+<A HREF="auagd011.htm#IDX6877">(6877)</A>
+<LI>defined
+<A HREF="auagd011.htm#IDX6806">(6806)</A>
+<LI>deleting
+<A HREF="auagd011.htm#IDX6891">(6891)</A>
+<LI>deleting volume entry
+<A HREF="auagd011.htm#IDX6895">(6895)</A>
+<LI>displaying
+<A HREF="auagd011.htm#IDX6886">(6886)</A>
+<LI>volume entry (see entry: <I>volume entry</I>)
+<A HREF="auagd011.htm#IDX6807">(6807)</A>
+</MENU>
+<LI>VolumeItems file
+<A HREF="auagd015.htm#IDX7349">(7349)</A>
+<LI>vos commands
+<MENU>
+<LI>addsite
+<A HREF="auagd010.htm#IDX6524">(6524)</A>
+<LI>backup
+<A HREF="auagd010.htm#IDX6547">(6547)</A>
+<LI>backupsys
+<A HREF="auagd010.htm#IDX6551">(6551)</A>
+<LI>binary in /usr/afs/bin
+<A HREF="auagd008.htm#IDX5930">(5930)</A>
+<LI>changeaddr
+<A HREF="auagd008.htm#IDX6240">(6240)</A>
+<LI>create
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6472">(6472)</A>
+<LI>when creating user account
+<A HREF="auagd018.htm#IDX7758">(7758)</A>
+</MENU>
+<LI>delentry
+<A HREF="auagd010.htm#IDX6753">(6753)</A>
+<LI>dump
+<A HREF="auagd010.htm#IDX6771">(6771)</A>
+<LI>examine
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6634">(6634)</A>
+<LI>to learn volume ID
+<A HREF="auagd010.htm#IDX6639">(6639)</A>
+<LI>to learn volume name
+<A HREF="auagd010.htm#IDX6644">(6644)</A>
+</MENU>
+<LI>granting privilege for
+<A HREF="auagd021.htm#IDX8141">(8141)</A>
+<LI>listaddrs
+<A HREF="auagd008.htm#IDX6238">(6238)</A>
+<LI>listpart
+<A HREF="auagd008.htm#IDX6208">(6208)</A>
+<LI>listvldb
+<MENU>
+<LI>syntax
+<A HREF="auagd010.htm#IDX6587">(6587)</A>
+<LI>to learn volume location
+<A HREF="auagd010.htm#IDX6650">(6650)</A>
+</MENU>
+<LI>listvol
+<MENU>
+<LI>output with -extended flag
+<A HREF="auagd010.htm#IDX6625">(6625)</A>
+<LI>output with -fast flag
+<A HREF="auagd010.htm#IDX6607">(6607)</A>
+<LI>output with -long flag
+<A HREF="auagd010.htm#IDX6608">(6608)</A>
+<LI>syntax
+<A HREF="auagd010.htm#IDX6601">(6601)</A>
+</MENU>
+<LI>lock
+<A HREF="auagd010.htm#IDX6800">(6800)</A>
+<LI>move
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6682">(6682)</A>
+<LI>when removing file server machine disk
+<A HREF="auagd008.htm#IDX6217">(6217)</A>
+</MENU>
+<LI>mutual authentication, bypassing
+<A HREF="auagd008.htm#IDX6196">(6196)</A>
+<LI>partinfo
+<A HREF="auagd010.htm#IDX6471">(6471)</A>
+<LI>release
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6528">(6528)</A>
+<LI>forcing new cloning with -f flag
+<A HREF="auagd010.htm#IDX6506">(6506)</A>
+</MENU>
+<LI>remove
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6756">(6756)</A>
+<LI>when removing user account
+<A HREF="auagd018.htm#IDX7809">(7809)</A>
+</MENU>
+<LI>remsite
+<A HREF="auagd010.htm#IDX6751">(6751)</A>
+<LI>rename
+<MENU>
+<LI>basic instructions
+<A HREF="auagd010.htm#IDX6788">(6788)</A>
+<LI>when changing username
+<A HREF="auagd018.htm#IDX7791">(7791)</A>
+</MENU>
+<LI>restore
+<MENU>
+<LI>to create new volume
+<A HREF="auagd010.htm#IDX6775">(6775)</A>
+<LI>to overwrite volume
+<A HREF="auagd010.htm#IDX6779">(6779)</A>
+</MENU>
+<LI>summary of functions
+<A HREF="auagd009.htm#IDX6294">(6294)</A>
+<LI>syncserv
+<MENU>
+<LI>effect
+<A HREF="auagd010.htm#IDX6696">(6696)</A>
+<LI>syntax
+<A HREF="auagd010.htm#IDX6700">(6700)</A>
+</MENU>
+<LI>syncvldb
+<MENU>
+<LI>effect
+<A HREF="auagd010.htm#IDX6695">(6695)</A>
+<LI>syntax
+<A HREF="auagd010.htm#IDX6698">(6698)</A>
+</MENU>
+<LI>unlock
+<A HREF="auagd010.htm#IDX6802">(6802)</A>
+<LI>unlockvldb
+<A HREF="auagd010.htm#IDX6804">(6804)</A>
+<LI>zap
+<A HREF="auagd010.htm#IDX6749">(6749)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_57" HREF="#IDX0_57">W</A></STRONG>
+<MENU>
+<LI>w ACL permission
+<A HREF="auagd020.htm#IDX8036">(8036)</A>
+<LI>weekly restart of BOS Server (automatic)
+<MENU>
+<LI>about
+<A HREF="auagd007.htm#IDX5720">(5720)</A>
+<LI>displaying and setting time
+<A HREF="auagd009.htm#IDX6396">(6396)</A>
+</MENU>
+<LI>which command
+<A HREF="auagd008.htm#IDX6134">(6134)</A>
+<LI>window
+<MENU>
+<LI>resizing scout display
+<A HREF="auagd013.htm#IDX7141">(7141)</A>
+</MENU>
+<LI>write
+<MENU>
+<LI> operations delayed from NFS clients
+<A HREF="auagd022.htm#IDX8170">(8170)</A>
+<LI>ACL permission (see entry: <I>write ACL permission</I>)
+<A HREF="auagd020.htm#IDX8035">(8035)</A>
+<LI>shorthand for ACL permissions
+<A HREF="auagd020.htm#IDX8047">(8047)</A>
+<LI>system call for files saved on AFS client
+<A HREF="auagd007.htm#IDX5646">(5646)</A>
+<LI>system call for files saved on NFS client
+<A HREF="auagd022.htm#IDX8171">(8171)</A>
+</MENU>
+<LI>Ws statistic from scout program
+<A HREF="auagd013.htm#IDX7124">(7124)</A>
+</MENU>
+<STRONG><A NAME="IDX1_58" HREF="#IDX0_58">X</A></STRONG>
+<MENU>
+<LI>X instruction
+<MENU>
+<LI>uss template file
+<A HREF="auagd017.htm#IDX7704">(7704)</A>
+</MENU>
+<LI>xstat as requirement for running afsmonitor
+<A HREF="auagd013.htm#IDX7196">(7196)</A>
+<LI>xstat data collection facility
+<A HREF="auagd013.htm#IDX7208">(7208)</A>
+<MENU>
+<LI>data collections
+<A HREF="auagd013.htm#IDX7223">(7223)</A>
+<LI>example commands
+<A HREF="auagd013.htm#IDX7229">(7229)</A>
+<LI>libxstat_cm.a library
+<A HREF="auagd013.htm#IDX7210">(7210)</A>
+<LI>libxstat_fs.a library
+<A HREF="auagd013.htm#IDX7209">(7209)</A>
+<LI>obtaining more information
+<A HREF="auagd013.htm#IDX7226">(7226)</A>
+<LI>xstat_cm_test example command
+<A HREF="auagd013.htm#IDX7241">(7241)</A>
+<LI>xstat_fs_test example command
+<A HREF="auagd013.htm#IDX7237">(7237)</A>
+</MENU>
+</MENU>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auagd002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auagd025.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P><HR>
+AFS<BR>
+Administration Reference<BR>
+<P>Version 3.6
+<P>Document Number GC09-4562-00
+<P>
+<BR>
+<P><B>First Edition (April 2000)</B>
+<P>This edition applies to:
+<DL COMPACT>
+<DD>IBM AFS for AIX, Version 3.6
+<DD>IBM AFS for Digital Unix, Version 3.6
+<DD>IBM AFS for HP-UX, Version 3.6
+<DD>IBM AFS for Linux, Version 3.6
+<DD>IBM AFS for SGI IRIX, Version 3.6
+<DD>IBM AFS for Solaris, Version 3.6
+</DL>
+<P>and to all subsequent releases and modifications until otherwise indicated
+in new editions.
+<P>This softcopy version is based on the printed edition of this book.
+Some formatting amendments have been made to make this information more
+suitable for softcopy.
+<P>Order publications through your IBM representative or through the IBM
+branch office serving your locality.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<H2><A NAME="ToC">Table of Contents</A></H2>
+<P><B><A NAME="ToC_1" HREF="auarf003.htm#HDRTLIST_START">Tables</A></B><BR>
+<P><B><A NAME="ToC_2" HREF="auarf004.htm#Header_2">About This Manual</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_3" HREF="auarf005.htm#HDRWQ1">Audience and Purpose</A>
+<LI><A NAME="ToC_4" HREF="auarf006.htm#HDRWQ2">Organization</A>
+<LI><A NAME="ToC_5" HREF="auarf007.htm#HDRWQ3">How to Use This Document</A>
+<LI><A NAME="ToC_6" HREF="auarf008.htm#HDRWQ4">Related Documents</A>
+<LI><A NAME="ToC_7" HREF="auarf009.htm#HDRTYPO_CONV">Typographical Conventions</A>
+</MENU>
+<P><B><A NAME="ToC_8" HREF="auarf010.htm#Header_8">AFS System Files</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_9" HREF="auarf011.htm#HDRFILESINTRO">afs_file_intro</A>
+<LI><A NAME="ToC_10" HREF="auarf012.htm#HDRAUTHLOG">AuthLog</A>
+<LI><A NAME="ToC_11" HREF="auarf013.htm#HDRWQ5">AuthLog.dir, AuthLog.pag</A>
+<LI><A NAME="ToC_12" HREF="auarf014.htm#HDRBACKUPLOG">BackupLog</A>
+<LI><A NAME="ToC_13" HREF="auarf015.htm#HDRBOSLOG">BosLog</A>
+<LI><A NAME="ToC_14" HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<LI><A NAME="ToC_15" HREF="auarf017.htm#HDRCACHEITEMS">CacheItems</A>
+<LI><A NAME="ToC_16" HREF="auarf018.htm#HDRCFG">CFG_<I>device_name</I></A>
+<LI><A NAME="ToC_17" HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<LI><A NAME="ToC_18" HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<LI><A NAME="ToC_19" HREF="auarf021.htm#HDRFILELOG">FileLog</A>
+<LI><A NAME="ToC_20" HREF="auarf022.htm#HDRFORCESALVAGE">FORCESALVAGE</A>
+<LI><A NAME="ToC_21" HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<LI><A NAME="ToC_22" HREF="auarf024.htm#HDRCLI_NETINFO">NetInfo (client version)</A>
+<LI><A NAME="ToC_23" HREF="auarf025.htm#HDRSV_NETINFO">NetInfo (server version)</A>
+<LI><A NAME="ToC_24" HREF="auarf026.htm#HDRCLI_NETRESTRICT">NetRestrict (client version)</A>
+<LI><A NAME="ToC_25" HREF="auarf027.htm#HDRSV_NETRESTRICT">NetRestrict (server version)</A>
+<LI><A NAME="ToC_26" HREF="auarf028.htm#HDRNOAUTH">NoAuth</A>
+<LI><A NAME="ToC_27" HREF="auarf029.htm#HDRSALVAGEFS">SALVAGE.fs</A>
+<LI><A NAME="ToC_28" HREF="auarf030.htm#HDRSALVAGELOG">SalvageLog</A>
+<LI><A NAME="ToC_29" HREF="auarf031.htm#HDRTE">TE_<I>device_name</I></A>
+<LI><A NAME="ToC_30" HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<LI><A NAME="ToC_31" HREF="auarf033.htm#HDRSV_THISCELL">ThisCell (server version)</A>
+<LI><A NAME="ToC_32" HREF="auarf034.htm#HDRTL">TL_<I>device_name</I></A>
+<LI><A NAME="ToC_33" HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<LI><A NAME="ToC_34" HREF="auarf036.htm#HDRVN">V<I>n</I></A>
+<LI><A NAME="ToC_35" HREF="auarf037.htm#HDRVVOLID">V<I>vol_ID</I>.vol</A>
+<LI><A NAME="ToC_36" HREF="auarf038.htm#HDRVLLOG">VLLog</A>
+<LI><A NAME="ToC_37" HREF="auarf039.htm#HDRVOLSERLOG">VolserLog</A>
+<LI><A NAME="ToC_38" HREF="auarf040.htm#HDRVOLUMEITEMS">VolumeItems</A>
+<LI><A NAME="ToC_39" HREF="auarf041.htm#HDRAFSZCM">afszcm.cat</A>
+<LI><A NAME="ToC_40" HREF="auarf042.htm#HDRBDBDB">bdb.DB0 and bdb.DBSYS1</A>
+<LI><A NAME="ToC_41" HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<LI><A NAME="ToC_42" HREF="auarf044.htm#HDRFMSLOG">fms.log</A>
+<LI><A NAME="ToC_43" HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
+<LI><A NAME="ToC_44" HREF="auarf046.htm#HDRKASERVERAUXDB">kaserverauxdb</A>
+<LI><A NAME="ToC_45" HREF="auarf047.htm#HDRPRDBDB">prdb.DB0 and prdb.DBSYS1</A>
+<LI><A NAME="ToC_46" HREF="auarf048.htm#HDRSALVAGELOCK">salvage.lock</A>
+<LI><A NAME="ToC_47" HREF="auarf049.htm#HDRSYSID">sysid</A>
+<LI><A NAME="ToC_48" HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<LI><A NAME="ToC_49" HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<LI><A NAME="ToC_50" HREF="auarf052.htm#HDRAFSMONCONFIG">afsmonitor Configuration File</A>
+<LI><A NAME="ToC_51" HREF="auarf053.htm#HDRPACKAGECONFIG">package Configuration File</A>
+<LI><A NAME="ToC_52" HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
+<LI><A NAME="ToC_53" HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
+</MENU>
+<P><B><A NAME="ToC_54" HREF="auarf056.htm#Header_54">AFS System Commands</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_55" HREF="auarf057.htm#HDRAFSINTRO">afs_intro</A>
+<LI><A NAME="ToC_72" HREF="auarf058.htm#HDRAFSD">afsd</A>
+<LI><A NAME="ToC_73" HREF="auarf059.htm#HDRAFSMONITOR">afsmonitor</A>
+<LI><A NAME="ToC_74" HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<LI><A NAME="ToC_75" HREF="auarf061.htm#HDRBK_ADDDUMP">backup adddump</A>
+<LI><A NAME="ToC_76" HREF="auarf062.htm#HDRBK_ADDHOST">backup addhost</A>
+<LI><A NAME="ToC_77" HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<LI><A NAME="ToC_78" HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<LI><A NAME="ToC_79" HREF="auarf065.htm#HDRBK_APROPOS">backup apropos</A>
+<LI><A NAME="ToC_80" HREF="auarf066.htm#HDRBK_DBVERIFY">backup dbverify</A>
+<LI><A NAME="ToC_81" HREF="auarf067.htm#HDRBK_DELDUMP">backup deldump</A>
+<LI><A NAME="ToC_82" HREF="auarf068.htm#HDRBK_DELETEDUMP">backup deletedump</A>
+<LI><A NAME="ToC_83" HREF="auarf069.htm#HDRBK_DELHOST">backup delhost</A>
+<LI><A NAME="ToC_84" HREF="auarf070.htm#HDRBK_DELVOLENTRY">backup delvolentry</A>
+<LI><A NAME="ToC_85" HREF="auarf071.htm#HDRBK_DELVOLSET">backup delvolset</A>
+<LI><A NAME="ToC_86" HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<LI><A NAME="ToC_87" HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<LI><A NAME="ToC_88" HREF="auarf074.htm#HDRBK_DUMPINFO">backup dumpinfo</A>
+<LI><A NAME="ToC_89" HREF="auarf075.htm#HDRBK_HELP">backup help</A>
+<LI><A NAME="ToC_90" HREF="auarf076.htm#HDRBK_INTERACTIVE">backup interactive</A>
+<LI><A NAME="ToC_91" HREF="auarf077.htm#HDRBK_JOBS">backup jobs</A>
+<LI><A NAME="ToC_92" HREF="auarf078.htm#HDRBK_KILL">backup kill</A>
+<LI><A NAME="ToC_93" HREF="auarf079.htm#HDRBK_LABELTAPE">backup labeltape</A>
+<LI><A NAME="ToC_94" HREF="auarf080.htm#HDRBK_LISTDUMPS">backup listdumps</A>
+<LI><A NAME="ToC_95" HREF="auarf081.htm#HDRBK_LISTHOSTS">backup listhosts</A>
+<LI><A NAME="ToC_96" HREF="auarf082.htm#HDRBK_LISTVOLSETS">backup listvolsets</A>
+<LI><A NAME="ToC_97" HREF="auarf083.htm#HDRBK_QUIT">backup quit</A>
+<LI><A NAME="ToC_98" HREF="auarf084.htm#HDRBK_READLABEL">backup readlabel</A>
+<LI><A NAME="ToC_99" HREF="auarf085.htm#HDRBK_RESTOREDB">backup restoredb</A>
+<LI><A NAME="ToC_100" HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<LI><A NAME="ToC_101" HREF="auarf087.htm#HDRBK_SCANTAPE">backup scantape</A>
+<LI><A NAME="ToC_102" HREF="auarf088.htm#HDRBK_SETEXP">backup setexp</A>
+<LI><A NAME="ToC_103" HREF="auarf089.htm#HDRBK_STATUS">backup status</A>
+<LI><A NAME="ToC_104" HREF="auarf090.htm#HDRBK_VOLINFO">backup volinfo</A>
+<LI><A NAME="ToC_105" HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<LI><A NAME="ToC_106" HREF="auarf092.htm#HDRBK_VOLSETRESTORE">backup volsetrestore</A>
+<LI><A NAME="ToC_107" HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<LI><A NAME="ToC_108" HREF="auarf094.htm#HDRBOS_ADDHOST">bos addhost</A>
+<LI><A NAME="ToC_109" HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<LI><A NAME="ToC_110" HREF="auarf096.htm#HDRBOS_ADDUSER">bos adduser</A>
+<LI><A NAME="ToC_111" HREF="auarf097.htm#HDRBOS_APROPOS">bos apropos</A>
+<LI><A NAME="ToC_112" HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<LI><A NAME="ToC_113" HREF="auarf099.htm#HDRBOS_DELETE">bos delete</A>
+<LI><A NAME="ToC_114" HREF="auarf100.htm#HDRBOS_EXEC">bos exec</A>
+<LI><A NAME="ToC_115" HREF="auarf101.htm#HDRBOS_GETDATE">bos getdate</A>
+<LI><A NAME="ToC_116" HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<LI><A NAME="ToC_117" HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<LI><A NAME="ToC_118" HREF="auarf104.htm#HDRBOS_HELP">bos help</A>
+<LI><A NAME="ToC_119" HREF="auarf105.htm#HDRBOS_INSTALL">bos install</A>
+<LI><A NAME="ToC_120" HREF="auarf106.htm#HDRBOS_LISTHOSTS">bos listhosts</A>
+<LI><A NAME="ToC_121" HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<LI><A NAME="ToC_122" HREF="auarf108.htm#HDRBOS_LISTUSERS">bos listusers</A>
+<LI><A NAME="ToC_123" HREF="auarf109.htm#HDRBOS_PRUNE">bos prune</A>
+<LI><A NAME="ToC_124" HREF="auarf110.htm#HDRBOS_REMOVEHOST">bos removehost</A>
+<LI><A NAME="ToC_125" HREF="auarf111.htm#HDRBOS_REMOVEKEY">bos removekey</A>
+<LI><A NAME="ToC_126" HREF="auarf112.htm#HDRBOS_REMOVEUSER">bos removeuser</A>
+<LI><A NAME="ToC_127" HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<LI><A NAME="ToC_128" HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<LI><A NAME="ToC_129" HREF="auarf115.htm#HDRBOS_SETAUTH">bos setauth</A>
+<LI><A NAME="ToC_130" HREF="auarf116.htm#HDRBOS_SETCELLNAME">bos setcellname</A>
+<LI><A NAME="ToC_131" HREF="auarf117.htm#HDRBOS_SETRESTART">bos setrestart</A>
+<LI><A NAME="ToC_132" HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<LI><A NAME="ToC_133" HREF="auarf119.htm#HDRBOS_START">bos start</A>
+<LI><A NAME="ToC_134" HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<LI><A NAME="ToC_135" HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<LI><A NAME="ToC_136" HREF="auarf122.htm#HDRBOS_STOP">bos stop</A>
+<LI><A NAME="ToC_137" HREF="auarf123.htm#HDRBOS_UNINSTALL">bos uninstall</A>
+<LI><A NAME="ToC_138" HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<LI><A NAME="ToC_139" HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<LI><A NAME="ToC_140" HREF="auarf126.htm#HDRBUTC">butc</A>
+<LI><A NAME="ToC_141" HREF="auarf127.htm#HDRDLOG">dlog</A>
+<LI><A NAME="ToC_142" HREF="auarf128.htm#HDRDPASS">dpass</A>
+<LI><A NAME="ToC_143" HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<LI><A NAME="ToC_144" HREF="auarf130.htm#HDRFMS">fms</A>
+<LI><A NAME="ToC_145" HREF="auarf131.htm#HDRFS_INTRO">fs</A>
+<LI><A NAME="ToC_146" HREF="auarf132.htm#HDRFS_APROPOS">fs apropos</A>
+<LI><A NAME="ToC_147" HREF="auarf133.htm#HDRFS_CHECKSERVERS">fs checkservers</A>
+<LI><A NAME="ToC_148" HREF="auarf134.htm#HDRFS_CHECKVOLUMES">fs checkvolumes</A>
+<LI><A NAME="ToC_149" HREF="auarf135.htm#HDRFS_CLEANACL">fs cleanacl</A>
+<LI><A NAME="ToC_150" HREF="auarf136.htm#HDRFS_COPYACL">fs copyacl</A>
+<LI><A NAME="ToC_151" HREF="auarf137.htm#HDRFS_DISKFREE">fs diskfree</A>
+<LI><A NAME="ToC_152" HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<LI><A NAME="ToC_153" HREF="auarf139.htm#HDRFS_EXPORTAFS">fs exportafs</A>
+<LI><A NAME="ToC_154" HREF="auarf140.htm#HDRFS_FLUSH">fs flush</A>
+<LI><A NAME="ToC_155" HREF="auarf141.htm#HDRFS_FLUSHMOUNT">fs flushmount</A>
+<LI><A NAME="ToC_156" HREF="auarf142.htm#HDRFS_FLUSHVOLUME">fs flushvolume</A>
+<LI><A NAME="ToC_157" HREF="auarf143.htm#HDRFS_GETCACHEPARMS">fs getcacheparms</A>
+<LI><A NAME="ToC_158" HREF="auarf144.htm#HDRFS_GETCELLSTATUS">fs getcellstatus</A>
+<LI><A NAME="ToC_159" HREF="auarf145.htm#HDRFS_GETCLIENTADDRS">fs getclientaddrs</A>
+<LI><A NAME="ToC_160" HREF="auarf146.htm#HDRFS_GETSERVERPREFS">fs getserverprefs</A>
+<LI><A NAME="ToC_161" HREF="auarf147.htm#HDRFS_HELP">fs help</A>
+<LI><A NAME="ToC_162" HREF="auarf148.htm#HDRFS_LISTACL">fs listacl</A>
+<LI><A NAME="ToC_163" HREF="auarf149.htm#HDRFS_LISTCELLS">fs listcells</A>
+<LI><A NAME="ToC_164" HREF="auarf150.htm#HDRFS_LISTQUOTA">fs listquota</A>
+<LI><A NAME="ToC_165" HREF="auarf151.htm#HDRFS_LSMOUNT">fs lsmount</A>
+<LI><A NAME="ToC_166" HREF="auarf152.htm#HDRFS_MESSAGES">fs messages</A>
+<LI><A NAME="ToC_167" HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<LI><A NAME="ToC_168" HREF="auarf154.htm#HDRFS_NEWCELL">fs newcell</A>
+<LI><A NAME="ToC_169" HREF="auarf155.htm#HDRFS_QUOTA">fs quota</A>
+<LI><A NAME="ToC_170" HREF="auarf156.htm#HDRFS_RMMOUNT">fs rmmount</A>
+<LI><A NAME="ToC_171" HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
+<LI><A NAME="ToC_172" HREF="auarf158.htm#HDRFS_SETCACHESIZE">fs setcachesize</A>
+<LI><A NAME="ToC_173" HREF="auarf159.htm#HDRFS_SETCELL">fs setcell</A>
+<LI><A NAME="ToC_174" HREF="auarf160.htm#HDRFS_SETCLIENTADDRS">fs setclientaddrs</A>
+<LI><A NAME="ToC_175" HREF="auarf161.htm#HDRFS_SETQUOTA">fs setquota</A>
+<LI><A NAME="ToC_176" HREF="auarf162.htm#HDRFS_SETSERVERPREFS">fs setserverprefs</A>
+<LI><A NAME="ToC_177" HREF="auarf163.htm#HDRFS_SETVOL">fs setvol</A>
+<LI><A NAME="ToC_178" HREF="auarf164.htm#HDRFS_STOREBEHIND">fs storebehind</A>
+<LI><A NAME="ToC_179" HREF="auarf165.htm#HDRFS_SYSNAME">fs sysname</A>
+<LI><A NAME="ToC_180" HREF="auarf166.htm#HDRFS_WHEREIS">fs whereis</A>
+<LI><A NAME="ToC_181" HREF="auarf167.htm#HDRFS_WHICHCELL">fs whichcell</A>
+<LI><A NAME="ToC_182" HREF="auarf168.htm#HDRFS_WSCELL">fs wscell</A>
+<LI><A NAME="ToC_183" HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<LI><A NAME="ToC_184" HREF="auarf170.htm#HDRFSTRACE_APROPOS">fstrace apropos</A>
+<LI><A NAME="ToC_185" HREF="auarf171.htm#HDRFSTRACE_CLEAR">fstrace clear</A>
+<LI><A NAME="ToC_186" HREF="auarf172.htm#HDRFSTRACE_DUMP">fstrace dump</A>
+<LI><A NAME="ToC_187" HREF="auarf173.htm#HDRFSTRACE_HELP">fstrace help</A>
+<LI><A NAME="ToC_188" HREF="auarf174.htm#HDRFSTRACE_LSLOG">fstrace lslog</A>
+<LI><A NAME="ToC_189" HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<LI><A NAME="ToC_190" HREF="auarf176.htm#HDRFSTRACE_SETLOG">fstrace setlog</A>
+<LI><A NAME="ToC_191" HREF="auarf177.htm#HDRFSTRACE_SETSET">fstrace setset</A>
+<LI><A NAME="ToC_192" HREF="auarf178.htm#HDRFTPD">ftpd (AFS version)</A>
+<LI><A NAME="ToC_193" HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>
+<LI><A NAME="ToC_194" HREF="auarf180.htm#HDRKADB_CHECK">kadb_check</A>
+<LI><A NAME="ToC_195" HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<LI><A NAME="ToC_196" HREF="auarf182.htm#HDRKAS_APROPOS">kas apropos</A>
+<LI><A NAME="ToC_197" HREF="auarf183.htm#HDRKAS_CREATE">kas create</A>
+<LI><A NAME="ToC_198" HREF="auarf184.htm#HDRKAS_DELETE">kas delete</A>
+<LI><A NAME="ToC_199" HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<LI><A NAME="ToC_200" HREF="auarf186.htm#HDRKAS_FORGETTICKET">kas forgetticket</A>
+<LI><A NAME="ToC_201" HREF="auarf187.htm#HDRKAS_HELP">kas help</A>
+<LI><A NAME="ToC_202" HREF="auarf188.htm#HDRKAS_INTERACTIVE">kas interactive</A>
+<LI><A NAME="ToC_203" HREF="auarf189.htm#HDRKAS_LIST">kas list</A>
+<LI><A NAME="ToC_204" HREF="auarf190.htm#HDRKAS_LISTTICKETS">kas listtickets</A>
+<LI><A NAME="ToC_205" HREF="auarf191.htm#HDRKAS_NOAUTH">kas noauthentication</A>
+<LI><A NAME="ToC_206" HREF="auarf192.htm#HDRKAS_QUIT">kas quit</A>
+<LI><A NAME="ToC_207" HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<LI><A NAME="ToC_208" HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<LI><A NAME="ToC_209" HREF="auarf195.htm#HDRKAS_STATISTICS">kas statistics</A>
+<LI><A NAME="ToC_210" HREF="auarf196.htm#HDRKAS_STRINGTOKEY">kas stringtokey</A>
+<LI><A NAME="ToC_211" HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
+<LI><A NAME="ToC_212" HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<LI><A NAME="ToC_213" HREF="auarf199.htm#HDRKDB">kdb</A>
+<LI><A NAME="ToC_214" HREF="auarf200.htm#HDRKLOG">klog</A>
+<LI><A NAME="ToC_215" HREF="auarf201.htm#HDRKNFS">knfs</A>
+<LI><A NAME="ToC_216" HREF="auarf202.htm#HDRKPASSWD">kpasswd</A>
+<LI><A NAME="ToC_217" HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
+<LI><A NAME="ToC_218" HREF="auarf204.htm#HDRPACKAGE">package</A>
+<LI><A NAME="ToC_219" HREF="auarf205.htm#HDRPACKAGE_APROPOS">package apropos</A>
+<LI><A NAME="ToC_220" HREF="auarf206.htm#HDRPACKAGE_HELP">package help</A>
+<LI><A NAME="ToC_221" HREF="auarf207.htm#HDRPACKAGE_TEST">package_test</A>
+<LI><A NAME="ToC_222" HREF="auarf208.htm#HDRPAGSH">pagsh</A>
+<LI><A NAME="ToC_223" HREF="auarf209.htm#HDRPRDB_CHECK">prdb_check</A>
+<LI><A NAME="ToC_224" HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<LI><A NAME="ToC_225" HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
+<LI><A NAME="ToC_226" HREF="auarf212.htm#HDRPTS_APROPOS">pts apropos</A>
+<LI><A NAME="ToC_227" HREF="auarf213.htm#HDRPTS_CHOWN">pts chown</A>
+<LI><A NAME="ToC_228" HREF="auarf214.htm#HDRPTS_CREATEGROUP">pts creategroup</A>
+<LI><A NAME="ToC_229" HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
+<LI><A NAME="ToC_230" HREF="auarf216.htm#HDRPTS_DELETE">pts delete</A>
+<LI><A NAME="ToC_231" HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<LI><A NAME="ToC_232" HREF="auarf218.htm#HDRPTS_HELP">pts help</A>
+<LI><A NAME="ToC_233" HREF="auarf219.htm#HDRPTS_LISTENTRIES">pts listentries</A>
+<LI><A NAME="ToC_234" HREF="auarf220.htm#HDRPTS_LISTMAX">pts listmax</A>
+<LI><A NAME="ToC_235" HREF="auarf221.htm#HDRPTS_LISTOWNED">pts listowned</A>
+<LI><A NAME="ToC_236" HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
+<LI><A NAME="ToC_237" HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<LI><A NAME="ToC_238" HREF="auarf224.htm#HDRPTS_RENAME">pts rename</A>
+<LI><A NAME="ToC_239" HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<LI><A NAME="ToC_240" HREF="auarf226.htm#HDRPTS_SETMAX">pts setmax</A>
+<LI><A NAME="ToC_241" HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<LI><A NAME="ToC_242" HREF="auarf228.htm#HDRRCP">rcp (AFS version)</A>
+<LI><A NAME="ToC_243" HREF="auarf229.htm#HDRRSH">rsh (AFS version)</A>
+<LI><A NAME="ToC_244" HREF="auarf230.htm#HDRRUNNTP">runntp</A>
+<LI><A NAME="ToC_245" HREF="auarf231.htm#HDRRXDEBUG">rxdebug</A>
+<LI><A NAME="ToC_246" HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<LI><A NAME="ToC_247" HREF="auarf233.htm#HDRSCOUT">scout</A>
+<LI><A NAME="ToC_248" HREF="auarf234.htm#HDRSYS">sys</A>
+<LI><A NAME="ToC_249" HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<LI><A NAME="ToC_250" HREF="auarf236.htm#HDRTRANSLATE_ET">translate_et</A>
+<LI><A NAME="ToC_251" HREF="auarf237.htm#HDRUDEBUG">udebug</A>
+<LI><A NAME="ToC_252" HREF="auarf238.htm#HDRUNLOG">unlog</A>
+<LI><A NAME="ToC_253" HREF="auarf239.htm#HDRUP">up</A>
+<LI><A NAME="ToC_254" HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<LI><A NAME="ToC_255" HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<LI><A NAME="ToC_256" HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<LI><A NAME="ToC_257" HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
+<LI><A NAME="ToC_258" HREF="auarf244.htm#HDRUSS_APROPOS">uss apropos</A>
+<LI><A NAME="ToC_259" HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
+<LI><A NAME="ToC_260" HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
+<LI><A NAME="ToC_261" HREF="auarf247.htm#HDRUSS_HELP">uss help</A>
+<LI><A NAME="ToC_262" HREF="auarf248.htm#HDRVLDB_CHECK">vldb_check</A>
+<LI><A NAME="ToC_263" HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<LI><A NAME="ToC_264" HREF="auarf250.htm#HDRVOLINFO">volinfo</A>
+<LI><A NAME="ToC_265" HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<LI><A NAME="ToC_266" HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<LI><A NAME="ToC_267" HREF="auarf253.htm#HDRVOS_ADDSITE">vos addsite</A>
+<LI><A NAME="ToC_268" HREF="auarf254.htm#HDRVOS_APROPOS">vos apropos</A>
+<LI><A NAME="ToC_269" HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<LI><A NAME="ToC_270" HREF="auarf256.htm#HDRVOS_BACKUPSYS">vos backupsys</A>
+<LI><A NAME="ToC_271" HREF="auarf257.htm#HDRVOS_CHANGEADDR">vos changeaddr</A>
+<LI><A NAME="ToC_272" HREF="auarf258.htm#HDRVOS_CREATE">vos create</A>
+<LI><A NAME="ToC_273" HREF="auarf259.htm#HDRVOS_DELENTRY">vos delentry</A>
+<LI><A NAME="ToC_274" HREF="auarf260.htm#HDRVOS_DUMP">vos dump</A>
+<LI><A NAME="ToC_275" HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<LI><A NAME="ToC_276" HREF="auarf262.htm#HDRVOS_HELP">vos help</A>
+<LI><A NAME="ToC_277" HREF="auarf263.htm#HDRVOS_LISTADDRS">vos listaddrs</A>
+<LI><A NAME="ToC_278" HREF="auarf264.htm#HDRVOS_LISTPART">vos listpart</A>
+<LI><A NAME="ToC_279" HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<LI><A NAME="ToC_280" HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<LI><A NAME="ToC_281" HREF="auarf267.htm#HDRVOS_LOCK">vos lock</A>
+<LI><A NAME="ToC_282" HREF="auarf268.htm#HDRVOS_MOVE">vos move</A>
+<LI><A NAME="ToC_283" HREF="auarf269.htm#HDRVOS_PARTINFO">vos partinfo</A>
+<LI><A NAME="ToC_284" HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<LI><A NAME="ToC_285" HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<LI><A NAME="ToC_286" HREF="auarf272.htm#HDRVOS_REMSITE">vos remsite</A>
+<LI><A NAME="ToC_287" HREF="auarf273.htm#HDRVOS_RENAME">vos rename</A>
+<LI><A NAME="ToC_288" HREF="auarf274.htm#HDRVOS_RESTORE">vos restore</A>
+<LI><A NAME="ToC_289" HREF="auarf275.htm#HDRVOS_STATUS">vos status</A>
+<LI><A NAME="ToC_290" HREF="auarf276.htm#HDRVOS_SYNCSERV">vos syncserv</A>
+<LI><A NAME="ToC_291" HREF="auarf277.htm#HDRVOS_SYNCVLDB">vos syncvldb</A>
+<LI><A NAME="ToC_292" HREF="auarf278.htm#HDRVOS_UNLOCK">vos unlock</A>
+<LI><A NAME="ToC_293" HREF="auarf279.htm#HDRVOS_UNLOCKVLDB">vos unlockvldb</A>
+<LI><A NAME="ToC_294" HREF="auarf280.htm#HDRVOS_ZAP">vos zap</A>
+<LI><A NAME="ToC_295" HREF="auarf281.htm#HDRXFS_SIZE_CHECK">xfs_size_check</A>
+<LI><A NAME="ToC_296" HREF="auarf282.htm#HDRXSTAT_CM_TEST">xstat_cm_test</A>
+<LI><A NAME="ToC_297" HREF="auarf283.htm#HDRXSTAT_FS_TEST">xstat_fs_test</A>
+</MENU>
+<P><B><A NAME="ToC_298" HREF="auarf284.htm#HDRINDEX">Index</A></B><BR>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRTLIST_START" HREF="auarf002.htm#ToC_1">Tables</A></H1>
+<OL>
+<LI><A NAME="FT_TBLFILESERVER-ARGS" HREF="auarf129.htm#TBLFILESERVER-ARGS" >File Server configuration parameters</A></LI>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="Header_2" HREF="auarf002.htm#ToC_2">About This Manual</A></H1>
+<P>This chapter describes the purpose, organization, and conventions of this
+document.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H2><A NAME="HDRWQ1" HREF="auarf002.htm#ToC_3">Audience and Purpose</A></H2>
+<P>This reference manual details the syntax of each
+AFS<SUP><SUP>(R)</SUP></SUP> command and is intended for the experienced AFS
+administrator, programmer, or user.
+<P>In general, this document does not explain when to use a command or its
+place in the sequence of commands that make up a complete procedure.
+For that type of information, refer to the <I>IBM AFS Administration
+Guide</I>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H2><A NAME="HDRWQ2" HREF="auarf002.htm#ToC_4">Organization</A></H2>
+<P>This document presents AFS files and commands in separate
+sections, with the files or commands in alphabetical order.
+<P>The following sections of each reference page provide the indicated type of
+information:
+<UL>
+<P><LI><B>Purpose</B> briefly describes the command's function.
+<P><LI><B>Synopsis</B> displays the complete syntax statement for a command,
+which specifies the required order for all options, using the same notation as
+the AFS online help. If abbreviating the command name and option names
+is acceptable, as it is for most commands, a second statement specifies the
+shortest acceptable abbreviation of each name. If the command has an
+alias, it also appears in this section.
+<P><LI><B>Description</B> describes the file or command's function in
+detail.
+<P><LI><B>Cautions</B> describes restrictions, requirements, and potential
+complications in use of the command. It appears only when
+necessary.
+<P><LI><B>Options</B> describes the function and required form of each
+argument and flag.
+<P><LI><B>Output</B> describes any output the command writes to the standard
+output stream. This section does not appear if the command does not
+produce output or if the only output is a message confirming the
+command's success.
+<P><LI><B>Examples</B> provides one or more sample commands and resulting
+output.
+<P><LI><B>Privilege Required</B> lists each privilege required to perform the
+command.
+<P><LI><B>Related Information</B> lists related commands and files, if
+any.
+</UL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H2><A NAME="HDRWQ3" HREF="auarf002.htm#ToC_5">How to Use This Document</A></H2>
+<P>Refer to this document when you need detailed information
+about a specific command. For a description of all the steps in a
+procedure, refer to the <I>IBM AFS Administration Guide</I>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H2><A NAME="HDRWQ4" HREF="auarf002.htm#ToC_6">Related Documents</A></H2>
+<P>The following documents are included in the AFS documentation
+set.
+<P><I>IBM AFS Administration Guide</I>
+<P>This guide describes the concepts and procedures that a system
+administrator must know to manage an AFS cell. It assumes familiarity
+with UNIX, but requires no previous knowledge of AFS.
+<P>The first chapters of the <I>IBM AFS Administration Guide</I> present
+basic concepts and guidelines. Understanding them is crucial to
+successful administration of an AFS cell. The remaining chapters in the
+guide provide step-by-step instructions for specific administrative tasks,
+along with discussions of the concepts important to that particular
+task.
+<P><I>IBM AFS Quick Beginnings</I>
+<P>This guide provides instructions for installing AFS server and client
+machines. It is assumed that the installer is an experienced UNIX<SUP>
+<SUP>(R)</SUP></SUP> system administrator.
+<P>For predictable performance, machines must be installed and configured in
+accordance with the instructions in this guide.
+<P><I>IBM AFS Release Notes</I>
+<P>This document provides information specific to each release of AFS, such as
+a list of new features and commands, a list of requirements and limitations,
+and instructions for upgrading server and client machines.
+<P><I>IBM AFS User Guide</I>
+<P>This guide presents the basic concepts and procedures necessary for using
+AFS effectively. It assumes that the reader has some experience with
+UNIX, but does not require familiarity with networking or AFS.
+<P>The guide explains how to perform basic functions, including
+authenticating, changing a password, protecting AFS data, creating groups, and
+troubleshooting. It provides illustrative examples for each function
+and describes some of the differences between the UNIX file system and
+AFS.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf010.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H2><A NAME="HDRTYPO_CONV" HREF="auarf002.htm#ToC_7">Typographical Conventions</A></H2>
+<P>This document uses the following typographical
+conventions:
+<UL>
+<P><LI>Command and option names appear in <B>bold type</B> in syntax
+definitions, examples, and running text. Names of directories, files,
+machines, partitions, volumes, and users also appear in <B>bold
+type</B>.
+<P><LI>Variable information appears in <I>italic type</I>. This
+includes user-supplied information on command lines and the parts of prompts
+that differ depending on who issues the command. New terms also appear
+in <I>italic type</I>.
+<P><LI>Examples of screen output and file contents appear in <TT>monospace
+type</TT>.
+</UL>
+<P>In addition, the following symbols appear in command syntax definitions,
+both in the documentation and in AFS online help statements. When
+issuing a command, do not type these symbols.
+<UL>
+<P><LI>Square brackets <B>[ ]</B> surround optional items.
+<P><LI>Angle brackets <B>< ></B> surround user-supplied values in AFS
+commands.
+<P><LI>A superscripted plus sign <B>+</B> follows an argument that accepts
+more than one value.
+<P><LI>The percent sign <TT>%</TT> represents the regular command shell
+prompt. Some operating systems possibly use a different character for
+this prompt.
+<P><LI>The number sign <TT>#</TT> represents the command shell prompt for the
+local superuser <B>root</B>. Some operating systems possibly use a
+different character for this prompt.
+<P><LI>The pipe symbol <B> |</B> in a command syntax statement separates
+mutually exclusive values for an argument.
+</UL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf010.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf009.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf011.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="Header_8" HREF="auarf002.htm#ToC_8">AFS System Files</A></H1>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf009.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf011.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf010.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf012.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFILESINTRO" HREF="auarf002.htm#ToC_9">afs_file_intro</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to AFS files
+<P><STRONG>Description</STRONG>
+<P>A number of files must reside on the local disk of AFS server and client
+machines. They belong to the following general categories:
+<UL>
+<P><LI><I>Configuration files</I> define configuration parameters for
+specific server and kernel processes such as the Backup System Tape
+Coordinator or the Cache Manager
+<P><LI><I>Administrative files</I> list information used in administration of
+server machines, such as a list of privileged users or server encryption keys
+<P><LI><I>Cache-related files</I> contain cached data or information about
+cached data, on client machines
+<P><LI><I>Log files</I> contain tracing messages about the operation of a
+specific process
+<P><LI><I>Database files</I> contain database records used to administer the
+AFS cell
+<P><LI><I>Controller files</I> control the behavior of a process
+<P><LI><I>Volume header files</I> represent AFS volumes on server partitions
+</UL>
+<P>For a description of the format and contents of each file, see its
+reference page.
+<P><B>Note for Windows users:</B> Some files described in this
+document possibly do not exist on machines that run a Windows operating
+system. Also, Windows uses a backslash
+( <B>\</B> ) rather than a forward slash
+( <B>/</B> ) to separate the elements in a
+pathname.
+<P><STRONG>Related Information</STRONG>
+<P><B>Configuration files:</B>
+<A NAME="IDX3862"></A>
+<DL>
+<DD><P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<DD><P><A HREF="auarf018.htm#HDRCFG">CFG_<I>device_name</I></A>
+<DD><P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<DD><P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<DD><P><A HREF="auarf024.htm#HDRCLI_NETINFO">NetInfo (client version)</A>
+<DD><P><A HREF="auarf025.htm#HDRSV_NETINFO">NetInfo (server version)</A>
+<DD><P><A HREF="auarf026.htm#HDRCLI_NETRESTRICT">NetRestrict (client version)</A>
+<DD><P><A HREF="auarf027.htm#HDRSV_NETRESTRICT">NetRestrict (server version)</A>
+<DD><P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<DD><P><A HREF="auarf033.htm#HDRSV_THISCELL">ThisCell (server version)</A>
+<DD><P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<DD><P><A HREF="auarf049.htm#HDRSYSID">sysid</A>
+<DD><P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<DD><P><A HREF="auarf053.htm#HDRPACKAGECONFIG">package Configuration File</A>
+<DD><P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
+<DD><P><A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
+</DL>
+<P><B>Administrative files:</B>
+<A NAME="IDX3863"></A>
+<DL>
+<DD><P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<DD><P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+</DL>
+<P><B>Cache-related files:</B>
+<A NAME="IDX3864"></A>
+<DL>
+<DD><P><A HREF="auarf017.htm#HDRCACHEITEMS">CacheItems</A>
+<DD><P><A HREF="auarf036.htm#HDRVN">V<I>n</I></A>
+<DD><P><A HREF="auarf040.htm#HDRVOLUMEITEMS">VolumeItems</A>
+</DL>
+<P><B>Log files:</B>
+<A NAME="IDX3865"></A>
+<DL>
+<DD><P><A HREF="auarf012.htm#HDRAUTHLOG">AuthLog</A>
+<DD><P><A HREF="auarf014.htm#HDRBACKUPLOG">BackupLog</A>
+<DD><P><A HREF="auarf015.htm#HDRBOSLOG">BosLog</A>
+<DD><P><A HREF="auarf021.htm#HDRFILELOG">FileLog</A>
+<DD><P><A HREF="auarf030.htm#HDRSALVAGELOG">SalvageLog</A>
+<DD><P><A HREF="auarf031.htm#HDRTE">TE_<I>device_name</I></A>
+<DD><P><A HREF="auarf034.htm#HDRTL">TL_<I>device_name</I></A>
+<DD><P><A HREF="auarf038.htm#HDRVLLOG">VLLog</A>
+<DD><P><A HREF="auarf039.htm#HDRVOLSERLOG">VolserLog</A>
+<DD><P><A HREF="auarf044.htm#HDRFMSLOG">fms.log</A>
+</DL>
+<P><B>Database files:</B>
+<A NAME="IDX3866"></A>
+<DL>
+<DD><P><A HREF="auarf042.htm#HDRBDBDB">bdb.DB0 and bdb.DBSYS1</A>
+<DD><P><A HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
+<DD><P><A HREF="auarf046.htm#HDRKASERVERAUXDB">kaserverauxdb</A>
+<DD><P><A HREF="auarf047.htm#HDRPRDBDB">prdb.DB0 and prdb.DBSYS1</A>
+<DD><P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+</DL>
+<A NAME="IDX3867"></A>
+<P><B>Controller files:</B>
+<DL>
+<DD><P><A HREF="auarf022.htm#HDRFORCESALVAGE">FORCESALVAGE</A>
+<DD><P><A HREF="auarf028.htm#HDRNOAUTH">NoAuth</A>
+<DD><P><A HREF="auarf029.htm#HDRSALVAGEFS">SALVAGE.fs</A>
+<DD><P><A HREF="auarf048.htm#HDRSALVAGELOCK">salvage.lock</A>
+</DL>
+<P><B>Volume header files:</B>
+<DL>
+<DD><P><A HREF="auarf037.htm#HDRVVOLID">V<I>vol_ID</I>.vol</A>
+</DL>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf010.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf012.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf011.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf013.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRAUTHLOG" HREF="auarf002.htm#ToC_10">AuthLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3868"></A>
+<A NAME="IDX3869"></A>
+<A NAME="IDX3870"></A>
+<P>Traces Authentication Server operations
+<P><STRONG>Description</STRONG>
+<P>The <B>AuthLog</B> file records a trace of Authentication Server
+(<B>kaserver</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>AuthLog</B> file does not exist in the
+<B>/usr/afs/logs</B> directory when the Authentication Server starts, the
+server process creates it and writes initial start-up messages to it.
+If there is an existing file, the Authentication Server renames it to
+<B>AuthLog.old</B>, overwriting the existing
+<B>AuthLog.old</B> file if it exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log onto the server
+machine and use a text editor or a file display command such as the UNIX
+<B>cat</B> command. By default, the mode bits on the
+<B>AuthLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The Authentication Server records operations only as it completes them, and
+cannot recover from failures by reviewing the file. The log contents
+are useful for administrative evaluation of process failures and other
+problems.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf011.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf013.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf012.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf014.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRWQ5" HREF="auarf002.htm#ToC_11">AuthLog.dir, AuthLog.pag</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3871"></A>
+<A NAME="IDX3872"></A>
+<A NAME="IDX3873"></A>
+<P>Records privileged operations performed by the Authentication Server
+<P><STRONG>Description</STRONG>
+<P>The <B>AuthLog.dir</B> and <B>AuthLog.pag</B> files
+record a trace of privileged operations performed by the Authentication Server
+(<B>kaserver</B> process) on the local machine. If the files do not
+exist when the Authentication Server starts, it creates them in the
+<B>/usr/afs/logs</B> directory as necessary.
+<P>The files are in binary format. To display their contents, use the
+<B>kdb</B> command, which requires being logged in to the local machine as
+the local superuser <B>root</B>.
+<P><STRONG>Cautions</STRONG>
+<P>The Authentication Server is possibly unable to create these files on some
+operating systems that AFS otherwise supports, making the <B>kdb</B>
+command inoperative. See the <I>IBM AFS Release Notes</I> for
+details.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf199.htm#HDRKDB">kdb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf012.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf014.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf013.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf015.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBACKUPLOG" HREF="auarf002.htm#ToC_12">BackupLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3874"></A>
+<A NAME="IDX3875"></A>
+<A NAME="IDX3876"></A>
+<P>Traces Backup Server operations
+<P><STRONG>Description</STRONG>
+<P>The <B>BackupLog</B> file records a trace of Backup Server
+(<B>buserver</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>BackupLog</B> file does not already exist in the
+<B>/usr/afs/logs</B> directory when the Backup Server starts, the server
+process creates it and writes initial start-up messages to it. If there
+is an existing file, the Backup Server renames it to
+<B>BackupLog.old</B>, overwriting the existing
+<B>BackupLog.old</B> file if it exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log on to the machine
+and use a text editor or a file display command such as the UNIX
+<B>cat</B> command. By default, the mode bits on the
+<B>BackupLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The Backup Server records operations only as it completes them, and so
+cannot recover from failures by reviewing the file. The log contents
+are useful for administrative evaluation of process failures and other
+problems.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf013.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf015.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf014.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf016.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOSLOG" HREF="auarf002.htm#ToC_13">BosLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3877"></A>
+<A NAME="IDX3878"></A>
+<A NAME="IDX3879"></A>
+<P>Traces BOS Server operations
+<P><STRONG>Description</STRONG>
+<P>The <B>BosLog</B> file records a trace of Basic OverSeer (BOS) Server
+(<B>bosserver</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>BosLog</B> file does not already exist in the
+<B>/usr/afs/logs</B> directory when the BOS Server starts, the server
+process creates it and writes initial start-up messages to it. If there
+is an existing file, the BOS server renames it to
+<B>BosLog.old</B>, overwriting the existing
+<B>BosLog.old</B> file if it exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log onto the server
+machine and use a text editor or a file display command such as the UNIX
+<B>cat</B> command. By default, the mode bits on the
+<B>BosLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The BOS Server records operations only as it completes them, and cannot
+recover from failures by reviewing the file. The log contents are
+useful for administrative evaluation of process failures and other
+problems.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf014.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf016.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf015.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf017.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOSCONFIG" HREF="auarf002.htm#ToC_14">BosConfig</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3880"></A>
+<A NAME="IDX3881"></A>
+<A NAME="IDX3882"></A>
+<A NAME="IDX3883"></A>
+<P>Defines server processes for the BOS Server to monitor
+<P><STRONG>Description</STRONG>
+<P>The <B>BosConfig</B> file lists the processes that the Basic OverSeer
+(BOS) Server monitors on its server machine, and thus defines which AFS server
+processes run on the machine. It specifies how the BOS Server reacts
+when a process fails, and also defines the times at which the BOS Server
+automatically restarts processes as part of performance maintenance.
+The file must reside in the <B>/usr/afs/local</B> directory on each AFS
+server machine.
+<P>A server process entry in the <B>BosConfig</B> file records the
+following information:
+<UL>
+<P><LI>The<VAR> entry type</VAR>, which is one of the following:
+<A NAME="IDX3884"></A>
+<A NAME="IDX3885"></A>
+<DL>
+<P><DT><B>cron
+<A NAME="IDX3886"></A>
+</B><DD>Designates a server process that runs periodically instead of
+continuously. The BOS Server starts a cron process only at specified
+times, not whenever it fails. All standard AFS process entries except
+<B>fs</B> are simple (there are no standard cron processes).
+<P><DT><B>fs
+<A NAME="IDX3887"></A>
+<A NAME="IDX3888"></A>
+<A NAME="IDX3889"></A>
+<A NAME="IDX3890"></A>
+</B><DD>Designates a group of interdependent server processes. If one of
+the processes fails, the BOS Server must coordinate its restart with the
+restart of the other processes in the group, possibly by stopping them
+first.
+<P>There is only one standard entry of this type, for which the conventional
+name is <B>fs</B>. It combines three server processes: the
+File Server (<B>fileserver</B> process), the Volume Server
+(<B>volserver</B> process), and the Salvager (<B>salvager</B>
+process). These processes all operate on the same data--the AFS
+data stored on an AFS server machine's <B>/vicep</B> partitions and
+mounted in the AFS filespace--but in different ways. Grouping the
+processes prevents them from attempting to access the same data
+simultaneously, which can cause corruption.
+<P>During normal operation, the Salvager process is not active. If the
+File Server process fails, however, the BOS Server stops the Volume Server
+process and runs the Salvager process to correct any corruption that resulted
+from the failure. (The administrator can also issue the <B>bos
+salvage</B> command to invoke the Salvager process.) If the Volume
+Server fails, the BOS Server can restart it without stopping the File Server
+or running the Salvager.
+<P><DT><B>simple
+<A NAME="IDX3891"></A>
+</B><DD>Designates a server process that runs independently of any other on the
+server machine. If a simple process fails, the BOS Server does not have
+to coordinate its restart with any other process.
+</DL>
+<P><LI>The <VAR>entry name</VAR>. The conventional name for an entry in the
+<B>BosConfig</B> file and the associated process matches the binary
+filename. When issuing any <B>bos</B> command that takes the
+<B>-instance</B> argument, identify each process by the name used in the
+<B>BosConfig</B> file. For a list of the names, see the <B>bos
+create</B> reference page.
+<P><LI>The process's <VAR>status flag</VAR>, which determines whether the BOS
+Server attempts to start the process in two cases: each time the BOS
+Server itself restarts, and when the process fails. The
+<B>BosConfig</B> file currently uses a binary notation to indicate whether
+the BOS Server attempts to restart the process as necessary or does not
+monitor it at all. For the sake of clarity, the AFS documentation
+refers to the flags as <B>Run</B> and <B>NotRun</B> instead.
+Only a system administrator, not the BOS Server, can change the flag.
+<A NAME="IDX3892"></A>
+<A NAME="IDX3893"></A>
+<P><LI>One or more <VAR>command parameters</VAR> which the BOS Server invokes to
+start the process or processes associated with the entry:
+<UL>
+<P><LI>A <B>cron</B> entry has two command parameters, the first the complete
+pathname to the program, and the second the time at which the BOS Server
+invokes the program.
+<P><LI>The <B>fs</B> entry has three command parameters, each the complete
+pathname to the <B>fileserver</B>, <B>volserver</B>, and
+<B>salvager</B> programs, in that order.
+<P><LI>A <B>simple</B> entry has only one command parameter, the complete
+pathname to the program.
+</UL>
+</UL>
+<P>In addition to server process entries, the <B>BosConfig</B> file
+specifies the times at which the BOS Server performs two types of automatic
+process restarts:
+<UL>
+<P><LI>The <VAR>general restart</VAR> time at which the BOS Server restarts itself
+and then each process for which the entry in the <B>BosConfig</B> file has
+status flag <B>Run</B>. The default setting is Sunday at 4:00
+a.m.
+<P><LI>The <VAR>binary restart</VAR> time at which the BOS Server restarts any
+server process for which the time stamp on the binary file in the
+<B>/usr/afs/bin</B> directory is later than the last restart time for the
+process. The default is 5:00 a.m.
+</UL>
+<P>Although the <B>BosConfig</B> file is in ASCII format, do not use a
+text editor to alter it. Its format is subject to change and
+incorrectly formatted entries can prevent server startup in ways that are
+difficult to diagnose. Instead always use the appropriate commands from
+the <B>bos</B> command suite:
+<UL>
+<P><LI>The <B>bos create</B> command to create an entry in the file and start
+the associated process
+<P><LI>The <B>bos delete</B> command to remove an entry from the file after
+the <B>bos stop</B> command is used to stop the associated process
+<P><LI>The <B>bos getrestart</B> command to display the times at which the
+BOS Server performs automatic restarts
+<P><LI>The <B>bos setrestart</B> command to set the times at which the BOS
+Server performs automatic process restarts
+<P><LI>The <B>bos start</B> command to change an entry's status flag to
+<B>Run</B> and start the associated process
+<P><LI>The <B>bos status</B> command to display all processes listed in the
+file
+<P><LI>The <B>bos stop</B> command to change an entry's status flag to
+<B>NotRun</B> and stop the associated process
+</UL>
+<P>There are also <B>bos</B> commands that start and stop processes
+without changing entries in the <B>BosConfig</B> file. The BOS
+Server reads the <B>BosConfig</B> file only when it starts, transferring
+the information into its memory. Thus a process's status as
+represented in the BOS Server's memory can diverge from its status in the
+<B>BosConfig</B> file. The following commands change a
+process's status in the BOS Server's memory only:
+<A NAME="IDX3894"></A>
+<A NAME="IDX3895"></A>
+<A NAME="IDX3896"></A>
+<UL>
+<P><LI>The <B>bos restart</B> command restarts a specified set of processes,
+all processes, or all processes other than the BOS Server
+<P><LI>The <B>bos shutdown</B> command stops a process
+<P><LI>The <B>bos startup</B> command starts a process
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf099.htm#HDRBOS_DELETE">bos delete</A>
+<P><A HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P><A HREF="auarf117.htm#HDRBOS_SETRESTART">bos setrestart</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf119.htm#HDRBOS_START">bos start</A>
+<P><A HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P><A HREF="auarf122.htm#HDRBOS_STOP">bos stop</A>
+<P><A HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf015.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf017.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf016.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf018.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCACHEITEMS" HREF="auarf002.htm#ToC_15">CacheItems</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3897"></A>
+<A NAME="IDX3898"></A>
+<A NAME="IDX3899"></A>
+<P>Records information about each <B>V</B><VAR>n</VAR> file in a disk cache
+<P><STRONG>Description</STRONG>
+<P>The <B>CacheItems</B> file records information about each file in the
+disk cache on a client machine (each <B>V</B><VAR>n</VAR> file). The
+information includes the file ID number and associated volume version number
+of the AFS file currently stored in the <B>V</B><VAR>n</VAR> file, which
+enables the Cache Manager to determine which <B>V</B><VAR>n</VAR> file
+contains the AFS data it needs to present to an application.
+<P>As it initializes, the Cache Manager creates the binary-format
+<B>CacheItems</B> file in the same local disk cache directory as the
+<B>V</B><VAR>n</VAR> files that the <B>CacheItems</B> file describes,
+and it must always remain there. The conventional directory name is
+<B>/usr/vice/cache</B>, but it is acceptable to use a directory on a
+partition with more available space.
+<P><STRONG>Cautions</STRONG>
+<P>Editing or removing the <B>CacheItems</B> file can cause a kernel
+panic. If the contents of <B>V</B><VAR>n</VAR> files seem out of
+date, clear the files by using the <B>fs flush</B> or <B>fs
+flushvolume</B> command. If the <B>CacheItems</B> file is
+accidentally modified or deleted, rebooting the machine usually restores
+normal performance.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf036.htm#HDRVN">V<I>n</I></A>
+<P><A HREF="auarf040.htm#HDRVOLUMEITEMS">VolumeItems</A>
+<P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf140.htm#HDRFS_FLUSH">fs flush</A>
+<P><A HREF="auarf142.htm#HDRFS_FLUSHVOLUME">fs flushvolume</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf016.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf018.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf017.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf019.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCFG" HREF="auarf002.htm#ToC_16">CFG_<I>device_name</I></A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3900"></A>
+<A NAME="IDX3901"></A>
+<A NAME="IDX3902"></A>
+<A NAME="IDX3903"></A>
+<A NAME="IDX3904"></A>
+<P>Defines Tape Coordinator configuration instructions for automated tape
+devices
+<P><STRONG>Description</STRONG>
+<P>The <B>CFG_</B><VAR>device_name</VAR> file includes instructions that
+configure a Tape Coordinator for use with automated backup devices such as
+tape stackers and jukeboxes, enable the Tape Coordinator to dump and restore
+data to a <I>backup data file</I> on a local disk device, and enable
+greater automation of other aspects of the backup process.
+<P>There is a separate configuration file for each tape device or backup data
+file. Creating the file is optional, and unnecessary if none of the
+instructions it can include pertain to a given tape device. The
+ASCII-format file must reside in the <B>/usr/afs/backup</B> directory on
+the Tape Coordinator machine if it exists.
+<P>The <B>CFG_</B><VAR>device_name</VAR> file does not replace the
+<B>/usr/afs/backup/tapeconfig</B> file, a single copy of which still must
+exist on every Tape Coordinator machine.
+<P>To enable the Tape Coordinator to locate the configuration file, construct
+the variable part of the filename, <VAR>device_name</VAR>, as follows:
+<UL>
+<P><LI>For a tape device, strip off the initial <B>/dev/</B> string from the
+device name, and replace any other slashes in the name with
+underscores. For example, <B>CFG_rmt_4m</B> is the appropriate
+filename for a device called <B>/dev/rmt/4m</B>.
+<P><LI>For a backup data file, strip off the initial slash (/) and replace any
+other slashes in the name with underscores. For example,
+<B>CFG_var_tmp_FILE</B> is the appropriate filename for a backup data file
+called <B>/var/tmp/FILE</B>.
+</UL>
+<P>The <B>CFG_</B><VAR>device_name</VAR> file lists one or more of the
+following instructions, each on its own line. All are optional, and
+they can appear in any order. A more detailed description of each
+instruction follows the list:
+<DL>
+<P><DT><B>ASK
+</B><DD>Controls whether the Tape Coordinator prompts for guidance when it
+encounters error conditions
+<P><DT><B>AUTOQUERY
+</B><DD>Controls whether the Tape Coordinator prompts for the first tape
+<P><DT><B>BUFFERSIZE
+</B><DD>Sets the size of the memory buffer the Tape Coordinator uses when
+transferring data
+<P><DT><B>FILE
+</B><DD>Controls whether the dump is written to a tape device or a file
+<P><DT><B>MOUNT
+</B><DD>Identifies the file that contains routines for inserting tapes into the
+device's drive
+<P><DT><B>NAME_CHECK
+</B><DD>Controls whether the Tape Coordinator verifies that a tape's AFS tape
+name matches the dump being written
+<P><DT><B>UNMOUNT
+</B><DD>Identifies the file that contains routines for removing tapes from the
+device's drive
+</DL>
+<A NAME="IDX3905"></A>
+<P><B>The ASK Instruction</B>
+<P>The <B>ASK</B> instruction takes a boolean value as its argument, in
+the following format:
+<PRE> ASK {<B>YES</B> | <B>NO</B>}
+
+</PRE>
+<P>When the value is <B>YES</B>, the Tape Coordinator generates a prompt
+in its window, requesting a response to the error cases described in the
+following list. This is the default behavior if the ASK instruction
+does not appear in the <B>CFG_</B><VAR>device_name</VAR> file.
+<P>When the value is <B>NO</B>, the Tape Coordinator does not prompt in
+error cases, but instead uses the automatic default responses described in the
+following list. The Tape Coordinator also logs the error in the
+<B>TE_</B><VAR>device_name</VAR> file. Suppressing the prompts
+enables the Tape Coordinator to run unattended, though it still prompts for
+insertion of tapes unless the <B>MOUNT</B> instruction is used.
+<P>The error cases controlled by this instruction are the following:
+<UL>
+<P><LI>The Backup System is unable to dump a volume while running the <B>backup
+dump</B> command. With a <B>YES</B> value, the Tape Coordinator
+prompts to offer three choices: try to dump the volume again
+immediately, omit the volume from the dump but continue the operation, or
+terminate the operation. With a <B>NO</B> value, the Tape
+Coordinator omits the volume from the dump and continues the operation.
+<P><LI>The Backup System is unable to restore a volume while running the
+<B>backup diskrestore</B>, <B>backup volrestore</B>, or <B>backup
+volsetrestore</B> command. With a <B>YES</B> value, the Tape
+Coordinator prompts to offer two choices: omit the volume and continue
+restoring the other volumes, or terminate the operation. With a
+<B>NO</B> value, it continues the operation without prompting, omitting
+the problematic volume but restoring the remaining ones.
+<P><LI>The Backup System cannot determine if the dump set includes any more
+tapes, while running the <B>backup scantape</B> command (the reference
+page for that command discusses possible reasons for this problem).
+With a <B>YES</B> value, the Tape Coordinator prompts to ask if there are
+more tapes to scan. With a <B>NO</B> value, it proceeds as though
+there are more tapes and invokes the routine named by the <B>MOUNT</B>
+instruction in the configuration file, or prompts the operator to insert the
+next tape.
+<P><LI>The Backup System determines that the tape contains an unexpired dump
+while running the <B>backup labeltape</B> command. With a
+<B>YES</B> value, the Tape Coordinator prompts to offer two choices:
+continue or terminate the labeling operation. With a <B>NO</B>
+value, it terminates the operation without relabeling the tape.
+</UL>
+<A NAME="IDX3906"></A>
+<P><B>The AUTOQUERY Instruction</B>
+<P>The <B>AUTOQUERY</B> instruction takes a boolean value as its argument,
+in the following format:
+<PRE> AUTOQUERY {<B>YES</B> | <B>NO</B>}
+
+</PRE>
+<P>When the value is <B>YES</B>, the Tape Coordinator checks for the
+<B>MOUNT</B> instruction in the configuration file when it needs to read
+the first tape involved in an operation. As described for that
+instruction, it then either prompts for the tape or invokes the specified
+routine to mount the tape. This is the default behavior if the
+<B>AUTOQUERY</B> instruction does not appear in the configuration
+file.
+<P>When the value is <B>NO</B>, the Tape Coordinator assumes that the
+first tape required for an operation is already in the drive. It does
+not prompt the operator or invoke the <B>MOUNT</B> routine unless there is
+an error in accessing the first tape. This setting is equivalent in
+effect to including the <B>-noautoquery</B> flag to the <B>butc</B>
+command.
+<P>Note that the setting of the <B>AUTOQUERY</B> instruction controls the
+Tape Coordinator's behavior only with respect to the first tape required
+for an operation. For subsequent tapes, the Tape Coordinator always
+checks for the <B>MOUNT</B> instruction. It also refers to the
+<B>MOUNT</B> instruction if it encounters an error while attempting to
+access the first tape.
+<A NAME="IDX3907"></A>
+<P><B>The BUFFERSIZE Instruction</B>
+<P>The <B>BUFFERSIZE</B> instruction takes an integer value, and
+optionally units, in the following format:
+<PRE> BUFFERSIZE <VAR>size</VAR>[{<B>k</B> | <B>K</B> | <B>m</B> | <B>M</B> | <B>g</B> | <B>G</B>}]
+
+</PRE>
+<P>where<VAR> size</VAR> specifies the amount of memory the Tape Coordinator
+allocates to use as a buffer during both dump and restore operations.
+The default unit is bytes, but use <B>k</B> or <B>K</B> to specify
+kilobytes, <B>m</B> or <B>M</B> for megabytes, and <B>g</B> or
+<B>G</B> for gigabytes. There is no space between the
+<VAR>size</VAR>value and the units letter.
+<P>By default, the Tape Coordinator uses a 16 KB buffer during dump
+operations. As it receives volume data from the Volume Server, the Tape
+Coordinator gathers 16 KB of data in the buffer before transferring the entire
+16 KB to the tape device or backup data file. Similarly, during a
+restore operation the Tape Coordinator by default buffers 32 KB of data from
+the tape device or backup data file before transferring the entire 32 KB to
+the Volume Server for restoration into the file system. Buffering makes
+the volume of data flowing to and from a tape device more even and so promotes
+tape streaming, which is the most efficient way for a tape device to
+operate.
+<P>In a normal network configuration, the default buffer sizes are usually
+large enough to promote tape streaming. If the network between the Tape
+Coordinator machine and file server machines is slow, it can help to increase
+the buffer size.
+<A NAME="IDX3908"></A>
+<P><B>The FILE Instruction</B>
+<P>The <B>FILE</B> instruction takes a boolean value as its argument, in
+the following format:
+<PRE> FILE {<B>NO</B> | <B>YES</B>}
+
+</PRE>
+<P>When the value is <B>NO</B>, the Tape Coordinator writes to a tape
+device during a dump operation and reads from one during a restore
+operation. This is the default behavior if the <B>FILE</B>
+instruction does not appear in the configuration file.
+<P>When the value is <B>YES</B>, the Tape Coordinator writes volume data
+to a backup data file on the local disk during a dump operation and reads
+volume data from a file during a restore operation. If the file does
+not exist when the Tape Coordinator attempts to access it to write a dump, the
+Tape Coordinator creates it. For a restore operation to succeed, the
+file must exist and contain volume data previously written to it by a
+<B>backup dump</B> operation.
+<P>When the value is <B>YES</B>, the backup data file's complete
+pathname must appear (instead of a tape drive device name) in the third field
+of the corresponding port offset entry in the local
+<B>/usr/afs/backup/tapeconfig</B> file. If the field instead refers
+to a tape device, dump operations appear to succeed but are
+inoperative. It is not possible to restore data that was accidently
+dumped to a tape device while the <B>FILE</B> instruction was set to
+<B>YES</B>. (In the same way, if the <B>FILE</B> instruction is
+set to <B>NO</B>, the <B>tapeconfig</B> entry must refer to an actual
+tape device.)
+<P>Rather than put an actual file pathname in the third field of the
+<B>tapeconfig</B> file, however, the recommended configuration is to
+create a symbolic link in the <B>/dev</B> directory that points to the
+actual file pathname, and record the symbolic link in this field. This
+configuration has a couple of advantages:
+<UL>
+<P><LI>It makes the <VAR>device_name</VAR> portion of the
+<B>CFG_</B><VAR>device_name</VAR>, <B>TE_</B><VAR>device_name</VAR>, and
+<B>TL_</B><VAR>device_name</VAR> names as short as possible. Because
+the symbolic link is in the <B>/dev</B> directory as though it were a tape
+device, the device configuration file's name is constructed by stripping
+off the entire <B>/dev/</B> prefix, instead of just the initial
+slash. If, for example, the symbolic link is called
+<B>/dev/FILE</B>, the device configuration file name is
+<B>CFG_FILE</B>, whereas if the actual pathname <B>/var/tmp/FILE</B>
+appears in the <B>tapeconfig</B> file, the file's name must be
+<B>CFG_var_tmp_FILE</B>.
+<P><LI>It provides for a more graceful, and potentially automated, recovery if
+the Tape Coordinator cannot write a complete dump into the backup data file
+(because the partition housing the backup data file becomes full, for
+example). The Tape Coordinator's reaction to this problem is to
+invoke the <B>MOUNT</B> script, or to prompt the operator if the
+<B>MOUNT</B> instruction does not appear in the configuration file.
+<UL>
+<P><LI>If there is a <B>MOUNT</B> routine, the operator can prepare for this
+situation by adding a subroutine that changes the symbolic link to point to
+another backup data file on a partition where there is space available.
+<P><LI>If there is no <B>MOUNT</B> instruction, the prompt enables the
+operator manually to change the symbolic link to point to another backup data
+file, then press <<B>Return</B>> to signal that the Tape Coordinator
+can continue the operation.
+</UL>
+</UL>
+<P>If the third field in the <B>tapeconfig</B> file names the actual file,
+there is no way to recover from exhausting the space on the partition that
+houses the backup data file. It is not possible to change the
+<B>tapeconfig</B> file in the middle of an operation.
+<P>When writing to a backup data file, the Tape Coordinator writes data at 16
+KB offsets. If a given block of data (such as the marker that signals
+the beginning or end of a volume) does not fill the entire 16 KB, the Tape
+Coordinator still skips to the next offset before writing the next
+block. In the output of a <B>backup dumpinfo</B> command issued
+with the <B>-id</B> option, the value in the <TT>Pos</TT> column is the
+ordinal of the 16-KB offset at which the volume data begins, and so is not
+generally only one higher than the position number on the previous line, as it
+is for dumps to tape.
+<A NAME="IDX3909"></A>
+<P><B>The MOUNT Instruction</B>
+<P>The <B>MOUNT</B> instruction takes a pathname as its argument, in the
+following format:
+<PRE>
+ MOUNT <VAR>filename</VAR>
+
+</PRE>
+<P>The referenced executable file must reside on the local disk and contain a
+shell script or program that directs an automated tape device, such as a
+jukebox or stacker, to mount a tape (insert it into the tape reader).
+The operator must write the routine to invoke the mount command specified by
+the device's manufacturer; AFS does not include any scripts,
+although an example appears in the following <B>Examples</B>
+section. The script or program inherits the Tape Coordinator's AFS
+authentication status.
+<P>When the Tape Coordinator needs to mount a tape, it checks the
+configuration file for a <B>MOUNT</B> instruction. If there is no
+<B>MOUNT</B> instruction, the Tape Coordinator prompts the operator to
+insert a tape before it attempts to open the tape device. If there is a
+<B>MOUNT</B> instruction, the Tape Coordinator executes the routine in the
+referenced file. The routine invoked by the <B>MOUNT</B>
+instruction inherits the local identity (UNIX UID) and AFS tokens of the
+<B>butc</B> command's issuer.
+<P>There is an exception to this sequence: if the <B>AUTOQUERY
+NO</B> instruction appears in the configuration file, or the
+<B>-noautoquery</B> flag was included on the <B>butc</B> command, then
+the Tape Coordinator assumes that the operator has already inserted the first
+tape needed for a given operation. It attempts to read the tape
+immediately, and only checks for the <B>MOUNT</B> instruction or prompts
+the operator if the tape is missing or is not the required one.
+<P>When the Tape Coordinator invokes the routine indicated by the
+<B>MOUNT</B> instruction, it passes the following parameters to the
+routine in the indicated order:
+<OL TYPE=1>
+<P><LI>The tape device or backup data file's pathname, as recorded in the
+<B>/usr/afs/backup/tapeconfig</B> file.
+<P><LI>The tape operation, which (except for the exceptions noted in the
+following list) matches the <B>backup</B> command operation code used to
+initiate the operation:
+<UL>
+<P><LI><B>appenddump</B> (when a <B>backup dump</B> command includes the
+<B>-append</B> flag)
+<P><LI><B>dump</B> (when a <B>backup dump</B> command does not include
+the <B>-append</B> flag)
+<P><LI><B>labeltape</B>
+<P><LI><B>readlabel</B>
+<P><LI><B>restore</B> (for a <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> command)
+<P><LI><B>restoredb</B>
+<P><LI><B>savedb</B>
+<P><LI><B>scantape</B>
+</UL>
+<P><LI>The number of times the Tape Coordinator has attempted to open the tape
+device or backup data file. If the open attempt returns an error, the
+Tape Coordinator increments this value by one and again invokes the
+<B>MOUNT</B> instruction.
+<P><LI>The tape name. For some operations, the Tape Coordinator passes the
+string <TT>none</TT>, because it does not know the tape name (when running
+the <B>backup scantape</B> or <B>backup readlabel</B>, for example),
+or because the tape does not necessarily have a name (when running the
+<B>backup labeltape</B> command, for example).
+<P><LI>The tape ID recorded in the Backup Database. As with the tape name,
+the Backup System passes the string <TT>none</TT> for operations where it
+does not know the tape ID or the tape does not necessarily have an ID.
+</OL>
+<P>The routine invoked by the <B>MOUNT</B> instruction must return an exit
+code to the Tape Coordinator:
+<UL>
+<P><LI>Code <B>0</B> (zero) indicates that the routine successfully mounted
+the tape. The Tape Coordinator continues the backup operation.
+If the routine invoked by the <B>MOUNT</B> instruction does not return
+this exit code, the Tape Coordinator never calls the <B>UNMOUNT</B>
+instruction.
+<P><LI>Code <B>1</B> (one) indicates that the routine failed to mount the
+tape. The Tape Coordinator terminates the operation.
+<P><LI>Any other code indicates that the routine was not able to access the
+correct tape. The Tape Coordinator prompts the operator to insert the
+correct tape.
+</UL>
+<P>If the <B>backup</B> command was issued in interactive mode and the
+operator issues the <B>(backup) kill</B> command while the
+<B>MOUNT</B> routine is running, the Tape Coordinator passes the
+termination signal to the routine; the entire operation
+terminates.
+<A NAME="IDX3910"></A>
+<P><B>The NAME_CHECK Instruction</B>
+<P>The <B>NAME_CHECK</B> instruction takes a boolean value as its
+argument, in the following format:
+<PRE> NAME_CHECK {<B>YES</B> | <B>NO</B>}
+
+</PRE>
+<P>When the value is <B>YES</B> and the tape does not have a permanent
+name, the Tape Coordinator checks the AFS tape name when dumping a volume in
+response to the <B>backup dump</B> command. The AFS tape name must
+be <TT><NULL></TT> or match the tape name that the <B>backup dump</B>
+operation assigns based on the volume set and dump level names. This is
+the default behavior if the <B>NAME_CHECK</B> instruction does not appear
+in the configuration file.
+<P>When the value is <B>NO</B>, the Tape Coordinator does not check the
+AFS tape name before writing to the tape.
+<P>The Tape Coordinator always checks that all dumps on the tape are expired,
+and refuses to write to a tape that contains unexpired dumps.
+<A NAME="IDX3911"></A>
+<P><B>The UNMOUNT Instruction</B>
+<P>The <B>UNMOUNT</B> instruction takes a pathname as its argument, in the
+following format:
+<PRE> UNMOUNT <VAR>filename</VAR>
+
+</PRE>
+<P>The referenced executable file must reside on the local disk and contain a
+shell script or program that directs an automated tape device, such as a
+jukebox or stacker, to unmount a tape (remove it from the tape reader).
+The operator must write the routine to invoke the unmount command specified by
+the device's manufacturer; AFS does not include any scripts,
+although an example appears in the following <B>Examples</B>
+section. The script or program inherits the Tape Coordinator's AFS
+authentication status.
+<P>After closing a tape device, the Tape Coordinator checks the configuration
+file for an <B>UNMOUNT</B> instruction, whether or not the
+<B>close</B> operation succeeds. If there is no <B>UNMOUNT</B>
+instruction, the Tape Coordinator takes no action, in which case the operator
+must take the action necessary to remove the current tape from the drive
+before another can be inserted. If there is an <B>UNMOUNT</B>
+instruction, the Tape Coordinator executes the referenced file. It
+invokes the routine only once, passing in the following parameters:
+<UL>
+<P><LI>The tape device pathname (as specified in the
+<B>/usr/afs/backup/tapeconfig</B> file)
+<P><LI>The tape operation (always <B>unmount</B>)
+</UL>
+<P><STRONG>Privilege Required</STRONG>
+<P>The file is protected by UNIX mode bits. Creating the file requires
+the <B>w</B> (<B>write</B>) and <B>x</B> (<B>execute</B>)
+permissions on the <B>/usr/afs/backup</B> directory. Editing the
+file requires the <B>w</B> (<B>write</B>) permission on the
+file.
+<P><STRONG>Examples</STRONG>
+<P>The following example configuration files demonstrate one way to structure
+a configuration file for a stacker or backup dump file. The examples
+are not necessarily appropriate for a specific cell; if using them as
+models, be sure to adapt them to the cell's needs and equipment.
+<P><B>Example</B> <B>CFG_</B><VAR>device_name</VAR> <B>File for
+Stackers</B>
+<P>In this example, the administrator creates the following entry for a tape
+stacker called <B>stacker0.1</B> in the
+<B>/usr/afs/backup/tapeconfig</B> file. It has port offset
+0.
+<PRE> 2G 5K /dev/stacker0.1 0
+
+</PRE>
+<P>The administrator includes the following five lines in the
+<B>/usr/afs/backup/CFG_stacker0.1</B> file. To review the
+meaning of each instruction, see the preceding <B>Description</B>
+section.
+<PRE> MOUNT /usr/afs/backup/stacker0.1
+ UNMOUNT /usr/afs/backup/stacker0.1
+ AUTOQUERY NO
+ ASK NO
+ NAME_CHECK NO
+
+</PRE>
+<P>Finally, the administrator writes the following executable routine in the
+<B>/usr/afs/backup/stacker0.1</B> file referenced by the
+<B>MOUNT</B> and <B>UNMOUNT</B> instructions in the
+<B>CFG_stacker0.1</B> file.
+<PRE> #! /bin/csh -f
+
+ set devicefile = $1
+ set operation = $2
+ set tries = $3
+ set tapename = $4
+ set tapeid = $5
+
+ set exit_continue = 0
+ set exit_abort = 1
+ set exit_interactive = 2
+
+ #--------------------------------------------
+
+ if (${tries} > 1) then
+ echo "Too many tries"
+ exit ${exit_interactive}
+ endif
+
+ if (${operation} == "unmount") then
+ echo "UnMount: Will leave tape in drive"
+ exit ${exit_continue}
+ endif
+
+ if ((${operation} == "dump") |\
+ (${operation} == "appenddump") |\
+ (${operation} == "savedb")) then
+
+ stackerCmd_NextTape ${devicefile}
+ if (${status} != 0)exit${exit_interactive}
+ echo "Will continue"
+ exit ${exit_continue}
+ endif
+
+ if ((${operation} == "labeltape") |\
+ (${operation} == "readlabel")) then
+ echo "Will continue"
+ exit ${exit_continue}
+ endif
+
+ echo "Prompt for tape"
+ exit ${exit_interactive}
+
+</PRE>
+<P>This routine uses two of the parameters passed to it by the Backup
+System: <TT>tries</TT> and <TT>operation</TT>. It follows the
+recommended practice of prompting for a tape if the value of the
+<TT>tries</TT> parameter exceeds one, because that implies that the stacker
+is out of tapes.
+<P>For a <B>backup dump</B> or <B>backup savedb</B> operation, the
+routine calls the example <B>stackerCmd_NextTape</B> function provided by
+the stacker's manufacturer. Note that the final lines in the file
+return the exit code that prompts the operator to insert a tape; these
+lines are invoked when either the stacker cannot load a tape or a the
+operation being performed is not one of those explicitly mentioned in the file
+(such as a restore operation).
+<P><B>Example CFG_</B><VAR>device_name</VAR> <B>File for Dumping to a
+Backup Data File</B>
+<P>In this example, the administrator creates the following entry for a backup
+data file called <B>HSM_device</B> in the
+<B>/usr/afs/backup/tapeconfig</B> file. It has port offset
+20.
+<PRE> 1G 0K /dev/HSM_device 20
+
+</PRE>
+<P>The administrator includes the following lines in the
+<B>/usr/afs/backup/CFG_HSM_device</B> file. To review the meaning
+of each instruction, see the preceding <B>Description</B> section.
+<PRE> MOUNT /usr/afs/backup/file
+ FILE YES
+ ASK NO
+
+</PRE>
+<P>Finally, the administrator writes the following executable routine in the
+<B>/usr/afs/backup/file</B> file referenced by the <B>MOUNT</B>
+instruction in the <B>CFG_HSM_device</B> file, to control how the Tape
+Coordinator handles the file.
+<PRE> #! /bin/csh -f
+ set devicefile = $1
+ set operation = $2
+ set tries = $3
+ set tapename = $4
+ set tapeid = $5
+
+ set exit_continue = 0
+ set exit_abort = 1
+ set exit_interactive = 2
+
+ #--------------------------------------------
+
+ if (${tries} > 1) then
+ echo "Too many tries"
+ exit ${exit_interactive}
+ endif
+
+ if (${operation} == "labeltape") then
+ echo "Won't label a tape/file"
+ exit ${exit_abort}
+ endif
+
+ if ((${operation} == "dump") |\
+ (${operation} == "appenddump") |\
+ (${operation} == "restore") |\
+ (${operation} == "savedb") |\
+ (${operation} == "restoredb")) then
+
+ /bin/rm -f ${devicefile}
+ /bin/ln -s /hsm/${tapename}_${tapeid} ${devicefile}
+ if (${status} != 0) exit ${exit_abort}
+ endif
+
+ exit ${exit_continue}
+
+</PRE>
+<P>Like the example routine for a tape stacker, this routine uses the
+<TT>tries</TT> and <TT>operation</TT> parameters passed to it by the
+Backup System. The <TT>tries</TT> parameter tracks how many times the
+Tape Coordinator has attempted to access the file. A value greater than
+one indicates that the Tape Coordinator cannot access it, and the routine
+returns exit code 2 (<TT>exit_interactive</TT>), which results in a prompt
+for the operator to load a tape. The operator can use this opportunity
+to change the name of the backup data file specified in the
+<B>tapeconfig</B> file.
+<P>The primary function of this routine is to establish a link between the
+device file and the file to be dumped or restored. When the Tape
+Coordinator is executing a <B>backup dump</B>, <B>backup restore</B>,
+<B>backup savedb</B>, or <B>backup restoredb</B> operation, the
+routine invokes the UNIX <B>ln -s</B> command to create a symbolic link
+from the backup data file named in the <B>tapeconfig</B> file to the
+actual file to use (this is the recommended method). It uses the value
+of the <TT>tapename</TT> and <TT>tapeid</TT> parameters to construct the
+file name.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf085.htm#HDRBK_RESTOREDB">backup restoredb</A>
+<P><A HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf092.htm#HDRBK_VOLSETRESTORE">backup volsetrestore</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf017.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf019.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf018.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf020.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCLI_CSDB" HREF="auarf002.htm#ToC_17">CellServDB (client version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3912"></A>
+<A NAME="IDX3913"></A>
+<A NAME="IDX3914"></A>
+<A NAME="IDX3915"></A>
+<A NAME="IDX3916"></A>
+<A NAME="IDX3917"></A>
+<A NAME="IDX3918"></A>
+<A NAME="IDX3919"></A>
+<P>Lists the database server machines in all cells accessible from the machine
+<P><STRONG>Description</STRONG>
+<P>The client version of the <B>CellServDB</B> file lists the database
+server machines in the local cell and any foreign cell that is to be
+accessible from the local client machine. Database server machines run
+the Authentication Server, Backup Server, Protection Server, and Volume
+Location (VL) Server (the <B>kaserver</B>, <B>buserver</B>,
+<B>ptserver</B>, and <B>vlserver</B>) processes, which maintain the
+cell's administrative AFS databases.
+<P>The Cache Manager and other processes running on a client machine use the
+list of a cell's database server machines when performing several common
+functions, including:
+<UL>
+<P><LI>Fetching files. The Cache Manager contacts the VL Server to learn
+the location of the volume containing a requested file or directory.
+<P><LI>Authenticating users. Client-side authentication programs (such as
+an AFS-modified login utility or the <B>klog</B> command interpreter)
+contact the Authentication Server to obtain a server ticket, which the AFS
+server processes accept as proof that the user is authenticated.
+<P><LI>Creating protection groups. The <B>pts</B> command interpreter
+contacts the Protection Server when users create protection groups or request
+information from the Protection Database.
+</UL>
+<P>The Cache Manager reads the <B>CellServDB</B> file into kernel memory
+as it initializes, and not again until the machine next reboots. To
+enable users on the local machine to continue accessing the cell correctly,
+update the file whenever a database server machine is added to or removed from
+a cell. To update the kernel-resident list of database server machines
+without rebooting, use the <B>fs newcell</B> command.
+<P>The <B>CellServDB</B> file is in ASCII format and must reside in the
+<B>/usr/vice/etc</B> directory on each AFS client machine. Use a
+text editor to create and maintain it. Each cell's entry must have
+the following format:
+<UL>
+<P><LI>The first line begins at the left margin with the greater-than character
+(<B>></B>), followed immediately by the cell's name without an
+intervening space. Optionally, a comment can follow any number of
+spaces and a number sign (<B>#</B>), perhaps to identify the organization
+associated with the cell.
+<P><LI>Each subsequent line in the entry identifies one of the cell's
+database server machines, with the indicated information in order:
+<UL>
+<P><LI>The database server machine's IP address in dotted-decimal
+format.
+<P><LI>One or more spaces.
+<P><LI>A number sign (<B>#</B>), followed by the machine's fully
+qualified hostname without an intervening space. This number sign does
+not indicate that the hostname is a comment. It is a required
+field.
+</UL>
+</UL>
+<P>No extra blank lines or newline characters are allowed in the file, even
+after the last entry. Their presence can prevent the Cache Manager from
+reading the file into kernel memory, resulting in an error message.
+<P>The AFS Product Support group maintains a list of the database server
+machines in all cells that have registered themselves as receptive to access
+from foreign cells. When a cell's administrators change its
+database server machines, it is customary to register the change with the AFS
+Product Support group for inclusion in this file. The file conforms to
+the required <B>CellServDB</B> format, and so is a suitable basis for the
+<B>CellServDB</B> file on a client machine. Contact the AFS Product
+Support group for directions on accessing the file.
+<P>The client version of the <B>CellServDB</B> file is distinct from the
+server version, which resides in the <B>/usr/afs/etc</B> directory on each
+AFS server machine. The client version lists the database server
+machines in every AFS cell that the cell administrator wants the
+machine's users to be able to access, whereas the server version lists
+only the local cell's database server machines.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows entries for two cells in a client
+<B>CellServDB</B> file and illustrates the required format.
+<PRE> >abc.com # ABC Corporation
+ 192.12.105.2 #db1.abc.com
+ 192.12.105.3 #db2.abc.com
+ 192.12.107.3 #db3.abc.com
+ >test.abc.com # ABC Corporation Test Cell
+ 192.12.108.57 #testdb1.abc.com
+ 192.12.108.55 #testdb2.abc.com
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf154.htm#HDRFS_NEWCELL">fs newcell</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf018.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf020.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf019.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf021.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSV_CSDB" HREF="auarf002.htm#ToC_18">CellServDB (server version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3920"></A>
+<A NAME="IDX3921"></A>
+<A NAME="IDX3922"></A>
+<A NAME="IDX3923"></A>
+<A NAME="IDX3924"></A>
+<A NAME="IDX3925"></A>
+<A NAME="IDX3926"></A>
+<A NAME="IDX3927"></A>
+<P>Lists the local cell's database server machines
+<P><STRONG>Description</STRONG>
+<P>The server version of the <B>CellServDB</B> file lists the local
+cell's database server machines. These machines run the
+Authentication Server, Backup Server, Protection Server, and Volume Location
+(VL) Server (the <B>kaserver</B>, <B>buserver</B>,
+<B>ptserver</B>, and <B>vlserver</B>) processes, which maintain the
+cell's administrative AFS databases. The initial version of the
+file is created with the <B>bos setcellname</B> command during the
+installation of the cell's server machine, which is automatically
+recorded as the cell's first database server machine. When adding
+or removing database server machines, be sure to update this file
+appropriately. It must reside in the <B>/usr/afs/etc</B> directory
+on each AFS server machine.
+<P>The database server processes consult the <B>CellServDB</B> file to
+learn about their peers, with which they must maintain constant connections in
+order to coordinate replication of changes across the multiple copies of each
+database. The other AFS server processes consult the file to learn
+which machines to contact for information from the databases when they need
+it.
+<P>Although the <B>CellServDB</B> file is in ASCII format, do not use a
+text editor to alter it. Instead always use the appropriate commands
+from the <B>bos</B> command suite:
+<UL>
+<P><LI>The <B>bos addhost</B> command to add a machine to the file
+<P><LI>The <B>bos listhosts</B> command to display the list of machines from
+the file
+<P><LI>The <B>bos removehost</B> command to remove a machine from the file
+</UL>
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is customary to edit only the copy of the file stored on the system control
+machine. In cells that run the international version of AFS, edit the
+file on each server machine individually. For instructions on adding
+and removing database server machine, see the <I>IBM AFS Quick
+Beginnings</I> chapter on installing additional server machines.
+<P>The server version of the <B>CellServDB</B> file is distinct from the
+client version, which resides in the <B>/usr/vice/etc</B> directory on
+each AFS client machine. The server version lists only the local
+cell's database server machines, whereas the client version lists the
+database server machines in every AFS cell that the cell administrator wants
+the machine's users to be able to access.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf094.htm#HDRBOS_ADDHOST">bos addhost</A>
+<P><A HREF="auarf106.htm#HDRBOS_LISTHOSTS">bos listhosts</A>
+<P><A HREF="auarf110.htm#HDRBOS_REMOVEHOST">bos removehost</A>
+<P><A HREF="auarf116.htm#HDRBOS_SETCELLNAME">bos setcellname</A>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<P><I>IBM AFS Quick Beginnings</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf019.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf021.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf020.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf022.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFILELOG" HREF="auarf002.htm#ToC_19">FileLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3928"></A>
+<A NAME="IDX3929"></A>
+<A NAME="IDX3930"></A>
+<P>Traces File Server operations
+<P><STRONG>Description</STRONG>
+<P>The <B>FileLog</B> file records a trace of File Server
+(<B>fileserver</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>FileLog</B> file does not already exist in the
+<B>/usr/afs/logs</B> directory when the File Server starts, the server
+process creates it and writes initial start-up messages to it. If there
+is an existing file, the File Server renames it to
+<B>FileLog.old</B>, overwriting the existing
+<B>FileLog.old</B> file if it exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log onto the file
+server machine and use a text editor or a file display command such as the
+UNIX <B>cat</B> command. By default, the mode bits on the
+<B>FileLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The File Server records operations only as it completes them, and cannot
+recover from failures by reviewing the file. The log contents are
+useful for administrative evaluation of process failures and other
+problems.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf020.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf022.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf021.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf023.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFORCESALVAGE" HREF="auarf002.htm#ToC_20">FORCESALVAGE</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3931"></A>
+<A NAME="IDX3932"></A>
+<A NAME="IDX3933"></A>
+<P>Forces salvage of entire partition
+<P><STRONG>Description</STRONG>
+<P>The <B>FORCESALVAGE</B> file, if present on an AFS server partition
+(that is, in a <B>/vicep</B> directory), signals that the Salvager must
+salvage the entire partition. The AFS-modified version of the
+<B>fsck</B> program creates the empty (zero-length) file when it discovers
+corruption on the partition. The Salvager removes the file when it
+completes the salvage operation.
+<P>When the File Server detects the presence of the file on a partition on
+which it is attaching volumes, it stops, detaches any volumes that are already
+attached, and exits after recording a message in the
+<B>/usr/afs/logs/FileLog</B> file. The Bos Server then invokes the
+Salvager to salvage the partition.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf021.htm#HDRFILELOG">FileLog</A>
+<P><A HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf021.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf023.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf022.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf024.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKEYFILE" HREF="auarf002.htm#ToC_21">KeyFile</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3934"></A>
+<A NAME="IDX3935"></A>
+<A NAME="IDX3936"></A>
+<A NAME="IDX3937"></A>
+<A NAME="IDX3938"></A>
+<A NAME="IDX3939"></A>
+<A NAME="IDX3940"></A>
+<A NAME="IDX3941"></A>
+<P>Defines AFS server encryption keys
+<P><STRONG>Description</STRONG>
+<P>The <B>KeyFile</B> file defines the server encryption keys that the AFS
+server processes running on the machine use to decrypt the tickets presented
+by clients during the mutual authentication process. AFS server
+processes perform privileged actions only for clients that possess a ticket
+encrypted with one of the keys from the file. The file must reside in
+the <B>/usr/afs/etc</B> directory on every server machine. For more
+detailed information on mutual authentication and server encryption keys, see
+the <I>IBM AFS Administration Guide</I>.
+<P>Each key has a corresponding a key version number that distinguishes it
+from the other keys. The tickets that clients present are also marked
+with a key version number to tell the server process which key to use to
+decrypt it. The <B>KeyFile</B> file must always include a key with
+the same key version number and contents as the key currently listed for the
+<B>afs</B> entry in the Authentication Database.
+<P>The <B>KeyFile</B> file is in binary format, so always use the
+appropriate commands from the <B>bos</B> command suite to administer
+it:
+<UL>
+<P><LI>The <B>bos addkey</B> command to define a new key
+<P><LI>The <B>bos listkeys</B> command to display the keys
+<P><LI>The <B>bos removekey</B> command to remove a key from the file
+</UL>
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is customary to edit only the copy of the file stored on the system control
+machine. In cells that run the international version of AFS, edit the
+file on each server machine individually.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<P><A HREF="auarf111.htm#HDRBOS_REMOVEKEY">bos removekey</A>
+<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<P><I>IBM AFS Administration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf022.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf024.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf023.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf025.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCLI_NETINFO" HREF="auarf002.htm#ToC_22">NetInfo (client version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3942"></A>
+<A NAME="IDX3943"></A>
+<A NAME="IDX3944"></A>
+<A NAME="IDX3945"></A>
+<A NAME="IDX3946"></A>
+<A NAME="IDX3947"></A>
+<P>Defines client machine interfaces to register with the File Server
+<P><STRONG>Description</STRONG>
+<P>The <B>NetInfo</B> file lists the IP addresses of one or more of the
+local machine's network interfaces. If it exists in the
+<B>/usr/vice/etc</B> directory when the Cache Manager initializes, the
+Cache Manager uses its contents as the basis for a list of local
+interfaces. Otherwise, the Cache Manager uses the list of interfaces
+configured with the operating system. It then removes from the list any
+addresses that appear in the <B>/usr/vice/etc/NetRestrict</B> file, if it
+exists. The Cache Manager records the resulting list in kernel
+memory. The first time it establishes a connection to a File Server, it
+registers the list with the File Server.
+<P>The File Server uses the addresses when it initiates a remote procedure
+call (RPC) to the Cache Manager (as opposed to responding to an RPC sent by
+the Cache Manager). There are two common circumstances in which the
+File Server initiates RPCs: when it breaks callbacks and when it pings
+the client machine to verify that the Cache Manager is still
+accessible.
+<P>The <B>NetInfo</B> file is in ASCII format. One of the
+machine's IP addresses appears on each line, in dotted decimal
+format. The File Server initially uses the address that appears first
+in the list. The order of the remaining addresses is not
+significant: if an RPC to the first interface fails, the File Server
+simultaneously sends RPCs to all of the other interfaces in the list.
+Whichever interface replies first is the one to which the File Server then
+sends pings and RPCs to break callbacks.
+<P>To prohibit the Cache Manager absolutely from using one or more addresses,
+list them in the <B>NetRestrict</B> file. To display the addresses
+the Cache Manager is currently registering with File Servers, use the <B>fs
+getclientaddrs</B> command. To replace the current list of interfaces
+with a new one between reboots of the client machine, use the <B>fs
+setclientaddrs</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf026.htm#HDRCLI_NETRESTRICT">NetRestrict (client version)</A>
+<P><A HREF="auarf145.htm#HDRFS_GETCLIENTADDRS">fs getclientaddrs</A>
+<P><A HREF="auarf160.htm#HDRFS_SETCLIENTADDRS">fs setclientaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf023.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf025.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf024.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf026.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSV_NETINFO" HREF="auarf002.htm#ToC_23">NetInfo (server version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3948"></A>
+<A NAME="IDX3949"></A>
+<A NAME="IDX3950"></A>
+<A NAME="IDX3951"></A>
+<A NAME="IDX3952"></A>
+<P>Defines interfaces that File Server registers in VLDB and Ubik uses for
+database server machines
+<P><STRONG>Description</STRONG>
+<P>The <B>NetInfo</B> file, if present in the <B>/usr/afs/local</B>
+directory, defines the following:
+<UL>
+<P><LI>On a file server machine, the local interfaces that the File Server
+(<B>fileserver</B> process) can register in the Volume Location Database
+(VLDB) at initialization time
+<P><LI>On a database server machine, the local interfaces that the Ubik database
+synchronization library uses when communicating with the database server
+processes running on other database server machines
+</UL>
+<P>If the <B>NetInfo</B> file exists when the File Server initializes, the
+File Server uses its contents as the basis for a list of interfaces to
+register in the VLDB. Otherwise, it uses the list of network interfaces
+configured with the operating system. It then removes from the list any
+addresses that appear in the <B>/usr/vice/etc/NetRestrict</B> file, if it
+exists. The File Server records the resulting list in the
+<B>/usr/afs/local/sysid</B> file and registers the interfaces in the
+VLDB. The database server processes use a similar procedure when
+initializing, to determine which interfaces to use for communication with the
+peer processes on other database machines in the cell.
+<P>The <B>NetInfo</B> file is in ASCII format. One of the
+machine's IP addresses appears on each line, in dotted decimal
+format. The order of the addresses is not significant.
+<P>To display the File Server interface addresses registered in the VLDB, use
+the <B>vos listaddrs</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf027.htm#HDRSV_NETRESTRICT">NetRestrict (server version)</A>
+<P><A HREF="auarf049.htm#HDRSYSID">sysid</A>
+<P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf263.htm#HDRVOS_LISTADDRS">vos listaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf024.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf026.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf025.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf027.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCLI_NETRESTRICT" HREF="auarf002.htm#ToC_24">NetRestrict (client version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3953"></A>
+<A NAME="IDX3954"></A>
+<A NAME="IDX3955"></A>
+<A NAME="IDX3956"></A>
+<A NAME="IDX3957"></A>
+<A NAME="IDX3958"></A>
+<P>Defines client interfaces not to register with the File Server
+<P><STRONG>Description</STRONG>
+<P>The <B>NetRestrict</B> file, if present in a client machine's
+<B>/usr/vice/etc</B> directory, defines the IP addresses of the interfaces
+that the local Cache Manager does not register with a File Server when first
+establishing a connection to it. For an explanation of how the File
+Server uses the registered interfaces, see the reference page for the client
+version of the <B>NetInfo</B> file.
+<P>As it initializes, the Cache Manager constructs a list of interfaces to
+register, from the <B>/usr/vice/etc/NetInfo</B> file if it exists, or from
+the list of interfaces configured with the operating system otherwise.
+The Cache Manager then removes from the list any addresses that appear in the
+<B>NetRestrict</B> file, if it exists. The Cache Manager records
+the resulting list in kernel memory.
+<P>The <B>NetRestrict</B> file is in ASCII format. One IP address
+appears on each line, in dotted decimal format. The order of the
+addresses is not significant. The value <B>255</B> is a wildcard
+that represents all possible addresses in that field. For example, the
+value <B>192.12.105.255</B> indicates that the Cache
+Manager does not register any of the addresses in the
+<B>192.12.105</B> subnet.
+<P>To display the addresses the Cache Manager is currently registering with
+File Servers, use the <B>fs getclientaddrs</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf024.htm#HDRCLI_NETINFO">NetInfo (client version)</A>
+<P><A HREF="auarf145.htm#HDRFS_GETCLIENTADDRS">fs getclientaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf025.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf027.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf026.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf028.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSV_NETRESTRICT" HREF="auarf002.htm#ToC_25">NetRestrict (server version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3959"></A>
+<A NAME="IDX3960"></A>
+<A NAME="IDX3961"></A>
+<A NAME="IDX3962"></A>
+<A NAME="IDX3963"></A>
+<P>Defines interfaces that File Server does not register in VLDB and Ubik does
+not use for database server machines
+<P><STRONG>Description</STRONG>
+<P>The <B>NetRestrict</B> file, if present in the
+<B>/usr/afs/local</B> directory, defines the following:
+<UL>
+<P><LI>On a file server machine, the local interfaces that the File Server
+(<B>fileserver</B> process) does not register in the Volume Location
+Database (VLDB) at initialization time
+<P><LI>On a database server machine, the local interfaces that the Ubik
+synchronization library does not use when communicating with the database
+server processes running on other database server machines
+</UL>
+<P>As it initializes, the File Server constructs a list of interfaces to
+register, from the <B>/usr/afs/local/NetInfo</B> file if it exists, or
+from the list of interfaces configured with the operating system
+otherwise. The File Server then removes from the list any addresses
+that appear in the <B>NetRestrict</B> file, if it exists. The File
+Server records the resulting list in the <B>/usr/afs/local/sysid</B> file
+and registers the interfaces in the VLDB. The database server processes
+use a similar procedure when initializing, to determine which interfaces to
+use for communication with the peer processes on other database machines in
+the cell.
+<P>The <B>NetRestrict</B> file is in ASCII format. One IP address
+appears on each line, in dotted decimal format. The order of the
+addresses is not significant. The value <B>255</B> is a wildcard
+that represents all possible addresses in that field. For example, the
+value <B>192.12.105.255</B> indicates that the Cache
+Manager does not register any of the addresses in the
+<B>192.12.105</B> subnet.
+<P>To display the File Server interface addresses registered in the VLDB, use
+the <B>vos listaddrs</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf025.htm#HDRSV_NETINFO">NetInfo (server version)</A>
+<P><A HREF="auarf049.htm#HDRSYSID">sysid</A>
+<P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf263.htm#HDRVOS_LISTADDRS">vos listaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf026.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf028.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf027.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf029.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRNOAUTH" HREF="auarf002.htm#ToC_26">NoAuth</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3964"></A>
+<A NAME="IDX3965"></A>
+<A NAME="IDX3966"></A>
+<P>Disables authorization checking
+<P><STRONG>Description</STRONG>
+<P>The <B>NoAuth</B> file, if present in a server machine's
+<B>/usr/afs/local</B> directory, indicates to the AFS server processes
+running on the machine that it is not necessary to perform authorization
+checking. They perform any action for any user who logs into the
+machine's local file system or issues a remote command that affects the
+machine's AFS server functioning, such as commands from the AFS command
+suites. Because failure to check authorization exposes the
+machine's AFS server functionality to attack, there are normally only two
+circumstances in which the file is present:
+<UL>
+<P><LI>During installation of the machine, as instructed in the <I>IBM AFS
+Quick Beginnings</I>
+<P><LI>During correction of a server encryption key emergency, as discussed in
+the <I>IBM AFS Administration Guide</I>
+</UL>
+<P>In all other circumstances, the absence of the file means that the AFS
+server processes perform authorization checking, verifying that the issuer of
+a command has the required privilege.
+<P>Create the file in one of the following ways:
+<UL>
+<P><LI>By issuing the <B>bosserver</B> initialization command with the
+<B>-noauth</B> flag, if the Basic OverSeer (BOS) Server is not already
+running
+<P><LI>By issuing the <B>bos setauth</B> command with <B>off</B> as the
+value for the <B>-authrequired</B> argument, if the BOS Server is already
+running
+</UL>
+<P>To remove the file, issue the <B>bos setauth</B> command with
+<B>on</B> as the value for the <B>-authrequired</B> argument.
+<P>The file's contents, if any, are ignored; an empty (zero-length)
+file is effective.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf115.htm#HDRBOS_SETAUTH">bos setauth</A>
+<P><A HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf027.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf029.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf028.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf030.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSALVAGEFS" HREF="auarf002.htm#ToC_27">SALVAGE.fs</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3967"></A>
+<A NAME="IDX3968"></A>
+<A NAME="IDX3969"></A>
+<A NAME="IDX3970"></A>
+<A NAME="IDX3971"></A>
+<P>Triggers salvaging of AFS server partitions
+<P><STRONG>Description</STRONG>
+<P>The <B>SALVAGE.fs</B> file, if present in a file server
+machine's <B>/usr/afs/local</B> directory, indicates to the Basic
+OverSeer (BOS) Server (<B>bosserver</B> process) that it must invoke the
+Salvager (<B>salvager</B> process) during recovery from a failure of the
+File Server (<B>fileserver</B> process).
+<P>The BOS Server creates the zero-length file each time it starts or restarts
+the <B>fs</B> process. When the File Server exits normally (for
+example, in response to the <B>bos shutdown</B> or <B>bos stop</B>
+command), the BOS Server removes the file. However, if the File Server
+exits unexpectedly, the file remains in the <B>/usr/afs/local</B>
+directory as a signal that the BOS Server must invoke the Salvager process to
+repair any file system inconsistencies possibly introduced during the failure,
+before restarting the File Server and Volume Server processes.
+<P>Do not create or remove this file. To invoke the Salvager process
+directly, use the <B>bos salvage</B> command or log onto the file server
+machine as the local superuser <B>root</B> and issue the
+<B>salvager</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<P><A HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf028.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf030.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf029.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf031.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSALVAGELOG" HREF="auarf002.htm#ToC_28">SalvageLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3972"></A>
+<A NAME="IDX3973"></A>
+<A NAME="IDX3974"></A>
+<P>Traces Salvager operations
+<P><STRONG>Description</STRONG>
+<P>The <B>SalvageLog</B> file records a trace of Salvager
+(<B>salvager</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>SalvageLog</B> file does not already exist in the
+<B>/usr/afs/logs</B> directory when the Salvager starts, the process
+creates it and writes initial start-up messages to it. If there is an
+existing file, the Salvager renames is to <B>SalvageLog.old</B>,
+overwriting the existing <B>SalvageLog.old</B> file if it
+exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log onto the file
+server machine and use a text editor or a file display command such as the
+UNIX <B>cat</B> command. By default, the mode bits on the
+<B>SalvageLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The Salvager records operations only as it completes them, and cannot
+recover from failures by reviewing the file. The log contents are
+useful for administrative evaluation of process failures and other
+problems.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf029.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf031.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf030.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf032.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRTE" HREF="auarf002.htm#ToC_29">TE_<I>device_name</I></A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Logs error messages from the Tape Coordinator process
+<P><STRONG>Description</STRONG>
+<P>The <B>TE_</B><VAR>device_name</VAR> file logs error messages generated
+by the Backup System Tape Coordinator (<B>butc</B> process) that controls
+the tape device or backup data file indicated by <VAR>device_name</VAR>.
+<P>As the Tape Coordinator initializes, it creates the file in ASCII format in
+the <B>/usr/afs/backup</B> directory. If there is an existing file,
+the Tape Coordinator renames it to
+<B>TE_</B><VAR>device_name</VAR><B>.old</B>, overwriting the
+existing <B>TE_</B><VAR>device_name</VAR><B>.old</B> file if it
+exists.
+<P>For a tape device, the Tape Coordinator derives the variable
+<VAR>device_name</VAR> portion of the filename from the device pathname listed
+in the local <B>/usr/afs/backup/tapeconfig</B> file, by stripping off the
+initial <B>/dev/</B> string and replacing any other slashes in the name
+with underscores. For example, the filename for a device called
+<B>/dev/rmt/4m</B> is <B>TE_rmt_4m</B>. Similarly, for a backup
+data file the Tape Coordinator strips off the initial slash (/) and replaces
+any other slashes in the name with underscores. For example, the
+filename for a backup data file called <B>/var/tmp/FILE</B> is
+<B>TE_var_tmp_FILE</B>.
+<P>The messages in the file describe the error and warning conditions the Tape
+Coordinator encounters as it operates. For instance, a message can list
+the volumes that are inaccessible during a dump operation, or warn that the
+Tape Coordinator is overwriting a tape or backup data file. The
+messages also appear in the <B>/usr/afs/backup/TL_</B><VAR>device_name</VAR>
+file, which traces most of the Tape Coordinator's actions.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf034.htm#HDRTL">TL_<I>device_name</I></A>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf030.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf032.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf031.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf033.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCLI_THISCELL" HREF="auarf002.htm#ToC_30">ThisCell (client version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3975"></A>
+<A NAME="IDX3976"></A>
+<A NAME="IDX3977"></A>
+<A NAME="IDX3978"></A>
+<A NAME="IDX3979"></A>
+<P>Defines client machine's cell membership
+<P><STRONG>Description</STRONG>
+<P>The client version of the <B>ThisCell</B> file defines the complete
+Internet domain-style name (for example, <B>abc.com</B>) of the
+cell to which the local client machine belongs. It must reside in the
+<B>/usr/vice/etc</B> directory on every AFS client machine. To
+change a client machine's cell membership, edit the file and reboot the
+machine.
+<P>The file is in ASCII format and contains a character string on a single
+line. The <I>IBM AFS Quick Beginnings</I> instructs the
+administrator to create it during the installation of each client
+machine.
+<P>The client machine's cell membership determines three defaults
+important to its functioning:
+<UL>
+<P><LI>The cell in which the machine's users authenticate by default.
+The effect is two-fold:
+<UL>
+<P><LI>The AFS-modified login utilities and the <B>klog</B> command
+interpreter contact an Authentication Server in the cell named in the
+<B>ThisCell</B> file (unless <B>-cell</B> argument to the
+<B>klog</B> command specifies an alternate cell).
+<P><LI>The command interpreters combine the cell name with the password that the
+user provides, generating an encryption key from the combination. For
+authentication to succeed, both the cell name and password must match the ones
+used to generate the user's encryption key stored in the Authentication
+Database.
+</UL>
+<P><LI>The cell the Cache Manager considers its local, or home, cell. By
+default, the Cache Manager allows programs that reside in its home cell to run
+with setuid permission, but not programs from foreign cells. For more
+details, see the <B>fs getcellstatus</B> and <B>fs setcell</B>
+reference pages.
+<P><LI>Which AFS server processes the local AFS command interpreters contact by
+default as they execute commands issued on the machine.
+</UL>
+<P>The client version of the <B>ThisCell</B> file is distinct from the
+server version, which resides in the <B>/usr/afs/etc</B> directory on each
+AFS server machine. If a server machine also runs as a client, it is
+acceptable for the server and client versions of the file on the same machine
+to name different cells. However, the behavior that results from this
+configuration can be more confusing than useful.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf033.htm#HDRSV_THISCELL">ThisCell (server version)</A>
+<P><A HREF="auarf144.htm#HDRFS_GETCELLSTATUS">fs getcellstatus</A>
+<P><A HREF="auarf159.htm#HDRFS_SETCELL">fs setcell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf031.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf033.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf032.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf034.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSV_THISCELL" HREF="auarf002.htm#ToC_31">ThisCell (server version)</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3980"></A>
+<A NAME="IDX3981"></A>
+<A NAME="IDX3982"></A>
+<A NAME="IDX3983"></A>
+<A NAME="IDX3984"></A>
+<P>Defines server machine's cell membership
+<P><STRONG>Description</STRONG>
+<P>The server version of the <B>ThisCell</B> file defines the complete
+Internet domain-style name (for example, <B>abc.com</B>) of the
+cell to which the server machine belongs. It must reside in the
+<B>/usr/afs/etc</B> directory on every AFS server machine.
+<P>The file is in ASCII format and contains a character string on a single
+line. The initial version of the file is created with the <B>bos
+setcellname</B> command during the installation of the cell's first
+file server machine, and the <I>IBM AFS Quick Beginnings</I> includes
+instructions for copying it over to additional server machine during their
+installation.
+<P>The only reason to edit the file is as part of changing the cell's
+name, which is strongly discouraged because of the large number of
+configuration changes involved. In particular, changing the cell name
+requires rebuilding the entire Authentication Database, because the
+Authentication Server combines the cell name it finds in this file with each
+user and server password and converts the combination into an encryption key
+before recording it in the Database.
+<P>The server version of the <B>ThisCell</B> file is distinct from the
+client version, which resides in the <B>/usr/vice/etc</B> directory on
+each AFS client machine. If a server machine also runs as a client, it
+is acceptable for the server and client versions of the file on the same
+machine to name different cells. However, the behavior that results
+from this configuration can be more confusing than useful.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf116.htm#HDRBOS_SETCELLNAME">bos setcellname</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf032.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf034.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf033.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf035.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRTL" HREF="auarf002.htm#ToC_32">TL_<I>device_name</I></A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Traces Tape Coordinator operations and logs errors
+<P><STRONG>Description</STRONG>
+<P>The <B>TL_</B><VAR>device_name</VAR> file logs the actions performed by
+the Backup System Tape Coordinator (<B>butc</B> process) that controls the
+tape device or backup data file indicated by <VAR>device_name</VAR>. It
+also records the same error and warning messages written to the
+<B>TE_</B><VAR>device_name</VAR> file.
+<P>As the Tape Coordinator initializes, it creates the file in ASCII format in
+the <B>/usr/afs/backup</B> directory. If there is an existing file,
+the Tape Coordinator renames it to
+<B>TL_</B><VAR>device_name</VAR><B>.old</B>, overwriting the
+existing <B>TL_</B><VAR>device_name</VAR><B>.old</B> file if it
+exists.
+<P>For a tape device, the Tape Coordinator derives the variable
+<VAR>device_name</VAR> portion of the filename from the device pathname listed
+in the local <B>/usr/afs/backup/tapeconfig</B> file, by stripping off the
+initial <B>/dev/</B> string and replacing any other slashes in the name
+with underscores. For example, the filename for a device called
+<B>/dev/rmt/4m</B> is <B>TL_rmt_4m</B>. Similarly, for a backup
+data file the Tape Coordinator strips off the initial slash (/) and replaces
+any other slashes in the name with underscores. For example, the
+filename for a backup data file called <B>/var/tmp/FILE</B> is
+<B>TL_var_tmp_FILE</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf031.htm#HDRTE">TE_<I>device_name</I></A>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf033.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf035.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf034.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf036.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSERLIST" HREF="auarf002.htm#ToC_33">UserList</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3985"></A>
+<A NAME="IDX3986"></A>
+<P>Defines privileged administrators
+<P><STRONG>Description</STRONG>
+<P>The <B>UserList</B> file lists the AFS usernames of the system
+administrators authorized to issue privileged <B>bos</B>, <B>vos</B>,
+and <B>backup</B> commands that affect the local server machine or the
+volumes housed on it. It must reside in the <B>/usr/afs/etc</B>
+directory on every server machine.
+<P>Although the <B>UserList</B> file is in ASCII format, do not use a text
+editor to alter it. Instead always use the appropriate commands from
+the <B>bos</B> command suite:
+<UL>
+<P><LI>The <B>bos adduser</B> command to add a user to the file
+<P><LI>The <B>bos listusers</B> command to display the contents of the file
+<P><LI>The <B>bos removeuser</B> command to remove a user from the file
+</UL>
+<P>Although it is theoretically possible to list different administrators in
+the <B>UserList</B> files on different server machines, doing so can cause
+unanticipated authorization failures and is not recommended. In cells
+that run the United States edition of AFS and use the Update Server to
+distribute the contents of the <B>/usr/afs/etc</B> directory, it is
+customary to edit only the copy of the file stored on the system control
+machine. In cells that run the international version of AFS, edit the
+file on each server machine individually.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf096.htm#HDRBOS_ADDUSER">bos adduser</A>
+<P><A HREF="auarf108.htm#HDRBOS_LISTUSERS">bos listusers</A>
+<P><A HREF="auarf112.htm#HDRBOS_REMOVEUSER">bos removeuser</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf034.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf036.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf035.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf037.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVN" HREF="auarf002.htm#ToC_34">V<I>n</I></A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3987"></A>
+<A NAME="IDX3988"></A>
+<A NAME="IDX3989"></A>
+<P>Houses a chunk of AFS data in the disk cache
+<P><STRONG>Description</STRONG>
+<P>A <B>V</B><VAR>n</VAR> file can store a chunk of cached AFS data on a
+client machine that is using a disk cache. As the Cache Manager
+initializes, it verifies that the local disk cache directory houses a number
+of <B>V</B><VAR>n</VAR> files equal to the largest of the following:
+<UL>
+<P><LI>100
+<P><LI>One and a half times the result of dividing the cache size by the chunk
+size (cachesize/chunksize * 1.5)
+<P><LI>The result of dividing the cache size by 10 MB (10,240)
+</UL>
+<P>The Cache Manager determines the cache size from the <B>-blocks</B>
+argument to the <B>afsd</B> command, or if the argument is not included,
+from the third field of the <B>/usr/vice/etc/cacheinfo</B> file.
+The default chunk size is 64 KB; use the <B>-chunksize</B> argument
+to the <B>afsd</B> command to override it. To override the default
+number of chunks resulting from the calculation, include the <B>-files</B>
+argument to the <B>afsd</B> command. The <B>afsd</B> reference
+page describes the restrictions on acceptable values for each of the
+arguments.
+<P>If the disk cache directory houses fewer <B>V</B><VAR>n</VAR> files than
+necessary, the Cache Manager creates new ones, assigning each a unique integer
+<VAR>n</VAR> that distinguishes it from the other files; the integers start
+with 1 and increment by one for each <B>V</B><VAR>n</VAR> file
+created. The Cache Manager removes files if there are more than
+necessary. The Cache Manager also adds and removes
+<B>V</B><VAR>n</VAR> files in response to the <B>fs setcachesize</B>
+command, which can be used to alter the cache size between reboots.
+<P>The standard disk cache directory name is <B>/usr/vice/cache</B>, but
+it is acceptable to use a directory on a partition with more available
+space. To designate a different directory, change the value in the
+second field of the <B>/usr/vice/etc/cacheinfo</B> file before issuing the
+<B>afsd</B> command, or include the <B>-cachedir</B> argument to the
+<B>afsd</B> command.
+<P><B>V</B><VAR>n</VAR> files expand and contract to accommodate the size of
+the AFS directory listing or file they temporarily house. As mentioned,
+by default each <B>V</B><VAR>n</VAR> file holds up to 64 KB (65,536 bytes)
+of a cached AFS element. AFS elements larger than 64 KB are divided
+among multiple <B>V</B><VAR>n</VAR> files. If an element is smaller
+than 64 KB, the <B>V</B><VAR>n</VAR> file expands only to the required
+size. A <B>V</B><VAR>n</VAR> file accommodates only a single element,
+so if there many small cached elements, it is possible to exhaust the
+available <B>V</B><VAR>n</VAR> files without reaching the maximum cache
+size.
+<P><STRONG>Cautions</STRONG>
+<P>Editing or removing a <B>V</B><VAR>n</VAR> file can cause a kernel
+panic. To alter cache size (and thus the number of
+<B>V</B><VAR>n</VAR> files) between reboots, use the <B>fs
+setcachesize</B> command. Alternatively, alter the value of the
+<B>-blocks</B>, <B>-files</B> or <B>-chunksize</B> arguments to
+the <B>afsd</B> command invoked in the machine's AFS initialization
+file, and reboot. To refresh the contents of one or more
+<B>V</B><VAR>n</VAR> files, use the <B>fs flush</B> or <B>fs
+flushvolume</B> command. If a <B>V</B><VAR>n</VAR> file is
+accidentally modified or deleted, rebooting the machine usually restores
+normal performance.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf140.htm#HDRFS_FLUSH">fs flush</A>
+<P><A HREF="auarf142.htm#HDRFS_FLUSHVOLUME">fs flushvolume</A>
+<P><A HREF="auarf158.htm#HDRFS_SETCACHESIZE">fs setcachesize</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf035.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf037.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf036.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf038.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVVOLID" HREF="auarf002.htm#ToC_35">V<I>vol_ID</I>.vol</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3990"></A>
+<A NAME="IDX3991"></A>
+<A NAME="IDX3992"></A>
+<A NAME="IDX3993"></A>
+<P>Represents an AFS volume
+<P><STRONG>Description</STRONG>
+<P>The <B>V</B><VAR>vol_ID</VAR><B>.vol</B> file is the header
+file for the AFS volume with volume ID <VAR>vol_ID</VAR>. There is one
+such file for each volume stored on an AFS server (<B>/vicep</B>)
+partition. The header file stores information that includes the
+volume's name, ID number, type (read/write, read-only, or backup), size
+and status (online, offline, or busy). To display information from the
+header file, use the <B>vos listvol</B> or <B>vos examine</B>
+command.
+<P>The header file points to, but does not contain, the actual data in the
+volume. It is not possible to access the AFS data except by mounting
+the volume in the AFS filespace and reading its contents through the Cache
+Manager.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf036.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf038.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf037.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf039.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVLLOG" HREF="auarf002.htm#ToC_36">VLLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3994"></A>
+<A NAME="IDX3995"></A>
+<A NAME="IDX3996"></A>
+<P>Traces Volume Location Server operations
+<P><STRONG>Description</STRONG>
+<P>The <B>VLLog</B> file records a trace of Volume Location (VL) Server
+(<B>vlserver</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>VLLog</B> file does not already exist in the
+<B>/usr/afs/logs</B> directory when the VL Server starts, the server
+process creates it and writes initial start-up messages to it. If there
+is an existing file, the VL Server renames it to <B>VLLog.old</B>,
+overwriting the existing <B>VLLog.old</B> file if it exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log onto the server
+machine and use a text editor or a file display command such as the UNIX
+<B>cat</B> command. By default, the mode bits on the
+<B>VLLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The VL Server records operations only as it completes them, and cannot
+recover from failures by reviewing the file. The log contents are
+useful for administrative evaluation of process failures and other
+problems.
+<P>The VL Server can record messages at three levels of detail. By
+default, it records only very rudimentary messages. To increase logging
+to the first level of detail, issue the following command while logged onto
+the database server machine as the local superuser <B>root</B>.
+<PRE> # <B>kill -TSTP</B> <VAR>vlserver_pid</VAR>
+
+</PRE>
+<P>where <VAR>vlserver_pid</VAR> is the process ID of the <B>vlserver</B>
+process, as reported in the output from the standard UNIX <B>ps</B>
+command. To increase to the second and third levels of detail, repeat
+the command.
+<P>To disable logging, issue the following command.
+<PRE>
+ # <B>kill -HUP</B> <VAR>vlserver_pid</VAR>
+
+</PRE>
+<P>To decrease the level of logging, first completely disable it and then
+issue the <B>kill -TSTP</B> command as many times as necessary to reach
+the desired level.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf037.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf039.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf038.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf040.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOLSERLOG" HREF="auarf002.htm#ToC_37">VolserLog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX3997"></A>
+<A NAME="IDX3998"></A>
+<A NAME="IDX3999"></A>
+<P>Traces Volume Server operations
+<P><STRONG>Description</STRONG>
+<P>The <B>VolserLog</B> file records a trace of Volume Server
+(<B>volserver</B> process) operations on the local machine and describes
+any error conditions it encounters.
+<P>If the <B>VolserLog</B> file does not already exist in the
+<B>/usr/afs/logs</B> directory when the Volume Server starts, the server
+process creates it and writes initial start-up messages to it. If there
+is an existing file, the Volume Server renames it to
+<B>VolserLog.old</B>, overwriting the existing
+<B>VolserLog.old</B> file if it exists.
+<P>The file is in ASCII format. Administrators listed in the
+<B>/usr/afs/etc/UserList</B> file can use the <B>bos getlog</B>
+command to display its contents. Alternatively, log onto the file
+server machine and use a text editor or a file display command such as the
+UNIX <B>cat</B> command. By default, the mode bits on the
+<B>VolserLog</B> file grant the required <B>r</B> (<B>read</B>)
+permission to all users.
+<P>The Volume Server records operations only as it completes them, and so
+cannot recover from failures by reviewing the file. The log contents
+are useful for administrative evaluation of process failures and other
+problems.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf038.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf040.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf039.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf041.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOLUMEITEMS" HREF="auarf002.htm#ToC_38">VolumeItems</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4000"></A>
+<A NAME="IDX4001"></A>
+<A NAME="IDX4002"></A>
+<A NAME="IDX4003"></A>
+<P>Records location mappings for volumes accessed by a Cache Manager using a
+disk cache
+<P><STRONG>Description</STRONG>
+<P>The <B>VolumeItems</B> file records the mapping between volume name and
+mount point for each volume that the Cache Manager has accessed since it
+initialized on a client machine using a disk cache. The Cache Manager
+uses the mappings to respond correctly to queries about the current working
+directory, which can come from the operating system or commands such as the
+UNIX <B>pwd</B> command.
+<P>As it initializes, the Cache Manager creates the binary-format
+<B>VolumeItems</B> file in the local disk cache directory, and it must
+always remain there. The conventional directory name is
+<B>/usr/vice/cache</B>.
+<P><STRONG>Cautions</STRONG>
+<P>Editing or removing the <B>VolumeItems</B> file can cause a kernel
+panic. To refresh the contents of the file, instead use the <B>fs
+checkvolumes</B> command. If the <B>VolumeItems</B> file is
+accidentally modified or deleted, rebooting the machine usually restores
+normal performance.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf017.htm#HDRCACHEITEMS">CacheItems</A>
+<P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf134.htm#HDRFS_CHECKVOLUMES">fs checkvolumes</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf039.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf041.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf040.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf042.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRAFSZCM" HREF="auarf002.htm#ToC_39">afszcm.cat</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4004"></A>
+<A NAME="IDX4005"></A>
+<P>Error message catalog for debugging the Cache Manager
+<P><STRONG>Description</STRONG>
+<P>The <B>afszcm.cat</B> file is a message catalog for the Cache
+Manager. The <B>fstrace dump</B> command interpreter uses it in
+conjunction with the standard UNIX catalog utilities to translate Cache
+Manager operation codes into character strings as it writes traces in the
+<B>fstrace</B> trace log, which makes the log more readable.
+<P>The conventional location for the file is the <B>/usr/vice/etc/C/</B>
+directory. It can be placed in another directory if the NLSPATH and
+LANG environment variables are set appropriately.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf172.htm#HDRFSTRACE_DUMP">fstrace dump</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf040.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf042.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf041.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf043.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBDBDB" HREF="auarf002.htm#ToC_40">bdb.DB0 and bdb.DBSYS1</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4006"></A>
+<A NAME="IDX4007"></A>
+<A NAME="IDX4008"></A>
+<A NAME="IDX4009"></A>
+<A NAME="IDX4010"></A>
+<P>Contain the Backup Database and associated log
+<P><STRONG>Description</STRONG>
+<P>The <B>bdb.DB0</B> file contains the Backup Database, which
+records configuration information used by the AFS Backup System along with
+cross-indexed records of the tapes created and volumes dumped using the Backup
+System commands.
+<P>The <B>bdb.DBSYS1</B> file is a log file in which the Backup
+Server (<B>buserver</B> process) logs each database operation before
+performing it. When an operation is interrupted, the Backup Server
+replays the log to complete the operation.
+<P>Both files are in binary format and reside in the <B>/usr/afs/db</B>
+directory on each database server machine that runs the Backup Server.
+When the Backup Server starts or restarts on a given machine, it establishes a
+connection with its peers and verifies that its copy of the
+<B>bdb.DB0</B> file matches the copy on the other database server
+machines. If not, the Backup Servers use AFS's distributed
+database technology, Ubik, to distribute to all of the machines the copy of
+the database with the highest version number.
+<P>Use the commands in the <B>backup</B> suite to administer the Backup
+Database. It is advisable to create a backup copy of the
+<B>bdb.DB0</B> file on tape on a regular basis, using the UNIX
+<B>tar</B> command or another local disk backup utility.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf041.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf043.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf042.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf044.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRCACHEINFO" HREF="auarf002.htm#ToC_41">cacheinfo</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Defines configuration parameters for the Cache Manager
+<P><STRONG>Description</STRONG>
+<P>The <B>cacheinfo</B> file defines configuration parameters for the
+Cache Manager, which reads the file as it initializes.
+<P>The file contains a single line of ASCII text and must reside in the
+<B>/usr/vice/etc</B> directory. Use a text editor to create it
+during initial configuration of the client machine; the required format
+is as follows:
+<PRE> <VAR>mount_dir</VAR>:<VAR>cache_dir</VAR>:<VAR>cache_size</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>mount_dir</VAR>
+</B><DD>Names the local disk directory at which the Cache Manager mounts the AFS
+namespace. It must exist before the <B>afsd</B> program
+runs. The conventional value is <B>/afs</B>. Using any other
+value prevents traversal of pathnames that begin with <B>/afs</B> (such as
+pathnames to files in foreign cells that do use the conventional name).
+The <B>-mountdir</B> argument to the <B>afsd</B> command overrides
+this value.
+<P><DT><B><VAR>cache_dir</VAR>
+</B><DD>Names the local disk directory to use as a cache. It must exist
+before the <B>afsd</B> program runs. The standard value is
+<B>/usr/vice/cache</B>, but it is acceptable to substitute a directory on
+a partition with more available space. Although the Cache Manager
+ignores this field when configuring a memory cache, a value must always appear
+in it. The <B>-cachedir</B> argument to the <B>afsd</B> command
+overrides this value.
+<P><DT><B><VAR>cache_size</VAR>
+</B><DD>Specifies the cache size as a number of 1-kilobyte blocks. Larger
+caches generally yield better performance, but a disk cache must not exceed
+90% of the space available on the cache partition (85% for AIX systems), and a
+memory cache must use no more than 25% of available machine memory.
+<P>The <B>-blocks</B> argument to the <B>afsd</B> command overrides
+this value. To reset cache size without rebooting on a machine that
+uses disk caching, use the <B>fs setcachesize</B> command. To
+display the current size of a disk or memory cache between reboots, use the
+<B>fs getcacheparms</B> command.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>cacheinfo</B> file mounts the AFS namespace at
+<B>/afs</B>, establishes a disk cache in the <B>/usr/vice/cache</B>
+directory, and defines cache size as 50,000 1-kilobyte blocks.
+<PRE> /afs:/usr/vice/cache:50000
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf143.htm#HDRFS_GETCACHEPARMS">fs getcacheparms</A>
+<P><A HREF="auarf158.htm#HDRFS_SETCACHESIZE">fs setcachesize</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf042.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf044.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf043.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf045.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFMSLOG" HREF="auarf002.htm#ToC_42">fms.log</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Records output from the <B>fms</B> command
+<P><STRONG>Description</STRONG>
+<P>The <B>fms.log</B> file records the output generated by the
+<B>fms</B> command. The output includes two numbers that can appear
+in a tape device's entry in the <B>/usr/afs/backup/tapeconfig</B>
+file on the Tape Coordinator machine to which the tape device is
+attached:
+<UL>
+<P><LI>The capacity in bytes of the tape in the device
+<P><LI>The size in bytes of the end-of-file (EOF) marks (often referred to simply
+as <I>filemarks</I>) that the tape device writes
+</UL>
+<P>When transferring the numbers recorded in this file to the
+<B>tapeconfig</B> file, adjust them as specified on the reference page for
+the <B>tapeconfig</B> file, to improve Tape Coordinator performance during
+dump operations.
+<P>If the <B>fms.log</B> file does not already exist in the current
+working directory, the <B>fms</B> command interpreter creates it.
+In this case, the directory's mode bits must grant the <B>rwx</B>
+(<B>read</B>, <B>write</B>, and <B>execute</B>) permissions to the
+issuer of the command. If there is an existing file, the command
+interpreter overwrites it, so the file's mode bits need to grant only the
+<B>w</B> permission to the issuer of the <B>fms</B> command.
+The <B>fms</B> command interpreter also writes similar information to the
+standard output stream as it runs.
+<P>The file is in ASCII format. To display its contents, log onto the
+client machine and use a text editor or a file display command such as the
+UNIX <B>cat</B> command. By default, the mode bits on the
+<B>fms.log</B> file grant the required <B>r</B> permission only
+to the owner (which is the local superuser <B>root</B> by default).
+<P><STRONG>Output</STRONG>
+<P>The first few lines of the file provide a simple trace of the
+<B>fms</B> command interpreter's actions, specifying (for example)
+how many blocks it wrote on the tape. The final two lines in the file
+specify tape capacity and filemark size in bytes, using the following
+format:
+<PRE> Tape capacity is <VAR>tape_size</VAR> bytes
+ File marks are <VAR>filemark_size</VAR> bytes
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example of the <B>fms.log</B> file specifies that
+the tape used during the execution of the <B>fms</B> command had a
+capacity of 2,136,604,672 bytes, and that the tape device writes filemarks of
+size 1,910,220 bytes.
+<PRE> fms test started
+ wrote 130408 blocks
+ Tape capacity is 2136604672 bytes
+ File marks are 1910220 bytes
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P><A HREF="auarf130.htm#HDRFMS">fms</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf043.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf045.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf044.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf046.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKASERVERDB" HREF="auarf002.htm#ToC_43">kaserver.DB0 and kaserver.DBSYS1</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4011"></A>
+<A NAME="IDX4012"></A>
+<A NAME="IDX4013"></A>
+<A NAME="IDX4014"></A>
+<A NAME="IDX4015"></A>
+<P>Contain the Authentication Database and associated log
+<P><STRONG>Description</STRONG>
+<P>The <B>kaserver.DB0</B> file contains the Authentication
+Database, which records server encryption keys and an encrypted form of all
+user passwords. The Authentication Server (<B>kaserver</B> process)
+uses the information in the database to enable secured communications between
+AFS server and client processes.
+<P>The <B>kaserver.DBSYS1</B> file is a log file in which the
+Authentication Server logs each database operation before performing
+it. When an operation is interrupted, the Authentication Server replays
+the log to complete the operation.
+<P>Both files are in binary format and reside in the <B>/usr/afs/db</B>
+directory on each of the cell's database server machines. When the
+Authentication Server starts or restarts on a given machine, it establishes a
+connection with its peers and verifies that its copy of the database matches
+the copy on the other database server machines. If not, the
+Authentication Servers call on AFS's distributed database technology,
+Ubik, to distribute to all of the machines the copy of the database with the
+highest version number.
+<P>Always use the commands in the <B>kas</B> suite to administer the
+Authentication Database. It is advisable to create an archive copy of
+the database on a regular basis, using a tool such as the UNIX <B>tar</B>
+command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf180.htm#HDRKADB_CHECK">kadb_check</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf044.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf046.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf045.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf047.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKASERVERAUXDB" HREF="auarf002.htm#ToC_44">kaserverauxdb</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4016"></A>
+<A NAME="IDX4017"></A>
+<P>Records failed authentication attempts
+<P><STRONG>Description</STRONG>
+<P>The file <B>kaserverauxdb</B> records failed authentication attempts
+for the local Authentication Server. The server creates it
+automatically in the <B>/usr/afs/local</B> directory by default; use
+the <B>-localfiles</B> argument to the <B>kaserver</B> command to
+specify an alternate directory.
+<P>The <B>kaserverauxdb</B> file is an internal database used by the
+Authentication Server to prevent access by users who have exceeded the limit
+on failed authentication attempts defined in their Authentication Database
+entry. The Authentication Server refuses further attempts to
+authenticate to an account listed in the database until either an AFS system
+administrator issues the <B>kas unlock</B> command to unlock the account,
+or the timeout period defined in the user's Authentication Database entry
+passes.
+<P>The <B>kaserverauxdb</B> file is in binary format, so its contents are
+not directly accessible. However, the output from the <B>kas
+examine</B> command reports an account's maximum number of failed
+attempts, the lockout time, and whether the account is currently
+locked.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf045.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf047.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf046.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf048.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPRDBDB" HREF="auarf002.htm#ToC_45">prdb.DB0 and prdb.DBSYS1</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4018"></A>
+<A NAME="IDX4019"></A>
+<A NAME="IDX4020"></A>
+<A NAME="IDX4021"></A>
+<A NAME="IDX4022"></A>
+<P>Contain the Protection Database and associated log
+<P><STRONG>Description</STRONG>
+<P>The <B>prdb.DB0</B> file contains the Protection Database, which
+maps AFS user, machine, and group names to their respective IDs (AFS UIDs and
+GIDs) and tracks group memberships. The Protection Server
+(<B>ptserver</B> process) uses the information in the database to help the
+File Server grant data access to authorized users.
+<P>The <B>prdb.DBSYS1</B> file is a log file in which the
+Protection Server logs each database operation before performing it.
+When an operation is interrupted, the Protection Server replays the log to
+complete the operation.
+<P>Both files are in binary format and reside in the <B>/usr/afs/db</B>
+directory on each of the cell's database server machines. When the
+Protection Server starts or restarts on a given machine, it establishes a
+connection with its peers and verifies that its copy of the database matches
+the copy on the other database server machines. If not, the Protection
+Servers call on AFS's distributed database technology, Ubik, to
+distribute to all of the machines the copy of the database with the highest
+version number.
+<P>Always use the commands in the <B>pts</B> suite to administer the
+Protection Database. It is advisable to create an archive copy of the
+database on a regular basis, using a tool such as the UNIX <B>tar</B>
+command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf209.htm#HDRPRDB_CHECK">prdb_check</A>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf046.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf048.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf047.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf049.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSALVAGELOCK" HREF="auarf002.htm#ToC_46">salvage.lock</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Prevents multiple simultaneous salvage operations on a partition
+<P><STRONG>Description</STRONG>
+<P>The <B>salvage.lock</B> file guarantees that only one Salvager
+(<B>salvager</B> process) runs at a time on a file server machine (the
+single process can fork multiple subprocesses to salvage multiple partitions
+in parallel). As the Salvager initializes, it creates the empty
+(zero-length) file in the <B>/usr/afs/local</B> directory and invokes the
+<B>flock</B> system call on it. It removes the file when it
+completes the salvage operation. Because the Salvager must lock the
+file to run, only one Salvager can run at a time.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf047.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf049.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf048.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf050.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSYSID" HREF="auarf002.htm#ToC_47">sysid</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4023"></A>
+<A NAME="IDX4024"></A>
+<A NAME="IDX4025"></A>
+<A NAME="IDX4026"></A>
+<P>Lists file server machine interface addresses registered in VLDB
+<P><STRONG>Description</STRONG>
+<P>The <B>sysid</B> file records the network interface addresses that the
+File Server (<B>fileserver</B> process) registers in the Volume Location
+Database (VLDB) for the local file server machine.
+<P>Each time the File Server restarts, it builds a list of interfaces on the
+local machine by reading the <B>/usr/afs/local/NetInfo</B> file, if it
+exists. If the file does not exist, the File Server uses the list of
+network interfaces configured with the operating system. It then
+removes from the list any addresses that appear in the
+<B>/usr/afs/local/NetRestrict</B> file, if it exists. The File
+Server records the resulting list in the binary-format <B>sysid</B> file
+and registers the interfaces in the VLDB.
+<P>When the Cache Manager requests volume location information, the Volume
+Location (VL) Server provides all of the interfaces registered for each server
+machine that houses the volume. This enables the Cache Manager to make
+use of multiple addresses when accessing AFS data stored on a multihomed file
+server machine.
+<P><STRONG>Cautions</STRONG>
+<P>The <B>sysid</B> file is unique to each file server machine, and must
+not be copied from one machine to another. If it is a common practice
+in the cell to copy the contents of the <B>/usr/afs/local</B> directory
+from an existing file server machine to a newly installed one, be sure to
+remove the <B>sysid</B> file from the new machine before starting the
+<B>fs</B> trio of processes, which includes the <B>fileserver</B>
+process.
+<P>Some versions of AFS limit how many of a file server machine's
+interface addresses that can be registered. Consult the <I>IBM AFS
+Release Notes</I>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf025.htm#HDRSV_NETINFO">NetInfo (server version)</A>
+<P><A HREF="auarf027.htm#HDRSV_NETRESTRICT">NetRestrict (server version)</A>
+<P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf048.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf050.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf049.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf051.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRTAPECONFIG" HREF="auarf002.htm#ToC_48">tapeconfig</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4027"></A>
+<A NAME="IDX4028"></A>
+<A NAME="IDX4029"></A>
+<P>Defines configuration parameters for all tape devices and backup data files
+on a Tape Coordinator machine
+<P><STRONG>Description</STRONG>
+<P>The <B>tapeconfig</B> file defines basic configuration parameters for
+all of the tape devices or backup data files available for backup operations
+on a Tape Coordinator machine. The file is in ASCII format and must
+reside in the local <B>/usr/afs/backup</B> directory. The
+instruction for each tape device or backup data file appears on its own line
+and each has the following format:
+<PRE> [<VAR>capacity</VAR> <VAR>filemark_size</VAR>] <VAR>device_name</VAR> <VAR>port_offset</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>capacity</VAR>
+</B><DD>Specifies the capacity of the tapes used with a tape device, or the amount
+of data to write into a backup data file. The Tape Coordinator refers
+to this value in two circumstances:
+<UL>
+<P><LI>When the capacity field of a tape or backup data file's label is
+empty (because the tape has never been labeled). The Tape Coordinator
+records this value on the label and uses it when determining how much data it
+can write to the tape or file during a <B>backup dump</B> or <B>backup
+savedb</B> operation. If there is already a capacity value on the
+label, the Tape Coordinator uses it instead.
+<P><LI>When the <B>-size</B> argument is omitted the first time the
+<B>backup labeltape</B> command is used on a given tape or file.
+The Tape Coordinator copies this value into the label's capacity
+field.
+</UL>
+<P>
+<P>The Tape Coordinator uses this capacity value or the one on the Backup
+System tape label to track how much space remains as it writes data to a tape
+or backup data file. The appropriate value to record for a tape depends
+on the size of the tapes usually used in the device and whether it has a
+compression mode; for suggested values, see the <I>IBM AFS
+Administration Guide</I> chapter on configuring the Backup System. If
+using a value obtained from the <B>fms</B> command, reduce it by 10% to
+15% before recording it in the file.
+<P>For a backup data file, it is best to provide a value that helps the Tape
+Coordinator avoid reaching the end-of-file (EOF) unexpectedly. Make it
+at least somewhat smaller than the amount of space available on the partition
+housing the file when the dump operation begins, and never larger than the
+maximum file size allowed by the operating system.
+<P>Specify a (positive) integer or decimal value followed by a letter than
+indicates units, with no intervening space. In a decimal number, the
+number of digits after the decimal point must not translate to fractions of
+bytes. The maximum acceptable value is 2048 GB (2 TB). The
+acceptable units letters are as follows; if the letter is omitted, the
+default is kilobytes.
+<P>
+<UL>
+<P><LI><B>k</B>or <B>K</B> for kilobytes (KB)
+<P><LI><B>m</B> or <B>M</B> for megabytes (MB)
+<P><LI><B>g</B> or <B>G</B> for gigabytes (GB)
+<P><LI><B>t</B> or <B>T</B> for terabytes (TB)
+</UL>
+<P>If this field is omitted, the Tape Coordinator uses the maximum acceptable
+value (2048 GB or 2 TB). Either leave both this field and the
+<VAR>filemark_size</VAR> field empty, or provide a value in both of them.
+<P><DT><B><VAR>filemark_size</VAR>
+</B><DD>Specifies the size of a tape device's filemarks (also called
+end-of-file or EOF marks), which is set by the device's
+manufacturer. In a dump to tape, the Tape Coordinator inserts filemarks
+at the boundary between the data from each volume, so the filemark size
+affects how much space is available for actual data.
+<P>The appropriate value to record for a tape depends on the size of the tapes
+usually used in the device and whether it has a compression mode; for
+suggested values, see the <I>IBM AFS Administration Guide</I> chapter on
+configuring the Backup System. If using a value obtained from the
+<B>fms</B> command, increase it by 10% to 15% before recording it in the
+file.
+<P>For backup data files, record a value of <B>0</B> (zero). The
+Tape Coordinator actually ignores this field for backup data files, because it
+does not use filemarks when writing to a file.
+<P>Use the same notation as for the <VAR>capacity</VAR> field, but note that the
+default units is bytes rather than kilobytes. The maximum acceptable
+value is 2048 GB.
+<P>If this field is empty, the Tape Coordinator uses the value <B>0</B>
+(zero). Either leave both this field and the <VAR>capacity</VAR> field
+empty, or provide a value in both of them.
+<P><DT><B><VAR>device_name</VAR>
+</B><DD>Specifies the complete pathname of the tape device or backup data
+file. The format of tape device names depends on the operating system,
+but on UNIX systems device names generally begin with the string
+<B>/dev/</B>. For a backup data file, this field defines the
+complete pathname; for a discussion of suggested naming conventions see
+the description of the <B>FILE</B> instruction in <A HREF="auarf018.htm#HDRCFG">CFG_<I>device_name</I></A>.
+<P><DT><B><VAR>port_offset</VAR>
+</B><DD>Specifies the port offset number associated with this combination of Tape
+Coordinator and tape device or backup data file.
+<P>Acceptable values are the integers <B>0</B> through <B>58510</B>
+(the Backup System can track a maximum of 58,511 port offset numbers).
+Each value must be unique among the cell's Tape Coordinators, but any
+number of them can be associated with a single machine. Port offset
+numbers need not be assigned sequentially, and can appear in any order in the
+<B>tapeconfig</B> file. Assign port offset <B>0</B> to the Tape
+Coordinator for the tape device or backup data file used most often for backup
+operations; doing so will allow the operator to omit the
+<B>-portoffset</B> argument from the largest possible number of
+<B>backup</B> commands.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>Creating the file requires UNIX <B>w</B> (<B>write</B>) and
+<B>x</B> (<B>execute</B>) permissions on the
+<B>/usr/afs/backup</B> directory. Editing the file requires UNIX
+<B>w</B> (<B>write</B>) permission on the file.
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>tapeconfig</B> file configures three tape
+devices and a backup data file. The first device has device name
+<B>/dev/rmt/0h</B>, and is assigned port offset <B>0</B> because it
+will be the most frequently used device for all backup operations in the
+cell. Its default tape capacity is 2 GB and filemark size is 1
+MB. The <B>/dev/rmt/3h</B> drive has half the capacity but a much
+smaller filemark size; its port offset is <B>3</B>. The third
+device listed, <B>/dev/rmt/4h</B>, has the same capacity and filemark size
+as the first device and is assigned port offset <B>2</B>. Port
+offset <B>4</B> is assigned to the backup data file <B>/dev/FILE</B>,
+which is actually a symbolic link to the actual file located elsewhere on the
+local disk. The Tape Coordinator writes up to 1.5 GB into the
+file; as recommended, the filemark size is set to zero.
+<PRE> 2G 1M /dev/rmt/0h 0
+ 1g 4k /dev/rmt/3h 3
+ 2G 1m /dev/rmt/4h 2
+ 1.5G 0 /dev/FILE 4
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf062.htm#HDRBK_ADDHOST">backup addhost</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf079.htm#HDRBK_LABELTAPE">backup labeltape</A>
+<P><A HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P><A HREF="auarf130.htm#HDRFMS">fms</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf049.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf051.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf050.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf052.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVLDBDB" HREF="auarf002.htm#ToC_49">vldb.DB0 and vldb.DBSYS1</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4030"></A>
+<A NAME="IDX4031"></A>
+<A NAME="IDX4032"></A>
+<A NAME="IDX4033"></A>
+<A NAME="IDX4034"></A>
+<A NAME="IDX4035"></A>
+<P>Contain the Volume Location Database and associated log
+<P><STRONG>Description</STRONG>
+<P>The file <B>vldb.DB0</B> contains the Volume Location Database
+(VLDB), which tracks the location of all AFS volumes stored on file server
+machines in the cell. The Volume Location (VL) Server
+(<B>vlserver</B> process) provides information from the database to Cache
+Managers when they need to access AFS data.
+<P>The file <B>vldb.DBSYS1</B> is a log file in which the VL Server
+logs each database operation before performing it. When an operation is
+interrupted, the VL Server replays the log to complete the operation.
+<P>Both files are in binary format and reside in the <B>/usr/afs/db</B>
+directory on each of the cell's database server machines. When the
+VL Server starts or restarts on a given machine, it establishes a connection
+with its peers and verifies that its copy of the database matches the copy on
+the other database server machines. If not, the VL Servers call on
+AFS's distributed database technology, Ubik, to distribute to all of the
+machines the copy of the database with the highest version number.
+<P>Always use the commands in the <B>vos</B> suite to administer the
+VLDB. It is advisable to create an archive copy of the database on a
+regular basis, using a tool such as the UNIX <B>tar</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf248.htm#HDRVLDB_CHECK">vldb_check</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf050.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf052.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf051.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf053.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRAFSMONCONFIG" HREF="auarf002.htm#ToC_50">afsmonitor Configuration File</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4036"></A>
+<A NAME="IDX4037"></A>
+<P>Provides instructions for the <B>afsmonitor</B> command
+<P><STRONG>Description</STRONG>
+<P>The <B>afsmonitor</B> configuration file determines which machines the
+<B>afsmonitor</B> command probes for File Server or Cache Manager
+statistics and which statistics it gathers. Use the <B>-config</B>
+argument to the <B>afsmonitor</B> command to identify the configuration
+file to use.
+<P>The instructions that can appear in the configuration file are as
+follows:
+<DL>
+<P><DT><B><TT>cm <VAR>host_name</VAR></TT>
+</B><DD>Names a client machine for which to display Cache Manager
+statistics. The order of <B>cm</B> lines in the file determines the
+order in which client machines appear from top to bottom on the <TT>System
+Overview</TT> and <TT>Cache Managers</TT> output screens.
+<P><DT><B><TT>fs <VAR>host_name</VAR></TT>
+</B><DD>Names a file server machine for which to display File Server
+statistics. The order of <B>fs</B> lines in the file determines the
+order in which file server machines appear from top to bottom on the
+<TT>System Overview</TT> and <TT>File Servers</TT> output screens.
+<P><DT><B><TT>thresh fs | cm <VAR>field_name</VAR> <VAR>thresh_val</VAR>
+[<VAR>cmd_to_run</VAR>] [<VAR>arg</VAR><SUB>1</SUB>] . . .
+[<VAR>arg</VAR><SUB>n</SUB>]</TT>
+</B><DD>Assigns the threshold value <VAR>thresh_val</VAR> to the statistic
+<VAR>field_name</VAR>, for either a File Server statistic (<B>fs</B>) or a
+Cache Manager statistic (<B>cm</B>). The optional
+<VAR>cmd_to_execute</VAR> field names a binary or script to execute each time
+the value of the statistic changes from being below <VAR>thresh_val</VAR> to
+being at or above <VAR>thresh_val</VAR>. A change between two values that
+both exceed <VAR>thresh_val</VAR> does not retrigger the binary or
+script. The optional <VAR>arg</VAR><SUB>1</SUB> through
+<VAR>arg</VAR><SUB>n</SUB> fields are additional values that the
+<B>afsmonitor</B> program passes as arguments to the
+<VAR>cmd_to_execute</VAR> command. If any of them include one or more
+spaces, enclose the entire field in double quotes.
+<P>The parameters <B>fs</B>, <B>cm</B>, <VAR>field_name</VAR>,
+<VAR>threshold_val</VAR>, and <VAR>arg</VAR><SUB>1</SUB> through
+<VAR>arg</VAR><SUB>n</SUB> correspond to the values with the same name on the
+<B>thresh</B> line. The <VAR>host_name</VAR> parameter identifies the
+file server or client machine where the statistic has crossed the threshold,
+and the <VAR>actual_val</VAR> parameter is the actual value of
+<VAR>field_name</VAR> that equals or exceeds the threshold value.
+<P>Use the <B>thresh</B> line to set either a global threshold, which
+applies to all file server machines listed on <B>fs</B> lines or client
+machines listed on <B>cm</B> lines in the configuration file, or a
+machine-specific threshold, which applies to only one file server or client
+machine.
+<UL>
+<P><LI>To set a global threshold, place the <B>thresh</B> line before any of
+the <B>fs</B> or <B>cm</B> lines in the file.
+<P><LI>To set a machine-specific threshold, place the <B>thresh</B> line
+below the corresponding <B>fs</B> or <B>cm</B> line, and above any
+other <B>fs</B> or <B>cm</B> lines. A machine-specific
+threshold value always overrides the corresponding global threshold, if
+set. Do not place a <B>thresh fs</B> line directly after a
+<B>cm</B> line or a <B>thresh cm</B> line directly after a
+<B>fs</B> line.
+</UL>
+<P><DT><B><TT>show fs | cm <VAR>field/group/section</VAR></TT>
+</B><DD>Specifies which individual statistic, group of statistics, or section of
+statistics to display on the <TT>File Servers</TT> screen (<B>fs</B>) or
+<TT>Cache Managers</TT> screen (<B>cm</B>) and the order in which to
+display them. The appendix of <B>afsmonitor</B> statistics in the
+<I>IBM AFS Administration Guide</I> specifies the group and section to
+which each statistic belongs. Include as many <B>show</B> lines as
+necessary to customize the screen display as desired, and place them anywhere
+in the file. The top-to-bottom order of the <B>show</B> lines in
+the configuration file determines the left-to-right order in which the
+statistics appear on the corresponding screen.
+<P>If there are no <B>show</B> lines in the configuration file, then the
+screens display all statistics for both Cache Managers and File
+Servers. Similarly, if there are no <B>show fs</B> lines, the
+<TT>File Servers</TT> screen displays all file server statistics, and if
+there are no <B>show cm</B> lines, the <TT>Cache Managers</TT> screen
+displays all client statistics.
+<P><DT><B># <VAR>comments</VAR>
+</B><DD>Precedes a line of text that the <B>afsmonitor</B> program ignores
+because of the initial number (<B>#</B>) sign, which must appear in the
+very first column of the line.
+</DL>
+<P>For a list of the values that can appear in the
+<VAR>field/group/section</VAR> field of a <B>show</B> instruction, see the
+<B>afsmonitor</B> statistics appendix to the <I>IBM AFS Administration
+Guide</I>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf059.htm#HDRAFSMONITOR">afsmonitor</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf051.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf053.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf052.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf054.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPACKAGECONFIG" HREF="auarf002.htm#ToC_51">package Configuration File</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4038"></A>
+<A NAME="IDX4039"></A>
+<A NAME="IDX4040"></A>
+<P>Provides instructions for the <B>package</B> command
+<P><STRONG>Description</STRONG>
+<P>The <B>package</B> configuration file defines the file system elements
+that the <B>package</B> command creates or alters on the local disk of an
+AFS client machine it is configuring. Use the <B>-config</B> or
+<B>-fullconfig</B> argument to the <B>package</B> command to identify
+the configuration file to use.
+<P><B>Summary of Configuration File Instructions</B>
+<P>The configuration file can include one or more instances of each of the
+following instructions, each on its own line. A more detailed
+description of each instruction's syntax follows this list.
+<DL>
+<P><DT><B>B
+</B><DD>Defines a block special device, such as a disk, which deals with input in
+units of multi-byte command blocks
+<P><DT><B>C
+</B><DD>Defines a character special device, such as a terminal or tty, which deals
+with input in single character units
+<P><DT><B>D
+</B><DD>Creates a directory
+<P><DT><B>F
+</B><DD>Creates or alters a file to match the contents of a specified source file
+<P><DT><B>L
+</B><DD>Creates a symbolic link
+<P><DT><B>S
+</B><DD>Defines a socket, which is a communications device for UDP and TCP/IP
+connections
+<P><DT><B>%define
+</B><DD>Defines a variable or declares a string as defined
+<P><DT><B>%ifdef
+</B><DD>Specifies an action to perform if a certain string is declared or defined
+<P><DT><B>%ifndef
+</B><DD>Specifies an action to perform if a certain string is not declared or
+defined
+<P><DT><B>%include
+</B><DD>Includes a library file
+<P><DT><B>%undef
+</B><DD>Declares a string not to be defined, or a variable no longer to have a
+value
+</DL>
+<P><B>The B and C Instructions for Defining Block and Character Special
+Devices</B>
+<A NAME="IDX4041"></A>
+<A NAME="IDX4042"></A>
+<A NAME="IDX4043"></A>
+<A NAME="IDX4044"></A>
+<A NAME="IDX4045"></A>
+<A NAME="IDX4046"></A>
+<A NAME="IDX4047"></A>
+<A NAME="IDX4048"></A>
+<A NAME="IDX4049"></A>
+<A NAME="IDX4050"></A>
+<A NAME="IDX4051"></A>
+<A NAME="IDX4052"></A>
+<A NAME="IDX4053"></A>
+<A NAME="IDX4054"></A>
+<A NAME="IDX4055"></A>
+<P>The <B>B</B> instruction in a <B>package</B> configuration file
+defines a block special device, such as a disk, that deals with input in units
+of multi-byte command blocks. The <B>C</B> instruction defines a
+character special device, such as a terminal or tty, that deals with input in
+single character units. They share a common syntax:
+<PRE> {<B>B </B>| <B>C</B>} <VAR>device_name</VAR> <VAR>major_device</VAR> <VAR>minor_device</VAR> <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>B
+</B><DD>Indicates the definition of a block special device. It must be a
+capital letter.
+<P><DT><B>C
+</B><DD>Indicates the definition of character special device. It must be a
+capital letter.
+<P><DT><B><VAR>device_name</VAR>
+</B><DD>Names the special device to define. To learn the name format
+appropriate to the machine's system type, consult the hardware or
+operating system documentation.
+<P><DT><B><VAR>major_device</VAR>
+</B><DD>Specifies the device's major device number in decimal format.
+To learn the correct value for the machine's system type, consult the
+hardware or operating system documentation.
+<P><DT><B><VAR>minor_device</VAR>
+</B><DD>Specifies the device's minor device number in one of hexadecimal,
+octal, or decimal format. Precede a hexadecimal number with the string
+<B>0x</B> (zero and the letter <B>x</B>) or an octal number with a
+<B>0</B> (zero). A number without either prefix is interpreted as a
+decimal. To learn the correct value for the machine's system type,
+consult the hardware or operating system documentation.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the device's owner in the output from the UNIX <B>ls -l</B>
+command.
+<P><DT><B><VAR>group</VAR>
+</B><DD>Specifies the group name or UNIX group ID (GID) of the group to be
+designated the device's group in the output from the UNIX <B>ls
+-lg</B> command.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the device's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
+</DL>
+<P><B>The D Instruction for Creating a Directory</B>
+<A NAME="IDX4056"></A>
+<A NAME="IDX4057"></A>
+<A NAME="IDX4058"></A>
+<A NAME="IDX4059"></A>
+<A NAME="IDX4060"></A>
+<A NAME="IDX4061"></A>
+<A NAME="IDX4062"></A>
+<P>The <B>D</B> instruction in a <B>package</B> configuration file
+creates a directory on the local disk. If a symbolic link, file, or
+other element on the local disk has the same name, it is replaced with a
+directory. If the directory already exists, its owner, group, and mode
+bits are changed if necessary to conform with the instruction. The
+instruction has the following syntax:
+<PRE> <B>D</B>[<VAR>update_code</VAR>] <VAR>directory</VAR> <VAR>owner</VAR> <VAR>group</VAR> <VAR>mode_bits</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>D
+</B><DD>Indicates the creation of a directory. It must be a capital
+letter.
+<P><DT><B><VAR>update_code</VAR>
+</B><DD>Modulates the directory creation instruction. It is optional and
+follows the letter <B>D</B> directly, without an intervening space.
+Choose one of the two acceptable values:
+<DL>
+<P><DT><B>X
+</B><DD>Indicates that the directory is a <B>lost+found</B> directory (used by
+the <B>fsck</B> program).
+<P><DT><B>R
+</B><DD>Removes any subdirectory (along its contents) or file that exists in the
+existing directory on the local disk but for which an instruction does not
+appear in the configuration file.
+</DL>
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Specifies the full pathname of the directory to create.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the directory's owner in the output from the UNIX <B>ls -ld</B>
+command.
+<P><DT><B><VAR>group</VAR>
+</B><DD>Specifies the name or UNIX group ID (GID) of the group to be designated
+the directory's group in the output from the UNIX <B>ls -lgd</B>
+command.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the directory's UNIX mode bits. Acceptable values are
+the standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>drwxr-xr-x</B>, and <B>644</B> to <B>drw-r--r--</B>.
+</DL>
+<P><B>The F Instruction for Creating or Updating a File</B>
+<A NAME="IDX4063"></A>
+<A NAME="IDX4064"></A>
+<A NAME="IDX4065"></A>
+<A NAME="IDX4066"></A>
+<A NAME="IDX4067"></A>
+<A NAME="IDX4068"></A>
+<A NAME="IDX4069"></A>
+<P>The <B>F</B> instruction in a <B>package</B> configuration file
+creates or updates a file on the local disk by copying in the contents of the
+indicated source file, which can reside in AFS or on the local disk. If
+the <B>package</B> command interpreter cannot access the source file, it
+exits without executing any instruction in the configuration file.
+<P>If a file with the same name already exists on disk, the <B>package</B>
+command overwrites it with the contents of the source file, unless the
+<B>I</B> update code is used to prevent that. To add a
+<B>.old</B> extension to the current version of the file, include
+the <B>O</B> update code. To have the machine reboot automatically
+after the <B>package</B> program completes, include the <B>Q</B>
+update code.
+<P>If a symbolic link, directory, or other element on the local disk has the
+same name, it is replaced with the file (a directory's contents are first
+removed as necessary).
+<P>The instruction has the following syntax:
+<PRE> <B>F</B>[<VAR>update_code</VAR>] <VAR>file</VAR> <VAR>source_file</VAR> [<VAR>owner group mode_bits</VAR>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>F
+</B><DD>Indicates the creation or update of a file. It must be a capital
+letter.
+<P><DT><B><VAR>update_code</VAR>
+</B><DD>Modulates the file creation instruction. It is optional and follows
+the letter <B>F</B> directly, without an intervening space. Choose
+one or more of the four acceptable values, and list them in any order:
+<DL>
+<P><DT><B>A
+</B><DD>Indicates that the pathname in the <VAR>source_file</VAR> field is the
+complete pathname of the source file, including the filename. If this
+argument is omitted, the <B>package</B> command appends the pathname in
+the <VAR> file</VAR> field to the pathname in the <VAR>source_file</VAR> field to
+derive the source file's full name. This code allows the source
+and target filenames to differ.
+<P><DT><B>I
+</B><DD>Preserves the existing file called <VAR>file</VAR>, rather than overwriting
+it.
+<P><DT><B>O
+</B><DD>Saves the existing version of the file by appending a
+<B>.old</B> extension to it.
+<P><DT><B>Q
+</B><DD>Causes the <B>package</B> command to exit with status code
+<B>4</B> if it overwrites the file. If the standard
+<B>package</B>-related changes have been made to the machine's AFS
+initialization file, then status code <B>4</B> causes the machine to
+reboot automatically. Use this code when the machine must reboot if
+updates to the file are to have any effect (for example, if the operating
+system file--<B>/vmunix</B> or equivalent--has changed).
+</DL>
+<P><DT><B><VAR>file</VAR>
+</B><DD>Specifies the complete pathname on the local disk of the file to create or
+update, including the filename as the final element.
+<P><DT><B><VAR>source_file</VAR>
+</B><DD>Specifies the pathname (local or AFS) of the file to copy to the local
+disk.
+<P>If the <B>A</B> update code is included, specify the source file's
+complete pathname. Otherwise, the <B>package</B> command derives
+the source file's full name by appending the <VAR>file</VAR> pathname to
+this pathname. For example, if the <B>A</B> update code is not
+included and the file <B>/afs/abc.com/rs_aix42/bin/grep</B> is the
+source file for the <B>/bin/grep</B> binary, the proper value in this
+field is <B>/afs/abc.com/rs_aix42</B>.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the file's owner in the output from the UNIX <B>ls -l</B>
+command.
+<P>To copy the source file's owner to the target file, leave this field
+empty. In this case, the <VAR>group</VAR> and <VAR>mode_bits</VAR> fields
+must also be empty.
+<P><DT><B><VAR>group</VAR>
+</B><DD>Specifies the name or UNIX group ID (GID) of the group to be designated
+the file's group in the output from the UNIX <B>ls -lg</B>
+command.
+<P>To copy the source file's group to the target file, leave this field
+empty. In this case, the <VAR> owner</VAR> and <VAR>mode_bits</VAR> fields
+must also be empty.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the file's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
+<P>To copy the source file's mode bits to the target file, leave this
+field empty. In this case, the <VAR>owner</VAR> and <VAR>group</VAR> fields
+must also be empty.
+</DL>
+<P><B>The L Instruction for Creating a Symbolic Link</B>
+<A NAME="IDX4070"></A>
+<A NAME="IDX4071"></A>
+<A NAME="IDX4072"></A>
+<A NAME="IDX4073"></A>
+<A NAME="IDX4074"></A>
+<A NAME="IDX4075"></A>
+<A NAME="IDX4076"></A>
+<P>The <B>L</B> instruction in a <B>package</B> configuration file
+creates a symbolic link on the local disk to a directory or file that exists
+either in AFS or elsewhere on the local disk. As with the standard UNIX
+<B>ln -s</B> command, the link is created even if the actual file or
+directory does not exist.
+<P>If a file or directory on the local disk already has the same name, the
+<B>package</B> command replaces it with a symbolic link.
+<P>The instruction has the following syntax:
+<PRE> <B>L</B>[<VAR>update_code</VAR>] <VAR>link</VAR> <VAR>actual_path</VAR> [<VAR>owner group mode_bits</VAR>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>L
+</B><DD>Indicates the creation of a symbolic link. It must be a capital
+letter.
+<P><DT><B><VAR>update_code</VAR>
+</B><DD>Modulates the link creation instruction. It is optional and follows
+the letter <B>L</B> directly, without an intervening space. Choose
+one or both of the acceptable values, and list them in any order:
+<DL>
+<P><DT><B>A
+</B><DD>Indicates that the pathname in the <VAR>actual_path</VAR> field is the
+complete pathname of the actual directory or file (including the filename for
+a file). If this argument is omitted, the <B>package</B> command
+appends the value in the <VAR>link</VAR> field to the pathname in the
+<VAR>actual_path</VAR> field to derive the actual directory or file's full
+name. This code allows the name of the symbolic link and actual
+directory or file to differ.
+<P><DT><B>I
+</B><DD>Preserves the existing symbolic link called <VAR>link</VAR>, rather than
+overwriting it.
+</DL>
+<P><DT><B><VAR>link</VAR>
+</B><DD>Specifies the complete local disk pathname of the symbolic link to
+create.
+<P><DT><B><VAR>actual_path</VAR>
+</B><DD>Specifies the pathname (local or AFS) of the directory or file to which
+the link refers. If the <B>A</B> update code is included, specify
+the directory or file's complete pathname. Otherwise, the
+<B>package</B> command derives the actual directory or file's full
+name by appending the value in the <VAR>link</VAR> field to this
+pathname. For example, if the <B>A</B> update code is not included
+and <B>/etc/ftpd</B> is a symbolic link to the file
+<B>/afs/abc.com/sun4x_56/etc/ftpd</B>, the proper value in this
+field is <B>/afs/abc.com/sun4x_56</B>.
+<P>The <B>package</B> command interpreter correctly handles pathnames that
+begin with the <B>./</B> (period, slash) or
+<B>../</B> (two periods, slash) notation, interpreting them
+relative to the current working directory from which the <B>package</B>
+command is invoked.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the symbolic link's owner in the output from the UNIX <B>ls -l</B>
+command.
+<P>To designate the issuer of the <B>package</B> command (usually, the
+local superuser <B>root</B>) as the symbolic link's owner, leave this
+field empty. In this case, the <VAR>group</VAR> and <VAR>mode_bits</VAR>
+fields must also be empty.
+<P><DT><B><VAR>group</VAR>
+</B><DD>Specifies the name or UNIX group ID (GID) of the group to be designated
+the link's group in the output from the UNIX <B>ls -lg</B>
+command.
+<P>To have the symbolic link's group match the default group associated
+with the <B>package</B> command's issuer, leave this field
+empty. The issuer is usually the local superuser <B>root</B> and
+the default group is designated in the issuer's entry in the local
+<B>/etc/passwd</B> file or equivalent. If this field is left empty,
+the <VAR>owner</VAR> and <VAR>mode_bits</VAR> fields must also be empty.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the symbolic link's UNIX mode bits. Acceptable values
+are the standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
+<P>Leaving this field empty sets the symbolic link's mode bits to
+<B>777</B> (<B>rwxrwxrwx</B>). In this case, the <VAR>owner</VAR>
+and <VAR>group</VAR> fields must also be empty.
+</DL>
+<P><B>The S Instruction for Creating a Socket</B>
+<A NAME="IDX4077"></A>
+<A NAME="IDX4078"></A>
+<A NAME="IDX4079"></A>
+<A NAME="IDX4080"></A>
+<A NAME="IDX4081"></A>
+<A NAME="IDX4082"></A>
+<A NAME="IDX4083"></A>
+<P>The <B>S</B> instruction in a <B>package</B> configuration file
+creates a socket (a communications device for UDP or TCP/IP connections) on
+the local disk. The instruction has the following syntax:
+<PRE> <B>S</B> <VAR>socket</VAR> [<VAR>owner group mode_bits</VAR>]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>S
+</B><DD>Indicates the creation of a socket. It must be a capital
+letter.
+<P><DT><B><VAR>socket</VAR>
+</B><DD>Names the socket. The proper format depends on the local
+machine's operating system.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the socket's owner in the output from the UNIX <B>ls -l</B>
+command.
+<P>To designate the issuer of the <B>package</B> command (usually, the
+local superuser <B>root</B>) as the socket's owner, leave this field
+empty. In this case, the <VAR>group</VAR> and <VAR>mode_bits</VAR> fields
+must also be empty.
+<P><DT><B><VAR>group</VAR>
+</B><DD>Specifies the name or UNIX group ID (GID) of the group to be designated
+the socket's group in the output from the UNIX <B>ls -lg</B>
+command.
+<P>To have the symbolic link's group match the default group associated
+with the <B>package</B> command's issuer, leave this field
+empty. The issuer is usually the local superuser <B>root</B> and
+the default group is designated in the issuer's entry in the local
+<B>/etc/passwd</B> file or equivalent. If this field is left empty,
+the <VAR>owner</VAR> and <VAR>mode_bits</VAR> fields must also be empty.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Defines the socket's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
+<P>Leaving this field empty sets the symbolic link's mode bits to
+<B>777</B> (<B>rwxrwxrwx</B>), modulated by the cell's
+umask. In this case, the <VAR>owner</VAR> and <VAR>group</VAR> fields must
+also be empty.
+</DL>
+<P><B>The %define or %undef Instructions Declaring or Undeclaring a
+Definition</B>
+<A NAME="IDX4084"></A>
+<A NAME="IDX4085"></A>
+<A NAME="IDX4086"></A>
+<A NAME="IDX4087"></A>
+<A NAME="IDX4088"></A>
+<A NAME="IDX4089"></A>
+<P>The <B>%define</B> instruction in a <B>package</B> configuration
+file declares or defines a variable, depending on its number of
+arguments:
+<UL>
+<P><LI>If followed by a single argument, it declares that argument to be
+defined. The argument is then available as a controller when mentioned
+in <B>%ifdef</B> and <B>%ifndef</B> statements, which evaluate to
+<B>true</B> and <B>false</B> respectively.
+<P><LI>If followed by two arguments, it defines the second argument as the value
+of the first. When the first argument appears later in this prototype
+or other prototype or library files as a variable--surrounded by curly
+braces and preceded by a dollar sign, as in the example
+<TT>${variable}</TT>--the <B>package</B> command interpreter
+substitutes the second argument for it.
+</UL>
+<P>The <B>%undef</B> statement negates the effect of a previous
+<B>%define</B> statement, declaring its argument to be defined no longer,
+or to have a value no longer if it is a variable.
+<P>The syntax for the two types of instruction are as follows:
+<PRE> %define <VAR>declaration</VAR>
+ %define <VAR>variable</VAR> <VAR>value</VAR>
+ %undef <VAR>declaration</VAR>
+ %undef <VAR>variable</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>%define
+</B><DD>Indicates a definition statement.
+<P><DT><B>%undef
+</B><DD>Indicates a statement that negates a definition.
+<P><DT><B><VAR>declaration</VAR>
+</B><DD>Names the string being declared by a <B>%define</B> statement, or
+negated by an <B>%undef</B> statement.
+<P><DT><B><VAR>variable</VAR>
+</B><DD>Specifies the name of the variable that a <B>%define</B> statement is
+defining, or an <B>%undef</B> statement is negating.
+<P><DT><B><VAR>value</VAR>
+</B><DD>Specifies the value to substitute for the string in the <VAR>variable</VAR>
+field when it appears in the appropriate format (surrounded by curly braces
+and preceded by a dollar sign, as in the example <TT>${variable}</TT>), in
+this or other prototype and library files. It can include one or more
+words.
+</DL>
+<P><B>The %ifdef and %ifndef Instructions for Specifying a Conditional
+Action to Perform</B>
+<A NAME="IDX4090"></A>
+<A NAME="IDX4091"></A>
+<A NAME="IDX4092"></A>
+<A NAME="IDX4093"></A>
+<A NAME="IDX4094"></A>
+<A NAME="IDX4095"></A>
+<P>The <B>%ifdef</B> instruction in a <B>package</B> configuration
+file specifies one or more actions to perform if the indicated string has been
+declared by a single-argument <B>%define</B> statement, or is a variable
+for which a value has been defined by a two-argument <B>%define</B>
+statement.
+<P>Similarly, the <B>%ifndef</B> instruction specifies one or more actions
+to perform if the indicated string has not been declared or is a variable
+without a value, either because no <B>%define</B> statement has defined it
+or an <B>%undef</B> statement has undefined it.
+<P>In both cases, the optional <B>%else</B> statement specifies one or
+more alternate actions to perform if the first statement evaluates to
+<B>false</B>. (For an <B>%ifdef</B> statement, the
+<B>%else</B> statement is executed if the indicated string has never been
+declared or is a variable without a value, or if an <B>%undef</B>
+statement has undefined either one; for an <B>%ifndef</B> statement,
+it is executed if the string has been declared or is a variable with a
+value.)
+<P>It is possible to nest any number of <B>%ifdef</B> and
+<B>%ifndef</B> statements.
+<P>The two types of statement share a common syntax:
+<PRE> %ifdef | ifndef <VAR>declaration</VAR>
+ <VAR>action</VAR><SUP>+</SUP>
+ [%else [<VAR>declaration</VAR>]
+ <VAR>alternate_action</VAR><SUP>+</SUP>]
+ %endif <VAR>declaration</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>ifdef
+</B><DD>Indicates that the statement evaluates as <B>true</B> if the string in
+the <VAR>declaration</VAR> field is declared or is a variable with a defined
+value.
+<P><DT><B>ifndef
+</B><DD>Indicates that the statement evaluates as <B>true</B> if the string in
+the <VAR>declaration</VAR> field is not declared or is a variable without a
+defined value.
+<P><DT><B><VAR>declaration</VAR>
+</B><DD>Specifies the string that must be declared or the variable name that must
+have a defined value for an <B>%ifdef</B> statement to evaluate as
+<B>true</B>, which results in the specified action being performed.
+For an <B>%ifndef</B> statement, the string must not be declared or the
+variable must have no defined value for the statement to evaluate as
+<B>true</B>. The first and third occurrences of
+<VAR>declaration</VAR> (the latter following the string <B>%endif</B>) are
+required. The second occurrence (following the string <B>%else</B>)
+is optional, serving only to clarify to which <B>%ifdef</B> or
+<B>%ifndef</B> statement the <B>%else</B> statement belongs.
+<P><DT><B><VAR>action</VAR>
+</B><DD>Specifies each action to perform if the <B>%ifdef</B> or
+<B>%ifndef</B> statement evaluates as <B>true</B>. Each action
+must appear on a separate line. Acceptable types of actions are other
+statements beginning with a percent sign and definition instructions.
+<P><DT><B><VAR>alternate_action</VAR>
+</B><DD>Specifies each action to perform if the <B>%ifdef</B> or
+<B>%ifndef</B> statement evaluates to <B>false</B>. Each action
+must appear on a separate line. Acceptable types of actions are other
+statements beginning with a percent sign and definition instructions.
+</DL>
+<P><B>The %include Instruction for Including a Library File</B>
+<A NAME="IDX4096"></A>
+<A NAME="IDX4097"></A>
+<A NAME="IDX4098"></A>
+<P>The <B>%include</B> instruction in a <B>package</B> configuration
+file includes the contents of the indicated library file in a configuration
+file that results from the compilation of the prototype file in which the
+<B>%include</B> instruction appears. It has the following
+syntax:
+<PRE> %include <VAR>pathname</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>%include
+</B><DD>Indicates a library file include statement.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the complete pathname of the library file to include. It
+can be in AFS or on the local disk, and can include one or more
+variables.
+</DL>
+<P><STRONG>Cautions</STRONG>
+<P>The configuration file must be completely correct. If there are any
+syntax errors or incorrect values, the <B>package</B> command interpreter
+exits without executing any instruction.
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>B</B> and <B>C</B> instructions define a
+disk <B>/dev/hd0a</B> with major and minor device numbers <B>1</B> and
+<B>0</B> and mode bits of <B>-rw-r--r--</B>, and a tty
+<B>/dev/ttyp5</B> with major and minor device numbers <B>6</B> and
+<B>5</B> and mode bits of <B>-rw-rw-rw</B>. In both cases, the
+owner is <B>root</B> and the owning group <B>wheel</B>.
+<PRE> B /dev/hd0a 1 0 root wheel 644
+ C /dev/ttyp5 6 5 root wheel 666
+
+</PRE>
+<P>The following example <B>D</B> instruction creates the local
+<B>/usr</B> directory with owner <B>root</B> and group
+<B>wheel</B> and mode bits of <B>drwxr-xr-x</B>. The
+<B>R</B> update code removes any files and subdirectories that reside in
+the <B>/usr</B> directory (if it already exists) but do not appear in the
+configuration file.
+<PRE> DR /usr root wheel 755
+
+</PRE>
+<P>The following example <B>F</B> instruction, appropriate for a machine
+running AIX 4.2 in the ABC Corporation cell, creates or updates the
+local disk file <B>/bin/grep</B>, using
+<B>/afs/abc.com/rs_aix42/bin/grep</B> as the source.
+<PRE> F /bin/grep /afs/abc.com/rs_aix42 root wheel 755
+
+</PRE>
+<P>The next example <B>F</B> instruction creates the
+<B>/usr/vice/etc/ThisCell</B> file and specifies an absolute pathname for
+the source file, as indicated by the <B>A</B> update code. The
+<B>Q</B> code makes the <B>package</B> command return status code 4 as
+it exits, prompting a reboot of the machine if the standard
+<B>package</B>-related changes have been made to the machine's AFS
+initialization file. No values are provided for the owner, group and
+mode bits, so the file inherits them from the source file.
+<PRE> FAQ /usr/vice/etc/ThisCell /afs/abc.com/common/etc/ThisCell
+
+</PRE>
+<P>The following example <B>L</B> instruction, appropriate for a machine
+running AIX 4.2 in the ABC Corporation cell, creates a symbolic link
+from <B>/etc/ftpd</B> on the local disk to the file
+<B>/afs/abc.com/rs_aix42/etc/ftpd</B>.
+<PRE> L /etc/ftpd /afs/abc.com/rs_aix42 root wheel 644
+
+</PRE>
+<P>The following example <B>S</B> instruction defines the socket
+<B>/dev/printer</B>.
+<PRE>
+ S /dev/printer root wheel 777
+
+</PRE>
+<P>The following example <B>%define</B> instruction defines the value for
+the variable <TT>${diskmode}</TT>. This variable is used elsewhere in
+the template to fill the <VAR>owner_name</VAR>, <VAR>group_name</VAR>, and
+<VAR>mode_bits</VAR> fields in a <B>D</B>, <B>F</B>, or <B>L</B>
+instruction.
+<PRE> %define diskmode root wheel 644
+
+</PRE>
+<P>The following example <B>%undef</B> instruction declares the string
+<B>afsd</B> not to be defined.
+<PRE> %undef afsd
+
+</PRE>
+<P>The following example <B>%ifdef</B> instruction specifies that if the
+string <TT>rs_aix42</TT> is currently declared, then when the prototype file
+containing the instruction is compiled the three indicated library files are
+included. There is no alternate action defined. There must be
+<B>%define</B> statements earlier in the prototype file to declare
+<B>rs_aix42</B> and to assign a value to the <TT>${wsadmin}</TT>
+variable.
+<PRE> %ifdef rs_aix42
+ %include ${wsadmin}/lib/rs_aix42.readonly
+ %include ${wsadmin}/lib/rs_aix42.generic
+ %include ${wsadmin}/lib/rs_aix42.generic.dev
+ %endif rs_aix42
+
+</PRE>
+<P>The following example <B>%ifndef</B> instruction, appropriate for the
+State University cell, defines <TT>stateu.edu</TT> as the value of
+the <TT>${cell}</TT> variable if it does not already have a value.
+<PRE> %ifndef cell
+ %define cell stateu.edu
+ %endif cell
+
+</PRE>
+<P>The following example <B>%include</B> instruction includes the library
+file <B>base.generic</B> from the <B>lib</B> subdirectory of
+the directory in which <B>package</B>-related files reside. The
+<TT>${wsadmin}</TT> variable resolves to an actual pathname (such as
+<B>/afs/abc.com/wsadmin</B>) during compilation.
+<PRE> %include ${wsadmin}/lib/base.generic
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf204.htm#HDRPACKAGE">package</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf052.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf054.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf053.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf055.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSSBULKINPUT" HREF="auarf002.htm#ToC_52">uss Bulk Input File</A></H2>
+<A NAME="IDX4099"></A>
+<A NAME="IDX4100"></A>
+<A NAME="IDX4101"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Provides instructions for the <B>uss bulk</B> command
+<P><STRONG>Description</STRONG>
+<P>The <B>uss</B> bulk input file lists instructions for the
+<B>uss</B> command interpreter to execute when running the <B>uss
+bulk</B> command. If the file includes <B>add</B> instructions
+that reference a <B>uss</B> template file, then the template file must
+also exist.
+<P><B>Summary of Bulk Input File Instructions</B>
+<P>The bulk input file can include the following instructions, each on its own
+line. A more detailed description of each instruction's syntax
+follows this list.
+<DL>
+<P><DT><B>add
+</B><DD>Creates a user account. Equivalent to the <B>uss add</B>
+command.
+<P><DT><B>delete
+</B><DD>Deletes a user account. Equivalent to the <B>uss delete</B>
+command.
+<P><DT><B>delvolume
+</B><DD>Removes the volume and VLDB entry for each account referenced by a
+<B>delete</B> instruction that follows this instruction in the bulk input
+file.
+<P><DT><B>exec
+</B><DD>Executes a command.
+<P><DT><B>savevolume
+</B><DD>Preserves the volume and VLDB entry for each account referenced by a
+<B>delete</B> instruction that follows this instruction in the bulk input
+file.
+</DL>
+<P><B>The add Instruction for Creating an Account</B>
+<A NAME="IDX4102"></A>
+<A NAME="IDX4103"></A>
+<P>The <B>add</B> instruction creates a user account. Each instance
+in the bulk input file is equivalent in effect to a <B>uss add</B> command
+issued on the command line. The order of the instruction's fields
+matches the order of arguments to the <B>uss add</B> command, although
+some arguments do not have a corresponding field. Like the <B>uss
+add</B> command's arguments, many of the fields correspond to (provide
+a value for) a variable in the <B>uss</B> template file, as indicated in
+the following description of each field.
+<P>The instruction's syntax is as follows. It appears on multiple
+lines here only for the sake of legibility--each <B>add</B>
+instruction must appear on a single line in the bulk input file.
+<PRE> add <VAR>username</VAR>[:<VAR>full_name</VAR>][:<VAR>initial_password</VAR>][:<VAR>password_expires</VAR>]
+ [:<VAR>file_server</VAR>][:<VAR>partition</VAR>][:<VAR>mount_point</VAR>][:<VAR>uid</VAR>][:<VAR>var1</VAR>][:<VAR>var2</VAR>]
+ [:<VAR>var3</VAR>][:<VAR>var4</VAR>][:<VAR>var5</VAR>][:<VAR>var6</VAR>][:<VAR>var7</VAR>][:<VAR>var8</VAR>][:<VAR>var9</VAR>][:]
+
+</PRE>
+<P>To omit a value for a field (presumably because it is optional or the
+template specifies a constant value for it), type nothing between the two
+colons that surround it. After the last argument provided, end the line
+with either a colon and carriage return, or a carriage return alone.
+<P>The meaning of, and acceptable values for, each field are as
+follows.
+<DL>
+<P><DT><B><VAR>username</VAR>
+</B><DD>Names the user's Authentication Database and Protection Database
+entries. It can include up to eight alphanumeric characters, but not
+the <B>:</B> (colon), <B>.</B> (period), or <B>@</B>
+(at-sign) characters. Because it becomes the username (the name under
+which a user logs in), it is best not to include shell metacharacters and to
+obey the restrictions that many operating systems impose on usernames
+(usually, to contain no more than eight lowercase letters).
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-user</B>. Corresponding variable in the template file:
+$USER.
+<P><DT><B><VAR>full_name</VAR>
+</B><DD>Specifies the user's full name. Do not surround it with double
+quotes (""), even if it contains spaces. If not provided, it defaults
+to the username in the <VAR>username</VAR> field.
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-realname</B>. Corresponding variable in the template
+file: $NAME. Many operating systems include a field for the full
+name in a user's entry in the local password file (<B>/etc/passwd</B>
+or equivalent), and this variable can be used to pass a value to be used in
+that field.
+<P><DT><B><VAR>initial_password</VAR>
+</B><DD>Specifies the user's initial password. Although the AFS
+commands that handle passwords accept strings of virtually unlimited length,
+it is best to use a password of eight characters or less, which is the maximum
+length that many applications and utilities accept. If not provided,
+this argument defaults to the string <B>changeme</B>.
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-pass</B>. Corresponding variable in the template file:
+none.
+<P><DT><B><VAR>password_expires</VAR>
+</B><DD>Sets the number of days after a user's password is changed that it
+remains valid. Provide an integer from the range <B>1</B> through
+<B>254</B> to specify the number of days until expiration, or the value
+<B>0</B> to indicate that the password never expires (the default).
+<P>When the password becomes invalid (expires), the user is unable to
+authenticate, but has 30 more days in which to issue the <B>kpasswd</B>
+command to change the password (after that, only an administrator can change
+it).
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-pwexpires</B>. Corresponding variable in the template
+file: $PWEXPIRES.
+<P><DT><B><VAR>file_server</VAR>
+</B><DD>Names the file server machine on which to create the new user's
+volume. It is best to provide a fully-qualified hostname (for example,
+<B>fs1.abc.com</B>), but an abbreviated form is acceptable
+provided that the cell's naming service is available to resolve it at the
+time the volume is created.
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-server</B>. Corresponding variable in the template file:
+$SERVER.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Specifies the partition on which to create the user's volume; it
+must reside on the file server machine named in the <VAR>file_server</VAR>
+field. Identify the partition by its complete name (for example,
+<B>/vicepa</B>, or use one of the following abbreviations:
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-partition</B>. Corresponding variable in template:
+$PART.
+<P><DT><B><VAR>mount_point</VAR>
+</B><DD>Specifies the complete pathname for the user's home directory.
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-mount</B>.
+<P>Corresponding variable in template: $MTPT, but in the template
+file's <B>V</B> instruction only. Occurrences of the $MTPT
+variable in template instructions that follow the <B>V</B> instruction
+take their value from the <B>V</B> instruction's <VAR>mount_point</VAR>
+field. Thus the value of this command line argument becomes the value
+for the $MTPT variable in instructions that follow the <B>V</B>
+instruction only if the string $MTPT appears alone in the <B>V</B>
+instruction's <VAR>mount_point</VAR> field.
+<P><DT><B><VAR>uid</VAR>
+</B><DD>Specifies a positive integer other than <B>0</B> (zero) to assign as
+the user's AFS UID. If this argument is omitted, the Protection
+Server assigns an AFS UID that is one greater than the current value of the
+<TT>max</TT> <TT>user</TT> <TT>id</TT> counter (use the <B>pts
+listmax</B> command to display the counter). If including this
+argument, first use the <B>pts examine</B> command to verify that no
+existing account already has the desired AFS UID; if one does, the
+account-creation process terminates with an error.
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-uid</B>. Corresponding variable in template: $UID.
+<P><DT><B><VAR>var1</VAR> through <VAR>var9</VAR>
+</B><DD>Specifies values for each of the number variables $1 through $9 that can
+appear in the template file. The number variables allow the
+administrator to provide values for variables other than the set defined by
+the <B>uss</B> command suite.
+<P>Corresponding argument to the <B>uss add</B> command:
+<B>-var</B>. Corresponding variables in template: $1 through
+$9.
+<P>If providing a value in any of the fields, then in every field that
+precedes it either provide an actual value or indicate an empty field by
+putting nothing between two colons. It is acceptable, but not
+necessary, to indicate empty fields by putting colons after the last field
+that contains an actual value.
+</DL>
+<P><B>The delete Instruction for Deleting an Account</B>
+<A NAME="IDX4104"></A>
+<A NAME="IDX4105"></A>
+<P>The <B>delete</B> instruction deletes a user account from the
+system. Each instance in the bulk input file is equivalent in effect to
+a <B>uss delete</B> command issued on the command line. The order
+of the instruction's fields matches the order of arguments to the
+<B>uss delete</B> command:
+<PRE> delete <VAR>username</VAR>:<VAR>mount_point_path</VAR>[:{ savevolume | delvolume }][:]
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>username</VAR>
+</B><DD>Names the entry to delete from the Protection and Authentication
+Databases.
+<P><DT><B><VAR>mount_point_path</VAR>
+</B><DD>Specifies the complete pathname to the user's home directory, which
+is deleted from the filespace. By default, the volume mounted there is
+also deleted from the file server machine where it resides, as is its record
+from the Volume Location Database (VLDB). To prevent deletion, include
+the <B>savevolume</B> string in the instruction's third field, or
+precede this <B>delete</B> instruction with a <B>savevolume</B>
+instruction. Partial pathnames are interpreted relative to the current
+working directory.
+<P><DT><B>savevolume
+</B><DD>Retains the volume on its file server machine, and the corresponding entry
+in the VLDB. Provide this value or <B>delvolume</B> in the third
+field, or omit both values to treat the volume according to the prevailing
+default, which is set by a preceding <B>savevolume</B> or
+<B>delvolume</B> instruction in the bulk input file.
+<P><DT><B>delvolume
+</B><DD>Removes the volume from its file server machine, and the corresponding
+entry from the VLDB. Provide this value or <B>savevolume</B> in the
+third field, or omit both values to treat the volume according to the
+prevailing default, which is set by a preceding <B>savevolume</B> or
+<B>delvolume</B> instruction in the bulk input file.
+</DL>
+<P>After the last argument provided, end the line with either a colon and
+carriage return or a carriage return alone.
+<P><B>The exec Instruction for Executing a Command</B>
+<P>The <B>exec</B> instruction executes the specified command, which can
+be a UNIX shell script or command, a program, or an AFS command. The
+<B>uss</B> command interpreter must have the necessary privileges in AFS
+and the local file system; it assumes the AFS and local identities of the
+issuer of the <B>uss bulk</B> command.
+<P>The instruction's syntax is as follows:
+<PRE> exec <VAR>command</VAR>
+
+</PRE>
+<P><B>The delvolume and savevolume Instructions for Setting the Default
+Treatment of Volumes</B>
+<A NAME="IDX4106"></A>
+<A NAME="IDX4107"></A>
+<A NAME="IDX4108"></A>
+<A NAME="IDX4109"></A>
+<P>The <B>savevolume</B> and <B>delvolume</B> instructions determine
+the default treatment of volumes referenced by the <B>delete</B>
+instructions that follow them in the bulk input file. Their syntax is
+as follows:
+<PRE> savevolume
+ delvolume
+
+</PRE>
+<P>The <B>savevolume</B> instruction prevents the removal of the volume
+and VLDB entry for all <B>delete</B> instruction that follow it in the
+bulk input file, and the <B>delvolume</B> instruction removes the volume
+and VLDB entry for all subsequent <B>delete</B> instructions.
+Either setting persists until its opposite appears in the file, or until the
+end of the bulk file.
+<P>If neither line appears in the bulk input file, the default is to remove
+the volume and the VLDB entry; <B>delete</B> instructions that appear
+before the first <B>savevolume</B> instruction are also subject to this
+default. If a <B>delete</B> instruction's third field
+specifies either <B>savevolume</B> or <B>delvolume</B>, that setting
+overrides the default.
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>add</B> instruction creates an
+authentication-only account. The user's initial password is
+<B>changeme</B> (the default).
+<PRE> add anderson
+
+</PRE>
+<P>The following example <B>add</B> instructions refer to the indicated
+<B>V</B> instruction in a template file (which must appear on a single
+line in the template file).
+<PRE> add smith:John Smith:::fs1:a:::::marketing
+ add jones:Pat Jones:::fs3:c:::::finance
+ V user.$USER $SERVER.abc.com /vicep$PART 2000 \
+ /afs/abc.com/usr/$3/$USER $UID $USER all
+
+</PRE>
+<P>The first <B>add</B> instruction creates an account called
+<B>smith</B> in the Protection and Authentication Databases, with an
+initial password <B>changeme</B> and a value for $UID provided by the
+Protection Server. The volume <B>user.smith</B> resides on
+partition <B>/vicepa</B> of file server machine
+<B>fs1.abc.com</B> and is mounted at
+<B>/afs/abc.com/usr/marketing/smith</B>. He owns his home
+directory and has all access permissions on its root directory's access
+control list (ACL). The account for <B>jones</B> is similar, except
+that the volume resides on partition <B>/vicepc</B> of file server machine
+<B>fs3.abc.com</B> and is mounted at
+<B>/afs/abc.com/usr/finance/jones</B>.
+<P>Notice that the fields corresponding to the volume mount point, UID, $1
+variable, and $2 variable are empty (between <TT>a</TT> and
+<TT>marketing</TT> on the first example line), because their corresponding
+variables do not appear in the template file. The initial password
+field is also empty.
+<P>The following <B>add</B> instructions are equivalent in effect to the
+preceding example, but explicitly indicate empty fields for all of the number
+variables that don't have a value:
+<PRE> add smith:John Smith:::fs1:a:::::marketing::::::
+ add jones:Pat Jones:::fs3:c:::::finance::::::
+
+</PRE>
+<P>The following example shows a complete bulk file containing a set of
+<B>delete</B> instructions combined with a <B>savevolume</B>
+instruction. Because the <B>delete</B> instruction for users
+<B>smith</B>, <B>pat</B>, and <B>rogers</B> appear before the
+<B>savevolume</B> instruction and the third field is blank in each, the
+corresponding home volumes are removed. The volume for user
+<B>terry</B> is retained because the default established by the
+<B>savevolume</B> instruction applies to it, but user
+<B>johnson</B>'s volume is removed because the third field of her
+<B>delete</B> instruction overrides the current default.
+<PRE> delete smith:/afs/abc.com/usr/smith
+ delete pat:/afs/abc.com/usr/pat
+ delete rogers:/afs/abc.com/usr/rogers
+ savevolume
+ delete terry:/afs/abc.com/usr/terry
+ delete johnson:/afs/abc.com/usr/johnson:delvolume
+
+</PRE>
+<P>The following example <B>exec</B> instruction appears between sets of
+<B>add</B> and <B>delete</B> instructions in a bulk input file.
+A message appears in the command shell where the <B>uss bulk</B> command
+is issued, to indicate when the additions are finished and the deletions
+beginning.
+<PRE> exec echo "Additions completed; beginning deletions..."
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
+<P><A HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
+<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
+<P><A HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf053.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf055.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf054.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf056.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSSFILE" HREF="auarf002.htm#ToC_53">uss Template File</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4110"></A>
+<A NAME="IDX4111"></A>
+<A NAME="IDX4112"></A>
+<P>Provides instructions for the <B>uss add</B> command
+<P><STRONG>Description</STRONG>
+<P>The <B>uss</B> template file defines the components of an AFS user
+account that the <B>uss add</B> command (or <B>add</B> instruction in
+a <B>uss</B> bulk input file) creates. Use the <B>-template</B>
+argument to the <B>uss add</B> or <B>uss bulk</B> command to identify
+the template file.
+<P><B>Summary of Template File Instructions</B>
+<P>The template file can include the following instructions, each on its own
+line. A more detailed description of each instruction's syntax
+follows this list.
+<DL>
+<P><DT><B>A
+</B><DD>Imposes restrictions on user passwords and authentication attempts
+<P><DT><B>D
+</B><DD>Creates a directory
+<P><DT><B>E
+</B><DD>Creates a single-line file
+<P><DT><B>F
+</B><DD>Creates a file by copying a prototype
+<P><DT><B>G
+</B><DD>Defines a directory that is one of a set of parent directories into which
+the <B>uss</B> command interpreter evenly distributes newly created home
+directories
+<P><DT><B>L
+</B><DD>Creates a hard link
+<P><DT><B>S
+</B><DD>Creates a symbolic link
+<P><DT><B>V
+</B><DD>Creates a volume, mounts it in the file space and sets the ACL on the
+mount point
+<P><DT><B>X
+</B><DD>Executes a command
+</DL>
+<P>If the template file is empty (zero-length), the <B>uss add</B> command
+or <B>add</B> instruction in a bulk input file only creates an entry in
+the Protection and Authentication Databases, naming them according to the name
+specified with the <B>uss add</B> command's <B>-user</B>
+argument, or in the bulk input file <B>add</B> instruction's
+<VAR>username</VAR> field.
+<P><B>The A Instruction for Setting the Default Treatment of Volumes</B>
+<A NAME="IDX4113"></A>
+<A NAME="IDX4114"></A>
+<A NAME="IDX4115"></A>
+<A NAME="IDX4116"></A>
+<A NAME="IDX4117"></A>
+<A NAME="IDX4118"></A>
+<A NAME="IDX4119"></A>
+<P>The <B>A</B> instruction in a <B>uss</B> template file enhances
+cell security by imposing the following restrictions on users' password
+choice and authentication attempts. For further information on these
+limits, see the <I>IBM AFS Administration Guide</I> and the <B>kas
+setfields</B> reference page.
+<UL>
+<P><LI>Limiting the user's password lifetime. When the lifetime
+expires, the user can no longer authenticate using that password, and must
+change it.
+<P><LI>Prohibiting the reuse of the user's 20 most recently used
+passwords.
+<P><LI>Limiting the number of consecutive times that a user can provide an
+incorrect password during authentication, and for how long the Authentication
+Server refuses further authentication attempts after the limit is exceeded
+(referred to as an <I>account lockout</I>). For regular user
+accounts in most cells, the recommended limit is nine and lockout time is 25
+minutes.
+</UL>
+<P>The instruction has the following syntax:
+<PRE> <B>A</B> <VAR>username</VAR> <VAR>password_lifetime</VAR> <VAR>password_reuse</VAR> <VAR>failures</VAR> <VAR>locktime</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>A
+</B><DD>Indicates a security-enhancing instruction. It must be a capital
+letter.
+<P><DT><B><VAR>username</VAR>
+</B><DD>Names the Authentication Database entry on which to impose security
+restrictions. Specify the value <B>$USER</B> to read in the
+username from the <B>uss add</B> command's <B>-user</B> argument,
+or from the <VAR>username</VAR> field of an <B>add</B> instruction in a bulk
+input file.
+<P><DT><B><VAR>password_lifetime</VAR>
+</B><DD>Sets the number of days after the user's password is changed that it
+remains valid. When the password becomes invalid (expires), the user is
+unable to authenticate, but has 30 more days in which to issue the
+<B>kpasswd</B> command to change the password (after that, only an
+administrator can change it).
+<P>Specify an integer from the range <B>1</B> through <B>254</B> to
+specify the number of days until expiration, the value <B>0</B> to
+indicate that the password never expires, or the value <B>$PWEXPIRES</B>
+to read in the number of days from the <B>uss add</B> or <B>uss
+bulk</B> command's <B>-pwexpires</B> argument. If the
+<B>A</B> instruction does not appear in the template file, the default is
+for the user's password never to expire.
+<P><DT><B><VAR>password_reuse</VAR>
+</B><DD>Determines whether or not the user can change his or her password (using
+the <B>kpasswd</B> or <B>kas setpassword</B> command) to one that is
+similar to any of the last twenty passwords. The acceptable values are
+<B>reuse</B> to allow reuse and <B>noreuse</B> to prohibit it.
+If the <B>A</B> instruction does not appear in the template file, the
+default is to allow password reuse.
+<P><DT><B><VAR>failures</VAR>
+</B><DD>Sets the number of consecutive times the user can provide an incorrect
+password during authentication (using the <B>klog</B> command or a login
+utility that grants AFS tokens). When the user exceeds the limit, the
+Authentication Server rejects further authentication attempts for the amount
+of time specified in the <VAR>locktime</VAR> field.
+<P>Specify an integer from the range <B>1</B> through <B>254</B> to
+specify the number of failures permitted, or the value <B>0</B> to
+indicate that there is no limit to the number of unsuccessful attempts.
+If the <B>A</B> instruction does not appear in the template file, the
+default is to allow an unlimited number of failures.
+<P><DT><B><VAR>locktime</VAR>
+</B><DD>Specifies how long the Authentication Server refuses authentication
+attempts from a user who has exceeded the failure limit set in the
+<VAR>failures</VAR> field.
+<P>Specify a number of hours and minutes (<VAR>hh:mm</VAR>) or minutes
+only (<VAR>mm</VAR>), from the range <B>01</B> (one minute) through
+<B>36:00</B> (36 hours). The Authentication Server
+automatically reduces any larger value to <B>36:00</B> and also
+rounds up any non-zero value to the next higher multiple of 8.5
+minutes. A value of <B>0</B> (zero) sets an infinite lockout
+time; an administrator must always issue the <B>kas unlock</B>
+command to unlock the account.
+</DL>
+<P><B>The D Instruction for Creating a Directory</B>
+<A NAME="IDX4120"></A>
+<A NAME="IDX4121"></A>
+<A NAME="IDX4122"></A>
+<A NAME="IDX4123"></A>
+<A NAME="IDX4124"></A>
+<A NAME="IDX4125"></A>
+<A NAME="IDX4126"></A>
+<A NAME="IDX4127"></A>
+<A NAME="IDX4128"></A>
+<A NAME="IDX4129"></A>
+<A NAME="IDX4130"></A>
+<P>The <B>D</B> instruction in a <B>uss</B> template file creates a
+directory. Its intended use is to create a subdirectory in the user
+home directory created by the <B>V</B> instruction in the template
+file.
+<P>Any number of <B>D</B> instructions can appear in the template
+file. If any variables in the instruction take their values from the
+<B>V</B> instruction (notably, the $MTPT variable), the instruction must
+follow the <B>V</B> instruction in the file.
+<P>Although it is possible to use the <B>D</B> instruction to create a
+directory on the local disk of the machine where the <B>uss</B> command is
+issued, it is not recommended. The preferred method for automated
+creation of directories on a local disk is the <B>package</B>
+program. Two complications arise if the <VAR>pathname</VAR> field refers
+to a local disk directory:
+<UL>
+<P><LI>The <B>uss</B> command prints a warning message because it cannot
+associate an access control list (ACL) with a local disk directory. It
+creates the directory nonetheless, and some syntactically correct value must
+appear in the instruction's <VAR>ACL</VAR> field.
+<P><LI>To designate any user other than the issuer as the new directory's
+owner, the issuer must log onto the machine as the local superuser
+<B>root</B>. For local disk directories, only the local superuser
+<B>root</B> is allowed to issue the UNIX <B>chown</B> command that the
+<B>uss</B> command interpreter invokes to change the owner from the
+default value (the directory's creator, which in this case is the issuer
+of the <B>uss</B> command). The issuer must then also use the
+<B>-admin</B> argument to the <B>uss add</B> or <B>uss bulk</B>
+command to authenticate as a privileged AFS administrator, which is required
+for creating the Authentication Database and Protection Database entries that
+the <B>uss</B> command interpreter always creates for a new
+account.
+</UL>
+<P>The instruction has the following syntax:
+<PRE> <B>D</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>D
+</B><DD>Indicates a directory creation instruction. It must be a capital
+letter.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the directory's full pathname. It can include
+variables.
+<P>Specify the read/write path to the directory, to avoid the failure that
+results from attempting to create a new directory in a read-only
+volume. By convention, the read/write path is indicated by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+reference page for the <B>fs mkmount</B> command.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Sets the directory's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>. The
+first (owner) <B>x</B> bit must be turned on to enable access to a
+directory.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the directory's owner in the output from the UNIX <B>ls -ld</B>
+command. If the directory resides in AFS, place the $UID variable in
+this field. If the directory resides on the local disk, this field must
+be the username or UID of the <B>uss</B> command's issuer, unless the
+issuer is logged in as the local superuser <B>root</B>.
+<P><DT><B><VAR>ACL</VAR>
+</B><DD>Sets the ACL on the new directory. It must appear even if the new
+directory resides on the local disk rather than in AFS, but is ignored in that
+case. Provide one or more paired values, each pair consisting of an AFS
+username or group name and the desired permissions, in that order.
+Separate the two parts of the pair, and each pair, with a space. The
+<B>fs setacl</B> reference page describes the available
+permissions.
+<P>For an AFS directory, grant all permissions to the directory's owner
+at least. Usually that is the new user, in which case the appropriate
+value is <B>$USER all</B>.
+<P>It is not possible to grant any permissions to the issuer of the
+<B>uss</B> command. As the last step in account creation, the
+<B>uss</B> command interpreter automatically deletes that person from any
+ACLs set during the creation process.
+</DL>
+<P><B>The E Instruction for Creating a Single-line File</B>
+<A NAME="IDX4131"></A>
+<A NAME="IDX4132"></A>
+<A NAME="IDX4133"></A>
+<A NAME="IDX4134"></A>
+<A NAME="IDX4135"></A>
+<A NAME="IDX4136"></A>
+<P>The <B>E</B> instruction in a <B>uss</B> template file creates a
+file by echoing a specified character string into it. Its intended use
+is to create files in the user home directory created by the <B>V</B>
+instruction in the template file, or in a subdirectory created by a
+<B>D</B> instruction.
+<P>Any number of <B>E</B> instructions can appear in the template
+file. If the file resides in a directory created by a <B>D</B>
+instruction, the <B>E</B> instruction must follow the <B>D</B>
+instruction in the file.
+<P>The <B>E</B> and <B>F</B> instructions have complementary
+advantages. The character string echoed into the file by an
+<B>E</B> instruction can be customized for each user, because it can
+include the standard variables for which the <B>uss</B> command
+interpreter substitutes the values specified by arguments to the <B>uss
+add</B> command or fields in a bulk input file <B>add</B>
+instruction. In contrast, a file created using the <B>F</B>
+instruction cannot include variables and so has the same content for all
+users. However, a file created by an <B>E</B> instruction can be a
+single line only, because no carriage returns (newline characters) are allowed
+in the character string.
+<P>Although it is possible to use the <B>E</B> instruction to create a
+file on the local disk of the machine where the <B>uss</B> command is
+issued, it is not recommended. The preferred method for automated
+creation of files on a local disk is the <B>package</B> program.
+The main complication is that designating any user other than the issuer as
+the new file's owner requires logging onto the machine as the local
+superuser <B>root</B>. For local disk files, only the local
+superuser <B>root</B> is allowed to issue the UNIX <B>chown</B>
+command that the <B>uss</B> command interpreter invokes to change the
+owner from the default value (the file's creator, which in this case is
+the issuer of the <B>uss</B> command). The issuer must then also
+use the <B>-admin</B> argument to the <B>uss add</B> or <B>uss
+bulk</B> command to authenticate as a privileged AFS administrator, which is
+required for creating the Authentication Database and Protection Database
+entries that the <B>uss</B> command interpreter always creates for a new
+account.
+<P>The instruction has the following syntax:
+<PRE> <B>E</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> "<VAR>contents</VAR>"
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>E
+</B><DD>Indicates a file creation instruction. It must be a capital
+letter.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the file's full pathname. It can include
+variables.
+<P>Specify the read/write path to the file, to avoid the failure that results
+from attempting to create a new file in a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+reference page for the <B>fs mkmount</B> command.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Sets the file's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the file's owner in the output from the UNIX <B>ls -l</B>
+command. If the file resides in AFS, place the $UID variable in this
+field. If the file resides on the local disk, specify the username or
+UID of the <B>uss</B> command's issuer; otherwise, the account
+creation operation halts immediately.
+<P><DT><B><VAR>contents</VAR>
+</B><DD>Specifies the one-line character string to write into the new file.
+Surround it with double quotes if it contains one or more spaces. It
+cannot contain the newline character, but can contain any of the standard
+variables, which the command interpreter resolves as it creates the
+file.
+</DL>
+<P><A NAME="SPTWQ6"></A><B>The F Instruction for Creating a File
+from a Prototype</B>
+<A NAME="IDX4137"></A>
+<A NAME="IDX4138"></A>
+<A NAME="IDX4139"></A>
+<A NAME="IDX4140"></A>
+<A NAME="IDX4141"></A>
+<A NAME="IDX4142"></A>
+<P>The <B>F</B> instruction in a <B>uss</B> template file creates a
+file by copying the contents of an existing file (the <I>prototype</I>)
+into it. Its intended use is to create files in the user home directory
+created by the <B>V</B> instruction in the template file, or in a
+subdirectory created by a <B>D</B> instruction.
+<P>Any number of <B>F</B> instructions can appear in the template
+file. If the file resides in a directory created by a <B>D</B>
+instruction, the <B>F</B> instruction must follow the <B>D</B>
+instruction in the file.
+<P>The <B>E</B> and <B>F</B> instructions have complementary
+advantages. A file created using the <B>F</B> instruction has the
+same content for all users, whereas a file created by an <B>E</B>
+instruction can be customized for each user if it includes variables.
+However, a file created by an <B>E</B> instruction can be a single line
+only, whereas the prototype file copied by an <B>F</B> instruction can be
+any length.
+<P>Although it is possible to use the <B>F</B> instruction to create a
+file on the local disk of the machine where the <B>uss</B> command is
+issued, it is not recommended. The preferred method for automated
+creation of files on a local disk is the <B>package</B> program.
+The main complication is that designating any user other than the issuer as
+the new file's owner requires logging onto the machine as the local
+superuser <B>root</B>. For local disk files, only the local
+superuser <B>root</B> is allowed to issue the UNIX <B>chown</B>
+command that the <B>uss</B> command interpreter invokes to change the
+owner from the default value (the file's creator, which in this case is
+the issuer of the <B>uss</B> command). The issuer must then also
+use the <B>-admin</B> argument to the <B>uss add</B> or <B>uss
+bulk</B> command to authenticate as a privileged AFS administrator, which is
+required for creating the Authentication Database and Protection Database
+entries that the <B>uss</B> command interpreter always creates for a new
+account.
+<P>The instruction has the following syntax:
+<PRE> <B>F</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>prototype_file</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>F
+</B><DD>Indicates a file creation instruction. It must be a capital
+letter.
+<P><DT><B><VAR>pathname</VAR>
+</B><DD>Specifies the full pathname of the file to create, including the
+filename. It can include variables.
+<P>Specify the read/write path to the file, to avoid the failure that results
+from attempting to create a new file in a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+reference page for the <B>fs mkmount</B> command.
+<P><DT><B><VAR>mode_bits</VAR>
+</B><DD>Sets the file's UNIX mode bits. Acceptable values are the
+standard three- or four-digit numbers corresponding to combinations of
+permissions. Examples: <B>755</B> corresponds to
+<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the file's owner in the output from the UNIX <B>ls -l</B>
+command. If the file resides in AFS, place the $UID variable in this
+field. If the file resides on the local disk, specify the username or
+UID of the <B>uss</B> command's issuer; otherwise, the account
+creation operation halts immediately.
+<P><DT><B><VAR>prototype_file</VAR>
+</B><DD>Names the AFS or local disk directory that houses the prototype file to
+copy. The prototype file's name must match the final element in
+the <VAR>pathname</VAR> field.
+</DL>
+<P><A NAME="SPTWQ7"></A><B>The G Instruction for Facilitating Even
+Distribution of Home Directories</B>
+<A NAME="IDX4143"></A>
+<A NAME="IDX4144"></A>
+<A NAME="IDX4145"></A>
+<A NAME="IDX4146"></A>
+<A NAME="IDX4147"></A>
+<A NAME="IDX4148"></A>
+<P>The <B>G</B> instruction in a <B>uss</B> template file creates a
+directory as one of the set of directories from which the <B>uss</B>
+command interpreter selects when choosing a new user home directory's
+parent directory. More specifically, when the $AUTO variable appears in
+the <VAR>mount_point</VAR> field of a <B>V</B> instruction, the command
+interpreter substitutes for it the directory defined by a <B>G</B>
+instruction that currently has the fewest entries.
+<P>The instruction's intended use is to distribute user accounts evenly
+among several directories, rather than using directories that reflect
+divisions such as departmental affiliation. Distributing home
+directories in this fashion is useful mainly in very large cells where storing
+all user home directories under a single parent directory potentially slows
+directory lookup, or where a workplace-based division results in unevenly
+sized directories such that some users consistently experience slower
+directory lookup than others. See the chapter on <B>uss</B> in the
+<I>IBM AFS Administration Guide</I> for more information.
+<P>Any number of <B>G</B> instructions can appear in the template
+file. If the <B>V</B> instruction includes the $AUTO variable, it
+must appear after all of the <B>G</B> instructions in the file.
+<P>The instruction has the following syntax:
+<PRE> <B>G</B> <VAR>directory</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>G
+</B><DD>Indicates an instruction that creates a directory to be considered as a
+value for the $AUTO variable. It must be a capital letter.
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Specifies the directory's name as either a complete pathname or only
+the directory name. The choice determines the appropriate format for
+the <VAR>mount_point</VAR> field of a <B>V</B> instruction, as discussed in
+the following example.
+<P>Specify the read/write path to the directory, to avoid the failure that
+results from attempting to create a new mount point in a read-only volume when
+the $AUTO variable is used in a <B>V</B> instruction's
+<VAR>mount_point</VAR> field. By convention, the read/write path is
+indicated by placing a period before the cell name at the pathname's
+second level (for example, <B>/afs/.abc.com</B>). For
+further discussion of the concept of read/write and read-only paths through
+the filespace, see the reference page for the <B>fs mkmount</B>
+command.
+</DL>
+<P><B>The L and S Instructions for Creating a Link</B>
+<A NAME="IDX4149"></A>
+<A NAME="IDX4150"></A>
+<A NAME="IDX4151"></A>
+<A NAME="IDX4152"></A>
+<A NAME="IDX4153"></A>
+<A NAME="IDX4154"></A>
+<A NAME="IDX4155"></A>
+<A NAME="IDX4156"></A>
+<A NAME="IDX4157"></A>
+<A NAME="IDX4158"></A>
+<A NAME="IDX4159"></A>
+<A NAME="IDX4160"></A>
+<A NAME="IDX4161"></A>
+<P>The <B>L</B> instruction in a <B>uss</B> template file creates a
+hard link between two files, as achieved by the standard UNIX <B>ln</B>
+command. The <B>S</B> instruction creates a symbolic link between
+two files, as achieved by the standard UNIX <B>ln -s</B> command. A
+full explanation of links is beyond the scope of this document, but the basic
+effect is to create a second name for an existing file, enabling access via
+either name. Creating a link does not create a second copy of the
+file.
+<P>AFS allows hard links only if the linked files reside in the same
+directory, because it becomes difficult to determine which access control list
+(ACL) applies to the file if the two copies reside in directories with
+different ACLs. AFS allows symbolic links between two files that reside
+in different directories, or even different volumes. The File Server
+uses the ACL associated with the actual file rather than the link.
+<P>Any number of <B>L</B> and <B>S</B> instructions can appear in the
+template file. If the existing file or link is to reside in a directory
+created by a <B>D</B> instruction, or if the existing file was created by
+an <B>E</B> or <B>F</B> instruction, the <B>L</B> or <B>S</B>
+instruction must follow the <B>D</B>, <B>E</B>, or <B>F</B>
+instruction.
+<P>The instructions share the following syntax:
+<PRE> <B>L</B> <VAR>existing_file</VAR> <VAR>link</VAR>
+ <B>S</B> <VAR>existing_file</VAR> <VAR>link</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>L
+</B><DD>Indicates a hard link creation instruction. It must be a capital
+letter.
+<P><DT><B>S
+</B><DD>Indicates a symbolic link creation instruction. It must be a
+capital letter.
+<P><DT><B><VAR>existing_file</VAR>
+</B><DD>Specifies the complete pathname of the existing file.
+<P><DT><B><VAR>link</VAR>
+</B><DD>Specifies the complete pathname of the second name for the file.
+<P>Specify the read/write path to the link, to avoid the failure that results
+from attempting to create a new link in a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+reference page for the <B>fs mkmount</B> command.
+</DL>
+<P><A NAME="SPTWQ8"></A><B>The V Instruction for Creating and
+Mounting a Volume</B>
+<A NAME="IDX4162"></A>
+<A NAME="IDX4163"></A>
+<A NAME="IDX4164"></A>
+<A NAME="IDX4165"></A>
+<A NAME="IDX4166"></A>
+<A NAME="IDX4167"></A>
+<A NAME="IDX4168"></A>
+<A NAME="IDX4169"></A>
+<A NAME="IDX4170"></A>
+<A NAME="IDX4171"></A>
+<A NAME="IDX4172"></A>
+<A NAME="IDX4173"></A>
+<A NAME="IDX4174"></A>
+<A NAME="IDX4175"></A>
+<A NAME="IDX4176"></A>
+<A NAME="IDX4177"></A>
+<A NAME="IDX4178"></A>
+<A NAME="IDX4179"></A>
+<A NAME="IDX4180"></A>
+<P>The <B>V</B> instruction in a <B>uss</B> template file creates a
+volume on a specified file server machine and partition and creates an entry
+for it in the Volume Location Database (VLDB). It mounts the volume at
+a location in the AFS file space that becomes the user's home directory,
+then designates the directory's owner and sets its access control list
+(ACL).
+<P>Only one <B>V</B> instruction can appear in the template file, and one
+must appear if the template file contains any instructions at all (is not
+empty). All other instructions are optional, except that the template
+must include <B>G</B> instructions if the $AUTO variable appears in
+it. (The <B>V</B> instruction is not necessarily the first line in
+the template. If the template includes the $AUTO variable, then the
+<B>G</B> instructions which provide values for the variable must precede
+it in the file.)
+<P>The instruction has the following syntax:
+<PRE> <B>V</B> <VAR>volume_name</VAR> <VAR>server</VAR> <VAR>partition</VAR> <VAR>quota</VAR> <VAR>mount_point</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>V
+</B><DD>Indicates a volume creation instruction. It must be a capital
+letter.
+<P><DT><B><VAR>volume_name</VAR>
+</B><DD>Specifies the volume's name. To follow the convention for AFS
+user volume names, specify the value <B>user.$USER</B>.
+Provide a value for the $USER variable via the <B>uss add</B>
+command's <B>-user</B> argument or the <VAR>username</VAR> field in the
+bulk input file <B>add</B> instruction.
+<P><DT><B><VAR>server</VAR>
+</B><DD>Names the file server machine on which to create the new user's
+volume. It is best to provide the fully-qualified hostname (for
+example, <B>fs1.abc.com</B>), but an abbreviated form is
+acceptable provided that the cell's naming service is available to
+resolve it at the time the volume is created. To read in the value from
+the <B>uss add</B> command's <B>-server</B> argument, specify the
+value <B>$SERVER</B>.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Specifies the partition on which to create the user's volume; it
+must be on the file server machine named in the <VAR>server</VAR> field.
+Identify the partition by its complete name (for example, <B>/vicepa</B>)
+or use or use one of the following abbreviations.
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P>To read in the value from the <B>uss add</B> command's
+<B>-partition</B> argument, specify the value <B>$PART</B>.
+<P><DT><B><VAR>quota</VAR>
+</B><DD>Sets the maximum number of kilobyte blocks the volume can occupy on the
+file server machine's disk. Specify an integer constant if all
+volumes have the same quota (<B>1024</B> equals a megabyte), or use one of
+the number variables ($1 through $9) to assign different values to different
+volumes.
+<P><DT><B><VAR>mount_point</VAR>
+</B><DD>Creates a mount point for the volume, which serves as the volume's
+root directory. Include the $USER variable as part of the pathname to
+follow the convention that user home directory names include the
+username.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results from attempting to create a new mount point in a read-only
+volume. By convention, the read/write path is indicated by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). If the $AUTO variable appears
+in this field, the directories named by each <B>G</B> instruction possibly
+already indicate the read/write path. For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+reference page for the <B>fs mkmount</B> command..
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If used, the $MTPT variable in this field takes its value from the <B>uss
+add</B> command's <B>-mount</B> argument or from the
+<VAR>mount_point</VAR> field of an <B>add</B> instruction in the bulk input
+file. However, subsequent uses of the $MTPT variable (usually in
+following <B>D</B>, <B>E</B>, or <B>F</B> instructions) take as
+their value the complete contents of this field.
+</TD></TR></TABLE>
+<P><DT><B><VAR>owner</VAR>
+</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
+the mount point's owner in the output from the UNIX <B>ls -ld</B>
+command. To follow the convention for home directory ownership, place
+the value <B>$UID</B> in this field.
+<P><DT><B><VAR>ACL</VAR>
+</B><DD>Sets the ACL on the new directory. Provide one or more paired
+values, each pair consisting of an AFS username or group name and the desired
+permissions, in that order. Separate the two parts of the pair, and
+each pair, with a space. The <B>fs setacl</B> reference page
+describes the available permissions.
+<P>Grant all permissions to the new user at least. The appropriate
+value is <B>$USER all</B>.
+<P>AFS automatically grants the <B>system:administrators</B> group
+all permissions as well. It is not possible to grant any permissions to
+the issuer of the <B>uss</B> command. As the last step in account
+creation, the <B>uss</B> command interpreter automatically deletes that
+user from any ACLs set during the creation process.
+</DL>
+<P><A NAME="SPTWQ9"></A><B>The X Instruction for Running a
+Command</B>
+<A NAME="IDX4181"></A>
+<A NAME="IDX4182"></A>
+<A NAME="IDX4183"></A>
+<P>The <B>X</B> instruction in a <B>uss</B> template file runs the
+indicated command, which can be a standard UNIX or AFS command. It can
+include any variables from the template file, which the <B>uss</B> command
+interpreter resolves before passing the command on to the appropriate other
+command interpreter. It must be a single line only, however (cannot
+contain carriage returns or newline characters).
+<P>Any number of <B>X</B> instructions can appear in the template
+file. If an instruction manipulates an element created by another
+instruction, it must follow that instruction in the file.
+<P>The instruction has the following syntax:
+<PRE> <B>X "</B><VAR>command</VAR><B>"</B>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B>X
+</B><DD>Indicates a command execution instruction. It must be a capital
+letter.
+<P><DT><B><VAR>command</VAR>
+</B><DD>Specifies the command to run. Surround it with double quotes as
+shown if it contains one or more spaces. It can contain any variables
+from the template file, but not newline characters.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>A</B> instruction sets a password lifetime of
+254 days, prohibits password reuse, limits the number of consecutive failed
+authentication attempts to nine and sets the corresponding locktime to
+25:30 minutes (which is a multiple of 8.5 minutes). The
+username is read in from the <B>-user</B> argument to the <B>uss
+add</B> command or from the <I>username</I> field in each <B>add</B>
+instruction in a bulk input file.
+<PRE> A $USER 254 noreuse 9 25:30
+
+</PRE>
+<P>The following example <B>D</B> instruction creates a directory called
+<I>public</I> in a new user's home directory, designates the user as
+the directory's owner, and grants him or her all ACL permissions.
+<PRE> D $MTPT/public 0755 $UID $USER all
+
+</PRE>
+<P>The following example <B>E</B> instruction creates a file in the
+current working directory called
+<VAR>username</VAR>.<B>etcp</B>. The contents are an entry
+suitable for incorporating into the cell's global
+<B>/etc/password</B> file.
+<PRE> E $USER.etcp 0644 root "$USER:X:$UID:10:$NAME:$MTPT:/bin/csh"
+
+</PRE>
+<P>The following example <B>F</B> instruction, appropriate for the ABC
+Corporation cell, copies a prototype <B>.login</B> file into the
+user's home directory.
+<PRE> F $MTPT/.login 0644 $UID /afs/abc.com/common/uss/skel/.login
+
+</PRE>
+<P>In the following example, the State University cell's administrators
+have decided to distribute user home directories evenly into three
+directories. They define three <B>G</B> instructions:
+<PRE> G usr1
+ G usr2
+ G usr3
+
+</PRE>
+<P>and then put the following value in the <I>mount_point</I> field of the
+<B>V</B> instruction:
+<PRE> /afs/stateu.edu/$AUTO/$USER
+
+</PRE>
+<P>Alternatively, if they include the entire directory pathname in the
+<B>G</B> instruction:
+<PRE> G /afs/stateu.edu/usr1
+ G /afs/stateu.edu/usr2
+ G /afs/stateu.edu/usr3
+
+</PRE>
+<P>then the <I>mount_point</I> field of the <B>V</B> instruction
+specifies only the following:
+<PRE> $AUTO/$USER
+
+</PRE>
+<P>The following example <B>L</B> instruction creates a hard link between
+the files <B>mail</B> and <B>mbox</B> in the user's home
+directory.
+<PRE> L $MTPT/mbox $MTPT/mail
+
+</PRE>
+<P>The following example <B>S</B> instruction, appropriate for the ABC
+Corporation cell, links the file <B>Mail/outgoing</B> in the user's
+home directory to the file
+<B>/afs/abc.com/common/mail/outgoing</B>.
+<PRE> S /afs/abc.com/common/mail/outgoing $MTPT/Mail/outgoing
+
+</PRE>
+<P>The following example <B>V</B> instruction creates a volume called
+<B>user.</B><VAR>username</VAR> on the <B>/vicepa</B> partition
+of the specified file server machine, assigning it a quota of 3000 kilobyte
+blocks. The mount point is under <B>/afs/abc.com/usr</B> and
+matches the username (the value of the $USER variable). The user owns
+the home directory and has all access rights to it. The instruction
+appears on two lines only for legibility; it must appear on a single line
+in the template file.
+<PRE> V user.$USER $SERVER.abc.com /vicepa 3000 \
+ /afs/abc.com/usr/$USER $UID $USER all
+
+</PRE>
+<P>The following example <B>X</B> instruction mounts the backup version of
+the user's volume at the <B>OldFiles</B> subdirectory.
+<PRE> X "fs mkm /afs/abc.com/usr/$USER/OldFiles user.$USER.backup"
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
+<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf054.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf056.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf055.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf057.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="Header_54" HREF="auarf002.htm#ToC_54">AFS System Commands</A></H1>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf055.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf057.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf056.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf058.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRAFSINTRO" HREF="auarf002.htm#ToC_55">afs_intro</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to AFS commands
+<P><STRONG>Description</STRONG>
+<P>AFS provides many commands that enable users and system administrators to
+use and customize its features. Many of the commands belong to the
+following categories, called <I>command suites</I>.
+<DL>
+<P><DT><B>backup
+</B><DD>Interface for configuring and operating the AFS Backup System
+<P><DT><B>bos
+</B><DD>Interface to the Basic Overseer (BOS) Server for administering server
+processes and configuration files
+<P><DT><B>fs
+</B><DD>Interface for administering access control lists (ACLs), the Cache
+Manager, and other miscellaneous file system functions
+<P><DT><B>fstrace
+</B><DD>Interface for tracing Cache Manager operations when debugging problems
+<P><DT><B>kas
+</B><DD>Interface to the Authentication Server for administering security and
+authentication information
+<P><DT><B>pts
+</B><DD>Interface to the Protection Server for administering AFS ID and group
+membership information
+<P><DT><B>uss
+</B><DD>Interface for automated administration of user accounts
+<P><DT><B>vos
+</B><DD>Interface to the Volume Server and Volume Location (VL) Server for
+administering volumes
+</DL>
+<P>In addition, there are several commands that do not belong to
+suites.
+<P><H5><A NAME="HDRWQ10">AFS Command Syntax</A></H5>
+<P>AFS commands that belong to suites have the following
+structure:
+<PRE> <B>command_suite operation_code</B> <B>-switch</B> <<VAR>value</VAR>><SUP>[+]</SUP> [<B>-flag</B>]
+
+</PRE>
+<P><H6><A NAME="Header_57">Command Names</A></H6>
+<P>Together, the <B>command_suite</B> and <B>operation_code</B>
+make up the <I>command name</I>.
+<P>The <B>command_suite</B> specifies the group of related commands to
+which the command belongs, and indicates which command interpreter and server
+process perform the command. AFS has several command suites, including
+<B>bos</B>, <B>fs</B>, <B>kas</B>, <B>package</B>,
+<B>pts</B>, <B>scout</B>, <B>uss</B> and <B>vos</B>.
+Some of these suites have an interactive mode in which the issuer omits the
+<B>command_suite</B> portion of the command name.
+<P>The <B>operation_code</B> tells the command interpreter and server
+process which action to perform. Most command suites include several
+operation codes. The <I>IBM AFS Administration Reference</I>
+describes each operation code in detail, and the <I>IBM AFS Administration
+Guide</I> describes how to use them in the context of performing
+administrative tasks.
+<P>Several AFS commands do not belong to a suite and so their names do not
+have a <B>command_suite</B> portion. Their structure is otherwise
+similar to the commands in the suites.
+<P><H6><A NAME="Header_58">Options</A></H6>
+<P>The term <I>option</I> refers to both arguments and flags, which
+are described in the following sections.
+<P><H6><A NAME="Header_59">Arguments</A></H6>
+<P>One or more arguments can follow the command name. Arguments
+specify the entities on which to act while performing the command (for
+example, which server machine, server process, or file). To minimize
+the potential for error, provide a command's arguments in the order
+prescribed in its syntax definition.
+<P>Each argument has two parts, which appear in the indicated order:
+<UL>
+<P><LI>The <I>switch</I> specifies the argument's type and is preceded
+by a hyphen ( <B>-</B> ). For instance, the switch
+<B>-server</B> usually indicates that the argument names a server
+machine. Switches can often be omitted, subject to the rules outlined
+in <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>.
+<P><LI>The <I>value</I> names a particular entity of the type specified by
+the preceding switch. For example, the proper value for a
+<B>-server</B> switch is a server machine name like
+<B>fs3.abc.com</B>. Unlike switches (which have a
+required form), values vary depending on what the issuer wants to
+accomplish. Values appear surrounded by angle brackets (<B><
+></B>) in command descriptions and the online help to show that they are
+user-supplied variable information.
+</UL>
+<P>Some arguments accept multiple values, as indicated by trailing plus sign (
+<B>+</B> ) in the command descriptions and online help. How many of
+a command's arguments take multiple values, and their ordering with
+respect to other arguments, determine when it is acceptable to omit
+switches. See <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>.
+<P>Some commands have optional as well as required arguments; the command
+descriptions and online help show optional arguments in square brackets ([
+]).
+<P><H6><A NAME="Header_60">Flags</A></H6>
+<P>Some commands have one or more flags, which specify the manner in which
+the command interpreter and server process perform the command, or what kind
+of output it produces. Flags are preceded by hyphens like switches, but
+they take no values. Although the command descriptions and online help
+generally list a command's flags after its arguments, there is no
+prescribed order for flags. They can appear anywhere on the command
+line following the operation code, except in between the parts of an
+argument. Flags are always optional.
+<P><H6><A NAME="HDRCOMMAND-EX">An Example Command</A></H6>
+<P>The following example illustrates the different parts
+of a command that belongs to an AFS command suite.
+<PRE> % <B>bos getdate -server fs1.abc.com -file ptserver kaserver </B>
+
+</PRE>
+<P>where
+<UL>
+<P><LI><B>bos</B> is the command suite. The BOS Server executes most
+of the commands in this suite.
+<P><LI><B>getdate</B> is the operation code. It tells the BOS Server
+on the specified server machine (in this case
+<B>fs1.abc.com</B>) to report the modification dates of
+binary files in the local <B>/usr/afs/bin</B> directory.
+<P><LI><B>-server fs1.abc.com</B> is one argument, with
+<B>-server</B> as the switch and <B>fs1.abc.com</B> as
+the value. This argument specifies the server machine on which BOS
+Server is to collect and report binary dates.
+<P><LI><B>-file ptserver kaserver</B> is an argument that takes multiple
+values. The switch is <B>-file</B> and the values are
+<B>ptserver</B> and <B>kaserver</B>. This argument tells the
+BOS Server to report the modification dates on the files
+<B>/usr/afs/bin/kaserver</B> and <B>/usr/afs/bin/ptserver</B>.
+</UL>
+<P><H6><A NAME="HDRWQ11">Rules for Entering AFS Commands</A></H6>
+<P>Enter each AFS command on a single line (press
+<B><Return></B> only at the end of the command). Some commands
+in this document appear broken across multiple lines, but that is for
+legibility only.
+<P>Use a space to separate each element on a command line from its
+neighbors. Spaces rather than commas also separate multiple values of
+an argument.
+<P>In many cases, the issuer of a command can reduce the amount of typing
+necessary by using one or both of the following methods:
+<UL>
+<P><LI>Omitting switches
+<P><LI>Using accepted abbreviations for operation codes, switches (if they are
+included at all), and some types of values
+</UL>
+<P>The following sections explain the conditions for omitting or shortening
+parts of the command line. It is always acceptable to type a command in
+full, with all of its switches and no abbreviations.
+<P><I><B><A NAME="HDRNOSWITCH">Conditions for Omitting Switches</A>: </B></I>
+It is always acceptable to type the switch part of an
+argument, but in many cases it is not necessary. Specifically, switches
+can be omitted if the following conditions are met.
+<UL>
+<P><LI>All of the command's required arguments appear in the order
+prescribed by the syntax statement
+<P><LI>No switch is provided for any argument
+<P><LI>There is only one value for each argument (but note the important
+exception discussed in the following paragraph)
+</UL>
+<P>Omitting switches is possible only because there is a prescribed order for
+each command's arguments. When the issuer does not include
+switches, the command interpreter relies instead on the order of
+arguments; it assumes that the first element after the operation code is
+the command's first argument, the next element is the command's
+second argument, and so on. The important exception is when a
+command's final required argument accepts multiple values. In this
+case, the command interpreter assumes that the issuer has correctly provided
+one value for each argument up through the final one, so any additional values
+at the end belong to the final argument.
+<P>The following list describes the rules for omitting switches from the
+opposite perspective: an argument's switch must be provided when
+any of the following conditions apply.
+<UL>
+<P><LI>The command's arguments do not appear in the prescribed order
+<P><LI>An optional argument is omitted but a subsequent optional argument is
+provided
+<P><LI>A switch is provided for a preceding argument
+<P><LI>More than one value is supplied for a preceding argument (which must take
+multiple values, of course); without a switch on the current argument,
+the command interpreter assumes that the current argument is another value for
+the preceding argument
+</UL>
+<P><I><B><A NAME="Header_64">An Example of Omitting Switches</A>: </B></I>
+Consider again the example command from <A HREF="#HDRCOMMAND-EX">An Example Command</A>.
+<PRE> % <B> bos getdate -server fs1.abc.com -file ptserver kaserver</B>
+
+</PRE>
+<P>This command has two required arguments: the server machine name
+(identified by the <B>-server</B> switch) and binary file name (identified
+by the <B>-file</B> switch). The second argument accepts multiple
+values. By complying with all three conditions, the issuer can omit the
+switches:
+<PRE> % <B>bos getdate fs1.abc.com ptserver kaserver</B>
+
+</PRE>
+<P>Because there are no switches, the <B>bos</B> command interpreter
+relies on the order of arguments. It assumes that the first element
+following the operation code, <B>fs1.abc.com</B>, is the
+server machine name, and that the next argument, <B>ptserver</B>, is a
+binary file name. Then, because the command's second (and last)
+argument accepts multiple values, the command interpreter correctly interprets
+<B>kaserver</B> as an additional value for it.
+<P>On the other hand, the following is not acceptable because it violates the
+first two conditions in <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>: even though there is only one value per argument, the
+arguments do not appear in the prescribed order, and a switch is provided for
+one argument but not the other.
+<PRE> % <B>bos getdate ptserver -server fs1.abc.com</B>
+
+</PRE>
+<P><H6><A NAME="HDRWQ12">Rules for Using Abbreviations and Aliases</A></H6>
+<P>This section explains how to abbreviate operation codes,
+option names, server machine names, partition names, and cell names. It
+is not possible to abbreviate other types of values.
+<P><I><B><A NAME="Header_66">Abbreviating Operation Codes</A>: </B></I>
+It is acceptable to abbreviate an operation code to the shortest form
+that still distinguishes it from the other operation codes in its
+suite.
+<P>For example, it is acceptable to shorten <B>bos install</B> to <B>bos
+i</B> because there are no other operation codes in the <B>bos</B>
+command suite that begin with the letter <B>i</B>. In contrast,
+there are several <B>bos</B> operation codes that start with the letter
+<B>s</B>, so the abbreviations must be longer to remain unambiguous:
+<DL>
+<DD><P><B>bos sa</B> for <B>bos salvage</B>
+<DD><P><B>bos seta</B> for <B>bos setauth</B>
+<DD><P><B>bos setc</B> for <B>bos setcellname</B>
+<DD><P><B>bos setr</B> for <B>bos setrestart</B>
+<DD><P><B>bos sh</B> for <B>bos shutdown</B>
+<DD><P><B>bos start</B> for <B>bos start</B>
+<DD><P><B>bos startu</B> for <B>bos startup</B>
+<DD><P><B>bos stat</B> for <B>bos status</B>
+<DD><P><B>bos sto</B> for <B>bos stop</B>
+</DL>
+<P>In addition to abbreviations, some operation codes have an
+<I>alias</I>, a short form that is not derived by abbreviating the
+operation code to its shortest unambiguous form. For example, the alias
+for the <B>fs setacl</B> command is <B>fs sa</B>, whereas the shortest
+unambiguous abbreviation is <B>fs seta</B>.
+<P>There are two usual reasons an operation code has an alias:
+<UL>
+<P><LI>Because the command is frequently issued, it is convenient to have a form
+shorter than the one derived by abbreviating. The <B>fs setacl</B>
+command is an example.
+<P><LI>Because the command's name has changed, but users of previous
+versions of AFS know the former name. For example, <B>bos
+listhosts</B> has the alias <B>bos getcell</B>, its former name.
+It is acceptable to abbreviate aliases to their shortest unambiguous form (for
+example, <B>bos getcell</B> to <B>bos getc</B>).
+</UL>
+<P>Even if an operation code has an alias, it is still acceptable to use the
+shortest unambiguous form. Thus, the <B>fs setacl</B> command has
+three acceptable forms: <B>fs setacl</B> (the full form), <B>fs
+seta</B> (the shortest abbreviation), and <B>fs sa</B> (the
+alias).
+<P><I><B><A NAME="Header_67">Abbreviating Switches and Flags</A>: </B></I>
+It is acceptable to shorten a switch or flag to the shortest form that
+distinguishes it from the other switches and flags for its operation
+code. It is often possible to omit switches entirely, subject to the
+conditions listed in <A HREF="#HDRNOSWITCH">Conditions for Omitting Switches</A>.
+<P><I><B><A NAME="HDRFMSABBREV">Abbreviating Server Machine Names</A>: </B></I>
+AFS server machines must have fully-qualified
+Internet-style host names (for example, <B>fs1.abc.com</B>),
+but it is not always necessary to type the full name on the command
+line. AFS commands accept unambiguous shortened forms, but depend on
+the cell's name service (such as the Domain Name Service) or a local host
+table to resolve a shortened name to the fully-qualified equivalent when the
+command is issued.
+<P>Most commands also accept the dotted decimal form of the machine's IP
+address as an identifier.
+<P><I><B><A NAME="HDRPARTABBREV">Abbreviating Partition Names</A>: </B></I>
+Partitions that house AFS volumes must have names of
+the form <B>/vicep</B><VAR>x</VAR> or <B>/vicep</B><VAR>xx</VAR>, where
+the variable final portion is one or two lowercase letters. By
+convention, the first server partition created on a file server machine is
+called <B>/vicepa</B>, the second <B>/vicepb</B>, and so on.
+The <I>IBM AFS Quick Beginnings</I> explains how to configure and name a
+file server machine's partitions in preparation for storing AFS volumes
+on them.
+<P>When issuing AFS commands, you can abbreviate a partition name using any of
+the following forms:
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P><I><B><A NAME="HDRCELLABBREV">Abbreviating Cell Names</A>: </B></I>
+A cell's full name usually matches its Internet
+domain name (such as <B>stateu.edu</B> for the State University or
+<B>abc.com</B> for ABC Corporation). Some AFS commands
+accept unambiguous shortened forms, usually with respect to the local
+<B>/usr/vice/etc/CellServDB file</B> but sometimes depending on the
+ability of the local name service to resolve the corresponding domain
+name.
+<P><H6><A NAME="HDRWQ13">Displaying Online Help for AFS Commands</A></H6>
+<P>To display online help for AFS commands that belong to
+suites, use the <B>help</B> and <B>apropos</B> operation codes.
+A <B>-help</B> flag is also available on every almost every AFS
+command.
+<P>The online help entry for a command consists of two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes what it does
+<P><LI>If the command has aliases, they appear on the next line
+<P><LI>The final line, which begins with the string <TT>Usage:</TT>,
+lists the command's options in the prescribed order; online help
+entries use the same typographical symbols (brackets and so on) as this
+documentation.
+</UL>
+<P>If no operation code is specified, the <B>help</B> operation code
+displays the first line (short description) for every operation code in the
+suite:
+<PRE>
+ % <VAR>command_suite</VAR> <B>help</B>
+
+</PRE>
+<P>If the issuer specifies one or more operation codes, the <B>help</B>
+operation code displays each command's complete online entry (short
+description, alias if any, and syntax):
+<PRE>
+ % <VAR>command_suite</VAR> <B>help</B> <VAR>operation_code</VAR><SUP>+</SUP>
+
+</PRE>
+<P>The <B>-help</B> flag displays a command's syntax but not the
+short description or alias:
+<PRE> % <VAR>command_name</VAR> <B>-help</B>
+
+</PRE>
+<P>The <B>apropos</B> operation code displays the short description of any
+command in a suite whose operation code or short description includes the
+specified keyword:
+<PRE> % <VAR>command_suite</VAR> <B>apropos</B> <VAR>"<help string>"</VAR>
+
+</PRE>
+<P>The following example command displays the complete online help entry for
+the <B>fs setacl</B> command:
+<PRE>
+ % <B>fs help setacl </B>
+ fs setacl: set access control list
+ aliases: sa
+ Usage: fs setacl -dir <directory>+ -acl <access list entries>+
+ [-clear] [-negative] [-id] [-if] [-help]
+
+</PRE>
+<P>To see only the syntax statement, use the <B>-help</B> flag:
+<PRE> % <B>fs setacl -help</B>
+ Usage: fs setacl -dir <directory>+ -acl <access list entries>+
+ [-clear] [-negative] [-id] [-if] [-help]
+
+</PRE>
+<P>In the following example, a user wants to display the quota for her home
+volume. She knows that the relevant command belongs to the
+<B>fs</B> suite, but cannot remember the operation code. She uses
+<B>quota</B> as the keyword:
+<PRE>
+ % <B>fs apropos quota</B>
+ listquota: list volume quota
+ quota: show volume quota usage
+ setquota: set volume quota
+
+</PRE>
+<P>The following illustrates the error message that results if no command name
+or short description contains the keyword:
+<PRE>
+ % <B>fs apropos "list quota"</B>
+ Sorry, no commands found
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>Many AFS commands require one or more types of administrative
+privilege. See the reference page for each command.
+<P><STRONG>Related Information</STRONG>
+<DL>
+<DD><P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<DD><P><A HREF="auarf059.htm#HDRAFSMONITOR">afsmonitor</A>
+<DD><P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<DD><P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<DD><P><A HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<DD><P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<DD><P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<DD><P><A HREF="auarf127.htm#HDRDLOG">dlog</A>
+<DD><P><A HREF="auarf128.htm#HDRDPASS">dpass</A>
+<DD><P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<DD><P><A HREF="auarf130.htm#HDRFMS">fms</A>
+<DD><P><A HREF="auarf131.htm#HDRFS_INTRO">fs</A>
+<DD><P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<DD><P><A HREF="auarf178.htm#HDRFTPD">ftpd (AFS version)</A>
+<DD><P><A HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>
+<DD><P><A HREF="auarf180.htm#HDRKADB_CHECK">kadb_check</A>
+<DD><P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<DD><P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<DD><P><A HREF="auarf199.htm#HDRKDB">kdb</A>
+<DD><P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<DD><P><A HREF="auarf201.htm#HDRKNFS">knfs</A>
+<DD><P><A HREF="auarf202.htm#HDRKPASSWD">kpasswd</A>
+<DD><P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
+<DD><P><A HREF="auarf204.htm#HDRPACKAGE">package</A>
+<DD><P><A HREF="auarf204.htm#HDRPACKAGE">package</A>
+<DD><P><A HREF="auarf207.htm#HDRPACKAGE_TEST">package_test</A>
+<DD><P><A HREF="auarf208.htm#HDRPAGSH">pagsh</A>
+<DD><P><A HREF="auarf209.htm#HDRPRDB_CHECK">prdb_check</A>
+<DD><P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<DD><P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<DD><P><A HREF="auarf228.htm#HDRRCP">rcp (AFS version)</A>
+<DD><P><A HREF="auarf229.htm#HDRRSH">rsh (AFS version)</A>
+<DD><P><A HREF="auarf230.htm#HDRRUNNTP">runntp</A>
+<DD><P><A HREF="auarf231.htm#HDRRXDEBUG">rxdebug</A>
+<DD><P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<DD><P><A HREF="auarf233.htm#HDRSCOUT">scout</A>
+<DD><P><A HREF="auarf234.htm#HDRSYS">sys</A>
+<DD><P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<DD><P><A HREF="auarf236.htm#HDRTRANSLATE_ET">translate_et</A>
+<DD><P><A HREF="auarf238.htm#HDRUNLOG">unlog</A>
+<DD><P><A HREF="auarf239.htm#HDRUP">up</A>
+<DD><P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<DD><P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<DD><P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<DD><P><A HREF="auarf248.htm#HDRVLDB_CHECK">vldb_check</A>
+<DD><P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<DD><P><A HREF="auarf250.htm#HDRVOLINFO">volinfo</A>
+<DD><P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<DD><P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<DD><P><A HREF="auarf281.htm#HDRXFS_SIZE_CHECK">xfs_size_check</A>
+<DD><P><A HREF="auarf282.htm#HDRXSTAT_CM_TEST">xstat_cm_test</A>
+<DD><P><A HREF="auarf283.htm#HDRXSTAT_FS_TEST">xstat_fs_test</A>
+</DL>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf056.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf058.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf057.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf059.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRAFSD" HREF="auarf002.htm#ToC_72">afsd</A></H2>
+<A NAME="IDX4184"></A>
+<A NAME="IDX4185"></A>
+<A NAME="IDX4186"></A>
+<A NAME="IDX4187"></A>
+<A NAME="IDX4188"></A>
+<A NAME="IDX4189"></A>
+<A NAME="IDX4190"></A>
+<A NAME="IDX4191"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Cache Manager and starts related daemons.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>afsd</B> [-<B>blocks</B> <<VAR>1024 byte blocks in cache</VAR>>]
+ [<B>-files</B> <<VAR>files in cache</VAR>>]
+ [<B>-rootvol</B> <<VAR>name of AFS root volume</VAR>>]
+ [<B>-stat</B> <<VAR>number of stat entries</VAR>>]
+ [<B>-memcache</B>] [<B>-cachedir</B> <<VAR>cache directory</VAR>>]
+ [<B>-mountdir</B> <<VAR>mount location</VAR>>]
+ [<B>-daemons</B> <<VAR>number of daemons to use</VAR>>]
+ [<B>-nosettime</B>] [<B>-verbose</B>] [<B>-rmtsys</B>] [<B>-debug</B>]
+ [<B>-chunksize</B> <<VAR>log(2) of chunk size</VAR>>]
+ [<B>-dcache</B> <<VAR>number of dcache entries</VAR>>]
+ [<B>-volumes</B> <<VAR>number of volume entries</VAR>>]
+ [<B>-biods</B> <<VAR>number of bkg I/O daemons (aix vm)</VAR>>]
+ [<B>-prealloc</B> <<VAR>number of 'small' preallocated blocks</VAR>>]
+ [<B>-confdir</B> <<VAR>configuration directory</VAR>>]
+ [<B>-logfile</B> <<VAR>Place to keep the CM log</VAR>>]
+ [<B>-waitclose</B>] [<B>-shutdown</B>] [<B>-enable_peer_stats</B>]
+ [<B>-enable_process_stats</B>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>afsd</B> command initializes the Cache Manager on an AFS client
+machine by transferring AFS-related configuration information into kernel
+memory and starting several daemons. More specifically, the
+<B>afsd</B> command performs the following actions:
+<UL>
+<P><LI>Sets a field in kernel memory that defines the machine's cell
+membership. Some Cache Manager-internal operations and system calls
+consult this field to learn which cell to execute in. (The AFS command
+interpreters refer to the <B>/usr/vice/etc/ThisCell</B> file
+instead.) This information is transferred into the kernel from the
+<B>/usr/vice/etc/ThisCell</B> file and cannot be changed until the
+<B>afsd</B> program runs again.
+<P><LI>Places in kernel memory the names and Internet addresses of the database
+server machines in the local cell and (optionally) foreign cells. The
+appearance of a cell's database server machines in this list enables the
+Cache Manager to contact them and to access files in the cell. Omission
+of a cell from this list, or incorrect information about its database server
+machines, prevents the Cache Manager from accessing files in it.
+<P>The list of database server machines is transferred into the kernel from
+the <B>/usr/vice/etc/CellServDB</B> file. After initialization, use
+the <B>fs newcell</B> command to change the kernel-resident list without
+having to reboot.
+<P><LI>Mounts the root of the AFS filespace on a directory on the machine's
+local disk, according to either the first field in the
+<B>/usr/vice/etc/cacheinfo</B> file (the default) or the <B>afsd</B>
+command's <B>-mountdir</B> argument. The conventional value is
+<B>/afs</B>.
+<P><LI>Determines which volume to mount at the root of the AFS file tree.
+The default is the volume <B>root.afs</B>; use the
+<B>-rootvol</B> argument to override it. Although the base
+(read/write) form of the volume name is the appropriate value, the Cache
+Manager has a bias for accessing the read-only version of the volume (by
+convention, <B>root.afs.readonly</B>) if it is
+available.
+<P><LI>Configures the cache on disk (the default) or in machine memory if the
+<B>-memcache</B> argument is provided. In the latter case, the
+<B>afsd</B> program allocates space in machine memory for caching, and the
+Cache Manager uses no disk space for caching even if the machine has a
+disk.
+<P><LI>Defines the name of the local disk directory devoted to caching, when the
+<B>-memcache</B> argument is not used. If necessary, the
+<B>afsd</B> program creates the directory (its parent directory must
+already exist). It does not remove the directory that formerly served
+this function, if one exists.
+<P>The second field in the <B>/usr/vice/etc/cacheinfo</B> file is the
+source for this name, and the standard value is the <B>/usr/vice/cache</B>
+directory. Use the <B>-cachedir</B> argument to override the value
+in the <B>cacheinfo</B> file.
+<P><LI>Sets the size of the cache. The default source for the value is the
+third field in the <B>/usr/vice/etc/cacheinfo</B> file, which specifies a
+number of kilobytes.
+<P>For a memory cache, the following arguments to the <B>afsd</B> command
+override the value in the <B>cacheinfo</B> file:
+<UL>
+<P><LI>The <B>-blocks</B> argument, to specify a different number of kilobyte
+blocks.
+<P><LI>The <B>-dcache</B> and <B>-chunksize</B> arguments together, to
+set both the number of dcache entries and the chunk size (see below for
+definition of these parameters). In this case, the <B>afsd</B>
+program derives cache size by multiplying the two values. Using this
+combination is not recommended, as it requires the issuer to perform the
+calculation beforehand to determine the resulting cache size.
+<P><LI>The <B>-dcache</B> argument by itself. In this case, the
+<B>afsd</B> program derives cache size by multiplying the value specified
+by the <B>-dcache</B> argument by the default memory cache chunk size of
+eight kilobytes. Using this argument is not recommended, as it requires
+the issuer to perform the calculation beforehand to determine the resulting
+cache size.
+</UL>
+<P>For satisfactory memory cache performance, the specified value must leave
+enough memory free to accommodate all other processes and commands that can
+run on the machine. If the value exceeds the amount of memory
+available, the <B>afsd</B> program exits without initializing the Cache
+Manager and produces the following message on the standard output
+stream:
+<PRE> afsd: memCache allocation failure at <VAR>number</VAR> KB
+
+</PRE>
+<P>where <VAR>number</VAR> is how many kilobytes were allocated just before the
+failure.
+<P>For a disk cache, use the <B>-blocks</B> argument to the
+<B>afsd</B> command to override the value in the <B>cacheinfo</B>
+file. The value specified in either way sets an absolute upper limit on
+cache size; values provided for other arguments (such as
+<B>-dcache</B> and <B>-chunksize</B>) never result in a larger
+cache. The <B>afsd</B> program rejects any setting larger than 95%
+of the partition size, and exits after generating an error message on the
+standard output stream, because the cache implementation itself requires a
+small amount of disk space and overfilling the partition can cause the client
+machine to panic.
+<P>To change the size of a disk cache after initialization without rebooting,
+use the <B>fs setcachesize</B> command; the setting persists until
+the <B>afsd</B> command runs again or the <B>fs setcachesize</B>
+command is reissued. The <B>fs setcachesize</B> command does not
+work for memory caches.
+<P><LI>Sets the size of each cache <VAR>chunk</VAR>, and by implication the amount
+of data that the Cache Manager requests at a time from the File Server (how
+much data per fetch RPC, since AFS uses partial file transfer).
+<P>For a disk cache, a chunk is a <B>V</B><VAR>n</VAR> file and this
+parameter sets the maximum size to which each one can expand; the default
+is 64 KB. For a memory cache, each chunk is a collection of contiguous
+memory blocks; the default is size is 8 KB.
+<P>To override the default chunk size for either type of cache, use the
+<B>-chunksize</B> argument to provide an integer to be used as an exponent
+of two; see the <B>Options</B> section for details. For a
+memory cache, if total cache size divided by chunk size leaves a remainder,
+the <B>afsd</B> program rounds down the number of dcache entries,
+resulting in a slightly smaller cache.
+<P><LI>Sets the number of chunks in the cache. For a memory cache, the
+number of chunks is equal to the cache size divided by the chunk size.
+For a disk cache, the number of chunks (<B>V</B><VAR>n</VAR> files) is set
+to the largest of the following unless the <B>-files</B> argument is used
+to set the value explicitly:
+<UL>
+<P><LI>100
+<P><LI>1.5 times the result of dividing cache size by chunk size
+(<VAR>cachesize</VAR>/<VAR>chunksize</VAR> * 1.5)
+<P><LI>The result of dividing cachesize by 10 KB (<VAR>cachesize</VAR>/10240)
+</UL>
+<P><LI>Sets the number of <VAR>dcache entries</VAR> allocated in machine memory for
+storing information about the chunks in the cache.
+<P>For a disk cache, the <B>/usr/vice/cache/CacheItems</B> file contains
+one entry for each <B>V</B><VAR>n</VAR> file. By default, one half
+the number of these entries (but not more that 2,000) are duplicated as dcache
+entries in machine memory for quicker access.
+<P>For a memory cache, there is no <B>CacheItems</B> file so all
+information about cache chunks must be in memory as dcache entries.
+Thus, there is no default number of dcache entries for a memory cache;
+instead, the <B>afsd</B> program derives it by dividing the cache size by
+the chunk size.
+<P>To set the number of dcache entries, use the <B>-dcache</B>
+argument; the specified value can exceed the default limit of
+2,000. Using this argument is not recommended for either type of
+cache. Increasing the number of dcache entries for a disk cache
+sometimes improves performance (because more entries are retrieved from memory
+rather than from disk), but only marginally. Using this argument for a
+memory cache requires the issuer to calculate the cache size by multiplying
+this value by the chunk size.
+<P><LI>Sets the number of <VAR>stat</VAR> entries available in machine memory for
+caching status information about cached AFS files. The default is
+300; use the <B>-stat</B> argument to override the default.
+<P><LI>Randomly selects a file server machine in the local cell as the source for
+the correct time. Every five minutes thereafter, the local clock is
+adjusted (if necessary) to match the file server machine's clock.
+<P>Use the <B>-nosettime</B> flag to prevent the <B>afsd</B> command
+from selecting a time standard. This is recommended only on file server
+machines that are also acting as clients. File server machines maintain
+the correct time using the Network Time Protocol Daemon instead.
+</UL>
+<P>In addition to setting cache configuration parameters, the <B>afsd</B>
+program starts the following daemons. (On most system types, these
+daemons appear as nameless entries in the output of the UNIX <B>ps</B>
+command.)
+<UL>
+<P><LI>One <I>callback</I> daemon, which handles callbacks. It also
+responds to the File Server's periodic probes, which check that the
+client machine is still alive.
+<P><LI>One <I>maintenance</I> daemon, which performs the following
+tasks:
+<UL>
+<P><LI>Garbage collects obsolete data (for example, expired tokens) from kernel
+memory
+<P><LI>Synchronizes files
+<P><LI>Refreshes information from read-only volumes once per hour
+<P><LI>Does delayed writes for NFS clients if the machine is running the NFS/AFS
+Translator
+</UL>
+<P><LI>One <I>cache-truncation</I> daemon, which flushes the cache when free
+space is required, by writing cached data and status information to the File
+Server.
+<P><LI>One <I>server connection</I> daemon, which sends a probe to the File
+Server every few minutes to check that it is still accessible. It also
+synchronizes the machine's clock with the clock on a randomly-chosen file
+server machine, unless the <B>-nosettime</B> flag is used. There is
+always one server connection daemon.
+<P><LI>One or more <I>background</I> daemons that improve performance by
+pre-fetching files and performing background (delayed) writes of saved data
+into AFS.
+<P>The default number of background daemons is two, enough to service at least
+five simultaneous users of the machine. To increase the number, use the
+<B>-daemons</B> argument. A value greater than six is not generally
+necessary.
+<P><LI>On some system types, one <I>Rx listener</I> daemon, which listens for
+incoming RPCs.
+<P><LI>On some system types, one <I>Rx event</I> daemon, which reviews the Rx
+system's queue of tasks and performs them as appropriate. Most
+items in the queue are retransmissions of failed packets.
+<P><LI>On machines that run AIX with virtual memory (VM) integration, one or more
+<I>VM</I> daemons (sometimes called <I>I/O</I> daemons, which transfer
+data between disk and machine memory. The number of them depends on the
+setting of the <B>-biods</B> and <B>-daemons</B> arguments:
+<UL>
+<P><LI>If the <B>-biods</B> argument is used, it sets the number of VM
+daemons.
+<P><LI>If only the <B>-daemons</B> argument is used, the number of VM daemons
+is twice the number of background daemons.
+<P><LI>If neither argument is used, there are five VM daemons.
+</UL>
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>Do not use the <B>-shutdown</B> parameter. It does not shutdown
+the Cache Manager effectively. Instead, halt Cache Manager activity by
+using the standard UNIX <B>umount</B> command to unmount the AFS root
+directory (by convention, <B>/afs</B>). The machine must then be
+rebooted to reinitialize the Cache Manager.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-blocks
+</B><DD>Specifies the number of kilobyte blocks to be made available for caching
+in the machine's cache directory (for a disk cache) or memory (for a
+memory cache), overriding the default defined in the third field of the
+<B>/usr/vice/etc/cacheinfo</B> file. For a disk cache, the value
+cannot exceed 95% of the space available in the cache partition. If
+using a memory cache, do not combine this argument with the <B>-dcache</B>
+argument, since doing so can possibly result in a chunk size that is not an
+exponent of 2.
+<P><DT><B>-files
+</B><DD>Specifies the number of <B>V</B><VAR>n</VAR> files to create in the
+cache directory for a disk cache, overriding the default that is calculated as
+described in the <B>Description</B> section. Each
+<B>V</B><VAR>n</VAR> file accommodates a chunk of data, and can grow to a
+maximum size of 64 KB by default. Do not combine this argument with the
+<B>-memcache</B> argument.
+<P><DT><B>-rootvol
+</B><DD>Names the read/write volume corresponding to the root directory for the
+AFS file tree (which is usually the <B>/afs</B> directory). This
+value overrides the default of the <B>root.afs</B> volume.
+<P><DT><B>-stat
+</B><DD>Specifies the number of entries to allocate in the machine's memory
+for recording status information about the AFS files in the cache. This
+value overrides the default of 300.
+<P><DT><B>-memcache
+</B><DD>Initializes a memory cache rather than a disk cache. Do not combine
+this flag with the <B>-files</B> argument.
+<P><DT><B>-cachedir
+</B><DD>Names the local disk directory to be used as the cache. This value
+overrides the default defined in the second field of the
+<B>/usr/vice/etc/cacheinfo</B> file.
+<P><DT><B>-mountdir
+</B><DD>Names the local disk directory on which to mount the root of the AFS
+filespace. This value overrides the default defined in the first field
+of the <B>/usr/vice/etc/cacheinfo</B> file. If a value other than
+the <B>/afs</B> directory is used, the machine cannot access the filespace
+of cells that do use that value.
+<P><DT><B>-daemons
+</B><DD>Specifies the number of background daemons to run on the machine.
+These daemons improve efficiency by doing prefetching and background writing
+of saved data. This value overrides the default of 2, which is adequate
+for a machine serving up to five users. Values greater than
+<B>6</B> are not generally more effective than <B>6</B>.
+<P><B>Note:</B> On AIX machines with integrated virtual memory (VM),
+the number of VM daemons is set to twice the value of this argument, if it is
+provided and the <B>-biods</B> argument is not. If both arguments
+are omitted, there are five VM daemons.
+<P><DT><B>-nosettime
+</B><DD>Prevents the Cache Manager from synchronizing its clock with the clock on
+a server machine selected at random, by checking the time on the server
+machine every five minutes. Use this flag only on a machine that is
+already using another time synchronization protocol (for example, a server
+machine that is running the <B>runntp</B> process).
+<P><DT><B>-verbose
+</B><DD>Generates a detailed trace of the <B>afsd</B> program's actions
+on the standard output stream.
+<P><DT><B>-rmtsys
+</B><DD>Initializes an additional daemon to execute AFS-specific system calls on
+behalf of NFS client machines. Use this flag only if the machine is an
+NFS/AFS translator machine serving users of NFS client machines who execute
+AFS commands.
+<A NAME="IDX4192"></A>
+<P><DT><B>-debug
+</B><DD>Generates a highly detailed trace of the <B>afsd</B> program's
+actions on the standard output stream. The information is useful mostly
+for debugging purposes.
+<P><DT><B>-chunksize
+</B><DD>Sets the size of each cache chunk. The integer provided, which must
+be from the range <B>0</B> to <B>30</B>, is used as an exponent on the
+number 2. It overrides the default of 16 for a disk cache
+(2<SUP>16</SUP> is 64 KB) and 13 for a memory cache (2<SUP>13</SUP> is 8
+KB). A value of <B>0</B> or less, or greater than <B>30</B>,
+sets chunk size to the appropriate default. Values less than
+<B>10</B> (which sets chunk size to a 1 KB) are not recommended.
+Combining this argument with the <B>-dcache</B> argument is not
+recommended because it requires that the issuer calculate the cache size that
+results.
+<P><DT><B>-dcache
+</B><DD>Sets the number of dcache entries in memory, which are used to store
+information about cache chunks. For a disk cache, this overrides the
+default, which is 50% of the number of <B>V</B><VAR>n</VAR> files (cache
+chunks). For a memory cache, this argument effectively sets the number
+of cache chunks, but its use is not recommended, because it requires the
+issuer to calculate the resulting total cache size (derived by multiplying
+this value by the chunk size). Do not combine this argument with the
+<B>-blocks</B> argument, since doing so can possibly result in a chunk
+size that is not an exponent of 2.
+<P><DT><B>-volumes
+</B><DD>Specifies the number of memory structures to allocate for storing volume
+location information. The default value is 50.
+<P><DT><B>-biods
+</B><DD>Sets the number of VM daemons dedicated to performing I/O operations on a
+machine running a version of AIX with virtual memory (VM) integration.
+If both this argument and the <B>-daemons</B> argument are omitted, the
+default is five. If this argument is omitted but the
+<B>-daemons</B> argument is provided, the number of VM daemons is set to
+twice the value of the <B>-daemons</B> argument.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Provide this argument only on a machine that runs AIX with VM
+integration.
+</TD></TR></TABLE>
+<P><DT><B>-prealloc
+</B><DD>Specifies the number of pieces of memory to preallocate for the Cache
+Manager's internal use. The default initial value is 400, but the
+Cache Manager dynamically allocates more memory as it needs it.
+<P><DT><B>-confdir
+</B><DD>Names a directory other than the <B>/usr/vice/etc</B> directory from
+which to fetch the <B>cacheinfo</B>, <B>ThisCell</B>, and
+<B>CellServDB</B> configuration files.
+<P><DT><B>-logfile
+</B><DD>Is obsolete and has no real effect. It specifies an alternate file
+in which to record a type of trace that the Cache Manager no longer
+generates; the default value is <B>/usr/vice/etc/AFSLog</B>.
+<P><DT><B>-waitclose
+</B><DD>Has no effect on the operation of the Cache Manager. The behavior
+it affected in previous versions of the Cache Manager, to perform synchronous
+writes to the File Server, is now the default behavior. To perform
+asynchronous writes in certain cases, use the <B>fs storebehind</B>
+command.
+<P><DT><B>-shutdown
+</B><DD>Shuts down the Cache Manager, but not in the most effective possible
+way. Do not use this flag.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The <B>afsd</B> command is normally included in the machine's AFS
+initialization file, rather than typed at the command shell prompt. For
+most disk caches, the appropriate form is
+<PRE> /usr/vice/etc/afsd
+
+</PRE>
+<P>The following command is appropriate when enabling a machine to act as an
+NFS/AFS Translator machine serving more than five users.
+<PRE> /usr/vice/etc/afsd -daemons 4 -rmtsys
+
+</PRE>
+<P>The following command initializes a memory cache and sets chunk size to 16
+KB (2<SUP>14</SUP>).
+<PRE> /usr/vice/etc/afsd -memcache -chunksize 14
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf017.htm#HDRCACHEITEMS">CacheItems</A>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf036.htm#HDRVN">V<I>n</I></A>
+<P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<A NAME="IDX4193"></A>
+<A NAME="IDX4194"></A>
+<A NAME="IDX4195"></A>
+<A NAME="IDX4196"></A>
+<A NAME="IDX4197"></A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf057.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf059.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf058.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf060.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRAFSMONITOR" HREF="auarf002.htm#ToC_73">afsmonitor</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Monitors File Servers and Cache Managers
+<P><STRONG>Description</STRONG>
+<PRE><B>afsmonitor</B> [<B>initcmd</B>] [<B>-config</B> <<VAR>configuration file</VAR>>]
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-output</B> <<VAR>storage file name</VAR>>] [<B>-detailed</B>]
+ [<B>-debug</B> <<VAR>turn debugging output on to the named file</VAR>>]
+ [<B>-fshosts</B> <<VAR>list of file servers to monitor</VAR>><SUP>+</SUP>]
+ [<B>-cmhosts</B> <<VAR>list of cache managers to monitor</VAR>><SUP>+</SUP>]
+ [<B>-buffers</B> <<VAR>number of buffer slots</VAR>>] [<B>-help</B>]
+
+<B>afsmonitor</B> [<B>i</B>] [<B>-co</B> <<VAR>configuration file</VAR>>]
+ [<B>-fr</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-o</B> <<VAR>storage file name</VAR>>] [<B>-det</B>]
+ [<B>-deb</B> <<VAR>turn debugging output on to the named file</VAR>>]
+ [<B>-fs</B> <<VAR>list of file servers to monitor</VAR>><SUP>+</SUP>]
+ [<B>-cm</B> <<VAR>list of cache managers to monitor</VAR>><SUP>+</SUP>]
+ [<B>-b</B> <<VAR>number of buffer slots</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>afsmonitor</B> command initializes a program that gathers and
+displays statistics about specified File Server and Cache Manager
+operations. It allows the issuer to monitor, from a single location, a
+wide range of File Server and Cache Manager operations on any number of
+machines in both local and foreign cells.
+<P>There are 271 available File Server statistics and 570 available Cache
+Manager statistics, listed in the appendix about <B>afsmonitor</B>
+statistics in the <I>IBM AFS Administration Guide</I>. By default,
+the command displays all of the relevant statistics for the file server
+machines named by the <B>-fshosts</B> argument and the client machines
+named by the <B>-cmhosts</B> argument. To limit the display to only
+the statistics of interest, list them in the configuration file specified by
+the <B>-config</B> argument. In addition, use the configuration
+file for the following purposes:
+<UL>
+<P><LI>To set threshold values for any monitored statistic. When the value
+of a statistic exceeds the threshold, the <B>afsmonitor</B> command
+displays it in reverse video. There are no default threshold
+values.
+<P><LI>To invoke a program or script automatically when a statistic exceeds its
+threshold. The AFS distribution does not include any such
+scripts.
+<P><LI>To list the file server and client machines to monitor, instead of using
+the <B>-fshosts</B> and <B>-cmhosts</B> arguments.
+</UL>
+<P>For a description of the configuration file, see the <B>afsmonitor
+Configuration File</B> reference page
+<P><STRONG>Cautions</STRONG>
+<P>The following software must be accessible to a machine where the
+<B>afsmonitor</B> program is running:
+<UL>
+<P><LI>The AFS <B>xstat</B> libraries, which the <B>afsmonitor</B>
+program uses to gather data
+<P><LI>The <B>curses</B> graphics package, which most UNIX distributions
+provide as a standard utility
+</UL>
+<A NAME="IDX4198"></A>
+<A NAME="IDX4199"></A>
+<P>The <B>afsmonitor</B> screens format successfully both on so-called
+dumb terminals and in windowing systems that emulate terminals. For the
+output to looks its best, the display environment needs to support reverse
+video and cursor addressing. Set the TERM environment variable to the
+correct terminal type, or to a value that has characteristics similar to the
+actual terminal type. The display window or terminal must be at least
+80 columns wide and 12 lines long.
+<A NAME="IDX4200"></A>
+<A NAME="IDX4201"></A>
+<A NAME="IDX4202"></A>
+<P>The <B>afsmonitor</B> program must run in the foreground, and in its
+own separate, dedicated window or terminal. The window or terminal is
+unavailable for any other activity as long as the <B>afsmonitor</B>
+program is running. Any number of instances of the
+<B>afsmonitor</B> program can run on a single machine, as long as each
+instance runs in its own dedicated window or terminal. Note that it can
+take up to three minutes to start an additional instance.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>initcmd
+</B><DD>Accommodates the command's use of the AFS command parser, and is
+optional.
+<P><DT><B>-config
+</B><DD>Names the configuration file which lists the machines to monitor,
+statistics to display, and threshold values, if any. A partial pathname
+is interpreted relative to the current working directory. Provide this
+argument if not providing the <B>-fshosts</B> argument,
+<B>-cmhosts</B> argument, or neither. For instructions on creating
+this file, see the preceding <B>Description</B> section, and the section
+on the <B>afsmonitor</B> program in the <I>IBM AFS Administration
+Guide</I>.
+<P><DT><B>-frequency
+</B><DD>Specifies in seconds how often the <B>afsmonitor</B> program probes
+the File Servers and Cache Managers. Valid values range from
+<B>1</B> to <B>86400</B> (which is 24 hours); the default value
+is <B>60</B>. This frequency applies to both File Servers and Cache
+Managers, but the <B>afsmonitor</B> program initiates the two types of
+probes, and processes their results, separately. The actual interval
+between probes to a host is the probe frequency plus the time required for all
+hosts to respond.
+<P><DT><B>-output
+</B><DD>Names the file to which the <B>afsmonitor</B> program writes all of
+the statistics that it collects. By default, no output file is
+created. See the section on the <B>afsmonitor</B> command in the
+<I>IBM AFS Administration Guide</I> for information on this file.
+<P><DT><B>-detailed
+</B><DD>Formats the information in the output file named by <B>-output</B>
+argument in a maximally readable format. Provide the <B>-output</B>
+argument along with this one.
+<P><DT><B>-fshosts
+</B><DD>Names one or more machines from which to gather File Server
+statistics. For each machine, provide either a fully qualified host
+name, or an unambiguous abbreviation (the ability to resolve an abbreviation
+depends on the state of the cell's name service at the time the command
+is issued). This argument can be combined with the <B>-cmhosts</B>
+argument, but not with the <B>-config</B> argument.
+<P><DT><B>-cmhosts
+</B><DD>Names one or more machines from which to gather Cache Manager
+statistics. For each machine, provide either a fully qualified host
+name, or an unambiguous abbreviation (the ability to resolve an abbreviation
+depends on the state of the cell's name service at the time the command
+is issued). This argument can be combined with the <B>-fshosts</B>
+argument, but not with the <B>-config</B> argument.
+<P><DT><B>-buffers
+</B><DD>Is nonoperational and provided to accommodate potential future
+enhancements to the program.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The <B>afsmonitor</B> program displays its data on three screens:
+<UL>
+<P><LI><TT>System Overview</TT>: This screen appears automatically when
+the <B>afsmonitor</B> program initializes. It summarizes separately
+for File Servers and Cache Managers the number of machines being monitored and
+how many of them have <I>alerts</I> (statistics that have exceeded their
+thresholds). It then lists the hostname and number of alerts for each
+machine being monitored, indicating if appropriate that a process failed to
+respond to the last probe.
+<P><LI><TT>File Server</TT>: This screen displays File Server statistics
+for each file server machine being monitored. It highlights statistics
+that have exceeded their thresholds, and identifies machines that failed to
+respond to the last probe.
+<P><LI><TT>Cache Managers</TT>: This screen displays Cache Manager
+statistics for each client machine being monitored. It highlights
+statistics that have exceeded their thresholds, and identifies machines that
+failed to respond to the last probe.
+</UL>
+<P>Fields at the corners of every screen display the following
+information:
+<UL>
+<P><LI>In the top left corner, the program name and version number.
+<P><LI>In the top right corner, the screen name, current and total page numbers,
+and current and total column numbers. The page number (for example,
+<TT>p. 1 of 3</TT>) indicates the index of the current page and the
+total number of (vertical) pages over which data is displayed. The
+column number (for example, <TT>c. 1 of 235</TT>) indicates the index
+of the current leftmost column and the total number of columns in which data
+appears. (The symbol <TT>>>></TT> indicates that there is additional
+data to the right; the symbol <TT><<<</TT> indicates that
+there is additional data to the left.)
+<P><LI>In the bottom left corner, a list of the available commands. Enter
+the first letter in the command name to run that command. Only the
+currently possible options appear; for example, if there is only one page
+of data, the <TT>next</TT> and <TT>prev</TT> commands, which scroll the
+screen up and down respectively, do not appear. For descriptions of the
+commands, see the following section about navigating the display
+screens.
+<P><LI>In the bottom right corner, the <TT>probes</TT> field reports how many
+times the program has probed File Servers (<TT>fs</TT>), Cache Managers
+(<TT>cm</TT>), or both. The counts for File Servers and Cache
+Managers can differ. The <TT>freq</TT> field reports how often the
+program sends probes.
+</UL>
+<P><B>Navigating the afsmonitor Display Screens</B>
+<P>As noted, the lower left hand corner of every display screen displays the
+names of the commands currently available for moving to alternate screens,
+which can either be a different type or display more statistics or machines of
+the current type. To execute a command, press the lowercase version of
+the first letter in its name. Some commands also have an uppercase
+version that has a somewhat different effect, as indicated in the following
+list.
+<DL>
+<P><DT><B><TT>cm</TT>
+</B><DD>Switches to the <TT>Cache Managers</TT> screen. Available only on
+the <TT>System Overview</TT> and <TT>File Servers</TT> screens.
+<P><DT><B><TT>fs</TT>
+</B><DD>Switches to the <TT>File Servers</TT> screen. Available only on
+the <TT>System Overview</TT> and the <TT>Cache Managers</TT>
+screens.
+<P><DT><B><TT>left</TT>
+</B><DD>Scrolls horizontally to the left, to access the data columns situated to
+the left of the current set. Available when the <TT><<<</TT>
+symbol appears at the top left of the screen. Press uppercase
+<B>L</B> to scroll horizontally all the way to the left (to display the
+first set of data columns).
+<P><DT><B><TT>next</TT>
+</B><DD>Scrolls down vertically to the next page of machine names.
+Available when there are two or more pages of machines and the final page is
+not currently displayed. Press uppercase <B>N</B> to scroll to the
+final page.
+<P><DT><B><TT>oview</TT>
+</B><DD>Switches to the <TT>System Overview</TT> screen. Available only
+on the <TT>Cache Managers</TT> and <TT>File Servers</TT> screens.
+<P><DT><B><TT>prev</TT>
+</B><DD>Scrolls up vertically to the previous page of machine names.
+Available when there are two or more pages of machines and the first page is
+not currently displayed. Press uppercase <B>N</B> to scroll to the
+first page.
+<P><DT><B><TT>right</TT>
+</B><DD>Scrolls horizontally to the right, to access the data columns situated to
+the right of the current set. This command is available when the
+<TT>>>></TT> symbol appears at the upper right of the screen. Press
+uppercase <B>R</B> to scroll horizontally all the way to the right (to
+display the final set of data columns).
+</DL>
+<P><B>The System Overview Screen</B>
+<P>The <TT>System Overview</TT> screen appears automatically as the
+<B>afsmonitor</B> program initializes. This screen displays the
+status of as many File Server and Cache Manager processes as can fit in the
+current window; scroll down to access additional information.
+<P>The information on this screen is split into File Server information on the
+left and Cache Manager information on the right. The header for each
+grouping reports two pieces of information:
+<UL>
+<P><LI>The number of machines on which the program is monitoring the indicated
+process
+<P><LI>The number of alerts and the number of machines affected by them (an
+<I>alert</I>means that a statistic has exceeded its threshold or a process
+failed to respond to the last probe)
+</UL>
+<P>A list of the machines being monitored follows. If there are any
+alerts on a machine, the number of them appears in square brackets to the left
+of the hostname. If a process failed to respond to the last probe, the
+letters <TT>PF</TT> (probe failure) appear in square brackets to the left of
+the hostname.
+<P><B>The File Servers Screen</B>
+<P>The <TT>File Servers</TT> screen displays the values collected at the
+most recent probe for File Server statistics.
+<P>A summary line at the top of the screen (just below the standard program
+version and screen title blocks) specifies the number of monitored File
+Servers, the number of alerts, and the number of machines affected by the
+alerts.
+<P>The first column always displays the hostnames of the machines running the
+monitored File Servers.
+<P>To the right of the hostname column appear as many columns of statistics as
+can fit within the current width of the display screen or window; each
+column requires space for 10 characters. The name of the statistic
+appears at the top of each column. If the File Server on a machine did
+not respond to the most recent probe, a pair of dashes (<TT>--</TT>) appears
+in each column. If a value exceeds its configured threshold, it is
+highlighted in reverse video. If a value is too large to fit into the
+allotted column width, it overflows into the next row in the same
+column.
+<P><B>The Cache Managers Screen</B>
+<P>The <TT>Cache Managers</TT> screen displays the values collected at the
+most recent probe for Cache Manager statistics.
+<P>A summary line at the top of the screen (just below the standard program
+version and screen title blocks) specifies the number of monitored Cache
+Managers, the number of alerts, and the number of machines affected by the
+alerts.
+<P>The first column always displays the hostnames of the machines running the
+monitored Cache Managers.
+<P>To the right of the hostname column appear as many columns of statistics as
+can fit within the current width of the display screen or window; each
+column requires space for 10 characters. The name of the statistic
+appears at the top of each column. If the Cache Manager on a machine
+did not respond to the most recent probe, a pair of dashes (<TT>--</TT>)
+appears in each column. If a value exceeds its configured threshold, it
+is highlighted in reverse video. If a value is too large to fit into
+the allotted column width, it overflows into the next row in the same
+column.
+<P><B>Writing to an Output File</B>
+<P>Include the <B>-output</B> argument to name the file into which the
+<B>afsmonitor</B> program writes all of the statistics it collects.
+The output file can be useful for tracking performance over long periods of
+time, and enables the administrator to apply post-processing techniques that
+reveal system trends. The AFS distribution does not include any
+post-processing programs.
+<P>The output file is in ASCII format and records the same information as the
+<TT>File Server</TT> and <TT>Cache Manager</TT> display screens.
+Each line in the file uses the following format to record the time at which
+the <B>afsmonitor</B> program gathered the indicated statistic from the
+Cache Manager (<TT>CM</TT>) or File Server (<TT>FS</TT>) running on the
+machine called <VAR>host_name</VAR>. If a probe failed, the error code
+<TT>-1</TT> appears in the <VAR>statistic</VAR> field.
+<PRE> <VAR>time</VAR> <VAR>host_name</VAR> CM|FS <VAR>statistic</VAR>
+
+</PRE>
+<P>If the administrator usually reviews the output file manually, rather than
+using it as input to an automated analysis program or script, including the
+<B>-detail</B> flag formats the data in a more easily readable
+form.
+<P><STRONG>Examples</STRONG>
+<P>For examples of commands, display screens, and configuration files, see the
+section about the <B>afsmonitor</B> program in the <I>IBM AFS
+Administration Guide</I>.
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf052.htm#HDRAFSMONCONFIG">afsmonitor Configuration File</A>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf233.htm#HDRSCOUT">scout</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf058.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf060.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf059.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf061.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_INTRO" HREF="auarf002.htm#ToC_74">backup</A></H2>
+<A NAME="IDX4203"></A>
+<A NAME="IDX4204"></A>
+<A NAME="IDX4205"></A>
+<A NAME="IDX4206"></A>
+<A NAME="IDX4207"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>backup</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>backup</B> command suite are the administrative
+interface to the AFS Backup System. There are several categories of
+commands in the suite:
+<UL>
+<P><LI>Commands to copy data from AFS volumes to tape or a backup data file, and
+to restore it to the file system: <B>backup diskrestore</B>,
+<B>backup dump</B>, <B>backup volrestore</B>, and <B>backup
+volsetrestore</B>
+<P><LI>Commands to administer the records in the Backup Database:
+<B>backup adddump</B>, <B>backup addhost</B>, <B>backup
+addvolentry</B>, <B>backup addvolset</B>, <B>backup deldump</B>,
+<B>backup deletedump</B>, <B>backup delhost</B>, <B>backup
+delvolentry</B>, <B>backup delvolset</B>, <B>backup dumpinfo</B>,
+<B>backup listdumps</B>, <B>backup listhosts</B>, <B>backup
+listvolsets</B>, <B>backup scantape</B>, <B>backup setexp</B>, and
+<B>backup volinfo</B>
+<P><LI>Commands to write and read tape labels: <B>backup labeltape</B>
+and <B>backup readlabel</B>
+<P><LI>Commands to list and change the status of backup operations and the
+machines performing them: <B>(backup) jobs</B>, <B>(backup)
+kill</B>, and <B>backup status</B>
+<P><LI>Commands to enter and leave interactive mode: <B>backup
+(interactive)</B> and <B>(backup) quit</B>
+<P><LI>Commands to check for and repair corruption in the Backup Database:
+<B>backup dbverify</B>, <B>backup restoredb</B>, and <B>backup
+savedb</B>
+<P><LI>Commands to obtain help: <B>backup apropos</B> and <B>backup
+help</B>
+</UL>
+<P>The <B>backup</B> command interpreter interacts with two other
+processes:
+<A NAME="IDX4208"></A>
+<A NAME="IDX4209"></A>
+<UL>
+<P><LI>The Backup Server (<B>buserver</B>) process. It maintains the
+Backup Database, which stores most of the administrative information used by
+the Backup System. In the standard configuration, the Backup Server
+runs on each database server machine in the cell, and uses AFS's
+distributed database technology, Ubik, to synchronize its copy of the database
+with the copies on the other database server machines.
+<P><LI>The Backup Tape Coordinator (<B>butc</B>) process. A separate
+instance of the process controls each tape device or backup data file used to
+dump or restore data. The Tape Coordinator runs on a Tape Coordinator
+machine, which is an AFS server or client machine that has one or more tape
+devices attached, or has sufficient disk space to accommodate one or more
+backup data files on its local disk.
+<P>Each Tape Coordinator must be registered in the Backup Database and in the
+<B>/usr/afs/backup/tapeconfig</B> configuration file on the Tape
+Coordinator machine's local disk, and information in the two places must
+be consistent for proper Backup System performance. The optional
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> for each Tape Coordinator
+records information used to automate its operation.
+</UL>
+<P>In addition to the standard command line interface, the <B>backup</B>
+command suite provides an <I>interactive</I> interface, which has several
+useful features described on the <B>backup (interactive)</B> reference
+page. Three of the commands in the suite are available only in
+interactive mode: <B>(backup) jobs</B>, <B>(backup) kill</B>,
+and <B>(backup) quit</B>.
+<P><STRONG>Options</STRONG>
+<P>The following options are available on many commands in the
+<B>backup</B> suite. The reference page for each command also lists
+them, but they are described here in greater detail.
+<A NAME="IDX4210"></A>
+<A NAME="IDX4211"></A>
+<A NAME="IDX4212"></A>
+<DL>
+<P><DT><B>-cell <<VAR>cell name</VAR>>
+</B><DD>Names the cell in which to run the command. It is acceptable to
+abbreviate the cell name to the shortest form that distinguishes it from the
+other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
+machine. If the <B>-cell</B> argument is omitted, the command
+interpreter determines the name of the local cell by reading the following in
+order:
+<OL TYPE=1>
+<P><LI>The value of the AFSCELL environment variable
+<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
+</OL>
+<P>
+<P>Do not combine the <B>-cell</B> and <B>-localauth</B>
+options. A command on which the <B>-localauth</B> flag is included
+always runs in the local cell (as defined in the server machine's local
+<B>/usr/afs/etc/ThisCell</B> file), whereas a command on which the
+<B>-cell</B> argument is included runs in the specified foreign
+cell.
+<P>The <B>-cell</B> argument is not available on commands issued in
+interactive mode. The cell defined when the <B>backup</B> command
+interpreter enters interactive mode applies to all commands issued during the
+interactive session.
+<A NAME="IDX4213"></A>
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+<P><DT><B>
+<A NAME="IDX4214"></A>
+-localauth
+</B><DD>Constructs a server ticket using the server encryption key with the
+highest key version number in the local <B>/usr/afs/etc/KeyFile</B>
+file. The <B>backup</B> command interpreter presents the ticket,
+which never expires, to the Backup Server, Volume Server and Volume Location
+(VL) Server during mutual authentication.
+<P>Use this flag only when issuing a command on a server machine; client
+machines do not usually have a <B>/usr/afs/etc/KeyFile</B> file.
+The issuer of a command that includes this flag must be logged on to the
+server machine as the local superuser <B>root</B>. The flag is
+useful for commands invoked by an unattended application program, such as a
+process controlled by the UNIX <B>cron</B> utility or by a cron entry in
+the machine's <B>/usr/afs/local/BosConfig</B> file. It is also
+useful if an administrator is unable to authenticate to AFS but is logged in
+as the local superuser <B>root</B>.
+<P>Do not combine the <B>-cell</B> and <B>-localauth</B>
+options. A command on which the <B>-localauth</B> flag is included
+always runs in the local cell (as defined in the server machine's local
+<B>/usr/afs/etc/ThisCell</B> file), whereas a command on which the
+<B>-cell</B> argument is included runs in the specified foreign
+cell.
+<P>The <B>-localauth</B> argument is not available on commands issued in
+interactive mode. The local identity and AFS tokens with which the
+<B>backup</B> command interpreter enters interactive mode apply to all
+commands issued during the interactive session.
+<P><DT><B>
+<A NAME="IDX4215"></A>
+-portoffset <<VAR>TC port offset</VAR>>
+</B><DD>Specifies the port offset number of the Tape Coordinator that is to
+execute the <B>backup</B> command. The port offset number uniquely
+identifies a pairing of a Tape Coordinator (<B>butc</B>) process and tape
+device or backup data file.
+<P>The <B>backup</B> command interpreter and Tape Coordinator process
+communicate via a UDP socket, or port. Before issuing a
+<B>backup</B> command that involves reading or writing a tape, the backup
+operator must start a <B>butc</B> process that controls the appropriate
+tape device and listens for requests sent to its port number. If a
+Backup System machine has multiple tape devices attached, they can perform
+backup operations simultaneously because each device has its own associated
+<B>butc</B> process and port offset number.
+<P>The Backup System associates a tape capacity and file mark size with each
+port offset (as defined in the <B>tapeconfig</B> file). For a
+compressing tape device, the capacity and file mark values differ for
+compression and non-compression modes, so the two modes have distinct port
+offset numbers.
+<P>The Backup Database can store up to 58,511 port offsets, so the legal
+values for this argument are the integers <B>0</B> through
+<B>58510</B>. If the issuer omits the argument, it defaults to
+<B>0</B>. (The limit of 58,511 port offsets results from the fact
+that UDP socket numbers are identified by a 16-bit integer, and the lowest
+socket number used by the Backup System is 7025. The largest number
+that a 16-bit integer can represent is 65,535. Subtracting 7,025 yields
+58,510. The addition of port offset 0 (zero) increases the maximum to
+58,511.)
+<P>Although it is possible to define up to 58,511 port offset numbers for a
+cell, it is not possible to run 58,511 tape devices simultaneously, due to the
+following limits:
+<UL>
+<P><LI>The maximum number of dump or restore operations that can run
+simultaneously is 64.
+<P><LI>The maximum number of tape devices that can work together on a restore
+operation is 128 (that is the maximum number of values that can be provided
+for the <B>-portoffset</B> argument to the <B>backup diskrestore</B>,
+<B>backup volrestore</B>, or <B>backup volsetrestore</B>
+command).
+</UL>
+<P>
+<P>The Backup System does not reserve UDP sockets. If another
+application is already using the Tape Coordinator's socket when it tries
+to start, the <B>butc</B> process fails and the following error message
+appears at the shell prompt:
+<PRE> bind: Address already in use
+ rxi_GetUDPSocket: bind failed
+
+</PRE>
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<A NAME="IDX4216"></A>
+<A NAME="IDX4217"></A>
+<P>To issue any <B>backup</B> command that accesses the Backup Database
+only, the issuer must be listed in the <B>/usr/afs/etc/UserList</B> file
+on every machine where the Backup Server is running. To issue any
+<B>backup</B> command that accesses volume data, the issuer must appear in
+the <B>UserList</B> file on every Backup Server machine, every Volume
+Location (VL) Server machine, and every file server machine that houses
+affected volumes. By convention, a common <B>UserList</B> file is
+distributed to all database server and file server machines in the
+cell. See the chapter on privileged users in the <I>IBM AFS
+Administration Guide</I> for more information on this type of
+privilege.
+<P>If the <B>-localauth</B> flag is included, the user must instead be
+logged on as the local superuser <B>root</B> on the server machine where
+the <B>backup</B> command is issued.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf018.htm#HDRCFG">CFG_<I>device_name</I></A>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf033.htm#HDRSV_THISCELL">ThisCell (server version)</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P><A HREF="auarf061.htm#HDRBK_ADDDUMP">backup adddump</A>
+<P><A HREF="auarf062.htm#HDRBK_ADDHOST">backup addhost</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf066.htm#HDRBK_DBVERIFY">backup dbverify</A>
+<P><A HREF="auarf067.htm#HDRBK_DELDUMP">backup deldump</A>
+<P><A HREF="auarf068.htm#HDRBK_DELETEDUMP">backup deletedump</A>
+<P><A HREF="auarf069.htm#HDRBK_DELHOST">backup delhost</A>
+<P><A HREF="auarf070.htm#HDRBK_DELVOLENTRY">backup delvolentry</A>
+<P><A HREF="auarf071.htm#HDRBK_DELVOLSET">backup delvolset</A>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf074.htm#HDRBK_DUMPINFO">backup dumpinfo</A>
+<P><A HREF="auarf075.htm#HDRBK_HELP">backup help</A>
+<P><A HREF="auarf076.htm#HDRBK_INTERACTIVE">backup interactive</A>
+<P><A HREF="auarf077.htm#HDRBK_JOBS">backup jobs</A>
+<P><A HREF="auarf078.htm#HDRBK_KILL">backup kill</A>
+<P><A HREF="auarf079.htm#HDRBK_LABELTAPE">backup labeltape</A>
+<P><A HREF="auarf080.htm#HDRBK_LISTDUMPS">backup listdumps</A>
+<P><A HREF="auarf081.htm#HDRBK_LISTHOSTS">backup listhosts</A>
+<P><A HREF="auarf082.htm#HDRBK_LISTVOLSETS">backup listvolsets</A>
+<P><A HREF="auarf083.htm#HDRBK_QUIT">backup quit</A>
+<P><A HREF="auarf084.htm#HDRBK_READLABEL">backup readlabel</A>
+<P><A HREF="auarf085.htm#HDRBK_RESTOREDB">backup restoredb</A>
+<P><A HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<P><A HREF="auarf087.htm#HDRBK_SCANTAPE">backup scantape</A>
+<P><A HREF="auarf088.htm#HDRBK_SETEXP">backup setexp</A>
+<P><A HREF="auarf089.htm#HDRBK_STATUS">backup status</A>
+<P><A HREF="auarf090.htm#HDRBK_VOLINFO">backup volinfo</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf092.htm#HDRBK_VOLSETRESTORE">backup volsetrestore</A>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf059.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf061.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf060.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf062.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_ADDDUMP" HREF="auarf002.htm#ToC_75">backup adddump</A></H2>
+<A NAME="IDX4218"></A>
+<A NAME="IDX4219"></A>
+<A NAME="IDX4220"></A>
+<A NAME="IDX4221"></A>
+<A NAME="IDX4222"></A>
+<A NAME="IDX4223"></A>
+<A NAME="IDX4224"></A>
+<A NAME="IDX4225"></A>
+<A NAME="IDX4226"></A>
+<A NAME="IDX4227"></A>
+<A NAME="IDX4228"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Defines a dump level in the dump hierarchy
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup adddump -dump</B> <<VAR>dump level name</VAR>><SUP>+</SUP> [<B>-expires</B> <<VAR>expiration date</VAR>><SUP>+</SUP>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup addd -d</B> <<VAR>dump level name</VAR>><SUP>+</SUP> [<B>-e</B> <<VAR>expiration date</VAR>><SUP>+</SUP>] [<B>-l</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup adddump</B> command creates one or more dump levels in
+the dump hierarchy stored in the Backup Database, and optionally assigns an
+expiration date to each one. All of the dump levels in the Backup
+Database collectively constitute the dump hierarchy.
+<P>Use the <B>-expires</B> argument to associate an expiration date with
+each dump level. When the Backup System subsequently creates a dump at
+the dump level, it uses the specified value to derive the dump's
+expiration date, which it records on the label of the tape (or backup data
+file). The Backup System refuses to overwrite a tape until after the
+latest expiration date of any dump that the tape contains, unless the
+<B>backup labeltape</B> command is used to relabel the tape. If a
+dump level does not have an expiration date, the Backup System treats dumps
+created at the level as expired as soon as it creates them.
+<P>(Note that the Backup System does not automatically remove a dump's
+record from the Backup Database when the dump reaches its expiration date, but
+only if the tape that contains the dump is recycled or relabeled. To
+remove expired and other obsolete dump records, use the <B>backup
+deletedump</B> command.)
+<P>Define either an absolute or relative expiration date:
+<UL>
+<P><LI>An absolute expiration date defines the month/day/year (and, optionally,
+hour and minutes) at which a dump expires. If the expiration date
+predates the dump creation time, the Backup System immediately treats the dump
+as expired.
+<P><LI>A relative date defines the number of years, months, or days (or a
+combination of the three) after the dump's creation that it
+expires. When the Backup System creates a dump at the dump level, it
+calculates an actual expiration date by adding the relative date to the start
+time of the dump operation.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dump
+</B><DD>Names each dump level to add to the dump hierarchy. Precede full
+dump level names with a slash (for example, <B>/full</B>). Indicate
+an incremental dump level by preceding it with an ordered list of the dump
+levels directly above it in the hierarchy (its parent dump levels); use
+the slash as a separator. The parent dump levels must already
+exist. For example, the dump levels <B>/full</B> and
+<B>/full/incremental1</B> must exist when the incremental dump level
+<B>/full/incremental1/incremental2</B> is created.
+<P>Dump level names can have any number of levels, but cannot exceed 256
+characters in length, including the slashes. The maximum length for any
+single level (the text between slashes) is 28 characters, not including the
+preceding slash.
+<P>All alphanumeric characters are allowed in dump level names. Do not
+use the period (<B>.</B>), however, because it is the separator
+between the volume set name and dump level name in the dump name assigned
+automatically by the <B>backup dump</B> command. It is best not to
+include other metacharacters either; if using them, enclose them in
+double quotes (<B>" "</B>) when issuing the <B>backup adddump</B>
+command outside interactive mode.
+<P><DT><B>-expires
+</B><DD>Defines the absolute or relative expiration date to associate with each
+dump level named by the <B>-dump</B> argument. Absolute expiration
+dates have the following format:
+<P>
+<PRE> [<B>at</B>] {<B>NEVER</B> | <VAR>mm</VAR><B>/</B><VAR>dd</VAR><B>/</B><VAR>yyyy</VAR> [<VAR>hh</VAR><B>:</B><VAR>MM</VAR>] }
+
+</PRE>
+<P>where the optional word <B>at</B> is followed either by the string
+<B>NEVER</B>, which indicates that dumps created at the dump level never
+expire, or by a date value with a required portion (<VAR>mm</VAR> for month,
+<VAR>dd</VAR> for day, and <VAR>yyyy</VAR> for year) and an optional portion
+(<VAR>hh</VAR> for hours and <VAR>MM</VAR> for minutes).
+<P>Omit the <VAR>hh</VAR>:<VAR>MM</VAR> portion to use the default of
+midnight (00:00 hours), or provide a value in 24-hour format (for
+example, <B>20:30</B> is 8:30 p.m.).
+Valid values for the year range from <B>1970</B> to <B>2037</B>;
+higher values are not valid because the latest possible date in the standard
+UNIX representation is in February 2038. The command interpreter
+automatically reduces later dates to the maximum value.
+<P>Relative expiration dates have the following format:
+<PRE> [<B>in</B>] [<VAR>years</VAR><B>y</B>] [<VAR>months</VAR><B>m</B>] [<VAR>days</VAR><B>d</B>]
+
+</PRE>
+<P>
+<P>where the optional word <B>in</B> is followed by at least one of a
+number of years (maximum <B>9999</B>) followed by the letter <B>y</B>,
+a number of months (maximum <B>12</B>) followed by the letter
+<B>m</B>, or a number of days (maximum <B>31</B>) followed by the
+letter <B>d</B>. If providing more than one of the three, list them
+in the indicated order. If the date that results from adding the
+relative expiration value to a dump's creation time is later than the
+latest possible date in the UNIX time representation, the Backup System
+automatically reduces it to that date.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition to be
+associated with each dump level specified by the <B>-dump</B>
+argument.
+</TD></TR></TABLE>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command defines a full dump called <B>/1999</B> with a
+relative expiration date of one year:
+<PRE> % <B>backup adddump -dump /1999 -expires in 1y</B>
+
+</PRE>
+<P>The following command defines an incremental dump called
+<B>/sunday1/monday</B>1 with a relative expiration date of 13 days:
+<PRE> % <B>backup adddump -dump /sunday1/monday1 -expires in 13d</B>
+
+</PRE>
+<P>The following command defines two dump incremental dump levels,
+<B>/Monthly/Week1</B> and <B>/Monthly/Week2</B>. Their parent,
+the full dump level <B>/Monthly</B>, must already exist. The
+expiration date for both levels is 12:00 a.m. on 1 January
+2000.
+<PRE> % <B>backup adddump -dump /Monthly/Week1 /Monthly/Week2 -expires at 01/01/2000</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf067.htm#HDRBK_DELDUMP">backup deldump</A>
+<P><A HREF="auarf068.htm#HDRBK_DELETEDUMP">backup deletedump</A>
+<P><A HREF="auarf080.htm#HDRBK_LISTDUMPS">backup listdumps</A>
+<P><A HREF="auarf088.htm#HDRBK_SETEXP">backup setexp</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf060.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf062.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf061.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf063.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_ADDHOST" HREF="auarf002.htm#ToC_76">backup addhost</A></H2>
+<A NAME="IDX4229"></A>
+<A NAME="IDX4230"></A>
+<A NAME="IDX4231"></A>
+<A NAME="IDX4232"></A>
+<A NAME="IDX4233"></A>
+<A NAME="IDX4234"></A>
+<A NAME="IDX4235"></A>
+<A NAME="IDX4236"></A>
+<A NAME="IDX4237"></A>
+<A NAME="IDX4238"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Adds a Tape Coordinator entry to the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup addhost -tapehost</B> <<VAR>tape machine name</VAR>> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup addh -t</B> <<VAR>tape machine name</VAR>> [<B>-p</B> <<VAR>TC port offset</VAR>>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup addhost</B> command creates a Tape Coordinator entry in
+the Backup Database. The entry records
+<UL>
+<P><LI>The host name of the Tape Coordinator machine where the Tape Coordinator
+(<B>butc</B>) process runs, as specified with the <B>-tapehost</B>
+argument.
+<P><LI>The Tape Coordinator's port offset number, as specified with the
+<B>-portoffset</B> argument. An entry for the port offset must also
+appear in the <B>/usr/afs/backup/tapeconfig</B> file on the Tape
+Coordinator machine, where it is mapped to a UNIX device name (for a tape
+device) or pathname (for a backup data file).
+</UL>
+<P>Each Tape Coordinator must have its own port offset number, and the command
+fails if a Backup Database entry already exists for the requested port offset
+number. To display existing Tape Coordinator entries, use the
+<B>backup listhosts</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-tapehost
+</B><DD>Specifies the fully-qualified hostname of the machine for which to create
+a Tape Coordinator entry in the Backup Database. The machine must have
+an entry in either the cell's naming service (such as the Domain Name
+Service) or the host file (<B>/etc/hosts</B> or equivalent) on the machine
+where the command is issued.
+<P><DT><B>-portoffset
+</B><DD>Specifies the Tape Coordinator's port offset number. Provide
+an integer from the range <B>0</B> through <B>58510</B>, or omit this
+argument to use the default value of <B>0</B> (zero). The value
+must match the port offset number recorded for the same combination of Tape
+Coordinator and tape device or file in the
+<B>/usr/afs/backup/tapeconfig</B> file on the Tape Coordinator machine
+named by the <B>-tapehost</B> argument.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command creates an entry in the Backup Database that assigns
+port offset number 4 to a Tape Coordinator running on the machine
+<B>backup1.abc.com</B>:
+<PRE> % <B>backup addhost -tapehost backup1.abc.com -portoffset 4</B>
+
+</PRE>
+<P>The following command creates a Backup Database entry that assigns port
+offset number 0 to a Tape Coordinator on the machine
+<B>backup3.abc.com</B>:
+<PRE> % <B>backup addhost backup3.abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf069.htm#HDRBK_DELHOST">backup delhost</A>
+<P><A HREF="auarf081.htm#HDRBK_LISTHOSTS">backup listhosts</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf061.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf063.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf062.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf064.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_ADDVOLENTRY" HREF="auarf002.htm#ToC_77">backup addvolentry</A></H2>
+<A NAME="IDX4239"></A>
+<A NAME="IDX4240"></A>
+<A NAME="IDX4241"></A>
+<A NAME="IDX4242"></A>
+<A NAME="IDX4243"></A>
+<A NAME="IDX4244"></A>
+<A NAME="IDX4245"></A>
+<A NAME="IDX4246"></A>
+<A NAME="IDX4247"></A>
+<A NAME="IDX4248"></A>
+<A NAME="IDX4249"></A>
+<A NAME="IDX4250"></A>
+<A NAME="IDX4251"></A>
+<A NAME="IDX4252"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Defines a volume entry in a volume set
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup addvolentry -name</B> <<VAR>volume set name</VAR>> <B>-server</B> <<VAR>machine name</VAR>>
+ <B>-partition</B> <<VAR>partition name</VAR>>
+ <B>-volumes</B> <<VAR>volume name (regular expression)</VAR>>
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup addvole -n</B> <<VAR>volume set name</VAR>> <B>-s</B> <<VAR>machine name</VAR>> <B>-p</B> <<VAR>partition name</VAR>>
+ <B>-v</B> <<VAR>volume name (regular expression)</VAR>>
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup addvolentry</B> command adds a volume entry definition to
+the existing volume set named by the <B>-name</B> argument. A
+volume entry definition can match one or more volumes, depending on the
+combination of the <B>-server</B>, <B>-partition</B>, and
+<B>-volumes</B> arguments.
+<P>For the <B>-server</B> and <B>-partition</B> arguments, provide
+either
+<UL>
+<P><LI>The name of one machine or partition
+<P><LI>The metacharacter expression <B>.*</B> (period and asterisk),
+which matches every machine name or partition name in the Volume Location
+Database (VLDB).
+</UL>
+<P>For the <B>-volumes</B> argument, specify a combination of alphanumeric
+characters and one or more metacharacters to wildcard part or all of the
+volume name. The <B>Options</B> section lists the acceptable
+metacharacters.
+<P><STRONG>Cautions</STRONG>
+<P>It is best to issue this command in interactive mode. If issuing it
+at the shell prompt, enclose any strings containing metacharacters in double
+quotes, or escape the metacharacters with other delimiters, to prevent the
+shell from interpreting them. Adding volume entries to a temporary
+volume set is possible only within the interactive session in which the volume
+set was created.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the volume set to which to add this volume entry definition.
+The volume set must already exist (use the <B>backup addvolset</B> command
+to create it).
+<P><DT><B>-server
+</B><DD>Defines the set of one or more file server machines that house the volumes
+in the volume entry. Provide either one fully-qualified hostname (such
+as <B>fs1.abc.com</B>) or the metacharacter expression
+<B>.*</B> (period and asterisk), which matches all machine names in
+the VLDB.
+<P><DT><B>-partition
+</B><DD>Defines the set of one or more partitions that house the volumes in the
+volume entry. Provide either one complete partition name (such as
+<B>/vicepa</B>) or the metacharacter expression <B>.*</B>
+(period and asterisk), which matches all partition names.
+<P><DT><B>-volumes
+</B><DD>Defines the set of one or more volumes included in the volume
+entry. Specify the volumes by name, by using any combination of regular
+alphanumeric characters and one or more of the following metacharacter
+expressions:
+<A NAME="IDX4253"></A>
+<A NAME="IDX4254"></A>
+<DL>
+<P><DT><B>.
+</B><DD>The period matches any single character.
+<P><DT><B>*
+</B><DD>The asterisk matches zero or more instances of the preceding
+character. Combine it with any other alphanumeric character or
+metacharacter.
+<P><DT><B>[ ]
+</B><DD>Square brackets around a list of characters match a single instance of any
+of the characters, but no other characters; for example, <B>[abc]</B>
+matches a single <B>a</B> or <B>b</B> or <B>c</B>, but not
+<B>d</B> or <B>A</B>. This expression can be combined with the
+asterisk.
+<P><DT><B>^
+</B><DD>The caret, when used as the first character in a square-bracketed set,
+designates a match with any single character <I>except</I> the characters
+that follow it; for example, <B>[^a]</B> matches any single character
+except lowercase <B>a</B>. This expression can be combined with the
+asterisk.
+<P><DT><B>\
+</B><DD>A backslash preceding any of the metacharacters in this list makes it
+match its literal value only. For example, the expression
+<B>\.</B> (backslash and period) matches a single period,
+<B>\*</B> a single asterisk, and <B>\\</B> a single backslash.
+Such expressions can be combined with the asterisk (for example,
+<B>\.*</B> matches any number of periods).
+</DL>
+<P>
+<P>Perhaps the most common metacharacter expression is the period followed by
+an asterisk (<B>.*</B>). This expression matches any string
+of any length, because the period matches any character and the asterisk means
+any number of that character. As mentioned, it is the only acceptable
+metacharacter expression for the <B>-server</B> and <B>-partition</B>
+arguments. In a volume definition it can stand alone (in which case it
+matches every volume listed in the VLDB), or can combine with regular
+characters. The following example matches any volume name that begins
+with the string <B>user</B> and ends with <B>backup</B>:
+<PRE> <B>user.*backup</B>
+
+</PRE>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command adds a volume entry to the volume set called
+<B>sys</B>. The entry matches all volumes on any machine or
+partition whose names begin with the string <B>sun4x_56</B> followed by a
+period:
+<PRE> backup> <B>addvolentry sys .* .* sun4x_56\..*</B>
+
+</PRE>
+<P>The following command adds a volume entry to the volume set called
+<B>fs2</B>, to match all volumes on the <B>/vicepb</B> partition of
+file server machine <B>fs2.abc.com</B>. Because it is
+issued at the shell prompt, double quotes surround the metacharacters in the
+<B>-volumes</B> argument. (The command is shown here on two lines
+only for legibility reasons.)
+<PRE> % <B>backup addvolentry -name fs2 -server fs2.abc.com \
+ -partition /vicepb -volumes ".*"</B>
+
+</PRE>
+<P>The chapter in the <I>IBM AFS Administration Guide</I> about
+configuring the AFS Backup System presents additional examples as well as
+advice on grouping volumes.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf070.htm#HDRBK_DELVOLENTRY">backup delvolentry</A>
+<P><A HREF="auarf071.htm#HDRBK_DELVOLSET">backup delvolset</A>
+<P><A HREF="auarf082.htm#HDRBK_LISTVOLSETS">backup listvolsets</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf062.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf064.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf063.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf065.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_ADDVOLSET" HREF="auarf002.htm#ToC_78">backup addvolset</A></H2>
+<A NAME="IDX4255"></A>
+<A NAME="IDX4256"></A>
+<A NAME="IDX4257"></A>
+<A NAME="IDX4258"></A>
+<A NAME="IDX4259"></A>
+<A NAME="IDX4260"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a new (empty) volume set
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup addvolset -name</B> <<VAR>volume set name</VAR>> [<B>-temporary</B>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup addvols -n</B> <<VAR>volume set name</VAR>> [<B>-t</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup addvolset</B> command creates a new volume set, by
+default adding it to the Backup Database. It is best that the volume
+set's name indicate the volume set's contents; for example,
+define the volume entries in the <B>user</B> volume set to match all user
+volumes. The volume set name must be unique within the Backup Database
+of the local cell.
+<P>After issuing this command, issue the <B>backup addvolentry</B> command
+to define the volume entries in the volume set.
+<P>Sometimes it is convenient to create volume sets without recording them
+permanently in the Backup Database, for example when using the <B>backup
+volsetrestore</B> command to restore a group of volumes that were not
+necessarily backed up together. To create a <I>temporary</I> volume
+set, include the <B>-temporary</B> flag. A temporary volume set
+exists only during the lifetime of the current interactive session, so the
+flag is effective only when used during an interactive session (opened by
+issuing the <B>backup interactive</B> command). If it is included
+when the command is issued at the regular command shell prompt, the command
+appears to succeed, but the volume set is not created. As noted, a
+temporary volume set ceases to exist when the current interactive session
+ends, or use the <B>backup delvolset</B> command to delete it before
+that.
+<P>One advantage of temporary volume sets is that the <B>backup
+addvolset</B> command, and any <B>backup addvolentry</B> commands
+subsequently used to add volume entries to it, complete more quickly than for
+regular volume sets, because no records are created in the Backup
+Database.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the new volume set. The name can include up to 31 of any
+character other than the period. Avoid other metacharacters as
+well.
+<P><DT><B>-temporary
+</B><DD>Creates a volume set that exists only within the context of the current
+interactive session. It is not added to the Backup Database.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command creates a volume set called <B>sys</B>:
+<PRE> % <B>backup addvolset sys</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf070.htm#HDRBK_DELVOLENTRY">backup delvolentry</A>
+<P><A HREF="auarf071.htm#HDRBK_DELVOLSET">backup delvolset</A>
+<P><A HREF="auarf082.htm#HDRBK_LISTVOLSETS">backup listvolsets</A>
+<P><A HREF="auarf092.htm#HDRBK_VOLSETRESTORE">backup volsetrestore</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf063.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf065.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf064.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf066.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_APROPOS" HREF="auarf002.htm#ToC_79">backup apropos</A></H2>
+<A NAME="IDX4261"></A>
+<A NAME="IDX4262"></A>
+<A NAME="IDX4263"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>backup ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup apropos</B> command displays the first line of the online
+help entry for any <B>backup</B> command that has in its name or short
+description the string specified by the <B>-topic</B> argument.
+<P>To display the syntax for a command, use the <B>backup help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes
+(<B>" "</B>) or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>backup</B> command where the string specified with the
+<B>-topic</B> argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following example lists all <B>backup</B> commands that include the
+word <B>tape</B> in their names or short descriptions:
+<PRE> % <B>backup apropos tape</B>
+ labeltape: label a tape
+ readlabel: read the label on tape
+ scantape: dump information recovery from tape
+ status: get tape coordinator status
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf075.htm#HDRBK_HELP">backup help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf064.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf066.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf065.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf067.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DBVERIFY" HREF="auarf002.htm#ToC_80">backup dbverify</A></H2>
+<A NAME="IDX4264"></A>
+<A NAME="IDX4265"></A>
+<A NAME="IDX4266"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Checks the integrity of the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup dbverify</B> [<B>-detail</B>] [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup db</B> [<B>-d</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup dbverify</B> command checks the integrity of the Backup
+Database. The command's output indicates whether the Backup
+Database is damaged (data is corrupted) or not. If the Backup Database
+is undamaged, it is safe to continue using it. If it is corrupted,
+discontinue any backup operations until it is repaired.
+<P><STRONG>Cautions</STRONG>
+<P>While this command runs, no other backup operation can access the Backup
+Database; the other commands do not run until this command
+completes. Avoid issuing this command when other backup operations are
+likely to run. The <B>backup savedb</B> command repairs some types
+of corruption.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-detail
+</B><DD>Reports the number of orphaned blocks found, any inconsistencies, and the
+name of the server machine running the Backup Server that is checking its copy
+of the database.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The command displays one of the following two messages:
+<DL>
+<P><DT><B><TT>Database OK</TT>
+</B><DD>The database is undamaged and can be used.
+<P><DT><B><TT>Database not OK</TT>
+</B><DD>The database is damaged. You can use the <B>backup savedb</B>
+command to repair many kinds of corruption as it creates a backup copy.
+For more detailed instructions, see the <I>IBM AFS Administration
+Guide</I> chapter about performing backup operations.
+</DL>
+<P>The <B>-detail</B> flag provides additional information:
+<UL>
+<P><LI>The number of <I>orphan blocks</I> found. These are ranges of
+memory that the Backup Server preallocated in the database but cannot
+use. Orphan blocks do not interfere with database access, but do waste
+disk space. To free the unusable space, dump the database to tape by
+using the <B>backup savedb</B> command, and then restore it by using the
+<B>backup restoredb</B> command.
+<P><LI>Any inconsistencies in the database, such as invalid hostnames for Tape
+Coordinator machines.
+<P><LI>The name of the database server machine on which the Backup Database was
+checked, designated as the <TT>Database checker</TT>. For a detailed
+trace of the verification operation, see the
+<B>/usr/afs/logs/BackupLog</B> file on the indicated machine. You
+can use the <B>bos getlog</B> command to display it.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command confirms that the Backup Database is undamaged:
+<PRE> % <B>backup dbverify</B>
+ Database OK
+
+</PRE>
+<P>The following command confirms that the Backup Database is undamaged and
+that it has no orphan blocks or invalid Tape Coordinator entries. The
+Backup Server running on the machine <B>db1.abc.com</B>
+checked its copy of the Database.
+<PRE> % <B>backup dbverify -detail</B>
+ Database OK
+ Orphan blocks 0
+ Database checker was db1.abc.com
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf014.htm#HDRBACKUPLOG">BackupLog</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf085.htm#HDRBK_RESTOREDB">backup restoredb</A>
+<P><A HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf065.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf067.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf066.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf068.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DELDUMP" HREF="auarf002.htm#ToC_81">backup deldump</A></H2>
+<A NAME="IDX4267"></A>
+<A NAME="IDX4268"></A>
+<A NAME="IDX4269"></A>
+<A NAME="IDX4270"></A>
+<A NAME="IDX4271"></A>
+<A NAME="IDX4272"></A>
+<A NAME="IDX4273"></A>
+<A NAME="IDX4274"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes a dump level from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup deldump -dump</B> <<VAR>dump level name</VAR>> [<B>-localauth</B>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup deld -d</B> <<VAR>dump level name</VAR>> [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup deldump</B> command deletes the indicated dump level and
+all of its child dump levels from the dump hierarchy in the Backup
+Database. Use the <B>backup listdumps</B> command to display the
+dump hierarchy.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dump
+</B><DD>Specifies the complete pathname of the dump level to delete.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command deletes the dump level <B>/sunday1/monday1</B>
+from the dump hierarchy, along with any of its child dump levels.
+<PRE> % <B>backup deldump /sunday1/monday1</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf061.htm#HDRBK_ADDDUMP">backup adddump</A>
+<P><A HREF="auarf080.htm#HDRBK_LISTDUMPS">backup listdumps</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf066.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf068.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf067.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf069.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DELETEDUMP" HREF="auarf002.htm#ToC_82">backup deletedump</A></H2>
+<A NAME="IDX4275"></A>
+<A NAME="IDX4276"></A>
+<A NAME="IDX4277"></A>
+<A NAME="IDX4278"></A>
+<A NAME="IDX4279"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes one or more dump records from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup deletedump</B> [<B>-dumpid</B> <<VAR>dump id</VAR>><SUP>+</SUP>] [<B>-from</B> <<VAR>date time</VAR>><SUP>+</SUP>] [<B>-to</B> <<VAR>date time</VAR>><SUP>+</SUP>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup dele</B> [<B>-d</B> <<VAR>dump id</VAR>><SUP>+</SUP>] [<B>-f</B> <<VAR>date time</VAR>><SUP>+</SUP>] [<B>-t</B> <<VAR>date time</VAR>><SUP>+</SUP>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup deletedump</B> command deletes one or more dump records
+from the Backup Database. Either use the <B>-dumpid</B> argument to
+specify the dump ID number of one or more dumps, or use the <B>-from</B>
+and <B>-to</B> arguments to delete the records for all regular dumps
+created during the time period bracketed by the specified values.
+<P>Use this command to remove dump records that are incorrect (possibly
+because a dump operation was interrupted or failed), or that correspond to
+dumps that are expired or otherwise no longer needed.
+<P><STRONG>Cautions</STRONG>
+<P>The only way to remove the dump record for an appended dump is to remove
+the record for its initial dump, and doing so removes the records for all of
+the initial dump's associated appended dumps.
+<P>The only way to remove the record for a Backup Database dump (created with
+the <B>backup savedb</B> command) is to specify its dump ID number with
+the <B>-dumpid</B> argument. Using the <B>-from</B> and
+<B>-to</B> arguments never removes database dump records.
+<P>Removing records of a dump makes it impossible to restore data from the
+corresponding tapes or from any dump that refers to the deleted dump as its
+parent, directly or indirectly. That is, restore operations must begin
+with the full dump and continue with each incremental dump in order. If
+the records for a specific dump are removed, it is not possible to restore
+data from later incremental dumps unless the deleted records are restored by
+running the <B>backup scantape</B> command with the <B>-dbadd</B>
+flag.
+<P>If a dump set contains any dumps that were created outside the time range
+specified by the <B>-from</B> and <B>-to</B> arguments, the command
+does not delete any of the records associated with the dump set, even if some
+of them represent dumps created during the time range.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dumpid
+</B><DD>Specifies the dump ID of each dump record to delete. The
+corresponding dumps must be initial dumps; it is not possible to delete
+appended dump records directly, but only by deleting the record of their
+associated initial dump. Using this argument is the only way to delete
+records of Backup Database dumps (created with the <B>backup savedb</B>
+command).
+<P>Provide either this argument or the <B>-to</B> (and optionally
+<B>-from</B>) argument.
+<P><DT><B>-from
+</B><DD>Specifies the beginning of a range of dates; the record for any dump
+created during the indicated period of time is deleted.
+<P>Omit this argument to indicate the default of midnight (00:00 hours)
+on 1 January 1970 (UNIX time zero), or provide a date value in the format
+<VAR>mm/dd/yyyy</VAR> [<VAR>hh:MM</VAR>]. The month (<VAR>mm</VAR>),
+day (<VAR>dd</VAR>), and year (<VAR>yyyy</VAR>) are required. The hour and
+minutes (<VAR>hh</VAR>:<VAR>MM</VAR>) are optional, but if provided must be
+in 24-hour format (for example, the value <B>14:36</B> represents
+2:36 p.m.). If omitted, the time defaults to
+midnight (00:00 hours).
+<P>The <B>-to</B> argument must be provided along with this one.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-to
+</B><DD>Specifies the end of a range of dates; the record of any dump created
+during the range is deleted from the Backup Database.
+<P>Provide either the value <B>NOW</B> to indicate the current date and
+time, or a date value in the same format as for the <B>-from</B>
+argument. Valid values for the year (<VAR>yyyy</VAR>) range from
+<B>1970</B> to <B>2037</B>; higher values are not valid because
+the latest possible date in the standard UNIX representation is in February
+2038. The command interpreter automatically reduces any later date to
+the maximum value.
+<P>If the time portion (<VAR>hh:MM</VAR>) is omitted, it defaults to 59
+seconds after midnight (00:00:59 hours). Similarly, the
+<B>backup</B> command interpreter automatically adds 59 seconds to any
+time value provided. In both cases, adding 59 seconds compensates for
+how the Backup Database and <B>backup dumpinfo</B> command represent dump
+creation times in hours and minutes only. For example, the Database
+records a creation timestamp of <TT>20:55</TT> for any dump operation
+that begins between 20:55:00 and 20:55:59.
+Automatically adding 59 seconds to a time thus includes the records for all
+dumps created during that minute.
+<P>Provide either this argument, or the <B>-dumpid</B> argument.
+This argument is required if the <B>-from</B> argument is provided.
+<P><B>Caution:</B> Specifying the value <B>NOW</B> for this
+argument when the <B>-from</B> argument is omitted deletes all dump
+records from the Backup Database (except for Backup Database dump records
+created with the <B>backup savedb</B> command).
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>At the conclusion of processing, the output lists the dump IDs of all dump
+records deleted in the following format:
+<PRE> The following dumps were deleted:
+ <VAR>dump ID 1</VAR>
+ <VAR>dump ID 2</VAR>
+ <VAR>etc.</VAR>
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command deletes the dump record with dump ID 653777462, and
+for any appended dumps associated with it:
+<PRE> % <B>backup deletedump -dumpid 653777462</B>
+ The following dumps were deleted:
+ 653777462
+
+</PRE>
+<P>The following command deletes the Backup Database record of all dumps
+created between midnight on 1 January 1997 and 23:59:59 hours on
+31 December 1997:
+<PRE> % <B>backup deletedump -from 01/01/1997 -to 12/31/1997</B>
+ The following dumps were deleted:
+ 598324045
+ 598346873
+ ...
+ ...
+ 653777523
+ 653779648
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf074.htm#HDRBK_DUMPINFO">backup dumpinfo</A>
+<P><A HREF="auarf087.htm#HDRBK_SCANTAPE">backup scantape</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf067.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf069.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf068.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf070.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DELHOST" HREF="auarf002.htm#ToC_83">backup delhost</A></H2>
+<A NAME="IDX4280"></A>
+<A NAME="IDX4281"></A>
+<A NAME="IDX4282"></A>
+<A NAME="IDX4283"></A>
+<A NAME="IDX4284"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes a Tape Coordinator entry from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup delhost -tapehost</B> <<VAR>tape machine name</VAR>> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup delh -t</B> <<VAR>tape machine name</VAR>> [<B>-p</B> <<VAR>TC port offset</VAR>>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup delhost</B> command deletes the indicated Tape
+Coordinator entry from the Backup Database. It is then impossible to
+submit backup operations to that Tape Coordinator, even if it is still
+running. To keep configuration information consistent, also remove the
+corresponding entry from the <B>/usr/afs/backup/tapeconfig</B> file on the
+Tape Coordinator machine.
+<P>To list the Tape Coordinator machines and port offsets defined in the
+Backup Database, issue the <B>backup listhosts</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-tapehost
+</B><DD>Specifies the hostname of the machine housing the Tape Coordinator to
+delete.
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator to delete.
+If omitted, it defaults to <B>0</B>. If provided, it is an integer
+between <B>0</B> (zero) and <B>58510</B>, and must match the port
+offset number assigned to the same combination of Tape Coordinator and tape
+device or file in the <B>/usr/afs/backup/tapeconfig</B> file on the Tape
+Coordinator machine indicated by the <B>-tapehost</B> argument.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command deletes the Backup Database entry for the Tape
+Coordinator with port offset 2 on the Tape Coordinator machine
+<B>backup3.abc.com</B>:
+<PRE> % <B>backup delhost -tapehost backup3.abc.com -portoffset 2</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf062.htm#HDRBK_ADDHOST">backup addhost</A>
+<P><A HREF="auarf081.htm#HDRBK_LISTHOSTS">backup listhosts</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf068.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf070.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf069.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf071.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DELVOLENTRY" HREF="auarf002.htm#ToC_84">backup delvolentry</A></H2>
+<A NAME="IDX4285"></A>
+<A NAME="IDX4286"></A>
+<A NAME="IDX4287"></A>
+<A NAME="IDX4288"></A>
+<A NAME="IDX4289"></A>
+<A NAME="IDX4290"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes a volume entry from a volume set
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup delvolentry -name</B> <<VAR>volume set name</VAR>> <B>-entry</B> <<VAR>volume set index</VAR>>
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup delvole -n</B> <<VAR>volume set name</VAR>> <B>-e</B> <<VAR>volume set index</VAR>>
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup delvolentry</B> command deletes the indicated volume
+entry from the volume set specified with the <B>-name</B> argument.
+Use the <B>-entry</B> argument to identify the volume entry by its index
+number. To display the index numbers, use the <B>backup
+listvolsets</B> command.
+<P>If there are any remaining volume entries with index numbers higher than
+the deleted entry, their indexes are automatically decremented to eliminate
+any gaps in the indexing sequence.
+<P><STRONG>Cautions</STRONG>
+<P>Deleting volume entries from a temporary volume set is possible only within
+the interactive session in which the volume set was created.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the volume set from which to delete a volume entry.
+<P><DT><B>-entry
+</B><DD>Specifies the index number of the volume entry to delete. Use the
+<B>backup listvolsets</B> command to display the index numbers for a
+volume set's volume entries.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command deletes the fourth volume entry from the volume set
+called <B>sys</B>:
+<PRE> % <B>backup delvolentry -name sys -entry 4</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf071.htm#HDRBK_DELVOLSET">backup delvolset</A>
+<P><A HREF="auarf082.htm#HDRBK_LISTVOLSETS">backup listvolsets</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf069.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf071.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf070.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf072.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DELVOLSET" HREF="auarf002.htm#ToC_85">backup delvolset</A></H2>
+<A NAME="IDX4291"></A>
+<A NAME="IDX4292"></A>
+<A NAME="IDX4293"></A>
+<A NAME="IDX4294"></A>
+<A NAME="IDX4295"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes one or more volume sets from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup delvolset -name</B> <<VAR>volume set name</VAR>><SUP>+</SUP>
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup delvols -n</B> <<VAR>volume set name</VAR>><SUP>+</SUP> [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup delvolset</B> command deletes each volume set named by
+the <B>-name</B> argument, and the volume entries each contains, from the
+Backup Database. The <B>backup listvolsets</B> command lists the
+volume sets (and their volume entries) currently defined in the Backup
+Database.
+<P><STRONG>Cautions</STRONG>
+<P>Deleting a temporary volume set is possible only within the interactive
+session in which it was created. Exiting the interactive session also
+destroys the temporary volume set automatically.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names each volume set to delete.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command deletes the volume set called <B>user</B> and all
+volume entries in it:
+<PRE> % <B>backup delvolset user</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf070.htm#HDRBK_DELVOLENTRY">backup delvolentry</A>
+<P><A HREF="auarf082.htm#HDRBK_LISTVOLSETS">backup listvolsets</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf070.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf072.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf071.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf073.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DISKRESTORE" HREF="auarf002.htm#ToC_86">backup diskrestore</A></H2>
+<A NAME="IDX4296"></A>
+<A NAME="IDX4297"></A>
+<A NAME="IDX4298"></A>
+<A NAME="IDX4299"></A>
+<A NAME="IDX4300"></A>
+<A NAME="IDX4301"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Restores the entire contents of a partition
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup diskrestore -server</B> <<VAR>machine to restore</VAR>>
+ <B>-partition</B> <<VAR>partition to restore</VAR>>
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>><SUP>+</SUP>]
+ [-<B>newserver</B> <<VAR>destination machine</VAR>>]
+ [<B>-newpartition</B> <<VAR>destination partition</VAR>>]
+ [<B>-extension</B> <<VAR>new volume name extension</VAR>>]
+ [<B>-n</B>] [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup di -s</B> <<VAR>machine to restore</VAR>> <B>-pa</B> <<VAR>partition to restore</VAR>>
+ [<B>-po</B> <<VAR>TC port offset</VAR>><SUP>+</SUP>] [<B>-news</B> <<VAR>destination machine</VAR>>]
+ [<B>-newp</B> <<VAR>destination partition</VAR>>] [<B>-e</B> <<VAR>new volume name extension</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup diskrestore</B> command restores all of the volumes for
+which the Volume Location Database (VLDB) lists a read/write site on the
+partition specified with the <B>-server</B> and <B>-partition</B>
+arguments. It is useful if a disk or machine failure corrupts or
+destroys the data on an entire partition. (To restore any read-only or
+backup volumes that resided on the partition, use the <B>vos release</B>
+and <B>vos backup</B> commands, respectively, after restoring the
+read/write version.)
+<P>If restoring only selected volumes to a single site, it is usually more
+efficient to use the <B>backup volrestore</B> command. To restore
+multiple volumes to many different sites, use the <B>backup
+volsetrestore</B> command.
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file on the Tape
+Coordinator machine associated with the specified port offset, then the Backup
+System restores data from the backup data file listed for that port offset in
+the Tape Coordinator's <B>/usr/afs/backup/tapeconfig</B> file,
+instead of from tape. For the sake of clarity, the following text
+refers to tapes only, but the Backup System handles backup data files in much
+the same way.)
+<P>The Backup System determines whether the read/write or backup version of
+each volume was dumped more recently, and restores the dumps of that version,
+starting with the most recent full dump. It resets the creation
+timestamp of each restored volume to the date and time at which it begins
+restoring the volume (the creation timestamp appears in the
+<TT>Creation</TT> field of the output from the <B>vos examine</B> and
+<B>vos listvol</B> commands).
+<P>If all of the full and incremental dumps of all relevant volumes were not
+written on compatible tape devices, use the <B>-portoffset</B> argument to
+list multiple port offset numbers in the order in which the tapes are needed
+(first list the port offset for the full dump, second the port offset for the
+level 1 incremental dump, and so on). This implies that the full dumps
+of all relevant volumes must have been written to a type of tape that the
+first Tape Coordinator can read, the level 1 incremental dumps to a type of
+tape the second Tape Coordinator can read, and so on. If dumps are on
+multiple incompatible tape types, use the <B>backup volrestore</B> command
+to restore individual volumes, or the <B>backup volsetrestore</B> command
+after defining groups of volumes that were dumped to compatible tape
+types. For further discussion, see the <I>IBM AFS Administration
+Guide</I>.
+<P>By default, the Backup System restores the contents of the specified
+partition to that same partition. To restore the contents to an
+alternate site, combine the following options as indicated. The Backup
+System removes each volume from the original site, if it still exists, and
+records the change of site in the VLDB.
+<UL>
+<P><LI>To restore to a different partition on the same file server machine,
+provide the <B>-newpartition</B> argument.
+<P><LI>To restore to the partition with the same name on a different file server
+machine, provide the <B>-newserver</B> argument.
+<P><LI>To restore to a completely different site, combine the
+<B>-newserver</B> and <B>-newpartition</B> arguments.
+</UL>
+<P>By default, the Backup System overwrites the contents of existing volumes
+with the restored data. To create a new volume to house the restored
+data instead, use the <B>-extension</B> argument. The Backup System
+creates the new volume at the site designated by the <B>-newserver</B> and
+<B>-newpartition</B> arguments if they are used or the <B>-server</B>
+and <B>-partition</B> arguments otherwise. It derives the volume
+name by adding the extension to the read/write base name listed in the VLDB,
+and creates a new VLDB entry. The command does not affect the existing
+volume in any way. However, if a volume with the specified extension
+also already exists, the command overwrites it.
+<P>To print out a list of the tapes containing the needed dumps, without
+actually performing the restore operation, include the <B>-n</B> flag
+along with the other options to be used on the actual command.
+<P>The Tape Coordinator's default response to this command is to access
+the first tape it needs by invoking the <B>MOUNT</B> instruction in the
+local <B>CFG_</B><VAR>device_name</VAR> file, or by prompting the backup
+operator to insert the tape if there is no <B>MOUNT</B>
+instruction. However, if the <B>AUTOQUERY NO</B> instruction
+appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the issuer of
+the <B>butc</B> command included the <B>-noautoquery</B> flag, the
+Tape Coordinator instead expects the tape to be in the device already.
+If it is not, or is the wrong tape, the Tape Coordinator invokes the
+<B>MOUNT</B> instruction or prompts the operator. It also invokes
+the <B>MOUNT</B> instruction or prompts for any additional tapes needed to
+complete the restore operation; the backup operator must arrange to
+provide them.
+<P><STRONG>Cautions</STRONG>
+<P>If issuing this command to recover data after a disk crash or other damage,
+be sure not to issue the <B>vos syncserv</B> command first. Doing
+so destroys the VLDB record of the volumes that resided on the
+partition.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Names the file server machine that the VLDB lists as the site of the
+volumes that need to be restored.
+<P><DT><B>-partition
+</B><DD>Names the partition that the VLDB lists as the site of the volumes that
+need to be restored.
+<P><DT><B>-portoffset
+</B><DD>Specifies one or more port offset numbers (up to a maximum of 128), each
+corresponding to a Tape Coordinator to use in the operation. If there
+is more than one value, the Backup System uses the first one when restoring
+the full dump of each volume, the second one when restoring the level 1
+incremental dump of each volume, and so on. It uses the final value in
+the list when restoring dumps at the corresponding depth in the dump hierarchy
+and at all lower levels.
+<P>Provide this argument unless the default value of 0 (zero) is appropriate
+for all dumps. If <B>0</B> is just one of the values in the list,
+provide it explicitly in the appropriate order.
+<P><DT><B>-newserver
+</B><DD>Names an alternate file server machine to which to restore the
+volumes. If this argument is omitted, the volumes are restored to the
+file server machine named by the <B>-server</B> argument.
+<P><DT><B>-newpartition
+</B><DD>Names an alternate partition to which to restore the data. If this
+argument is omitted, the volumes are restored to the partition named by the
+<B>-partition</B> argument.
+<P><DT><B>-extension
+</B><DD>Creates a new volume for each volume being restored, to house the restored
+data. The Backup System derives the new volume's name by appending
+the specified string to the read/write base name listed in the VLDB, and
+creates a new VLDB volume entry. The Backup System preserves the
+contents of the volumes on the partition, if any still exist. Any
+string other than <B>.readonly</B> or <B>.backup</B> is
+acceptable, but the combination of the base name and extension cannot exceed
+22 characters in length. To use a period to separate the extension from
+the name, specify it as the first character of the string (as in
+<B>.rst</B>, for example).
+<P><DT><B>-n
+</B><DD>Displays a list of the tapes necessary to perform the requested restore,
+without actually performing the operation.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If a tape error occurs during the restore operation, the Tape Coordinator
+displays the following messages:
+<PRE> Restore operation on volume <VAR>name</VAR> failed due to tape error
+ Do you want to continue (y/n)?
+
+</PRE>
+<P>where <VAR>name</VAR> is the name of the volume that was being restored when
+the tape error occurred. Enter the value <B>y</B> to continue the
+operation without restoring the indicated volume or the value <B>n</B> to
+terminate the operation. In the latter case, the operator can then
+attempt to determine the cause of the tape error.
+<P>If the issuer includes the <B>-n</B> flag with the command, the
+following string appears at the head of the list of the tapes necessary to
+perform the restore operation:
+<PRE> Tapes needed:
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command restores the volumes for which the VLDB lists a
+read/write site on the <B>/vicepd</B> partition of the machine
+<B>fs5.abc.com</B>. The Tape Coordinator associated
+with port offset 3 performs the operation.
+<PRE> % <B>backup diskrestore -server fs5.abc.com -partition /vicepd -portoffset 3</B>
+
+</PRE>
+<P>The following command restores the volumes for which the VLDB lists a
+read/write site on the <B>/vicepb</B> partition of the machine
+<B>fs1.abc.com</B> to a new site: the
+<B>/vicepa</B> partition on the machine
+<B>fs3.abc.com</B>. The Tape Coordinator associated
+with port offset 0 performs the operation. (The command appears here on
+two lines only for legibility.)
+<PRE> % <B>backup diskrestore -server fs1.abc.com -partition /vicepb</B> \
+ <B>-newserver fs3.abc.com -newpartition /vicepa</B>
+
+</PRE>
+<P>The following command lists the tapes required to restore the volumes for
+which the VLDB lists a read/write site on the <B>/vicepm</B> partition of
+the machine <B>fs4.abc.com</B>:
+<PRE> % <B>backup diskrestore -server fs4.abc.com -partition /vicepm -n</B>
+ Tapes needed:
+ user.sunday1.1
+ user.sunday1.2
+ user.monday1.1
+ user.tuesday1.1
+ user.wednesday1.1
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server or Volume Location (VL) Server is
+running, and on every file server machine that houses an affected
+volume. If the <B>-localauth</B> flag is included, the issuer must
+instead be logged on to a server machine as the local superuser
+<B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf092.htm#HDRBK_VOLSETRESTORE">backup volsetrestore</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P><A HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<P><A HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf071.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf073.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf072.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf074.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DUMP" HREF="auarf002.htm#ToC_87">backup dump</A></H2>
+<A NAME="IDX4302"></A>
+<A NAME="IDX4303"></A>
+<A NAME="IDX4304"></A>
+<A NAME="IDX4305"></A>
+<A NAME="IDX4306"></A>
+<A NAME="IDX4307"></A>
+<A NAME="IDX4308"></A>
+<A NAME="IDX4309"></A>
+<A NAME="IDX4310"></A>
+<A NAME="IDX4311"></A>
+<A NAME="IDX4312"></A>
+<A NAME="IDX4313"></A>
+<A NAME="IDX4314"></A>
+<A NAME="IDX4315"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a dump (dumps a volume set at a particular dump level)
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup dump</B> [<B>-volumeset</B> <<VAR>volume set name</VAR>>] [<B>-dump</B> <<VAR>dump level name</VAR>>]
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>>] [<B>-at</B> <<VAR>Date/time to start dump</VAR>><SUP>+</SUP>]
+ [<B>-append</B>] [<B>-n</B>] [<B>-file</B> <<VAR>load file</VAR>>]
+ [<B>-localauth</B>] [-<B>cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup dump</B> [<B>-v</B> <<VAR>volume set name</VAR>>] [<B>-d</B> <<VAR>dump level name</VAR>>]
+ [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-at</B> <<VAR>Date/time to start dump</VAR>><SUP>+</SUP>]
+ [<B>-ap</B>] [<B>-n</B>] [<B>-f</B> <<VAR>load file</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup dump</B> command either dumps the volume set specified by
+the <B>-volumeset</B> argument at the dump level specified by the
+<B>-dump</B> argument and creates a Backup Database dump record about it,
+or executes the dump instructions listed in the file named by the
+<B>-file</B> argument. The Tape Coordinator indicated by the
+<B>-portoffset</B> argument (or on each command in the file) executes the
+operation.
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file on the Tape
+Coordinator machine associated with the specified port offset, then the Backup
+System dumps data to the backup data file listed for that port offset in the
+Tape Coordinator's <B>/usr/afs/backup/tapeconfig</B> file, rather
+than to tape. For the sake of clarity, the following text refers to
+tapes only, but the Backup System handles backup data files in much the same
+way.)
+<P>The term <I>dumping</I> refers to copying a collection of data to tape
+or a backup data file, and the resulting collection is termed a
+<I>dump</I>. The set of tapes that contain one or more dumps is
+called a <I>dump set</I>. The first dump in a dump set is its
+<I>initial dump</I>, and any dumps subsequently added to the dump set (by
+use of the <B>-append</B> argument) are <I>appended dumps</I>.
+Creating appended dumps is optional, and appended dumps can be of different
+volume sets, and at different dump levels, than the initial dump.
+<P>A <I>full dump</I>, created at a full dump level in the dump hierarchy,
+contains all of the data that existed at the time of the dump in the volumes
+belonging to the volume set. An <I>incremental dump</I>, created at
+an incremental dump level, contains only data that has changed since the
+volume set was dumped at the incremental level's <I>parent dump
+level</I> (the dump level immediately above the incremental level in the
+hierarchy), which can be a full or incremental level. More
+specifically, an incremental dump includes only the files and directories that
+have modification timestamps later than the <I>clone date</I> of the
+volume included at the parent dump level. For backup and read-only
+volumes, the clone date is the time at which the volume was cloned from its
+read/write source before being included in the parent dump; for
+read/write volumes, it represents the time at which the volume was locked for
+inclusion in the parent dump. The clone date appears in the <VAR>clone
+date</VAR> field of the output from the <B>backup volinfo</B>
+command. As an example, an incremental dump at the
+<B>/full/week1/thursday</B> level includes only files and directories that
+have changed since the volume set was dumped at the <B>/full/week1</B>
+level.
+<P><B>Initiating different types of dump operations</B>
+<P>To initiate a dump operation that is to start as soon as the relevant Tape
+Coordinator is available, provide only the <B>-volumeset</B>,
+<B>-dump</B>, <B>-portoffset</B>, and optionally <B>-append</B>
+options. To schedule a single <B>backup dump</B> command to execute
+in the future, also include the <B>-at</B> argument to specify the start
+time.
+<P>To append a dump to an existing dump set, include the <B>-append</B>
+flag. The Backup System imposes the following conditions on appended
+dumps:
+<UL>
+<P><LI>If writing to tape, the Tape Coordinator checks that it is the final one
+in a dump set for which there are complete and valid tape and dump records in
+the Backup Database. If not, it rejects the tape and requests an
+acceptable one. The operator can use the <B>-dbadd</B> argument to
+the <B>backup scantape</B> command to insert the necessary records into
+the database.
+<P><LI>The most recent dump on the tape or in the backup data file must have
+completed successfully.
+<P><LI>The dump set must begin with an initial dump that is recorded in the
+Backup Database. If there are no dumps on the tape, then the Backup
+System treats the dump operation as an initial dump and imposes the relevant
+requirements (for example, checks the AFS tape name if appropriate).
+</UL>
+<P>To schedule multiple dump operations, list the operations in the file named
+by the <B>-file</B> argument. Optionally include the <B>-at</B>
+argument to specify when the <B>backup</B> command interpreter reads the
+file; otherwise it reads it immediately. Do not combine the
+<B>-file</B> argument with the command's first three arguments or the
+<B>-append</B> or <B>-n</B> flags. The commands in the file can
+include any of the <B>backup dump</B> command's arguments, including
+the <B>-at</B> argument to schedule them to run even later in the
+future.
+<P>To generate a list of the volumes included in a dump, without actually
+dumping them, combine the <B>-n</B> flag with the options to be used on
+the actual command.
+<P><B>How the Backup System executes a dump operation</B>
+<P>Before beginning a dump operation, the Backup System verifies that there is
+a Backup Database entry for the volume set, dump level, and port
+offset. If the command is correctly formed and issued in interactive
+mode, it is assigned a job number and added to the jobs list. List jobs
+in interactive mode by using the <B>(backup) jobs</B> command;
+terminate them with the <B>(backup) kill</B> command.
+<P>After obtaining the list of volumes to dump from the Volume Location (VL)
+Server, the Backup System sorts the list by site (server and
+partition). It groups volumes from the same site together in the dump
+to minimize the number of times the operator must change tapes during restore
+operations.
+<P>The dependence of an incremental dump on its parent means that a valid
+parent dump must already exist for the Backup System to create its child
+incremental dump. If the Backup System does not find a record of a dump
+created at the immediate parent dump level, it looks in the Backup Database
+for a dump created at one level higher in the hierarchy, and so on, up to the
+full dump level if necessary. It creates an incremental dump at the
+level one below the lowest valid parent dump set that it finds. If it
+fails to find even a full dump, it dumps the volume set at the full dump
+level.
+<P>If the Backup System is unable to access a volume during a dump operation,
+it skips the volume and dumps the remaining volumes from the volume
+set. Possible reasons a volume is inaccessible include server machine
+or process outages, or that the volume was moved between the time the Volume
+Location (VL) Server generated the list of sites for the volume in the volume
+set and the time the Backup System actually attempts to dump the data in
+it. After the first dumping pass, the Backup System attempts to dump
+each volume it skipped. If it still cannot dump a volume and the
+<B>ASK NO</B> instruction does not appear in the
+<B>CFG_</B><VAR>device_name</VAR> file, it queries the operator as to
+whether it needs to attempt to dump the volume again, omit the volume from the
+dump, or halt the dump operation altogether. When prompted, the
+operator can attempt to solve whatever problem prevented the Backup System
+from accessing the volumes. If the <B>ASK NO</B> instruction
+appears in the <B>CFG_</B><VAR>device_name</VAR> file, the Backup System
+omits the volume from the dump.
+<P>Before scheduling a dump operation, the Backup System verifies that the
+date specified by the <B>-at</B> argument is in the future, and checks the
+validity of the volume set, dump level and port offset as for a regular dump
+operation. It checks the validity of the parameters again just before
+actually running the scheduled operation.
+<P>Before writing an initial dump to a tape that does not have a permanent
+name on the label, the Backup System checks that the AFS tape name on the
+label is acceptable. If desired, disable name checking by including the
+<B>NAME_CHECK NO</B> instruction in the
+<B>CFG_</B><VAR>device_name</VAR> file.
+<P>If AFS tape name checking is enabled, the Backup System accepts the
+following three types of values for the AFS tape name. If the name on
+the label does not conform, the Backup System obtains a tape with an
+acceptable label by invoking the <B>MOUNT</B> instruction in the
+<B>CFG_</B><VAR>device_name</VAR> file or prompting the operator.
+<OL TYPE=1>
+<P><LI>A name of the form
+<VAR>volume_set_name.dump_level_name.tape_index</VAR>, where
+<VAR>volume_set_name</VAR> matches the value of the <B>-volumeset</B>
+argument, <VAR>dump_level_name</VAR> matches the last element in the pathname
+value of the <B>-dump</B> argument, and <VAR>tape_index</VAR> reflects the
+tape's place in a multitape dump set. As an example, the first
+tape in a dump set for which the initial dump is of volume set <B>user</B>
+at the dump level <B>/sunday2/monday</B> has AFS tape name
+<B>user.monday.1</B>. If the label records this type
+of AFS tape name, the Backup System retains the AFS tape name and writes the
+dump to the tape.
+<P><LI>The string <TT><NULL></TT>, which usually indicates that a backup
+operator has used the <B>backup labeltape</B> command to write a label on
+the tape, but did not include the <B>-name</B> argument to assign an AFS
+tape name. Presumably, the operator did include the <B>-pname</B>
+argument to assign a permanent name. If the label records a
+<TT><NULL></TT> value, the Backup System constructs and records on the
+label the appropriate AFS tape name, and writes the dump on the tape.
+<P><LI>No value at all, because the tape has never been labeled or used in the
+Backup System. As when the AFS tape name is <TT><NULL></TT>, the
+Backup System constructs and records on the label the appropriate AFS tape
+name, and writes the dump on the tape.
+</OL>
+<P>To determine how much data it can write to a tape, the Tape Coordinator
+reads the capacity recorded on the tape's label (placed there by
+including the <B>-size</B> argument to the <B>backup labeltape</B>
+command). If the label's capacity field is empty, the Tape
+Coordinator uses the capacity recorded for the specified port offset in the
+local <B>tapeconfig</B> file. If the capacity field in the
+<B>tapeconfig</B> file is also empty, the Tape Coordinator uses the
+maximum capacity of 2 TB.
+<P>During a dump operation, the Tape Coordinator tracks how much data it has
+written and stops shortly before it reaches what it believes is the
+tape's capacity. If it is in the middle of writing the data for a
+volume when it reaches that point, it writes a special marker that indicates
+an interrupted volume and continues writing the volume on the next
+tape. It can split a volume this way during both an initial and an
+appended dump, and the fact that the volume resides on multiple tapes is
+automatically recorded in the Backup Database.
+<P>If the tape is actually larger than the expected capacity, then the Tape
+Coordinator simply does not use the excess tape. If the tape is smaller
+than the expected capacity, the Tape Coordinator can reach the end-of-tape
+(EOT) unexpectedly while it is writing data. If the Tape Coordinator is
+in the middle of the writing data from a volume, it obtains a new tape and
+rewrites the entire contents of the interrupted volume to it. The data
+from the volume that was written to the previous tape remains there, but is
+never used.
+<P>The Backup System allows recycling of tapes (writing a new dump set over an
+old dump set that is no longer needed), but imposes the following
+conditions:
+<UL>
+<P><LI>All dumps in the old dump set must be expired. The Backup System
+always checks expiration dates, even when name checking is disabled.
+<P><LI>If the tape to be recycled does not have a permanent name and name
+checking is enabled, then the AFS tape name derived from the new initial
+dump's volume set name and dump level name must match the AFS tape name
+already recorded on the label.
+<P><LI>The tape cannot already have data on it that belongs to the dump currently
+being performed, because that implies that the operator or automated tape
+device has not removed the previous tape from the drive, or has mistakenly
+reinserted it. The Tape Coordinator generates the following message and
+attempts to obtain another tape:
+<PRE> Can't overwrite tape containing the dump in progress
+
+</PRE>
+<P><LI>The tape cannot contain data from a parent dump of the current
+(incremental) dump, because overwriting a parent dump makes it impossible to
+restore data from the current dump. The Tape Coordinator generates the
+following message and attempts to obtain another tape:
+<PRE> Can't overwrite the parent dump <VAR>parent_name</VAR> (<VAR>parent_dump_ID</VAR>)
+
+</PRE>
+</UL>
+<P>To recycle a tape before all dumps on it have expired or if the AFS tape
+name is wrong, use the <B>backup labeltape</B> command to overwrite the
+tape's label and remove all associated tape and dump records from the
+Backup Database.
+<P>The Tape Coordinator's default response to this command is to access
+the first tape by invoking the <B>MOUNT</B> instruction in the
+<B>CFG_</B><VAR>device_name</VAR> file, or by prompting the backup operator
+to insert the tape if there is no <B>MOUNT</B> instruction.
+However, if the <B>AUTOQUERY NO</B> instruction appears in the
+<B>CFG_</B><VAR>device_name</VAR> file, or if the issuer of the
+<B>butc</B> command included the <B>-noautoquery</B> flag, the Tape
+Coordinator instead expects the tape to be in the device already. If it
+is not, the Tape Coordinator invokes the <B>MOUNT</B> instruction or
+prompts the operator. It also invokes the <B>MOUNT</B> instruction
+or prompts for any additional tapes needed to complete the dump
+operation; the issuer must arrange to provide them.
+<P><STRONG>Cautions</STRONG>
+<P>If a dump operation is interrupted or fails for any reason, data from all
+volumes written to tape before the interrupt are valid can be used in a
+restore operation. The Backup Database includes an entry for the failed
+dump and for each volume that was successfully dumped. See the <I>IBM
+AFS Administration Guide</I> for information on dealing with interrupted
+dumps.
+<P>If dumping to tape rather than a backup data file, it is best to use only
+compatible tape devices (ones that can read the same type of tape).
+Using compatible devices greatly simplifies restore operations. The
+<B>-portoffset</B> argument to the <B>backup diskrestore</B> and
+<B>backup volsetrestore</B> commands accepts multiple port offset numbers,
+but the Backup System uses the first listed port offset when restoring all
+full dumps, the second port offset when restoring all level 1 dumps, and so
+on. At the very least, use compatible tape devices to perform dumps at
+each level. If compatible tape devices are not used, the <B>backup
+volrestore</B> command must be used to restore one volume at a time.
+<P>Valid (unexpired) administrative tokens must be available to the
+<B>backup</B> command interpreter both when it reads the file named by the
+<B>-file</B> argument and when it runs each operation listed in the
+file. Presumably, the issuer is scheduling dumps for times when no
+human operator is present, and so must arrange for valid tokens to be
+available on the local machine. One option is to issue all commands (or
+run all scripts) on file server machines and use the <B>-localauth</B>
+flag on the <B>backup</B> and <B>vos</B> commands. To protect
+against improper access to the machine or the tokens, the machine must be
+physically secure (perhaps even more protected than a Tape Coordinator machine
+monitored by a human operator during operation). Also, if an unattended
+dump requires multiple tapes, the operator must properly configure a tape
+stacker or jukebox and the device configuration file.
+<P>When the command is issued in regular (non-interactive) mode, the command
+shell prompt does not return until the dump operation completes. To
+avoid having to open additional connections, issue the command in interactive
+mode, especially when including the <B>-at</B> argument to schedule dump
+operations.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-volumeset
+</B><DD>Names the volume set to dump. The <B>-dump</B> argument must be
+provided along with this one; do not combine them with the
+<B>-file</B> argument. If using a temporary volume set, the
+<B>vos dump</B> command must be issued within the interactive session in
+which the <B>backup addvolset</B> command was issued with the
+<B>-temporary</B> flag.
+<P><DT><B>-dump
+</B><DD>Specifies the complete pathname of the dump level at which to dump the
+volume set. The <B>-volumeset</B> argument must be provided along
+with this one; do not combine them with the <B>-file</B>
+argument.
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the
+tapes for this operation. It must be provided unless the default value
+of 0 (zero) is appropriate; do not combine it with the <B>-file</B>
+argument.
+<P><DT><B><B>-at</B>
+</B><DD>Specifies the date and time in the future at which to run the command, or
+to read the file named by the <B>-file</B> argument. Provide a
+value in the format <VAR>mm/dd/yyyy</VAR> [<VAR>hh:MM</VAR>], where the
+month (<VAR>mm</VAR>), day (<VAR>dd</VAR>), and year (<VAR>yyyy</VAR>) are
+required. Valid values for the year range from <B>1970</B> to
+<B>2037</B>; higher values are not valid because the latest possible
+date in the standard UNIX representation is in February 2038. The
+Backup System automatically reduces any later date to the maximum
+value.
+<P>The hour and minutes (<VAR>hh:MM</VAR>) are optional, but if provided
+must be in 24-hour format (for example, the value <B>14:36</B>
+represents 2:36 p.m.). If omitted, the time
+defaults to midnight (00:00 hours).
+<P>As an example, the value <B>04/23/1999 20:20</B> schedules the
+command for 8:20 p.m. on 23 April 1999.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-append
+</B><DD>Appends the dump onto the end of a tape that already contains data from
+another dump. However, if the tape is not in fact part of an existing
+dump set, the Backup System creates a new dump set using the parameters of
+this dump. If the tape is not the last tape in the dump set, the Tape
+Coordinator prompts for insertion of the appropriate tape. Do not
+combine this argument with the <B>-file</B> argument.
+<P><DT><B>-n
+</B><DD>Displays the names of volumes to be included in the indicated dump,
+without actually performing the dump operation. Do not combine this
+argument with the <B>-file</B> argument.
+<P><DT><B>-file
+</B><DD>Specifies the local disk or AFS pathname of a file containing
+<B>backup</B> commands. The Backup System reads the file
+immediately, or at the time specified by the <B>-at</B> argument if it is
+provided. A partial pathname is interpreted relative to the current
+working directory.
+<P>Place each <B>backup dump</B> command on its own line in the indicated
+file, using the same syntax as for the command line, but without the word
+<B>backup</B> at the start of the line. Each command must include a
+value for the <B>-volumeset</B> and <B>-dump</B> arguments, and for
+the <B>-portoffset</B> argument unless the default value of 0 is
+appropriate. Commands in the file can also include any of the
+<B>backup dump</B> command's optional options. In the
+following example file, the first command runs as soon as the Backup System
+reads the file, whereas the other commands are themselves scheduled; the
+specified date and time must be later than the date and time at which the
+Backup System reads the file.
+<PRE> dump user /sunday1/wednesday -port 1
+ dump sun4x_56 /sunday1/friday -port 2 -at 04/08/1999
+ dump sun4x_55 /sunday1/friday -port 2 -at 04/08/1999 02:00 -append
+
+</PRE>
+<P>
+<P>Do not combine this argument with the <B>-volumeset</B>,
+<B>-dump</B>, <B>-portoffset</B>, <B>-append</B>, or <B>-n</B>
+options.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The command interpreter first generates a list of the volumes to be
+included in the dump by matching the entries in the volume set against the
+volumes listed in the Volume Location Database (VLDB). It prints the
+list following the header:
+<PRE> Preparing to dump the following volumes:
+
+</PRE>
+<P>The following message then indicates that the command interpreter has
+passed the dump request to the appropriate Tape Coordinator for
+processing:
+<PRE> Starting dump.
+
+</PRE>
+<P>If the issuer includes the <B>-n</B> flag, the output is of the
+following form:
+<PRE> Starting dump of volume set '<VAR>volume set</VAR>' (dump set '<VAR>dump level</VAR>')
+ Total number of volumes : <VAR>number dumped</VAR>
+ Would have dumped the following volumes:
+ <VAR>list_of_volumes</VAR>
+
+</PRE>
+<P>where <VAR>list_of_volumes</VAR> identifies each volume by name and volume ID
+number.
+<P>If the Tape Coordinator is unable to access a volume, it prints an error
+message in its window and records the error in its log and error files.
+<P><STRONG>Examples</STRONG>
+<P>The following command dumps the volumes in the volume set called
+<B>user</B> at the dump level <B>/full/sunday2/monday</B>. The
+issuer places the necessary tapes in the device with port offset 5.
+<PRE> % <B>backup dump -volumeset user -dump /full/sunday2/monday -portoffset 5</B>
+ Preparing to dump the following volumes:
+ user.jones.backup 387623900
+ user.pat.backup 486219245
+ user.smith.backup 597315841
+ . .
+ . .
+ Starting dump.
+
+</PRE>
+<P>The following command displays the list of volumes to be dumped when the
+user dumps the <B>sys_sun</B> volume set at the <B>/full</B> dump
+level.
+<PRE> % <B>backup dump -volumeset sys_sun -dump /full -n</B>
+ Starting dump of volume set 'sys_sun' (dump set '/full')
+ Total number of volumes: 24
+ Would have dumped the following volumes:
+ sun4x_56 124857238
+ sun4x_56.bin 124857241
+ . .
+ . .
+ sun4x_55 124857997
+ . .
+ . .
+
+</PRE>
+<P>The following command schedules a dump of the volumes in the volume set
+<B>user</B> at the dump level <B>/sunday2/monday1</B> for 11:00
+p.m. on 14 June 1999. The appropriate Tape Coordinator
+has port offset 0 (zero), so that argument is omitted.
+<PRE> % <B>backup dump -volumeset user -dump /sunday2/monday1 -at 06/14/1999 23:00</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server or Volume Location (VL) Server is
+running, and on every file server machine that houses an affected
+volume. If the <B>-localauth</B> flag is included, the issuer must
+instead be logged on to a server machine as the local superuser
+<B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf061.htm#HDRBK_ADDDUMP">backup adddump</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf079.htm#HDRBK_LABELTAPE">backup labeltape</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf072.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf074.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf073.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf075.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_DUMPINFO" HREF="auarf002.htm#ToC_88">backup dumpinfo</A></H2>
+<A NAME="IDX4316"></A>
+<A NAME="IDX4317"></A>
+<A NAME="IDX4318"></A>
+<A NAME="IDX4319"></A>
+<A NAME="IDX4320"></A>
+<A NAME="IDX4321"></A>
+<A NAME="IDX4322"></A>
+<A NAME="IDX4323"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays a dump record from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup dumpinfo</B> [<B>-ndumps</B> <<VAR>no. of dumps</VAR>>] [<B>-id</B> <<VAR>dump id</VAR>>]
+ [<B>-verbose</B>] [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B> ]
+
+<B>backup dumpi</B> [<B>-n</B> <<VAR>no. of dumps</VAR>>] [<B>-i</B> <<VAR>dump id</VAR>>]
+ [<B>-v</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup dumpinfo</B> command formats and displays the Backup
+Database record for the specified dumps. To specify how many of the
+most recent dumps to display, starting with the newest one and going back in
+time, use the <B>-ndumps</B> argument. To display more detailed
+information about a single dump, use the <B>-id</B> argument. To
+display the records for the 10 most recent dumps, omit both the
+<B>-ndumps</B> and <B>-id</B> arguments.
+<P>The <B>-verbose</B> flag produces very detailed information that is
+useful mostly for debugging purposes. It can be combined only with the
+<B>-id</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-ndumps
+</B><DD>Displays the Backup Database record for each of the specified number of
+dumps that were most recently performed. If the database contains fewer
+dumps than are requested, the output includes the records for all existing
+dumps. Do not combine this argument with the <B>-id</B> or
+<B>-verbose</B> options; omit all options to display the records for
+the last 10 dumps.
+<P><DT><B>-id
+</B><DD>Specifies the dump ID number of a single dump for which to display the
+Backup Database record. Precede the <VAR>dump id</VAR> value with the
+<B>-id</B> switch; otherwise, the command interpreter interprets it
+as the value of the <B>-ndumps</B> argument. Combine this argument
+with the <B>-verbose</B> flag, but not with the <B>-ndumps</B>
+argument; omit all options to display the records for the last 10
+dumps.
+<P><DT><B>-verbose
+</B><DD>Provides more detailed information about the dump specified with the
+<B>-id</B> argument, which must be provided along with it. Do not
+combine this flag with the <B>-ndumps</B> argument.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the <B>-ndumps</B> argument is provided, the output presents the
+following information in table form, with a separate line for each dump:
+<DL>
+<P><DT><B><TT>dumpid</TT>
+</B><DD>The dump ID number.
+<P><DT><B><TT>parentid</TT>
+</B><DD>The dump ID number of the dump's parent dump. A value of
+<TT>0</TT> (zero) identifies a full dump.
+<P><DT><B><TT>lv</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used to create the
+dump. A value of <TT>0</TT> (zero) identifies a full dump, in which
+case the value in the <TT>parentid</TT> field is also <TT>0</TT>. A
+value of <TT>1</TT> or greater indicates an incremental dump made at the
+corresponding level in the dump hierarchy.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the Backup System started the dump operation
+that created the dump.
+<P><DT><B><TT>nt</TT>
+</B><DD>The number of tapes that contain the data in the dump. A value of
+<TT>0</TT> (zero) indicates that the dump operation was terminated or
+failed. Use the <B>backup deletedump</B> command to remove such
+entries.
+<P><DT><B><TT>nvols</TT>
+</B><DD>The number of volumes from which the dump includes data. If a
+volume spans tapes, it is counted twice. A value of <TT>0</TT> (zero)
+indicates that the dump operation was terminated or failed; the value in
+the <TT>nt</TT> field is also <TT>0</TT> in this case.
+<P><DT><B><TT>dump name</TT>
+</B><DD>The dump name in the form
+<PRE> <VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR> (<VAR>initial_dump_ID</VAR>)
+
+</PRE>
+<P>
+<P>where <VAR>volume_set_name</VAR> is the name of the volume set, and
+<VAR>dump_level_name</VAR> is the last element in the dump level pathname at
+which the volume set was dumped.
+<P>The <VAR>initial_dump_ID</VAR>, if displayed, is the dump ID of the initial
+dump in the dump set to which this dump belongs. If there is no value
+in parentheses, the dump is the initial dump in a dump set that has no
+appended dumps.
+</DL>
+<P>If the <B>-id</B> argument is provided alone, the first line of output
+begins with the string <TT>Dump</TT> and reports information for the entire
+dump in the following fields:
+<DL>
+<P><DT><B><TT>id</TT>
+</B><DD>The dump ID number.
+<P><DT><B><TT>level</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used to create the
+dump. A value of <TT>0</TT> (zero) identifies a full dump. A
+value of <TT>1</TT> (one) or greater indicates an incremental dump made at
+the specified level in the dump hierarchy.
+<P><DT><B><TT>volumes</TT>
+</B><DD>The number of volumes for which the dump includes data.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the dump operation began.
+</DL>
+<P>If an XBSA server was the backup medium for the dump (rather than a tape
+device or backup data file), the following line appears next:
+<PRE> Backup Service: <VAR>XBSA_program</VAR>: Server: <VAR>hostname</VAR>
+</PRE>
+<P>where <VAR>XBSA_program</VAR> is the name of the XBSA-compliant program and
+<VAR>hostname</VAR> is the name of the machine on which the program runs.
+<P>Next the output includes an entry for each tape that houses volume data
+from the dump. Following the string <TT>Tape</TT>, the first two
+lines of each entry report information about that tape in the following
+fields:
+<DL>
+<P><DT><B><TT>name</TT>
+</B><DD>The tape's permanent name if it has one, or its AFS tape name
+otherwise, and its tape ID number in parentheses.
+<P><DT><B><TT>nVolumes</TT>
+</B><DD>The number of volumes for which this tape includes dump data.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the Tape Coordinator began writing data to this
+tape.
+</DL>
+<P>Following another blank line, the tape-specific information concludes with
+a table that includes a line for each volume dump on the tape. The
+information appears in columns with the following headings:
+<DL>
+<P><DT><B><TT>Pos</TT>
+</B><DD>The relative position of each volume in this tape or file. On a
+tape, the counter begins at position 2 (the tape label occupies position 1),
+and increments by one for each volume. For volumes in a backup data
+file, the position numbers start with 1 and do not usually increment only by
+one, because each is the ordinal of the 16 KB offset in the file at which the
+volume's data begins. The difference between the position numbers
+therefore indicates how many 16 KB blocks each volume's data
+occupies. For example, if the second volume is at position 5 and the
+third volume in the list is at position 9, that means that the dump of the
+second volume occupies 64 KB (four 16-KB blocks) of space in the file.
+<P><DT><B><TT>Clone time</TT>
+</B><DD>For a backup or read-only volume, the time at which it was cloned from its
+read/write source. For a Read/Write volume, it is the same as the dump
+creation date reported on the first line of the output.
+<P><DT><B><TT>Nbytes</TT>
+</B><DD>The number of bytes of data in the dump of the volume.
+<P><DT><B><TT>Volume</TT>
+</B><DD>The volume name, complete with <TT>.backup</TT> or
+<TT>.readonly</TT> extension if appropriate.
+</DL>
+<P>If both the <B>-id</B> and <B>-verbose</B> options are provided,
+the output is divided into several sections:
+<UL>
+<P><LI>The first section, headed by the underlined string <TT>Dump</TT>,
+includes information about the entire dump. The fields labeled
+<TT>id</TT>, <TT>level</TT>, <TT>created</TT>, and <TT>nVolumes</TT>
+report the same values (though in a different order) as appear on the first
+line of output when the <B>-id</B> argument is provided by itself.
+Other fields of potential interest to the backup operator are:
+<DL>
+<P><DT><B><TT>Group id</TT>
+</B><DD>The dump's <I>group ID number</I>, which is recorded in the
+dump's Backup Database record if the <B>GROUPID</B> instruction
+appears in the Tape Coordinator's <B>
+/usr/afs/backup/CFG_</B><VAR>tcid</VAR> file when the dump is created.
+<P><DT><B><TT>maxTapes</TT>
+</B><DD>The number of tapes that contain the dump set to which this dump
+belongs.
+<P><DT><B><TT>Start Tape Seq</TT>
+</B><DD>The ordinal of the tape on which this dump begins in the set of tapes that
+contain the dump set.
+</DL>
+<P><LI>For each tape that contains data from this dump, there follows a section
+headed by the underlined string <TT>Tape</TT>. The fields labeled
+<TT>name</TT>, <TT>written</TT>, and <TT>nVolumes</TT> report the same
+values (though in a different order) as appear on the second and third lines
+of output when the <B>-id</B> argument is provided by itself. Other
+fields of potential interest to the backup operator are:
+<DL>
+<P><DT><B><TT>expires</TT>
+</B><DD>The date and time when this tape can be recycled, because all dumps it
+contains have expired.
+<P><DT><B><TT>nMBytes Data</TT> and <TT>nBytes Data</TT>
+</B><DD>Summed together, these fields represent the total amount of dumped data
+actually from volumes (as opposed to labels, filemarks, and other
+markers).
+<P><DT><B><TT>KBytes Tape Used</TT>
+</B><DD>The number of kilobytes of tape (or disk space, for a backup data file)
+used to store the dump data. It is generally larger than the sum of the
+values in the <TT>nMBytes Data</TT> and <TT>nBytes Data</TT> fields,
+because it includes the space required for the label, file marks and other
+markers, and because the Backup System writes data at 16 KB offsets, even if
+the data in a given block doesn't fill the entire 16 KB.
+</DL>
+<P><LI>For each volume on a given tape, there follows a section headed by the
+underlined string <TT>Volume</TT>. The fields labeled
+<TT>name</TT>, <TT>position</TT>, <TT>clone</TT>, and <TT>nBytes</TT>
+report the same values (though in a different order) as appear in the table
+that lists the volumes in each tape when the <B>-id</B> argument is
+provided by itself. Other fields of potential interest to the backup
+operator are:
+<DL>
+<P><DT><B><TT>id</TT>
+</B><DD>The volume ID.
+<P><DT><B><TT>tape</TT>
+</B><DD>The name of the tape containing this volume data.
+</DL>
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays information about the last five dumps:
+<PRE> % <B>backup dumpinfo -ndumps 5</B>
+ dumpid parentid lv created nt nvols dump name
+ 924424000 0 0 04/18/1999 04:26 1 22 usr.sun (924424000)
+ 924685000 924424000 1 04/21/1999 04:56 1 62 usr.wed (924424000)
+ 924773000 924424000 1 04/22/1999 05:23 1 46 usr.thu (924424000)
+ 924860000 924424000 1 04/23/1999 05:33 1 58 usr.fri (924424000)
+ 925033000 0 0 04/25/1999 05:36 2 73 sys.week
+
+</PRE>
+<P>The following example displays a more detailed record for a single
+dump.
+<PRE> % <B>backup dumpinfo -id 922097346</B>
+ Dump: id 922097346, level 0, volumes 1, created Mon Mar 22 05:09:06 1999
+ Tape: name monday.user.backup (922097346)
+ nVolumes 1, created 03/22/1999 05:09
+ Pos Clone time Nbytes Volume
+ 1 03/22/1999 04:43 27787914 user.pat.backup
+
+</PRE>
+<P>The following example displays even more detailed information about the
+dump displayed in the previous example (dump ID 922097346). This
+example includes only one exemplar of each type of section (<TT>Dump</TT>,
+<TT>Tape</TT>, and <TT>Volume</TT>):
+<PRE> % <B>backup dumpinfo -id 922097346 -verbose</B>
+ Dump
+ ----
+ id = 922097346
+ Initial id = 0
+ Appended id = 922099568
+ parent = 0
+ level = 0
+ flags = 0x0
+ volumeSet = user
+ dump path = /monday1
+ name = user.monday1
+ created = Mon Mar 22 05:09:06 1999
+ nVolumes = 1
+ id = 0
+ tapeServer =
+ format= user.monday1.%d
+ maxTapes = 1
+ Start Tape Seq = 1
+ name = pat
+ instance =
+ cell =
+ Tape
+ ----
+ tape name = monday.user.backup
+ AFS tape name = user.monday1.1
+ flags = 0x20
+ written = Mon Mar 22 05:09:06 1999
+ expires = NEVER
+ kBytes Tape Used = 121
+ nMBytes Data = 0
+ nBytes Data = 19092
+ nFiles = 0
+ nVolumes = 1
+ seq = 1
+ tapeid = 0
+ useCount = 1
+ dump = 922097346
+ Volume
+ ------
+ name = user.pat.backup
+ flags = 0x18
+ id = 536871640
+ server =
+ partition = 0
+ nFrags = 1
+ position = 2
+ clone = Mon Mar 22 04:43:06 1999
+ startByte = 0
+ nBytes = 19092
+ seq = 0
+ dump = 922097346
+ tape = user.monday1.1
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf068.htm#HDRBK_DELETEDUMP">backup deletedump</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf073.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf075.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf074.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf076.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_HELP" HREF="auarf002.htm#ToC_89">backup help</A></H2>
+<A NAME="IDX4324"></A>
+<A NAME="IDX4325"></A>
+<A NAME="IDX4326"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>backup</B> commands or lists
+functional descriptions of all <B>backup</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>backup h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [-<B>h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup help</B> command displays the complete online help entry
+(short description and syntax statement) for each operation code specified by
+the <B>-topic</B> argument. If the <B>-topic</B> argument is
+omitted, the output includes the first line (name and short description) of
+the online help entry for every <B>backup</B> command.
+<P>To list every <B>backup</B> command whose name or short description
+includes a specified keyword, use the <B>backup apropos</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>backup</B> part of the command name, providing
+only the operation code (for example, specify <B>dump</B>, not <B>backup
+dump</B>). If this argument is omitted, the output briefly describes
+every <B>backup</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>backup</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the online help entry for the <B>backup
+dump</B> command:
+<PRE> % <B>backup help dump</B>
+ backup dump: start dump
+ Usage: backup dump -volumeset <volume set name> -dump <dump level name>
+ [-portoffset <TC port offset>] [-at <Date/time to start dump>+]
+ [-append] [-n] [-file <load file>] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf065.htm#HDRBK_APROPOS">backup apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf074.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf076.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf075.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf077.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_INTERACTIVE" HREF="auarf002.htm#ToC_90">backup interactive</A></H2>
+<A NAME="IDX4327"></A>
+<A NAME="IDX4328"></A>
+<A NAME="IDX4329"></A>
+<A NAME="IDX4330"></A>
+<A NAME="IDX4331"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Enters interactive mode
+<P><STRONG>Synopsis</STRONG>
+<P>
+<PRE><B>backup</B> [<B>interactive</B>] [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup</B> [<B>i</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup interactive</B> initiates an interactive session for
+issuing <B>backup</B> commands. As indicated in the syntax
+statement, the operation code (<B>interactive</B>) is optional.
+<P>Several features of interactive mode distinguish it from regular
+mode:
+<UL>
+<P><LI>In interactive mode, the <TT>backup></TT> prompt replaces the system
+(shell) prompt. The operator enters only a command's operation
+code (omitting the command suite name, <B>backup</B>).
+<P><LI>If the <B>-localauth</B> flag or the <B>-cell</B> argument is
+included on the <B>backup (interactive)</B> command, the settings apply to
+all commands issued during that interactive session. The issuer does
+not need to type them on every command. Another consequence is that the
+flag and argument do not appear in the syntax statement generated by the
+<B>help</B> subcommand or <B>-help</B> flag on an individual command
+issued at the <TT>backup></TT> prompt.
+<P><LI>The <B>(backup) jobs</B> and <B>(backup) kill</B> commands are
+available only in interactive mode. It is not possible to track and
+terminate backup operations as cleanly in non-interactive mode.
+<P><LI>It is not necessary to enclose strings that include metacharacters in
+double quotes or other delimiters.
+<P><LI>The <B>backup</B> command interpreter establishes a connection to the
+Backup Server, Volume Server and Volume Location (VL) Server processes as it
+enters interactive mode, and uses the same connection for all commands during
+the session. Execution time can therefore be faster than in
+non-interactive mode, in which the command interpreter must establish a new
+connection for each command.
+</UL>
+<P>To exit an interactive session, issue the <B>(backup) quit</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows how the <B>-localauth</B> flag and
+<B>-cell</B> argument do not appear when the <B>help dump</B>
+subcommand is issued in interactive mode.
+<PRE> % <B>backup</B>
+ backup> <B>help dump</B>
+ dump: start dump
+ Usage: dump [-volumeset <volume set name>] [-dump <dump level name>]
+ [-portoffset <TC port offset>] [-at <Date/time to start dump>+]
+ [-append ] [-n ] [-file <load file>] [-help ]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None. However, <B>backup</B> commands that require privilege in
+regular mode still require it in interactive mode.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf077.htm#HDRBK_JOBS">backup jobs</A>
+<P><A HREF="auarf078.htm#HDRBK_KILL">backup kill</A>
+<P><A HREF="auarf083.htm#HDRBK_QUIT">backup quit</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf075.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf077.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf076.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf078.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_JOBS" HREF="auarf002.htm#ToC_91">backup jobs</A></H2>
+<A NAME="IDX4332"></A>
+<A NAME="IDX4333"></A>
+<A NAME="IDX4334"></A>
+<A NAME="IDX4335"></A>
+<A NAME="IDX4336"></A>
+<A NAME="IDX4337"></A>
+<A NAME="IDX4338"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Lists pending and running operations in interactive mode
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>jobs</B> [<B>-help</B>]
+
+<B>j</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>(backup) jobs</B> command lists the job ID number and status of
+each <B>backup</B> operation running or pending in the current interactive
+session.
+<P>This command can be issued in interactive mode only. If the issuer
+of the <B>backup (interactive)</B> command included the
+<B>-localauth</B> flag, the <B>-cell</B> argument, or both, those
+settings apply to this command also.
+<P>To terminate operations that appear in the output, issue the <B>(backup)
+kill</B> command and identify the operation to cancel with the job ID number
+from this command's output.
+<P>To check the status of a Tape Coordinator, rather than of a certain
+operation, use the <B>backup status</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output always includes the expiration date and time of the tokens that
+the <B>backup</B> command interpreter is using during the current
+interactive session, in the following format:
+<PRE> <VAR>date</VAR> <VAR>time</VAR>: TOKEN EXPIRATION
+</PRE>
+<P>If the execution date and time specified for a scheduled dump operation is
+later than <I>date time</I>, then its individual line (as described in the
+following paragraphs) appears below this line to indicate that the current
+tokens will not be available to it.
+<P>If the issuer of the <B>backup</B> command included the
+<B>-localauth</B> flag when entering interactive mode, the line instead
+reads as follows:
+<PRE> : TOKEN NEVER EXPIRES
+</PRE>
+<P>The entry for a scheduled dump operation has the following format:
+<PRE> Job <VAR>job_ID</VAR>: <VAR>timestamp</VAR>: dump <VAR>volume_set</VAR> <VAR>dump_level</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>job_ID</VAR>
+</B><DD>Is a job identification number assigned by the Backup System.
+<P><DT><B><VAR>timestamp</VAR>
+</B><DD>Indicates the date and time the dump operation is to begin, in the format
+<I>month</I>/<I>date</I>/<I>year</I>
+<I>hours</I>:<I>minutes</I> (in 24-hour format)
+<P><DT><B><VAR>volume_set</VAR>
+</B><DD>Indicates the volume set to dump.
+<P><DT><B><VAR>dump_level</VAR>
+</B><DD>Indicates the dump level at which to perform the dump operation.
+</DL>
+<P>The line for a pending or running operation of any other type has the
+following format:
+<PRE> Job <VAR>job_ID</VAR>: <VAR>operation</VAR> <VAR>status</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>job_ID</VAR>
+</B><DD>Is a job identification number assigned by the Backup System.
+<P><DT><B><VAR>operation</VAR>
+</B><DD>Identifies the operation the Tape Coordinator is performing, which is
+initiated by the indicated command:
+<DL>
+<P><DT><B><TT>Dump</TT> <TT>(</TT><VAR>dump name</VAR><TT>)</TT>
+</B><DD>Initiated by the <B>backup dump</B> command. The <VAR>dump
+name</VAR> has the following format:
+<P><VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR>
+<P><DT><B><TT>Restore</TT>
+</B><DD>Initiated by the <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> command.
+<P><DT><B><TT>Labeltape</TT> <TT>(</TT><VAR>tape_label</VAR><TT>)</TT>
+</B><DD>Initiated by the <B>backup labeltape</B> command. The
+<VAR>tape_label</VAR> is the name specified by the <B>backup labeltape</B>
+command's <B>-name</B> or <B>-pname</B> argument.
+<P><DT><B><TT>Scantape</TT>
+</B><DD>Initiated by the <B>backup scantape</B> command.
+<P><DT><B><TT>SaveDb</TT>
+</B><DD>Initiated by the <B>backup savedb</B> command.
+<P><DT><B><TT>RestoreDb</TT>
+</B><DD>Initiated by the <B>backup restoredb</B> command.
+</DL>
+<P><DT><B><VAR>status</VAR>
+</B><DD>Indicates the job's current status in one of the following
+messages. If no message appears, the job is either still pending or has
+finished.
+<DL>
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, volume</TT> <VAR>volume_name</VAR>
+</B><DD>For a running dump operation, indicates the number of kilobytes copied to
+tape or a backup data file so far, and the volume currently being
+dumped.
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, restore.volume</TT>
+</B><DD>For a running restore operation, indicates the number of kilobytes copied
+into AFS from a tape or a backup data file so far.
+<P><DT><B><TT>[abort requested]</TT>
+</B><DD>The <B>(backup) kill</B> command was issued, but the termination
+signal has yet to reach the Tape Coordinator.
+<P><DT><B><TT>[abort sent]</TT>
+</B><DD>The operation is canceled by the <B>(backup) kill</B> command.
+Once the Backup System removes an operation from the queue or stops it from
+running, it no longer appears at all in the output from the command.
+<P><DT><B><TT>[butc contact lost]</TT>
+</B><DD>The <B>backup</B> command interpreter cannot reach the Tape
+Coordinator. The message can mean either that the Tape Coordinator
+handling the operation was terminated or failed while the operation was
+running, or that the connection to the Tape Coordinator timed out.
+<P><DT><B><TT>[done]</TT>
+</B><DD>The Tape Coordinator has finished the operation.
+<P><DT><B><TT>[drive wait]</TT>
+</B><DD>The operation is waiting for the specified tape drive to become
+free.
+<P><DT><B><TT>[operator wait]</TT>
+</B><DD>The Tape Coordinator is waiting for the backup operator to insert a tape
+in the drive.
+</DL>
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows that two restore operations and one dump
+operation are running (presumably on different Tape Coordinators) and that the
+<B>backup</B> command interpreter's tokens expire on 22 April 1999 at
+10:45 am:
+<PRE> backup> <B>jobs</B>
+ Job 1: Restore, 1306 Kbytes, restore.volume
+ Job 2: Dump (user.sunday1), 34 Kbytes, volume user.pat.backup
+ Job 3: Restore, 2498 Kbytes, restore.volume
+ 04/22/1999 10:45: TOKEN EXPIRATION
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None. However, queuing any operation requires privilege, and it is
+possible to issue this command only within the interactive session in which
+the jobs are queued.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf076.htm#HDRBK_INTERACTIVE">backup interactive</A>
+<P><A HREF="auarf078.htm#HDRBK_KILL">backup kill</A>
+<P><A HREF="auarf083.htm#HDRBK_QUIT">backup quit</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf076.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf078.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf077.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf079.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_KILL" HREF="auarf002.htm#ToC_92">backup kill</A></H2>
+<A NAME="IDX4339"></A>
+<A NAME="IDX4340"></A>
+<A NAME="IDX4341"></A>
+<A NAME="IDX4342"></A>
+<A NAME="IDX4343"></A>
+<A NAME="IDX4344"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Terminates a pending or running operation
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kill -id</B> <<VAR>job ID or dump set name</VAR>> [<B>-help</B>]
+
+<B>k -i</B> <<VAR>job ID or dump set name</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>(backup) kill</B> command dequeues a Backup System operation
+that is pending, or terminates an operation that is running, in the current
+interactive session. It is available only in interactive mode.
+If the issuer of the <B>backup (interactive)</B> command included the
+<B>-localauth</B> flag, the <B>-cell</B> argument, or both, then those
+settings apply to this command also.
+<P>To terminate a dump operation, specify either the dump name
+(<VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR>) or its job ID
+number, which appears in the output from the <B>(backup) jobs</B>
+command. To terminate any other type of operation, provide the job ID
+number.
+<P>The effect of terminating an operation depends on the type and current
+state of the operation:
+<UL>
+<P><LI>If an operation is still pending, the Tape Coordinator removes it from the
+queue with no other lasting effects.
+<P><LI>If the Tape Coordinator is unable to process the termination signal before
+an operation completes, it simply confirms the operation's
+completion. The operator must take the action necessary to undo the
+effects of the incorrect operation.
+<P><LI>If a tape labeling operation is running, the effect depends on when the
+Tape Coordinator receives the termination signal. The labeling
+operation is atomic, so it either completes or does not begin at all.
+Use the <B>backup readlabel</B> command to determine if the labeling
+operation completed, and reissue the <B>backup labeltape</B> command to
+overwrite the incorrect label if necessary.
+<P><LI>If a tape scanning operation is running, it terminates with no other
+effects unless the <B>-dbadd</B> flag was included on the
+<B>backup</B> command. In that case, the Backup System possibly has
+already written new Backup Database records to represent dumps on the scanned
+tape. If planning to restart the scanning operation, first locate and
+remove the records created during the terminated operation: a repeated
+<B>backup scantape</B> operation exits automatically when it finds that a
+record that it needs to create already exists.
+<P><LI>If a dump operation is running, all of the volumes written to the tape or
+backup data file before the termination signal is received are complete and
+usable. If the operation is restarted, the Backup System performs all
+the dumps again from scratch, and assigns a new dump ID number. If
+writing the new dumps to the same tape or file, the operator must relabel it
+first if the interrupted dump is not expired. If writing the new dump
+to a different tape or file, the operator can remove the dump record
+associated with the interrupted dump to free up space in the database.
+<P><LI>If a restore operation is running, completely restored volumes are online
+and usable. However, it is unlikely that many volumes are completely
+restored, given that complete restoration usually requires data from multiple
+tapes. If the termination signal comes before the Backup System has
+accessed all of the necessary tapes, each volume is only partially written and
+is never brought online. It is best to restart the restore operation
+from scratch to avoid possible inconsistencies. See also the
+<B>Cautions</B> section.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>It is best not to issue the <B>(backup) kill</B> command against
+restore operations. If the termination signal interrupts a restore
+operation as the Backup System is overwriting an existing volume, it is
+possible to lose the volume entirely (that is, to lose both the contents of
+the volume as it was before the restore and any data that was restored before
+the termination signal arrived). The data being restored still exists
+on the tape, but some data can be lost permanently.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Identifies the backup operation to terminate. Provide one of two
+types of values:
+<UL>
+<P><LI>The operation's job ID number, as displayed in the output of the
+<B>(backup) jobs</B> command.
+<P><LI>For a dump operation, either the job ID number or a dump name of the form
+<VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR>, where
+<VAR>volume_set_name</VAR> is the name of the volume set being dumped and
+<VAR>dump_level_name</VAR> is the last element in the dump level pathname at
+which the volume set is being dumped. The dump name appears in the
+output of the <B>(backup) jobs</B> command along with the job ID
+number.
+</UL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command terminates the operation with job ID 5:
+<PRE> backup> <B>kill 5</B>
+
+</PRE>
+<P>The following command terminates the dump operation called
+<B>user.sunday1</B>:
+<PRE> backup> <B>kill user.sunday1</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the privilege required to initiate the operation being
+cancelled. Because this command can be issued only within the
+interactive session during which the operation was initiated, the required
+privilege is essentially guaranteed.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf076.htm#HDRBK_INTERACTIVE">backup interactive</A>
+<P><A HREF="auarf077.htm#HDRBK_JOBS">backup jobs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf077.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf079.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf078.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf080.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_LABELTAPE" HREF="auarf002.htm#ToC_93">backup labeltape</A></H2>
+<A NAME="IDX4345"></A>
+<A NAME="IDX4346"></A>
+<A NAME="IDX4347"></A>
+<A NAME="IDX4348"></A>
+<A NAME="IDX4349"></A>
+<A NAME="IDX4350"></A>
+<A NAME="IDX4351"></A>
+<A NAME="IDX4352"></A>
+<A NAME="IDX4353"></A>
+<A NAME="IDX4354"></A>
+<A NAME="IDX4355"></A>
+<A NAME="IDX4356"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates the magnetic label on a tape
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup labeltape</B> [<B>-name</B> <<VAR>AFS tape name, defaults to NULL</VAR>>]
+ [<B>-size</B> <<VAR>tape size in Kbytes, defaults to size in tapeconfig</VAR>>]
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-pname</B> <<VAR>permanent tape name</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup la</B> [<B>-n</B> <<VAR>AFS tape name, defaults to NULL</VAR>>]
+ [<B>-s</B> <<VAR>tape size in Kbytes, defaults to size in tapeconfig</VAR>>]
+ [<B>-po</B> <<VAR>TC port offset</VAR>>] [<B>-pn</B> <<VAR>permanent tape name</VAR>>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup labeltape</B> command creates a magnetic label, readable
+by the Backup System, at the beginning of a tape. The label records the
+tape's name (either a <I>permanent name</I>, or an <I>AFS tape
+name</I> that reflects the tape's contents in a prescribed format) and
+its capacity.
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file on the Tape
+Coordinator machine associated with the specified port offset, then the
+<B>backup</B> command writes label information to the first 16 KB block in
+the backup data file listed for that port offset in the Tape
+Coordinator's <B>/usr/afs/backup/tapeconfig</B> file, rather than at
+the beginning of a tape. For the sake of clarity, the following text
+refers to tapes only, but the Backup System handles backup data files in much
+the same way.)
+<P>Relabeling a tape that already contains AFS backup data effectively makes
+the data unusable, because the command removes the Backup Database record of
+the complete dump set of which the tape is a part. Use this command to
+enable recycling of a tape that contains unexpired dumps that are not actually
+still needed.
+<P>To write a permanent name on the label, include the <B>-pname</B>
+argument to specify a string of up to 32 characters. The permanent name
+persists until the <B>-pname</B> argument is again included on the
+<B>backup labeltape</B> command, regardless of the tape's contents
+and of how often the tape is otherwise relabeled or recycled. Include
+this argument or the <B>-name</B> argument, but not both. If this
+argument is included, the AFS tape name is set to <TT><NULL></TT>.
+The permanent name is set to <TT><NULL></TT> if this argument is omitted
+and no permanent name already exists.
+<P>The issuer must ensure that a permanent name is unique among the tapes used
+for AFS backup in the cell, because the <B>backup</B> command interpreter
+does not verify that another tape does not already have the same permanent
+name. When a tape has a permanent name, the Backup System uses it
+instead of the AFS tape name in most prompts and when referring to the tape in
+output from <B>backup</B> commands. The permanent name appears in
+the <TT>tape</TT> <TT>name</TT> field of the output from the <B>backup
+readlabel</B> command.
+<P>To write an AFS tape name on the label, provide a value for the
+<B>-name</B> argument in the required format described in the
+<B>Options</B> section. Include the <B>-name</B> argument or
+the <B>-pname</B> argument, but not both. If this argument is
+omitted, the AFS tape name is set to <TT><NULL></TT>, but the Backup
+System automatically assigns the appropriate name when the tape is used in a
+future <B>backup dump</B> or <B>backup savedb</B> operation.
+The AFS tape name appears in the <TT>AFS</TT> <TT>tape</TT>
+<TT>name</TT> field of the output from the <B>backup readlabel</B> and
+<B>backup scantape</B> commands.
+<P>The <B>backup</B> command interpreter does not accept the
+<B>-name</B> argument if the tape already has a permanent name. To
+erase a tape's permanent name, provide a null value to the
+<B>-pname</B> argument by issuing the following command:
+<PRE> % <B>backup labeltape -pname ""</B>
+
+</PRE>
+<P>To record the tape's capacity on the label, specify a number of
+kilobytes as the <B>-size</B> argument. If the argument is omitted
+the first time a tape is labeled, the Backup System records the default tape
+capacity recorded for the specified port offset in the
+<B>/usr/afs/backup/tapeconfig</B> file on the Tape Coordinator
+machine. Subsequently, the value in the size field persists until the
+<B>-size</B> argument is again included on the <B>backup labeltape</B>
+command.
+<P>To determine how much data can be written to a tape during a <B>backup
+dump</B> or <B>backup savedb</B> operation, the Tape Coordinator reads
+the capacity recorded on the tape's label (or uses the value associated
+with its port offset in the <B>/usr/afs/backup/tapeconfig</B> file, if the
+tape was never labeled). For further description, see the <B>backup
+dump</B> reference page.
+<P>The Tape Coordinator's default response to this command is to access
+the tape by invoking the <B>MOUNT</B> instruction in the local
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by prompting the
+backup operator to insert the tape if there is no <B>MOUNT</B>
+instruction. However, if the <B>AUTOQUERY NO</B> instruction
+appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the issuer of
+the <B>butc</B> command included the <B>-noautoquery</B> flag, the
+Tape Coordinator instead expects the tape to be in the device already.
+If it is not, the Tape Coordinator invokes the <B>MOUNT</B> instruction or
+prompts the operator.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies the AFS tape name to record on the label. Include this
+argument or the <B>-pname</B> argument, but not both. If this
+argument is omitted, the AFS tape name is set to <TT><NULL></TT>.
+If this argument is provided, it must have the following format:
+<PRE> <VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR>.<VAR>tape_index</VAR>
+
+</PRE>
+<P>for the tape to be acceptable for use in a future <B>backup dump</B>
+operation. The <VAR>volume_set_name</VAR> must match the volume set name
+of the initial dump to be written to the tape, <VAR>dump_level_name</VAR> must
+match the last element of the dump level pathname at which the volume set will
+be dumped, and <VAR>tape_index</VAR> indicates the order of the tape in the dump
+set (indexing begins with <B>1</B>). To disable this type of name
+checking, include the <B>NAME_CHECK NO</B> instruction in the
+<B>CFG_</B><VAR>device_name</VAR> file.
+<P>For the tape to be acceptable for use in a future <B>backup savedb</B>
+operation, the value specified for the <B>-name</B> argument must have the
+following format:
+<PRE> <B>Ubik_db_dump.</B><VAR>tape_index</VAR>
+
+</PRE>
+<P>where <VAR>tape_index</VAR> indicates the order of the tape in the set of
+tapes that house the Backup Database dump; indexing begins with 1
+(one).
+<P><DT><B>-size
+</B><DD>Specifies the tape capacity to record on the label. Provide an
+integer value followed by a letter that indicates units, with no intervening
+space. A unit value of <B>k</B> or <B>K</B> indicates
+kilobytes, <B>m</B> or <B>M</B> indicates megabytes, and <B>g</B>
+or <B>G</B> indicates gigabytes. If the units letter is omitted,
+the default is kilobytes.
+<P>If this argument is omitted the first time a tape is labeled, the Backup
+System records the capacity that is associated with the specified port offset
+in the <B>/usr/afs/backup/tapeconfig</B> file on the Tape Coordinator
+machine. The value recorded the first time then persists until the
+<B>-size</B> argument is provided on a future issuance of the
+command.
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the tape
+for this operation.
+<P><DT><B>-pname
+</B><DD>Specifies the permanent name to record on the label. It can be up
+to 32 characters in length, and include any alphanumeric characters.
+Avoid metacharacters that have a special meaning to the shell, to avoid having
+to mark them as literal in commands issued at the shell prompt.
+<P>Include this argument or the <B>-name</B> argument, but not
+both. If this argument is provided, the AFS tape name is set to
+<TT><NULL></TT>. If this argument is omitted, any existing
+permanent name is retained.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command records the AFS tape name
+<B>user.monthly.1</B> on the label of the tape in the device
+with port offset 3:
+<PRE> % <B>backup labeltape -name user.monthly.1 -portoffset 3</B>
+
+</PRE>
+<P>The following three commands are equivalent in effect: they all
+record a capacity of 2 GB on the label of the tape in the device with port
+offset 4. They set the AFS tape name to <TT><NULL></TT> and leave
+the permanent name unchanged.
+<PRE> % <B>backup labeltape -size 2g -portoffset 4</B>
+ % <B>backup labeltape -size 2048M -portoffset 4</B>
+ % <B>backup labeltape -size 2097152 -portoffset 4</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf018.htm#HDRCFG">CFG_<I>device_name</I></A>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf084.htm#HDRBK_READLABEL">backup readlabel</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf078.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf080.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf079.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf081.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_LISTDUMPS" HREF="auarf002.htm#ToC_94">backup listdumps</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4357"></A>
+<A NAME="IDX4358"></A>
+<A NAME="IDX4359"></A>
+<A NAME="IDX4360"></A>
+<A NAME="IDX4361"></A>
+<A NAME="IDX4362"></A>
+<A NAME="IDX4363"></A>
+<A NAME="IDX4364"></A>
+<P>Displays the dump hierarchy from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup listdumps</B> [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup listd</B> [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup listdumps</B> command displays the dump hierarchy from
+the Backup Database.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output displays the complete dump hierarchy and indicates the
+relationship between full and incremental dump levels. Full dump levels
+appear at the left margin. The hierarchy can include more than one full
+dump level; each one defines a subhierarchy of dump levels that can be
+used for dumping different volume sets.
+<P>Incremental dump levels appear below and indented to the right of their
+parent dump levels, which can be either full or incremental. Since
+multiple incremental dump levels can share the same parent, an incremental
+dump level is not always directly below its parent; the amount of
+indentation indicates the parent/child relationship.
+<P>If a dump level has an associated expiration date, it appears along with
+the level name. Absolute expiration dates appear in the format
+<PRE> <VAR>dump_level</VAR> expires at <VAR>day month date time year</VAR>
+
+</PRE>
+<P>and relative expiration dates in the format
+<PRE> <VAR>dump_level</VAR> expires in {<VAR>years</VAR>y | <VAR>months</VAR>m | <VAR>days</VAR>d}
+
+</PRE>
+<P>to indicate the number of years, months, days, or combination of the three
+after creation a dump expires when created at this level.
+<P><STRONG>Examples</STRONG>
+<P>The following example depicts six dump hierarchies. The expiration
+date for all incremental dump levels is 13 days so that the corresponding
+tapes can be recycled two weeks after their creation. The expiration
+dates for all full dump levels is 27 days so that the corresponding tapes can
+be recycled four weeks after their creation.
+<PRE> % <B>backup listdumps</B>
+ /week1 expires in 27d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /sunday expires in 13d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /week3 expires in 27d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /sunday expires in 13d
+ /tuesday expires in 13d
+ /thursday expires in 13d
+ /sunday1 expires in 27d
+ /monday1 expires in 13d
+ /tuesday1 expires in 13d
+ /wednesday1 expires in 13d
+ /thursday1 expires in 13d
+ /friday1 expires in 13d
+ /sunday2 expires in 27d
+ /monday2 expires in 13d
+ /tuesday2 expires in 13d
+ /wednesday2 expires in 13d
+ /thursday2 expires in 13d
+ /friday2 expires in 13d
+ /sunday3 expires in 27d
+ /monday1 expires in 13d
+ /tuesday1 expires in 13d
+ /wednesday1 expires in 13d
+ /thursday1 expires in 13d
+ /friday1 expires in 13d
+ /sunday4 expires in 27d
+ /monday2 expires in 13d
+ /tuesday2 expires in 13d
+ /wednesday2 expires in 13d
+ /thursday2 expires in 13d
+ /friday2 expires in 13d
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf061.htm#HDRBK_ADDDUMP">backup adddump</A>
+<P><A HREF="auarf067.htm#HDRBK_DELDUMP">backup deldump</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf079.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf081.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf080.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf082.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_LISTHOSTS" HREF="auarf002.htm#ToC_95">backup listhosts</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX4365"></A>
+<A NAME="IDX4366"></A>
+<A NAME="IDX4367"></A>
+<A NAME="IDX4368"></A>
+<A NAME="IDX4369"></A>
+<A NAME="IDX4370"></A>
+<A NAME="IDX4371"></A>
+<A NAME="IDX4372"></A>
+<A NAME="IDX4373"></A>
+<P>Lists Tape Coordinator machines registered in the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup listhosts</B> [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup listh</B> [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup listhosts</B> command displays the Backup Database record
+of the port offset numbers defined for Tape Coordinator machines. A
+Tape Coordinator must have an entry in the list to be available for backup
+operations.
+<P>The existence of an entry does not necessarily indicate that the Tape
+Coordinator process (<B>butc</B>) is currently running at that port
+offset. To check, issue the <B>backup status</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>After a <TT>Tape</TT> <TT>hosts:</TT> header, the output reports
+two things about each Tape Coordinator currently defined in the Backup
+Database:
+<UL>
+<P><LI>The hostname of the machine housing the Tape Coordinator. The
+format of this name depends on the hostname format used when the <B>backup
+addhost</B> command was issued.
+<P><LI>The Tape Coordinator's port offset number.
+</UL>
+<P>The Tape Coordinators appear in the order in which they were added to the
+Backup Database.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the result of the command in the ABC
+Corporation cell:
+<PRE> % <B>backup listhosts</B>
+ Tape hosts:
+ Host backup1.abc.com, port offset 0
+ Host backup1.abc.com, port offset 1
+ Host backup3.abc.com, port offset 4
+ Host backup2.abc.com, port offset 3
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf062.htm#HDRBK_ADDHOST">backup addhost</A>
+<P><A HREF="auarf069.htm#HDRBK_DELHOST">backup delhost</A>
+<P><A HREF="auarf089.htm#HDRBK_STATUS">backup status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf080.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf082.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf081.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf083.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_LISTVOLSETS" HREF="auarf002.htm#ToC_96">backup listvolsets</A></H2>
+<A NAME="IDX4374"></A>
+<A NAME="IDX4375"></A>
+<A NAME="IDX4376"></A>
+<A NAME="IDX4377"></A>
+<A NAME="IDX4378"></A>
+<A NAME="IDX4379"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Lists volume set entries from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup listvolsets</B> [<B>-name</B> <<VAR>volume set name</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup listv</B> [<B>-n</B> <<VAR>volume set name</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup listvolsets</B> command displays the Backup Database
+records for either
+<UL>
+<P><LI>All volume sets and their volume entries, if the <B>-name</B> argument
+is omitted
+<P><LI>The volume set specified by the <B>-name</B> argument, along with its
+volume entries
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the volume set to display. If this argument is omitted, the
+output lists all volume sets defined in the Backup Database.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The entry for each volume set begins with the <TT>Volume set</TT> header
+and the volume set's name. A temporary volume set's name is
+followed by the string <TT> (temporary)</TT>. Each volume entry
+follows on a separate line, indicating the entry's index number and the
+server, partition, and volume names it matches. The output uses the
+metacharacter notation described on the <B>backup addvolentry</B>
+reference page. Use the index number to identify volume entries when
+deleting them with the <B>backup delvolentry</B> command.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the volume entries in the three volume sets
+currently defined in the Backup Database:
+<PRE> % <B>backup listvolsets</B>
+ Volume set user:
+ Entry 1: server .*, partition .*, volumes: user.*\.backup
+ Volume set sun
+ Entry 1: server .*, partition .*, volumes: sun4x_55\..*
+ Entry 2: server .*, partition .*, volumes: sun4x_56\..*
+ Volume set rs
+ Entry 1: server .*, partition .*, volumes: rs_aix42\..*
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf070.htm#HDRBK_DELVOLENTRY">backup delvolentry</A>
+<P><A HREF="auarf071.htm#HDRBK_DELVOLSET">backup delvolset</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf081.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf083.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf082.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf084.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_QUIT" HREF="auarf002.htm#ToC_97">backup quit</A></H2>
+<A NAME="IDX4380"></A>
+<A NAME="IDX4381"></A>
+<A NAME="IDX4382"></A>
+<A NAME="IDX4383"></A>
+<A NAME="IDX4384"></A>
+<A NAME="IDX4385"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Leaves interactive mode
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>quit</B> [<B>-help</B>]
+
+<B>q</B> [<B>-h</B>]
+
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>(backup) quit</B> command exits interactive mode, returning the
+issuer to the regular shell prompt at which the <B>backup</B> or
+<B>backup interactive</B> command was issued to enter interactive
+mode. The command has no effect when issued outside interactive
+mode. Issuing the <<B>Ctrl-d</B>> command also exits interactive
+mode.
+<P><STRONG>Cautions</STRONG>
+<P>To exit interactive mode, all jobs must be completed. Use the
+<B>(backup) jobs</B> command to list any jobs currently pending or
+executing, and the <B>(backup) kill</B> command to terminate them as
+necessary.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command exits interactive mode:
+<PRE> backup> <B>quit</B>
+ %
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf076.htm#HDRBK_INTERACTIVE">backup interactive</A>
+<P><A HREF="auarf077.htm#HDRBK_JOBS">backup jobs</A>
+<P><A HREF="auarf078.htm#HDRBK_KILL">backup kill</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf082.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf084.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf083.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf085.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_READLABEL" HREF="auarf002.htm#ToC_98">backup readlabel</A></H2>
+<A NAME="IDX4386"></A>
+<A NAME="IDX4387"></A>
+<A NAME="IDX4388"></A>
+<A NAME="IDX4389"></A>
+<A NAME="IDX4390"></A>
+<A NAME="IDX4391"></A>
+<A NAME="IDX4392"></A>
+<A NAME="IDX4393"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reads and displays a tape's label
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup readlabel</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup rea</B> [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup readlabel</B> command displays information from the
+magnetic tape label of a tape. The information includes the tape's
+name (either a <I>permanent name</I>, or an <I>AFS tape name</I> that
+reflects the tape's contents in a prescribed format) and its
+capacity.
+<P>If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file associated with the
+specified port offset, then the <B>backup readlabel</B> command reads the
+label information from the first 16 KB block in the backup data file listed
+for that port offset in the Tape Coordinator's
+<B>/usr/afs/backup/tapeconfig</B> file, rather than from the beginning of
+a tape.
+<P>The Tape Coordinator's default response to this command is to access
+the tape by invoking the <B>MOUNT</B> instruction in the local
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by prompting the
+backup operator to insert the tape if there is no <B>MOUNT</B>
+instruction. However, if the <B>AUTOQUERY NO</B> instruction
+appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the issuer of
+the <B>butc</B> command included the <B>-noautoquery</B> flag, the
+Tape Coordinator instead expects the tape to be in the device already.
+If it is not, the Tape Coordinator invokes the <B>MOUNT</B> instruction or
+prompts the operator.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the
+tapes for this operation.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>Output from this command appears in both the shell window where the command
+is issued, and in the Tape Coordinator window.
+<P>If the tape is unlabeled or if the specified tape device is empty, the
+output reads
+<PRE> Failed to read tape label.
+
+</PRE>
+<P>Otherwise, the output in the shell window has the following format:
+<PRE> Tape read was labelled: <VAR>tape name</VAR> (<VAR>dump id</VAR>)
+ size: <VAR>size</VAR> Kbytes
+
+</PRE>
+<P>where <VAR>tape name</VAR> is the permanent name if the tape has one, or the
+AFS tape name otherwise. The <VAR>dump ID</VAR> is dump ID of the initial
+dump on the tape, and <VAR>size</VAR> is the recorded capacity of the tape in
+kilobytes.
+<P>The output in the Tape Coordinator windows is bounded by an underlined
+<TT>Tape</TT> <TT>label</TT> header at the top, and the following string
+at the bottom:
+<PRE> -- End of tape label --
+
+</PRE>
+<P>In between are lines reporting the following information:
+<DL>
+<P><DT><B><TT>tape name</TT>
+</B><DD>The permanent name assigned by using the <B>-pname</B> argument of the
+<B>backup labeltape</B> command. This name remains on the tape
+until that argument is used again, no matter how many times the tape is
+recycled or otherwise relabeled. If the tape does not have a permanent
+name, the value <TT><NULL></TT> appears in this field.
+<P><DT><B><TT>AFS tape name</TT>
+</B><DD>A tape name in one of the following prescribed formats. The Backup
+System automatically writes the appropriate AFS tape name to the label as part
+of a <B>backup dump</B> or <B>backup savedb</B> operation, or the
+operator can assign it with the <B>-name</B> argument to the <B>backup
+labeltape</B> command.
+<UL>
+<P><LI><VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR><B>.</B><VAR>tape_index</VAR>,
+if the tape contains volume data. The <VAR>volume_set_name</VAR> is the
+name of the volume set that was dumped to create the initial dump in the dump
+set of to which this tape belongs; <VAR>dump_level_name</VAR> is the last
+pathname element of the dump level at which the initial dump was backed
+up; and <VAR>tape_index</VAR> is the numerical position of the tape in the
+dump set.
+<P><LI><TT>Ubik.db.dump.</TT><VAR>tape_index</VAR> if the
+tape contains a dump of the Backup Database, created with the <B>backup
+savedb</B> command. The <VAR>tape_index</VAR> is the ordinal of the
+tape in the dump set.
+<P><LI><TT><NULL></TT> if the tape has no AFS tape name. This is
+normally the case if the <B>-name</B> argument was not included the last
+time the <B>backup labeltape</B> command was used on this tape, and no
+data has been written to it since.
+</UL>
+<P><DT><B><TT>creationTime</TT>
+</B><DD>The date and time at which the Backup System started performing the dump
+operation that created the initial dump.
+<P><DT><B><TT>cell</TT>
+</B><DD>The cell in which the dump set was created. This is the cell whose
+Backup Database contains a record of the dump set.
+<P><DT><B><TT>size</TT>
+</B><DD>The tape's capacity (in kilobytes) as recorded on the label, rather
+than the amount of data on the tape. The value is assigned by the
+<B>-size</B> argument to the <B>backup labeltape</B> command or
+derived from the <B>/usr/afs/backup/tapeconfig</B> file on the Tape
+Coordinator machine, not from a measurement of the tape.
+<P><DT><B><TT>dump path</TT>
+</B><DD>The dump level of the initial dump in the dump set
+<P><DT><B><TT>dump id</TT>
+</B><DD>The dump ID number of the initial dump in the dump set, as recorded in the
+Backup Database
+<P><DT><B><TT>useCount</TT>
+</B><DD>The number of times a dump has been written to the tape, or it has been
+relabeled
+</DL>
+<P>The message <TT>ReadLabel: Finished</TT> indicates the completion
+of the output.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output for the tape with permanent name
+<B>oct.guest.dump</B> and capacity 2 MB, expressed in
+kilobyte units (2097152 equals 2 times 1024<SUP>2</SUP>).
+<PRE> % <B>backup readlabel -portoffset 6</B>
+ Tape read was labelled: oct.guest.dump (907215000)
+ size: 2097152 Kbytes
+
+</PRE>
+<P>The output in the Tape Coordinator window reads:
+<PRE> Tape label
+ ----------
+ tape name = oct.guest.dump
+ AFS tape name = guests.monthly.3
+ creationTime = Thu Oct 1 00:10:00 1998
+ cell = abc.com
+ size = 2097152 Kbytes
+ dump path = /monthly
+ dump id = 907215000
+ useCount = 5
+ ---- End of tape label ----
+
+</PRE>
+<P>The following example is for a tape that does not have a permanent
+tape.
+<PRE> % backup readlabel -portoffset 6
+ Tape read was labelled: guests.monthly.2 (909899900)
+ size: 2097152 Kbytes
+
+</PRE>
+<P>The output in the Tape Coordinator window reads:
+<PRE> Tape label
+ ----------
+ tape name = <NULL>
+ AFS tape name = guests.monthly.2
+ creationTime = Sun Nov 1 00:58:20 1998
+ cell = abc.com
+ size = 2097152 Kbytes
+ dump path = /monthly
+ dump id = 909899900
+ useCount = 1
+ ---- End of tape label ----
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf079.htm#HDRBK_LABELTAPE">backup labeltape</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf083.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf085.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf084.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf086.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_RESTOREDB" HREF="auarf002.htm#ToC_99">backup restoredb</A></H2>
+<A NAME="IDX4394"></A>
+<A NAME="IDX4395"></A>
+<A NAME="IDX4396"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Restores a saved copy of the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup restoredb</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup res</B> [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup restoredb</B> command restores to the Backup Server
+machine's local disk a version of the Backup Database previously written
+to tape by using the <B>backup savedb</B> command.
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file associated with the
+specified port offset, then the <B>backup restoredb</B> command restores
+data from the backup data file listed for that port offset in the Tape
+Coordinator's <B>/usr/afs/backup/tapeconfig</B> file, instead of from
+tape. For the sake of clarity, the following text refers to tapes only,
+but the Backup System handles backup data files in much the same way.)
+<P>The most common reason to run this command is to replace a corrupted or
+otherwise damaged Backup Database; use the <B>backup dbverify</B>
+command to determine the database's status. The command can also
+be used to restore records that were removed from the database when the
+<B>-archive</B> argument was included on a previous <B>backup
+savedb</B> command.
+<P>The command completely overwrites the existing Backup Database records for
+volume sets, Tape Coordinators, and the dump hierarchy with the corresponding
+information from the saved version. It does not overwrite existing dump
+records, but instead interleaves the records from the copy being
+restored. If both the existing database (on the Backup Server
+machine's disk) and the copy being restored include a record about the
+same dump, the Backup System retains the one in the existing database.
+<P>The Tape Coordinator's default response to this command is to access
+the first tape it needs by invoking the <B>MOUNT</B> instruction in the
+local <B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by
+prompting the backup operator to insert the tape if there is no
+<B>MOUNT</B> instruction. However, if the <B>AUTOQUERY NO</B>
+instruction appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the
+issuer of the <B>butc</B> command included the <B>-noautoquery</B>
+flag, the Tape Coordinator instead expects the tape to be in the device
+already. If it is not, or is the wrong tape, the Tape Coordinator
+invokes the <B>MOUNT</B> instruction or prompts the operator. It
+also invokes the <B>MOUNT</B> instruction or prompts for any additional
+tapes needed to complete the restore operation; the backup operator must
+arrange to provide them.
+<P><STRONG>Cautions</STRONG>
+<P>If the database is corrupted, do not attempt to restore a saved database on
+top of it. Instead, use the instructions for repairing a corrupted
+database in the <I>IBM AFS Administration Guide</I> chapter about
+performing backup operations.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the
+tapes for this operation.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the Backup Database being restored from the
+Tape Coordinator with port offset 0:
+<PRE> % <B>backup restoredb</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf066.htm#HDRBK_DBVERIFY">backup dbverify</A>
+<P><A HREF="auarf086.htm#HDRBK_SAVEDB">backup savedb</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P><I>IBM AFS Administration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf084.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf086.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf085.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf087.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_SAVEDB" HREF="auarf002.htm#ToC_100">backup savedb</A></H2>
+<A NAME="IDX4397"></A>
+<A NAME="IDX4398"></A>
+<A NAME="IDX4399"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a saved copy of the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup savedb</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>] [<B>-archive</B> <<VAR>date time</VAR>><SUP>+</SUP>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup sa</B> [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-a</B> <<VAR>date time</VAR>><SUP>+</SUP>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup savedb</B> command creates a backup copy of the entire
+Backup Database and writes it to the tape in the device controlled by the Tape
+Coordinator indicated with the <B>-portoffset</B> argument. If the
+database is damaged (as reported by the <B>backup dbverify</B> command),
+this command repairs as much of the corruption as possible as it creates the
+saved copy. The Backup Server creates a dump record for the saved
+database in the Backup Database (but in the disk version of the database only,
+not in the version written to tape).
+<P>If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file associated with the
+specified port offset, then the <B>backup savedb</B> command dumps the
+database copy to the backup data file listed for that port offset in the Tape
+Coordinator's <B>/usr/afs/backup/tapeconfig</B> file, instead of to
+tape. For the sake of clarity, the following text refers to tapes only,
+but the Backup System handles backup data files in much the same way.
+<P>If the <B>-archive</B> flag is provided, after writing the saved copy
+of the database the Backup System truncates the copy of the database on disk
+by deleting volume dump records with timestamps prior to the specified date
+and time (it does not delete the dump records created by previous <B>backup
+savedb</B> commands, however).
+<P>If the tape to which the database copy is written has an AFS tape name, it
+must be <B>Ubik_db_dump.1</B> or <TT><NULL></TT>. Any
+permanent name is acceptable.
+<P>The Tape Coordinator's default response to this command is to access
+the first tape by invoking the <B>MOUNT</B> instruction in the local
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by prompting the
+backup operator to insert the tape if there is no <B>MOUNT</B>
+instruction. However, if the <B>AUTOQUERY NO</B> instruction
+appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the issuer of
+the <B>butc</B> command included the <B>-noautoquery</B> flag, the
+Tape Coordinator instead expects the tape to be in the device already.
+If it is not, the Tape Coordinator invokes the <B>MOUNT</B> instruction or
+prompts the operator. It also invokes the <B>MOUNT</B> instruction
+or prompts for any additional tapes needed to complete the operation; the
+backup operator must arrange to provide them.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the
+tapes for this operation.
+<P><DT><B>-archive
+</B><DD>Specifies a date and time; volume dump records with earlier
+timestamps are deleted from the disk copy of the Backup Database after the
+Backup System dumps the database (a dump's timestamp appears in the
+<TT>created</TT> field of the output from the <B>backup dumpinfo</B>
+command). However, if a dump set contains any dump created after the
+specified date, none of the dump records associated with the dump set are
+deleted. Dump records for previous dumps of the database (created with
+the <B>backup savedb</B> command) are never deleted; use the
+<B>backup deletedump</B> command to remove them.
+<P>Provide one of two values:
+<UL>
+<P><LI>The string <B>NOW</B> to indicate the current date and time, in which
+case the Backup System deletes all dump records except those for dumps of the
+Backup Database itself.
+<P><LI>A date value in the format <VAR>mm/dd/yyyy</VAR>
+[<VAR>hh:MM</VAR>]. The month (<VAR>mm</VAR>), day (<VAR>dd</VAR>), and
+year (<VAR>yyyy</VAR>) are required, and valid values for the year range from
+<B>1970</B> to <B>2037</B>; higher values are not valid because
+the latest possible date in the standard UNIX representation is in February
+2038. The Backup System automatically reduces any later date to the
+maximum value.
+<P>The hour and minutes (<VAR>hh</VAR>:<VAR>MM</VAR>) are optional, but if
+provided must be in 24-hour format (for example, the value
+<B>14:36</B> represents 2:36 p.m.). If
+omitted, the time defaults to 59 seconds after midnight (00:00:59
+hours). Similarly, the <B>backup</B> command interpreter
+automatically adds 59 seconds to any time value provided. In both
+cases, adding 59 seconds compensates for how the Backup Database and
+<B>backup dumpinfo</B> command represent dump creation times in hours and
+minutes only. That is, the Database records a creation timestamp of
+<TT>20:55</TT> for any dump created between 20:55:00 and
+20:55:59. Automatically adding 59 seconds to a time thus
+includes the records for all dumps created during that minute.
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example writes a copy of the Backup Database to the tape
+device controlled by the Tape Coordinator with port offset 1:
+<PRE> % <B>backup savedb -portoffset 1</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf066.htm#HDRBK_DBVERIFY">backup dbverify</A>
+<P><A HREF="auarf085.htm#HDRBK_RESTOREDB">backup restoredb</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf085.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf087.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf086.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf088.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_SCANTAPE" HREF="auarf002.htm#ToC_101">backup scantape</A></H2>
+<A NAME="IDX4400"></A>
+<A NAME="IDX4401"></A>
+<A NAME="IDX4402"></A>
+<A NAME="IDX4403"></A>
+<A NAME="IDX4404"></A>
+<A NAME="IDX4405"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Extracts dump information from a tape
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup scantape</B> [<B>-dbadd</B>] [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup sc</B> [<B>-d</B>] [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup scantape</B> command extracts information from the dump
+labels and volume headers on the tape in the device controlled by the Tape
+Coordinator indicated by the <B>-portoffset</B> argument. The Tape
+Coordinator displays the information for each volume in its window as soon as
+it extracts it (rather than waiting until it has scanned the entire
+tape).
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file associated with the
+specified port offset, then the <B>backup scantape</B> command extracts
+dump information from the backup data file named in that port offset's
+entry in the <B>/usr/afs/backup/tapeconfig</B> file on the Tape
+Coordinator machine, rather than from a tape. For the sake of clarity,
+the following text refers to tapes only, but the Backup System handles backup
+data files in much the same way.)
+<P>If the <B>-dbadd</B> flag is provided, the <B>backup scantape</B>
+command creates new dump and volume records in the Backup Database for the
+scanned information. However, if it finds that a record already exists
+in the database for the same dump, it terminates the scanning
+operation.
+<P>The scanning operation works only on tapes containing volume data.
+The command fails with an error message if the tape contains a copy of the
+Backup Database (was created with the <B>backup savedb</B> command, or has
+the AFS tape name <B>Ubik_db_dump.1</B>).
+<P>The Tape Coordinator's default response to this command is to access
+the tape by invoking the <B>MOUNT</B> instruction in the
+<B>CFG_</B><VAR>device_name</VAR> file, or by prompting the backup operator
+to insert the tape if there is no <B>MOUNT</B> instruction.
+However, if the <B>AUTOQUERY NO</B> instruction appears in the
+<B>CFG_</B><VAR>device_name</VAR> file, or if the issuer of the
+<B>butc</B> command included the <B>-noautoquery</B> flag, the Tape
+Coordinator instead expects the tape to be in the device already. If it
+is not, the Tape Coordinator invokes the <B>MOUNT</B> instruction or
+prompts the operator.
+<P>To terminate a tape scanning operation in interactive mode, issue the
+<B>(backup) kill</B> command. In noninteractive mode, the only
+choice is to use a termination signal such as <<B>Ctrl-c</B>> to halt
+the Tape Coordinator completely.
+<P><STRONG>Cautions</STRONG>
+<P>A scanning operation does not have to begin with the first tape in a dump
+set, but the Backup System can process tapes only in sequential order after
+the initial tape provided. The Tape Coordinator automatically requests
+any subsequent tapes by invoking the <B>MOUNT</B> instruction in the local
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by prompting the
+operator if there is no <B>MOUNT</B> instruction.
+<P>The Tape Coordinator's success in scanning a tape that is corrupted or
+damaged depends on the extent of the damage and what type of data is
+corrupted. It can almost always scan the tape successfully up to the
+point of damage. If the damage is minor, the Tape Coordinator can
+usually skip over it and scan the rest of the tape, but more major damage can
+prevent further scanning. Because a scanning operation can start on any
+tape in a dump set, damage on one tape does not prevent scanning of the others
+in the dump set. However, it is possible to scan either the tapes that
+precede the damaged one or the ones that follow it, but not both.
+<P>If a tape is relabeled with the <B>backup labeltape</B> command, it is
+not possible to recover data from it for the purposes of rebuilding the Backup
+Database.
+<P>If the <B>-dbadd</B> flag is included on the command, it is best not to
+terminate the tape scanning operation before it completes (for example, by
+issuing the <B>(backup) kill</B> command in interactive mode). The
+Backup System writes a new record in the Backup Database for each dump as soon
+as it scans the relevant information on the tape, and so it possibly has
+already written new records. If the operator wants to rerun the
+scanning operation, he or she must locate and remove the records created
+during the terminated operation: the second operation exits
+automatically if it finds that a record that it needs to create already
+exists.
+<P>If the <B>-dbadd</B> flag is included and the first tape provided is
+not the first tape in the dump set, the following restrictions apply:
+<UL>
+<P><LI>If the first data on the tape is a continuation of a volume that begins on
+the previous (unscanned) tape in the dump set, the Backup System does not add
+a record for that volume to the Backup Database.
+<P><LI>The Backup System must read the marker that indicates the start of an
+appended dump to add database records for the volumes in it. If the
+first volume on the tape belongs to an appended dump, but is not immediately
+preceded by the appended-dump marker, the Backup System does not create a
+Backup Database record for it or any subsequent volumes that belong to that
+appended dump.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dbadd
+</B><DD>Adds the information extracted from the tape to the Backup Database (but
+only if the database does not already contain an entry with the same dump ID
+number).
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator handling the
+tapes for this operation.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>For every dump on a tape, the <B>backup scantape</B> command displays
+in the Tape Coordinator window the dump label and the volume header of each
+volume in the dump. If a dump spans more than one tape, the dump label
+does not repeat at the beginning of subsequent tapes.
+<P>A dump label contains the following fields, which are the same as in the
+output from the <B>backup readlabel</B> command:
+<DL>
+<P><DT><B><TT>tape name</TT><TT></TT>
+</B><DD>The permanent name assigned by using the <B>-pname</B> argument of the
+<B>backup labeltape</B> command. This name remains on the tape
+until that argument is used again, no matter how many times the tape is
+recycled or otherwise relabeled. If the tape does not have a permanent
+name, the value <TT><NULL></TT> appears in this field.
+<P><DT><B><TT>AFS tape name</TT>
+</B><DD>A tape name in one of the following prescribed formats. The Backup
+System automatically writes the appropriate AFS tape name to the label as part
+of a <B>backup dump</B> operation, or the operator can assign it with the
+<B>-name</B> argument to the <B>backup labeltape</B> command.
+<UL>
+<P><LI><VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR>.<VAR>tape
+_index</VAR>, if the tape contains volume data. The
+<VAR>volume_set_name</VAR> is the name of the volume set that was dumped to
+create the initial dump in the dump set of which this tape is a part;
+<VAR>dump_level_name</VAR> is the last pathname element of the dump level at
+which the initial dump was backed up; and <VAR>tape_index</VAR> is the
+numerical position of the tape in the dump set.
+<P><LI><TT><NULL></TT> if the tape has no AFS tape name. This is
+normally the case if the <B>-name</B> argument was not included the last
+time the <B>backup labeltape</B> command was used on this tape, and no
+data has been written to it since.
+</UL>
+<P><DT><B><TT>creationTime</TT>
+</B><DD>The date and time at which the Backup System started performing the dump
+operation that created the initial dump.
+<P><DT><B><TT>cell</TT>
+</B><DD>The cell in which the dump set was created. This is the cell whose
+Backup Database contains a record of the dump set.
+<P><DT><B><TT>size</TT>
+</B><DD>The tape's capacity (in kilobytes) as recorded on the label, rather
+than the amount of data on the tape. The value is assigned by the
+<B>-size</B> argument to the <B>backup labeltape</B> command or
+derived from the <B>/usr/afs/backup/tapeconfig</B> file on the Tape
+Coordinator machine, not from a measurement of the tape.
+<P><DT><B><TT>dump</TT> <TT>path</TT>
+</B><DD>The dump level of the initial dump in the dump set.
+<P><DT><B><TT>dump</TT> <TT>id</TT>
+</B><DD>The dump ID number of the initial dump in the dump set, as recorded in the
+Backup Database.
+<P><DT><B><TT>useCount</TT>
+</B><DD>The number of times a dump has been written to the tape, or it has been
+relabeled.
+</DL>
+<P>The volume header contains the following fields:
+<DL>
+<P><DT><B><TT>volume</TT> <TT>name</TT>
+</B><DD>The volume name, complete with a <TT>.backup</TT> or
+<TT>.readonly</TT> extension, if appropriate.
+<P><DT><B><TT>volume</TT> <TT>ID</TT>
+</B><DD>The volume's volume ID.
+<P><DT><B><TT>dumpSetName</TT>
+</B><DD>The dump to which the volume belongs. The dump name is of the form
+<VAR>volume_set_name</VAR><B>.</B><VAR>dump_level_name</VAR> and
+matches the name displayed in the dump label.
+<P><DT><B><TT>dumpID</TT>
+</B><DD>The dump ID of the dump named in the <TT>dumpSetName</TT> field.
+<P><DT><B><TT>level</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used in creating the
+dump. A value of <TT>0</TT> indicates a full dump. A value of
+<TT>1</TT> or greater indicates an incremental dump made at the indicated
+depth in the hierarchy. The value reported is for the entire dump, not
+necessarily for the volume itself; for example, it is possible for a dump
+performed at an incremental level to include a full dump of an individual
+volume if the volume was omitted from previous dumps.
+<P><DT><B><TT>parentID</TT>
+</B><DD>The dump ID number of <TT>dumpSetName</TT>'s parent dump. It
+is <TT>0</TT> if the value in the <TT>level</TT> field is
+<TT>0</TT>.
+<P><DT><B><TT>endTime</TT>
+</B><DD>Is always <TT>0</TT>; it is reserved for internal use.
+<P><DT><B><TT>cloneDate</TT>
+</B><DD>The date and time at which the volume was created. For a backup or
+read-only volume, this represents the time at which it was cloned from its
+read/write source. For a read/write volume, it indicates the time at
+which the Backup System locked the volume for purposes of including it in the
+dump named in the <TT>dumpSetName</TT> field.
+</DL>
+<P>The message <TT>Scantape: Finished</TT> indicates the completion of
+the output.
+<P>In normal circumstances, the Backup System writes a marker to indicate that
+a volume is the last one on a tape, or that the volume continues on the next
+tape. However, if a backup operation terminated abnormally (for
+example, because the operator terminated the Tape Coordinator by issuing the
+<<B>Ctrl-c</B>> command during the operation), then there is no such
+marker. Some very early versions of the Backup System also did not
+write these markers. If a tape does not conclude with one of the
+expected markers, the Tape Coordinator cannot determine if there is a
+subsequent tape in the dump set and so generates the following message in its
+window:
+<PRE> Are there more tapes? (y/n)
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output for the first two volumes on a tape
+in the device with port offset 0:
+<PRE> % <B>backup scantape</B>
+ Dump label
+ ----------
+ tape name = monthly_guest
+ AFS tape name = guests.monthly.3
+ creationTime = Mon Feb 1 04:06:40 1999
+ cell = abc.com
+ size = 2150000 Kbytes
+ dump path = /monthly
+ dump id = 917860000
+ useCount = 44
+ -- End of dump label --
+ -- volume --
+ volume name: user.guest10.backup
+ volume ID 1937573829
+ dumpSetName: guests.monthly
+ dumpID 917860000
+ level 0
+ parentID 0
+ endTime 0
+ clonedate Mon Feb 1 03:03:23 1999
+ -- volume --
+ volume name: user.guest11.backup
+ volume ID 1938519386
+ dumpSetName: guests.monthly
+ dumpID 917860000
+ level 0
+ parentID 0
+ endTime 0
+ clonedate Mon Feb 1 03:05:15 1999
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf074.htm#HDRBK_DUMPINFO">backup dumpinfo</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf086.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf088.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf087.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf089.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_SETEXP" HREF="auarf002.htm#ToC_102">backup setexp</A></H2>
+<A NAME="IDX4406"></A>
+<A NAME="IDX4407"></A>
+<A NAME="IDX4408"></A>
+<A NAME="IDX4409"></A>
+<A NAME="IDX4410"></A>
+<A NAME="IDX4411"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the expiration date for existing dump levels.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup setexp -dump</B> <<VAR>dump level name</VAR>><SUP>+</SUP> [<B>-expires</B> <<VAR>expiration date</VAR>><SUP>+</SUP>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup se -d</B> <<VAR>dump level name</VAR>><SUP>+</SUP> [<B>-e</B> <<VAR>expiration date</VAR>><SUP>+</SUP>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup setexp</B> command sets or changes the expiration date
+associated with each specified dump level, which must already exist in the
+dump hierarchy.
+<P>Use the <B>-expires</B> argument to associate an expiration date with
+each dump level. When the Backup System subsequently creates a dump at
+the dump level, it uses the specified value to derive the dump's
+expiration date, which it records on the label of the tape (or backup data
+file). The Backup System refuses to overwrite a tape until after the
+latest expiration date of any dump that the tape contains, unless the
+<B>backup labeltape</B> command is used to relabel the tape. If a
+dump level does not have an expiration date, the Backup System treats dumps
+created at the level as expired as soon as it creates them.
+<P>(Note that the Backup System does not automatically remove a dump's
+record from the Backup Database when the dump reaches its expiration date, but
+only if the tape that contains the dump is recycled or relabeled. To
+remove expired and other obsolete dump records, use the <B>backup
+deletedump</B> command.)
+<P>Define either an absolute or relative expiration date:
+<UL>
+<P><LI>An absolute expiration date defines the month/day/year (and, optionally,
+hour and minutes) at which a dump expires. If the expiration date
+predates the dump creation time, the Backup System immediately treats the dump
+as expired.
+<P><LI>A relative date defines the number of years, months, or days (or a
+combination of the three) after the dump's creation that it
+expires. When the Backup System creates a dump at the dump level, it
+calculates an actual expiration date by adding the relative date to the start
+time of the dump operation.
+</UL>
+<P>If the command is used to change an existing expiration date associated
+with a dump level, the new date applies only to dumps created after the
+change. Existing dumps retain the expiration date assigned at the time
+they were created.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dump
+</B><DD>Specifies the full pathname of each dump level to assign the expiration
+date specified by the <B>-expires</B> argument.
+<P><DT><B>-expires
+</B><DD>Defines the absolute or relative expiration date to associate with each
+dump level named by the <B>-dump</B> argument. Absolute expiration
+dates have the following format:
+<P>
+<PRE> [<B>at</B>] {<B>NEVER</B> | <VAR>mm</VAR><B>/</B><VAR>dd</VAR><B>/</B><VAR>yyyy</VAR> [<VAR>hh</VAR><B>:</B><VAR>MM</VAR>] }
+
+</PRE>
+<P>where the optional word <B>at</B> is followed either by the string
+<B>NEVER</B>, which indicates that dumps created at the dump level never
+expire, or by a date value with a required portion (<VAR>mm</VAR> for month,
+<VAR>dd</VAR> for day, and <VAR>yyyy</VAR> for year) and an optional portion
+(<VAR>hh</VAR> for hours and <VAR>MM</VAR> for minutes).
+<P>Omit the <VAR>hh</VAR>:<VAR>MM</VAR> portion to use the default of
+midnight (00:00 hours), or provide a value in 24-hour format (for
+example, <B>20:30</B> is 8:30 p.m.).
+Valid values for the year range from <B>1970</B> to <B>2037</B>;
+higher values are not valid because the latest possible date in the standard
+UNIX representation is in February 2038. The command interpreter
+automatically reduces later dates to the maximum value.
+<P>Relative expiration dates have the following format:
+<PRE> [<B>in</B>] [<VAR>years</VAR><B>y</B>] [<VAR>months</VAR><B>m</B>] [<VAR>days</VAR><B>d</B>]
+
+</PRE>
+<P>
+<P>where the optional word <B>in</B> is followed by at least one of a
+number of years (maximum <B>9999</B>) followed by the letter <B>y</B>,
+a number of months (maximum <B>12</B>) followed by the letter
+<B>m</B>, or a number of days (maximum <B>31</B>) followed by the
+letter <B>d</B>. If providing more than one of the three, list them
+in the indicated order. If the date that results from adding the
+relative expiration value to a dump's creation time is later than the
+latest possible date in the UNIX time representation, the Backup System
+automatically reduces it to that date.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition to be
+associated with each dump level specified by the <B>-dump</B>
+argument.
+</TD></TR></TABLE>
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example associates an absolute expiration date of 10:00
+p.m. on 31 December 1999 with the dump level
+<B>/1998/december</B>:
+<PRE> % <B>backup setexp -dump /1998/december -expires at 12/31/1999 22:00</B>
+
+</PRE>
+<P>The following example associates a relative expiration date of 7 days with
+the two dump levels <B>/monthly/week1</B> and
+<B>/monthly/week2</B>:
+<PRE> % <B>backup setexp -dump /monthly/week1 /monthly/week -expires 7d</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf061.htm#HDRBK_ADDDUMP">backup adddump</A>
+<P><A HREF="auarf067.htm#HDRBK_DELDUMP">backup deldump</A>
+<P><A HREF="auarf080.htm#HDRBK_LISTDUMPS">backup listdumps</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf087.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf089.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf088.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf090.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_STATUS" HREF="auarf002.htm#ToC_103">backup status</A></H2>
+<A NAME="IDX4412"></A>
+<A NAME="IDX4413"></A>
+<A NAME="IDX4414"></A>
+<A NAME="IDX4415"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports a Tape Coordinator's status
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup status</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup st</B> [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup status</B> command displays which operation, if any, the
+indicated Tape Coordinator is currently executing.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator for which to
+report the status.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following message indicates that the Tape Coordinator is not currently
+performing an operation:
+<PRE> Tape coordinator is idle
+</PRE>
+<P>Otherwise, the output includes a message of the following format for each
+running or pending operation:
+<PRE> Task <VAR>task_ID</VAR>: <VAR>operation</VAR>: <VAR>status</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>task_ID</VAR>
+</B><DD>Is a task identification number assigned by the Tape Coordinator.
+It begins with the Tape Coordinator's port offset number.
+<P><DT><B><VAR>operation</VAR>
+</B><DD>Identifies the operation the Tape Coordinator is performing, which is
+initiated by the indicated command:
+<UL>
+<P><LI><TT>Dump</TT> (the <B>backup dump</B> command)
+<P><LI><TT>Restore</TT> (the <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> commands)
+<P><LI><TT>Labeltape</TT> (the <B>backup labeltape</B> command)
+<P><LI><TT>Scantape</TT> (the <B>backup scantape</B> command)
+<P><LI><TT>SaveDb</TT> (the <B>backup savedb</B> command)
+<P><LI><TT>RestoreDb</TT> (the <B>backup restoredb</B> command)
+</UL>
+<P><DT><B><VAR>status</VAR>
+</B><DD>Indicates the job's current status in one of the following
+messages.
+<DL>
+<P><DT><B><VAR>number</VAR> <TT>Kbytes transferred, volume</TT> <VAR>volume_name</VAR>
+</B><DD>For a running dump operation, indicates the number of kilobytes copied to
+tape or a backup data file so far, and the volume currently being
+dumped.
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, restore.volume</TT>
+</B><DD>For a running restore operation, indicates the number of kilobytes copied
+into AFS from a tape or a backup data file so far.
+<P><DT><B><TT>[abort requested]</TT>
+</B><DD>The <B>(backup) kill</B> command was issued, but the termination
+signal has yet to reach the Tape Coordinator.
+<P><DT><B><TT>[abort sent]</TT>
+</B><DD>The operation is canceled by the <B>(backup) kill</B> command.
+Once the Backup System removes an operation from the queue or stops it from
+running, it no longer appears at all in the output from the command.
+<P><DT><B><TT>[butc contact lost]</TT>
+</B><DD>The <B>backup</B> command interpreter cannot reach the Tape
+Coordinator. The message can mean either that the Tape Coordinator
+handling the operation was terminated or failed while the operation was
+running, or that the connection to the Tape Coordinator timed out.
+<P><DT><B><TT>[done]</TT>
+</B><DD>The Tape Coordinator has finished the operation.
+<P><DT><B><TT>[drive wait]</TT>
+</B><DD>The operation is waiting for the specified tape drive to become
+free.
+<P><DT><B><TT>[operator wait]</TT>
+</B><DD>The Tape Coordinator is waiting for the backup operator to insert a tape
+in the drive.
+</DL>
+</DL>
+<P>If the Tape Coordinator is communicating with an XBSA server (a third-party
+backup utility that implements the Open Group's Backup Service API
+[XBSA]), the following message appears last in the output:
+<PRE> <VAR>XBSA_program</VAR> Tape coordinator
+</PRE>
+<P>where <VAR>XBSA_program</VAR> is the name of the XBSA-compliant
+program.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows that the Tape Coordinator with port offset 4
+has so far dumped about 1.5 MB of data for the current dump operation,
+and is currently dumping the volume named
+<B>user.pat.backup</B>:
+<PRE> % <B>backup status -portoffset 4</B>
+ Task 4001: Dump: 1520 Kbytes transferred, volume user.pat.backup
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf088.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf090.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf089.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf091.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_VOLINFO" HREF="auarf002.htm#ToC_104">backup volinfo</A></H2>
+<A NAME="IDX4416"></A>
+<A NAME="IDX4417"></A>
+<A NAME="IDX4418"></A>
+<A NAME="IDX4419"></A>
+<A NAME="IDX4420"></A>
+<A NAME="IDX4421"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays a volume's dump history from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup volinfo -volume</B> <<VAR>volume name</VAR>>
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup voli -v</B> <<VAR>volume name</VAR>> [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup volinfo</B> command displays a dump history of the
+specified volume, reporting information such as the date on which the volume
+was dumped and the tapes that contain it. Include the
+<B>.backup</B> extension on the volume name if the backup version
+of the volume was dumped.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-volume
+</B><DD>Names the volume for which to display the dump history. Include
+the<TT> .backup</TT> or <TT>.readonly</TT> extension if the
+backup or read-only version of the volume was dumped.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes a line for each Backup Database dump record that
+mentions the specified volume, order from most to least recent. The
+output for each record appears in a table with six columns:
+<DL>
+<P><DT><B><TT>dumpID</TT>
+</B><DD>The dump ID of the dump that includes the volume.
+<P><DT><B><TT>lvl</TT>
+</B><DD>The depth in the dump hierarchy of the dump level at which the volume was
+dumped. A value of <TT>0</TT> indicates a full dump. A value
+of <TT>1</TT> or greater indicates an incremental dump made at the specified
+depth in the dump hierarchy.
+<P><DT><B><TT>parentid</TT>
+</B><DD>The dump ID of the dump's parent dump. A value of <TT>0</TT>
+indicates a full dump, which has no parent; in this case, the value in
+the <TT>lvl</TT> column is also <TT>0</TT>.
+<P><DT><B><TT>creation date</TT>
+</B><DD>The date and time at which the Backup System started the dump operation
+that created the dump.
+<P><DT><B><TT>clone date</TT>
+</B><DD>For a backup or read-only volume, the time at which it was cloned from its
+read/write source. For a read/write volume, the same as the value in
+the <TT>creation date</TT> field.
+<P><DT><B><TT>tape name</TT>
+</B><DD>The name of the tape containing the dump: either the permanent tape
+name, or an AFS tape name in the format
+<I>volume_set_name</I>.<I>dump_level_name</I>.<I>tape_index</I>
+where <I>volume_set_name</I> is the name of the volume set associated with
+the initial dump in the dump set of which this tape is a part;
+<I>dump_level_name</I> is the name of the dump level at which the initial
+dump was backed up; <I>tape_index</I> is the ordinal of the tape in
+the dump set. Either type of name can be followed by a dump ID in
+parentheses; if it appears, it is the dump ID of the initial dump in the
+dump set to which this appended dump belongs.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows part of the dump history of the Backup volume
+<B>user.smith.backup</B>:
+<PRE> % <B>backup volinfo -volume user.smith.backup</B>
+ DumpID lvl parentID creation date clone date tape name
+ 924600000 1 924427600 04/20/1999 05:20 04/20/1999 05:01 user_incr_2 (924514392)
+ 924514392 1 924427600 04/19/1999 05:33 04/19/1999 05:08 user_incr_2
+ 924427600 0 0 04/18/1999 05:26 04/18/1999 04:58 user_full_6
+ . . . . . . . .
+ . . . . . . . .
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf074.htm#HDRBK_DUMPINFO">backup dumpinfo</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf089.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf091.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf090.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf092.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_VOLRESTORE" HREF="auarf002.htm#ToC_105">backup volrestore</A></H2>
+<A NAME="IDX4422"></A>
+<A NAME="IDX4423"></A>
+<A NAME="IDX4424"></A>
+<A NAME="IDX4425"></A>
+<A NAME="IDX4426"></A>
+<A NAME="IDX4427"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Restores one or more volumes
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup volrestore -server</B> <<VAR>destination machine</VAR>>
+ <B>-partition</B> <<VAR>destination partition</VAR>>
+ <B>-volume</B> <<VAR>volume(s) to restore</VAR>><SUP>+</SUP>
+ [<B>-extension</B> <<VAR>new volume name extension</VAR>>]
+ [<B>-date</B> <<VAR>date from which to restore</VAR>><SUP>+</SUP>]
+ [<B>-portoffset</B> <<VAR>TC port offsets</VAR>><SUP>+</SUP>] [<B>-n</B>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup volr -s</B> <<VAR>destination machine</VAR>> <B>-pa</B> <<VAR>destination partition</VAR>>
+ <B>-v</B> <<VAR>volume(s) to restore</VAR>><SUP>+</SUP> [<B>-e</B> <<VAR>new volume name extension</VAR>>]
+ [<B>-d</B> <<VAR>date from which to restore</VAR>><SUP>+</SUP>] [-<B>po</B> <<VAR>TC port offsets</VAR>><SUP>+</SUP>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup volrestore</B> command restores the contents of one or
+more volumes to the site indicated by the <B>-server</B> and
+<B>-partition</B> arguments. Use the command either to overwrite
+the contents of existing volumes with the restored data or to create new
+volumes while retaining the existing ones. The specified site does not
+have to be the current site for the volumes.
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file associated with the
+specified port offset, then the <B>backup volrestore</B> command restores
+data from the backup data file listed for that port offset in the Tape
+Coordinator's <B>/usr/afs/backup/tapeconfig</B> file, rather than
+from tape. For the sake of clarity, the following text refers to tapes
+only, but the Backup System handles backup data files in much the same
+way.)
+<P>The command's arguments can be combined as indicated:
+<UL>
+<P><LI>To preserve a volume's current contents and also create a new volume
+to house the restored version, use the <B>-extension</B> argument.
+The Backup System creates the new volume on the server and partition named by
+the <B>-server</B> and <B>-partition</B> arguments, assigns it the
+same name as the current volume with the addition of the specified extension,
+and creates a new Volume Location Database (VLDB) entry for it.
+Creating a new volume enables the administrator to compare the two
+versions.
+<P><LI>To overwrite a volume's existing contents with the restored version,
+omit the <B>-extension</B> argument, and specify the site as
+indicated:
+<UL>
+<P><LI>To retain the current site, specify it with the <B>-server</B> and
+<B>-partition</B> arguments.
+<P><LI>To move the volume to a different site while overwriting it, specify the
+new site with the <B>-server</B> argument, <B>-partition</B> argument,
+or both. The Backup System creates a new volume at that site, removes
+the existing volume, and updates the site information in the volume's
+VLDB entry. The backup version of the volume is not removed
+automatically from the original site, if it exists. Use the <B>vos
+remove</B> command to remove it and the <B>vos backup</B> command to
+create a backup version at the new site.
+</UL>
+<P><LI>To restore a volume that no longer exists in the file system, specify its
+name with the <B>-volume</B> argument and use the <B>-server</B> and
+<B>-partition</B> arguments to place it at the desired site. The
+Backup System creates a new volume and new VLDB entry.
+</UL>
+<P>In each case, the command sets each volume's creation date to the date
+and time at which it restores it. The creation date appears in the
+<TT>Creation</TT> field in the output from the <B>vos examine</B> and
+<B>vos listvol</B> commands.
+<P>If restoring all of the volumes that resided on a single partition, it is
+usually more efficient to use the <B>backup diskrestore</B>
+command. If restoring multiple volumes to many different sites, it can
+be more efficient to use the <B>backup volsetrestore</B> command.
+<P>By default, the <B>backup volrestore</B> command restores the most
+recent full dump and all subsequent incremental dumps for each volume,
+bringing the restored volumes to the most current possible state. To
+restore the volumes to their state at some time in the past, use the
+<B>-date</B> argument. The Backup System restores the most recent
+full dump and each subsequent incremental dump for which the <VAR>clone
+date</VAR> of the volume included in the dump is before the indicated date and
+time (the clone date timestamp appears in the <TT>clone date</TT> field of
+the output from the <B>backup volinfo</B> command). For backup and
+read-only volumes, the clone date represents the time at which the volume was
+copied from its read/write source; for read/write volumes, it represents
+the time at which the volume was locked for inclusion in the dump. The
+resemblance of a restored volume to its actual state at the indicated time
+depends on the amount of time that elapsed between the volume's clone
+date in the last eligible dump and the specified time.
+<P>If the <B>-volume</B> argument specifies the base (read/write) form of
+the volume name, the Backup System searches the Backup Database for the newest
+dump set that includes a dump of either the read/write or the backup version
+of the volume. It restores the dumps of that version of the volume,
+starting with the most recent full dump. If, in contrast, the volume
+name explicitly includes the <B>.backup</B> or
+<B>.readonly</B> extension, the Backup System restores dumps of the
+corresponding volume version only.
+<P>To generate a list of the tapes the Backup System needs to perform the
+restore operation, without actually performing it, combine the <B>-n</B>
+flag with the options to be used on the actual command.
+<P>If all of the full and incremental dumps of all relevant volumes were not
+written to a type of tape that a single Tape Coordinator can read, use the
+<B>-portoffset</B> argument to list multiple port offset numbers in the
+order in which the tapes are needed (first list the port offset for the full
+dump, second the port offset for the level 1 incremental dump, and so
+on). If restoring multiple volumes, the same ordered list of port
+offsets must apply to all of them. If not, either issue this command
+separately for each volume, or use the <B>vos volsetrestore</B> command
+after defining groups of volumes that were dumped to compatible tape
+types. For further discussion, see the <I>IBM AFS Administration
+Guide</I>.
+<P>The Tape Coordinator's default response to this command is to access
+the first tape it needs by invoking the <B>MOUNT</B> instruction in the
+local <B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by
+prompting the backup operator to insert the tape if there is no
+<B>MOUNT</B> instruction. However, if the <B>AUTOQUERY NO</B>
+instruction appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the
+issuer of the <B>butc</B> command included the <B>-noautoquery</B>
+flag, the Tape Coordinator instead expects the tape to be in the device
+already. If it is not, or is the wrong tape, the Tape Coordinator
+invokes the <B>MOUNT</B> instruction or prompts the operator. It
+also invokes the <B>MOUNT</B> instruction or prompts for any additional
+tapes needed to complete the restore operation; the backup operator must
+arrange to provide them.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Names the file server machine on which to restore each volume. If
+this argument and the <B>-partition</B> argument indicate a site other
+than the current site for each volume, and the <B>-extension</B> argument
+is not also provided, the Backup System removes the existing volumes from
+their current sites, places the restored contents at the specified site, and
+changes the site information in the volume's VLDB entry.
+<P><DT><B>-partition
+</B><DD>Names the partition to which to restore each volume. If this
+argument and the <B>-server</B> argument indicate a site other than the
+current site for each volume, and the <B>-extension</B> argument is not
+also provided, the Backup System removes the existing volumes from their
+current sites, places the restored contents at the specified site, and changes
+the site information in the volume's VLDB entry.
+<P><DT><B>-volume
+</B><DD>Names one or more volumes to restore, using the volume name as listed in
+the Backup Database. Provide the base (read/write) name of each volume
+to have the Backup System search the Backup Database for the newest dump set
+that includes a dump of either the read/write or the backup version of the
+volume; it restores the dumps of that version of the volume, starting
+with the most recent full dump. If, in contrast, a volume name
+explicitly includes the <B>.backup</B> or
+<B>.readonly</B> extension, the Backup System restores dumps of the
+corresponding volume version only.
+<P><DT><B>-extension
+</B><DD>Creates a new volume to house the restored data, with a name derived by
+appending the specified string to each volume named by the <B>-volume</B>
+argument. The Backup System creates a new VLDB entry for the
+volume. Any string other than <B>.readonly</B> or
+<B>.backup</B> is acceptable, but the combination of the existing
+volume name and extension cannot exceed 22 characters in length. To use
+a period to separate the extension from the name, specify it as the first
+character of the string (as in <B>.rst</B>, for example).
+<P><DT><B>-date
+</B><DD>Specifies a date and optionally time; the restored volume includes
+data from dumps performed before the date only. Provide a value in the
+format <VAR>mm</VAR>/<VAR>dd</VAR>/<VAR>yyyy</VAR> [<VAR>hh</VAR>:<VAR>MM</VAR>],
+where the required <VAR>mm/dd/yyyy</VAR> portion indicates the month
+(<VAR>mm</VAR>), day (<VAR>dd</VAR>), and year (<VAR>yyyy</VAR>), and the optional
+<VAR>hh:MM</VAR> portion indicates the hour and minutes in 24-hour format
+(for example, the value <B>14:36</B> represents 2:36
+p.m.). If omitted, the time defaults to 59 seconds after
+midnight (00:00:59 hours).
+<P>Valid values for the year range from <B>1970</B> to
+<B>2037</B>; higher values are not valid because the latest possible
+date in the standard UNIX representation is in February 2038. The
+command interpreter automatically reduces any later date to the maximum
+value.
+<P>If this argument is omitted, the Backup System restores all possible dumps
+including the most recently created.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-portoffset
+</B><DD>Specifies one or more port offset numbers (up to a maximum of 128), each
+corresponding to a Tape Coordinator to use in the operation. If there
+is more than one value, the Backup System uses the first one when restoring
+the full dump of each volume, the second one when restoring the level 1
+incremental dump of each volume, and so on. It uses the final value in
+the list when restoring dumps at the corresponding depth in the dump hierarchy
+and all dumps at lower levels.
+<P>Provide this argument unless the default value of 0 (zero) is appropriate
+for all dumps. If <B>0</B> is just one of the values in the list,
+provide it explicitly in the appropriate order.
+<P><DT><B>-n
+</B><DD>Displays the list of tapes that contain the dumps required by the restore
+operation, without actually performing the operation.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the issuer includes the <B>-n</B> flag with the command, the
+following string appears at the head of the list of the tapes necessary to
+complete the restore operation.
+<PRE> Tapes needed:
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command restores the volume <B>user.pat</B> to
+partition <B>/vicepa</B> on machine
+<B>fs5.abc.com</B>:
+<PRE> % <B>backup volrestore -server fs5.abc.com -partition a -volume user.pat</B>
+
+</PRE>
+<P>The following command restores the volumes <B>user.smith</B> and
+<B>user.terry</B> to partition <B>/vicepb</B> on machine
+<B>fs4.abc.com</B>, adding a <B>.rst</B>
+extension to each volume name and preserving the existing
+<B>user.smith</B> and <B>user.terry</B> volumes.
+Only dumps created before 5:00 p.m. on 31 January 1998 are
+restored. (The command is shown here on multiple lines only for
+legibility reasons.)
+<PRE> % <B>backup volrestore -server fs4.abc.com -partition b</B> \
+ <B>-volume user.smith user.terry</B> \
+ <B>-extension .rst -date 1/31/1998 17:00</B>
+
+</PRE>
+<P>The following command restores the volume <B>user.pat</B> to
+partition <B>/vicepb</B> on machine
+<B>fs4.abc.com</B>. The Tape Coordinator with port
+offset 1 handles the tape containing the full dump; the Tape Coordinator
+with port offset 0 handles all tapes containing incremental dumps. (The
+command is shown here on two lines only for legibility reasons.)
+<PRE> % <B>backup volrestore -server fs5.abc.com -partition a</B> \
+ <B>-volume user.pat -portoffset 1 0</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server or Volume Location (VL) Server is
+running, and on every file server machine that houses an affected
+volume. If the <B>-localauth</B> flag is included, the issuer must
+instead be logged on to a server machine as the local superuser
+<B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf092.htm#HDRBK_VOLSETRESTORE">backup volsetrestore</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P><A HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf090.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf092.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf091.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf093.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBK_VOLSETRESTORE" HREF="auarf002.htm#ToC_106">backup volsetrestore</A></H2>
+<A NAME="IDX4428"></A>
+<A NAME="IDX4429"></A>
+<A NAME="IDX4430"></A>
+<A NAME="IDX4431"></A>
+<A NAME="IDX4432"></A>
+<A NAME="IDX4433"></A>
+<A NAME="IDX4434"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Restores all volumes in a volume set
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup volsetrestore</B> [<B>-name</B> <<VAR>volume set name</VAR>>] [<B>-file</B> <<VAR>file name</VAR>>]
+ [<B>-portoffset</B> <<VAR>TC port offset</VAR>><SUP>+</SUP>]
+ [<B>-extension</B> <<VAR>new volume name extension</VAR>>]
+ [<B>-n</B>] [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup vols</B> [<B>-na</B> <<VAR>volume set name</VAR>>] [<B>-f</B> <<VAR>file name</VAR>>]
+ [<B>-p</B> <<VAR>TC port offset</VAR>><SUP>+</SUP>] [<B>-e</B> <<VAR>new volume name extension</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup volsetrestore</B> command restores the complete contents
+of a group of read/write volumes to the file system, by restoring data from
+the last full dump and all subsequent incremental dumps of each volume.
+It is most useful for recovering from loss of data on multiple partitions,
+since it can restore each of a defined set of volumes to a different
+site.
+<P>(If the <B>FILE YES</B> instruction appears in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file associated with the
+specified port offset, then the <B>backup volsetrestore</B> command
+restores data from the backup data file listed for that port offset in the
+Tape Coordinator's <B>/usr/afs/backup/tapeconfig</B> file, instead of
+from tape. For the sake of clarity, the following text refers to tapes
+only, but the Backup System handles backup data files in much the same
+way.)
+<P>If restoring one or more volumes to a single site only, it is usually more
+efficient to use the <B>backup volrestore</B> command. If restoring
+all volumes that resided on a single partition, it is usually more efficient
+to use the <B>backup diskrestore</B> command.
+<P>Indicate the volumes to restore by providing either the <B>-name</B>
+argument or the <B>-file</B> argument:
+<UL>
+<P><LI>The <B>-name</B> argument names a volume set. The Backup System
+restores all volumes listed in the Volume Location Database (VLDB) that match
+the server, partition, and volume name criteria defined in the volume
+set's volume entries, and for which dumps are available. It
+restores the volumes to their current site (machine and partition), and by
+default overwrites the existing volume contents.
+<P>It is not required that the volume set was previously used to back up
+volumes (was used as the <B>-volumeset</B> option to the <B>backup
+dump</B> command). It can be defined especially to match the volumes
+that need to be restored with this command, and that is usually the better
+choice. Indeed, a <I>temporary</I> volume set, created by including
+the <B>-temporary</B> flag to the <B>backup addvolset</B> command, can
+be especially useful in this context. A temporary volume set is not
+added to the Backup Database and exists only during the current interactive
+backup session, which is suitable if the volume set is needed only to complete
+the single restore operation initialized by this command.
+<P>The reason that a specially defined volume set is probably better is that
+volume sets previously defined for use in dump operations usually match the
+backup version of volumes, whereas for a restore operation it is best to
+define volume entries that match the base (read/write) name. In that
+case, the Backup System searches the Backup Database for the newest dump set
+that includes either the read/write or the backup version of the
+volume. If, in contrast, a volume entry explicitly matches the
+volume's backup or read-only version, the Backup System restores dumps of
+that volume version only.
+<P><LI>The <B>-file</B> argument names a file that lists specific volumes and
+the site to which to restore each. The volume name must match the name
+used in Backup Database dump records rather than in the VLDB, if they differ,
+because the Backup System does not look up volumes in the VLDB. The
+specified site can be different than the volume's current one; in
+that case, the Backup System removes the current version of the volume and
+updates the volume's location information in the VLDB.
+</UL>
+<P>If all of the full and incremental dumps of all relevant volumes were not
+written to a type of tape that a single Tape Coordinator can read, use the
+<B>-portoffset</B> argument to list multiple port offset numbers in the
+order in which the tapes are needed (first list the port offset for the full
+dump, second the port offset for the level 1 incremental dump, and so
+on). This implies that the full dumps of all relevant volumes must have
+been written to a type of tape that the first Tape Coordinator can read, the
+level 1 incremental dumps to a type of tape the second Tape Coordinator can
+read, and so on. If dumps are on multiple incompatible tape types, use
+the <B>backup volrestore</B> command to restore individual volumes, or use
+this command after defining new volume sets that group together volumes that
+were dumped to compatible tape types. For further discussion, see the
+<I>IBM AFS Administration Guide</I>.
+<P>By default, the Backup System overwrites the contents of an existing volume
+with the restored data. To create a new volume to house the restored
+version instead, use the <B>-extension</B> argument. The Backup
+System derives the new volume's name by adding the specified extension to
+the read/write base name, and creates a new VLDB entry. The command
+does not affect the existing volume in any way. However, if a volume
+with the specified extension also already exists, the command overwrites
+it.
+<P>The <B>-n</B> flag produces a list of the volumes to be restored if the
+<B>-n</B> flag were not included, without actually restoring any
+volumes. See the <B>Output</B> section of this reference page for a
+detailed description of the output, and suggestions on how to combine it most
+effectively with the <B>-file</B> and <B>-name</B> arguments.
+<P>The execution time for a <B>backup volsetrestore</B> command depends on
+the number of volumes to be restored and the amount of data in them, but it
+can take hours to restore a large number of volumes. One way to reduce
+the time is to run multiple instances of the command simultaneously, either
+using the <B>-name</B> argument to specify disjoint volume sets for each
+command, or the <B>-file</B> argument to name files that list different
+volumes. This is possible if there are multiple available Tape
+Coordinators that can read the required tapes. Depending on how the
+volumes to be restored were dumped to tape, specifying disjoint volume sets
+can also reduce the number of tape changes required.
+<P>The Tape Coordinator's default response to this command is to access
+the first tape it needs by invoking the <B>MOUNT</B> instruction in the
+local <B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file, or by
+prompting the backup operator to insert the tape if there is no
+<B>MOUNT</B> instruction. However, if the <B>AUTOQUERY NO</B>
+instruction appears in the <B>CFG_</B><VAR>device_name</VAR> file, or if the
+issuer of the <B>butc</B> command included the <B>-noautoquery</B>
+flag, the Tape Coordinator instead expects the tape to be in the device
+already. If it is not, or is the wrong tape, the Tape Coordinator
+invokes the <B>MOUNT</B> instruction or prompts the operator. It
+also invokes the <B>MOUNT</B> instruction or prompts for any additional
+tapes needed to complete the restore operation; the backup operator must
+arrange to provide them.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names a volume set to restore. The Backup System restores all of
+the volumes listed in the VLDB that match the volume set's volume
+entries. Provide this argument or the <B>-file</B> argument, but
+not both.
+<P><DT><B>-file
+</B><DD>Specifies the full pathname of a file that lists one or more volumes and
+the site (file server machine and partition) to which to restore each.
+Use either this argument or the <B>-name</B> argument, but not
+both.
+<P>Each volume's entry must appear on its own (unbroken) line in the
+file, and have the following format:
+<PRE> <VAR>machine partition
+ volume</VAR> [<VAR>comments...</VAR>]
+
+</PRE>
+<P>
+<P>where
+<DL>
+<P><DT><B><VAR>machine</VAR>
+</B><DD>Names the file server machine to which to restore the volume.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Names the partition to which to restore the volume.
+<P><DT><B><VAR>volume</VAR>
+</B><DD>Names the volume to restore. It is generally best to specify the
+base (read/write) name of each volume. In this case, the Backup System
+searches the Backup Database for the newest dump set that includes a dump of
+either the read/write or the backup version of the volume. It restores
+the dumps of that version of the volume, starting with the most recent full
+dump. If, in contrast, the name explicitly includes the
+<B>.backup</B> or <B>.readonly</B> extension, the Backup
+System restores dumps of that volume version only.
+<P><DT><B><VAR>comments...</VAR>
+</B><DD>Is any other text. The Backup System ignores any text on each line
+that appears after the volume name, so this field can be used for notes
+helpful to the backup operator or other administrator.
+</DL>
+<P>
+<P>Do not use wildcards (for example, <B>.*</B>) in the
+<VAR>machine</VAR>, <VAR>partition</VAR>, or <VAR>volume</VAR> fields. It is
+acceptable for multiple lines in the file to name the same volume, but the
+Backup System processes only the first of them.
+<P><DT><B>-extension
+</B><DD>Creates a new volume for each volume specified by the <B>-name</B> or
+<B>-file</B> argument, to house the restored data from that volume.
+The Backup System derives the new volume's name by appending the
+specified string to the read/write base name, and creates a new VLDB volume
+entry. It preserves the contents of each existing volume. Any
+string other than <B>.readonly</B> or <B>.backup</B> is
+acceptable, but the combination of the base name and extension cannot exceed
+22 characters in length. To use a period to separate the extension from
+the name, specify it as the first character of the string (as in
+<B>.rst</B>, for example).
+<P><DT><B>-portoffset
+</B><DD>Specifies one or more port offset numbers (up to a maximum of 128), each
+corresponding to a Tape Coordinator to use in the operation. If there
+is more than one value, the Backup System uses the first one when restoring
+the full dump of each volume, the second one when restoring the level 1
+incremental dump of each volume, and so on. It uses the final value in
+the list when restoring dumps at the corresponding depth in the dump hierarchy
+and all dumps at lower levels.
+<P>Provide this argument unless the default value of 0 (zero) is appropriate
+for all dumps. If <B>0</B> is just one of the values in the list,
+provide it explicitly in the appropriate order.
+<P><DT><B>-n
+</B><DD>Displays a list of the volumes to be restored if the flag were not
+included, without actually restoring them. The <B>Output</B>
+section of this reference page details the format of the output. When
+combined with the <B>-name</B> argument, its output is easily edited for
+use as input to the <B>-file</B> argument on a subsequent <B>backup
+volsetrestore</B> command.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the <B>-n</B> flag is not provided, the command displays a unique
+task ID number for the operation, in two places:
+<UL>
+<P><LI>In the shell window, directly following the command line
+<P><LI>In the Tape Coordinator window, if the <B>butc</B> process was started
+at debug level 1
+</UL>
+<P>The task ID number is not the same as the job ID number displayed by the
+<B>(backup) jobs</B> command when the <B>(backup) volsetrestore</B>
+command is issued in interactive mode. The Backup System does not
+assign either type of ID number until the restoration process actually
+begins.
+<P>When the <B>-n</B> flag is included, no task ID or job ID numbers are
+reported because none are assigned. Instead, the output begins with a
+count of the number of volumes to be restored, followed by a line for each
+dump of a volume. For each volume, the line representing the most
+recent full dump appears first, and lines for any subsequent incremental dumps
+follow, ordered by dump level. The lines for a given volume do not
+necessarily appear all together, however.
+<P>The format of each line is as follows (the output is shown here on two
+lines only for legibility reasons):
+<PRE> <VAR>machine partition volume_dumped</VAR> # as <VAR>volume_restored</VAR>; <VAR>tape_name</VAR> (<VAR>tape_ID</VAR>); \
+ pos <VAR>position_number</VAR>; <VAR>date</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>machine</VAR>
+</B><DD>Names the file server machine that currently houses the volume, as listed
+in the VLDB.
+<P><DT><B><VAR>partition</VAR>
+</B><DD>Names the partition that currently houses the volume, as listed in the
+VLDB.
+<P><DT><B><VAR>volume_dumped</VAR>
+</B><DD>Specifies the version (read/write or backup) of the volume that was
+dumped, as listed in the Backup Database.
+<P><DT><B><VAR>volume_restored</VAR>
+</B><DD>Specifies the name under which to restore the volume. The Backup
+System only restores data to read/write volumes. If the
+<B>-extension</B> argument is included, then the specified extension
+appears on the name in this field (for example,
+<TT>user.pat.rst</TT>).
+<P><DT><B><VAR>tape_name</VAR>
+</B><DD>Names the tape containing the dump of the volume, from the Backup
+Database. If the tape has a permanent name, it appears here;
+otherwise, it is the AFS tape name.
+<P><DT><B><VAR>tape_ID</VAR>
+</B><DD>The tape ID of the tape containing the dump of the volume, from the Backup
+Database.
+<P><DT><B><VAR>position_number</VAR>
+</B><DD>Specifies the dump's position on the tape (for example, <TT>31</TT>
+indicates that 30 volume dumps precede the current one on the tape). If
+the dump was written to a backup data file, this number is the ordinal of the
+16 KB-offset at which the volume's data begins.
+<P><DT><B><VAR>date</VAR>
+</B><DD>The date and time when the volume was dumped.
+</DL>
+<P>One way to generate a file for use as input to the <B>-file</B>
+argument is to combine the <B>-name</B> and <B>-n</B> options,
+directing the output to a file. The <I>IBM AFS Administration
+Guide</I> section on using the Backup System to restore data explains how to
+edit the file as necessary before using it as input to the <B>-file</B>
+argument.
+<P>The output of this command includes only volumes for which the Backup
+Database includes at least one dump record. The command interpreter
+generates a message on the standard error stream about volumes that do not
+have dump records but either are listed in the file named by the
+<B>-file</B> argument, or appear in the VLDB as a match to a volume entry
+in the volume set named by the <B>-name</B> argument.
+<P><STRONG>Examples</STRONG>
+<P>The following command restores all volumes included in entries in the
+volume set named <B>data.restore</B>, which was created expressly
+to restore data to a pair of file server machines on which all data was
+corrupted due to a software error. All volumes are restored to the
+sites recorded in their entries in the VLDB.
+<PRE> % <B>backup volsetrestore -name data.restore</B>
+ Starting restore
+ backup: task ID of restore operation: 112
+ backup: Finished doing restore
+
+</PRE>
+<P>The following command restores all volumes that have entries in the file
+named <B>/tmp/restore</B>:
+<PRE> % <B>backup volsetrestore -file /tmp/restore</B>
+ Starting restore
+ backup: task ID of restore operation: 113
+ backup: Finished doing restore
+
+</PRE>
+<P>The <B>/tmp/restore</B> file has the following contents:
+<PRE> fs1.abc.com b user.pat
+ fs1.abc.com b user.terry
+ fs1.abc.com b user.smith
+ fs2.abc.com c user.jones
+ . . .
+ . . .
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server or Volume Location (VL) Server is
+running, and on every file server machine that houses an affected
+volume. If the <B>-localauth</B> flag is included, the issuer must
+instead be logged on to a server machine as the local superuser
+<B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf064.htm#HDRBK_ADDVOLSET">backup addvolset</A>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf073.htm#HDRBK_DUMP">backup dump</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf091.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf093.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf092.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf094.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_INTRO" HREF="auarf002.htm#ToC_107">bos</A></H2>
+<A NAME="IDX4435"></A>
+<A NAME="IDX4436"></A>
+<A NAME="IDX4437"></A>
+<A NAME="IDX4438"></A>
+<A NAME="IDX4439"></A>
+<A NAME="IDX4440"></A>
+<A NAME="IDX4441"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>bos</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>bos</B> command suite are the administrative
+interface to the Basic OverSeer (BOS) Server, which runs on every file server
+machine to monitor the other server processes on it. If a process
+fails, the BOS Server can restart it automatically, taking into account
+interdependencies between it and other processes. The BOS Server frees
+system administrators from constantly monitoring the status of server machines
+and processes.
+<P>There are several categories of commands in the <B>bos</B> command
+suite:
+<UL>
+<P><LI>Commands to administer server process binary files: <B>bos
+getdate</B>, <B>bos install</B>, <B>bos prune</B>, and <B>bos
+uninstall</B>
+<P><LI>Commands to maintain system configuration files: <B>bos
+addhost</B>, <B>bos addkey</B>, <B>bos adduser</B>, <B>bos
+listhosts</B>, <B>bos listkeys</B>, <B>bos listusers</B>, <B>bos
+removehost</B>, <B>bos removekey</B>, <B>bos removeuser</B>, and
+<B>bos setcellname</B>
+<P><LI>Commands to start and stop processes: <B>bos create</B>,
+<B>bos delete</B>, <B>bos restart</B>, <B>bos shutdown</B>,
+<B>bos start</B>, <B>bos startup</B>, and <B>bos stop</B>
+<P><LI>Commands to set and verify server process and server machine status:
+<B>bos getlog</B>, <B>bos getrestart</B>, <B>bos setauth</B>,
+<B>bos setrestart</B>, and <B>bos status</B>
+<P><LI>A command to restore file system consistency: <B>bos salvage</B>
+<P><LI>Commands to obtain help: <B>bos apropos</B> and <B>bos
+help</B>
+</UL>
+<P>The BOS Server and the <B>bos</B> commands use and maintain the
+following configuration and log files:
+<UL>
+<P><LI>The <B>/usr/afs/etc/CellServDB</B> file lists the local cell's
+database server machines. These machines run the Authentication,
+Backup, Protection and Volume Location (VL) Server processes, which maintain
+databases of administrative information. The database server processes
+consult the file to learn about their peers, whereas the other server
+processes consult it to learn where to access database information as
+needed. To administer the <B>CellServDB</B> file, use the following
+commands: <B>bos addhost</B>, <B>bos listhosts</B>, <B>bos
+removehost</B>, and <B>bos setcellname</B>.
+<P><LI>The <B>/usr/afs/etc/KeyFile</B> file lists the server encryption keys
+that the server processes use to decrypt tickets presented by client processes
+and one another. To administer the <B>KeyFile</B> file, use the
+following commands: <B>bos addkey</B>, <B>bos listkeys</B>, and
+<B>bos removekey</B>.
+<P><LI>The <B>/usr/afs/etc/ThisCell</B> file defines the cell to which the
+server machine belongs for the purposes of server-to-server
+communication. Administer it with the <B>bos setcellname</B>
+command. There is also a <B>/usr/vice/etc/ThisCell</B> file that
+defines the machine's cell membership with respect to the AFS command
+suites and Cache Manager access to AFS data.
+<P><LI>The <B>/usr/afs/etc/UserList</B> file lists the user name of each
+administrator authorized to issue privileged <B>bos</B> and <B>vos</B>
+commands. To administer the <B>UserList</B> file, use the following
+commands: <B>bos adduser</B>, <B>bos listusers</B>, and <B>bos
+removeuser</B>.
+<P><LI>The <B>/usr/afs/local/BosConfig</B> file defines which AFS server
+processes run on the server machine, and whether the BOS Server restarts them
+automatically if they fail. It also defines when all processes restart
+automatically (by default once per week), and when the BOS Server restarts
+processes that have new binary files (by default once per day). To
+administer the <B>BosConfig</B> file, use the following commands:
+<B>bos create</B>, <B>bos delete</B>, <B>bos getrestart</B>,
+<B>bos setrestart</B>, <B>bos start</B>, and <B>bos
+stop</B>.
+<P><LI>The <B>/usr/afs/log/BosLog</B> file records important operations the
+BOS Server performs and error conditions it encounters.
+</UL>
+<P>For more details, see the reference page for each file.
+<P><STRONG>Options</STRONG>
+<P>The following arguments and flags are available on many commands in the
+<B>bos</B> suite. The reference page for each command also lists
+them, but they are described here in greater detail.
+<A NAME="IDX4442"></A>
+<A NAME="IDX4443"></A>
+<A NAME="IDX4444"></A>
+<DL>
+<P><DT><B>-cell <<VAR>cell name</VAR>>
+</B><DD>Names the cell in which to run the command. It is acceptable to
+abbreviate the cell name to the shortest form that distinguishes it from the
+other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
+machine. If the <B>-cell</B> argument is omitted, the command
+interpreter determines the name of the local cell by reading the following in
+order:
+<OL TYPE=1>
+<P><LI>The value of the AFSCELL environment variable
+<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
+</OL>
+<P>
+<P>Do not combine the <B>-cell</B> and <B>-localauth</B>
+options. A command on which the <B>-localauth</B> flag is included
+always runs in the local cell (as defined in the server machine's local
+<B>/usr/afs/etc/ThisCell</B> file), whereas a command on which the
+<B>-cell</B> argument is included runs in the specified foreign
+cell.
+<A NAME="IDX4445"></A>
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+<P><DT><B>
+<A NAME="IDX4446"></A>
+<B>-localauth</B>
+</B><DD>Constructs a server ticket using the server encryption key with the
+highest key version number in the local <B>/usr/afs/etc/KeyFile</B>
+file. The <B>bos</B> command interpreter presents the ticket, which
+never expires, to the BOS Server during mutual authentication.
+<P>Use this flag only when issuing a command on a server machine; client
+machines do not usually have a <B>/usr/afs/etc/KeyFile</B> file.
+The issuer of a command that includes this flag must be logged on to the
+server machine as the local superuser <B>root</B>. The flag is
+useful for commands invoked by an unattended application program, such as a
+process controlled by the UNIX <B>cron</B> utility or by a cron entry in
+the machine's <B>/usr/afs/local/BosConfig</B> file. It is also
+useful if an administrator is unable to authenticate to AFS but is logged in
+as the local superuser <B>root</B>.
+<P>Do not combine the <B>-cell</B> and <B>-localauth</B>
+options. A command on which the <B>-localauth</B> flag is included
+always runs in the local cell (as defined in the server machine's local
+<B>/usr/afs/etc/ThisCell</B> file), whereas a command on which the
+<B>-cell</B> argument is included runs in the specified foreign
+cell. Also, do not combine the <B>-localauth</B> and
+<B>-noauth</B> flags.
+<P><DT><B>
+<A NAME="IDX4447"></A>
+<B>-noauth</B>
+</B><DD>Establishes an unauthenticated connection to the BOS Server, in which the
+BOS Server treats the issuer as the unprivileged user
+<B>anonymous</B>. It is useful only when authorization checking is
+disabled on the server machine (during the installation of a file server
+machine or when the <B>bos setauth</B> command has been used during other
+unusual circumstances). In normal circumstances, the BOS Server allows
+only privileged users to issue commands that change the status of a server or
+configuration file, and refuses to perform such an action even if the
+<B>-noauth</B> flag is provided. Do not combine the
+<B>-noauth</B> and <B>-localauth</B> flags.
+<P><DT><B><B>-server</B> <<VAR>machine name</VAR>>
+<A NAME="IDX4448"></A>
+</B><DD>Indicates the AFS server machine on which to run the command.
+Identify the machine by its IP address in dotted decimal format, its
+fully-qualified host name (for example, <B>fs1.abc.com</B>),
+or by an abbreviated form of its host name that distinguishes it from other
+machines. Successful use of an abbreviated form depends on the
+availability of a name service (such as the Domain Name Service or a local
+host table) at the time the command is issued.
+<P>For the commands that alter the administrative files shared by all server
+machines in the cell (the <B>bos addhost</B>, <B>bos addkey</B>,
+<B>bos adduser</B>, <B>bos removehost</B>, <B>bos removekey</B>,
+and <B>bos removeuser</B> commands), the appropriate machine depends on
+whether the cell uses the United States or international version of AFS:
+<UL>
+<P><LI>If the cell runs the United States edition of AFS and (as recommended)
+uses the Update Server to distribute the contents of the
+<B>/usr/afs/etc</B> directory, provide the name of the system control
+machine. After issuing the command, allow up to five minutes for the
+Update Server to distribute the changed file to the other AFS server machines
+in the cell. If the specified machine is not the system control machine
+but is running an <B>upclientetc</B> process that refers to the system
+control machine, then the change will be overwritten when the process next
+brings over the relevant file from the system control machine.
+<P><LI>If the cell runs the international edition of AFS, do not use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B>
+directory. Instead, repeatedly issue the command, naming each of the
+cell's server machines in turn. To avoid possible inconsistency
+problems, finish issuing the commands within a fairly short time.
+</UL>
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<A NAME="IDX4449"></A>
+<A NAME="IDX4450"></A>
+<P>To issue any <B>bos</B> command that changes a configuration file or
+alters process status, the issuer must be listed in the
+<B>/usr/afs/etc/UserList</B> file on the server machine named by the
+<B>-server</B> argument. Alternatively, if the
+<B>-localauth</B> flag is included the issuer must be logged on as the
+local superuser <B>root</B>.
+<P>To issue a <B>bos</B> command that only displays information (other
+than the <B>bos listkeys</B> command), no privilege is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf033.htm#HDRSV_THISCELL">ThisCell (server version)</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf094.htm#HDRBOS_ADDHOST">bos addhost</A>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf096.htm#HDRBOS_ADDUSER">bos adduser</A>
+<P><A HREF="auarf097.htm#HDRBOS_APROPOS">bos apropos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf099.htm#HDRBOS_DELETE">bos delete</A>
+<P><A HREF="auarf100.htm#HDRBOS_EXEC">bos exec</A>
+<P><A HREF="auarf101.htm#HDRBOS_GETDATE">bos getdate</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<P><A HREF="auarf104.htm#HDRBOS_HELP">bos help</A>
+<P><A HREF="auarf105.htm#HDRBOS_INSTALL">bos install</A>
+<P><A HREF="auarf106.htm#HDRBOS_LISTHOSTS">bos listhosts</A>
+<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<P><A HREF="auarf108.htm#HDRBOS_LISTUSERS">bos listusers</A>
+<P><A HREF="auarf109.htm#HDRBOS_PRUNE">bos prune</A>
+<P><A HREF="auarf110.htm#HDRBOS_REMOVEHOST">bos removehost</A>
+<P><A HREF="auarf111.htm#HDRBOS_REMOVEKEY">bos removekey</A>
+<P><A HREF="auarf112.htm#HDRBOS_REMOVEUSER">bos removeuser</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P><A HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<P><A HREF="auarf115.htm#HDRBOS_SETAUTH">bos setauth</A>
+<P><A HREF="auarf116.htm#HDRBOS_SETCELLNAME">bos setcellname</A>
+<P><A HREF="auarf117.htm#HDRBOS_SETRESTART">bos setrestart</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf119.htm#HDRBOS_START">bos start</A>
+<P><A HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P><A HREF="auarf122.htm#HDRBOS_STOP">bos stop</A>
+<P><A HREF="auarf123.htm#HDRBOS_UNINSTALL">bos uninstall</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf092.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf094.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf093.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf095.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_ADDHOST" HREF="auarf002.htm#ToC_108">bos addhost</A></H2>
+<A NAME="IDX4451"></A>
+<A NAME="IDX4452"></A>
+<A NAME="IDX4453"></A>
+<A NAME="IDX4454"></A>
+<A NAME="IDX4455"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Adds a database server machine to the <B>/usr/afs/etc/CellServDB</B>
+file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos addhost -server</B> <<VAR>machine name</VAR>> <B>-host</B> <<VAR>host name</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos addh -s</B> <<VAR>machine name</VAR>> <B>-ho</B> <<VAR>host name</VAR>><SUP>+</SUP>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-he</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos addhost</B> command adds an entry for each database server
+machine specified with the <B>-host</B> argument to the
+<B>/usr/afs/etc/CellServDB</B> file on the machine named by the
+<B>-server</B> argument.
+<P><STRONG>Cautions</STRONG>
+<P>After executing this command (and waiting for the Update Server to
+propagate the changes, if it is used), restart the database server processes
+on all database server machines to force election of a quorum that includes
+the new set of machines listed in the <B>/usr/afs/etc/CellServDB</B>
+file. The <I>IBM AFS Quick Beginnings</I> explains in more detail
+how to add and remove database server machines.
+<P>It is best to maintain a one-to-one mapping between hostnames and IP
+addresses on a multihomed database server machine (this is actually the
+conventional configuration for any AFS machine). The BOS Server uses
+the <B>gethostbyname( )</B> routine to obtain the IP address
+associated with the hostname specified by the <B>-host</B>
+argument. If there is more than one address, the BOS Server records in
+the <B>CellServDB</B> entry the one that appears first in the list of
+addresses returned by the routine. The routine possibly returns
+addresses in a different order on different machines, which can create
+inconsistency.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Identifies the server machine on which to change the
+<B>/usr/afs/etc/CellServDB</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is conventional to specify only the system control machine as a value for the
+<B>-server</B> argument. In cells that run the international
+version of AFS, repeat the command for each file server machine. For
+further discussion, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-host</B>
+</B><DD>Specifies the fully-qualified host name (such as
+<B>db1.abc.com</B>) of each database server machine to
+register in the <B>CellServDB</B> file.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command adds the database server machines
+<B>db2.abc.com</B> and <B>db3.abc.com</B>
+to the <B>/usr/afs/etc/CellServDB</B> file on the machine
+<B>fs1.abc.com</B> (the system control machine).
+<PRE> % <B>bos addhost -server fs1.abc.com -host db2.abc.com db3.abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf106.htm#HDRBOS_LISTHOSTS">bos listhosts</A>
+<P><A HREF="auarf110.htm#HDRBOS_REMOVEHOST">bos removehost</A>
+<P><I>IBM AFS Quick Beginnings</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf093.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf095.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf094.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf096.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_ADDKEY" HREF="auarf002.htm#ToC_109">bos addkey</A></H2>
+<A NAME="IDX4456"></A>
+<A NAME="IDX4457"></A>
+<A NAME="IDX4458"></A>
+<A NAME="IDX4459"></A>
+<A NAME="IDX4460"></A>
+<A NAME="IDX4461"></A>
+<A NAME="IDX4462"></A>
+<A NAME="IDX4463"></A>
+<A NAME="IDX4464"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Adds a new server encryption key to the <B>/usr/afs/etc/KeyFile</B>
+file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos addkey -server</B> <<VAR>machine name</VAR>> [<B>-key</B> <<VAR>key</VAR>>]
+ <B>-kvno</B> <<VAR>key version number</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos addk -s</B> <<VAR>machine name</VAR>> [<B>-ke</B> <<VAR>key</VAR>>] <B>-kv</B> <<VAR>key version number</VAR>>
+ [<B>-ce</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos addkey</B> command constructs a server encryption key from
+the text string provided, assigns it the key version number specified with the
+<B>-kvno</B> argument, and adds it to the <B>/usr/afs/etc/KeyFile</B>
+file on the machine specified with the <B>-server</B> argument. Be
+sure to use the <B>kas setpassword</B> or <B>kas setkey</B> command to
+add the same key to the <B>afs</B> entry in the Authentication
+Database.
+<P>Do not use the <B>-key</B> argument, which echoes the password string
+visibly on the screen. If the argument is omitted, the BOS Server
+prompts for the string and does not echo it visibly:
+<PRE> Input key:
+ Retype input key:
+
+</PRE>
+<P>The BOS Server prohibits reuse of any key version number already listed in
+the <B>/usr/afs/etc/KeyFile</B> file. This ensures that users who
+still have tickets sealed with the current key are not prevented from
+communicating with a server process because the current key is overwritten
+with a new key. Use the <B>bos listkeys</B> command to display the
+key version numbers in the <B>/usr/afs/etc/KeyFile</B> file.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to change the
+<B>/usr/afs/etc/KeyFile</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is conventional to specify only the system control machine as a value for the
+<B>-server</B> argument. In cells that run the international
+version of AFS, repeat the command for each file server machine. For
+further discussion, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-key</B>
+</B><DD>Specifies a character string just like a password; the BOS Server
+calls a DES conversion function to encode it into a form appropriate for use
+as an encryption key. Omit this argument to have the BOS Server prompt
+for the string instead.
+<P><DT><B><B>-kvno</B>
+</B><DD>Defines the new key's key version number. It must be an
+integer in the range from <B>0</B> (zero) through <B>255</B>.
+For the sake of simplicity, use the number one higher than the current highest
+key version number; use the <B>bos listkeys</B> command to display
+key version numbers.
+<A NAME="IDX4465"></A>
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the strings typed at the <TT>Input key</TT> and <TT>Retype input
+key</TT> prompts do not match, the following message appears, and the command
+exits without adding a new key:
+<PRE> Input key mismatch
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command adds a new server encryption key with key version
+number 14 to the <B>KeyFile</B> file kept on the machine
+<B>fs1.abc.com</B> (the system control machine). The
+issuer omits the <B>-key</B> argument, as recommended, and provides the
+password at the prompts.
+<PRE> % <B>bos addkey -server fs1.abc.com -kvno 14</B>
+ Input key:
+ Retype input key:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<P><A HREF="auarf111.htm#HDRBOS_REMOVEKEY">bos removekey</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf094.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf096.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf095.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf097.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_ADDUSER" HREF="auarf002.htm#ToC_110">bos adduser</A></H2>
+<A NAME="IDX4466"></A>
+<A NAME="IDX4467"></A>
+<A NAME="IDX4468"></A>
+<A NAME="IDX4469"></A>
+<A NAME="IDX4470"></A>
+<A NAME="IDX4471"></A>
+<A NAME="IDX4472"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Adds a privileged user to the <B>/usr/afs/etc/UserList</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos adduser -server</B> <<VAR>machine name</VAR>> <B>-user</B> <<VAR>user names</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos addu -s</B> <<VAR>machine name</VAR>> <B>-u</B> <<VAR>user names</VAR>><SUP>+</SUP>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos adduser</B> command adds each user name specified with the
+<B>-user</B> argument to the <B>/usr/afs/etc/UserList</B> file on the
+machine named by the <B>-server</B> argument. It is the
+issuer's responsibility to verify that an entry for the user exists in
+the Authentication and Protection Databases.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to change the
+<B>/usr/afs/etc/UserList</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is conventional to specify only the system control machine as a value for the
+<B>-server</B> argument. In cells that run the international
+version of AFS, repeat the command for each file server machine. For
+further discussion, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-user</B>
+</B><DD>Specifies each user name to insert into the
+<B>/usr/afs/etc/UserList</B> file.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command adds the user names <B>pat</B> and
+<B>smith</B> to the <B>/usr/afs/etc/UserList</B> file on the machine
+<B>fs1.abc.com</B> (the system control machine).
+<PRE> % <B>bos adduser -server fs1.abc.com -user pat smith</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf108.htm#HDRBOS_LISTUSERS">bos listusers</A>
+<P><A HREF="auarf112.htm#HDRBOS_REMOVEUSER">bos removeuser</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf095.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf097.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf096.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf098.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_APROPOS" HREF="auarf002.htm#ToC_111">bos apropos</A></H2>
+<A NAME="IDX4473"></A>
+<A NAME="IDX4474"></A>
+<A NAME="IDX4475"></A>
+<A NAME="IDX4476"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>bos ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos apropos</B> command displays the first line of the online
+help entry for any <B>bos</B> command that has in its name or short
+description the string specified by the <B>-topic</B> argument.
+<P>To display the syntax for a command, use the <B>bos help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-topic</B>
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>bos</B> command where the string specified with the <B>-topic</B>
+argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>bos</B> commands that include the
+word <B>restart</B> in their names or short descriptions:
+<PRE> % <B>bos apropos restart</B>
+ getrestart: get restart times
+ restart: restart all processes
+ setrestart: set restart times
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf104.htm#HDRBOS_HELP">bos help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf096.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf098.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf097.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf099.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_CREATE" HREF="auarf002.htm#ToC_112">bos create</A></H2>
+<A NAME="IDX4477"></A>
+<A NAME="IDX4478"></A>
+<A NAME="IDX4479"></A>
+<A NAME="IDX4480"></A>
+<A NAME="IDX4481"></A>
+<A NAME="IDX4482"></A>
+<A NAME="IDX4483"></A>
+<A NAME="IDX4484"></A>
+<A NAME="IDX4485"></A>
+<A NAME="IDX4486"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Defines a new process in the <B>/usr/afs/local/BosConfig</B> file and
+starts it running
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos create -server</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>server process name</VAR>>
+ <B>-type</B> <<VAR>server type</VAR>> <B>-cmd</B> <<VAR>command lines</VAR>><SUP>+</SUP>
+ [<B>-notifier</B> <<VAR>Notifier program</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos c -s</B> <<VAR>machine name</VAR>> <B>-i</B> <<VAR>server process name</VAR>> <B>-t</B> <<VAR>server type</VAR>>
+ <B>-cm</B> <<VAR>command lines</VAR>><SUP>+</SUP> [<B>-not</B> <<VAR>Notifier program</VAR>>] [<B>-ce</B> <<VAR>cell name</VAR>>]
+ [<B>-noa</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos create</B> command creates a server process entry in the
+<B>/usr/afs/local/BosConfig</B> file on the server machine named by the
+<B>-server</B> argument, sets the process's status to <B>Run</B>
+in the <B>BosConfig</B> file and in memory, and starts the process.
+<P>A server process's entry in the <B>BosConfig</B> file defines its
+name, its type, the command that initializes it, and optionally, the name of a
+notifier program that runs when the process terminates.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to define and start the new
+process. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names the process to define and start. Any name is acceptable, but
+for the sake of simplicity it is best to use the last element of the
+process's binary file pathname, and to use the same name on every server
+machine. The conventional names, as used in all AFS documentation,
+are:
+<DL>
+<P><DT><B><B>buserver</B>
+</B><DD>The Backup Server process
+<A NAME="IDX4487"></A>
+<A NAME="IDX4488"></A>
+<P><DT><B><B>fs</B>
+</B><DD>The process that combines the File Server, Volume Server, and Salvager
+processes (<B>fileserver</B>, <B>volserver</B>, and
+<B>salvager</B>)
+<A NAME="IDX4489"></A>
+<A NAME="IDX4490"></A>
+<P><DT><B><B>kaserver</B>
+</B><DD>The Authentication Server process
+<A NAME="IDX4491"></A>
+<A NAME="IDX4492"></A>
+<P><DT><B><B>ptserver</B>
+</B><DD>The Protection Server process
+<A NAME="IDX4493"></A>
+<A NAME="IDX4494"></A>
+<P><DT><B><B>runntp</B>
+</B><DD>The controller process for the Network Time Protocol Daemon
+<A NAME="IDX4495"></A>
+<A NAME="IDX4496"></A>
+<P><DT><B><B>upclientbin</B>
+</B><DD>The client portion of the Update Server process that retrieves binary
+files from the <B>/usr/afs/bin</B> directory of the binary distribution
+machine for this machine's CPU/operating system type. (The name of
+the binary is <B>upclient</B>, but the <B>bin</B> suffix distinguishes
+this process from <B>upclientetc</B>.)
+<A NAME="IDX4497"></A>
+<A NAME="IDX4498"></A>
+<P><DT><B><B>upclientetc</B>
+</B><DD>The client portion of the Update Server process that retrieves
+configuration files from the <B>/usr/afs/etc</B> directory of the system
+control machine. Do not run this process in cells that use the
+international edition of AFS. (The name of the binary is
+<B>upclient</B>, but the <B>etc</B> suffix distinguishes this process
+from <B>upclientbin</B>.)
+<P><DT><B><B>upserver</B>
+</B><DD>The server portion of the Update Server process
+<A NAME="IDX4499"></A>
+<A NAME="IDX4500"></A>
+<P><DT><B><B>vlserver</B>
+</B><DD>The Volume Location (VL) Server process
+<A NAME="IDX4501"></A>
+<A NAME="IDX4502"></A>
+</DL>
+<P><DT><B><B>-type</B>
+</B><DD>Specifies the process's type. The acceptable values are:
+<P>
+<DL>
+<P><DT><B><B>cron</B>
+</B><DD>Use this value for cron-type processes that the BOS Server starts only at
+a defined daily or weekly time, rather than whenever it detects that the
+process has terminated. AFS does not define any such processes by
+default, but makes this value available for administrator use. Define
+the time for command execution as part of the <B>-cmd</B> argument to the
+<B>bos create</B> command.
+<P><DT><B><B>fs</B>
+</B><DD>Use this value only for the <B>fs</B> process, which combines the File
+Server, Volume Server and Salvager processes. If one of the component
+processes terminates, the BOS Server shuts down and restarts the processes in
+the appropriate order.
+<P><DT><B><B>simple</B>
+</B><DD>Use this value for all processes listed as acceptable values to the
+<B>-instance</B> argument, except for the <B>fs</B> process.
+There are no interdependencies between simple processes, so the BOS Server can
+stop and start them independently as necessary.
+</DL>
+<P><DT><B><B>-cmd</B>
+</B><DD>Specifies each command the BOS Server runs to start the process.
+Specify no more than six commands (which can include the command's
+options, in which case the entire string is surrounded by double quotes);
+any additional commands are ignored.
+<P>For a simple process, provide the complete pathname of the process's
+binary file on the local disk (for example, <B>/usr/afs/bin/ptserver</B>
+for the Protection Server). If including any of the initialization
+command's options, surround the entire command in double quotes (<B>"
+"</B>). The <B>upclient</B> process has a required argument, and
+the commands for all other processes take optional arguments.
+<A NAME="IDX4503"></A>
+<P>For the <B>fs</B> process, provide the complete pathname of the local
+disk binary file for each of the component processes:
+<B>fileserver</B>, <B>volserver</B>, and <B>salvager</B>, in that
+order. The standard binary directory is <B>/usr/afs/bin</B>.
+If including any of an initialization command's options, surround the
+entire command in double quotes (<B>" "</B>).
+<A NAME="IDX4504"></A>
+<P>For a <B>cron</B> process, provide two parameters:
+<A NAME="IDX4505"></A>
+<UL>
+<P><LI>The complete local disk pathname of either an executable file or a command
+from one of the AFS suites (complete with all of the necessary
+arguments). Surround this parameter with double quotes (<B>" "</B>)
+if it contains spaces.
+<P><LI>A specification of when the BOS Server executes the file or command
+indicated by the first parameter. There are three acceptable
+values:
+<UL>
+<P><LI>The string <B>now</B>, which directs the BOS Server to execute the
+file or command immediately and only once. It is usually simpler to
+issue the command directly or issue the <B>bos exec</B> command.
+<P><LI>A time of day. The BOS Server executes the file or command daily at
+the indicated time. Separate the hours and minutes with a colon
+(<I>hh</I>:<I>MM</I>), and use either 24-hour format, or a value
+in the range from <B>1:00</B> through <B>12:59</B> with
+the addition of <B>am</B> or <B>pm</B>. For example, both
+<B>14:30</B> and <B>"2:30 pm"</B> indicate 2:30 in
+the afternoon. Surround this parameter with double quotes (<B>"
+"</B>) if it contains a space.
+<P><LI>A day of the week and time of day, separated by a space and surrounded
+with double quotes (<B>" "</B>). The BOS Server executes the file
+or command weekly at the indicated day and time. For the day, provide
+either the whole name or the first three letters, all in lowercase letters
+(<B>sunday</B> or <B>sun</B>, <B>thursday</B> or <B>thu</B>,
+and so on). For the time, use the same format as when specifying the
+time alone.
+</UL>
+</UL>
+<P><DT><B><B>-notifier</B>
+</B><DD>Specifies the complete pathname on the local disk of a program that the
+BOS Server invokes when the process terminates. The AFS distribution
+does not include any notifier programs, but this argument is available for
+administrator use. See the <B>Related Information</B>
+section.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command defines and starts the simple process
+<B>kaserver</B> on the machine <B>fs3.abc.com</B>:
+<PRE> % <B>bos create -server fs3.abc.com -instance kaserver -type simple</B> \
+ <B>-cmd /usr/afs/bin/kaserver</B>
+
+</PRE>
+<P>The following command defines and starts the simple process
+<B>upclientbin</B> on the machine
+<B>fs4.abc.com</B>. It references
+<B>fs1.abc.com</B> as the source for updates to binary
+files, checking for changes to the <B>/usr/afs/bin</B> directory every 120
+seconds.
+<PRE> % <B>bos create -server fs4.abc.com -instance upclientbin -type simple</B> \
+ <B>-cmd "/usr/afs/bin/upclient fs1.abc.com -clear -t 120</B> \
+ <B>/usr/afs/bin"</B>
+
+</PRE>
+<P>The following command creates the fs process <B>fs</B> on the machine
+<B>fs4.abc.com</B>. Type the command on a single
+line.
+<PRE> % <B>bos create -server fs4.abc.com -instance fs -type fs</B> \
+ <B>-cmd /usr/afs/bin/fileserver /usr/afs/bin/volserver</B> \
+ <B>/usr/afs/bin/salvager</B>
+
+</PRE>
+<P>The following command creates a <B>cron</B> process called
+<B>userbackup</B> on the machine <B>fs5.abc.com</B>, so
+that the BOS Server issues the indicated <B>vos backupsys</B> command each
+day at 3:00 a.m. (the command creates a backup version of
+every volume in the file system whose name begins with
+<B>user</B>). Note that the issuer provides the complete pathname
+to the <B>vos</B> command, includes the <B>-localauth</B> flag on it,
+and types the entire <B>bos create</B> command on one line.
+<PRE> % <B>bos create -server fs5.abc.com -instance userbackup -type cron</B> \
+ <B>-cmd "/usr/afs/bin/vos backupsys -prefix user -localauth" 03:00</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P>If the <B>-notifier</B> argument is included when this command is used
+to define and start a process, the BOS Server invokes the indicated
+<I>notifier program</I> when the process exits. The intended use of
+a notifier program is to inform administrators when a process exits
+unexpectedly, but it can be used to perform any appropriate actions.
+The following paragraphs describe the <B>bnode</B> and
+<B>bnode_proc</B> structures in which the BOS Server records information
+about the exiting process. The list of AFS commands related to this one
+follows.
+<P>The BOS Server constructs and sends on the standard output stream one
+<B>bnode</B> and one <B>bnode_proc</B> structure for each exiting
+process associated with the notifier program. It brackets each
+structure with appropriate <TT>BEGIN</TT> and <TT>END</TT> statements
+(<TT>BEGIN bnode</TT> and <TT>END bnode</TT>, <TT>BEGIN bnode_proc</TT>
+and <TT>END bnode_proc</TT>), which immediately follow the preceding newline
+character with no intervening spaces or other characters. If the
+notifier program does not need information from a structure, it can scan ahead
+in the input stream for the <TT>END</TT> statement.
+<P>In general, each field in a structure is a string of ASCII text terminated
+by the newline character. The format of the information within a
+structure possibly varies slightly depending on the type of process associated
+with the notifier program.
+<P>The C code for the <B>bnode</B> and <B>bnode_proc</B> structures
+follows. Note that the structures sent by the BOS Server do not
+necessarily include all of the fields described here, because some are used
+only for internal record keeping. The notifier process must robustly
+handle the absence of expected fields, as well as the presence of unexpected
+fields, on the standard input stream.
+<P>For proper performance, the notifier program must continue processing the
+input stream until it detects the end-of-file (EOF). The BOS Server
+closes the standard input file descriptor to the notifier process when it has
+completed delivery of the data, and it is the responsibility of the notifier
+process to terminate properly.
+<P><B>struct bnode contents</B>
+<PRE> struct bnode {
+ struct bnode *next; /* next pointer in top-level's list */
+ char *name; /* instance name */
+ long nextTimeout; /* next time this guy should be awakened */
+ long period; /* period between calls */
+ long rsTime; /* time we started counting restarts */
+ long rsCount; /* count of restarts since rsTime */
+ struct bnode_type *type; /* type object */
+ struct bnode_ops *ops; /* functions implementing bnode class */
+ long procStartTime; /* last time a process was started */
+ long procStarts; /* number of process starts */
+ long lastAnyExit; /* last time a process exited for any reason */
+ long lastErrorExit; /* last time a process exited unexpectedly */
+ long errorCode; /* last exit return code */
+ long errorSignal; /* last proc terminating signal */
+ char *lastErrorName; /* name of proc that failed last */
+ short refCount; /* reference count */
+ short flags; /* random flags */
+ char goal; /* 1=running or 0=not running */
+ char fileGoal; /* same, but to be stored in file */
+};
+
+</PRE>
+<P><B>format of struct bnode explosion</B>
+<PRE> printf("name: %s\n",tp->name);
+ printf("rsTime: %ld\n", tp->rsTime);
+ printf("rsCount: %ld\n", tp->rsCount);
+ printf("procStartTime: %ld\n", tp->procStartTime);
+ printf("procStarts: %ld\n", tp->procStarts);
+ printf("lastAnyExit: %ld\n", tp->lastAnyExit);
+ printf("lastErrorExit: %ld\n", tp->lastErrorExit);
+ printf("errorCode: %ld\n", tp->errorCode);
+ printf("errorSignal: %ld\n", tp->errorSignal);
+ printf("lastErrorName: %s\n", tp->lastErrorName);
+ printf("goal: %d\n", tp->goal);
+
+</PRE>
+<P><B>struct bnode_proc contents</B>
+<PRE> struct bnode_proc {
+ struct bnode_proc *next; /* next guy in top-level's list */
+ struct bnode *bnode; /* bnode creating this process */
+ char *comLine; /* command line used to start this process */
+ char *coreName; /* optional core file component name */
+ long pid; /* pid if created */
+ long lastExit; /* last termination code */
+ long lastSignal; /* last signal that killed this guy */
+ long flags; /* flags giving process state */
+};
+
+</PRE>
+<P><B>format of struct bnode_proc explosion</B>
+<PRE> printf("comLine: %s\n", tp->comLine);
+ printf("coreName: %s\n", tp->coreName);
+ printf("pid: %ld\n", tp->pid);
+ printf("lastExit: %ld\n", tp->lastExit);
+ printf("lastSignal: %ld\n", tp->lastSignal);
+
+</PRE>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<P><A HREF="auarf230.htm#HDRRUNNTP">runntp</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P><A HREF="auarf256.htm#HDRVOS_BACKUPSYS">vos backupsys</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf097.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf099.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf098.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf100.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_DELETE" HREF="auarf002.htm#ToC_113">bos delete</A></H2>
+<A NAME="IDX4506"></A>
+<A NAME="IDX4507"></A>
+<A NAME="IDX4508"></A>
+<A NAME="IDX4509"></A>
+<A NAME="IDX4510"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes a server process from the <B>/usr/afs/local/BosConfig</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos delete -server</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>server process name</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos d -s</B> <<VAR>machine name</VAR>> <B>-i</B> <<VAR>server process name</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos delete</B> command removes the
+<B>/usr/afs/local/BosConfig</B> entry for each process indicated by the
+<B>-instance</B> argument, on the server machine named by the
+<B>-server</B> argument.
+<P>Before issuing this command, issue the <B>bos stop</B> command to stop
+the process and set its status flag in the <B>BosConfig</B> file to
+<TT>NotRun</TT>. The <B>bos delete</B> command fails with an
+error message if a process's status flag is <TT>Run</TT>.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to delete the server process entry
+from the <B>/usr/afs/local/BosConfig</B> file. Identify the machine
+by IP address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process to delete. Use the name assigned with the
+<B>-instance</B> argument to the <B>bos create</B> command;
+process names appear in the output of the <B>bos status</B>
+command.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the <B>buserver</B>, <B>kaserver</B>,
+<B>ptserver</B>, and <B>vlserver</B> entries from the
+<B>BosConfig</B> file on <B>db3.abc.com</B>, a database
+server machine being decommissioned.
+<PRE> % <B>bos delete -server db3.abc.com -instance buserver kaserver ptserver vlserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf098.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf100.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf099.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf101.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_EXEC" HREF="auarf002.htm#ToC_114">bos exec</A></H2>
+<A NAME="IDX4511"></A>
+<A NAME="IDX4512"></A>
+<A NAME="IDX4513"></A>
+<A NAME="IDX4514"></A>
+<A NAME="IDX4515"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Executes a command on a remote server machine
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos exec -server</B> <<VAR>machine name</VAR>> <B>-cmd</B> <<VAR>command to execute</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos e -s</B> <<VAR>machine name</VAR>> <B>-cm</B> <<VAR>command to execute</VAR>> [<B>-ce</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos exec</B> command executes the indicated command on the file
+server machine named by the <B>-server</B> argument. Its intended
+use is to reboot the machine, using the <B>/etc/reboot</B> command or
+equivalent.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to execute the command.
+Identify the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-cmd</B>
+</B><DD>Specifies the complete local disk pathname of the command to execute (for
+example, <B>/etc/reboot</B>). Surround this argument with double
+quotes ("") if the command contains one or more spaces.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command reboots the machine
+<B>fs2.abc.com</B>. The issuer has previously issued
+the <B>bos shutdown</B> command to shutdown all processes cleanly.
+<PRE> % <B>bos exec -server fs2.abc.com -cmd /sbin/shutdown -r now</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf099.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf101.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf100.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf102.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_GETDATE" HREF="auarf002.htm#ToC_115">bos getdate</A></H2>
+<A NAME="IDX4516"></A>
+<A NAME="IDX4517"></A>
+<A NAME="IDX4518"></A>
+<A NAME="IDX4519"></A>
+<A NAME="IDX4520"></A>
+<A NAME="IDX4521"></A>
+<A NAME="IDX4522"></A>
+<A NAME="IDX4523"></A>
+<A NAME="IDX4524"></A>
+<A NAME="IDX4525"></A>
+<A NAME="IDX4526"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the time stamps on an AFS binary file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos getdate -server</B> <<VAR>machine name</VAR>> <B>-file</B> <<VAR>files to check</VAR>><SUP>+</SUP>
+ [<B>-dir</B> <<VAR>destination dir</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos getd -s</B> <<VAR>machine name</VAR>> <B>-f</B> <<VAR>files to check</VAR>><SUP>+</SUP> [<B>-d</B> <<VAR>destination dir</VAR>>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos getdate</B> command displays the time stamps on the current
+version,<TT> .BAK</TT> version (if any) and <TT>.OLD</TT>
+version (if any) of each binary file named by the <B>-file</B>
+argument. (The BOS Server automatically creates <TT>.BAK</TT>
+and <TT>.OLD</TT> versions when new binaries are installed with the
+<B>bos install</B> command.) The files must reside in the
+<B>/usr/afs/bin</B> directory on the server machine named by the
+<B>-server</B> argument unless the <B>-dir</B> argument indicates an
+alternate directory.
+<P>To revert to the <TT>.BAK</TT> version of a binary, use the
+<B>bos uninstall</B> command. To remove obsolete binary files from
+the <B>/usr/afs/bin</B> directory, use the <B>bos prune</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine from which to list binary files.
+Identify the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P>All server machines of the same AFS system type show the same timestamps if
+the binaries were installed properly on the binary distribution machine for
+this machine's system type, and if all other machines of that type are
+running the appropriate <B>upclientbin</B> process.
+<P><DT><B><B>-file</B>
+</B><DD>Names each binary file to list.
+<P><DT><B><B>-dir</B>
+</B><DD>Specifies the complete pathname of the local disk directory containing
+each file named by the <B>-file</B> argument. It is necessary only
+if the files are not in the <B>/usr/afs/bin</B> directory.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>For each file specified with the <B>-file</B> argument, the output
+displays the time stamp on the current (unmarked), <TT>.BAK</TT>, and
+<TT>.OLD</TT> version. The output explicitly reports that a
+version does not exist, rather than simply omitting it.
+<P><STRONG>Examples</STRONG>
+<P>The following command examines the time stamps on the files with basename
+<B>kaserver</B> on the machine <B>fs2.abc.com</B>:
+<PRE> % <B>bos getdate -server fs2.abc.com -file kaserver</B>
+ File /usr/afs/bin/kaserver dated Mon Jan 4 10:00:36 1999.
+ .BAK file dated Wed Dec 9 18:55:04 1998, no .OLD file.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf105.htm#HDRBOS_INSTALL">bos install</A>
+<P><A HREF="auarf109.htm#HDRBOS_PRUNE">bos prune</A>
+<P><A HREF="auarf123.htm#HDRBOS_UNINSTALL">bos uninstall</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf100.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf102.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf101.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf103.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_GETLOG" HREF="auarf002.htm#ToC_116">bos getlog</A></H2>
+<A NAME="IDX4527"></A>
+<A NAME="IDX4528"></A>
+<A NAME="IDX4529"></A>
+<A NAME="IDX4530"></A>
+<A NAME="IDX4531"></A>
+<A NAME="IDX4532"></A>
+<A NAME="IDX4533"></A>
+<A NAME="IDX4534"></A>
+<A NAME="IDX4535"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Prints a server process's log file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos getlog -server</B> <<VAR>machine name</VAR>> <B>-file</B> <<VAR>log file to examine</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos getl -s</B> <<VAR>machine name</VAR>> <B>-f</B> <<VAR>log file to examine</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos getlog</B> command displays on the standard output stream
+the specified log file from the machine named by the <B>-server</B>
+argument. The BOS Server fetches the log file from the
+<B>/usr/afs/logs</B> directory unless an alternate pathname is provided as
+part of the <B>-file</B> argument.
+<P><STRONG>Cautions</STRONG>
+<P>Log files can grow quite large, especially for the database server
+processes. To keep them to a manageable size, periodically either use
+the UNIX <B>rm</B> command to truncate each log file, or use the <B>bos
+restart</B> command to restart each process.
+<P>It can take up to five minutes after the file is removed or process
+restarted for the space occupied by a log file to become available.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine from which to retrieve the log file.
+Identify the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-file</B>
+</B><DD>Names the log file to display. If a filename only is provided, the
+BOS Server fetches the log file from the <B>/usr/afs/logs</B>
+directory; the standard values are:
+<DL>
+<P><DT><B><B>AuthLog</B>
+</B><DD>The Authentication Server (<B>kaserver</B>) log file
+<P><DT><B><B>BackupLog</B>
+</B><DD>The Backup Server (<B>buserver</B>) log file
+<P><DT><B><B>BosLog</B>
+</B><DD>The BOS Server (<B>bosserver</B>) log file
+<P><DT><B><B>FileLog</B>
+</B><DD>The File Server (<B>fileserver</B>) log file
+<P><DT><B><B>SalvageLog</B>
+</B><DD>The Salvager (<B>salvager</B>) log file
+<P><DT><B><B>VLLog</B>
+</B><DD>The Volume Location (VL) Server (<B>vlserver</B>) log file
+<P><DT><B><B>VolserLog</B>
+</B><DD>The Volume Server (<B>volserver</B>) log file
+</DL>
+<P>
+<P>If a pathname and filename are provided, the log file is retrieved from the
+indicated directory. Partial pathnames are interpreted relative to the
+<B>/usr/afs/logs</B> directory.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output is preceded by the line
+<PRE> Fetching log file '<VAR>filename</VAR>'...
+
+</PRE>
+<P>The remainder of the output depends on the particular log file.
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the <B>FileLog</B> file from the machine
+<B>fs3.abc.com</B>:
+<PRE> % <B>bos getlog -server fs3.abc.com -file FileLog</B>
+ Fetching log file 'FileLog'...
+ Sun Nov 8 04:00:34 1998 File server starting
+ Sun Nov 8 04:00:39 1998 Partition /vicepa: attached 21 volumes;
+ 0 volumes not attached
+ Sun Nov 8 04:00:40 1998 File Server started Sun Nov 8 04:00:40
+ 1998
+ Mon Nov 9 21:45:06 1998 CB: RCallBack (zero fid probe in host.c)
+ failed for host 28cf37c0.22811
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf101.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf103.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf102.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf104.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_GETRESTART" HREF="auarf002.htm#ToC_117">bos getrestart</A></H2>
+<A NAME="IDX4536"></A>
+<A NAME="IDX4537"></A>
+<A NAME="IDX4538"></A>
+<A NAME="IDX4539"></A>
+<A NAME="IDX4540"></A>
+<A NAME="IDX4541"></A>
+<A NAME="IDX4542"></A>
+<A NAME="IDX4543"></A>
+<A NAME="IDX4544"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the automatic restart times for server processes
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos getrestart -server</B> <<VAR>machine name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos getr -s</B> <<VAR>machine name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos getrestart</B> command displays two restart times from the
+<B>/usr/afs/local/BosConfig</B> file on the server machine named by the
+<B>-server</B> argument:
+<UL>
+<P><LI>The <I>general restart</I> time at which the BOS Server process
+automatically restarts itself and all processes marked with status
+<TT>Run</TT> in the <B>BosConfig</B> file. The default is Sunday
+at 4:00 a.m.
+<P><LI>The <I>binary restart</I> time at which the BOS Server automatically
+restarts any process for which the time stamp on the binary file in the
+<B>/usr/afs/bin</B> directory is later than the last restart time for the
+process. The default is 5:00 a.m. Use the <B>bos
+getdate</B> command to list a binary file's timestamp, and the
+<B>-long</B> flag to the <B>bos status</B> command to display a
+process's most recent restart time.
+</UL>
+<P>Use the <B>bos setrestart</B> command to set the restart times.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine for which to display the restart
+times. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output consists of two lines:
+<PRE> Server <VAR>machine_name</VAR> restarts at <VAR>time</VAR>
+ Server <VAR>machine_name</VAR> restarts for new binaries at <VAR>time</VAR>
+
+</PRE>
+<P>Possible values for <I>time</I> include:
+<UL>
+<P><LI><TT>never</TT>, indicating that the BOS Server never performs that type
+of restart
+<P><LI><TT>now</TT>, indicating that the BOS Server performs that type of
+restart only each time it restarts
+<P><LI>A specified day and time, indicating that the BOS Server performs that
+type of restart once per week. Example: <TT>sun 4:00
+am</TT>.
+<P><LI>A specified time, indicating that the BOS Server performs that type of
+restart once per day. Examples: <TT>11:00 pm</TT>,
+<TT>3:00 am</TT>.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the restart times for the machine
+<B>db2.abc.com</B>:
+<PRE> % <B>bos getrestart db2.abc.com</B>
+ Server db2.abc.com restarts at sun 4:00 am
+ Server db2.abc.com restarts for new binaries at 2:15 am
+
+</PRE>
+<P>In the following example, the issuer abbreviates the machine name
+<B>fs1.abc.com</B> to <B>fs1</B>, relying on the
+cell's name server to resolve the name. The output echoes the
+abbreviated form.
+<PRE> % <B>bos getrestart fs1</B>
+ Server fs1 restarts at sat 5:00 am
+ Server fs1 restarts for new binaries at 11:30 pm
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf101.htm#HDRBOS_GETDATE">bos getdate</A>
+<P><A HREF="auarf117.htm#HDRBOS_SETRESTART">bos setrestart</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf102.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf104.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf103.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf105.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_HELP" HREF="auarf002.htm#ToC_118">bos help</A></H2>
+<A NAME="IDX4545"></A>
+<A NAME="IDX4546"></A>
+<A NAME="IDX4547"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>bos</B> commands or lists
+functional descriptions of all <B>bos</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>bos h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>bos</B> command.
+<P>To list every <B>bos</B> command whose name or short description
+includes a specified keyword, use the <B>bos apropos</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-topic</B>
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>bos</B> part of the command name, providing only
+the operation code (for example, specify <B>status</B>, not <B>bos
+status</B>). If this argument is omitted, the output briefly
+describes every <B>bos</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>bos</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>bos
+status</B> command:
+<PRE> %<B> bos help status</B>
+ bos status: show server instance status
+ Usage: bos status -server <machine name> [-instance <server
+ process name>+] [-long] [-cell <cell name>] [-noauth]
+ [-localauth] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf097.htm#HDRBOS_APROPOS">bos apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf103.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf105.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf104.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf106.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_INSTALL" HREF="auarf002.htm#ToC_119">bos install</A></H2>
+<A NAME="IDX4548"></A>
+<A NAME="IDX4549"></A>
+<A NAME="IDX4550"></A>
+<A NAME="IDX4551"></A>
+<A NAME="IDX4552"></A>
+<A NAME="IDX4553"></A>
+<A NAME="IDX4554"></A>
+<A NAME="IDX4555"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Installs a new version of a binary file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos install -server</B> <<VAR>machine name</VAR>> <B>-file</B> <<VAR>files to install</VAR>><SUP>+</SUP>
+ [<B>-dir</B> <<VAR>destination dir</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos i -s</B> <<VAR>machine name</VAR>> <B>-f</B> <<VAR>files to install</VAR>><SUP>+</SUP>
+ [<B>-d</B> <<VAR>destination dir</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos install</B> command copies each binary file specified with
+the <B>-file</B> argument to the local disk of the server machine named by
+the <B>-server</B> argument, which is normally the binary distribution
+machine for its CPU/operating system type. The destination directory is
+<B>/usr/afs/bin</B> unless the <B>-dir</B> argument indicates an
+alternate directory. The source file's UNIX mode bits are
+preserved in the transfer.
+<P>If there is already a file of the same name in the destination directory,
+the BOS Server automatically saves it by adding a <TT>.BAK</TT>
+extension. If there is a current <TT>.BAK</TT> version at
+least seven days old, it replaces the current <TT>.OLD</TT>
+version. If there is no current <TT>.OLD</TT> version, the
+current <TT>.BAK</TT> version becomes the <TT>.OLD</TT>
+version automatically. The <B>bos getdate</B> command displays the
+timestamps on the current versions of the file.
+<P>To start using the new binary immediately, issue the <B>bos restart</B>
+command. Otherwise, the BOS Server automatically restarts the process
+at the time defined in the <B>/usr/afs/local/BosConfig</B> file; use
+the <B>bos getrestart</B> command to display the time and the <B>bos
+setrestart</B> time to set it.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the binary distribution machine on which to install the new
+binaries. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P>If the machine is not a binary distribution machine and is running an
+<B>upclientbin</B> process, then the files are overwritten the next time
+the <B>upclientbin</B> process fetches the corresponding file from the
+distribution machine (by default within five minutes).
+<P><DT><B><B>-file</B>
+</B><DD>Specifies the complete pathname of each binary file to copy into the
+destination directory. Each source directory can be on the local disk
+or in AFS, in which case the issuer of the <B>bos install</B> command must
+have the necessary AFS access rights and the local machine must run the Cache
+Manager. For the BOS Server to create <TT>.BAK</TT> and
+<TT>.OLD</TT> versions, the last element in the pathname (the
+filename) must match the name of a file in the destination directory.
+The reference page for the <B>bos create</B> command lists the standard
+binary file names.
+<P><DT><B><B>-dir</B>
+</B><DD>Provides the complete pathname of the local disk directory in which to
+install binary files. It is necessary only if the destination directory
+is not <B>/usr/afs/bin</B>.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command copies the file
+<B>/afs/abc.com/rs_aix42/usr/afs/bin/vlserver</B> to the file
+<B>/usr/afs/bin/vlserver</B> on the machine
+<B>fs3.abc.com</B>, which is the binary distribution machine
+for server machines running AIX 4.2 in the <B>abc.com</B>
+cell. The current version of the <B>/usr/afs/bin/vlserver</B> file
+is moved to <B>/usr/afs/bin/vlserver.BAK</B>.
+<PRE> % <B>bos install -server fs3.abc.com </B> \
+ <B>-file /afs/abc.com/rs_aix42/usr/afs/bin/vlserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf101.htm#HDRBOS_GETDATE">bos getdate</A>
+<P><A HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P><A HREF="auarf117.htm#HDRBOS_SETRESTART">bos setrestart</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf104.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf106.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf105.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf107.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_LISTHOSTS" HREF="auarf002.htm#ToC_120">bos listhosts</A></H2>
+<A NAME="IDX4556"></A>
+<A NAME="IDX4557"></A>
+<A NAME="IDX4558"></A>
+<A NAME="IDX4559"></A>
+<A NAME="IDX4560"></A>
+<A NAME="IDX4561"></A>
+<A NAME="IDX4562"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the contents of the <B>/usr/afs/etc/CellServDB</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos listhosts -server</B> <<VAR>machine name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos listh -s</B> <<VAR>machine name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+
+<B>bos getcell -server</B> <<VAR>machine name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos getc -s</B> <<VAR>machine name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos listhosts</B> command formats and displays the list of a
+cell's database server machines from the
+<B>/usr/afs/etc/CellServDB</B> file on the server machine named by the
+<B>-server</B> argument.
+<P>To alter the list of machines, use the <B>bos addhost</B> and <B>bos
+removehost</B> commands.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine from which to display the
+<B>/usr/afs/etc/CellServDB</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>For consistent performance in the cell, the output must be the same on
+every server machine. The <B>bos addhost</B> reference page
+explains how to keep the machines synchronized.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of the output names the cell to which the server machine
+belongs. Each of the following lines names a database server machine
+for that cell.
+<P>The <TT>Host</TT> number assigned to each database server machine is for
+server-internal use only and is not the same as, nor necessarily related to,
+the machine's IP address. The BOS Server assigned it as part of
+performing the <B>bos addhost</B> command.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the database server machines listed in the
+<B>/usr/afs/etc/CellServDB</B> file on the machine
+<B>fs7.abc.com</B>.
+<PRE> % <B>bos listhosts fs7.abc.com</B>
+ Cell name is abc.com
+ Host 1 is db1.abc.com
+ Host 2 is db2.abc.com
+ Host 3 is db3.abc.com
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf094.htm#HDRBOS_ADDHOST">bos addhost</A>
+<P><A HREF="auarf110.htm#HDRBOS_REMOVEHOST">bos removehost</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf105.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf107.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf106.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf108.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_LISTKEYS" HREF="auarf002.htm#ToC_121">bos listkeys</A></H2>
+<A NAME="IDX4563"></A>
+<A NAME="IDX4564"></A>
+<A NAME="IDX4565"></A>
+<A NAME="IDX4566"></A>
+<A NAME="IDX4567"></A>
+<A NAME="IDX4568"></A>
+<A NAME="IDX4569"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the server encryption keys from the
+<B>/usr/afs/etc/KeyFile</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos listkeys -server</B> <<VAR>machine name</VAR>> [<B>-showkey</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos listk -se</B> <<VAR>machine name</VAR>> [<B>-sh</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos listkeys</B> command formats and displays the list of server
+encryption keys from the <B>/usr/afs/etc/KeyFile</B> file on the server
+machine named by the <B>-server</B> argument.
+<P>To edit the list of keys, use the <B>bos addkey</B> and <B>bos
+removekey</B> commands.
+<P><STRONG>Cautions</STRONG>
+<P>Displaying actual keys on the standard output stream (by including the
+<B>-showkey</B> flag) is a security exposure. Displaying a checksum
+is sufficient for most purposes.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine from which to display the <B>KeyFile</B>
+file. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P>For consistent performance in the cell, the output must be the same on
+every server machine. The <B>bos addkey</B> reference page explains
+how to keep the machines synchronized.
+<P><DT><B><B>-showkey</B>
+</B><DD>Displays the octal digits that constitute each key.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes one line for each server encryption key listed in the
+<B>KeyFile</B> file, identified by its key version number.
+<P>If the <B>-showkey</B> flag is included, the output displays the actual
+string of eight octal numbers that constitute the key. Each octal
+number is a backslash and three decimal digits.
+<P>If the <B>-showkey</B> flag is not included, the output represents each
+key as a checksum, which is a decimal number derived by encrypting a constant
+with the key.
+<P>Following the list of keys or checksums, the string <TT>Keys last
+changed</TT> indicates when a key was last added to the <B>KeyFile</B>
+file. The words <TT>All done</TT> indicate the end of the
+output.
+<P>For mutual authentication to work properly, the output from the command
+<B>kas examine afs</B> must match the key or checksum with the same key
+version number in the output from this command.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the checksums for the keys stored in the
+<B>KeyFile</B> file on the machine
+<B>fs3.abc.com</B>.
+<PRE> % <B>bos listkeys fs3.abc.com</B>
+ key 1 has cksum 972037177
+ key 3 has cksum 2825175022
+ key 4 has cksum 260617746
+ key 6 has cksum 4178774593
+ Keys last changed on Mon Apr 12 11:24:46 1999.
+ All done.
+
+</PRE>
+<P>The following example shows the actual keys from the <B>KeyFile</B>
+file on the machine <B>fs6.abc.com</B>.
+<PRE> % <B>bos listkeys fs6.abc.com -showkey</B>
+ key 0 is '\040\205\211\241\345\002\023\211'
+ key 1 is '\343\315\307\227\255\320\135\244'
+ key 2 is '\310\310\255\253\326\236\261\211'
+ Keys last changed on Wed Mar 31 11:24:46 1999.
+ All done.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf111.htm#HDRBOS_REMOVEKEY">bos removekey</A>
+<P><A HREF="auarf115.htm#HDRBOS_SETAUTH">bos setauth</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf106.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf108.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf107.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf109.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_LISTUSERS" HREF="auarf002.htm#ToC_122">bos listusers</A></H2>
+<A NAME="IDX4570"></A>
+<A NAME="IDX4571"></A>
+<A NAME="IDX4572"></A>
+<A NAME="IDX4573"></A>
+<A NAME="IDX4574"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Lists the privileged users from the <B>/usr/afs/etc/UserList</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos listusers -server</B> <<VAR>machine name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos listu -s</B> <<VAR>machine name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos listusers</B> command lists the user names from the
+<B>/usr/afs/etc/UserList</B> file on the file server machine named by the
+<B>-server</B> argument. The users are authorized to issue
+privileged <B>bos</B> and <B>vos</B> commands.
+<P>To edit the list of users, use the <B>bos adduser</B> and <B>bos
+removeuser</B> commands.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine from which to display the <B>UserList</B>
+file. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P>For consistent performance in the cell, the output must be the same on
+every server machine. The <B>bos adduser</B> reference page
+explains how to keep the machines synchronized.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output lists the user name of each user entitled to issue privileged
+<B>bos</B> and <B>vos</B> commands.
+<P><STRONG>Examples</STRONG>
+<P>The following example lists the users from <B>UserList</B> file on the
+machine <B>fs4.abc.com</B>.
+<PRE> % <B>bos listusers fs4.abc.com</B>
+ SUsers are: pat smith jones terry
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf096.htm#HDRBOS_ADDUSER">bos adduser</A>
+<P><A HREF="auarf112.htm#HDRBOS_REMOVEUSER">bos removeuser</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf107.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf109.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf108.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf110.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_PRUNE" HREF="auarf002.htm#ToC_123">bos prune</A></H2>
+<A NAME="IDX4575"></A>
+<A NAME="IDX4576"></A>
+<A NAME="IDX4577"></A>
+<A NAME="IDX4578"></A>
+<A NAME="IDX4579"></A>
+<A NAME="IDX4580"></A>
+<A NAME="IDX4581"></A>
+<A NAME="IDX4582"></A>
+<A NAME="IDX4583"></A>
+<A NAME="IDX4584"></A>
+<A NAME="IDX4585"></A>
+<A NAME="IDX4586"></A>
+<A NAME="IDX4587"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes obsolete versions of files from the <B>/usr/afs/bin</B> and
+<B>/usr/afs/logs</B> directories
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos prune -server</B> <<VAR>machine name</VAR>> [<B>-bak</B>] [<B>-old</B>] [<B>-core</B>] [<B>-all</B>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos p -s</B> <<VAR>machine name</VAR>> [<B>-b</B>] [<B>-o</B>] [<B>-co</B>] [<B>-a</B>]
+ [<B>-ce</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos prune</B> command removes files from the local disk of the
+server machine named by the <B>-server</B> argument, as specified by one
+or more of the following flags provided on the command line:
+<UL>
+<P><LI>The <B>-bak</B> flag removes all files from the
+<B>/usr/afs/bin</B> directory that have a <TT>.BAK</TT>
+extension.
+<P><LI>The <B>-old</B> flag removes all files from the
+<B>/usr/afs/bin</B> directory that have a <TT>.OLD</TT>
+extension.
+<P><LI>The <B>-core</B> flag removes all files from the
+<B>/usr/afs/logs</B> directory that have a <TT>core.</TT>
+prefix.
+<P><LI>The <B>-all</B> flag removes all three types of files at once.
+</UL>
+<P>(If none of these flags are included, the command appears to succeed, but
+removes no files at all.)
+<P>To display the timestamp on the current, <TT>.BAK</TT>, and
+<TT>.OLD</TT> versions of one or more files, use the <B>bos
+getdate</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine from which to remove files. Identify
+the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-bak</B>
+</B><DD>Removes all files from the <B>/usr/afs/bin</B> directory that have a
+<TT>.BAK</TT> extension. Do not combine this flag and the
+<B>-all</B> flag.
+<P><DT><B><B>-old</B>
+</B><DD>Removes all files from the <B>/usr/afs/bin</B> directory that have a
+<TT>.OLD</TT> extension. Do not combine this flag and the
+<B>-all</B> flag.
+<P><DT><B><B>-core</B>
+</B><DD>Removes all files from the <B>/usr/afs/logs</B> directory that have a
+<TT>core.</TT> prefix. Do not combine this flag and the
+<B>-all</B> flag.
+<P><DT><B><B>-all</B>
+</B><DD>Combines the effect of the <B>-bak</B>, <B>-old</B>, and
+<B>-core</B> flags. Do not combine this flag with any of those
+three.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example removes all files from the <B>/usr/afs/bin</B>
+directory on the machine <B>fs3.abc.com</B> that have a
+<TT>.BAK</TT> or <TT>.OLD</TT> extension.
+<PRE> % <B>bos prune -server fs3.abc.com -bak -old</B>
+
+</PRE>
+<P>The following example removes all files from the <B>/usr/afs/bin</B>
+directory on the machine <B>db2.abc.com</B> that have a
+<TT>.BAK</TT> or <TT>.OLD</TT> extension, and all files from
+the <B>/usr/afs/logs</B> directory that have a <TT>core.</TT>
+prefix.
+<PRE> % <B>bos prune -server db2.abc.com -all</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf101.htm#HDRBOS_GETDATE">bos getdate</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf108.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf110.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf109.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf111.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_REMOVEHOST" HREF="auarf002.htm#ToC_124">bos removehost</A></H2>
+<A NAME="IDX4588"></A>
+<A NAME="IDX4589"></A>
+<A NAME="IDX4590"></A>
+<A NAME="IDX4591"></A>
+<A NAME="IDX4592"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a database server machine from the
+<B>/usr/afs/etc/CellServDB</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos removehost -server</B> <<VAR>machine name</VAR>> <B>-host</B> <<VAR>host name</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos removeh -s</B> <<VAR>machine name</VAR>> <B>-ho</B> <<VAR>host name</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-he</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos removehost</B> command removes the entry for each database
+server machine specified with the <B>-host</B> argument from the
+<B>/usr/afs/etc/CellServDB</B> file on the server machine named by the
+<B>-server</B> argument.
+<P><STRONG>Cautions</STRONG>
+<P>After executing this command (and waiting for the Update Server to
+propagate the changes, if it is used), restart the database server processes
+on all database server machines to force election of a quorum that includes
+the new set of machines listed in the <B>/usr/afs/etc/CellServDB</B>
+file. The <I>IBM AFS Quick Beginnings</I> explains in more detail
+how to add and remove database server machines.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to change the
+<B>/usr/afs/etc/CellServDB</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is conventional to specify only the system control machine as a value for the
+<B>-server</B> argument. In cells that run the international
+version of AFS, repeat the command for each file server machine. For
+further discussion, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-host</B>
+</B><DD>Specifies the fully-qualified host name (such as
+<B>fs2.abc.com</B>) of each database server machine to
+remove from the <B>CellServDB</B> file.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the former database server machine
+<B>db2.abc.com</B> from the <B>CellServDB</B> file on
+the system control machine <B>fs1.abc.com</B>.
+<PRE> % <B>bos removehost -server fs1.abc.com -host db2.abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf094.htm#HDRBOS_ADDHOST">bos addhost</A>
+<P><A HREF="auarf106.htm#HDRBOS_LISTHOSTS">bos listhosts</A>
+<P><I>IBM AFS Quick Beginnings</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf109.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf111.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf110.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf112.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_REMOVEKEY" HREF="auarf002.htm#ToC_125">bos removekey</A></H2>
+<A NAME="IDX4593"></A>
+<A NAME="IDX4594"></A>
+<A NAME="IDX4595"></A>
+<A NAME="IDX4596"></A>
+<A NAME="IDX4597"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a server encryption key from the <B>/usr/afs/etc/KeyFile</B>
+file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos removekey -server</B> <<VAR>machine name</VAR>> <B>-kvno</B> <<VAR>key version number</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos removek -s</B> <<VAR>machine name</VAR>> <B>-k</B> <<VAR>key version number</VAR>><SUP>+</SUP>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos removekey</B> command removes each specified encryption key
+from the <B>/usr/afs/etc/KeyFile</B> file on the machine named by the
+<B>-server</B> argument. Use the <B>-kvno</B> argument to
+identify each key by its key version number; use the <B>bos
+listkeys</B> command to display the key version numbers.
+<P><STRONG>Cautions</STRONG>
+<P>Before removing a obsolete key, verify that the cell's maximum ticket
+lifetime has passed since the current key was defined using the <B>kas
+setpassword</B> and <B>bos addkey</B> commands. This ensures that
+no clients still possess tickets encrypted with the obsolete key.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to change the
+<B>/usr/afs/etc/KeyFile</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is conventional to specify only the system control machine as a value for the
+<B>-server</B> argument. In cells that run the international
+version of AFS, repeat the command for each file server machine. For
+further discussion, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-kvno</B>
+</B><DD>Specifies the key version number of each key to remove.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the keys with key version numbers 5 and 6
+from the <B>KeyFile</B> file on the system control machine
+<B>fs1.abc.com</B>.
+<PRE> % <B>bos removekey -server fs1.abc.com -kvno 5 6</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf110.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf112.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf111.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf113.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_REMOVEUSER" HREF="auarf002.htm#ToC_126">bos removeuser</A></H2>
+<A NAME="IDX4598"></A>
+<A NAME="IDX4599"></A>
+<A NAME="IDX4600"></A>
+<A NAME="IDX4601"></A>
+<A NAME="IDX4602"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a privileged user from the <B>/usr/afs/etc/UserList</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos removeuser -server</B> <<VAR>machine name</VAR>> <B>-user</B> <<VAR>user names</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos removeu -s</B> <<VAR>machine name</VAR>> <B>-u</B> <<VAR>user names</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos removeuser</B> command removes each user name specified with
+the <B>-user</B> argument from the <B>/usr/afs/etc/UserList</B> file
+on the machine named by the <B>-server</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to change the
+<B>/usr/afs/etc/UserList</B> file. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>In cells that run the United States edition of AFS and use the Update
+Server to distribute the contents of the <B>/usr/afs/etc</B> directory, it
+is conventional to specify only the system control machine as a value for the
+<B>-server</B> argument. In cells that run the international
+version of AFS, repeat the command for each file server machine. For
+further discussion, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-user</B>
+</B><DD>Specifies each user name to remove.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example removes the users <B>pat</B> and <B>jones</B>
+from the <B>UserList</B> file on the system control machine
+<B>fs1.abc.com</B>.
+<PRE> % <B>bos removeuser -server fs1.abc.com -user pat jones</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf111.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf113.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf112.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf114.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_RESTART" HREF="auarf002.htm#ToC_127">bos restart</A></H2>
+<A NAME="IDX4603"></A>
+<A NAME="IDX4604"></A>
+<A NAME="IDX4605"></A>
+<A NAME="IDX4606"></A>
+<A NAME="IDX4607"></A>
+<A NAME="IDX4608"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Restarts a server process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos restart -server</B> <<VAR>machine name</VAR>> [<B>-instance</B> <<VAR>instances</VAR>><SUP>+</SUP>] [<B>-bosserver</B>]
+ [<B>-all</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos res -s</B> <<VAR>machine name</VAR>> [<B>-i</B> <<VAR>instances</VAR>><SUP>+</SUP>] [<B>-b</B>] [<B>-a</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos restart</B> command stops and immediately restarts server
+processes on the server machine named by the <B>-server</B>
+argument. Indicate which process or processes to restart by providing
+one of the following arguments:
+<UL>
+<P><LI>The <B>-instance</B> argument names each AFS server process to stop
+and restart immediately, regardless of its status flag in the
+<B>/usr/afs/local/BosConfig</B> file. Do not include
+<B>bosserver</B> in the list of processes; use the
+<B>-bosserver</B> flag instead.
+<P><LI>The <B>-bosserver</B> flag stops all AFS server processes running on
+the machine, including the BOS Server. A new BOS Server starts
+immediately, and it starts a new instance of each process that is marked with
+the <TT>Run</TT> status flag in the <B>BosConfig</B> file.
+<P><LI>The <B>-all</B> flag stops all AFS server processes running on the
+machine, except the BOS Server, and immediately restarts the processes that
+are marked with the <TT>Run</TT> status flag in the <B>BosConfig</B>
+file.
+</UL>
+<P>This command does not change a process's status flag in the
+<B>BosConfig</B> file.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to restart each process.
+Identify the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process to stop and then restart immediately regardless of its
+status flag setting. Use the process name assigned with the
+<B>-instance</B> argument to the <B>bos create</B> command. The
+output from the <B>bos status</B> command lists the names. Provide
+this flag or one of the <B>-bosserver</B> or <B>-all</B> options, but
+do not combine them.
+<P><DT><B><B>-bosserver</B>
+</B><DD>Stops all AFS server processes running on the machine, including the BOS
+Server. A new BOS Server instance immediately starts, and starts all
+processes marked with the <TT>Run</TT> status flag in the
+<B>BosConfig</B> file. Provide this flag or one of the
+<B>-instance</B> or <B>-all</B> options, but do not combine
+them.
+<P><DT><B><B>-all</B>
+</B><DD>Stops all AFS server processes running on the machine other than the BOS
+Server, and immediately restarts the processes marked with the <B>Run</B>
+status flag in the <B>BosConfig</B> file. Provide this flag or one
+of the <B>-instance</B> or <B>-bosserver</B> options, but do not
+combine them.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command stops and restarts all processes running on the
+machine <B>fs3.abc.com</B>, including the BOS Server.
+<PRE> % <B>bos restart -server fs3.abc.com -bosserver</B>
+
+</PRE>
+<P>The following command stops and restarts all processes running on the
+machine <B>fs5.abc.com</B>, excluding the BOS Server.
+<PRE> % <B>bos restart -server fs5.abc.com -all</B>
+
+</PRE>
+<P>The following command stops and restarts the Protection Server and Volume
+Location (VL) Server processes on the machine
+<B>db3.abc.com</B>:
+<PRE> % <B>bos restart -server db3.abc.com -instance ptserver vlserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf112.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf114.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf113.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf115.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_SALVAGE" HREF="auarf002.htm#ToC_128">bos salvage</A></H2>
+<A NAME="IDX4609"></A>
+<A NAME="IDX4610"></A>
+<A NAME="IDX4611"></A>
+<A NAME="IDX4612"></A>
+<A NAME="IDX4613"></A>
+<A NAME="IDX4614"></A>
+<A NAME="IDX4615"></A>
+<A NAME="IDX4616"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Restores internal consistency to a file system or volume
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos salvage -server</B> <<VAR>machine name</VAR>> [<B>-partition</B> <<VAR>salvage partition</VAR>>]
+ [<B>-volume</B> <<VAR>salvage volume number or volume name</VAR>>]
+ [<B>-file</B> <<VAR>salvage log output file</VAR>>] [<B>-all</B>] [<B>-showlog</B>]
+ [<B>-parallel</B> <<VAR># of max parallel partition salvaging</VAR>>]
+ [<B>-tmpdir</B> <<VAR>directory to place tmp files</VAR>>]
+ [<B>-orphans</B> <<B>ignore</B> | <B>remove</B> | <B>attach</B>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos sa -se</B> <<VAR>machine name</VAR>> [<B>-part</B> <<VAR>salvage partition</VAR>>]
+ [<B>-v</B> <<VAR>salvage volume number or volume name</VAR>>]
+ [<B>-f</B> <<VAR>salvage log output file</VAR>>] [<B>-a</B>] [<B>-sh</B>]
+ [<B>-para</B> <<VAR># of max parallel partition salvaging</VAR>>]
+ [<B>-t</B> <<VAR>directory to place tmp files</VAR>>]
+ [<B>-o</B> <<B>ignore</B> | <B>remove</B> | <B>attach</B>>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos salvage</B> command salvages (restores internal consistency
+to) one or more volumes on the file server machine named by the
+<B>-server</B> argument. When processing one or more partitions,
+the command restores consistency to corrupted read/write volumes where
+possible. For read-only or backup volumes, it inspects only the volume
+header:
+<UL>
+<P><LI>If the volume header is corrupted, the Salvager removes the volume
+completely and records the removal in its log file,
+<B>/usr/afs/logs/SalvageLog</B>. Issue the <B>vos release</B>
+or <B>vos backup</B> command to create the read-only or backup volume
+again.
+<P><LI>If the volume header is intact, the Salvager skips the volume (does not
+check for corruption in the contents). However, if the File Server
+notices corruption as it initializes, it sometimes refuses to attach the
+volume or bring it online. In this case, it is simplest to remove the
+volume by issuing the <B>vos remove</B> or <B>vos zap</B>
+command. Then issue the <B>vos release</B> or <B>vos backup</B>
+command to create it again.
+</UL>
+<P>Use the indicated arguments to salvage a specific number of volumes:
+<UL>
+<P><LI>To process all volumes on a file server machine, provide the
+<B>-server</B> argument and the <B>-all</B> flag. No volumes on
+the machine are accessible to Cache Managers during the salvage operation,
+because the BOS Server stops the File Server and Volume Server processes while
+the Salvager runs. The BOS Server automatically restarts them when the
+operation completes.
+<P><LI>To process all volumes on one partition, provide the <B>-server</B>
+and <B>-partition</B> arguments. As for a salvage of the entire
+machine, no volumes on the machine are accessible to Cache Managers during the
+salvage operation. The BOS Server automatically restarts the File
+Server and Volume Server when the operation completes.
+<P><LI>To salvage only one read/write volume, combine the <B>-server</B>,
+<B>-partition</B>, and <B>-volume</B> arguments. Only that
+volume is inaccessible to Cache Managers, because the BOS Server does not
+shutdown the File Server and Volume Server processes during the salvage of a
+single volume. Do not name a read-only or backup volume with the
+<B>-volume</B> argument. Instead, remove the volume, using the
+<B>vos remove</B> or <B>vos zap</B> command. Then create a new
+copy of the volume with the <B>vos release</B> or <B>vos backup</B>
+command.
+</UL>
+<P>During the salvage of an entire machine or partition, the <B>bos
+status</B> command reports the <B>fs</B> process's auxiliary status
+as <TT>Salvaging file system</TT>.
+<P>The Salvager always writes a trace to the
+<B>/usr/afs/logs/SalvageLog</B> file on the file server machine where it
+runs. To record the trace in another file as well (either in AFS or on
+the local disk of the machine where the <B>bos salvage</B> command is
+issued), name the file with the <B>-file</B> argument. To display
+the trace on the standard output stream as it is written to the
+<B>/usr/afs/logs/SalvageLog</B> file, include the <B>-showlog</B>
+flag.
+<P>By default, multiple Salvager subprocesses run in parallel: one for
+each partition up to four, and four subprocesses for four or more
+partitions. To increase or decrease the number of subprocesses running
+in parallel, provide a positive integer value for the <B>-parallel</B>
+argument.
+<P>If there is more than one server partition on a physical disk, the Salvager
+by default salvages them serially to avoid the inefficiency of constantly
+moving the disk head from one partition to another. However, this
+strategy is often not ideal if the partitions are configured as logical
+volumes that span multiple disks. To force the Salvager to salvage
+logical volumes in parallel, provide the string <B>all</B> as the value
+for the <B>-parallel</B> argument. Provide a positive integer to
+specify the number of subprocesses to run in parallel (for example,
+<B>-parallel 5all</B> for five subprocesses), or omit the integer to run
+up to four subprocesses, depending on the number of logical volumes being
+salvaged.
+<P>The Salvager creates temporary files as it runs, by default writing them to
+the partition it is salvaging. The number of files can be quite large,
+and if the partition is too full to accommodate them, the Salvager terminates
+without completing the salvage operation (it always removes the temporary
+files before exiting). Other Salvager subprocesses running at the same
+time continue until they finish salvaging all other partitions where there is
+enough disk space for temporary files. To complete the interrupted
+salvage, reissue the command against the appropriate partitions, adding the
+<B>-tmpdir</B> argument to redirect the temporary files to a local disk
+directory that has enough space.
+<P>The <B>-orphans</B> argument controls how the Salvager handles orphaned
+files and directories that it finds on server partitions it is
+salvaging. An <I>orphaned</I> element is completely inaccessible
+because it is not referenced by the vnode of any directory that can act as its
+parent (is higher in the filespace). Orphaned objects occupy space on
+the server partition, but do not count against the volume's quota.
+<P><STRONG>Cautions</STRONG>
+<P>Running this command can result in data loss if the Salvager process can
+repair corruption only by removing the offending data. Consult the
+<I>IBM AFS Administration Guide</I> for more information.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Indicates the file server machine on which to salvage volumes.
+Identify the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Specifies a single partition on which to salvage all volumes.
+Provide the complete partition name (for example <B>/vicepa</B>) or one of
+the following abbreviated forms:
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P><DT><B>-volume
+</B><DD>Specifies the name or volume ID number of a read/write volume to
+salvage. The <B>-partition</B> argument must be provided along with
+this one.
+<P><DT><B>-file
+</B><DD>Specifies the complete pathname of a file into which to write a trace of
+the salvage operation, in addition to the <B>/usr/afs/logs/SalvageLog</B>
+file on the server machine. If the file pathname is local, the trace is
+written to the specified file on the local disk of the machine where the
+<B>bos salvage</B> command is issued. If the <B>-volume</B>
+argument is included, the file can be in AFS, though not in the volume being
+salvaged. Do not combine this argument with the <B>-showlog</B>
+flag.
+<P><DT><B>-all
+</B><DD>Salvages all volumes on all of the partitions on the machine named by the
+<B>-server</B> argument.
+<P><DT><B>-showlog
+</B><DD>Displays the trace of the salvage operation on the standard output stream,
+as well as writing it to the <B>/usr/afs/logs/SalvageLog</B> file.
+Do not combine this flag with the <B>-file</B> argument.
+<P><DT><B>-parallel
+</B><DD>Specifies the maximum number of Salvager subprocesses to run in
+parallel. Provide one of three values:
+<UL>
+<P><LI>An integer from the range <B>1</B> to <B>32</B>. A value of
+<B>1</B> means that a single Salvager process salvages the partitions
+sequentially.
+<P><LI>The string <B>all</B> to run up to four Salvager subprocesses in
+parallel on partitions formatted as logical volumes that span multiple
+physical disks. Use this value only with such logical volumes.
+<P><LI>The string <B>all</B> followed immediately (with no intervening space)
+by an integer from the range <B>1</B> to <B>32</B>, to run the
+specified number of Salvager subprocesses in parallel on partitions formatted
+as logical volumes. Use this value only with such logical
+volumes.
+</UL>
+<P>The BOS Server never starts more Salvager subprocesses than there are
+partitions, and always starts only one process to salvage a single
+volume. If this argument is omitted, up to four Salvager subprocesses
+run in parallel.
+<P><DT><B>-tmpdir
+</B><DD>Specifies the full pathname of a local disk directory to which the
+Salvager process writes temporary files as it runs. If this argument is
+omitted, or specifies an ineligible or nonexistent directory, the Salvager
+process writes the files to the partition it is currently salvaging.
+<P><DT><B>-orphans
+</B><DD>Controls how the Salvager handles orphaned files and directories.
+Choose one of the following three values:
+<DL>
+<P><DT><B>ignore
+</B><DD>Leaves the orphaned objects on the disk, but prints a message to the
+<B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were found
+and the approximate number of kilobytes they are consuming. This is the
+default if the <B>-orphans</B> argument is omitted.
+<P><DT><B>remove
+</B><DD>Removes the orphaned objects, and prints a message to the
+<B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were
+removed and the approximate number of kilobytes they were consuming.
+<P><DT><B>attach
+</B><DD>Attaches the orphaned objects by creating a reference to them in the vnode
+of the volume's root directory. Since each object's actual
+name is now lost, the Salvager assigns each one a name of the following
+form:
+<DL>
+<DD><P><B>_ _ORPHANFILE_ _.</B><VAR>index</VAR> for files
+<DD><P><B>_ _ORPHANDIR_ _.</B><VAR>index</VAR> for directories
+</DL>
+<P>
+<P>where <VAR>index</VAR> is a two-digit number that uniquely identifies each
+object. The orphans are charged against the volume's quota and
+appear in the output of the <B>ls</B> command issued against the
+volume's root directory.
+</DL>
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command salvages all volumes on the <B>/vicepd</B>
+partition of the machine <B>db3.abc.com</B>:
+<PRE> % <B>bos salvage -server db3.abc.com -partition /vicepd</B>
+
+</PRE>
+<P>The following command salvages the volume with volume ID number 536870988
+on partition <B>/vicepb</B> of the machine
+<B>fs2.abc.com</B>:
+<PRE> % <B>bos salvage -server fs2.abc.com -partition /vicepb -volume 536870988</B>
+
+</PRE>
+<P>The following command salvages all volumes on the machine
+<B>fs4.abc.com</B>. Six Salvager processes run in
+parallel rather than the default four.
+<PRE> % <B>bos salvage -server fs4.abc.com -all -parallel 6</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf030.htm#HDRSALVAGELOG">SalvageLog</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<P><A HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P><A HREF="auarf280.htm#HDRVOS_ZAP">vos zap</A>
+<P><I>IBM AFS Administration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf113.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf115.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf114.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf116.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_SETAUTH" HREF="auarf002.htm#ToC_129">bos setauth</A></H2>
+<A NAME="IDX4617"></A>
+<A NAME="IDX4618"></A>
+<A NAME="IDX4619"></A>
+<A NAME="IDX4620"></A>
+<A NAME="IDX4621"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets authorization checking requirements for all server processes
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos setauth -server</B> <<VAR>machine name</VAR>>
+ <B>-authrequired</B> <<VAR>on or off: authentication required for admin requests</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos seta -s</B> <<VAR>machine name</VAR>>
+ <B>-a</B> <<VAR>on or off: authentication required for admin requests</VAR>>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos setauth</B> command enables or disables authorization
+checking on the server machine named by the <B>-server</B>
+argument. When authorization checking is enabled (the normal case), the
+AFS server processes running on the machine verify that the issuer of a
+command meets its privilege requirements. When authorization checking
+is disabled, server processes perform any action for anyone, including the
+unprivileged user <B>anonymous</B>; this security exposure precludes
+disabling of authorization checking except during installation or
+emergencies.
+<P>To indicate to the server processes that authorization checking is
+disabled, the BOS Server creates the zero-length file
+<B>/usr/afs/local/NoAuth</B> on its local disk. All AFS server
+processes constantly monitor for the <B>NoAuth</B> file's presence
+and do not check for authorization when it is present. The BOS Server
+removes the file when this command is used to reenable authorization
+checking.
+<P><STRONG>Cautions</STRONG>
+<P>Do not create the <B>NoAuth</B> file directly, except when directed by
+instructions for dealing with emergencies (doing so requires being logged in
+as the local superuser <B>root</B>). Use this command
+instead.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to enable or disable authorization
+checking. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P><DT><B><B>-authrequired</B>
+</B><DD>Enables authorization checking if the value is <B>on</B>, or disables
+it if the value is <B>off</B>.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example disables authorization checking on the machine
+<B>fs7.abc.com</B>:
+<PRE> % <B>bos setauth -server fs7.abc.com -authrequired off</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf028.htm#HDRNOAUTH">NoAuth</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf114.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf116.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf115.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf117.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_SETCELLNAME" HREF="auarf002.htm#ToC_130">bos setcellname</A></H2>
+<A NAME="IDX4622"></A>
+<A NAME="IDX4623"></A>
+<A NAME="IDX4624"></A>
+<A NAME="IDX4625"></A>
+<A NAME="IDX4626"></A>
+<A NAME="IDX4627"></A>
+<A NAME="IDX4628"></A>
+<A NAME="IDX4629"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the cell's name in the <B>/usr/afs/etc/ThisCell</B> and
+<B>/usr/afs/etc/CellServDB</B> files
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos setcellname -server</B> <<VAR>machine name</VAR>> <B>-name</B> <<VAR>cell name</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos setc -s</B> <<VAR>machine name</VAR>> <B>-n</B> <<VAR>cell name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos setcellname</B> command establishes the cell's name and
+makes the server machine named by the <B>-server</B> argument a member of
+it, by recording the value of the <B>-name</B> argument in two files which
+it creates on the local disk:
+<UL>
+<P><LI><B>/usr/afs/etc/ThisCell</B>
+<P><LI><B>/usr/afs/etc/CellServDB</B>. The cell name appears on the
+first line in the file, preceded by the required <TT>></TT> symbol.
+The machine name specified with the <B>-server</B> argument appears on the
+second line along with its IP address as obtained from the cell's naming
+service. The machine is thus designated as the cell's first
+database server machine.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>Issue this command only when the installing the cell's first AFS
+server machine. The <I>IBM AFS Quick Beginnings</I> explains how to
+copy over the <B>ThisCell</B> and <B>CellServDB</B> files from this or
+another appropriate machine during installation of additional server
+machines.
+<P>Be sure to choose a satisfactory cell name when issuing this command,
+because changing a cell's name is very complicated; for one thing,
+it requires changing every password in the Authentication Database.
+Consult the <I>IBM AFS Administration Guide</I> for advice on choosing a
+cell name. If changing the cell's name is absolutely necessary,
+contact AFS Product Support for complete instructions.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to set the cell name in the
+<B>ThisCell</B> and <B>CellServDB</B> file. It is always the
+first machine installed in a cell. Identify the machine by IP address
+or its host name (either fully-qualified or abbreviated unambiguously).
+For details, see the introductory reference page for the <B>bos</B>
+command suite.
+<P><DT><B><B>-name</B>
+</B><DD>Defines the cell name, using standard Internet domain name format (the
+actual domain name is usually appropriate). Examples are
+<B>abc.com</B> for the ABC Corporation and
+<B>stateu.edu</B> for the State University. It must match
+the value of the <B>-cell</B> argument, if that is provided.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command defines the cell name <B>abc.com</B> in
+the <B>ThisCell</B> and <B>CellServDB</B> files on the machine
+<B>fs1.abc.com</B> as it is installed as the cell's
+first server machine.
+<PRE> % <B>bos setcellname -server fs1.abc.com -name abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>Authorization checking is normally turned off during installation, which is
+the only recommended time to use this command; in this case no privilege
+is required. If authorization checking is turned on, the issuer must be
+listed in the <B>/usr/afs/etc/UserList</B> file on the machine named by
+the <B>-server</B> argument, or must be logged in as the local superuser
+<B>root</B> if the <B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf033.htm#HDRSV_THISCELL">ThisCell (server version)</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><I>IBM AFS Quick Beginnings</I>
+<P><I>IBM AFS Administration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf115.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf117.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf116.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf118.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_SETRESTART" HREF="auarf002.htm#ToC_131">bos setrestart</A></H2>
+<A NAME="IDX4630"></A>
+<A NAME="IDX4631"></A>
+<A NAME="IDX4632"></A>
+<A NAME="IDX4633"></A>
+<A NAME="IDX4634"></A>
+<A NAME="IDX4635"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the date and time at which the BOS Server restarts processes
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos setrestart -server</B> <<VAR>machine name</VAR>> <B>-time</B> <<VAR>time to restart server</VAR>>
+ [<B>-general</B>] [<B>-newbinary</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos setr -s</B> <<VAR>machine name</VAR>> <B>-t</B> <<VAR>time to restart server</VAR>> [<B>-g</B>] [<B>-ne</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos setrestart</B> command records in the
+<B>/usr/afs/local/BosConfig</B> file the times at which the BOS Server
+running on the server machine named by the <B>-server</B> argument
+performs two types of restarts:
+<UL>
+<P><LI>A <I>general restart</I>. By default, once per week the BOS
+Server restarts itself and then any AFS process marked with the <TT>Run</TT>
+status flag in the <B>BosConfig</B> file (equivalent in effect to issuing
+the <B>bos restart</B> command with the <B>-bosserver</B>
+flag). The default setting is 4:00 a.m. each Sunday
+morning.
+<P><LI>A <I>binary restart</I>. By default, once per day the BOS
+Server restarts any currently running process for which the timestamp on the
+binary file in the <B>/usr/afs/bin</B> directory is later than the time
+the process last started or restarted. The default is 5:00
+a.m. each day.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>Restarting a process makes it unavailable for a period of time. The
+<B>fs</B> process has potentially the longest outage, depending on how
+many volumes the file server machine houses (the File Server and Volume Server
+reattach each volume when they restart). The default settings are
+designed to coincide with periods of low usage, so that the restarts disturb
+the smallest possible number of users.
+<P>If the setting specified with the <B>-time</B> argument is within one
+hour of the current time, the BOS Server does not restart any processes until
+the next applicable opportunity (the next day for binary restarts, or the next
+week for general restarts).
+<P>The command changes only one type of restart setting at a time; issue
+the command twice to change both settings.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Indicates the server machine on which to set a new restart time.
+Identify the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B>-time
+</B><DD>Specifies the restart time. By convention the general restart is
+defined as weekly (specifies both a day and a time), and the binary restart is
+defined as daily (specifies only a time). However, it is acceptable to
+define a daily general restart or weekly binary restart.
+<P>There are four acceptable values for either type of restart setting:
+<UL>
+<P><LI>The string <B>never</B>, which directs the BOS Server never to perform
+the indicated type of restart.
+<P><LI>The string <B>now</B>, which directs the BOS Server to perform the
+restart immediately and never again.
+<P><LI>A time of day (the conventional type of value for the binary restart
+time). Separate the hours and minutes with a colon
+(<I>hh</I>:<I>MM</I>), and use either 24-hour format, or a value
+in the range from <B>1:00</B> through <B>12:59</B> with
+the addition of <B>am</B> or <B>pm</B>. For example, both
+<B>14:30</B> and <B>"2:30 pm"</B> indicate 2:30 in
+the afternoon. Surround this parameter with double quotes (<B>"
+"</B>) if it contains a space.
+<P><LI>A day of the week and time of day, separated by a space and surrounded
+with double quotes (<B>" "</B>). This is the conventional type of
+value for the general restart. For the day, provide either the whole
+name or the first three letters, all in lowercase letters (<B>sunday</B>
+or <B>sun</B>, <B>thursday</B> or <B>thu</B>, and so on).
+For the time, use the same format as when specifying the time alone.
+</UL>
+<P>If desired, precede a time or day and time definition with the string
+<B>every</B> or <B>at</B>. These words do not change the
+meaning, but possibly make the output of the <B>bos getrestart</B> command
+easier to understand.
+<P><DT><B><B>-general</B>
+</B><DD>Sets the general restart time.
+<P><DT><B><B>-newbinary</B>
+</B><DD>Sets the binary restart time.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command sets the general restart time on the machine
+<B>fs4.abc.com</B> to Saturday at 3:30 am.
+<PRE> % <B>bos setrestart -server fs4.abc.com -time "sat 3:30" -general</B>
+
+</PRE>
+<P>The following command sets the binary restart time on the machine
+<B>fs6.abc.com</B> to 11:45 pm.
+<PRE> % <B>bos setrestart -server fs6.abc.com -time 23:45 -newbinary</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf116.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf118.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf117.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf119.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_SHUTDOWN" HREF="auarf002.htm#ToC_132">bos shutdown</A></H2>
+<A NAME="IDX4636"></A>
+<A NAME="IDX4637"></A>
+<A NAME="IDX4638"></A>
+<A NAME="IDX4639"></A>
+<A NAME="IDX4640"></A>
+<A NAME="IDX4641"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Stops a process without changing its status flag in the
+<B>/usr/afs/local/BosConfig</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos shutdown -server</B> <<VAR>machine name</VAR>> [<B>-instance</B> <<VAR>instances</VAR>><SUP>+</SUP>] [<B>-wait</B>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos sh -s</B> <<VAR>machine name</VAR>> [<B>-i</B> <<VAR>instances</VAR>><SUP>+</SUP>] [<B>-w</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos shutdown</B> command stops, on the server machine named by
+the <B>-server</B> argument, either
+<UL>
+<P><LI>All of the currently running AFS server processes, except the BOS Server
+<P><LI>Only the processes specified by the <B>-instance</B> argument
+</UL>
+<P>This command does not change a process's status flag in the
+<B>/usr/afs/local/BosConfig</B> file, but only in the BOS Server's
+memory. To stop a process and change its <B>BosConfig</B> status
+flag, use the <B>bos stop</B> command instead.
+<P>Once stopped with this command, a process does not run again until an
+administrator starts it by using the <B>bos start</B>, <B>bos
+startup</B>, or <B>bos restart</B> command, or until the BOS Server
+restarts (assuming that the process's <B>BosConfig</B> status flag is
+<TT>Run</TT>).
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to stop processes. Identify
+the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process to stop. Use the process name assigned with the
+<B>-instance</B> argument to the <B>bos create</B> command. The
+output from the <B>bos status</B> command lists the names. Omit
+this argument to stop all processes other than the BOS Server.
+<P><DT><B><B>-wait</B>
+</B><DD>Delays the return of the command shell prompt until all processes actually
+stop. If this argument is omitted, the prompt returns almost
+immediately even if all processes are not stopped.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command stops all processes other than the BOS Server on the
+machine <B>fs3.abc.com</B>.
+<PRE> % <B>bos shutdown fs3.abc.com</B>
+
+</PRE>
+<P>The following command stops the <B>upserver</B> process (server portion
+of the Update Server) on the machine
+<B>fs5.abc.com</B>.
+<PRE> % <B>bos shutdown -server fs5.abc.com -instance upserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P><A HREF="auarf119.htm#HDRBOS_START">bos start</A>
+<P><A HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf117.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf119.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf118.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf120.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_START" HREF="auarf002.htm#ToC_133">bos start</A></H2>
+<A NAME="IDX4642"></A>
+<A NAME="IDX4643"></A>
+<A NAME="IDX4644"></A>
+<A NAME="IDX4645"></A>
+<A NAME="IDX4646"></A>
+<A NAME="IDX4647"></A>
+<A NAME="IDX4648"></A>
+<A NAME="IDX4649"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Starts a process after setting its status flag in the
+<B>/usr/afs/local/BosConfig</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos start -server</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>server process name</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos start -s</B> <<VAR>machine name</VAR>> <B>-i</B> <<VAR>server process name</VAR>><SUP>+</SUP>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos start</B> command sets the status flag for each process
+specified by the <B>-instance</B> argument to <TT>Run</TT> in the
+<B>/usr/afs/local/BosConfig</B> file and in the BOS Server's memory
+on the server machine named by the <B>-server</B> argument, then starts
+it. If the process is already running, the command's only effect
+is to guarantee that the status flag is <TT>Run</TT>; it does not
+restart the process.
+<P>To start a process without changing its status flag in the
+<B>BosConfig</B> file, use the <B>bos startup</B> command
+instead.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to start processes. Identify
+the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process to start. Use the process name assigned with the
+<B>-instance</B> argument to the <B>bos create</B> command. The
+output from the <B>bos status</B> command lists the names.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command changes the status flag for the
+<B>upclientbin</B> and <B>upclientetc</B> processes to <TT>Run</TT>
+in the <B>BosConfig</B> file on the machine
+<B>fs6.abc.com</B> and starts them running.
+<PRE> % <B>bos start -server fs6.abc.com -instance upclientbin upclientetc</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf118.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf120.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf119.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf121.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_STARTUP" HREF="auarf002.htm#ToC_134">bos startup</A></H2>
+<A NAME="IDX4650"></A>
+<A NAME="IDX4651"></A>
+<A NAME="IDX4652"></A>
+<A NAME="IDX4653"></A>
+<A NAME="IDX4654"></A>
+<A NAME="IDX4655"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Starts a process without changing its status flag in the
+<B>/usr/afs/local/BosConfig</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos startup -server</B> <<VAR>machine name</VAR>> [<B>-instance</B> <<VAR>instances</VAR>><SUP>+</SUP>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos startu -s</B> <<VAR>machine name</VAR>> [<B>-i</B> <<VAR>instances</VAR>><SUP>+</SUP>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos startup</B> command starts, on the server machine named by
+the <B>-server</B> argument, either
+<UL>
+<P><LI>All AFS server processes not currently running but marked with the
+<TT>Run</TT> status flag in the <B>/usr/afs/local/BosConfig</B> file
+<P><LI>Each process specified by <B>-instance</B> argument, even if its
+status flag in the <B>BosConfig</B> file is <TT>NotRun</TT>.
+</UL>
+<P>To start a process and set its <B>BosConfig</B> status flag to
+<TT>Run</TT>, use the <B>bos start</B> command instead.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to start processes. Identify
+the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process to start. Use the process name assigned with the
+<B>-instance</B> argument to the <B>bos create</B> command. The
+output from the <B>bos status</B> command lists the names.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command starts all processes marked with status flag
+<TT>Run</TT> in the <B>BosConfig</B> file on the machine
+<B>fs3.abc.com</B> that are not currently running.
+<PRE> % <B>bos startup fs3.abc.com</B>
+
+</PRE>
+<P>The following command starts the <B>buserver</B>, <B>kaserver</B>,
+<B>ptserver</B>, and <B>vlserver</B> processes running on the machine
+<B>db2.abc.com</B>, even if their status flags in the
+<B>BosConfig</B> file are <TT>NotRun</TT>.
+<PRE> %<B> bos startup -server db2.abc.com -instance buserver kaserver ptserver vlserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf119.htm#HDRBOS_START">bos start</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf119.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf121.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf120.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf122.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_STATUS" HREF="auarf002.htm#ToC_135">bos status</A></H2>
+<A NAME="IDX4656"></A>
+<A NAME="IDX4657"></A>
+<A NAME="IDX4658"></A>
+<A NAME="IDX4659"></A>
+<A NAME="IDX4660"></A>
+<A NAME="IDX4661"></A>
+<A NAME="IDX4662"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the status of server processes
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos status -server</B> <<VAR>machine name</VAR>> [<B>-instance</B> <<VAR>server process name</VAR>><SUP>+</SUP>]
+ [<B>-long</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos stat -s</B> <<VAR>machine name</VAR>> [<B>-i</B> <<VAR>server process name</VAR>><SUP>+</SUP>]
+ [<B>-lon</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-loc</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos status</B> command reports the status of processes on the
+server machine named by the <B>-server</B> argument, either
+<UL>
+<P><LI>All of the AFS server processes listed in the
+<B>/usr/afs/local/BosConfig</B> file
+<P><LI>Only these processes named by the <B>-instance</B> argument
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine for which to report server process
+status. Identify the machine by IP address or its host name (either
+fully-qualified or abbreviated unambiguously). For details, see the
+introductory reference page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process for which to report status. Use the process name
+assigned with the <B>-instance</B> argument to the <B>bos</B>
+command. The output from the <B>bos status</B> command lists the
+names.
+<P><DT><B><B>-long</B>
+</B><DD>Produces more detailed status information.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output for a process includes at least one line, which reports one of
+the following as the process's current status:
+<UL>
+<P><LI><TT>currently running normally</TT>. The process's status
+flag in the <B>BosConfig</B> file is <TT>Run</TT>. For
+<B>cron</B> entries, this message indicates only that the command is
+scheduled to run, not necessarily that it was executing when the <B>bos
+status</B> command was issued.
+<P><LI><TT>disabled</TT>. The process is not running, and its
+<B>BosConfig</B> status flag is <TT>NotRun</TT>.
+<P><LI><TT>temporarily disabled</TT>. The process is not running
+although its status flag in the <B>BosConfig</B> file is
+<TT>Run</TT>. Either an administrator used the <B>bos
+shutdown</B> command to stop it, or the
+<P><LI>BOS Server stopped trying to restart it after numerous failed
+attempts. In the second case, the auxiliary message is <TT>stopped for
+ too many errors</TT>.
+<P><LI><TT>temporarily enabled</TT>. The process is running although its
+status flag in the <B>BosConfig</B> file is <TT>NotRun</TT>. An
+administrator has used the <B>bos startup</B> command to start it.
+</UL>
+<P>If one of the following special circumstances applies to the process, the
+indicated message appears in its entry:
+<UL>
+<P><LI><TT>has core file</TT>. The process failed and created a core
+file in the <B>/usr/afs/logs</B> directory. If the BOS Server was
+able to restart the process after the failure, the primary status is
+<TT>currently running normally</TT>.
+<P><LI><TT>stopped for too many errors</TT>. The reason for the primary
+status <TT>temporarily disabled</TT> is that the BOS Server's attempts
+to restart the process all failed.
+</UL>
+<P>The entry for the <B>fs</B> process always includes a second line to
+report the process's <TT>Auxiliary status</TT>, which is one of the
+following:
+<UL>
+<P><LI><TT>file server running</TT>. The File Server and Volume Server
+components of the File Server process are running normally.
+<P><LI><TT>salvaging file system</TT>. The Salvager is running, so the
+File Server and Volume Server are temporarily disabled. The BOS Server
+restarts them as soon as the Salvager is finished.
+</UL>
+<P>The entry for a <B>cron</B> process includes an <TT>Auxiliary
+status</TT> that reports when the command will next execute.
+<P>If the <B>-long</B> flag is used, each entry includes the following
+additional information:
+<UL>
+<P><LI>The process's type (<TT>simple</TT>, <TT>fs</TT>, or
+<TT>cron</TT>).
+<P><LI>The day and time the process last started or restarted.
+<P><LI>The number of <TT>proc starts</TT>, which is how many times the BOS
+Server has started or restarted the process since it started itself.
+<P><LI>The <TT>Last exit</TT> time when the process (or one of the component
+processes in the <B>fs</B> process) last terminated. This line does
+not appear if the process has not terminated since the BOS Server
+started.
+<P><LI>The <TT>Last error exit</TT> time when the process (or one of the
+component processes in the <B>fs</B> process) last failed due to an
+error. A further explanation such as <TT>due to shutdown request</TT>
+sometimes appears. This line does not appear if the process has not
+failed since the BOS Server started.
+<P><LI>Each command that the BOS Server invokes to start the process, as
+specified by the <B>-cmd</B> argument to the <B>bos create</B>
+command.
+<P><LI>The pathname of the notifier program that the BOS Server invokes when the
+process terminates (if any), as specified by the <B>-notifier</B> argument
+to the <B>bos create</B> command.
+</UL>
+<P>If the <B>-long</B> flag is provided and the BOS Server discovers that
+the mode bits on files and subdirectories in the local <B>/usr/afs</B>
+directory differ from the expected values, it prints the following warning
+message:
+<PRE> Bosserver reports inappropriate access on server directories
+
+</PRE>
+<P>The following chart summarizes the expected mode bit settings. A
+question mark indicates that the BOS Server does not check that bit.
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/backup</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/db</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/KeyFile</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>????<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/UserList</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>?????<TT>--</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/local</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/logs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR></TABLE>
+<P><STRONG>Examples</STRONG>
+<P>The following example command displays the status of processes on the
+machine <B>fs3.abc.com</B>:
+<PRE> %<B> bos status fs3.abc.com</B>
+ Instance buserver, currently running normally.
+ Instance kaserver, currently running normally.
+ Instance ptserver, currently running normally.
+ Instance vlserver, currently running normally.
+ Instance fs, has core file, currently running normally.
+ Auxiliary status is: file server running.
+ Instance upserver, currently running normally.
+ Instance runntp, currently running normally.
+
+</PRE>
+<P>The following example command displays a detailed status report for the
+<B>fs</B> and <B>ptserver</B> processes on the machine
+<B>fs1.abc.com</B>.
+<PRE> % <B>bos status -server fs1.abc.com -instance fs ptserver -long</B>
+ Instance fs, (type is fs), currently running normally.
+ Auxiliary status is: file server running.
+ Process last started at Wed Jan 7 5:34:49 1998 (3 proc starts)
+ Last exit at Wed Jan 7 5:34:49 1998
+ Last error exit at Wed Jan 7 5:34:49 1998, due to shutdown
+ request
+ Command 1 is '/usr/afs/bin/fileserver'
+ Command 2 is '/usr/afs/bin/volserver'
+ Command 3 is '/usr/afs/bin/salvager'
+ Instance ptserver, (type is simple) currently running normally.
+ Process last started at Tue Jan 6 8:29:19 1998 (1 proc starts)
+ Command 1 is '/usr/afs/bin/ptserver'
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<P><A HREF="#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf120.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf122.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf121.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf123.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_STOP" HREF="auarf002.htm#ToC_136">bos stop</A></H2>
+<A NAME="IDX4663"></A>
+<A NAME="IDX4664"></A>
+<A NAME="IDX4665"></A>
+<A NAME="IDX4666"></A>
+<A NAME="IDX4667"></A>
+<A NAME="IDX4668"></A>
+<A NAME="IDX4669"></A>
+<A NAME="IDX4670"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Stops a process after changing its status flag in the
+<B>/usr/afs/local/BosConfig</B> file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos stop -server</B> <<VAR>machine name</VAR>> <B>-instance</B> <<VAR>server process name</VAR>><SUP>+</SUP>
+ [<B>-wait</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos sto -s</B> <<VAR>machine name</VAR>> <B>-i</B> <<VAR>server process name</VAR>><SUP>+</SUP>
+ [<B>-w</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos stop</B> command sets the status flag for each process
+specified with the <B>-instance</B> argument to <TT>NotRun</TT> in the
+<B>/usr/afs/local/BosConfig</B> file on the server machine named by the
+<B>-server</B> argument, then stops it.
+<P>To stop a process without changing its <B>BosConfig</B> status flag,
+use the <B>bos shutdown</B> command instead.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the server machine on which to stop processes. Identify
+the machine by IP address or its host name (either fully-qualified or
+abbreviated unambiguously). For details, see the introductory reference
+page for the <B>bos</B> command suite.
+<P><DT><B><B>-instance</B>
+</B><DD>Names each process to stop. Use the process name assigned with the
+<B>-instance</B> argument to the <B>bos create</B> command. The
+output from the <B>bos status</B> command lists the names.
+<P><DT><B><B>-wait</B>
+</B><DD>Delays the return of the command shell prompt until all processes actually
+stop. If this argument is omitted, the prompt returns almost
+immediately even if all processes are not stopped.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command stops the <B>upserver</B> and
+<B>runntp</B> on the machine <B>fs7.abc.com</B>.
+<PRE> % <B>bos stop -server fs7.abc.com -instance upserver runntp</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf121.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf123.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf122.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf124.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOS_UNINSTALL" HREF="auarf002.htm#ToC_137">bos uninstall</A></H2>
+<A NAME="IDX4671"></A>
+<A NAME="IDX4672"></A>
+<A NAME="IDX4673"></A>
+<A NAME="IDX4674"></A>
+<A NAME="IDX4675"></A>
+<A NAME="IDX4676"></A>
+<A NAME="IDX4677"></A>
+<A NAME="IDX4678"></A>
+<A NAME="IDX4679"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reverts to the former version of a process's binary file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bos uninstall -server</B> <<VAR>machine name</VAR>> <B>-file</B> <<VAR>files to uninstall</VAR>><SUP>+</SUP>
+ [<B>-dir</B> <<VAR>destination dir</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-help</B>]
+
+<B>bos u -s</B> <<VAR>machine name</VAR>> <B>-f</B> <<VAR>files to uninstall</VAR>><SUP>+</SUP> [<B>-d</B> <<VAR>destination dir</VAR>>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>bos uninstall</B> command replaces each binary file specified by
+the <B>-file</B> argument with its <TT>.BAK</TT>version on the
+server machine named by the <B>-server</B> argument, which is normally the
+binary distribution machine for its CPU/operating system type. It also
+changes the extension on the current <TT>.OLD</TT> version (if any)
+to <TT>.BAK</TT>. Each binary file must reside in the local
+<B>/usr/afs/bin</B> directory unless the <B>-dir</B> argument names an
+alternate directory.
+<P>To start using the reverted binary immediately, issue the <B>bos
+restart</B> command. Otherwise, the BOS Server automatically restarts
+the process at the time defined in the <B>/usr/afs/local/BosConfig</B>
+file; use the <B>bos getrestart</B> command to display the time and
+the <B>bos setrestart</B> time to set it.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Indicates the binary distribution machine on which to revert to the
+<TT>.BAK</TT> version of binaries. Identify the machine by IP
+address or its host name (either fully-qualified or abbreviated
+unambiguously). For details, see the introductory reference page for
+the <B>bos</B> command suite.
+<P>If the machine is not a binary distribution machine and is running an
+<B>upclientbin</B> process, then the files are overwritten the next time
+the <B>upclientbin</B> process fetches the corresponding file from the
+distribution machine (by default within five minutes).
+<P><DT><B><B>-file</B>
+</B><DD>Names each binary file to replace with its <TT>.BAK</TT>
+version.
+<P><DT><B><B>-dir</B>
+</B><DD>Provides the complete pathname of the local disk directory containing each
+file named by the <B>-file</B> argument. It is necessary only if
+the binaries are not in the <B>/usr/afs/bin</B> directory.
+<P><DT><B><B>-cell</B>
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>bos</B> reference page.
+<P><DT><B><B>-noauth</B>
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>bos</B> reference
+page.
+<P><DT><B><B>-localauth</B>
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>bos</B> command
+interpreter presents the ticket to the BOS Server during mutual
+authentication. Do not combine this flag with the <B>-cell</B> or
+<B>-noauth</B> options. For more details, see the introductory
+<B>bos</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command overwrites the
+<B>/usr/afs/bin/kaserver</B> file on the machine
+<B>fs4.abc.com</B> with its <TT>.BAK</TT>version,
+and the current <TT>.BAK</TT> version by the
+<TT>.OLD</TT>version.
+<PRE> % <B>bos uninstall -server fs4.abc.com -file kaserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine named by the <B>-server</B> argument, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P><A HREF="auarf117.htm#HDRBOS_SETRESTART">bos setrestart</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf122.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf124.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf123.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf125.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBOSSERVER" HREF="auarf002.htm#ToC_138">bosserver</A></H2>
+<A NAME="IDX4680"></A>
+<A NAME="IDX4681"></A>
+<A NAME="IDX4682"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the BOS Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>bosserver</B> [<B>-noauth</B>] [<B>-log</B>] [<B>-enable_peer_stats</B>] [<B>-enable_process_stats</B>]
+ [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>bosserver</B> command initializes the Basic OverSeer (BOS)
+Server (<B>bosserver</B> process). In the conventional
+configuration, the binary file is located in the <B>/usr/afs/bin</B>
+directory on a file server machine.
+<P>The BOS Server must run on every file server machine and helps to automate
+file server administration by performing the following tasks:
+<UL>
+<P><LI>Monitors the other AFS server processes on the local machine, to make sure
+they are running correctly.
+<P><LI>Automatically restarts failed processes, without contacting a human
+operator. When restarting multiple server processes simultaneously, the
+BOS Server takes interdependencies into account and initiates restarts in the
+correct order.
+<A NAME="IDX4683"></A>
+<A NAME="IDX4684"></A>
+<P><LI>Processes commands from the <B>bos</B> suite that administrators issue
+to verify the status of server processes, install and start new processes,
+stop processes either temporarily or permanently, and restart halted
+processes.
+<P><LI>Manages system configuration information: the files that list the
+cell's server encryption keys, database server machines, and users
+privileged to issue commands from the <B>bos</B> and <B>vos</B>
+suites.
+</UL>
+<P>The BOS Server logs a default set of important events in the file
+<B>/usr/afs/logs/BosLog</B>. To record the name of any user who
+performs a privileged <B>bos</B> command (one that requires being listed
+in the <B>/usr/afs/etc/UserList</B> file), add the <B>-log</B>
+flag. To display the contents of the <B>BosLog</B> file, use the
+<B>bos getlog</B> command.
+<P>The first time that the BOS Server initializes on a server machine, it
+creates several files and subdirectories in the local <B>/usr/afs</B>
+directory, and sets their mode bits to protect them from unauthorized
+access. Each time it restarts, it checks that the mode bits still
+comply with the settings listed in the following chart. A question mark
+indicates that the BOS Server initially turns off the bit (sets it to the
+hyphen), but does not check it at restart.
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/backup</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/db</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/KeyFile</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>????<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/UserList</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>?????<TT>--</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/local</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/logs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR></TABLE>
+<P>If the mode bits do not comply, the BOS Server writes the following warning
+to the <B>BosLog</B> file:
+<PRE> Bosserver reports inappropriate access on server directories
+
+</PRE>
+<P>However, the BOS Server does not reset the mode bits, so the administrator
+can set them to alternate values if desired (with the understanding that the
+warning message then appears at startup).
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the issuer,
+which is useful only when authorization checking is disabled on the server
+machine (for instance, during the installation of a file server
+machine.)
+<P><DT><B>-log
+</B><DD>Records in the <B>/usr/afs/logs/BosLog</B> file the names of all users
+who successfully issue a privileged <B>bos</B> command (one that requires
+being listed in the <B>/usr/afs/etc/UserList</B> file).
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command initializes the BOS Server and logs the names of
+users who issue privileged <B>bos</B> commands.
+<PRE> % <B>bosserver -log &</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer most be logged onto a file server machine as the local superuser
+<B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf015.htm#HDRBOSLOG">BosLog</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf100.htm#HDRBOS_EXEC">bos exec</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf103.htm#HDRBOS_GETRESTART">bos getrestart</A>
+<P><A HREF="auarf113.htm#HDRBOS_RESTART">bos restart</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf119.htm#HDRBOS_START">bos start</A>
+<P><A HREF="auarf120.htm#HDRBOS_STARTUP">bos startup</A>
+<P><A HREF="auarf121.htm#HDRBOS_STATUS">bos status</A>
+<P><A HREF="auarf122.htm#HDRBOS_STOP">bos stop</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf123.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf125.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf124.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf126.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBUSERVER" HREF="auarf002.htm#ToC_139">buserver</A></H2>
+<A NAME="IDX4685"></A>
+<A NAME="IDX4686"></A>
+<A NAME="IDX4687"></A>
+<A NAME="IDX4688"></A>
+<A NAME="IDX4689"></A>
+<A NAME="IDX4690"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Backup Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>buserver</B> [<B>-database</B> <<VAR>database directory</VAR>>]
+ [<B>-cellservdb</B> <<VAR>cell configuration directory</VAR>>]
+ [<B>-resetdb</B>] [<B>-noauth</B>] [<B>-smallht</B>]
+ [<B>-servers</B> <<VAR>list of ubik database servers</VAR>><SUP>+</SUP>]
+ [<B>-enable_peer_stats</B>] [<B>-enable_process_stats</B>]
+ [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>buserver</B> command initializes the Backup Server, which runs
+on database server machines and maintains the Backup Database. In the
+conventional configuration, the binary file is located in the
+<B>/usr/afs/bin</B> directory on a file server machine.
+<P>The <B>buserver</B> command is not normally issued at the command shell
+prompt, but rather placed into a database server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a file server machine as the local superuser
+<B>root</B>.
+<P>As it initializes, the Backup Server process creates the two files that
+constitute the Backup Database, <B>bdb.DB0</B> and
+<B>bdb.DBSYS1</B>, in the <B>/usr/afs/db</B> directory if they
+do not already exist. The Backup Database houses information about
+volume sets and entries, the dump hierarchy, Tape Coordinators, and previously
+performed dump sets. Use the commands in the <B>backup</B> suite to
+administer the database.
+<P>The Backup Server records a trace of its activity in the
+<B>/usr/afs/logs/BackupLog</B> file. Use the <B>bos getlog</B>
+command to display the contents of the file.
+<P><STRONG>Cautions</STRONG>
+<P>The <B>buserver</B> process reserves port <B>7021</B> for its
+use. Unexpected behavior can occur if another process tries to reserve
+this port while the <B>buserver</B> process is running.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-database
+</B><DD>Specifies the pathname of an alternate directory for the Backup Database
+files, ending in a final slash (<B>/</B>). If this argument is not
+provided, the default is the <B>/usr/afs/db</B> directory.
+<P><DT><B>-cellservdb
+</B><DD>Specifies the pathname of the directory from which the Backup Server reads
+in an alternate version of the <B>CellServDB</B> file. This
+argument is mandatory for correct functioning when the Backup Server is
+running on a subset of the cell's database server machines that is not a
+majority of the machines listed in the standard
+<B>/usr/afs/etc/CellServDB</B> file (which the Backup Server consults if
+this argument is not provided). It is not appropriate in any other
+circumstances.
+<P><DT><B>-resetdb
+</B><DD>Removes all of the information in the Backup Database files in the
+<B>/usr/afs/db</B> directory, leaving zero-length versions of them.
+The backup operator must recreate the configuration entries in the database
+(for volume sets, the dump hierarchy and so on) before performing backup
+operations.
+<P><DT><B>-noauth
+</B><DD>Establishes an unauthenticated connection between the issuer and the
+Backup Server, in which the Backup Server treats the issuer as the
+unprivileged user <B>anonymous</B>. It is useful only when
+authorization checking is disabled on the database server machine. In
+normal circumstances, the Backup Server allows only authorized (privileged)
+users to issue commands that affect or contact the Backup Database, and
+refuses to perform such an action even if the <B>-noauth</B> flag is
+used.
+<P><DT><B>-smallht
+</B><DD>Directs the Backup Server to use smaller internal hash tables for the
+Backup Database, which reduces memory requirements but can make data access
+take longer.
+<P><DT><B>-servers
+</B><DD>Specifies the database server machines on which to start the Backup
+Server. Use this argument if running the Backup Server on a subset of
+the database server machines that is not a majority of the machines listed in
+the <B>/usr/afs/etc/CellServDB</B> file.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>bos create</B> command creates a
+<B>buserver</B> process on the file server machine
+<B>fs3.abc.com</B>. It appears here on two lines only
+for legibility.
+<PRE> % <B>bos create -server fs3.abc.com -instance buserver</B> \
+ <B>-type simple -cmd /usr/afs/bin/buserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf014.htm#HDRBACKUPLOG">BackupLog</A>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf042.htm#HDRBDBDB">bdb.DB0 and bdb.DBSYS1</A>
+<P><A HREF="auarf060.htm#HDRBK_INTRO">backup</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf124.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf126.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf125.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf127.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRBUTC" HREF="auarf002.htm#ToC_140">butc</A></H2>
+<A NAME="IDX4691"></A>
+<A NAME="IDX4692"></A>
+<A NAME="IDX4693"></A>
+<A NAME="IDX4694"></A>
+<A NAME="IDX4695"></A>
+<A NAME="IDX4696"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Tape Coordinator process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>butc</B> [<B>-port</B> <<VAR>port offset</VAR>>] [<B>-debuglevel</B> < <B>0</B> | <B>1</B> | <B>2</B> >]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noautoquery</B>]
+ [<B>-localauth</B>] [<B>-help</B>]
+
+<B>butc</B> [<B>-p</B> <<VAR>port offset</VAR>>] [<B>-d</B> < <B>0</B> | <B>1</B> | <B>2</B> >]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>butc</B> command initializes a Tape Coordinator process on a
+Tape Coordinator machine, enabling an operator to direct Backup System
+requests to the associated tape device or backup data file. (The Tape
+Coordinator controls a backup data file if the <B>FILE YES</B> instruction
+appears in the <B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file that
+corresponds to the Tape Coordinator's entry in the
+<B>/usr/afs/backup/tapeconfig</B> file. For the sake of simplicity,
+the following discusses tape devices only.)
+<P>It is conventional to start and run the Tape Coordinator in the
+foreground. In this case, it runs on its own connection, which is
+unavailable for any other use and must remain open the entire time the Tape
+Coordinator is to accept backup requests and while it is executing
+them. (When using a window manager, the connection corresponds to a
+separate command shell window.) The Tape Coordinator can run in the
+background if the <B>CFG_</B><VAR>device_name</VAR> file is configured to
+eliminate any need for the Tape Coordinator to prompt the operator. In
+both the foreground and background, the Tape Coordinator writes operation
+traces and other output to the standard output stream on the connection over
+which it was started. Use the <B>-debuglevel</B> argument to
+control the amount of information that appears. The Tape Coordinator
+also writes traces and error messages to two files in the local
+<B>/usr/afs/backup</B> directory:
+<UL>
+<P><LI>The <B>TE_</B><VAR>device_name</VAR> file records problems that the Tape
+Coordinator encounters as it executes backup operations.
+<P><LI>The <B>TL_</B><VAR>device_name</VAR> file records a trace of operations
+as well as the same errors written to the <B>TE_</B><VAR>device_name</VAR>
+file.
+</UL>
+<P>The Tape Coordinator creates the files automatically as it
+initializes. If there are existing files, the Tape Coordinator renames
+them with a <B>.old</B> extension, overwriting the existing
+<B>.old</B> files if they exist. It derives the
+<VAR>device_name</VAR> part of the file names by stripping off the device
+name's <B>/dev/</B> prefix and replacing any other slashes with
+underscores. For example, the files are called <B>TE_rmt_4m</B> and
+<B>TL_rmt_4m</B> for a device called <B>/dev/rmt/4m</B>.
+<P>By default, at the beginning of each operation the Tape Coordinator prompts
+for the operator to insert the first tape into the drive and press
+<<B>Return</B>>. To suppress this prompt, include the
+<B>-noautoquery</B> flag on the command line or the instruction
+<B>AUTOQUERY NO</B> in the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file. When the
+prompt is suppressed, the first required tape must be in the drive before a
+<B>backup</B> command is issued. For subsequent tapes, the Tape
+Coordinator uses its normal tape acquisition routine: if the
+<B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file includes a
+<B>MOUNT</B> instruction, the Tape Coordinator invokes the indicated
+command; otherwise, it prompts the operator for the next tape.
+<P>To stop the Tape Coordinator process, enter an interrupt signal such as
+<<B>Ctrl-c</B>> over the dedicated connection (in the command shell
+window).
+<P>To cancel a <B>backup</B> operation that involves a tape before it
+begins (assuming the initial tape prompt has not been suppressed), enter the
+letter <B>a</B> (for <B>abort</B>) and press <<B>Return</B>> at
+the Tape Coordinator's prompt for the first tape.
+<P>Tape Coordinator operation depends on the correct configuration of certain
+files, as described in the following list:
+<UL>
+<P><LI>The local <B>/usr/afs/backup/tapeconfig</B> file must include an entry
+for the Tape Coordinator that specifies its device name and port offset
+number, among other information; for details, see the
+<B>tapeconfig</B> reference page.
+<P><LI>The port offset number recorded in the Tape Coordinator's entry in
+the Backup Database must match the one in the <B>tapeconfig</B>
+file. Create the Backup Database entry by using the <B>backup
+addhost</B> command.
+<P><LI>The optional <B>/usr/afs/backup/CFG_</B><VAR>device_name</VAR> file can
+contain instructions for mounting and unmounting tapes automatically (when
+using a tape stacker or jukebox, for instance) or automating other aspects of
+the backup process. The <VAR>device_name</VAR> part of the name is
+derived as described previously for the <B>TE_</B><VAR>device_name</VAR> and
+<B>TL_</B><VAR>device_name</VAR> files.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>If the Tape Coordinator machine is an AIX machine, use the <B>SMIT</B>
+utility to set the device's block size to 0 (zero), indicating variable
+block size. Otherwise, tape devices attached to machines running other
+operating systems sometimes cannot read tapes written on AIX machines.
+For instructions, see the <I>IBM AFS Administration Guide</I> chapter
+about configuring the Backup System.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-port
+</B><DD>Specifies the port offset number of the Tape Coordinator to
+initialize.
+<P><DT><B>-debuglevel
+</B><DD>Controls the amount and type of messages the Tape Coordinator displays on
+the standard output stream. Provide one of three acceptable
+values:
+<UL>
+<P><LI><B>0</B> to display the minimum level of detail required to describe
+Tape Coordinator operations, including prompts for tapes, messages that
+indicate the beginning and end of operations, and error messages. This
+is the default value.
+<P><LI><B>1</B> to display the names of the volumes being dumped or restored
+as well as the information displayed at level 0.
+<P><LI><B>2</B> to display all messages also being written to the
+<B>TL_</B><VAR>device_name</VAR> log file.
+</UL>
+<P><DT><B>-cell
+</B><DD>Names the cell in which the Tape Coordinator operates (the cell to which
+the file server machines that house affected volumes belong). If this
+argument is omitted, the Tape Coordinator runs in the local cell as defined in
+the local <B>/usr/vice/etc/ThisCell</B> file. Do not combine this
+flag with the <B>-localauth</B> argument.
+<P><DT><B>-noautoquery
+</B><DD>Suppresses the Tape Coordinator's prompt for insertion of the first
+tape needed for an operation. The operator must insert the tape into
+the drive before issuing the <B>backup</B> command that initializes the
+operation.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using the server encryption key with the
+highest key version number in the local
+<B>/usr/afs/etc/KeyFile</B>. The <B>butc</B> command
+interpreter presents the ticket, which never expires, to the Volume Server and
+Volume Location Server to use in mutual authentication.
+<P>Do not combine this argument with the <B>-cell</B> flag, and use it
+only when logged on to a server machine as the local superuser
+<B>root</B>; client machines do not have
+<B>/usr/afs/etc/KeyFile</B> file.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command starts the Tape Coordinator with port offset
+<B>7</B> at debug level <B>1</B>, meaning the Tape Coordinator reports
+the names of volumes it is dumping or restoring.
+<PRE> % <B>butc -port 7 -debuglevel 1</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server or Volume Location (VL) Server is
+running, and on every file server machine that houses a volume to be backed
+up. If the <B>-localauth</B> flag is included, the issuer must
+instead be logged on to the Tape Coordinator machine as the local superuser
+<B>root.</B> In addition, the issuer must be able to read and write
+to the log and configuration files in the local <B>/usr/afs/backup</B>
+directory.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf018.htm#HDRCFG">CFG_<I>device_name</I></A>
+<P><A HREF="auarf023.htm#HDRKEYFILE">KeyFile</A>
+<P><A HREF="auarf031.htm#HDRTE">TE_<I>device_name</I></A>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf034.htm#HDRTL">TL_<I>device_name</I></A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P><A HREF="auarf062.htm#HDRBK_ADDHOST">backup addhost</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf125.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf127.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf126.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf128.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRDLOG" HREF="auarf002.htm#ToC_141">dlog</A></H2>
+<A NAME="IDX4697"></A>
+<A NAME="IDX4698"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Authenticates to the DCE Security Service
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>dlog</B> [<B>-principal</B> <<VAR>user name</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-password</B> <<VAR>user's password</VAR>>] [<B>-servers</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>]
+ [<B>-lifetime</B> <<VAR>ticket lifetime in hh[:mm[:ss]]</VAR>>]
+ [<B>-setpag</B>] [<B>-pipe</B>] [<B>-help</B>]
+
+<B>dlog</B> [<B>-pr</B> <<VAR>user name</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-pw</B> <<VAR>user's password</VAR>>]
+ [<B>-ser</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>]
+ [<B>-l</B> <<VAR>ticket lifetime in hh[:mm[:ss]]</VAR>>] [<B>-set</B>] [<B>-pi</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>dlog</B> command obtains DCE credentials for the issuer from the
+DCE Security Service in the cell named by the <B>-cell</B> argument, and
+stores them on the AFS client machine on which the user issues the
+command. The AFS/DFS Migration Toolkit Protocol Translator processes
+running on machines in the DCE cell accept the credentials, which enables the
+user to access the DCE cell's filespace from the AFS client. The
+user's identity in the local file system is unchanged.
+<P>If the issuer does not provide the <B>-principal</B> argument, the
+<B>dlog</B> command interpreter uses the user name under which the issuer
+is logged into the local file system. Provide the DCE password for the
+appropriate user name. As with the <B>klog</B> command, the
+password does not cross the network in clear text (unless the issuer is logged
+into the AFS client from a remote machine).
+<P>The credentials are valid for a lifetime equivalent to the smallest of the
+following, all but the last of which is defined by the DCE cell's
+Security Server:
+<UL>
+<P><LI>The maximum certificate lifetime for the issuer's DCE account
+<P><LI>The maximum certificate lifetime for the <B>afs</B> principal's
+DCE account
+<P><LI>The registry-wide maximum certificate lifetime
+<P><LI>The registry-wide default certificate lifetime
+<P><LI>The lifetime requested using the <B>-lifetime</B> argument
+</UL>
+<P>If the previous maximum certificate lifetime values are set to
+<B>default-policy</B>, the maximum possible ticket lifetime is defined by
+the default certificate lifetime. Refer to the DCE vendor's
+administration guide for more information before setting any of these
+values.
+<P>The AFS Cache Manager stores the ticket in a credential structure
+associated with the name of the issuer (or the user named by the
+<B>-principal</B> argument. If the user already has a ticket for
+the DCE cell, the ticket resulting from this command replaces it in the
+credential structure.
+<P>The AFS <B>tokens</B> command displays the ticket obtained by the
+<B>dlog</B> command for the server principal <B>afs</B>, regardless of
+the principal to which it is actually granted. Note that the
+<B>tokens</B> command does not distinguish tickets for a DFS<SUP>TM</SUP>
+File Server from tickets for an AFS File Server.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-principal
+</B><DD>Specifies the DCE user name for which to obtain DCE credentials. If
+this option is omitted, the <B>dlog</B> command interpreter uses the name
+under which the issuer is logged into the local file system.
+<P><DT><B>-cell
+</B><DD>Specifies the DCE cell in which to authenticate. During a single
+login session on a given machine, a user can authenticate in multiple cells
+simultaneously, but can have only one ticket at a time for each cell (that is,
+it is possible to authenticate under only one identity per cell per
+machine). It is legal to abbreviate the cell name to the shortest form
+that distinguishes it from the other cells listed in the
+<B>/usr/vice/etc/CellServDB</B> file on the local client machine.
+<P>If the issuer does not provide the <B>-cell</B> argument, the
+<B>dlog</B> command attempts to authenticate with the DCE Security Server
+for the cell defined by
+<OL TYPE=1>
+<P><LI>The value of the environment variable AFSCELL on the local AFS client
+machine, if defined. The issuer can set the AFSCELL environment
+variable to name the desired DCE cell.
+<P><LI>The cell name in the <B>/usr/vice/etc/ThisCell</B> file on the local
+AFS client machine. The machine's administrator can place the
+desired DCE cell's name in the file.
+</OL>
+<P><DT><B>-password
+</B><DD>Specifies the password for the issuer (or for the user named by the
+<B>-principal</B> argument). Using this argument is not
+recommended, because it makes the password visible on the command line.
+If this argument is omitted, the command prompts for the password and does not
+echo it visibly.
+<P><DT><B>-servers
+</B><DD>Specifies a list of DFS database server machines running the Translator
+Server through which the AFS client machine can attempt to
+authenticate. Specify each server by hostname, shortened machine name,
+or IP address. If this argument is omitted, the <B>dlog</B> command
+interpreter randomly selects a machine from the list of DFS Fileset Location
+(FL) Servers in the <B>/usr/vice/etc/CellServDB</B> file for the DCE cell
+specified by the <B>-cell</B> argument. This argument is useful for
+testing when authentication seems to be failing on certain server
+machines.
+<P><DT><B>-lifetime
+</B><DD>Requests a ticket lifetime using the format
+<VAR>hh</VAR><B>:</B><VAR>mm</VAR>[<B>:</B><VAR>ss</VAR>]
+(hours, minutes, and optionally a number seconds between 00 and 59).
+For example, the value <B>168:30</B> requests a ticket lifetime of 7
+days and 30 minutes, and <B>96:00</B> requests a lifetime of 4
+days. Acceptable values range from <B>00:05</B> (5 minutes)
+to <B>720:00</B> (30 days). If this argument is not provided
+and no other determinants of ticket lifetime have been changed from their
+defaults, ticket lifetime is 10 hours.
+<P>The requested lifetime must be smaller than any of the DCE cell's
+determinants for ticket lifetime; see the discussion in the preceding
+<B>Description</B> section.
+<P><DT><B>-setpag
+</B><DD>Creates a process authentication group (PAG) in which the newly created
+ticket is placed. If this flag is omitted, the ticket is instead
+associated with the issuers' local user ID (UID).
+<P><DT><B>-pipe
+</B><DD>Suppresses any prompts that the command interpreter otherwise produces,
+including the prompt for the issuer's password. Instead, the
+command interpreter accepts the password via the standard input stream.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the <B>dlog</B> command interpreter cannot contact a Translator
+Server, it produces a message similar to the following:
+<PRE> dlog: server or network not responding -- failed to contact
+ authentication service
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command authenticates the issuer as <B>cell_admin</B> in
+the <B>dce.abc.com</B> cell.
+<PRE> % <B>dlog -principal cell_admin -cell dce.abc.com</B>
+ Password: <VAR>cell_admin's password</VAR>
+
+</PRE>
+<P>In the following example, the issuer authenticates as <B>cell_admin</B>
+to the <B>dce.abc.com</B> cell and request a ticket lifetime
+of 100 hours. The <B>tokens</B> command confirms that the user
+obtained DCE credentials as the user <B>cell_admin</B>: the AFS ID
+is equivalent to the UNIX ID of <B>1</B> assigned to <B>cell_admin</B>
+in <B>dce.abc.com</B> cell's DCE registry.
+<PRE> % <B>dlog -principal cell_admin -cell dce.abc.com -lifetime 100</B>
+ Password: <VAR>cell_admin's password</VAR>
+
+ % <B>tokens</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1) tokens for afs@dce.abc.com [Expires Jul 6 14:12]
+ User's (AFS ID 4758) tokens for afs@abc.com [Expires Jul 2 13:14]
+
+ --End of list--
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf128.htm#HDRDPASS">dpass</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P><A HREF="auarf238.htm#HDRUNLOG">unlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf126.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf128.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf127.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf129.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRDPASS" HREF="auarf002.htm#ToC_142">dpass</A></H2>
+<A NAME="IDX4699"></A>
+<A NAME="IDX4700"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Returns the DCE password for a new DCE account
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>dpass</B> [<B>-cell</B> <<VAR>original AFS cell name</VAR>>] [<B>-help</B>]
+
+<B>dpass</B> [<B>-c</B> <<VAR>original AFS cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>dpass</B> command returns the DCE password that an administrator
+assigned to the issuer when using the <B>dm pass</B> command to migrate
+AFS user accounts into a DCE cell.
+<P>The <B>dpass</B> command, issued on an AFS client, requests the
+issuer's new DCE password from the AFS cell specified with the
+<B>-cell</B> argument.
+<P>The issuer must be authenticated as the AFS user whose AFS account was
+moved into DCE, and be able to provide the user's AFS password when
+prompted by the <B>dpass</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Specifies the name of the AFS cell from which the AFS account was moved
+into DCE and from which to fetch the new DCE password.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>By default, the <B>dpass</B> command writes a message similar to the
+following to the standard output stream.
+<PRE> Please read the following message before entering your password.
+
+ This program will display your new, temporary DCE password on your
+ terminal, and you should change the assigned password as soon as
+ possible (from a DCE client). The program assumes that the AFS cell
+ uses the AFS Authentication Server and that an administrator used the
+ utilities in the AFS/DFS Migration Toolkit to migrate the account from
+ AFS to DCE. The password you enter should be the AFS password that was
+ in effect when your DCE account was created; this is not necessarily
+ the same password you have at the moment. The cell name (which you
+ may override with a command line option), must be the name of the AFS
+ cell from which the authentication information was taken.
+
+</PRE>
+<P>To suppress this message, set the DPASS_NO_MESSAGE environment
+variable. It is then possible to substitute a customized message if
+desired by using a script similar to the following example:
+<PRE> #! /bin/csh
+ echo "<VAR>Start of customized message</VAR>"
+ echo "<VAR>Continuation of customized message</VAR>"
+ .
+ .
+ .
+ echo "<VAR>Conclusion of customized message</VAR>"
+ setenv DPASS_NO_MESSAGE
+ dpass $*
+
+</PRE>
+<P>After the standard or customized message, if any, the <B>dpass</B>
+command generates the following prompt for the original AFS password:
+<PRE> Original password for AFS cell <VAR>cell</VAR>:
+ Re-enter password to verify:
+
+</PRE>
+<P>If the AFS passwords match and are correct, the command reports the
+temporary DCE password in the following message.
+<PRE> The new DCE password is: <VAR>Issuer's_temporary_DCE_password</VAR>
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example returns the DCE password of the issuer, whose AFS
+account is in the <B>abc.com</B> cell. The DPASS_NO_MESSAGE
+variable has been set to suppress the standard message.
+<PRE> % <B>dpass</B>
+ Original password for AFS cell abc.com: <VAR>Issuer's_AFS_password</VAR>
+ Re-enter password to verify: <VAR>Issuer's_AFS_password</VAR>
+ The new DCE password is: 8655--eg8e-dcdc-8157
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be authenticated as the AFS user for whom to display the
+corresponding DCE password.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf127.htm#HDRDLOG">dlog</A>
+<P><B>dm pass</B> reference page in <I>IBM AFS/DFS Migration Toolkit
+Administration Guide and Reference</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf127.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf129.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf128.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf130.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFILESERVER" HREF="auarf002.htm#ToC_143">fileserver</A></H2>
+<A NAME="IDX4701"></A>
+<A NAME="IDX4702"></A>
+<A NAME="IDX4703"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the File Server component of the <B>fs</B> process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fileserver</B> [<B>-d</B> <<VAR>debug level</VAR>>] [<B>-p</B> <<VAR>number of processes</VAR>>]
+ [<B>-spare</B> <<VAR>number of spare blocks</VAR>>]
+ [<B>-pctspare</B> <<VAR>percentage spare</VAR>>] [<B>-b</B> <<VAR>buffers</VAR>>]
+ [<B>-l</B> <<VAR>large vnodes</VAR>>] [<B>-s</B> <<VAR>small nodes</VAR>>]
+ [<B>-vc</B> <<VAR>volume cachesize</VAR>>] [<B>-w</B> <<VAR>call back wait interval</VAR>>]
+ [<B>-cb</B> <<VAR>number of call backs</VAR>>]
+ [<B>-banner</B> (print banner every 10 minutes)]
+ [<B>-novbc</B> (whole volume cbs disabled)]
+ [<B>-implicit</B> <<VAR>admin mode bits: rlidwka</VAR>>]
+ [<B>-hr</B> <<VAR>number of hours between refreshing the host cps</VAR>>]
+ [<B>-busyat</B> <<VAR>redirect clients when queue > n</VAR>>]
+ [<B>-rxpck</B> <<VAR>number of rx extra packets</VAR>>]
+ [<B>-rxdbg</B> (enable rx debugging)]
+ [<B>-rxdbge</B> (enable rxevent debugging)]
+ [<B>-m</B> <<VAR>min percentage spare in partition</VAR>>]
+ [<B>-lock</B> (keep fileserver from swapping)]
+ [<B>-L</B> (large server conf)] [<B>-S</B> (small server conf)]
+ [<B>-k</B> <<VAR>stack size</VAR>>] [<B>-realm</B> <<VAR>Kerberos realm name</VAR>>]
+ [<B>-udpsize</B> <<VAR>size of socket buffer in bytes</VAR>>]
+ [<B>-enable_peer_stats</B>] [<B>-enable_process_stats</B>]
+ [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>fileserver</B> command initializes the File Server component of
+the <B>fs</B> process. In the conventional configuration, its
+binary file is located in the <B>/usr/afs/bin</B> directory on a file
+server machine.
+<P>The <B>fileserver</B> command is not normally issued at the command
+shell prompt, but rather placed into a database server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a file server machine as the local superuser
+<B>root</B>.
+<P>The File Server creates the <B>/usr/afs/logs/FileLog</B> log file as it
+initializes, if the file does not already exist. It does not write a
+detailed trace by default, but use the <B>-d</B> option to increase the
+amount of detail. Use the <B>bos getlog</B> command to display the
+contents of the log file.
+<P>The command's arguments enable the administrator to control many
+aspects of the File Server's performance, as detailed in the
+<B>Options</B> section. By default the <B>fileserver</B>
+command sets values for many arguments that are suitable for a medium-sized
+file server machine. To set values suitable for a small or large file
+server machine, use the <B>-S</B> or <B>-L</B> flag
+respectively. The following list describes the parameters and
+corresponding argument for which the <B>fileserver</B> command sets
+default values, and <A HREF="#TBLFILESERVER-ARGS">Table 1</A> summarizes the setting for each of the three machine
+sizes.
+<UL>
+<P><LI>The maximum number of lightweight processes (LWPs) the File Server uses to
+handle requests for data; corresponds to the <B>-p</B>
+argument. The File Server always uses a minimum of 32 KB for these
+processes.
+<P><LI>The maximum number of directory blocks the File Server caches in
+memory; corresponds to the <B>-b</B> argument. Each cached
+directory block (buffer) consumes 2,092 bytes of memory.
+<P><LI>The maximum number of large vnodes the File Server caches in memory for
+tracking directory elements; corresponds to the <B>-l</B>
+argument. Each large vnode consumes 292 bytes of memory.
+<P><LI>The maximum number of small vnodes the File Server caches in memory for
+tracking file elements; corresponds to the <B>-s</B> argument.
+Each small vnode consumes 100 bytes of memory.
+<P><LI>The maximum volume cache size, which determines how many volumes the File
+Server can cache in memory before having to retrieve data from disk;
+corresponds to the <B>-vc</B> argument.
+<P><LI>The maximum number of callback structures the File Server caches in
+memory; corresponds to the <B>-cb</B> argument. Each callback
+structure consumes 16 bytes of memory.
+<P><LI>The maximum number of <B>Rx</B> packets the File Server uses;
+corresponds to the <B>-rxpck</B> argument. Each packet consumes
+1544 bytes of memory.
+</UL>
+<BR>
+<P><B><A NAME="TBLFILESERVER-ARGS" HREF="auarf003.htm#FT_TBLFILESERVER-ARGS">Table 1. File Server configuration parameters</A></B><BR>
+<TABLE WIDTH="100%" BORDER>
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Parameter (Argument)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">Small configuration (<B>-S</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">Medium configuration (default)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">Large configuration (<B>-L</B>)
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Number of LWPs (<B>-p</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">6
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">9
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">12
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Number of cached directory blocks (<B>-b</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">70
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">90
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">120
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Number of cached large vnodes (<B>-l</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">200
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">400
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">600
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Number of cached small vnodes (<B>-s</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">200
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">400
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">600
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Maximum volume cache size (<B>-vc</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">200
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">400
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">600
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Number of callbacks (<B>-cb</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">20,000
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">60,000
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">64,000
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="40%">Number of <B>Rx</B> packets (<B>-rxpck</B>)
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%">100
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="19%">150
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="21%">200
+</TD></TR></TABLE>
+<P>To override any of the values, provide the indicated argument (which can be
+combined with the <B>-S</B> or <B>-L</B> flag).
+<P>The amount of memory required for the File Server varies. The
+approximate default memory usage is 751 KB when the <B>-S</B> flag is used
+(small configuration), 1.1 MB when all defaults are used (medium
+configuration), and 1.4 MB when the <B>-L</B> flag is used (large
+configuration). If additional memory is available, increasing the value
+of the <B>-cb</B> and <B>-vc</B> arguments can improve File Server
+performance most directly.
+<P>By default, the File Server allows a volume to exceed its quota by 1 MB
+when an application is writing data to an existing file in a volume that is
+full. The File Server still does not allow users to create new files in
+a full volume. To change the default, use one of the following
+arguments:
+<A NAME="IDX4704"></A>
+<UL>
+<P><LI>Set the <B>-spare</B> argument to the number of extra kilobytes that
+the File Server allows as overage. A value of <B>0</B> allows no
+overage.
+<P><LI>Set the <B>-pctspare</B> argument to the percentage of the
+volume's quota the File Server allows as overage.
+</UL>
+<P>By default, the File Server implicitly grants the <B>a</B>
+(<B>administer</B>) and <B>l</B> (<B>lookup</B>) permissions to
+the <B>system:administrators</B> on the access control list (ACL) of
+every directory in the volumes stored on its file server machine. In
+other words, the group's members can exercise those two permissions even
+when an entry for the group does not appear on an ACL. To change the
+set of default permissions, use the <B>-implicit</B> argument.
+<P>The File Server maintains a <I>host current protection subgroup</I>
+(<I>host CPS</I>) for each client machine from which it has received a
+data access request. Like the CPS for a user, a host CPS lists all of
+the Protection Database groups to which the machine belongs, and the File
+Server compares the host CPS to a directory's ACL to determine in what
+manner users on the machine are authorized to access the directory's
+contents. When the <B>pts adduser</B> or <B>pts removeuser</B>
+command is used to change the groups to which a machine belongs, the File
+Server must recompute the machine's host CPS in order to notice the
+change. By default, the File Server contacts the Protection Server
+every two hours to recompute host CPSs, implying that it can take that long
+for changed group memberships to become effective. To change this
+frequency, use the <B>-hr</B> argument.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The AIX operating system does not automatically reserve a part of each
+partition to avoid the negative consequences that can result when the space on
+a partition is completely exhausted. Therefore, the AIX version of the
+File Server creates an 8% disk reserve automatically. To change the
+percentage, use the <B>-m</B> argument.
+</TD></TR></TABLE>
+<P>The File Server generates the following message when a partition is nearly
+full:
+<PRE> No space left on device
+
+</PRE>
+<P><STRONG>Cautions</STRONG>
+<P>Do not use the <B>-k</B> and <B>-w</B> arguments, which are
+intended for use by the AFS Development group only. Changing them from
+their default values can result in unpredictable File Server behavior.
+In any case, on many operating systems the File Server uses native threads
+rather than the LWP threads, so using the <B>-k</B> argument to set the
+number of LWP threads has no effect.
+<P>Do not specify both the <B>-spare</B> and <B>-pctspare</B>
+arguments. Doing so causes the File Server to exit, leaving an error
+message in the <B>/usr/afs/logs/FileLog</B> file.
+<P>Options that are available only on some system types, such as the
+<B>-m</B> and <B>-lock</B> options, appear in the output generated by
+the <B>-help</B> option only on the relevant system type.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-d
+</B><DD>Sets the detail level for the debugging trace written to the
+<B>/usr/afs/logs/FileLog</B> file. Provide one of the following
+values, each of which produces an increasingly detailed trace:
+<B>0</B>, <B>1</B>, <B>5</B>, <B>25</B>, and
+<B>125</B>. The default value of <B>0</B> produces only a few
+messages.
+<P><DT><B>-p
+</B><DD>Sets the number of threads to run. Provide a positive
+integer. The File Server creates and uses five threads for special
+purposes, in addition to the number specified (but if this argument specifies
+the maximum possible number, the File Server automatically uses five of the
+threads for its own purposes).
+<P>The maximum number of threads can differ in each release of AFS.
+Consult the <I>IBM AFS Release Notes</I> for the current release.
+<P><DT><B>-spare
+</B><DD>Specifies the number of additional kilobytes an application can store in a
+volume after the quota is exceeded. Provide a positive integer; a
+value of <B>0</B> prevents the volume from ever exceeding its
+quota. Do not combine this argument with the <B>-pctspare</B>
+argument.
+<P><DT><B>-pctspare
+</B><DD>Specifies the amount by which the File Server allows a volume to exceed
+its quota, as a percentage of the quota. Provide an integer between
+<B>0</B> and <B>99</B>. A value of <B>0</B> prevents the
+volume from ever exceeding its quota. Do not combine this argument with
+the <B>-spare</B> argument.
+<P><DT><B>-b
+</B><DD>Sets the number of directory buffers. Provide a positive
+integer.
+<P><DT><B>-l
+</B><DD>Sets the number of large vnodes available in memory for caching directory
+elements. Provide a positive integer.
+<P><DT><B>-s
+</B><DD>Sets the number of small vnodes available in memory for caching file
+elements. Provide a positive integer.
+<P><DT><B>-vc
+</B><DD>Sets the number of volumes the File Server can cache in memory.
+Provide a positive integer.
+<P><DT><B>-w
+</B><DD>Sets the interval at which the daemon spawned by the File Server performs
+its maintenance tasks. Do not use this argument; changing the
+default value can cause unpredictable behavior.
+<P><DT><B>-cb
+</B><DD>Sets the number of callbacks the File Server can track. Provide a
+positive integer.
+<P><DT><B>-banner
+</B><DD>Prints the following banner to <B>/dev/console</B> about every 10
+minutes.
+<PRE> File Server is running at <VAR>time</VAR>.
+
+</PRE>
+<P><DT><B>-novbc
+</B><DD>Prevents the File Server from breaking the callbacks that Cache Managers
+hold on a volume that the File Server is reattaching after the volume was
+offline (as a result of the <B>vos restore</B> command, for
+example). Use of this flag is strongly discouraged.
+<P><DT><B>-implicit
+</B><DD>Defines the set of permissions granted by default to the
+<B>system:administrators</B> group on the ACL of every directory in
+a volume stored on the file server machine. Provide one or more of the
+standard permission letters (<B>rlidwka</B>) and auxiliary permission
+letters (<B>ABCDEFGH</B>), or one of the shorthand notations for groups of
+permissions (<B>all</B>, <B>none</B>, <B>read</B>, and
+<B>write</B>). To review the meaning of the permissions, see the
+<B>fs setacl</B> reference page.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The File Server always implicitly grants the <B>a</B> permission to the
+<B>system:administrators</B> group, even if you use the
+<B>none</B> value.
+</TD></TR></TABLE>
+<P><DT><B><B>-hr</B>
+</B><DD>Specifies how often the File Server refreshes its knowledge of the
+machines that belong to protection groups (refreshes the host CPSs for
+machines). The File Server must update this information to enable users
+from machines recently added to protection groups to access data for which
+those machines now have the necessary ACL permissions.
+<P><DT><B>-busyat
+</B><DD>Defines the number of incoming RPCs that can be waiting for a response
+from the File Server before the File Server returns the error code
+<B>VBUSY</B> to the Cache Manager that sent the latest RPC. In
+response, the Cache Manager retransmits the RPC after a delay. This
+argument prevents the accumulation of so many waiting RPCs that the File
+Server can never process them all. Provide a positive integer.
+The default value is 600.
+<P><DT><B>-rxpck
+</B><DD>Controls the number of Rx packets the File Server uses to store data for
+incoming RPCs that it is currently handling, that are waiting for a response,
+and for replies that are not yet complete. Provide a positive
+integer.
+<P><DT><B>-rxdbg
+</B><DD>Writes a trace of the File Server's operations on Rx packets to the
+file <B>/usr/afs/logs/rx_dbg</B>.
+<P><DT><B>-rxdbge
+</B><DD>Writes a trace of the File Server's operations on Rx events (such as
+retransmissions) to the file <B>/usr/afs/logs/rx_dbg</B>.
+<P><DT><B>-m
+</B><DD>Specifies the percentage of each AFS server partition that the AIX version
+of the File Server creates as a reserve. Specify an integer value
+between <B>0</B> and <B>30</B>; the default is 8%. A value
+of <B>0</B> means that the partition can become completely full, which can
+have serious negative consequences.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This argument is available only on machines running the AIX operating system,
+and so does not appear in the syntax statement when the <B>-help</B> flag
+is used on other system types.
+</TD></TR></TABLE>
+<P><DT><B>-lock
+</B><DD>Prevents any portion of the <B>fileserver</B> binary from being paged
+(swapped) out of memory on a file server machine running the IRIX operating
+system.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This argument is available only on machines running the IRIX operating
+system, and so does not appear in the syntax statement when the
+<B>-help</B> flag is used on other system types.
+</TD></TR></TABLE>
+<P><DT><B><B>-L</B>
+</B><DD>Sets values for many arguments in a manner suitable for a large file
+server machine. Combine this flag with any option except the
+<B>-S</B> flag; omit both flags to set values suitable for a
+medium-sized file server machine.
+<P><DT><B><B>-S</B>
+</B><DD>Sets values for many arguments in a manner suitable for a small file
+server machine. Combine this flag with any option except the
+<B>-L</B> flag; omit both flags to set values suitable for a
+medium-sized file server machine.
+<P><DT><B>-k
+</B><DD>Sets the LWP stack size in units of 1 kilobyte. Do not use this
+argument, and in particular do not specify a value less than the default of
+24.
+<P><DT><B>-realm
+</B><DD>Defines the Kerberos realm name for the File Server to use. If this
+argument is not provided, it uses the realm name corresponding to the cell
+listed in the local <B>/usr/afs/etc/ThisCell</B> file.
+<P><DT><B>-udpsize
+</B><DD>Sets the size of the UDP buffer, which is 64 KB by default. Provide
+a positive integer, preferably larger than the default.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following <B>bos create</B> command creates an <B>fs</B>
+process on the file server machine <B>fs2.abc.com</B> that
+uses the large configuration size, and allows volumes to exceed their quota by
+10%. Type the command on a single line:
+<PRE> % <B>bos create -server fs2.abc.com -instance fs -type fs</B> \
+ <B>-cmd "/usr/afs/bin/fileserver -pctspare 10</B> \
+ <B>-L" /usr/afs/bin/volserver /usr/afs/bin/salvager</B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf021.htm#HDRFILELOG">FileLog</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf128.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf130.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf129.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf131.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFMS" HREF="auarf002.htm#ToC_144">fms</A></H2>
+<A NAME="IDX4705"></A>
+<A NAME="IDX4706"></A>
+<A NAME="IDX4707"></A>
+<A NAME="IDX4708"></A>
+<A NAME="IDX4709"></A>
+<A NAME="IDX4710"></A>
+<A NAME="IDX4711"></A>
+<A NAME="IDX4712"></A>
+<A NAME="IDX4713"></A>
+<A NAME="IDX4714"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Determine a tape's capacity and a tape device's filemark size
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fms -tape</B> <<VAR>tape special file</VAR>> [<B>-help</B>]
+
+<B>fms -t</B> <<VAR>tape special file</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fms</B> command determines the capacity of the tape currently in
+the tape device identified by the <B>-tape</B> argument, along with the
+size of the filemark for the device. The filemark is also referred to
+as the device's end-of-file (EOF) marker, and can differ for each
+combination of tape and tape device.
+<P>As the Tape Coordinator writes a dump, it writes a filemark between the
+data included from each volume and also tracks the amount of space left before
+the end of the tape (EOT). For some tape devices, the filemark is large
+enough (multiple megabytes) that failure to consider it leads the Tape
+Coordinator significantly to overestimate the available space.
+<P>The intended use of this command is to determine tape capacity and filemark
+size values that can be specified in a tape device's entry in the
+<B>/usr/afs/backup/tapeconfig</B> file. For certain types of tape
+drives, the Tape Coordinator operates more efficiently when the
+<B>tapeconfig</B> file lists accurate values. For further
+discussion, see the <I>IBM AFS Administration Guide</I> chapter on
+configuring the Backup System.
+<P>Insert a tape in the drive before issuing this command.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use this command on compressing tape devices in compression mode or
+with tape devices that handle tapes of multigigabyte (or multiterabyte)
+capacity. It does not produce accurate results in those cases.
+For alternate suggestions on the values to record in the <B>tapeconfig</B>
+file for compressing drives, see the <I>IBM AFS Administration Guide</I>
+chapter on configuring the Backup System.
+<P>Running the command completely overwrites the tape, so use a blank one or
+one that can be recycled.
+<P>Because it writes filemarks to the complete length of the tape, the command
+can take from several hours to more than a day to complete.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-tape
+</B><DD>Specifies the UNIX device name of the tape device for which to determine
+filemark size and the capacity of the tape it currently contains. The
+format varies on different system types, but usually begins with
+<B>/dev</B>; an example is <B>/dev/sd0a</B>.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The command generates output both on the standard output stream and in the
+<B>fms.log</B> file that it creates in the current working
+directory. The output reports the capacity of the tape in the device
+and the device's filemark size.
+<P>The first few lines of output include status information about the
+execution of the command, including such information as the number of blocks
+and the number of file marks written to the tape by the command. The
+last two lines of both screen and file output provide the following
+information:
+<UL>
+<P><LI><TT>Tape capacity is</TT> <VAR>number</VAR> <TT>bytes</TT>:
+specifies the size, in bytes, of the tape in the device.
+<P><LI><TT>File marks are</TT> <VAR>number</VAR> <TT>bytes</TT>:
+specifies the device's filemark size in bytes.
+</UL>
+<P>The following message indicates that the <B>fms</B> command interpreter
+cannot access the tape device. The command halts.
+<PRE> Can't open tape drive <VAR>device</VAR>
+
+</PRE>
+<P>The following message indicates that the command interpreter cannot create
+the <B>fms.log</B> log file. Again, the command
+halts.
+<PRE> Can't open log file
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command illustrates the output for the device called
+<B>/dev/rmt1h</B>:
+<PRE> % <B>fms /dev/rmt1h</B>
+ wrote block: 130408
+ Finished data capacity test - rewinding
+ wrote 1109 blocks, 1109 file marks
+ Finished file mark test
+ Tape capacity is 2136604672 bytes
+ File marks are 1910205 bytes
+
+</PRE>
+<P>The following appears in the <B>fms.log</B> file:
+<PRE> fms test started
+ wrote 9230 blocks
+ Finished file mark test
+ Tape capacity is 151224320 bytes
+ File marks are 2375680 bytes
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be able to insert and write to files in the currently
+working directory, if the <B>fms.log</B> file does not already
+exist. If it already exists, the issuer need only be able to write to
+it.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf044.htm#HDRFMSLOG">fms.log</A>
+<P><A HREF="auarf050.htm#HDRTAPECONFIG">tapeconfig</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf129.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf131.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf130.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf132.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_INTRO" HREF="auarf002.htm#ToC_145">fs</A></H2>
+<A NAME="IDX4715"></A>
+<A NAME="IDX4716"></A>
+<A NAME="IDX4717"></A>
+<A NAME="IDX4718"></A>
+<A NAME="IDX4719"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>fs</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>fs</B> command suite constitute the main
+administrative interface to the Cache Manager on an AFS client machine, which
+is responsible for fetching AFS data from file server machines on behalf of
+applications running on the client machine.
+<P>There are several categories of commands in the <B>fs</B> command
+suite:
+<UL>
+<P><LI>Commands to set and report how the Cache Manager interacts with server
+machines: <B>fs checkservers</B>, <B>fs getcellstatus</B>,
+<B>fs getserverprefs</B>, <B>fs listcells</B>, <B>fs newcell</B>,
+<B>fs setcell</B>,
+<P><B>fs setserverprefs</B>, <B>fs sysname</B>, and <B>fs
+wscell</B>
+<P><LI>Commands to administer access control lists (ACLs): <B>fs
+cleanacl</B>, <B>fs copyacl</B>, <B>fs listacl</B>, and <B>fs
+setacl</B>
+<P><LI>Commands to administer server machines, volumes or partitions that house a
+given file or directory: <B>fs diskfree</B>, <B>fs examine</B>,
+<B>fs listquota</B>, <B>fs quota</B>, <B>fs setquota</B>, <B>fs
+setvol</B>,
+<P><B>fs whereis</B>, and <B>fs whichcell</B>
+<P><LI>Commands to administer the local client cache and related
+information: <B>fs checkvolumes</B>, <B>fs flush</B>, <B>fs
+flushvolume</B>, <B>fs getcacheparms</B>, and <B>fs setcachesize</B>
+<P><LI>Commands to administer volume mount points: <B>fs lsmount</B>,
+<B>fs mkmount</B>, and <B>fs rmmount</B>
+<P><LI>Commands to control monitoring and tracing: <B>fs debug</B>, and
+<B>fs messages</B>
+<P><LI>A command to administer the Cache Manager's interaction with other
+file systems: <B>fs exportafs</B>
+<P><LI>Commands to obtain help: <B>fs apropos</B> and <B>fs
+help</B>
+</UL>
+<P>The Cache Manager and the <B>fs</B> commands use and maintain the
+following configuration files:
+<UL>
+<P><LI>The <B>/usr/vice/etc/CellServDB</B> file lists the database server
+machines in the local cell and any foreign cell to which the administrator
+wishes to enable AFS access for users working on the machine. The
+database server machines run the Authentication, Backup, Protection and Volume
+Location (VL) Server processes, which maintain databases of administrative
+information. For users to access a cell, its
+<B>root.cell</B> volume must also be mounted in the local
+cell's AFS file tree.
+<P><LI>The <B>/usr/vice/etc/ThisCell</B> file defines the machine's cell
+membership with respect to the AFS command suites and Cache Manager access to
+AFS data.
+<P><LI>The <B>/usr/vice/etc/cacheinfo</B> file defines configuration
+parameters for the cache, including its size and whether it is in memory or on
+disk.
+</UL>
+<P>In addition, the Cache Manager automatically creates files on the cache
+partition (by default, <B>/usr/vice/cache</B> for caching and tracking
+files fetched from file server machines.
+<P>For more details, see the reference page for each file.
+<P><STRONG>Options</STRONG>
+<P>The following flag is available on every command in the <B>fs</B>
+suite. The reference page for each command also lists it, but it is
+described here in greater detail.
+<A NAME="IDX4720"></A>
+<A NAME="IDX4721"></A>
+<A NAME="IDX4722"></A>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<A NAME="IDX4723"></A>
+<A NAME="IDX4724"></A>
+<P>The privileges required for <B>fs</B> commands vary more than for other
+command suites. Pay special attention to the <B>Privilege
+Required</B> section of each command description.
+<P>The various types of necessary privilege include:
+<UL>
+<P><LI>Having permissions on a directory's ACL. For example, creating
+and removing mount points requires <B>a</B> (<B>administer</B>),
+<B>i</B> (<B>insert</B>), and <B>d</B> (<B>delete</B>)
+permissions on the ACL of the directory in which the mount point
+resides.
+<P><LI>Being logged onto the machine as the local superuser
+<B>root</B>. This is necessary when issuing commands that affect
+Cache Manager configuration.
+<P><LI>Belonging to the <B>system:administrators</B> group in the
+Protection Database.
+<P><LI>No privilege. Many <B>fs</B> commands simply list
+information.
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf017.htm#HDRCACHEITEMS">CacheItems</A>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf036.htm#HDRVN">V<I>n</I></A>
+<P><A HREF="auarf040.htm#HDRVOLUMEITEMS">VolumeItems</A>
+<P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<P><A HREF="auarf132.htm#HDRFS_APROPOS">fs apropos</A>
+<P><A HREF="auarf133.htm#HDRFS_CHECKSERVERS">fs checkservers</A>
+<P><A HREF="auarf134.htm#HDRFS_CHECKVOLUMES">fs checkvolumes</A>
+<P><A HREF="auarf135.htm#HDRFS_CLEANACL">fs cleanacl</A>
+<P><A HREF="auarf136.htm#HDRFS_COPYACL">fs copyacl</A>
+<P><A HREF="auarf137.htm#HDRFS_DISKFREE">fs diskfree</A>
+<P><A HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<P><A HREF="auarf139.htm#HDRFS_EXPORTAFS">fs exportafs</A>
+<P><A HREF="auarf140.htm#HDRFS_FLUSH">fs flush</A>
+<P><A HREF="auarf141.htm#HDRFS_FLUSHMOUNT">fs flushmount</A>
+<P><A HREF="auarf142.htm#HDRFS_FLUSHVOLUME">fs flushvolume</A>
+<P><A HREF="auarf143.htm#HDRFS_GETCACHEPARMS">fs getcacheparms</A>
+<P><A HREF="auarf144.htm#HDRFS_GETCELLSTATUS">fs getcellstatus</A>
+<P><A HREF="auarf145.htm#HDRFS_GETCLIENTADDRS">fs getclientaddrs</A>
+<P><A HREF="auarf146.htm#HDRFS_GETSERVERPREFS">fs getserverprefs</A>
+<P><A HREF="auarf147.htm#HDRFS_HELP">fs help</A>
+<P><A HREF="auarf148.htm#HDRFS_LISTACL">fs listacl</A>
+<P><A HREF="auarf149.htm#HDRFS_LISTCELLS">fs listcells</A>
+<P><A HREF="auarf150.htm#HDRFS_LISTQUOTA">fs listquota</A>
+<P><A HREF="auarf151.htm#HDRFS_LSMOUNT">fs lsmount</A>
+<P><A HREF="auarf152.htm#HDRFS_MESSAGES">fs messages</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf154.htm#HDRFS_NEWCELL">fs newcell</A>
+<P><A HREF="auarf155.htm#HDRFS_QUOTA">fs quota</A>
+<P><A HREF="auarf156.htm#HDRFS_RMMOUNT">fs rmmount</A>
+<P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
+<P><A HREF="auarf158.htm#HDRFS_SETCACHESIZE">fs setcachesize</A>
+<P><A HREF="auarf159.htm#HDRFS_SETCELL">fs setcell</A>
+<P><A HREF="auarf160.htm#HDRFS_SETCLIENTADDRS">fs setclientaddrs</A>
+<P><A HREF="auarf161.htm#HDRFS_SETQUOTA">fs setquota</A>
+<P><A HREF="auarf162.htm#HDRFS_SETSERVERPREFS">fs setserverprefs</A>
+<P><A HREF="auarf163.htm#HDRFS_SETVOL">fs setvol</A>
+<P><A HREF="auarf164.htm#HDRFS_STOREBEHIND">fs storebehind</A>
+<P><A HREF="auarf165.htm#HDRFS_SYSNAME">fs sysname</A>
+<P><A HREF="auarf166.htm#HDRFS_WHEREIS">fs whereis</A>
+<P><A HREF="auarf167.htm#HDRFS_WHICHCELL">fs whichcell</A>
+<P><A HREF="auarf168.htm#HDRFS_WSCELL">fs wscell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf130.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf132.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf131.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf133.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_APROPOS" HREF="auarf002.htm#ToC_146">fs apropos</A></H2>
+<A NAME="IDX4725"></A>
+<A NAME="IDX4726"></A>
+<A NAME="IDX4727"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>fs ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs apropos</B> command displays the first line of the online
+help entry for any <B>fs</B> command that has in its name or short
+description the string specified by the <B>-topic</B> argument.
+<P>To display the syntax for a command, use the <B>fs help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>fs</B> command where the string specified with the <B>-topic</B>
+argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>fs</B> commands that include the
+word <B>cache</B> in their names or short online descriptions:
+<PRE> % <B>fs apropos cache</B>
+ setcachesize: set cache size
+ flush: flush file from cache
+ getcacheparms: get cache usage info
+ monitor: set cache monitor host address
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf131.htm#HDRFS_INTRO">fs</A>
+<P><A HREF="auarf147.htm#HDRFS_HELP">fs help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf131.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf133.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf132.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf134.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_CHECKSERVERS" HREF="auarf002.htm#ToC_147">fs checkservers</A></H2>
+<A NAME="IDX4728"></A>
+<A NAME="IDX4729"></A>
+<A NAME="IDX4730"></A>
+<A NAME="IDX4731"></A>
+<A NAME="IDX4732"></A>
+<A NAME="IDX4733"></A>
+<A NAME="IDX4734"></A>
+<A NAME="IDX4735"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the status of server machines
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs checkservers</B> [<B>-cell</B> <<VAR>cell to check</VAR>>] [<B>-all</B>] [<B>-fast</B>]
+ [<B>-interval</B> <<VAR>seconds between probes</VAR>>] [<B>-help</B>]
+
+<B>fs checks</B> [<B>-c</B> <<VAR>cell to check</VAR>>] [<B>-a</B>] [<B>-f</B>]
+ [<B>-i</B> <<VAR>seconds between probes</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs checkservers</B> command reports whether certain AFS server
+machines are accessible from the local client machine. The machines
+belong to one of two classes, and the Cache Manager maintains a list of them
+in kernel memory:
+<UL>
+<P><LI>The database server machines in every cell listed in the local
+<B>/usr/vice/etc/CellServDB file</B>, plus any machines added to the
+memory list by the <B>fs newcell</B> command since the last reboot.
+<P><LI>All file server machines the Cache Manager has recently contacted, and
+which it probably needs to contact again soon. In most cases, the Cache
+Manager holds a callback on a file or volume fetched from the machine.
+</UL>
+<P>If the Cache Manager is unable to contact the <B>vlserver</B> process
+on a database server machine or the <B>fileserver</B> process on a file
+server machine, it marks the machine as inaccessible. (Actually, if a
+file server machine is multihomed, the Cache Manager attempts to contact all
+of the machine's interfaces, and only marks the machine as down if the
+<B>fileserver</B> fails to reply via any of them.) The Cache
+Manager then periodically (by default, every three minutes) sends a probe to
+each marked machine, to see if it is still inaccessible. If a
+previously inaccessible machine responds, the Cache Manager marks it as
+accessible and no longer sends the periodic probes to it.
+<P>The <B>fs checkservers</B> command updates the list of inaccessible
+machines by having the Cache Manager probe a specified set of them:
+<UL>
+<P><LI>By default, only machines that are marked inaccessible and belong to the
+local cell (the cell listed in the local <B>/usr/vice/etc/ThisCell</B>
+file)
+<P><LI>If the <B>-cell</B> argument is included, only machines that are
+marked inaccessible and belong to the specified cell
+<P><LI>If the <B>-all</B> flag is included, all machines marked inaccessible
+</UL>
+<P>If the <B>-fast</B> flag is included, the Cache Manager does not probe
+any machines, but instead reports the results of the most recent previous
+probe.
+<P>To set the interval between probes rather than produce a list of
+inaccessible machines, use the <B>-interval</B> argument. The
+non-default setting persists until the machine reboots; to preserve it
+across reboots, put the appropriate <B>fs checkservers</B> command in the
+machine's AFS initialization files.
+<P><STRONG>Cautions</STRONG>
+<P>The command can take quite a while to complete, if a number of machines do
+not respond to the Cache Manager's probe. The Cache Manager probes
+machines sequentially and waits a standard timeout period before marking the
+machine as unresponsive, to allow for slow network communication. To
+make the command shell prompt return quickly, put the command in the
+background. It is harmless to interrupt the command by typing
+<B>Ctrl-c</B> or another interrupt signal.
+<P>Note that the Cache Manager probes only server machines marked inaccessible
+in its memory list. A server machine's absence from the output
+does not necessarily mean that it is functioning, because it possibly is not
+included in the memory list at all (if, for example, the Cache Manager has not
+contacted it recently). For the same reason, the output is likely to
+vary on different client machines.
+<P>Unlike most <B>fs</B> commands, the <B>fs checkservers</B> command
+does not refer to the AFSCELL environment variable.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Names each cell in which to probe server machines marked as
+inaccessible. Provide the fully qualified domain name, or a shortened
+form that disambiguates it from the other cells listed in the local
+<B>/usr/vice/etc/CellServDB</B> file. Combine this argument with
+the <B>-fast</B> flag if desired, but not with the <B>-all</B>
+flag. Omit both this argument and the <B>-all</B> flag to probe
+machines in the local cell only.
+<P><DT><B>-all
+</B><DD>Probes all machines in the Cache Manager's memory list that are
+marked inaccessible. Combine this argument with the <B>-fast</B>
+flag if desired, but not with the <B>-cell</B> argument. Omit both
+this flag and the <B>-cell</B> argument to probe machines in the local
+cell only.
+<P><DT><B>-fast
+</B><DD>Displays the Cache Manager's current list of machines that are
+inaccessible, rather than sending new probes. The output can as old as
+the current setting of the probe interval (by default three minutes, and
+maximum ten minutes).
+<P><DT><B>-interval
+</B><DD>Sets or reports the number of seconds between the Cache Manager's
+probes to machines in the memory list that are marked inaccessible:
+<UL>
+<P><LI>To set the interval, specify a value from the range between <B>1</B>
+and <B>600</B> (10 minutes); the default is <B>180</B> (three
+minutes). The issuer must be logged in as the local superuser
+<B>root</B>. The altered setting persists until again changed with
+this command, or until the machine reboots, at which time the setting returns
+to the default.
+<P><LI>Provide a value of <B>0</B> (zero) to display the current interval
+setting. No privilege is required. Do not combine this argument
+with any other.
+</UL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If there are no machines marked as inaccessible, or if all of them now
+respond to the Cache Manager's probe, the output is:
+<PRE> All servers are running.
+
+</PRE>
+<P>Note that this message does not mean that all server machines in each
+relevant cell are running. The output indicates the status of only
+those machines that the Cache Manager probes.
+<P>If a machine fails to respond to the probe within the timeout period, the
+output begins with the string
+<PRE> These servers unavailable due to network or server problems:
+
+</PRE>
+<P>and lists the hostname of each machine on its own line. The Cache
+Manager stores machine records by Internet address, so the format of each
+hostname (uppercase or lowercase letters, or an Internet address in dotted
+decimal format) depends on how the local cell's name service translates
+it at the time the command is issued. If a server machine is
+multihomed, the output lists only one of its interfaces (usually, the
+currently most preferred one).
+<P>If the <B>-interval</B> argument is provided with a value between
+<B>1</B> and <B>600</B>, there is no output. If the value is
+<B>0</B>, the output reports the probe interval as follows:
+<PRE> The current down server probe interval is <VAR>interval</VAR> secs
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the Cache Manager's current list of
+unresponsive machines in the local cell, rather than probing them
+again. The output indicates that if there were any machines marked
+inaccessible, they all responded to the previous probe.
+<PRE> % <B>fs checkservers -fast</B>
+ All servers are running.
+
+</PRE>
+<P>The following example probes machines in the Cache Manager's memory
+list that belong to the <B>stateu.edu</B> cell:
+<PRE> % <B>fs checkservers -cell stateu.edu</B>
+ All servers are running.
+
+</PRE>
+<P>The following example probes all server machines in the Cache
+Manager's memory list. It reports that two machines did not
+respond to the probe.
+<PRE> % <B>fs checkservers -all</B>
+ These servers unavailable due to network or server problems:
+ fs1.abc.com SV3.STATE.EDU.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To set the probe interval, the issuer must be logged in as the local
+superuser <B>root</B>. Otherwise, no privilege is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf154.htm#HDRFS_NEWCELL">fs newcell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf132.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf134.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf133.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf135.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_CHECKVOLUMES" HREF="auarf002.htm#ToC_148">fs checkvolumes</A></H2>
+<A NAME="IDX4736"></A>
+<A NAME="IDX4737"></A>
+<A NAME="IDX4738"></A>
+<A NAME="IDX4739"></A>
+<A NAME="IDX4740"></A>
+<A NAME="IDX4741"></A>
+<A NAME="IDX4742"></A>
+<A NAME="IDX4743"></A>
+<A NAME="IDX4744"></A>
+<A NAME="IDX4745"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Forces the Cache Manager to update volume-related information
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs checkvolumes</B> [<B>-help</B>]
+
+<B>fs checkv</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs checkvolumes</B> command discards the table of mappings
+between volume names and volume ID numbers that the Cache Manager stores in
+memory and uses when fetching data from volumes. The next time an
+application requests AFS data, the Cache Manager must contact the Volume
+Location (VL) Server for volume location information, and then an appropriate
+file server machine for the actual data.
+<P>The Cache Manager updates the table of mappings periodically (by default,
+hourly), but this command is useful if the issuer knows that a volume's
+name has changed, or that new read-only replicas of a volume have been
+released, because issuing it forces the Cache Manager to reference the changed
+volume.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following message confirms that the command ran successfully.
+<PRE> All volumeID/name mappings checked.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf133.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf135.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf134.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf136.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_CLEANACL" HREF="auarf002.htm#ToC_149">fs cleanacl</A></H2>
+<A NAME="IDX4746"></A>
+<A NAME="IDX4747"></A>
+<A NAME="IDX4748"></A>
+<A NAME="IDX4749"></A>
+<A NAME="IDX4750"></A>
+<A NAME="IDX4751"></A>
+<A NAME="IDX4752"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Remove obsolete entries from an ACL
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs cleanacl </B>[<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs cl</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs cleanacl</B> command removes from the access control list
+(ACL) of each specified directory or file any entry that refers to a user or
+group that no longer has a Protection Database entry. Such an entry
+appears on the ACL as an AFS user ID number (UID) rather than a name, because
+without a Protection Database entry, the File Server cannot translate the UID
+into a name.
+<P>Cleaning access control lists in this way not only keeps them from becoming
+crowded with irrelevant information, but also prevents the new possessor of a
+recycled AFS UID from obtaining access intended for the former possessor of
+the AFS UID. (Note that recycling UIDs is not recommended in any
+case.)
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each directory for which to clean the ACL (specifying a filename
+cleans its directory's ACL). If this argument is omitted, the
+current working directory's ACL is cleaned.
+<P>Specify the read/write path to each directory, to avoid the failure that
+results from attempting to change a read-only volume. By convention,
+the read/write path is indicated by placing a period before the cell name at
+the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If there are no obsolete entries on the ACL, the following message
+appears:
+<PRE> Access list for <VAR>dir/file path</VAR> is fine.
+
+</PRE>
+<P>Otherwise, the output reports the resulting state of the ACL, following the
+header
+<PRE> Access list for <VAR>dir/file path</VAR> is now
+
+</PRE>
+<P>At the same time, the following error message appears for each file in the
+cleaned directories:
+<PRE> fs: '<VAR>filename</VAR>': Not a directory
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example illustrates the cleaning of the ACLs on the current
+working directory and two of its subdirectories. Only the second
+subdirectory had obsolete entries on it.
+<PRE> % <B>fs cleanacl -path . ./reports ./sources</B>
+ Access list for . is fine.
+ Access list for ./reports is fine.
+ Access list for ./sources is now
+ Normal rights:
+ system:authuser rl
+ pat rlidwka
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>a</B> (<B>administer</B>) permission on
+each directory's ACL (or the ACL of each file's parent
+directory); the directory's owner and the members of the
+<B>system:administrators</B> group have the right implicitly, even
+if it does not appear on the ACL.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf148.htm#HDRFS_LISTACL">fs listacl</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf134.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf136.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf135.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf137.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_COPYACL" HREF="auarf002.htm#ToC_150">fs copyacl</A></H2>
+<A NAME="IDX4753"></A>
+<A NAME="IDX4754"></A>
+<A NAME="IDX4755"></A>
+<A NAME="IDX4756"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Copies an ACL from one directory to one or more other directories
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs copyacl -fromdir</B> <<VAR>source directory (or DFS file)</VAR>>
+ <B>-todir</B> <<VAR>destination directory (or DFS file)</VAR>><SUP>+</SUP>
+ [<B>-clear</B>] [<B>-id</B>] [<B>-if</B>] [<B>-help</B>]
+
+<B>fs co -f</B> <<VAR>source directory (or DFS file)</VAR>>
+ <B>-t</B> <<VAR>destination directory (or DFS file)</VAR>><SUP>+</SUP>
+ [<B>-c</B>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs copyacl</B> command copies the access control list (ACL) from
+a source directory to each specified destination directory. The source
+directory's ACL is unchanged, and changes to the destination
+directory's ACL obey the following rules:
+<UL>
+<P><LI>If an entry on the source ACL does not already exist on the destination
+ACL, it is added.
+<P><LI>If an entry exists on both the source and destination ACLs, the
+permissions from the source ACL entry replace the current permissions on the
+destination ACL entry.
+<P><LI>If an entry on the destination ACL has no corresponding entry on the
+source ACL, it is removed if the <B>-clear</B> flag is included and is
+unchanged otherwise. In other words, if the <B>-clear</B> flag is
+provided, the source ACL completely replaces the destination ACL.
+</UL>
+<P>When using this command to copy ACLs between objects in DFS filespace
+accessed via the AFS/DFS Migration Toolkit Protocol Translator, it is possible
+to specify files, as well as directories, with the <B>-fromdir</B> and
+<B>-todir</B> arguments. For more information on copying ACLs
+between DFS directories and files, refer to the <I>IBM AFS/DFS Migration
+Toolkit Administration Guide and Reference</I>.
+<P><STRONG>Cautions</STRONG>
+<P>Do not copy ACLs between AFS and DFS files or directories. The ACL
+formats are incompatible.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-fromdir
+</B><DD>Specifies the source directory from which to copy the ACL.
+(Specifying an AFS file copies its directory's ACL, but specifying a DFS
+file copies its own ACL). A partial pathname is interpreted relative to
+the current working directory.
+<P><DT><B>-todir
+</B><DD>Specifies each directory for which to alter the ACL to match the source
+ACL. (Specifying an AFS file halts the command with an error, but
+specifying a DFS file alters the file's ACL). A partial pathname
+is interpreted relative to the current working directory.
+<P>Specify the read/write path to each directory (or DFS file), to avoid the
+failure that results from attempting to change a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-clear
+</B><DD>Replaces the ACL of each destination directory with the source ACL.
+<P><DT><B>-id
+</B><DD>Modifies the Initial Container ACL of each DFS directory named by the
+<B>-todir</B> argument, rather than the regular Object ACL. This
+argument is supported only when both the source and each destination directory
+reside in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol
+Translator.
+<P><DT><B>-if
+</B><DD>Modifies the Initial Object ACL of each DFS directory named by the
+<B>-todir</B> argument, rather than the regular Object ACL. This
+argument is supported only when both the source and each destination directory
+reside in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol
+Translator.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command copies the current working directory's
+ACL to its subdirectory called <B>reports</B>. Note that the source
+directory's ACL is unaffected. Entries on the <B>reports</B>
+directory's that are not on the source ACL of the current directory
+remain unaffected as well, because the <B>-clear</B> flag is not
+used.
+<PRE> % <B>fs listacl . reports</B>
+ Access list for . is
+ Normal rights:
+ pat rlidwka
+ smith rlidwk
+ Access list for reports is
+ Normal rights:
+ pat rl
+ pat:friends rl
+ Negative rights
+ jones rlidwka
+
+ % <B>fs copyacl -fromdir . -todir reports</B>
+
+ % <B>fs listacl . reports</B>
+ Access list for . is
+ Normal rights:
+ pat rlidwka
+ smith rlidwk
+ Access list for reports is
+ Normal rights:
+ pat rlidwka
+ pat:friends rl
+ smith rlidwk
+ Negative rights
+ jones rlidwka
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To copy an ACL between AFS objects, the issuer must have the <B>l</B>
+(<B>lookup)</B>) permission on the source directory's ACL and the
+<B>a</B> (<B>administer</B>) permission on each destination
+directory's ACL. If the <B>-fromdir</B> argument names a file
+rather than a directory, the issuer must have both the <B>l</B> and
+<B>r</B> (<B>read</B>) permissions on the ACL of the file's
+directory.
+<P>To copy an ACL between DFS objects, the issuer must have the <B>r</B>
+permission on the source directory or file's ACL and the <B>c</B>
+(<B>control</B>) permission on each destination directory or file's
+ACL.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf148.htm#HDRFS_LISTACL">fs listacl</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
+<P><I>IBM AFS/DFS Migration Toolkit Administration Guide and Reference</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf135.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf137.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf136.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf138.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_DISKFREE" HREF="auarf002.htm#ToC_151">fs diskfree</A></H2>
+<A NAME="IDX4757"></A>
+<A NAME="IDX4758"></A>
+<A NAME="IDX4759"></A>
+<A NAME="IDX4760"></A>
+<A NAME="IDX4761"></A>
+<A NAME="IDX4762"></A>
+<A NAME="IDX4763"></A>
+<A NAME="IDX4764"></A>
+<A NAME="IDX4765"></A>
+<A NAME="IDX4766"></A>
+<A NAME="IDX4767"></A>
+<A NAME="IDX4768"></A>
+<A NAME="IDX4769"></A>
+<A NAME="IDX4770"></A>
+<A NAME="IDX4771"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays information about the partition housing a directory or file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs diskfree</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs df</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+
+<B>fs di</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs diskfree</B> command formats and displays information about
+the partition that houses the volume containing the specified directory or
+file, including its size and how much space is currently used.
+<P>To display information about the volume itself, use the <B>fs
+examine</B> command. The <B>fs examine</B> and <B>fs
+quota</B> commands also display information about a volume.
+<P><STRONG>Cautions</STRONG>
+<P>The partition-related statistics in this command's output do not
+always agree with the corresponding values in the output of the standard UNIX
+<B>df</B> command. The statistics reported by this command can be
+up to five minutes old, because the Cache Manager polls the File Server for
+partition information at that frequency. Also, on some operating
+systems, the <B>df</B> command's report of partition size includes
+reserved space not included in this command's calculation, and so is
+likely to be about 10% larger.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names a file or directory that resides on the partition about which to
+produce output. Partial pathnames are interpreted relative to the
+current working directory, which is also the default value if this argument is
+omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output reports the following information about the volume and partition
+that houses each file or directory:
+<DL>
+<P><DT><B><TT>Volume Name</TT>
+</B><DD>The name of the volume
+<P><DT><B><TT>kbytes</TT>
+</B><DD>The partition's total size in kilobytes
+<P><DT><B><TT>used</TT>
+</B><DD>The number of kilobytes used on the partition
+<P><DT><B><TT>avail</TT>
+</B><DD>The number of kilobytes available on the partition
+<P><DT><B><TT>%used</TT>
+</B><DD>The percentage of the partition's total space that is used (the
+<TT>used</TT> statistic divided by the <TT>kbytes</TT> statistic, times
+100)
+</DL>
+<P>If the <TT>%used</TT> statistic is greater than 90%, it is marked with
+the string <TT><<WARNING</TT> at the right margin.
+<P>If the volume is a read-only volume, the output includes information about
+only one of the partitions that houses it, generally the one on the file
+server machine with the lowest preference rank. To verify which machine
+the output is referring to, use the <B>vos listvldb</B> command to list
+the volume's locations, and the <B>vos partinfo</B> command to
+display the size of each one.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output for the partitions housing the
+volumes <B>user.smith</B> and <B>sun4x_56.bin</B>:
+<PRE> % <B>fs diskfree -path /afs/abc.com/usr/smith /afs/abc.com/sun4x_56/bin</B>
+ Volume Name kbytes used avail %used
+ user.smith 4177920 3841258 336662 92% <<WARNING
+ sun4x_56.bin 4423680 3174500 1249180 72%
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf136.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf138.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf137.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf139.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_EXAMINE" HREF="auarf002.htm#ToC_152">fs examine</A></H2>
+<A NAME="IDX4772"></A>
+<A NAME="IDX4773"></A>
+<A NAME="IDX4774"></A>
+<A NAME="IDX4775"></A>
+<A NAME="IDX4776"></A>
+<A NAME="IDX4777"></A>
+<A NAME="IDX4778"></A>
+<A NAME="IDX4779"></A>
+<A NAME="IDX4780"></A>
+<A NAME="IDX4781"></A>
+<A NAME="IDX4782"></A>
+<A NAME="IDX4783"></A>
+<A NAME="IDX4784"></A>
+<A NAME="IDX4785"></A>
+<A NAME="IDX4786"></A>
+<A NAME="IDX4787"></A>
+<A NAME="IDX4788"></A>
+<A NAME="IDX4789"></A>
+<A NAME="IDX4790"></A>
+<A NAME="IDX4791"></A>
+<A NAME="IDX4792"></A>
+<A NAME="IDX4793"></A>
+<A NAME="IDX4794"></A>
+<A NAME="IDX4795"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays information about the volume containing a directory or file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs examine</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs exa</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+
+<B>fs listvol</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+
+<B>fs listv</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+
+<B>fs lv</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs examine</B> command displays information about the volume
+containing each specified directory or file, including its volume ID number,
+quota and the percentage of its quota that is used.
+<P>This command provides the most information about a volume, but the <B>fs
+listquota</B> command displays similar information in tabular format, and
+the <B>fs quota</B> command reports only the percentage of quota
+used.
+<P>To set volume quota, use the <B>fs setquota</B> or <B>fs setvol</B>
+command.
+<P><STRONG>Cautions</STRONG>
+<P>The partition-related statistics in this command's output do not
+always agree with the corresponding values in the output of the standard UNIX
+<B>df</B> command. The statistics reported by this command can be
+up to five minutes old, because the Cache Manager polls the File Server for
+partition information at that frequency. Also, on some operating
+systems, the <B>df</B> command's report of partition size includes
+reserved space not included in this command's calculation, and so is
+likely to be about 10% larger.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names a file or directory that resides in the volume about which to
+produce output. Partial pathnames are interpreted relative to the
+current working directory, which is also the default value if this argument is
+omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output displays information about the volume that houses each specified
+directory or file, in the following format
+<PRE> Volume status for vid = <VAR>volume ID</VAR> named <VAR>volume name</VAR>
+ Current offline message is <VAR>message</VAR>
+ Current disk quota is <VAR>quota in kilobytes</VAR>
+ Current blocks used are <VAR>volume size in kilobytes</VAR>
+ The partition has <VAR>available partition</VAR> blocks available out of
+ <VAR>partition size</VAR>
+
+</PRE>
+<P>where the first line specifies the volume's ID number and name.
+The <TT>Current</TT> <TT>offline</TT> <TT>message</TT> line appears only
+if an administrator has included the <B>-offlinemsg</B> argument to the
+<B>fs setvol</B> command. The remaining lines report, respectively,
+<UL>
+<P><LI>the volume's quota in kilobytes, or the string <TT>unlimited</TT>
+to indicate an unlimited quota
+<P><LI>the volume's current size in kilobytes
+<P><LI>the number of blocks available and total size of the host partition, both
+in kilobytes.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output for the volume
+<B>user.smith</B> and the partition housing it:
+<PRE> % <B>fs examine -path /afs/abc.com/usr/smith</B>
+ Volume status for vid = 50489902 named user.smith
+ Current maximum quota is 15000
+ Current blocks used are 5073
+ The partition has 336662 blocks available out of 4177920
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf150.htm#HDRFS_LISTQUOTA">fs listquota</A>
+<P><A HREF="auarf155.htm#HDRFS_QUOTA">fs quota</A>
+<P><A HREF="auarf161.htm#HDRFS_SETQUOTA">fs setquota</A>
+<P><A HREF="auarf163.htm#HDRFS_SETVOL">fs setvol</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf137.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf139.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf138.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf140.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_EXPORTAFS" HREF="auarf002.htm#ToC_153">fs exportafs</A></H2>
+<A NAME="IDX4796"></A>
+<A NAME="IDX4797"></A>
+<A NAME="IDX4798"></A>
+<A NAME="IDX4799"></A>
+<A NAME="IDX4800"></A>
+<A NAME="IDX4801"></A>
+<A NAME="IDX4802"></A>
+<A NAME="IDX4803"></A>
+<A NAME="IDX4804"></A>
+<A NAME="IDX4805"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports or sets whether the machine can export AFS to clients of other file
+systems
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs exportafs -type</B> <<VAR>exporter name</VAR>>
+ [<B>-start</B> <<VAR>start/stop translator (on | off)</VAR>>]
+ [<B>-convert</B> <<VAR>convert from afs to unix mode (on | off)</VAR>>]
+ [<B>-uidcheck</B> <<VAR>run on strict 'uid check' mode (on | off)</VAR>>]
+ [<B>-submounts</B> <<VAR>allow nfs mounts to subdirs of /afs/.. (on | off)</VAR>>]
+ [<B>-help</B>]
+
+<B>fs exp -t</B> <<VAR>exporter name</VAR>>
+ [<B>-st</B> <<VAR>start/stop translator (on | off)</VAR>>]
+ [<B>-c</B> <<VAR>convert from afs to unix mode (on | off)</VAR>>]
+ [<B>-u</B> <<VAR>run on strict 'uid check' mode (on | off)</VAR>>]
+ [<B>-su</B> <<VAR>allow nfs mounts to subdirs of /afs/.. (on | off)</VAR>>]
+ [<B>-help</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs exportafs</B> command sets (if the <B>-start</B> argument
+is provided) or reports (if it is omitted) whether the machine can reexport
+the AFS filespace to clients of a non-AFS file system. To control
+certain features of the translation protocol, use the following
+arguments:
+<UL>
+<P><LI>To control whether the UNIX <B>group</B> and <B>other</B> mode
+bits on an AFS file or directory are set to match the <B>owner</B> mode
+bits when it is exported to the non-AFS file system, use the
+<B>-convert</B> argument.
+<P><LI>To control whether tokens can be placed in a credential structure
+identified by a UID that differs from the local UID of the entity that is
+placing the tokens in the structure, use the <B>-uidcheck</B>
+argument. The most common use is to control whether issuers of the
+<B>knfs</B> command can specify a value for its <B>-id</B> argument
+that does not match their local UID on the NFS/AFS translator machine.
+<P><LI>To control whether users can create mounts in the non-AFS filespace to an
+AFS directory other than <B>/afs</B>, use the <B>-submounts</B>
+argument.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-type
+</B><DD>Names the alternate file system to which to reexport the AFS
+filespace. The only acceptable value is <B>nfs</B>, in lowercase
+letters only.
+<P><DT><B>-start
+</B><DD>Enables the local machine to reexport the AFS filespace if the value is
+<B>on</B>, or disables it if the value is <B>off</B>. Omit this
+argument to report the current setting for all of the configurable
+parameters.
+<P><DT><B>-convert
+</B><DD>Controls the setting of the UNIX <B>group</B> and <B>other</B>
+mode bits on AFS files and directories exported to the non-AFS file
+system. If the value is <B>on</B>, they are set to match the
+<B>owner</B> mode bits. If the value is <B>off</B>, the bits
+are not changed. If this argument is omitted, the default value is
+<B>on</B>.
+<P><DT><B>-uidcheck
+</B><DD>Controls whether tokens can be placed in a credential structure identified
+by a UID that differs from the local UID of the entity that is placing the
+tokens in the structure.
+<UL>
+<P><LI>If the value is <B>on</B>, the UID that identifies the credential
+structure must match the local UID.
+<P>With respect to the <B>knfs</B> command, this value means that the
+value of <B>-id</B> argument must match the issuer's local UID on the
+translator machine. In practice, this setting makes it pointless to
+include the <B>-id</B> argument to the <B>knfs</B> command, because
+the only acceptable value (the issuer's local UID) is already used when
+the <B>-id</B> argument is omitted.
+<P>Enabling UID checking also makes it impossible to issue the <B>klog</B>
+and <B> pagsh</B> commands on a client machine of the non-AFS file system
+even though it is a system type supported by AFS. For an explanation,
+see the reference page for the <B>klog</B> command.
+<P><LI>If the value is <B>off</B> (the default), tokens can be assigned to a
+local UID in the non-AFS file system that does not match the local UID of the
+entity assigning the tokens.
+<P>With respect to the <B>knfs</B> command, it means that the issuer can
+use the <B>-id</B> argument to assign tokens to a local UID on the NFS
+client machine that does not match his or her local UID on the translator
+machine. (An example is assigning tokens to the MFS client
+machine's local superuser <B>root</B>.) This setting allows
+more than one issuer of the <B>knfs</B> command to make tokens available
+to the same user on the NFS client machine. Each time a different user
+issues the <B>knfs</B> command with the same value for the <B>-id</B>
+argument, that user's tokens overwrite the existing ones. This can
+result in unpredictable access for the user on the NFS client machine.
+</UL>
+<P><DT><B>-submounts
+</B><DD>Controls whether a user of the non-AFS filesystem can mount any directory
+in the AFS filespace other than the top-level <B>/afs</B>
+directory. If the value is <B>on</B>, such submounts are
+allowed. If the value is off, only mounts of the <B>/afs</B>
+directory are allowed. If this argument is omitted, the default value
+is <B>off</B>.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the machine is not even configured as a server of the non-AFS file
+system, the following message appears:
+<PRE> Sorry, the <VAR>file_system</VAR>-exporter type is currently not supported on
+ this AFS client
+
+</PRE>
+<P>If the machine is configured as a server of the non-AFS file system but is
+not currently enabled to reexport AFS to it (because the <B>-start</B>
+argument to this command is not set to <B>on</B>), the message is as
+follows:
+<PRE> '<VAR>file_system</VAR>' translator is disabled
+
+</PRE>
+<P>If the machine is enabled to reexport AFS, the following message precedes
+messages that report the settings of the other parameters.
+<PRE> '<VAR>file_system</VAR>' translator is enabled with the following options:
+
+</PRE>
+<P>The following messages indicate that the <B>-convert</B> argument is
+set to <B>on</B> or <B>off</B> respectively:
+<PRE> Running in convert owner mode bits to world/other mode
+ Running in strict unix mode
+
+</PRE>
+<P>The following messages indicate that the <B>-uidcheck</B> argument is
+set to <B>on</B> or <B>off</B> respectively:
+<PRE> Running in strict 'passwd sync' mode
+ Running in no 'passwd sync' mode
+
+</PRE>
+<P>The following messages indicate that the <B>-submounts</B> argument is
+set to <B>on</B> or <B>off</B> respectively:
+<PRE> Allow mounts of /afs/.. subdirs
+ Only mounts to /afs allowed
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows that the local machine can export AFS to NFS
+client machines.
+<PRE> % <B>fs exportafs nfs</B>
+ 'nfs' translator is enabled with the following options:
+ Running in convert owner mode bits to world/other mode
+ Running in no 'passwd sync' mode
+ Only mounts to /afs allowed
+
+</PRE>
+<P>The following example enables the machine as an NFS server and converts the
+UNIX <B>group</B> and <B>other</B> mode bits on exported AFS
+directories and files to match the UNIX <B>owner</B> mode bits.
+<PRE> % <B>fs exportafs -type nfs -start on -convert on</B>
+
+</PRE>
+<P>The following example disables the machine from reexporting AFS to NFS
+client machines:
+<PRE> %<B> fs exportafs -type nfs -start off</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf201.htm#HDRKNFS">knfs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf138.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf140.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf139.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf141.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_FLUSH" HREF="auarf002.htm#ToC_154">fs flush</A></H2>
+<A NAME="IDX4806"></A>
+<A NAME="IDX4807"></A>
+<A NAME="IDX4808"></A>
+<A NAME="IDX4809"></A>
+<A NAME="IDX4810"></A>
+<A NAME="IDX4811"></A>
+<A NAME="IDX4812"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Forces the Cache Manager to discard a cached file or directory
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs flush</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs flush</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs flush</B> command removes from the cache all data and status
+information associated with each specified file or directory. The next
+time an application requests data from the flushed directory or file, the
+Cache Manager fetches the most current version from a File Server, along with
+a new callback (if necessary) and associated status information. This
+command has no effect on two types of data:
+<OL TYPE=1>
+<P><LI>Data in application program buffers
+<P><LI>Data that has been changed locally and written to the cache but not yet
+written to the copy on the file server machine
+</OL>
+<P>To flush all data in the cache that was fetched from the same volume as a
+specified file or directory, use the <B>fs flushvolume</B> command.
+To flush a corrupted mount point, use the <B>fs flushmount</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each file or directory to flush from the cache. If it is a
+directory, only the directory element itself is flushed, not data cached from
+files or subdirectories that reside in it. Partial pathnames are
+interpreted relative to the current working directory, which is also the
+default value if this argument is omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command flushes from the cache the file
+<B>projectnotes</B> in the current working directory and all data from the
+subdirectory <B>plans</B>:
+<PRE> % <B>fs flush -path projectnotes ./plans/*</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf141.htm#HDRFS_FLUSHMOUNT">fs flushmount</A>
+<P><A HREF="auarf142.htm#HDRFS_FLUSHVOLUME">fs flushvolume</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf139.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf141.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf140.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf142.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_FLUSHMOUNT" HREF="auarf002.htm#ToC_155">fs flushmount</A></H2>
+<A NAME="IDX4813"></A>
+<A NAME="IDX4814"></A>
+<A NAME="IDX4815"></A>
+<A NAME="IDX4816"></A>
+<A NAME="IDX4817"></A>
+<A NAME="IDX4818"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Forces the Cache Manager to discard a mount point
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs flushmount</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs flushm</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs flushmount</B> command removes from the cache all information
+associated with each mount point named by the <B>-path</B>
+argument. The next time an application accesses the mount point, the
+Cache Manager fetches the most current version of it from the File
+Server. Data cached from the associated volume is not affected.
+<P>The command's intended use is to discard information about mount
+points that has become corrupted in the cache. (The Cache Manager
+periodically refreshes cached mount points, but the only other way to discard
+them immediately is to reinitialize the Cache Manager by rebooting the
+machine.) Symptoms of a corrupted mount point included garbled output
+from the <B>fs lsmount</B> command, and failed attempts to change
+directory to or list the contents of a mount point.
+<P>To flush cached data rather than a mount point, use the <B>fs flush</B>
+or <B>fs flushvolume</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each mount point to flush from the cache. Partial pathnames
+are interpreted relative to the current working directory, which is also the
+default value if this argument is omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command flushes from the cache the mount point for user
+<B>pat</B>'s home directory:
+<PRE> % <B>fs flushm /afs/abc.com/usr/pat</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf140.htm#HDRFS_FLUSH">fs flush</A>
+<P><A HREF="auarf142.htm#HDRFS_FLUSHVOLUME">fs flushvolume</A>
+<P><A HREF="auarf151.htm#HDRFS_LSMOUNT">fs lsmount</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf140.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf142.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf141.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf143.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_FLUSHVOLUME" HREF="auarf002.htm#ToC_156">fs flushvolume</A></H2>
+<A NAME="IDX4819"></A>
+<A NAME="IDX4820"></A>
+<A NAME="IDX4821"></A>
+<A NAME="IDX4822"></A>
+<A NAME="IDX4823"></A>
+<A NAME="IDX4824"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Forces the Cache Manager to discard all cached data from the volume
+containing a file or directory
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs flushvolume</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs flushv</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs flushvolume</B> command removes from the cache all data that
+was fetched from the same volume as each specified directory or file.
+It does not discard cached status information. The next time an
+application requests data from a flushed directory or file, the Cache Manager
+fetches the most current version from a File Server, along with a new callback
+(if necessary) and associated status information. This command has no
+effect on two types of data:
+<OL TYPE=1>
+<P><LI>Data in application program buffers
+<P><LI>Data that has been changed locally and written to the cache but not yet
+written to the copy on the file server machine
+</OL>
+<P>To discard the data and status information associated with individual files
+and directories, use the <B>fs flush</B> command. To flush a
+corrupted mount point, use the <B>fs flushmount</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names a file or directory from each volume for which to discard all cached
+data. Partial pathnames are interpreted relative to the current working
+directory, which is also the default value if this argument is omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command flushes from the cache all data fetched from the
+volume that contains the current working directory:
+<PRE> % <B>fs flushvolume </B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf140.htm#HDRFS_FLUSH">fs flush</A>
+<P><A HREF="auarf141.htm#HDRFS_FLUSHMOUNT">fs flushmount</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf141.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf143.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf142.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf144.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_GETCACHEPARMS" HREF="auarf002.htm#ToC_157">fs getcacheparms</A></H2>
+<A NAME="IDX4825"></A>
+<A NAME="IDX4826"></A>
+<A NAME="IDX4827"></A>
+<A NAME="IDX4828"></A>
+<A NAME="IDX4829"></A>
+<A NAME="IDX4830"></A>
+<A NAME="IDX4831"></A>
+<A NAME="IDX4832"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the current size of the cache and the amount being used
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs getcacheparms</B> [<B>-help</B>]
+
+<B>fs getca</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs getcacheparms</B> command displays the current size of the
+cache (which can be in memory or on disk), and the amount currently in
+use.
+<P>The reported statistics are from kernel memory, so the reported size can
+differ from the setting specified in the <B>/usr/vice/etc/cacheinfo</B>
+file on a machine using a disk cache, if the <B>fs setcachesize</B>
+command has been used to alter cache size.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output reports
+<PRE> AFS using <VAR>amount used</VAR> of the cache's available <VAR>size</VAR> 1K byte blocks.
+
+</PRE>
+<P>where <VAR>amount used</VAR> is the number of kilobyte blocks currently used
+to cache data and status information, and <VAR>size</VAR> is the total current
+cache size.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output on a machine with a 25000 kilobyte
+cache.
+<PRE> % <B>fs getcacheparms</B>
+ AFS using 22876 of the cache's available 25000 1K byte blocks.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf158.htm#HDRFS_SETCACHESIZE">fs setcachesize</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf142.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf144.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf143.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf145.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_GETCELLSTATUS" HREF="auarf002.htm#ToC_158">fs getcellstatus</A></H2>
+<A NAME="IDX4833"></A>
+<A NAME="IDX4834"></A>
+<A NAME="IDX4835"></A>
+<A NAME="IDX4836"></A>
+<A NAME="IDX4837"></A>
+<A NAME="IDX4838"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports whether the machine can run setuid programs from a specified cell
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs getcellstatus -cell</B> <<VAR>cell name</VAR>><SUP>+</SUP> [<B>-help</B>]
+
+<B>fs getce -c</B> <<VAR>cell name</VAR>><SUP>+</SUP> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs getcellstatus</B> command reports whether the Cache Manager
+allows programs fetched from each specified cell to run with setuid
+permission. To set a cell's setuid status, use the <B>fs
+setcell</B> command; its reference page fully describes how AFS treats
+setuid programs.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Names each cell for which to report setuid status. Provide the
+fully qualified domain name, or a shortened form that disambiguates it from
+the other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
+file.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output reports one of the following two values as appropriate:
+<PRE> Cell <VAR>cell</VAR> status: setuid allowed
+ Cell <VAR>cell</VAR> status: no setuid allowed
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example indicates that programs from the cell
+<B>abc.com</B> are not allowed to run with setuid
+permission.
+<PRE> % <B>fs getcellstatus abc.com</B>
+ Cell abc.com status: no setuid allowed
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf159.htm#HDRFS_SETCELL">fs setcell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf143.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf145.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf144.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf146.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_GETCLIENTADDRS" HREF="auarf002.htm#ToC_159">fs getclientaddrs</A></H2>
+<A NAME="IDX4839"></A>
+<A NAME="IDX4840"></A>
+<A NAME="IDX4841"></A>
+<A NAME="IDX4842"></A>
+<A NAME="IDX4843"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the client interfaces to register with the File Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs getclientaddrs</B> [<B>-help</B>]
+
+<B>fs gc</B> [<B>-h</B>]
+
+<B>fs getcl </B>[<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs getclientaddrs</B> command displays the IP addresses of the
+interfaces that the local Cache Manager registers with a File Server when
+first establishing a connection to it.
+<P>The File Server uses the addresses when it initiates a remote procedure
+call (RPC) to the Cache Manager (as opposed to responding to an RPC sent by
+the Cache Manager). There are two common circumstances in which the
+File Server initiates RPCs: when it breaks callbacks and when it pings
+the client machine to verify that the Cache Manager is still
+accessible.
+<P>If an RPC to that interface fails, the File Server simultaneously sends
+RPCs to all of the other interfaces in the list, to learn which of them are
+still available. Whichever interface replies first is the one to which
+the File Server then sends pings and RPCs to break callbacks.
+<P>The <B>fs setclientaddrs</B> reference page explains how the Cache
+Manager constructs the list automatically in kernel memory as it initializes,
+and how to use that command to alter the kernel list after
+initialization.
+<P><STRONG>Cautions</STRONG>
+<P>The File Server uses the list of interfaces displayed by this command only
+when selecting an alternative interface after a failed attempt to break a
+callback or ping the Cache Manager. When responding to the Cache
+Manager's request for file system data, the File Server replies to the
+interface which the Cache Manager used when sending the request. If the
+File Server's reply to a data request fails, the file server
+machine's network routing configuration determines which alternate
+network routes to the client machine are available for resending the
+reply.
+<P>The displayed list applies to all File Servers to which the Cache Manager
+connects in the future. It is not practical to register different sets
+of addresses with different File Servers, because it requires using the
+<B>fs setclientaddrs</B> command to change the list and then rebooting
+each relevant File Server immediately.
+<P>The displayed list is not necessarily governing the behavior of a given
+File Server, if an administrator has issued the <B>fs setclientaddrs</B>
+command since the Cache Manager first contacted that File Server. It
+determines only which addresses the Cache Manager registers when connecting to
+File Servers in the future.
+<P>The list of interfaces does not influence the Cache Manager's choice
+of interface when establishing a connection to a File Server.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output displays the IP address of each interface that the Cache Manager
+is currently registering with File Server processes that it contacts, with one
+address per line. The File Server initially uses the first address for
+breaking callbacks and pinging the Cache Manager, but the ordering of the
+other interfaces is not meaningful.
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the two interfaces that the Cache Manager is
+registering with File Servers.
+<PRE> % <B>fs getclientaddrs</B>
+ 192.12.105.68
+ 192.12.108.84
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf160.htm#HDRFS_SETCLIENTADDRS">fs setclientaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf144.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf146.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf145.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf147.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_GETSERVERPREFS" HREF="auarf002.htm#ToC_160">fs getserverprefs</A></H2>
+<A NAME="IDX4844"></A>
+<A NAME="IDX4845"></A>
+<A NAME="IDX4846"></A>
+<A NAME="IDX4847"></A>
+<A NAME="IDX4848"></A>
+<A NAME="IDX4849"></A>
+<A NAME="IDX4850"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the Cache Manager's preference ranks for file server or VL
+Server machines
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs getserverprefs</B> [<B>-file</B> <<VAR>output to named file</VAR>>]
+ [<B>-numeric</B>] [<B>-vlservers</B>] [<B>-help</B>]
+
+<B>fs gets</B> [<B>-f</B> <<VAR>output to named file</VAR>>] [<B>-n</B>] [<B>-v</B>] [<B>-h</B>]
+
+<B>fs gp</B> [<B>-f</B> <<VAR>output to named file</VAR>>] [<B>-n</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs getserverprefs</B> command displays preference ranks for file
+server machine interfaces (file server machines run the <B>fs</B> process)
+or, if the <B>-vlserver</B> flag is provided, for Volume Location (VL)
+Server machines (which run the <B>vlserver</B> process). For file
+server machines, the Cache Manager tracks up to 15 interfaces per machine and
+assigns a separate rank to each interface. The ranks indicate the order
+in which the local Cache Manager attempts to contact the interfaces of
+machines that are housing a volume when it needs to fetch data from the
+volume. For VL Server machines, the ranks indicate the order in which
+the Cache Manager attempts to contact a cell's VL Servers when requesting
+VLDB information. For both types of rank, lower integer values are more
+preferred.
+<P>The Cache Manager stores ranks in kernel memory. Once set, a rank
+persists until the machine reboots, or until the <B>fs setserverprefs</B>
+command is used to change it. The reference page for the <B>fs
+setserverprefs</B> command explains how the Cache Manager sets default
+ranks, and how to use that command to change the default values.
+<P>Default VL Server ranks range from 10,000 to 10,126, and the Cache Manager
+assigns them to every machine listed in its copy of the
+<B>/usr/vice/etc/CellServDB</B> file. When the Cache Manager needs
+to fetch VLDB information from a cell, it compares the ranks for the VL Server
+machines belonging to that cell, and attempts to contact the VL Server with
+the lowest integer rank. If the Cache Manager cannot reach the VL
+Server (because of server process, machine or network outage), it tries to
+contact the VL Server with the next lowest integer rank, and so on. If
+all of a cell's VL Server machines are unavailable, the Cache Manager
+cannot fetch data from the cell.
+<P>Default file server ranks range from 5,000 to 40,000, excluding the range
+used for VL Servers (10,000 to 10,126); the maximum possible rank is
+65,534. When the Cache Manager needs to fetch data from a volume, it
+compares the ranks for the interfaces of machines that house the volume, and
+attempts to contact the interface that has the lowest integer rank. If
+it cannot reach the <B>fileserver</B> process via that interface (because
+of server process, machine or network outage), it tries to contact the
+interface with the next lowest integer rank, and so on. If it cannot
+reach any of the interfaces for machines that house the volume, it cannot
+fetch data from the volume.
+<P>For both file server machines and VL Server machines, it is possible for a
+machine or interface in a foreign cell to have the same rank as a machine or
+interface in the local cell. This does not present a problem, because
+the Cache Manager only ever compares ranks for machines belonging to one cell
+at a time.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-file
+</B><DD>Specifies the full pathname of a file to which to write the preference
+ranks. If the specified file already exists, the command overwrites its
+contents. If the pathname is invalid, the command fails. If this
+argument is not provided, the preference ranks appear on the standard output
+stream.
+<P><DT><B>-numeric
+</B><DD>Displays the IP addresses of file server machine interfaces or VL Server
+machines, rather than their hostnames. If this argument is not
+provided, the <B>fs</B> command interpreter has the IP addresses
+translated to hostnames such as <B>fs1.abc.com</B>.
+<P><DT><B>-vlservers
+</B><DD>Displays preference ranks for VL Server machines rather than file server
+machine interfaces.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output consists of a separate line for each file server machine
+interface or VL Server machine, pairing the machine's hostname or IP
+address with its rank. The Cache Manager stores IP addresses in its
+kernel list of ranks, but the command by default identifies interfaces by
+hostname, by calling a translation routine that refers to either the
+cell's name service (such as the Domain Name Server) or the local host
+table. If an IP address appears in the output, it is because the
+translation attempt failed. To bypass the translation step and display
+IP addresses rather than hostnames, include the <B>-numeric</B>
+flag. This can significantly speed the production of output.
+<P>By default, the command writes to the standard output stream. Use
+the <B>-file</B> argument to write the output to a file instead.
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the local Cache Manager's preference
+ranks for file server machines. The local machine belongs to the AFS
+cell named <B>abc.com</B>, and in this example the ranks of file
+server machines in its local cell are lower than the ranks of file server
+machines from the foreign cell, <B>def.com</B>. It is not
+possible to translate the IP addresses of two machines on the 138.255
+network.
+<PRE> % <B>fs getserverprefs</B>
+ fs2.abc.com 20007
+ fs3.abc.com 30002
+ fs1.abc.com 20011
+ fs4.abc.com 30010
+ server1.def.com 40002
+ 138.255.33.34 40000
+ server6.def.com 40012
+ 138.255.33.37 40005
+
+</PRE>
+<P>The following example shows hows the output displays IP addresses when the
+<B>-numeric</B> flag is included, and illustrates how network proximity
+determines default ranks (as described on the <B>fs setserverprefs</B>
+reference page). The local machine has IP address
+192.12.107.210, and the two file server machines on its
+subnetwork have ranks of 20,007 and 20,011. The two file server
+machines on a different subnetwork of the local machine's network have
+higher ranks, 30,002 and 30,010, whereas the ranks of the remaining machines
+range from 40,000 to 40,012 because they are in a completely different
+network.
+<PRE> % <B>fs getserverprefs -numeric</B>
+ 192.12.107.214 20007
+ 192.12.105.99 30002
+ 192.12.107.212 20011
+ 192.12.105.100 30010
+ 138.255.33.41 40002
+ 138.255.33.34 40000
+ 138.255.33.36 40012
+ 138.255.33.37 40005
+
+</PRE>
+<P>The example shows how the <B>-vlservers</B> flag displays preference
+ranks for VL Server machines:
+<PRE> % <B>fs getserverprefs -vlservers</B>
+ fs2.abc.com 10052
+ fs3.abc.com 10113
+ fs1.abc.com 10005
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf162.htm#HDRFS_SETSERVERPREFS">fs setserverprefs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf145.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf147.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf146.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf148.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_HELP" HREF="auarf002.htm#ToC_161">fs help</A></H2>
+<A NAME="IDX4851"></A>
+<A NAME="IDX4852"></A>
+<A NAME="IDX4853"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>fs</B> commands or lists functional
+descriptions of all <B>fs</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>fs</B> command.
+<P>To display every <B>fs</B> command whose name or short description
+includes a specified keyword, use the <B>fs apropos</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>fs</B> part of the command name, providing only
+the operation code (for example, specify <B>setacl</B>, not <B>fs
+setacl</B>). If this argument is omitted, the output briefly
+describes every <B>fs</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>fs</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>fs
+setacl</B> command:
+<PRE> % <B>fs help setacl</B>
+ fs setacl: set access control list
+ aliases: sa
+ Usage: fs setacl -dir <directory><SUP>+</SUP>
+ -acl <access list entries><SUP>+</SUP> [-clear] [-negative] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf131.htm#HDRFS_INTRO">fs</A>
+<P><A HREF="auarf132.htm#HDRFS_APROPOS">fs apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf146.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf148.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf147.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf149.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_LISTACL" HREF="auarf002.htm#ToC_162">fs listacl</A></H2>
+<A NAME="IDX4854"></A>
+<A NAME="IDX4855"></A>
+<A NAME="IDX4856"></A>
+<A NAME="IDX4857"></A>
+<A NAME="IDX4858"></A>
+<A NAME="IDX4859"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays ACLs
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs listacl</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-help</B>]
+
+<B>fs la</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
+
+<B>fs lista</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs listacl</B> command displays the access control list (ACL)
+associated with each specified file, directory, or symbolic link. The
+specified element can reside in the DFS filespace if the issuer is using the
+AFS/DFS Migration Toolkit Protocol Translator to access DFS data (and DFS does
+implement per-file ACLs). To display the ACL of the current working
+directory, omit the <B>-path</B> argument.
+<P>To alter an ACL, use the <B>fs setacl</B> command. To copy an
+ACL from one directory to another, use the <B>fs copyacl</B>
+command. To remove obsolete entries from an ACL, use the <B>fs
+cleanacl</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>Placing a user or group on the <TT>Negative rights</TT> section of the
+ACL does not guarantee denial of permissions, if the <TT>Normal rights</TT>
+section grants the permissions to members of the
+<B>system:anyuser</B> group. In that case, the user needs
+only to issue the <B>unlog</B> command to obtain the permissions granted
+to the <B>system:anyuser</B> group.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each directory or file for which to display the ACL. For AFS
+files, the output displays the ACL from the file's parent directory;
+DFS files do have their own ACL. Incomplete pathnames are interpreted
+relative to the current working directory, which is also the default value if
+this argument is omitted.
+<P><DT><B>-id
+</B><DD>Displays the Initial Container ACL of each DFS directory. This
+argument is supported only on DFS directories accessed via the AFS/DFS
+Migration Toolkit Protocol Translator.
+<P><DT><B>-if
+</B><DD>Displays the Initial Object ACL of each DFS directory. This
+argument is supported only on DFS directories accessed via the AFS/DFS
+Migration Toolkit Protocol Translator.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of the output for each file, directory, or symbolic link
+reads as follows:
+<PRE> Access list for <VAR>directory</VAR> is
+
+</PRE>
+<P>If the issuer used shorthand notation in the pathname, such as the period
+(<B>.</B>) to represent the current current directory, that
+notation sometimes appears instead of the full pathname of the
+directory.
+<P>Next, the <TT>Normal rights</TT> header precedes a list of users and
+groups who are granted the indicated permissions, with one pairing of user or
+group and permissions on each line. If negative permissions have been
+assigned to any user or group, those entries follow a <TT>Negative
+rights</TT> header. The format of negative entries is the same as
+those on the <TT>Normal rights</TT> section of the ACL, but the user or
+group is denied rather than granted the indicated permissions.
+<P>AFS does not implement per-file ACLs, so for a file the command displays
+the ACL on its directory. The output for a symbolic link displays the
+ACL that applies to its target file or directory, rather than the ACL on the
+directory that houses the symbolic link.
+<P>The permissions for AFS enable the possessor to perform the indicated
+action:
+<DL>
+<P><DT><B><TT>a</TT>
+</B><DD>(<B>administer</B>): change the entries on the ACL
+<P><DT><B><TT>d</TT>
+</B><DD>(<B>delete</B>): remove files and subdirectories from the
+directory or move them to other directories
+<P><DT><B><TT>i</TT>
+</B><DD>(<B>insert</B>): add files or subdirectories to the directory by
+copying, moving or creating
+<P><DT><B><TT>k</TT>
+</B><DD>(<B>lock</B>): set read locks or write locks on the files in the
+directory
+<P><DT><B><TT>l</TT>
+</B><DD>(<B>lookup</B>): list the files and subdirectories in the
+directory, stat the directory itself, and issue the <B>fs listacl</B>
+command to examine the directory's ACL
+<P><DT><B><TT>r</TT>
+</B><DD>(<B>read</B>): read the contents of files in the directory;
+issue the <B>ls -l</B> command to stat the elements in the directory
+<P><DT><B><TT>w</TT>
+</B><DD>(<B>write</B>): modify the contents of files in the directory,
+and issue the UNIX <B>chmod</B> command to change their mode bits
+<P><DT><B><TT>A</TT>, <TT>B</TT>, <TT>C</TT>, <TT>D</TT>, <TT>E</TT>,
+<TT>F</TT>, <TT>G</TT>, <TT>H</TT>:
+</B><DD>Have no default meaning to the AFS server processes, but are made
+available for applications to use in controlling access to the
+directory's contents in additional ways. The letters must be
+uppercase.
+</DL>
+<P>For DFS files and directories, the permissions are similar, except that the
+DFS <B>x</B> (<B>execute</B>) permission replaces the AFS <B>l</B>
+(<B>lookup</B>) permission, DFS <B>c</B> (<B>control</B>) replaces
+AFS <B>a</B> (<B>administer</B>), and there is no DFS equivalent to
+the AFS <B>k</B> (<B>lock</B>) permission. The meanings of the
+various permissions also differ slightly, and DFS does not implement negative
+permissions. For a complete description of DFS permissions, see the DFS
+documentation and the <I>IBM AFS/DFS Migration Toolkit Administration Guide
+and Reference</I>.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the ACL on the home directory of the user
+<B>pat</B> (the current working directory), and on its <B>private</B>
+subdirectory.
+<PRE> % <B>fs listacl -path . private</B>
+ Access list for . is
+ Normal rights:
+ system:authuser rl
+ pat rlidwka
+ pat:friends rlid
+ Negative rights:
+ smith rlidwka
+ Access list for private is
+ Normal rights:
+ pat rlidwka
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>If the <B>-path</B> argument names an AFS directory, the issuer must
+have the <B>l</B> (<B>lookup</B>) permission on its ACL and the ACL
+for every directory that precedes it in the pathname.
+<P>If the <B>-path</B> argument names an AFS file, the issuer must have
+the <B>l</B> (<B>lookup</B>) and <B>r</B> (<B>read</B>)
+permissions on the ACL of the file's directory, and the <B>l</B>
+permission on the ACL of each directory that precedes it in the
+pathname.
+<P>If the <B>-path</B> argument names a DFS directory or file, the issuer
+must have the <B>x</B> (<B>execute</B>) permission on its ACL and on
+the ACL of each directory that precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf135.htm#HDRFS_CLEANACL">fs cleanacl</A>
+<P><A HREF="auarf136.htm#HDRFS_COPYACL">fs copyacl</A>
+<P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
+<P><I>IBM AFS/DFS Migration Toolkit Administration Guide and Reference</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf147.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf149.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf148.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf150.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_LISTCELLS" HREF="auarf002.htm#ToC_163">fs listcells</A></H2>
+<A NAME="IDX4860"></A>
+<A NAME="IDX4861"></A>
+<A NAME="IDX4862"></A>
+<A NAME="IDX4863"></A>
+<A NAME="IDX4864"></A>
+<A NAME="IDX4865"></A>
+<A NAME="IDX4866"></A>
+<A NAME="IDX4867"></A>
+<A NAME="IDX4868"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the database server machines in each cell known to the Cache
+Manager
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs listcells</B> [<B>-numeric</B>] [<B>-help</B>]
+
+<B>fs listc</B> [<B>-n</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs listcells</B> command formats and displays the list of the
+database server machines that the Cache Manager stores in kernel memory for
+its home cell and foreign cells.
+<P>At each reboot of the client machine, the Cache Manager copies the contents
+of <B>/usr/vice/etc/CellServDB</B> into kernel memory. To modify
+the list between reboots, use the <B>fs newcell</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-numeric
+</B><DD>Displays each database server machine's IP address rather than
+hostname.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes a line for each cell included in the Cache
+Manager's kernel memory list, in the following format:
+<PRE> Cell <VAR>cell</VAR> on hosts <VAR>database server machines</VAR>
+
+</PRE>
+<P>The Cache Manager stores IP addresses, but by default has them translated
+to hostnames before reporting them, by passing them to the cell's name
+service (such as the Domain Name Service or a local host table). The
+name service sometimes returns hostnames in uppercase letters, or an IP
+address if it cannot resolve a name.
+<P>Using the <B>-numeric</B> flag bypasses the translation to hostnames,
+which can result in significantly faster production of output. The
+output includes IP addresses only.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows output for several cells as illustrations of
+the different formats for machine names:
+<PRE> % <B>fs listcells</B>
+ Cell abc.com on hosts fs1.abc.com fs2.abc.com fs3.abc.com
+ Cell stateu.edu on hosts DB1.FS.STATEU.EDU
+ DB2.FS.STATEU.EDU DB3.FS.STATEU.EDU
+ Cell def.gov on hosts 138.255.0.2 sv3.def.gov
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf154.htm#HDRFS_NEWCELL">fs newcell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf148.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf150.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf149.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf151.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_LISTQUOTA" HREF="auarf002.htm#ToC_164">fs listquota</A></H2>
+<A NAME="IDX4869"></A>
+<A NAME="IDX4870"></A>
+<A NAME="IDX4871"></A>
+<A NAME="IDX4872"></A>
+<A NAME="IDX4873"></A>
+<A NAME="IDX4874"></A>
+<A NAME="IDX4875"></A>
+<A NAME="IDX4876"></A>
+<A NAME="IDX4877"></A>
+<A NAME="IDX4878"></A>
+<A NAME="IDX4879"></A>
+<A NAME="IDX4880"></A>
+<A NAME="IDX4881"></A>
+<A NAME="IDX4882"></A>
+<A NAME="IDX4883"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays quota information for the volume containing a file or
+directory.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs listquota</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs listq</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+
+<B>fs lq</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs listquota</B> command displays information about the volume
+containing each specified directory or file (its name, quota, and amount of
+disk space used), along with an indicator of the percentage of space used on
+the host partition.
+<P>To display more information about the host partition, use the <B>fs
+examine</B> command.
+<P>To set volume quota, use the <B>fs setquota</B> or <B>fs setvol</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names a file or directory that resides in the volume about which to
+produce output. Partial pathnames are interpreted relative to the
+current working directory, which is also the default value if this argument is
+omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output displays information about the volume that houses each specified
+directory or file, in a tabular format that uses the following headers:
+<DL>
+<P><DT><B><TT>Volume Name</TT>
+</B><DD>The name of the volume.
+<P><DT><B><TT>Quota</TT>
+</B><DD>The volume's quota in kilobytes, or the string <TT>no limit</TT> to
+indicate an unlimited quota.
+<P><DT><B><TT>Used</TT>
+</B><DD>The number of kilobytes of quota used.
+<P><DT><B><TT>% Used</TT>
+</B><DD>The percentage of the volume's quota that is used (the
+<TT>Used</TT> statistic divided by the <TT>Quota</TT> statistic, times
+100).
+<P><DT><B><TT>Partition</TT>
+</B><DD>The percentage of space used on the partition that houses the
+volume. Although not directly related to how much of the user's
+quota is used, it is reported because a full partition can cause writing of
+data back to the volume to fail even when the volume has not reached its
+quota.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output for the volume
+<B>user.smith</B>:
+<PRE> %<B> fs listquota -path /afs/abc.com/usr/smith</B>
+ Volume Name Quota Used % Used Partition
+ user.smith 15000 5071 34% 86%
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf137.htm#HDRFS_DISKFREE">fs diskfree</A>
+<P><A HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<P><A HREF="auarf155.htm#HDRFS_QUOTA">fs quota</A>
+<P><A HREF="auarf161.htm#HDRFS_SETQUOTA">fs setquota</A>
+<P><A HREF="auarf163.htm#HDRFS_SETVOL">fs setvol</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf149.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf151.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf150.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf152.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_LSMOUNT" HREF="auarf002.htm#ToC_165">fs lsmount</A></H2>
+<A NAME="IDX4884"></A>
+<A NAME="IDX4885"></A>
+<A NAME="IDX4886"></A>
+<A NAME="IDX4887"></A>
+<A NAME="IDX4888"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports the volume for which a directory is the mount point.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs lsmount -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> [<B>-help</B>]
+
+<B>fs ls -d</B> <<VAR>directory</VAR>><SUP>+</SUP> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs lsmount</B> command reports the volume for which each
+specified directory is a mount point, or indicates with an error message that
+a directory is not a mount point or is not in AFS.
+<P>To create a mount point, use the <B>fs mkmount</B> command. To
+remove one, use the <B>fs rmmount</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dir
+</B><DD>Names the directory that serves as a mount point for a volume. The
+last element in the pathname provided must be an actual name, not a shorthand
+notation such as one or two periods (<B>.</B> or
+<B>..</B>).
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the specified directory is a mount point, the output is of the following
+form:
+<PRE> '<VAR>directory</VAR>' is a mount point for volume '<VAR>volume name</VAR>'
+
+</PRE>
+<P>where
+<UL>
+<P><LI>A number sign (<TT>#</TT>) precedes the <VAR>volume name</VAR> string for
+a regular mount point.
+<P><LI>A percent sign (<TT>%</TT>) precedes the <VAR>volume name</VAR> string for
+a read/write mount point.
+<P><LI>A cell name and colon (<TT>:</TT>) follow the number or percent
+sign and precede the <VAR>volume name</VAR> string for a cellular mount
+point.
+</UL>
+<P>The <B>fs mkmount</B> reference page explains how the Cache Manager
+interprets each of the three types of mount points.
+<P>If the directory is a symbolic link to a mount point, the output is of the
+form:
+<PRE> '<VAR>directory</VAR>' is a symbolic link, leading to a mount point for volume '<VAR>volume name</VAR>'
+
+</PRE>
+<P>If the directory is not a mount point or is not in AFS, the output
+reads:
+<PRE> '<VAR>directory</VAR>' is not a mount point.
+
+</PRE>
+<P>If the output is garbled, it is possible that the mount point has become
+corrupted in the local AFS client cache. Use the <B>fs
+flushmount</B> command to discard it, which forces the Cache Manager to
+refetch the mount point.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the mount point for the home directory of user
+<B>smith</B>:
+<PRE> % <B>fs lsmount /afs/abc.com/usr/smith</B>
+ '/afs/abc.com/usr/smith' is a mount point for volume '#user.smith'
+
+</PRE>
+<P>The following example shows both the regular and read/write mount points
+for the ABC Corporation cell's <TT>root.cell</TT> volume.
+<PRE> % <B>fs lsmount /afs/abc.com</B>
+ '/afs/abc.com' is a mount point for volume '#root.cell'
+
+ % <B>fs lsmount /afs/.abc.com</B>
+ '/afs/.abc.com' is a mount point for volume '%root.cell'
+
+</PRE>
+<P>The following example shows a cellular mount point: the State
+University cell's <TT>root.cell</TT> volume as mounted in the
+ABC Corporation cell's tree.
+<PRE> % <B>fs lsmount /afs/stateu.edu</B>
+ '/afs/stateu.edu' is a mount point for volume '#stateu.edu:root.cell'
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-dir</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf141.htm#HDRFS_FLUSHMOUNT">fs flushmount</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf156.htm#HDRFS_RMMOUNT">fs rmmount</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf150.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf152.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf151.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf153.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_MESSAGES" HREF="auarf002.htm#ToC_166">fs messages</A></H2>
+<A NAME="IDX4889"></A>
+<A NAME="IDX4890"></A>
+<A NAME="IDX4891"></A>
+<A NAME="IDX4892"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets whether the Cache Manager writes log messages
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs messages</B> [<B>-show</B> <[<B>user</B>|<B>console</B>|<B>all</B>|<B>none</B>]>] [<B>-help</B>]
+
+<B>fs me</B> [<B>-s</B> <[<B>user</B>|<B>console</B>|<B>all</B>|<B>none</B>]>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs messages</B> command controls whether the Cache Manager
+displays status and warning messages on user screens, the client machine
+console, on both, or on neither.
+<P>There are two types of Cache Manager messages:
+<UL>
+<P><LI>User messages provide user-level status and warning information, and the
+Cache Manager directs them to user screens.
+<P><LI>Console messages provide system-level status and warning information, and
+the Cache Manager directs them to the client machine's designated
+console.
+</UL>
+<P>Disabling messaging completely is not recommended, because the messages
+provide useful status and warning information.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-show
+</B><DD>Specifies the types of messages to display. Choose one of the
+following values:
+<DL>
+<P><DT><B>user
+</B><DD>Send user messages to user screens
+<P><DT><B>console
+</B><DD>Send console messages to the console
+<P><DT><B>all
+</B><DD>Send user messages to user screens and console messages to the console
+(the default if the <B>-show</B> argument is omitted)
+<P><DT><B>none
+</B><DD>Do not send any messages to user screens or the console
+</DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command instructs the Cache Manager to display both types of
+messages:
+<PRE> % <B>fs messages -show all</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf151.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf153.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf152.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf154.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_MKMOUNT" HREF="auarf002.htm#ToC_167">fs mkmount</A></H2>
+<A NAME="IDX4893"></A>
+<A NAME="IDX4894"></A>
+<A NAME="IDX4895"></A>
+<A NAME="IDX4896"></A>
+<A NAME="IDX4897"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a mount point for a volume
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs mkmount -dir</B> <<VAR>directory</VAR>> <B>-vol</B> <<VAR>volume name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-rw</B>] [<B>-fast</B>] [<B>-help</B>]
+
+<B>fs mk -d</B> <<VAR>directory</VAR>> <B>-v</B> <<VAR>volume name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-r</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs mkmount</B> command creates a mount point for the volume
+named by the <B>-vol</B> argument at the location in the AFS file space
+specified by the <B>-dir</B> argument. The mount point looks like a
+standard directory element, and serves as the volume's root directory,
+but is actually a special file system object that refers to an AFS
+volume. When the Cache Manager first encounters a given mount point
+during pathname traversal, it contacts the VL Server to learn which file
+server machines house the indicated volume, then fetches a copy of the
+volume's root directory from the appropriate file server machine.
+<P>It is possible, although not recommended, to create more than one mount
+point to a volume. The Cache Manager can become confused if a volume is
+mounted in two places along the same path through the filespace.
+<P>The Cache Manager observes three basic rules as it traverses the AFS
+filespace and encounters mount points:
+<UL>
+<P><LI><B>Rule 1:</B> Access Backup and Read-only Volumes When
+Specified
+<P>When the Cache Manager encounters a mount point that specifies a volume
+with either a <B>.readonly</B> or a <B>.backup</B>
+extension, it accesses that type of volume only. If a mount point does
+not have either a <B>.backup</B> or <B>.readonly</B>
+extension, the Cache Manager uses Rules 2 and 3.
+<P>For example, the Cache Manager never accesses the read/write version of a
+volume if the mount point names the backup version. If the specified
+version is inaccessible, the Cache Manager reports an error.
+<P><LI><B>Rule 2:</B> Follow the Read-only Path When Possible
+<P>If a mount point resides in a read-only volume and the volume that it
+references is replicated, the Cache Manager attempts to access a read-only
+copy of the volume; if the referenced volume is not replicated, the Cache
+Manager accesses the read/write copy. The Cache Manager is thus said to
+prefer a <I>read-only path</I> through the filespace, accessing read-only
+volumes when they are available.
+<P>The Cache Manager starts on the read-only path in the first place because
+it always accesses a read-only copy of the <B>root.afs</B> volume
+if it exists; the volume is mounted at the root of a cell's AFS
+filespace (named <B>/afs</B> by convention). That is, if the
+<B>root.afs</B> volume is replicated, the Cache Manager attempts to
+access a read-only copy of it rather than the read/write copy. This
+rule then keeps the Cache Manager on a read-only path as long as each
+successive volume is replicated. The implication is that both the
+<B>root.afs</B> and <B>root.cell</B> volumes must be
+replicated for the Cache Manager to access replicated volumes mounted below
+them in the AFS filespace. The volumes are conventionally mounted at
+the <B>/afs</B> and <B>/afs/</B><VAR>cellname</VAR> directories,
+respectively.
+<P><LI><B>Rule 3:</B> Once on a Read/write Path, Stay There
+<P>If a mount point resides in a read/write volume and the volume name does
+not have a <B>.readonly</B> or a <B>.backup</B>
+extension, the Cache Manager attempts to access only the a read/write version
+of the volume. The access attempt fails with an error if the read/write
+version is inaccessible, even if a read-only version is accessible. In
+this situation the Cache Manager is said to be on a <I>read/write path</I>
+and cannot switch back to the read-only path unless mount point explicitly
+names a volume with a <B>.readonly</B> extension. (Cellular
+mount points are an important exception to this rule, as explained in the
+following discussion.
+</UL>
+<P>There are three types of mount points, each appropriate for a different
+purpose because of the manner in which the Cache Manager interprets
+them.
+<UL>
+<P><LI>When the Cache Manager crosses a <I>regular</I> mount point, it obeys
+all three of the mount point traversal rules previously described. To
+create a regular mount point, include only the required <B>-dir</B> and
+<B>-vol</B> arguments to the <B>fs mkmount</B> command.
+<A NAME="IDX4898"></A>
+<A NAME="IDX4899"></A>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A regular mount point does not force the Cache Manager always to access
+read-only volumes (it is explicitly not a "read-only mount point"). If
+a volume is not replicated, the third traversal rule means that the Cache
+Manager still accesses the read/write volume when that is the only type
+available. However, if the Cache Manager is to access the read-only
+version of a replicated volume named by a regular mount point, all volumes
+that are mounted above it in the pathname must also be replicated.
+</TD></TR></TABLE>
+<P><LI>When the Cache Manager crosses a <I>read/write</I> mount point, it
+attempts to access only the volume version named in the mount point. If
+the volume name is the base (read/write) form, without a
+<B>.readonly</B> or <B>.backup</B> extension, the Cache
+Manager accesses the read/write version of the volume, even if it is
+replicated. In other words, the Cache Manager disregards the second
+mount point traversal rule when crossing a read/write mount point: it
+switches to the read/write path through the filespace.
+<A NAME="IDX4900"></A>
+<A NAME="IDX4901"></A>
+<P>To create a read/write mount point, include the <B>-rw</B> flag on the
+<B>fs mkmount</B> command. It is conventional to create only one
+read/write mount point in a cell's filespace, using it to mount the
+cell's <B>root.cell</B> volume just below the AFS filespace
+root (by convention, <B>/afs/.</B><VAR>cellname</VAR>). See
+the <I>IBM AFS Quick Beginnings</I> for instructions and the chapter about
+volume management in the <I>IBM AFS Administration Guide</I> for further
+discussion.
+<P>Creating a read/write mount point for a read-only or backup volume is
+acceptable, but unnecessary. The first rule of mount point traversal
+already specifies that the Cache Manager accesses them if the volume name in a
+regular mount point has a <B>.readonly</B> or
+<B>.backup</B> extension.
+<P><LI>When the Cache Manager crosses a <I>cellular</I> mount point, it
+accesses the indicated volume in the specified cell, which is normally a
+foreign cell. (If the mount point does not name a cell along with the
+volume, the Cache Manager accesses the volume in the cell where the mount
+point resides.) The Cache Manager disregards the third mount point
+traversal rule when crossing a regular cellular mount point: it accesses
+a read-only version of the volume if it is replicated, even if the volume that
+houses the mount point is read/write. Switching to the read-only path
+in this way is designed to avoid imposing undue load on the file server
+machines in foreign cells.
+<A NAME="IDX4902"></A>
+<A NAME="IDX4903"></A>
+<A NAME="IDX4904"></A>
+<P>To create a regular cellular mount point, include the <B>-cell</B>
+argument on the <B>fs mkmount</B> command. It is conventional to
+create cellular mount points only at the second level in a cell's
+filespace, using them to mount foreign cells' <B>root.cell</B>
+volumes just below the AFS filespace root (by convention, at
+<B>/afs/</B><VAR>foreign_cellname</VAR>). The mount point enables
+local users to access the foreign cell's filespace, assuming they have
+the necessary permissions on the ACL of the volume's root directory and
+that there is an entry for the foreign cell in each local client
+machine's <B>/usr/vice/etc/CellServDB</B> file. In the output
+of the <B>fs lsmount</B> command, the cell name and a colon
+(<TT>:</TT>) appear between the initial number sign and the volume
+name in a regular cellular mount point name.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dir
+</B><DD>Names the directory to create as a mount point. The directory must
+not already exist. Relative pathnames are interpreted with respect to
+the current working directory.
+<P>Specify the read/write path to the directory, to avoid the failure that
+results from attempting to create a new mount point in a read-only
+volume. By convention, the read/write path is indicated by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>Description</B> section of this reference page.
+<P><DT><B>-vol
+</B><DD>Specifies the name or volume ID number of the volume to mount. If
+appropriate, add the <TT>.readonly</TT> or <TT>.backup</TT>
+extension to the name, or specify the appropriate volume ID number.
+<P><DT><B>-cell
+</B><DD>Names the cell in which the volume resides (creates a cellular mount
+point). Provide the fully qualified domain name, or a shortened form
+that disambiguates it from the other cells listed in the local
+<B>/usr/vice/etc/CellServDB</B> file.
+<P>If this argument is omitted, no cell indicator appears in the mount
+point. When the Cache Manager interprets it, it assumes that the volume
+named in the mount point resides in the same cell as the volume that houses
+the mount point.
+<P><DT><B>-rw
+</B><DD>Creates a read/write mount point. Omit this flag to create a
+regular mount point.
+<P><DT><B>-fast
+</B><DD>Prevents the Volume Location (VL) Server from checking that the volume has
+a VLDB entry and printing a warning message if it does not. Whether or
+not this flag is included, the File Server creates the mount point even when
+the volume has no VLDB entry.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command creates a regular mount point, mounting the volume
+<B>user.smith</B> at
+<B>/afs/abc.com/usr/smith</B>:
+<PRE> % <B>cd /afs/abc.com/usr</B>
+
+ %<B> fs mkmount -dir smith -vol user.smith</B>
+
+</PRE>
+<P>The following commands create a read/write mount point and a regular mount
+point for the ABC Corporation cell's <TT>root.cell</TT> volume
+in that cell's file tree. The second command follows the
+convention of putting a period at the beginning of the read/write mount
+point's name.
+<PRE> % <B>fs mkmount -dir /afs/abc.com -vol root.cell</B>
+
+ %<B> fs mkmount -dir /afs/.abc.com -vol root.cell -rw</B>
+
+</PRE>
+<P>The following command mounts the State University cell's
+<TT>root.cell</TT> volume in the ABC Corporation cell's file
+tree, creating a regular cellular mount point called
+<B>/afs/stateu.edu</B>. When a ABC Corporation Cache Manager
+encounters this mount point, it crosses into the State University cell on a
+read-only path.
+<PRE> % <B>fs mkmount -dir /afs/stateu.edu -vol root.cell -c stateu.edu</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>i</B> (<B>insert</B>) and <B>a</B>
+(<B>administer</B>) permissions on the ACL of the directory that is to
+house the mount point.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf151.htm#HDRFS_LSMOUNT">fs lsmount</A>
+<P><A HREF="auarf156.htm#HDRFS_RMMOUNT">fs rmmount</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf152.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf154.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf153.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf155.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_NEWCELL" HREF="auarf002.htm#ToC_168">fs newcell</A></H2>
+<A NAME="IDX4905"></A>
+<A NAME="IDX4906"></A>
+<A NAME="IDX4907"></A>
+<A NAME="IDX4908"></A>
+<A NAME="IDX4909"></A>
+<A NAME="IDX4910"></A>
+<A NAME="IDX4911"></A>
+<A NAME="IDX4912"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes the kernel-resident list of a cell's database server machines
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs newcell -name</B> <<VAR>cell name</VAR>> <B>-servers</B> <<VAR>primary servers</VAR>><SUP>+</SUP>
+ [<B>-linkedcell</B> <<VAR>linked cell name</VAR>>] [<B>-help</B>]
+
+<B>fs n -n</B> <<VAR>cell name</VAR>> <B>-s</B> <<VAR>primary servers</VAR>><SUP>+</SUP> [<B>-l</B> <<VAR>linked cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs newcell</B> command removes the Cache Manager's
+kernel-resident list of database server machines for the cell specified by the
+<B>-name</B> argument and replaces it with the database server machines
+named by the <B>-servers</B> argument.
+<P>Each time the machine reboots, the Cache Manager constructs the kernel list
+of cells and database server machines by reading the local
+<B>/usr/vice/etc/CellServDB</B> file. This command does not change
+the <B>CellServDB</B> file, so any changes made with it persist only until
+the next reboot, unless the issuer also edits the file. The output of
+the <B>fs listcells</B> command reflects changes made with this command,
+because that command consults the kernel-resident list rather than the
+<B>CellServDB</B> file.
+<P>This command can introduce a completely new cell into the kernel-resident
+list, but cannot make a cell inaccessible (it is not possible to remove a
+cell's entry from the kernel-resident list by providing no values for the
+<B>-server</B> argument). To make a cell inaccessible, remove its
+entry from the <B>CellServDB</B> file and reboot the machine.
+<P>If the <B>-name</B> argument names a DCE cell, then the
+<B>-servers</B> argument names DFS Fileset Location (FL) Server
+machines. The <B>-linkedcell</B> argument specifies the name of the
+AFS cell to link to a DCE cell for the purpose of DFS fileset location.
+Refer to the <I>IBM AFS/DFS Migration Toolkit Administration Guide and
+Reference</I> for more information on linking AFS clients to DCE cells using
+this command or by editing the <B>/usr/vice/etc/CellServDB</B>
+file.
+<P><STRONG>Cautions</STRONG>
+<P>Some commands, such as the <B>klog</B> command, work correctly only
+when the information is accurate for a cell in both the <B>CellServDB</B>
+file and the kernel-resident list.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies the fully-qualified cell name of the AFS or DCE cell.
+<P><DT><B>-servers
+</B><DD>Specifies the fully-qualified hostnames of all AFS database server
+machines or DFS Fileset Location (FL) Server machines for the cell named by
+the <B>-name</B> argument. If FL Server machines are specified, the
+local machine must be running the AFS/DFS Migration Toolkit Protocol
+Translator.
+<P><DT><B>-linkedcell
+</B><DD>Specifies the name of the AFS cell to link to a DCE cell for the purpose
+of DFS fileset location.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example changes the machine's kernel-resident list of
+database server machines for the ABC Corporation cell to include the machines
+<B>db1.abc.com</B> and
+<B>db2.abc.com</B>:
+<PRE> % <B>fs newcell -name abc.com -servers db1.abc.com db2.abc.com</B>
+
+</PRE>
+<P>The following example links the DCE cell
+<B>dce.abc.com</B> to the AFS cell
+<B>abc.com</B>. The AFS client contacts the Fileset Location
+(FL) servers <B>db1.dce.abc.com</B> and
+<B>db2.dce.abc.com</B> for fileset location
+information as it interprets a DFS pathname.
+<PRE> % <B>fs newcell -name dce.abc.com -servers db1.dce.abc.com db2.dce.abc.com</B> \
+ <B>-linkedcell abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf149.htm#HDRFS_LISTCELLS">fs listcells</A>
+<P><I>IBM AFS/DFS Migration Toolkit Administration Guide and Reference</I>
+<P><I>IBM AFS/DFS Migration Toolkit Administration Installation and
+Configuration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf153.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf155.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf154.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf156.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_QUOTA" HREF="auarf002.htm#ToC_169">fs quota</A></H2>
+<A NAME="IDX4913"></A>
+<A NAME="IDX4914"></A>
+<A NAME="IDX4915"></A>
+<A NAME="IDX4916"></A>
+<A NAME="IDX4917"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the percentage of quota used in the volume containing a directory
+or file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs quota</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs q</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs quota</B> command displays the percent of quota consumed in
+the volume that contains each specified directory or file.
+<P>To display more detailed information about the volume and the partition it
+resides on, use the <B>fs examine</B> and <B>fs listquota</B>
+commands.
+<P>To set volume quota, use the <B>fs setquota</B> or <B>fs setvol</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each file or directory for which to display the quota consumed in
+its parent volume. Partial pathnames are interpreted relative to the
+current working directory, which is also the default value if this argument is
+omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output reports the percent of volume quota used, in the following
+format:
+<PRE> <VAR>percent</VAR>% of quota used.
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command lists the percent quota used of the volume housing
+the current working directory:
+<PRE> %<B> fs quota</B>
+ 17% of quota used.
+
+</PRE>
+<P>The following command lists the percent quota used of both the volume
+housing the current working directory's parent directory and the volume
+housing the directory <B>/afs/abc.com/usr/smith</B>:
+<PRE> % <B>fs quota -path .. /afs/abc.com/usr/smith</B>
+ 43% of quota used.
+ 92% of quota used.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>l</B> (<B>lookup</B>) permission on the
+ACL of the root directory of the volume that houses the file or directory
+named by the <B>-path</B> argument, and on the ACL of each directory that
+precedes it in the pathname.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<P><A HREF="auarf150.htm#HDRFS_LISTQUOTA">fs listquota</A>
+<P><A HREF="auarf161.htm#HDRFS_SETQUOTA">fs setquota</A>
+<P><A HREF="auarf163.htm#HDRFS_SETVOL">fs setvol</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf154.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf156.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf155.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf157.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_RMMOUNT" HREF="auarf002.htm#ToC_170">fs rmmount</A></H2>
+<A NAME="IDX4918"></A>
+<A NAME="IDX4919"></A>
+<A NAME="IDX4920"></A>
+<A NAME="IDX4921"></A>
+<A NAME="IDX4922"></A>
+<A NAME="IDX4923"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a mount point
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs rmmount -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> [<B>-help</B>]
+
+<B>fs rm -d</B> <<VAR>directory</VAR>><SUP>+</SUP> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs rmmount</B> command removes the mount point named by the
+<B>-dir</B> argument from the file system. The corresponding volume
+remains on its host partition or partitions, but is inaccessible if there are
+no other mount points for it.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dir
+</B><DD>Names the mount point to delete from the file system. The last
+element in the pathname must be an actual name, not a shorthand notation such
+as "dot" (.) or "dot dot" (. .).
+<P>Specify the read/write path to the directory, to avoid the failure that
+results from attempting to delete a mount point from a read-only
+volume. By convention, the read/write path is indicated by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the mount points <B>jones</B> and
+<B>terry</B> from the current working directory (the
+<B>/afs/abc.com/usr</B> directory).
+<PRE> % <B>fs rmmount jones terry</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>d</B> (<B>delete</B>) permission on the
+ACL of the directory that houses each mount point.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf151.htm#HDRFS_LSMOUNT">fs lsmount</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf155.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf157.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf156.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf158.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETACL" HREF="auarf002.htm#ToC_171">fs setacl</A></H2>
+<A NAME="IDX4924"></A>
+<A NAME="IDX4925"></A>
+<A NAME="IDX4926"></A>
+<A NAME="IDX4927"></A>
+<A NAME="IDX4928"></A>
+<A NAME="IDX4929"></A>
+<A NAME="IDX4930"></A>
+<A NAME="IDX4931"></A>
+<A NAME="IDX4932"></A>
+<A NAME="IDX4933"></A>
+<A NAME="IDX4934"></A>
+<A NAME="IDX4935"></A>
+<A NAME="IDX4936"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the ACL for a directory
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP>
+ [<B>-clear</B>] [<B>-negative</B>] [<B>-id</B>] [<B>-if</B>] [<B>-help</B>]
+
+<B>fs sa -d</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-a</B> <<VAR>access list entries</VAR>><SUP>+</SUP>
+ [<B>-c</B>] [<B>-n</B>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
+
+<B>fs seta -d</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-a</B> <<VAR>access list entries</VAR>><SUP>+</SUP>
+ [<B>-c</B>] [<B>-n</B>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setacl</B> command adds the access control list (ACL) entries
+specified with the <B>-acl</B> argument to the ACL of each directory named
+by the <B>-dir</B> argument.
+<P>If the <B>-dir</B> argument designates a pathname in DFS filespace
+(accessed via the AFS/DFS Migration Toolkit Protocol Translator), it can be a
+file as well as a directory. The ACL must already include an entry for
+<B>mask_obj</B>, however. For more details, refer to the <I>IBM
+AFS/DFS Migration Toolkit Administration Guide and Reference</I>.
+<P>Only user and group entries are acceptable values for the <B>-acl</B>
+argument. Do not place machine entries (IP addresses) directly on an
+ACL; instead, make the machine entry a group member and place the group
+on the ACL.
+<P>To completely erase the existing ACL before adding the new entries, provide
+the <B>-clear</B> flag. To add the specified entries to the
+<TT>Negative</TT> <TT>rights</TT> section of the ACL (deny rights to
+specified users or groups), provide the <B>-negative</B> flag.
+<P>To display an ACL, use the <B>fs listacl</B> command. To copy an
+ACL from one directory to another, use the <B>fs copyacl</B>
+command.
+<P><STRONG>Cautions</STRONG>
+<P>If the ACL already grants certain permissions to a user or group, the
+permissions specified with the <B>fs setacl</B> command replace the
+existing permissions, rather than being added to them.
+<P>Setting negative permissions is generally unnecessary and not
+recommended. Simply omitting a user or group from the <TT>Normal</TT>
+<TT>rights</TT> section of the ACL is normally adequate to prevent
+access. In particular, note that it is futile to deny permissions that
+are granted to members of the <B>system:anyuser</B> group on the
+same ACL; the user needs only to issue the <B>unlog</B> command to
+receive the denied permissions.
+<P>When including the <B>-clear</B> option, be sure to reinstate an entry
+for each directory's owner that includes at least the <B>l</B>
+(<B>lookup</B>) permission. Without that permission, it is
+impossible to resolve the "dot" ( . ) and "dot dot" ( . .
+) shorthand from within the directory. (The directory's owner does
+implicitly have the <B>a</B> [<B>administer</B>] permission even on a
+cleared ACL, but must know to use it to add other permissions.)
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dir
+</B><DD>Names each AFS directory, or DFS directory or file, for which the set the
+ACL. Partial pathnames are interpreted relative to the current working
+directory.
+<P>Specify the read/write path to each directory (or DFS file), to avoid the
+failure that results from attempting to change a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-acl
+</B><DD>Defines a list of one or more ACL entries, each a pair that names
+<UL>
+<P><LI>A user name or group name as listed in the Protection Database
+<P><LI>One or more ACL permissions, indicated either by combining the individual
+letters or by one of the four acceptable shorthand words
+</UL>
+<P>
+<P>in that order, separated by a space (thus every instance of this argument
+has two parts). The accepted AFS abbreviations and shorthand words, and
+the meaning of each, are as follows:
+<DL>
+<P><DT><B>a
+</B><DD>(<B>administer</B>): change the entries on the ACL
+<P><DT><B>d
+</B><DD>(<B>delete</B>): remove files and subdirectories from the
+directory or move them to other directories
+<P><DT><B>i
+</B><DD>(<B>insert</B>): add files or subdirectories to the directory by
+copying, moving or creating
+<P><DT><B>k
+</B><DD>(<B>lock</B>): set read locks or write locks on the files in the
+directory
+<P><DT><B>l
+</B><DD>(<B>lookup</B>): list the files and subdirectories in the
+directory, stat the directory itself, and issue the <B>fs listacl</B>
+command to examine the directory's ACL
+<P><DT><B>r
+</B><DD>(<B>read</B>): read the contents of files in the directory;
+issue the <B>ls -l</B> command to stat the elements in the directory
+<P><DT><B>w
+</B><DD>(<B>write</B>): modify the contents of files in the directory,
+and issue the UNIX <B>chmod</B> command to change their mode bits
+<P><DT><B>A, B, C, D, E, F, G, H
+</B><DD>Have no default meaning to the AFS server processes, but are made
+available for applications to use in controlling access to the
+directory's contents in additional ways. The letters must be
+uppercase.
+<P><DT><B>all
+</B><DD>Equals all seven permissions (<B>rlidwka</B>).
+<A NAME="IDX4937"></A>
+<A NAME="IDX4938"></A>
+<A NAME="IDX4939"></A>
+<A NAME="IDX4940"></A>
+<P><DT><B>none
+</B><DD>No permissions. Removes the user/group from the ACL, but does not
+guarantee they have no permissions if they belong to groups that remain on the
+ACL.
+<A NAME="IDX4941"></A>
+<A NAME="IDX4942"></A>
+<P><DT><B>read
+</B><DD>Equals the <B>r</B> (<B>read</B>) and <B>l</B>
+(<B>lookup</B>) permissions.
+<A NAME="IDX4943"></A>
+<A NAME="IDX4944"></A>
+<P><DT><B>write
+</B><DD>Equals all permissions except <B>a</B> (<B>administer</B>), that
+is, <B>rlidwk</B>.
+<A NAME="IDX4945"></A>
+<A NAME="IDX4946"></A>
+</DL>
+<P>
+<P>It is acceptable to mix entries that combine the individual letters with
+entries that use the shorthand words, but not use both types of notation
+within an individual pairing of user or group and permissions.
+<P>To learn the proper format and acceptable values for DFS ACL entries, see
+the <I>IBM AFS/DFS Migration Toolkit Administration Guide and
+Reference</I>.
+<P><DT><B>-clear
+</B><DD>Removes all existing entries on each ACL before adding the entries
+specified with the <B>-acl</B> argument.
+<P><DT><B>-negative
+</B><DD>Places the specified ACL entries in the <TT>Negative</TT>
+<TT>rights</TT> section of each ACL, explicitly denying the rights to the
+user or group, even if entries on the accompanying <TT>Normal</TT>
+<TT>rights</TT> section of the ACL grant them permissions.
+<P>This argument is not supported for DFS files or directories, because DFS
+does not implement negative ACL permissions.
+<P><DT><B>-id
+</B><DD>Places the ACL entries on the Initial Container ACL of each DFS directory,
+which are the only file system objects for which this flag is
+supported.
+<P><DT><B>-if
+</B><DD>Places the ACL entries on the Initial Object ACL of each DFS directory,
+which are the only file system objects for which this flag is
+supported.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example adds two entries to the <TT>Normal rights</TT>
+section of the current working directory's ACL: the first entry
+grants <B>r</B> (<B>read</B>) and <B>l</B> (<B>lookup</B>)
+permissions to the group <B>pat:friends</B>, while the other (using
+the <B>write</B> shorthand) gives all permissions except <B>a</B>
+(<B>administer</B>) to the user <B>smith</B>.
+<PRE> % <B>fs setacl -dir . -acl pat:friends rl smith write</B>
+
+ % <B>fs listacl -path </B>.
+ Access list for . is
+ Normal rights:
+ pat:friends rl
+ smith rlidwk
+
+</PRE>
+<P>The following example includes the <B>-clear</B> flag, which removes
+the existing permissions (as displayed with the <B>fs listacl</B> command)
+from the current working directory's <B>reports</B> subdirectory and
+replaces them with a new set.
+<PRE> % <B>fs listacl -dir reports</B>
+ Access list for reports is
+ Normal rights:
+ system:authuser rl
+ pat:friends rlid
+ smith rlidwk
+ pat rlidwka
+ Negative rights:
+ terry rl
+
+ % <B>fs setacl -clear -dir reports -acl pat all smith write system:anyuser rl</B>
+
+ % <B>fs listacl -dir reports</B>
+ Access list for reports is
+ Normal rights:
+ system:anyuser rl
+ smith rlidwk
+ pat rlidwka
+
+</PRE>
+<P>The following example use the <B>-dir</B> and <B>-acl</B> switches
+because it sets the ACL for more than one directory (both the current working
+directory and its <B>public</B> subdirectory).
+<PRE> % <B>fs setacl -dir . public -acl pat:friends rli</B>
+
+ % <B>fs listacl -path . public</B>
+ Access list for . is
+ Normal rights:
+ pat rlidwka
+ pat:friends rli
+ Access list for public is
+ Normal rights:
+ pat rlidwka
+ pat:friends rli
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>a</B> (<B>administer</B>) permission on
+the directory's ACL; the directory's owner and the members of
+the <B>system:administrators</B> group have the right implicitly,
+even if it does not appear on the ACL.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf136.htm#HDRFS_COPYACL">fs copyacl</A>
+<P><A HREF="auarf148.htm#HDRFS_LISTACL">fs listacl</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><I>IBM AFS/DFS Migration Toolkit Administration Guide and Reference</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf156.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf158.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf157.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf159.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETCACHESIZE" HREF="auarf002.htm#ToC_172">fs setcachesize</A></H2>
+<A NAME="IDX4947"></A>
+<A NAME="IDX4948"></A>
+<A NAME="IDX4949"></A>
+<A NAME="IDX4950"></A>
+<A NAME="IDX4951"></A>
+<A NAME="IDX4952"></A>
+<A NAME="IDX4953"></A>
+<A NAME="IDX4954"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the size of the disk cache
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setcachesize</B> [<B>-blocks</B> <<VAR>size in 1K byte blocks (0 => reset)</VAR>>]
+ [<B>-reset</B>] [<B>-help</B>]
+
+<B>fs setca</B> [<B>-b</B> <<VAR>size in 1K byte blocks (0 => reset)</VAR>>] [<B>-r</B>] [<B>-h</B>]
+
+<B>fs cachesize</B> [<B>-b</B> <<VAR>size in 1K byte blocks (0 => reset)</VAR>>] [<B>-r</B>] [<B>-h</B>]
+
+<B>fs ca</B> [<B>-b</B> <<VAR>size in 1K byte blocks (0 => reset)</VAR>>] [<B>-r</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setcachesize</B> command changes the number of kilobyte
+blocks of local disk space available to the Cache Manager for its data cache,
+on machines that use a disk cache. The command is not operative on
+machines that use a memory cache.
+<P>To return the cache size to the default value specified in the third field
+of the local <B>/usr/vice/etc/cacheinfo</B> file, provide a value of
+<B>0</B> to the <B>-blocks</B> argument.
+<P>To return the cache size to the value set when the machine was last
+rebooted, use the <B>-reset</B> flag instead of the <B>-blocks</B>
+argument. This is normally the amount specified in the
+<B>cacheinfo</B> file, unless the <B>-blocks</B> argument was included
+on the <B>afsd</B> command to override the <B>cacheinfo</B>
+value.
+<P>To display the current cache size and amount of cache in use, for both disk
+and memory caches, use the <B>fs getcacheparms</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>This command is not operative on machines using a memory cache, and results
+in an error message. To change memory cache size, edit the
+<B>cacheinfo</B> file and reboot, or reboot and provide the
+<B>-blocks</B> argument to the <B>afsd</B> command.
+<P>On machines using a disk cache, do not set the cache size to exceed 85% to
+90% of the actual disk space available for the cache directory. The
+cache implementation itself requires a small amount of space on the
+partition.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-blocks
+</B><DD>Specifies the number of one-kilobyte blocks of disk space available for
+the Cache Manager to devote to the cache. Provide a value of
+<B>0</B> to set cache size to the default specified in the
+<B>cacheinfo</B> file.
+<P><DT><B>-reset
+</B><DD>Returns the cache size to the value set when the machine was last
+booted. This agrees with the value in the <B>cacheinfo</B> file
+unless the <B>-blocks</B> argument was used on the <B>afsd</B>
+command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command sets the disk cache size to 25000 kilobyte
+blocks.
+<PRE> % <B>fs setcachesize -blocks 25000</B>
+
+</PRE>
+<P>Both of the following commands reset the disk cache size to the value in
+the <B>cacheinfo</B> file, assuming that the <B>-blocks</B> argument
+to the <B>afsd</B> command was not used.
+<PRE> % <B>fs setcachesize -blocks 0</B>
+
+ % <B>fs setcachesize -reset</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf043.htm#HDRCACHEINFO">cacheinfo</A>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf143.htm#HDRFS_GETCACHEPARMS">fs getcacheparms</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf157.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf159.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf158.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf160.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETCELL" HREF="auarf002.htm#ToC_173">fs setcell</A></H2>
+<A NAME="IDX4955"></A>
+<A NAME="IDX4956"></A>
+<A NAME="IDX4957"></A>
+<A NAME="IDX4958"></A>
+<A NAME="IDX4959"></A>
+<A NAME="IDX4960"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Allows or disallows running of setuid programs from specified cells
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setcell -cell</B> <<VAR>cell name</VAR>><SUP>+</SUP> [<B>-suid</B>] [<B>-nosuid</B>] [<B>-help</B>]
+
+<B>fs setce -c</B> <<VAR>cell name</VAR>><SUP>+</SUP> [<B>-s</B>] [<B>-n</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setcell</B> command sets whether the Cache Manager allows
+programs (and other executable files) from each cell named by the
+<B>-cell</B> argument to run with setuid permission. By default,
+the Cache Manager allows programs from its home cell to run with setuid
+permission, but not programs from any foreign cells. A program belongs
+to the same cell as the file server machine that houses the volume in which
+the program's binary file resides, as specified in the file server
+machine's <B>/usr/afs/etc/ThisCell</B> file. The Cache Manager
+determines its own home cell by reading the <B>/usr/vice/etc/ThisCell</B>
+file at initialization.
+<P>To enable programs from each specified cell to run with setuid permission,
+include the <B>-suid</B> flag. To prohibit programs from running
+with setuid permission, include the <B>-nosuid</B> flag, or omit both
+flags.
+<P>The <B>fs setcell</B> command directly alters a cell's setuid
+status as recorded in kernel memory, so rebooting the machine is
+unnecessary. However, non-default settings do not persist across
+reboots of the machine unless the appropriate <B>fs setcell</B> command
+appears in the machine's AFS initialization file.
+<P>To display a cell's setuid status, issue the <B>fs
+getcellstatus</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>AFS does not recognize effective UID: if a setuid program accesses
+AFS files and directories, it does so using the current AFS identity of the
+AFS user who initialized the program, not of the program's owner.
+Only the local file system recognizes effective UID.
+<P>Only members of the <B>system:administrators</B> group can turn
+on the setuid mode bit on an AFS file or directory.
+<P>When the setuid mode bit is turned on, the UNIX <B>ls -l</B> command
+displays the third user mode bit as an <TT>s</TT> instead of an
+<TT>x</TT>. However, the <TT>s</TT> does not appear on an AFS file
+or directory unless setuid permission is enabled for the cell in which the
+file resides.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Names each cell for which to set setuid status. Provide the fully
+qualified domain name, or a shortened form that disambiguates it from the
+other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
+file.
+<P><DT><B>-suid
+</B><DD>Allows programs from each specified cell to run with setuid
+privilege. Provide it or the <B>-nosuid</B> flag, or omit both
+flags to disallow programs from running with setuid privilege.
+<P><DT><B>-nosuid
+</B><DD>Prevents programs from each specified cell from running with setuid
+privilege. Provide it or the <B>-suid</B> flag, or omit both flags
+to disallow programs form running with setuid privilege.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command enables executable files from the State University
+cell to run with setuid privilege on the local machine:
+<PRE> % <B>fs setcell -cell stateu.edu -suid</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf144.htm#HDRFS_GETCELLSTATUS">fs getcellstatus</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf158.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf160.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf159.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf161.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETCLIENTADDRS" HREF="auarf002.htm#ToC_174">fs setclientaddrs</A></H2>
+<A NAME="IDX4961"></A>
+<A NAME="IDX4962"></A>
+<A NAME="IDX4963"></A>
+<A NAME="IDX4964"></A>
+<A NAME="IDX4965"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the client interfaces to register with the File Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setclientaddrs</B> [<B>-address</B> <<VAR>client network interfaces</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs setcl</B> [<B>-a</B> <<VAR>client network interfaces</VAR>><SUP>+</SUP>] [<B>-h</B>]
+
+<B>fs sc</B> [<B>-a</B> <<VAR>client network interfaces</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setclientaddrs</B> command defines the IP addresses of the
+interfaces that the local Cache Manager registers with a File Server when
+first establishing a connection to it.
+<P>The File Server uses the addresses when it initiates a remote procedure
+call (RPC) to the Cache Manager (as opposed to responding to an RPC sent by
+the Cache Manager). There are two common circumstances in which the
+File Server initiates RPCs: when it breaks callbacks and when it pings
+the client machine to verify that the Cache Manager is still
+accessible.
+<P>The list of interfaces specified with this command replaces the list that
+the Cache Manager constructs and records in kernel memory as it
+initializes. At that time, if the file <B>/usr/vice/etc/NetInfo</B>
+exists on the client machine's local disk, the Cache Manager uses its
+contents as the basis for the list of interfaces addresses. If the file
+does not exist, the Cache Manager instead uses the network interfaces
+configured with the operating system. It then removes from the list any
+address included in the local <B>/usr/vice/etc/NetRestrict</B>
+file. It records the final list in kernel memory. (An
+administrator must create the <B>NetInfo</B> and <B>NetRestrict</B>
+files; there are no default versions of them.)
+<P>If an RPC to that interface fails, the File Server simultaneously sends
+RPCs to all of the other interfaces in the list, to learn which of them are
+still available. Whichever interface replies first is the one to which
+the File Server then sends pings and RPCs to break callbacks.
+<P>To list the interfaces that the Cache Manager is currently registering with
+File Servers, use the <B>fs getclientaddrs</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>The list specified with this command persists in kernel memory only until
+the client machine reboots. To preserve it across reboots, either list
+the interfaces in the local <B>/usr/vice/etc/NetInfo</B> file, or place
+the appropriate <B>fs setclientaddrs</B> command in the machine's AFS
+initialization script.
+<P>Changes made with this command do not propagate automatically to File
+Servers to which the Cache Manager has already established a
+connection. To force such File Servers to use the revised list, either
+reboot each file server machine, or change the <B>NetInfo</B> file and
+reboot the client machine.
+<P>The <B>fs</B> command interpreter verifies that each of the addresses
+specified as a value for the <B>-address</B> argument is actually
+configured with the operating system on the client machine. If it is
+not, the command fails with an error message that marks the address as a
+<TT>Nonexistent</TT> <TT>interface</TT>.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-address
+</B><DD>Specifies each IP address to place in the list of interfaces, in dotted
+decimal format. Hostnames are not acceptable. Separate each
+address with one or more spaces.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The message
+<PRE> Adding <VAR>interface</VAR>
+
+</PRE>
+<P>confirms that each new interface was added to the Cache Manager's
+list. The address appears in hexadecimal format to match the notation
+used in the File Server log, <B>/usr/afs/logs/FileLog</B>.
+<P><STRONG>Examples</STRONG>
+<P>The following example sets the two interfaces that the Cache Manager
+registers with File Servers.
+<PRE> % <B>fs setclientaddrs 191.255.105.68 191.255.108.84</B>
+ Adding 0xbfff6944
+ Adding 0xbfff6c54
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf024.htm#HDRCLI_NETINFO">NetInfo (client version)</A>
+<P><A HREF="auarf026.htm#HDRCLI_NETRESTRICT">NetRestrict (client version)</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf145.htm#HDRFS_GETCLIENTADDRS">fs getclientaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf159.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf161.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf160.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf162.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETQUOTA" HREF="auarf002.htm#ToC_175">fs setquota</A></H2>
+<A NAME="IDX4966"></A>
+<A NAME="IDX4967"></A>
+<A NAME="IDX4968"></A>
+<A NAME="IDX4969"></A>
+<A NAME="IDX4970"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the maximum quota for the volume containing a file or directory
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setquota</B> [<B>-path</B> <<VAR>dir/file path</VAR>>] <B>-max</B> <<VAR>max quota in kbytes</VAR>> [<B>-help</B>]
+
+<B>fs setq</B> [<B>-p</B> <<VAR>dir/file path</VAR>>] <B>-m</B> <<VAR>max quota in kbytes</VAR>> [<B>-h</B>]
+
+<B>fs sq</B> [<B>-p</B> <<VAR>dir/file path</VAR>>] <B>-m</B> <<VAR>max quota in kbytes</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setquota</B> command sets the quota (maximum possible size)
+of the read/write volume that contains the directory or file named by the
+<B>-path</B> argument.
+<P>To set the quota on multiple volumes at the same time, use the <B>fs
+setvol</B> command.
+<P>To display a volume's quota, use the <B>fs examine</B>, <B>fs
+listquota</B> or <B>fs quota</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names the directory or file for which to set the host volume's
+quota. Partial pathnames are interpreted relative to the current
+working directory, which is also the default value if this argument is
+omitted.
+<P>Specify the read/write path to the file or directory, to avoid the failure
+that results from attempting to change a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-max
+</B><DD>Sets the maximum amount of file server disk space the volume can
+occupy. Specify the number of one-kilobyte blocks as a positive integer
+(<B>1024</B> is one megabyte). A value of <B>0</B> sets an
+unlimited quota, but the size of the disk partition that houses the volume
+places an absolute limit on the volume's size.
+<P>If the <B>-path</B> argument is omitted (to set the quota of the volume
+housing the current working directory), the <B>-max</B> switch must be
+included with this argument.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command imposes a maximum quota of 3000 kilobytes on the
+volume that houses the <B>/afs/abc.com/usr/smith</B>
+directory:
+<PRE> % <B>fs setquota -path /afs/abc.com/usr/smith -max 3000</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B>
+group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<P><A HREF="auarf150.htm#HDRFS_LISTQUOTA">fs listquota</A>
+<P><A HREF="auarf155.htm#HDRFS_QUOTA">fs quota</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf163.htm#HDRFS_SETVOL">fs setvol</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf160.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf162.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf161.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf163.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETSERVERPREFS" HREF="auarf002.htm#ToC_176">fs setserverprefs</A></H2>
+<A NAME="IDX4971"></A>
+<A NAME="IDX4972"></A>
+<A NAME="IDX4973"></A>
+<A NAME="IDX4974"></A>
+<A NAME="IDX4975"></A>
+<A NAME="IDX4976"></A>
+<A NAME="IDX4977"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the Cache Manager's preference ranks for file server or VL Server
+machines
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setserverprefs</B> [<B>-servers</B> <<VAR>fileserver names and ranks</VAR>><SUP>+</SUP>]
+ [<B>-vlservers</B> <<VAR>VL server names and ranks</VAR>><SUP>+</SUP>]
+ [<B>-file</B> <<VAR>input from named file</VAR>>] [<B>-stdin</B>] [<B>-help</B>]
+
+<B>fs sets</B> [<B>-se</B> <<VAR>fileserver names and ranks</VAR>><SUP>+</SUP>] [<B>-vl</B> <<VAR>VL server names and ranks</VAR>><SUP>+</SUP>]
+ [<B>-f</B> <<VAR>input from named file</VAR>>] [<B>-st</B>] [<B>-h</B>]
+
+<B>fs sp</B> [<B>-se</B> <<VAR>fileserver names and ranks</VAR>><SUP>+</SUP>] [<B>-vl</B> <<VAR>VL server names and ranks></VAR><SUP>+</SUP>]
+ [<B>-f</B> <<VAR>input from named file</VAR>>] [<B>-st</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setserverprefs</B> command sets the local Cache
+Manager's preference ranks for one or more file server machine interfaces
+or, if the <B>-vlserver</B> argument is provided, for Volume Location (VL)
+Server machines. For file server machines, the numerical ranks
+determine the order in which the Cache Manager attempts to contact the
+interfaces of machines that are housing a volume. For VL Server
+machines, the ranks determine the order in which the Cache Manager attempts to
+contact a cell's VL Servers when requesting VLDB information.
+<P>The <B>fs getserverprefs</B> reference page explains how the Cache
+Manager uses preference ranks when contacting file server machines or VL
+Server machines. The following paragraphs explain how the Cache Manager
+calculates default ranks, and how to use this command to change the
+defaults.
+<P><B>Calculation of Default Preference Ranks</B>
+<P>The Cache Manager stores a preference rank in kernel memory as a paired IP
+address and numerical rank. If a file server machine is multihomed, the
+Cache Manager assigns a distinct rank to each of the machine's addresses
+(up to the number of addresses that the VLDB can store per machine, which is
+specified in the <I>IBM AFS Release Notes</I>). Once calculated, a
+rank persists until the machine reboots, or until this command is used to
+change it.
+<P>The Cache Manager sets default VL Server preference ranks as it
+initializes, randomly assigning a rank from the range 10,000 to 10,126 to each
+of the machines listed in the local <B>/usr/vice/etc/CellServDB</B>
+file. Machines from different cells can have the same rank, but this
+does not present a problem because the Cache Manager consults only one
+cell's ranks at a time.
+<P>The Cache Manager sets default preference ranks for file server machine as
+it fetches volume location information from the VLDB. Each time it
+learns about file server machine interfaces for which it has not already set
+ranks, it assigns a rank to each interface. If the local client machine
+has only one IP address, the Cache Manager compares it to the server
+interface's IP address and sets a rank according to the following
+algorithm. If the client machine is multihomed, the Cache Manager
+applies the algorithm to each of the client machine's addresses and
+assigns to the file server machine interface the lowest rank that
+results.
+<UL>
+<P><LI>If the local machine is a file server machine, the base rank for each of
+its interfaces is 5,000.
+<P><LI>If the file server machine interface is on the same subnetwork as the
+client interface, its base rank is 20,000.
+<P><LI>If the file server machine interface is on the same network as the client
+interface, or is at the distant end of a point-to-point link with the client
+interface, its base rank is 30,000.
+<P><LI>If the file server machine interface is on a different network than the
+client interface, or the Cache Manager cannot obtain network information about
+it, its base rank is 40,000.
+</UL>
+<P>After assigning a base rank to a file server machine interface, the Cache
+Manager adds to it a number randomly chosen from the range 0 (zero) to
+14. As an example, a file server machine interface in the same
+subnetwork as the local machine receives a base rank of 20,000, but the Cache
+Manager records the actual rank as an integer between 20,000 and
+20,014. This process reduces the number of interfaces that have exactly
+the same rank. As with VL Server machine ranks, it is possible for file
+server machine interfaces from foreign cells to have the same rank as
+interfaces in the local cell, but this does not present a problem. Only
+the relative ranks of the interfaces that house a given volume are relevant,
+and AFS only supports storage of a volume in one cell at a time.
+<P><B>Setting Non-default Preference Ranks</B>
+<P>Use the <B>fs setserverprefs</B> command to reset an existing
+preference rank, or to set the initial rank of a file server machine interface
+or VL Server machine for which the Cache Manager has no rank. To make a
+rank persist across a reboot of the local machine, place the appropriate
+<B>fs setserverprefs</B> command in the machine's AFS initialization
+file.
+<P>Specify each preference rank as a pair of values separated by one or more
+spaces:
+<UL>
+<P><LI>The first member of the pair is the fully-qualified hostname (for example,
+<B>fs1.abc.com</B>), or the IP address in dotted decimal
+format, of a file server machine interface or VL Server machine
+<P><LI>The second member of the pair is an integer. The possible ranks
+range from <B>1</B> through <B>65535</B>.
+</UL>
+<P>As with default ranks, the Cache Manager adds a randomly chosen integer to
+a rank specified by this command. For file server machine interfaces,
+the integer is from the range 0 (zero) to 14; for VL Server machines, it
+is from the range 0 (zero) to 126. For example, if the administrator
+assigns a rank of 15,000 to a file server machine interface, the Cache Manager
+stores an integer between 15,000 to 15,014.
+<P>There are several ways to provide ranks for file server machine interfaces
+(but not for VL Server machines):
+<UL>
+<P><LI>On the command line, following the <B>-servers</B> argument.
+<P><LI>In a file named by the <B>-file</B> argument. Place each pair
+on its own line in the file. Directing the output from the <B>fs
+getserverprefs</B> command to a file automatically generates a file with the
+proper format.
+<P><LI>Via the standard input stream, by providing the <B>-stdin</B>
+flag. This method enables the issuer to feed in values directly from a
+program or script that generates preference ranks by using an algorithm
+appropriate to the local cell. The AFS distribution does not include
+such programs or scripts.
+</UL>
+<P>When setting file server machine preference ranks, it is legal to combine
+the <B>-servers</B>, <B>-file</B>, and <B>-stdin</B> options on a
+single command line. If different options specify a different rank for
+the same interface, the Cache Manager stores and uses the rank assigned with
+the <B>-servers</B> argument.
+<P>The <B>-vlservers</B> argument is the only way to assign VL Server
+machine ranks. It can be combined with one or more of the
+<B>-servers</B>, <B>-file</B>, and <B>-stdin</B> options, but the
+Cache Manager applies the values provided for those options to file server
+machine ranks only.
+<P>The <B>fs</B> command interpreter does not verify hostnames or IP
+addresses, and so assigns preference ranks to invalid machine names or
+addresses. The Cache Manager never uses such ranks unless the same
+incorrect information is in the VLDB.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-servers
+</B><DD>Specifies one or more file server machine preference ranks. Each
+rank pairs the fully-qualified hostname or IP address (in dotted decimal
+format) of a file server machine's interface with an integer rank,
+separated by one or more spaces; also separate each pair with one or more
+spaces. Acceptable values for the rank range from <B>1</B> through
+<B>65521</B>; a lower value indicates a greater preference.
+Providing ranks outside this range can have unpredictable results.
+Providing a value no larger than <B>65521</B> guarantees that the rank
+does not exceed the maximum possible value of 65,535 even if the largest
+random factor (14) is added.
+<P>This argument can be combined with the <B>-file</B> argument,
+<B>-stdin</B> flag, or both. If more than one of the arguments sets
+a rank for the same interface, the rank set by this argument takes
+precedence. It can also be combined with the <B>-vlservers</B>
+argument, but does not interact with it.
+<P><DT><B>-vlservers
+</B><DD>Specifies one or more VL Server preference ranks. Each rank pairs
+the fully-qualified hostname or IP address (in dotted decimal format) of a VL
+Server machine with an integer rank, separated by one or more spaces;
+also separate each pair with one or more spaces. Acceptable values for
+the rank range from <B>1</B> through <B>65521</B>; a lower value
+indicates a greater preference. Providing ranks outside this range can
+have unpredictable results. Providing a value no larger than
+<B>65521</B> guarantees that the rank does not exceed the maximum possible
+value of 65,535 even if the largest random factor (14) is added.
+<P>This argument can be combined with the <B>-servers</B> argument,
+<B>-file</B> argument, <B>-stdin</B> flag, or any combination of the
+three, but does not interact with any of them. They apply only to file
+server machine ranks.
+<P><DT><B>-file
+</B><DD>Specifies the full pathname of a file from which to read pairs of file
+server machine interfaces and their ranks, using the same notation and range
+of values as for the <B>-servers</B> argument. In the file, place
+each pair on its own line and separate the two parts of each pair with one or
+more spaces.
+<P>This argument can be combined with the <B>-servers</B> argument,
+<B>-stdin</B> flag, or both. If more than one of the arguments sets
+a rank for the same interface, the rank set by the <B>-server</B> argument
+takes precedence. It can also be combined with the
+<B>-vlservers</B> argument, but does not interact with it.
+<P><DT><B>-stdin
+</B><DD>Reads pairs of file server machine interface and integer rank from the
+standard input stream. The intended use is to accept input piped in
+from a user-defined program or script that generates ranks in the appropriate
+format, but it also accepts input typed to the shell. Format the
+interface and rank pairs as for the <B>-file</B> argument. If
+typing at the shell, type <B><Ctrl-d></B> after the final newline to
+complete the input.
+<P>This argument can be combined with the <B>-servers</B> argument, the
+<B>-file</B> argument, or both. If more than one of the arguments
+sets a rank for the same interface, the rank set by the <B>-server</B>
+argument takes precedence. It can also be combined with the
+<B>-vlservers</B> argument, but does not interact with it.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command sets the Cache Manager's preference ranks for
+the file server machines named <B>fs3.abc.com</B> and
+<B>fs4.abc.com</B>, the latter of which is specified by its
+IP address, 192.12.105.100. The machines reside in
+another subnetwork of the local machine's network, so their default base
+rank is 30,000. To increase the Cache Manager's preference for
+these machines, the issuer assigns a rank of <B>25000</B>, to which the
+Cache Manager adds an integer in the range from 0 to 15.
+<PRE> # <B>fs setserverprefs -servers fs3.abc.com 25000 192.12.105.100 25000</B>
+
+</PRE>
+<P>The following command uses the <B>-servers</B> argument to set the
+Cache Manager's preference ranks for the same two file server machines,
+but it also uses the <B>-file</B> argument to read a collection of
+preference ranks from a file that resides in the local file
+<B>/etc/fs.prefs</B>:
+<PRE> # <B>fs setserverprefs -servers fs3.abc.com 25000 192.12.105.100 25000</B> \
+ <B>-file /etc/fs.prefs</B>
+
+</PRE>
+<P>The <B>/etc/fs.prefs</B> file has the following contents and
+format:
+<PRE> 192.12.108.214 7500
+ 192.12.108.212 7500
+ 138.255.33.41 39000
+ 138.255.33.34 39000
+ 128.0.45.36 41000
+ 128.0.45.37 41000
+
+</PRE>
+<P>The following command uses the <B>-stdin</B> flag to read preference
+ranks from the standard input stream. The ranks are piped to the
+command from a program, <B>calc_prefs</B>, which was written by the issuer
+to calculate preferences based on values significant to the local cell.
+<PRE> # <B>calc_prefs | fs setserverprefs -stdin</B>
+
+</PRE>
+<P>The following command uses the <B>-vlservers</B> argument to set the
+Cache Manager's preferences for the VL server machines named
+<B>fs1.abc.com</B>, <B>fs3.abc.com</B>,
+and <B>fs4.abc.com</B> to base ranks of 1, 11000, and 65521,
+respectively:
+<PRE> # <B>fs setserverprefs -vlservers fs1.abc.com 1 fs3.abc.com 11000</B> \
+ <B>fs4.abc.com 65521</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf146.htm#HDRFS_GETSERVERPREFS">fs getserverprefs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf161.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf163.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf162.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf164.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SETVOL" HREF="auarf002.htm#ToC_177">fs setvol</A></H2>
+<A NAME="IDX4978"></A>
+<A NAME="IDX4979"></A>
+<A NAME="IDX4980"></A>
+<A NAME="IDX4981"></A>
+<A NAME="IDX4982"></A>
+<A NAME="IDX4983"></A>
+<A NAME="IDX4984"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Set maximum quota and messages for the volume containing a file or
+directory
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs setvol</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-max</B> <<VAR>disk space quota in 1K units</VAR>>]
+ [<B>-offlinemsg</B> <<VAR>offline message</VAR>>] [<B>-help</B>]
+
+<B>fs setv</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-ma</B> <<VAR>disk space quota in 1K units</VAR>>]
+ [<B>-o</B> <<VAR>offline message</VAR>>] [<B>-h</B>]
+
+<B>fs sv</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-ma</B> <<VAR>disk space quota in 1K units</VAR>>]
+ [<B>-o</B> <<VAR>offline message</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs setvol</B> command sets the quota (maximum possible size) of
+the read/write volume that contains each directory or file named by the
+<B>-path</B> argument. To associate a message with the volume which
+then appears in the output of the <B>fs examine</B> command, include the
+<B>-offlinemsg</B> argument.
+<P>To display all of the settings made with this command, use the <B>fs
+examine</B> command. The <B>fs listquota</B> command reports a
+fileset's quota, and the <B>fs quota</B> command the percent of quota
+used.
+<P>To set quota on one volume at a time, use the <B>fs setquota</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each file or directory for which to set the host volume's quota
+and offline message. Partial pathnames are interpreted relative to the
+current working directory, which is also the default value if this argument is
+omitted.
+<P>Specify the read/write path to the file or directory, to avoid the failure
+that results from attempting to change a read-only volume. By
+convention, the read/write path is indicated by placing a period before the
+cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-max
+</B><DD>Sets the maximum amount of file server disk space the volume can
+occupy. Provide a positive integer to indicate the number of
+one-kilobyte blocks (<B>1024</B> is one megabyte). A value of
+<B>0</B> sets an unlimited quota, but the size of the disk partition that
+houses the volume places an absolute limit on the volume's size.
+<P>If the <B>-path</B> argument is omitted (so that the command sets the
+quota of the volume housing the current working directory), the
+<B>-max</B> switch must be provided.
+<P><DT><B><B>-offlinemsg</B>
+</B><DD>Associates a message with the volume which then appears in the output of
+the <B>fs examine</B> command. Its intended use is to explain why
+the volume is currently offline.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command imposes a 6500 kilobyte quota on the volumes mounted
+at the home directories <B>/afs/abc.com/usr/smith</B> and
+<B>/afs/abc.com/usr/pat</B>:
+<PRE> % <B>cd /afs/abc.com/usr</B>
+
+ % <B>fs setvol -path smith pat -max 6500</B><B></B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B>
+group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf138.htm#HDRFS_EXAMINE">fs examine</A>
+<P><A HREF="auarf150.htm#HDRFS_LISTQUOTA">fs listquota</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf155.htm#HDRFS_QUOTA">fs quota</A>
+<P><A HREF="auarf161.htm#HDRFS_SETQUOTA">fs setquota</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf162.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf164.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf163.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf165.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_STOREBEHIND" HREF="auarf002.htm#ToC_178">fs storebehind</A></H2>
+<A NAME="IDX4985"></A>
+<A NAME="IDX4986"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Enables asynchronous writes to the file server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs storebehind</B> [<B>-kbytes</B> <<VAR>asynchrony for specified names</VAR>>]
+ [<B>-files</B> <<VAR>specific pathnames</VAR>><SUP>+</SUP>]
+ [<B>-allfiles</B> <<VAR>new default (KB)</VAR>>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>fs st</B> [<B>-k</B> <<VAR>asynchrony for specified names</VAR>>] [<B>-f</B> <<VAR>specific pathnames</VAR>><SUP>+</SUP>]
+ [<B>-a</B> <<VAR>new default (KB)</VAR>>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs storebehind</B> command enables the Cache Manager to perform
+a delayed asynchronous write to the File Server when an application closes a
+file. By default, the Cache Manager writes all data to the File Server
+immediately and synchronously when an application program closes a
+file--that is, the <B>close</B> system call does not return until the
+Cache Manager has actually transferred the final chunk of the file to the File
+Server. This command specifies the number of kilobytes of a file that
+can still remain to be written to the File Server when the Cache Manager
+returns control to the application. It is useful if users working on
+the machine commonly work with very large files, but also introduces the
+complications discussed in the <B>Cautions</B> section.
+<P>Set either or both of the following in a single command:
+<UL>
+<P><LI>To set a value that applies to all AFS files manipulated by applications
+running on the machine, use the <B>-allfiles</B> argument. This
+value is termed the <I>default store asynchrony</I> for the machine, and
+persists until the machine reboots. If it is not set, the default value
+is zero, indicating that the Cache Manager performs synchronous writes.
+<P>
+<P>As an example, the following setting means that when an application closes
+a file, the Cache Manager can return control to the application as soon as no
+more than 10 kilobytes of the file remain to be written to the File
+Server.
+<PRE> <B>-allfiles 10</B>
+
+</PRE>
+<P><LI>To set a value that applies to one or more individual files, and overrides
+the value of the <B>-allfiles</B> argument for them, combine the
+<B>-kbytes</B> and <B>-files</B> arguments. The setting
+persists as long as there is an entry for the file in the kernel table that
+the Cache Manager uses to track certain information about files. In
+general, such an entry persists at least until an application closes the file
+or exits, but the Cache Manager is free to recycle the entry if the file is
+inactive and it needs to free up slots in the table. To increase the
+certainty that there is an entry for the file in the table, issue the <B>fs
+storebehind</B> command shortly before closing the file.
+<P>As an example, the following setting means that when an application closes
+either of the files <B>bigfile</B> and <B>biggerfile</B>, the Cache
+Manager can return control to the application as soon as no more than a
+megabyte of the file remains to be written to the File Server.
+<PRE> <B>-kbytes 1024 -files bigfile biggerfile</B>
+
+</PRE>
+<P>Note that once an explicit value has been set for a file, the only way to
+make it subject to the default store asynchrony once again is to set
+<B>-kbytes</B> to that value. In other words, there is no
+combination of arguments that automatically makes a file subject to the
+default store asynchrony once another value has been set for the file.
+</UL>
+<P>To display the settings that currently apply to individual files or to all
+files, provide the command's arguments in certain combinations as
+specified in the <B>Output</B> section of this reference page.
+<P><STRONG>Cautions</STRONG>
+<P>For the following reasons, use of this command is not recommended in most
+cases.
+<P>In normal circumstances, an asynchronous setting results in the Cache
+Manager returning control to applications earlier than it otherwise does, but
+this is not guaranteed.
+<P>If a delayed write fails, there is no way to notify the application, since
+the <B>close</B> system call has already returned with a code indicating
+success.
+<P>Writing asynchronously increases the possibility that the user will not
+notice if a write operation makes the volume that houses the file exceed its
+quota. As always, the portion of the file that exceeds the
+volume's quota is lost, which prompts a message such as the
+following:
+<PRE> No space left on device
+
+</PRE>
+<P>To avoid losing data, it is advisable to verify that the volume housing the
+file has space available for the amount of data anticipated to be
+written.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-kbytes
+</B><DD>Specifies the number of kilobytes of data from each file named by the
+<B>-files</B> argument that can remain to be written to the file server
+when the Cache Manager returns control to an application program that closed
+the file. The <B>-files</B> argument is required along with this
+argument. Provide an integer from the range <B>0</B> (which
+reinstates the Cache Manager's default behavior or writing synchronously)
+to the maximum AFS file size.
+<P><DT><B>-files
+</B><DD>Names each file to which the value set with the <B>-kbytes</B>
+argument applies. The setting persists as long as there is an entry for
+the file in the kernel table that the Cache Manager uses to track certain
+information about files. Because closing a file generally erases the
+entry, when reopening a file the only way to guarantee that the setting still
+applies is to reissue the command. If this argument is provided without
+the <B>-kbytes</B> argument, the command reports the current setting for
+the specified files, and the default store asynchrony.
+<P><DT><B>-allfiles
+</B><DD>Sets the default store asynchrony for the local machine, which is the
+number of kilobytes of data that can remain to be written to the file server
+when the Cache Manager returns control to the application program that closed
+a file. The value applies to all AFS files manipulated by applications
+running on the machine, except those for which settings have been made with
+the <B>-kbytes</B> and <B>-files</B> arguments. Provide an
+integer from the range <B>0</B> (which indicates the default of
+synchronous writes) to the maximum AFS file size.
+<P><DT><B>-verbose
+</B><DD>Produces output confirming the settings made with the accompanying
+<B>-kbytes</B> and <B>-files</B> arguments, the <B>-allfiles</B>
+argument, or all three. If provided by itself, reports the current
+default store asynchrony.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If none of the command's options are included, or if only the
+<B>-verbose</B> flag is included, the following message reports the
+default store asynchrony (the setting that applies to all files manipulated by
+applications running on the local machine and for which not more specific
+asynchrony is set).
+<PRE> Default store asynchrony is <VAR>x</VAR> kbytes.
+
+</PRE>
+<P>A value of <TT>0</TT> (zero) indicates synchronous writes and is the
+default if no one has included the <B>-allfiles</B> argument on this
+command since the machine last rebooted.
+<P>If the <B>-files</B> argument is provided without the
+<B>-kbytes</B> argument, the output reports the value that applies to each
+specified file along with the default store asynchrony. If a particular
+value has previously been set for a file, the following message reports
+it:
+<PRE> Will store up to <VAR>y</VAR> kbytes of <VAR>file</VAR> asynchronously.
+ Default store asynchrony is <VAR>x</VAR> kbytes.
+
+</PRE>
+<P>If the default store asynchrony applies to a file because no explicit
+<B>-kbytes</B> value has been set for it, the message is instead as
+follows:
+<PRE> Will store <VAR>file</VAR> according to default.
+ Default store asynchrony is <VAR>x</VAR> kbytes.
+
+</PRE>
+<P>If the <B>-verbose</B> flag is combined with arguments that set values
+(<B>-files</B> and <B>-kbytes</B>, or <B>-allfiles</B>, or all
+three), there is a message that confirms immediately that the setting has
+taken effect. When included without other arguments or flags, the
+<B>-verbose</B> flag reports the default store asynchrony only.
+<P><STRONG>Examples</STRONG>
+<P>The following command enables the Cache Manager to return control to the
+application program that closed the file <B>test.data</B> when 100
+kilobytes still remain to be written to the File Server. The
+<B>-verbose</B> flag produces output that confirms the new setting, and
+that the default store asynchrony is zero.
+<PRE> % <B>fs storebehind -kbytes 100 -files test.data -verbose</B>
+ Will store up to 100 kbytes of test.data asynchronously.
+ Default store asynchrony is 0 kbytes.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To include the <B>-allfiles</B> argument, the issuer must be logged in
+as the local superuser <B>root</B>.
+<P>To include the <B>-kbytes</B> and <B>-files</B> arguments, the
+issuer must either be logged in as the local superuser <B>root</B> or have
+the <B>w</B> (<B>write</B>) permission on the ACL of each file's
+directory.
+<P>To view the current settings (by including no arguments, the
+<B>-file</B> argument alone, or the <B>-verbose</B> argument alone),
+no privilege is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf163.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf165.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf164.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf166.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_SYSNAME" HREF="auarf002.htm#ToC_179">fs sysname</A></H2>
+<A NAME="IDX4987"></A>
+<A NAME="IDX4988"></A>
+<A NAME="IDX4989"></A>
+<A NAME="IDX4990"></A>
+<A NAME="IDX4991"></A>
+<A NAME="IDX4992"></A>
+<A NAME="IDX4993"></A>
+<A NAME="IDX4994"></A>
+<A NAME="IDX4995"></A>
+<A NAME="IDX4996"></A>
+<A NAME="IDX4997"></A>
+<A NAME="IDX4998"></A>
+<A NAME="IDX4999"></A>
+<A NAME="IDX5000"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports or sets the CPU/operating system type
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs sysname</B> [<B>-newsys</B> <<VAR>new sysname</VAR>>] [<B>-help</B>]
+
+<B>fs sy</B> [<B>-n</B> <<VAR>new sysname</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs sysname</B> command sets or displays the local machine's
+CPU/operating system type as recorded in kernel memory. The Cache
+Manager substitutes the string for the <VAR>@sys</VAR> variable which can occur
+in AFS pathnames; the <I>IBM AFS Quick Beginnings</I> and <I>IBM
+AFS Administration Guide</I> explain how using <VAR>@sys</VAR> can simplify
+cell configuration. It is best to use it sparingly, however, because it
+can make the effect of changing directories unpredictable.
+<P>The command always applies to the local machine only. If issued on
+an NFS client machine accessing AFS via the NFS/AFS Translator, the string is
+set or reported for the NFS client machine. The Cache Manager on the
+AFS client machine serving as the NFS client's NFS/AFS translator machine
+stores the value in its kernel memory, and so can provide the NFS client with
+the proper version of program binaries when the user issues commands for which
+the pathname to the binaries includes <I>@sys</I>. There is a
+separate record for each user logged into the NFS client, which implies that
+if a user adopts a new identity (UNIX UID) during a login session on the NFS
+client--perhaps by using the UNIX <B>su</B> command--he or she
+must verify that the correct string is set for the new identity also.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-newsys
+</B><DD>Sets the CPU/operating system indicator string for the local
+machine. If this argument is omitted, the output displays the current
+setting instead. AFS uses a standardized set of strings; consult
+the <I>IBM AFS Quick Beginnings</I> or <I>AFS Release
+Notes</I>.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>When the <B>-newsys</B> argument is omitted, the output reports the
+machine's system type in the following format:
+<PRE> Current sysname is '<VAR>system_type</VAR>'
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output produced on a Sun SPARCStation
+running Solaris 5.7:
+<PRE> % <B>fs sysname</B>
+ Current sysname is 'sun4x_57'
+
+</PRE>
+<P>The following command defines a machine to be a IBM RS/6000 running AIX
+4.2:
+<PRE> % <B>fs sysname -newsys rs_aix42</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To display the current setting, no privilege is required. To include
+the <B>-newsys</B> argument on an AFS client machine, the issuer must be
+logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf139.htm#HDRFS_EXPORTAFS">fs exportafs</A>
+<P><A HREF="auarf234.htm#HDRSYS">sys</A>
+<P><I>IBM AFS Quick Beginnings</I>
+<P><I>IBM AFS Administration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf164.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf166.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf165.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf167.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_WHEREIS" HREF="auarf002.htm#ToC_180">fs whereis</A></H2>
+<A NAME="IDX5001"></A>
+<A NAME="IDX5002"></A>
+<A NAME="IDX5003"></A>
+<A NAME="IDX5004"></A>
+<A NAME="IDX5005"></A>
+<A NAME="IDX5006"></A>
+<A NAME="IDX5007"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports the name of each file server machine housing a file or directory
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs whereis</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs whe</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs whereis</B> command returns the name of each file server
+machine that houses the volume containing each directory or file named by the
+<B>-path</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each AFS file or directory for which to return the host file server
+machine. Partial pathnames are interpreted relative to the current
+working directory, which is also the default value if this argument is
+omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes a line for each specified directory or file. It
+names the file server machine on which the volume that houses the specified
+directory or file resides. A list of multiple machines indicates that
+the directory or file is in a replicated volume.
+<P>Machine names usually have a suffix indicating their cell
+membership. If the cell is not clear, use the <B>fs whichcell</B>
+command to display the cell in which the directory or file resides. To
+display the cell membership of the local machine, use the <B>fs wscell</B>
+command.
+<P><STRONG>Examples</STRONG>
+<P>The following example indicates that volume housing the directory
+<B>/afs/abc.com</B> resides is replicated on both
+<B>fs1.abc.com</B> and
+<B>fs3.abc.com</B>:
+<PRE> % <B>fs whereis -path /afs/abc.com</B>
+ File /afs/abc.com is on hosts fs1.abc.com fs3.abc.com
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf167.htm#HDRFS_WHICHCELL">fs whichcell</A>
+<P><A HREF="auarf168.htm#HDRFS_WSCELL">fs wscell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf165.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf167.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf166.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf168.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_WHICHCELL" HREF="auarf002.htm#ToC_181">fs whichcell</A></H2>
+<A NAME="IDX5008"></A>
+<A NAME="IDX5009"></A>
+<A NAME="IDX5010"></A>
+<A NAME="IDX5011"></A>
+<A NAME="IDX5012"></A>
+<A NAME="IDX5013"></A>
+<A NAME="IDX5014"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Returns the name of the cell to which a file or directory belongs
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs whichcell</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fs whi </B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs whichcell</B> command returns the name of the cell in which
+the volume that houses each indicated directory or file resides.
+<P>To display the file server machine on which the volume housing a directory
+or file resides, use the <B>fs whichcell</B> command. To display
+the cell membership of the local machine, use the <B>fs wscell</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-path
+</B><DD>Names each AFS file or directory for which to return the cell
+membership. Partial pathnames are interpreted relative to the current
+working directory, which is also the default value if this argument is
+omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes a line for each directory or file, naming the cell to
+which the volume that houses the directory or file resides.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows that the current working directory resides in a
+volume in the ABC Corporation cell:
+<PRE> % <B>fs whichcell</B>
+ File . lives in cell 'abc.com'
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf168.htm#HDRFS_WSCELL">fs wscell</A>
+<P><A HREF="auarf166.htm#HDRFS_WHEREIS">fs whereis</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf166.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf168.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf167.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf169.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_WSCELL" HREF="auarf002.htm#ToC_182">fs wscell</A></H2>
+<A NAME="IDX5015"></A>
+<A NAME="IDX5016"></A>
+<A NAME="IDX5017"></A>
+<A NAME="IDX5018"></A>
+<A NAME="IDX5019"></A>
+<A NAME="IDX5020"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Returns the name of the cell to which a machine belongs
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs wscell</B> [<B>-help</B>]
+
+<B>fs ws</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs wscell</B> command returns the name of the local
+machine's home cell.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output displays the contents of the local
+<B>/usr/vice/etc/ThisCell</B> file, in the format
+<PRE> This workstation belongs to cell '<VAR>cellname</VAR>'
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example results when the <B>fs wscell</B> is issued on a
+machine in the State University cell:
+<PRE> % <B>fs wscell</B>
+ This workstation belongs to cell 'stateu.edu'
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf166.htm#HDRFS_WHEREIS">fs whereis</A>
+<P><A HREF="auarf167.htm#HDRFS_WHICHCELL">fs whichcell</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf167.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf169.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf168.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf170.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_INTRO" HREF="auarf002.htm#ToC_183">fstrace</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5021"></A>
+<A NAME="IDX5022"></A>
+<A NAME="IDX5023"></A>
+<A NAME="IDX5024"></A>
+<A NAME="IDX5025"></A>
+<A NAME="IDX5026"></A>
+<P>Introduction to the <B>fstrace</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>fstrace</B> command suite are the interface that
+system administrators employ to trace Cache Manager operations for debugging
+purposes. Examples of Cache Manager operations are fetching file data
+or the status information used to produce output for the UNIX <B>ls</B>
+command.
+<P>The <B>fstrace</B> command interpreter defines an extensive set of
+Cache Manager operations as the <B>cm</B> <I>event set</I>.
+When the event set is activated, the Cache Manager writes a message to the
+<B>cmfx</B> <I>trace log</I> in kernel memory each time it performs
+one of the defined operations. The log expands only to a defined size
+(by default, 60 KB), after which it is overwritten in a circular fashion (new
+trace messages overwrite the oldest ones). If an operation of
+particular interest occurs, the administrator can afterward display the log on
+the standard output stream or write it to a file for later study. For
+more specific procedural instructions, see the <I>IBM AFS Administration
+Guide</I>.
+<P>There are several categories of commands in the <B>fstrace</B> command
+suite:
+<UL>
+<P><LI>Commands to administer or display information about the trace log:
+<P><B>fstrace clear</B>, <B>fstrace lslog</B>, <B>fstrace
+setlog</B>
+<P><LI>Commands to set or display the status of the event set:
+<P><B>fstrace lsset</B> and <B>fstrace setset</B>
+<P><LI>A command to display the contents of the trace log: <B>fstrace
+dump</B>
+<P><LI>Commands to obtain help: <B>fstrace apropos</B> and <B>fstrace
+help</B>
+</UL>
+<P><STRONG>Options</STRONG>
+<P>All <B>fstrace</B> commands accept the following optional flag.
+It is listed in the command descriptions and described in detail here:
+<A NAME="IDX5027"></A>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>To issue most <B>fstrace</B> commands, the issuer must be logged on as
+the local superuser <B>root</B> on the machine that is generating the
+trace log.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf170.htm#HDRFSTRACE_APROPOS">fstrace apropos</A>
+<P><A HREF="auarf171.htm#HDRFSTRACE_CLEAR">fstrace clear</A>
+<P><A HREF="auarf172.htm#HDRFSTRACE_DUMP">fstrace dump</A>
+<P><A HREF="auarf173.htm#HDRFSTRACE_HELP">fstrace help</A>
+<P><A HREF="auarf174.htm#HDRFSTRACE_LSLOG">fstrace lslog</A>
+<P><A HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<P><A HREF="auarf176.htm#HDRFSTRACE_SETLOG">fstrace setlog</A>
+<P><A HREF="auarf177.htm#HDRFSTRACE_SETSET">fstrace setset</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf168.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf170.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf169.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf171.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_APROPOS" HREF="auarf002.htm#ToC_184">fstrace apropos</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5028"></A>
+<A NAME="IDX5029"></A>
+<A NAME="IDX5030"></A>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>fstrace ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace apropos</B> command displays the first line of the
+online help entry for any <B>fstrace</B> command that contains in its name
+or short description the string specified with the <B>-topic</B>
+argument.
+<P>To display a command's complete syntax, use the <B>fstrace
+help</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>fstrace</B> command where the string specified with the
+<B>-topic</B> argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>fstrace</B> commands that include
+the word <B>set</B> in their names or short descriptions:
+<PRE> % <B>fstrace apropos set</B>
+ clear: clear logs by logname or by event set
+ lsset: list available event sets
+ setlog: set the size of a log
+ setset: set state of event sets
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf173.htm#HDRFSTRACE_HELP">fstrace help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf169.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf171.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf170.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf172.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_CLEAR" HREF="auarf002.htm#ToC_185">fstrace clear</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Clears the trace log
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace clear</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-log</B> <<VAR>log_name</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fstrace c</B> [<B>-s</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-l</B> <<VAR>log_name</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace clear</B> command erases the contents of the trace log
+from kernel memory, but leaves kernel memory allocated for the log.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-set
+</B><DD>Names the event set for which to clear the associated trace log.
+The only acceptable value is <B>cm</B> (for which the associated trace log
+is <B>cmfx</B>). Provide either this argument or the
+<B>-log</B> argument, or omit both to clear the <B>cmfx</B> log by
+default.
+<P><DT><B>-log
+</B><DD>Names the trace log to clear. The only acceptable value is
+<B>cmfx</B>. Provide either this argument or the <B>-set</B>
+argument, or omit both to clear the <B>cmfx</B> log by default.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command clears the <B>cmfx</B> trace log on the local
+machine:
+<PRE> # <B>fstrace clear</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf174.htm#HDRFSTRACE_LSLOG">fstrace lslog</A>
+<P><A HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf170.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf172.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf171.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf173.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_DUMP" HREF="auarf002.htm#ToC_186">fstrace dump</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5031"></A>
+<A NAME="IDX5032"></A>
+<P>Dumps a trace log
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace dump</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-follow</B> <<VAR>log_name</VAR>>]
+ [<B>-file</B> <<VAR>output_filename</VAR>>]
+ [<B>-sleep</B> <<VAR>seconds_between_reads</VAR>>] [<B>-help</B>]
+
+<B>fstrace d</B> [<B>-se</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-fo</B> <<VAR>log_name</VAR>>] [<B>-fi</B> <<VAR>output_filename</VAR>>]
+ [<B>-sl</B> <<VAR>seconds_between_reads</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace dump</B> command displays the current contents of the
+<B>cmfx</B> trace log on the standard output stream or writes it to the
+file named by the <B>-file</B> argument.
+<P>To write the log continuously to the standard output stream or to a file,
+use the <B>-follow</B> argument. By default, the log's
+contents are written out every ten seconds and then automatically
+cleared. To change the interval between writes, use the
+<B>-sleep</B> argument.
+<P><STRONG>Cautions</STRONG>
+<P>This command produces output only if the <B>cm</B> event set is
+active. To display or set the event set's state, use the
+<B>fstrace lsset</B> or <B>fstrace setset</B> command
+respectively.
+<P>To make the output from this command maximally readable, the message
+catalog file called <B>afszcm.cat</B> must reside in the local
+<B>/usr/vice/etc/C</B> directory. If necessary, copy the file to
+that directory from the AFS Binary Distribution before activating
+tracing.
+<P>When the <B>cm</B> event set is active, a defined amount of kernel
+memory (by default, 60 KB) is allocated for the <B>cmfx</B> trace
+log. As described on the introductory <B>fstrace</B> reference
+page, when the buffer is full, messages are overwritten in a circular fashion
+(new messages overwrite the oldest ones). To allocate more kernel
+memory for the log, use the <B>fstrace setlog</B> command; to display
+the log buffer's current size, use the <B>fstrace lslog</B> command
+with the <B>-long</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-set
+</B><DD>Names the event set for which to write out the associated trace
+log. The only acceptable value is <B>cm</B> (for which the
+associated trace log is <B>cmfx</B>). Provide either this argument
+or the <B>-log</B> argument, or omit both to write out the <B>cmfx</B>
+log by default.
+<P><DT><B>-follow
+</B><DD>Names the trace log to write out continuously at a specified interval (by
+default, every ten seconds; use the <B>-sleep</B> argument to change
+the interval). The log is cleared after each write operation.
+<P>The only acceptable value is <B>cmfx</B>. Provide either this
+argument or the <B>-set</B> argument, or omit both to write out the
+<B>cmfx</B> log by default.
+<P><DT><B>-file
+</B><DD>Specifies the pathname of the file to which to write the trace log's
+contents. It can be in AFS or on the local disk. Partial
+pathnames are interpreted relative to the current working directory. If
+this argument is omitted, the trace log appears on the standard output
+stream.
+<P><DT><B>-sleep
+</B><DD>Sets the number of seconds between writes of the trace log's contents
+when it is dumped continuously. Provide the <B>-follow</B> argument
+along with this one. If this argument is omitted, the default interval
+is ten seconds.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output begins with a header specifying the date and time at which the
+write operation began. If the <B>-follow</B> argument is not
+included, the header also reports the number of logs being dumped; it is
+always <TT>1</TT>, since there is only the <B>cmfx</B> trace log.
+The format of the header is as follows:
+<PRE> AFS Trace Dump -
+ Date: <VAR>starting_timestamp</VAR>
+ Found 1 logs.
+ Contents of log cmfx:
+
+</PRE>
+<P>Each subsequent message describes a Cache Manager operation in the
+following format:
+<PRE> time <VAR>timestamp</VAR>, pid <VAR>pid</VAR>:<VAR>event_message</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>timestamp</VAR>
+</B><DD>Specifies the time at which the Cache Manager performed the operation, as
+the number of seconds since the dump began
+<P><DT><B><VAR>pid</VAR>
+</B><DD>Specifies the process ID of the process or thread associated with the
+message
+<P><DT><B><VAR>event_message</VAR>
+</B><DD>Is the message itself. They are generally meaningful only to
+someone familiar with the AFS source code.
+</DL>
+<P>In addition, every 1024 seconds the <B>fstrace</B> command interpreter
+writes a message that records the current clock time, in the following
+format:
+<PRE> time <VAR>timestamp</VAR>, pid <VAR>pid</VAR>: Current time: <VAR>unix_time</VAR>
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>timestamp</VAR>
+</B><DD>Is the number of seconds from the start of trace logging
+<P><DT><B><VAR>pid</VAR>
+</B><DD>Is the process ID number
+<P><DT><B><VAR>unix_time</VAR>
+</B><DD>Is the machine's clock time, represent in the standard UNIX time
+format as the number of seconds since midnight on January 1, 1970.
+</DL>
+<P>Use this message to determine the actual clock time associated with each
+log message. Determine the actual time as follows:
+<OL TYPE=1>
+<P><LI>Locate the message of interest.
+<P><LI>Search backward through the trace file for the closest current time
+message.
+<P><LI>If the current time message's <VAR>timestamp</VAR> is smaller than the
+log message's <VAR>timestamp</VAR>, subtract former from the latter.
+If the current time message's <VAR>timestamp</VAR> is larger than the log
+message's <VAR>timestamp</VAR>, add 1024 to the latter and subtract the
+former from the result.
+<P><LI>Add the resulting number to the current time message's
+<VAR>unix_time</VAR> to determine the log message's actual time.
+</OL>
+<P>If any of the data in the kernel trace buffer has been overwritten since
+tracing was activated, the following message appears at the appropriate place
+in the output:
+<PRE> Log wrapped; data missing.
+
+</PRE>
+<P>To reduce the likelihood of overwriting, use the <B>fstrace setlog</B>
+command to increase the kernel buffer's size. To display the
+current defined buffer size, use the <B>fstrace lslog</B> command with the
+<B>-long</B> argument.
+<P>The following message at the end of the log dump indicates that it is
+completed:
+<PRE> AFS Trace Dump - Completed
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command dumps the log associated with the <B>cm</B> event
+set to the standard output stream.
+<PRE> # <B>fstrace dump -set cm</B>
+ AFS Trace Dump -
+ Date: Tue Apr 7 10:54:57 1998
+ Found 1 logs.
+ time 32.965783, pid 0: Tue Apr 7 10:45:52 1998
+ time 32.965783, pid 33657: Close 0x5c39ed8 flags 0x20
+ time 32.965897, pid 33657: Gn_close vp 0x5c39ed8 flags 0x20 (returns 0x0)
+ time 35.159854, pid 10891: Breaking callback for 5bd95e4 states 1024 (volume 0)
+ time 35.407081, pid 10891: Breaking callback for 5c0fadc states 1024 (volume 0)
+ .
+ .
+ .
+ time 71.440456, pid 33658: Lookup adp 0x5bbdcf0 name g3oCKs \
+ fid (756 4fb7e:588d240.2ff978a8.6)
+ time 71.440569, pid 33658: Returning code 2 from 19
+ time 71.440619, pid 33658: Gn_lookup vp 0x5bbdcf0 name g3oCKs (returns 0x2)
+ time 71.464989, pid 38267: Gn_open vp 0x5bbd000 flags 0x0 (returns 0x0)
+ AFS Trace Dump - Completed
+
+</PRE>
+<P>The following command dumps the trace log associated with the <B>cm</B>
+event set on the local machine to the file
+<B>cmfx.dump.file.1</B>, using the default interval
+of 10 seconds between successive dumps:
+<PRE> # <B>fstrace dump -follow cmfx -file cmfx.dump.file.1</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf041.htm#HDRAFSZCM">afszcm.cat</A>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf174.htm#HDRFSTRACE_LSLOG">fstrace lslog</A>
+<P><A HREF="auarf176.htm#HDRFSTRACE_SETLOG">fstrace setlog</A>
+<P><A HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf171.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf173.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf172.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf174.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_HELP" HREF="auarf002.htm#ToC_187">fstrace help</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5033"></A>
+<A NAME="IDX5034"></A>
+<A NAME="IDX5035"></A>
+<P>Displays the syntax of specified <B>fstrace</B> commands or lists
+functional descriptions of all <B>fstrace</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fstrace h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>fstrace</B>
+command.
+<P>To list every <B>fstrace</B> command whose name or short description
+includes a specified keyword, use the <B>fstrace apropos</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>fstrace</B> part of the command name, providing
+only the operation code (for example, specify <B>clear</B>, not
+<B>fstrace clear</B>). If this argument is omitted, the output
+briefly describes every <B>fstrace</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>fstrace</B> command consists of two
+or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>fstrace
+setset</B> command:
+<PRE> %<B> fstrace help -topic setset</B>
+ fstrace setset: set state of event sets
+ Usage: fstrace setset [-set <set_name><SUP>+</SUP>] [-active] [-inactive]
+ [-dormant] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf170.htm#HDRFSTRACE_APROPOS">fstrace apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf172.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf174.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf173.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf175.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_LSLOG" HREF="auarf002.htm#ToC_188">fstrace lslog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5036"></A>
+<A NAME="IDX5037"></A>
+<P>Displays information about a log
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace lslog</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-log</B> <<VAR>log_name</VAR>>] [<B>-long</B>] [<B>-help</B>]
+
+<B>fstrace lsl</B> [<B>-s</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-log</B> <<VAR>log_name</VAR>>] [<B>-lon</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace lslog</B> command reports whether the <B>cmfx</B>
+log is available for use. If the <B>-long</B> argument is included,
+the output reports the log's defined size, and whether that amount of
+space is currently allocated in kernel memory or not.
+<P>To change the <B>cmfx</B> trace log's size, use the <B>fstrace
+setlog</B> command. To display or set whether space is allocated for
+it in kernel memory, use the <B>fstrace lsset</B> or <B>fstrace
+setset</B> command to display or set the state of the corresponding
+<B>cm</B> event set, respectively.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-set
+</B><DD>Names the event set for which to display information about the
+corresponding trace log. The only acceptable value is <B>cm</B>
+(for which the associated trace log is <B>cmfx</B>). Provide either
+this argument or the <B>-log</B> argument, or omit both to display
+information about the <B>cmfx</B> log by default.
+<P><DT><B>-log
+</B><DD>Names the trace log about which to report. The only acceptable
+value is <B>cmfx</B>. Provide either this argument or the
+<B>-set</B> argument, or omit both to report on the <B>cmfx</B> log by
+default.
+<P><DT><B>-long
+</B><DD>Reports the defined size of the log in kilobyte units and whether that
+amount of space is currently allocated in kernel memory.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>By default, the <B>fstrace lslog</B> command displays only the name of
+the available log, <B>cmfx</B>, in the following format:
+<PRE> Available logs:
+ cmfx
+
+</PRE>
+<P>When the <B>-long</B> flag is included, the output also reports the
+defined size of the log in kilobytes, and whether or not that amount of space
+is currently allocated in kernel memory, in the following format:
+<PRE> Available logs:
+ cmfx : <VAR>log_size</VAR> kbytes (allocated | unallocated)
+
+</PRE>
+<P>The <TT>allocated</TT> state indicates that the indicated number of
+kilobytes is reserved for the <B>cmfx</B> trace log in kernel
+memory. The <B>cm</B> event set's state is either
+<TT>active</TT> or <TT>inactive</TT>, as reported by the <B>fstrace
+lsset</B> command, and set by the <B>fstrace setset</B> command's
+<B>-active</B> or <B>-inactive</B> flags respectively.
+<P>The <TT>unallocated</TT> state indicates that no kernel memory is
+currently reserved for the <B>cmfx</B> trace log. The <B>cm</B>
+event set's state is <TT>dormant</TT>, as reported by the <B>fstrace
+lsset</B> command and set by the <B>fstrace setset</B> command's
+<B>-dormant</B> flag. If the event set's state is later
+changed to active or inactive, the number of kilobytes indicated as
+<VAR>log_size</VAR> are again allocated in kernel memory.
+<P><STRONG>Examples</STRONG>
+<P>The following example uses the <B>-long</B> flag to display information
+about the <B>cmfx</B> log:
+<PRE> # <B>fstrace lslog -log cmfx -long</B>
+ Available logs:
+ cmfx : 60 kbytes (allocated)
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<P><A HREF="auarf176.htm#HDRFSTRACE_SETLOG">fstrace setlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf173.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf175.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf174.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf176.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_LSSET" HREF="auarf002.htm#ToC_189">fstrace lsset</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5038"></A>
+<A NAME="IDX5039"></A>
+<P>Reports the status of an event set
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace lsset</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>fstrace lss</B> [<B>-s</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace lsset</B> command displays a list of the available event
+sets and reports their current status (active, inactive, or dormant).
+<P>To change an event set's status, use the <B>fstrace setset</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-set
+</B><DD>Names the event set for which to display the status. The only
+acceptable value is <B>cm</B>, which is also the default if this argument
+is omitted.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output lists the available event sets and the status of each, in the
+following format:
+<PRE> Available sets:
+ cm {active | inactive | dormant}
+
+</PRE>
+<P>where
+<DL>
+<P><DT><B><TT>active</TT>
+</B><DD>Indicates that tracing is enabled for the event set, and kernel memory
+allocated for the corresponding trace log.
+<P><DT><B><TT>inactive</TT>
+</B><DD>Indicates that tracing is temporarily disabled for the event set, but
+kernel memory still allocated for the corresponding trace log.
+<P><DT><B><TT>dormant</TT>
+</B><DD>Indicates that tracing is disabled for the event set, and no kernel memory
+allocated for the corresponding trace log.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the available event set and its
+status:
+<PRE> # <B>fstrace lsset</B>
+ Available sets:
+ cm active
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf177.htm#HDRFSTRACE_SETSET">fstrace setset</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf174.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf176.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf175.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf177.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_SETLOG" HREF="auarf002.htm#ToC_190">fstrace setlog</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5040"></A>
+<A NAME="IDX5041"></A>
+<P>Sets the size of a trace log
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace setlog</B> [<B>-log</B> <<VAR>log_name</VAR>><SUP>+</SUP>] <B>-buffersize</B> <<VAR>1-kilobyte_units</VAR>> [<B>-help</B>]
+
+<B>fstrace setl</B> [<B>-l</B> <<VAR>log_name</VAR>><SUP>+</SUP>] <B>-b</B> <<VAR>1-kilobyte_units</VAR>> [<B>-h</B>]
+
+<B>fstrace sl</B> [<B>-l</B> <<VAR>log_name</VAR>><SUP>+</SUP>] <B>-b</B> <<VAR>1-kilobyte_units</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace setlog</B> command defines the number of kilobytes of
+kernel memory allocated for the <B>cmfx</B> trace log. If kernel
+memory is currently allocated, the command clears the current log and creates
+a new log buffer of the specified size.
+<P>To display the current defined size of the log buffer, issue the
+<B>fstrace lslog</B> command with the <B>-long</B> argument. To
+control whether the indicated amount of space is actually allocated, use the
+<B>fstrace setset</B> command to set the status of the <B>cm</B> event
+set; to display the event set's status, use the <B>fstrace
+lsset</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-log
+</B><DD>Names trace log for which to set the size. The only acceptable
+value is <B>cmfx</B>, which is also the default if this argument is
+omitted.
+<P><DT><B>-buffersize
+</B><DD>Specifies the number of 1-kilobyte blocks of kernel memory to allocate for
+the trace log.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command allocated 80 KB of kernel memory for the
+<B>cmfx</B> trace log:
+<PRE> # <B>fstrace setlog -log cmfx -buffersize 80</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf174.htm#HDRFSTRACE_LSLOG">fstrace lslog</A>
+<P><A HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<P><A HREF="auarf177.htm#HDRFSTRACE_SETSET">fstrace setset</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf175.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf177.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf176.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf178.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFSTRACE_SETSET" HREF="auarf002.htm#ToC_191">fstrace setset</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5042"></A>
+<A NAME="IDX5043"></A>
+<P>Sets the status of an event set
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fstrace setset</B> [<B>-set</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-active</B>] [<B>-inactive</B>] [<B>-dormant</B>] [<B>-help</B>]
+
+<B>fs set</B> [<B>-s</B> <<VAR>set_name</VAR>><SUP>+</SUP>] [<B>-a</B>] [<B>-i</B>] [<B>-d</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fstrace setset</B> command sets the status of the <B>cm</B>
+kernel event set on the local machine, which determines whether trace messages
+are recorded in the log buffer in kernel memory.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-set
+</B><DD>Names the event set for which to set the status. The only
+acceptable value <B>cm</B>, which is also the default if this argument is
+omitted.
+<P><DT><B>-active
+</B><DD>Enables tracing for the event set and allocates kernel memory for the
+associated trace log buffer. Provide one of this flag, the
+<B>-inactive</B> flag, or the <B>-dormant</B> flag.
+<P><DT><B>-inactive
+</B><DD>Temporarily disables tracing for the event set, but does not change the
+allocation of kernel memory for the associated trace log buffer.
+Provide one of this flag, the <B>-active</B> flag, or the
+<B>-dormant</B> flag.
+<P><DT><B>-dormant
+</B><DD>Disables tracing for the event set and frees the kernel memory previously
+allocated for the associated trace log buffer. Provide one of this
+flag, the <B>-active</B> flag, or the <B>-inactive</B> flag.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example sets the <B>cm</B> event set's status to
+<B>inactive</B>:
+<PRE> #<B> fstrace setset -set cm -inactive</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P><A HREF="auarf175.htm#HDRFSTRACE_LSSET">fstrace lsset</A>
+<P><A HREF="auarf176.htm#HDRFSTRACE_SETLOG">fstrace setlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf176.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf178.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf177.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf179.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFTPD" HREF="auarf002.htm#ToC_192">ftpd (AFS version)</A></H2>
+<A NAME="IDX5044"></A>
+<A NAME="IDX5045"></A>
+<A NAME="IDX5046"></A>
+<A NAME="IDX5047"></A>
+<A NAME="IDX5048"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Internet File Transfer Protocol server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>ftpd</B> [<B>-d</B>] [<B>-l</B>] [<B>-t</B> <<VAR>timeout</VAR>>] [<B>-v</B>] [<B>-T</B> <<VAR>MaxTimeOut</VAR>>] [<B>-u</B>] [<B>-s</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The AFS-modified <B>ftpd</B> program functions like the standard UNIX
+<B>ftpd</B> program, but also authenticates the issuer of the
+<B>ftp</B> command (who is presumably working on a remote machine) with
+the Authentication Server in the local cell (the home cell of the machine
+where the <B>ftpd</B> process is running, as defined in the local
+<B>/usr/vice/etc/ThisCell</B> file). The authentication is based on
+the user name and password provided at the <TT>ftp></TT> prompts on the
+remote machine. The Cache Manager on the machine running the
+<B>ftpd</B> process stores the newly created token, identifying it by
+process authentication group (PAG) rather than by the user's UNIX
+UID.
+<P>The issuer of the <B>ftp</B> command can be working in a foreign cell,
+as long as the user name and password provided are valid in the cell where the
+<B>ftpd</B> process is running. If the user name under which the
+<B>ftp</B> command is issued does not exist in the Authentication Database
+for the cell where the <B>ftpd</B> process is running, or the issuer
+provides the wrong password, then the <B>ftpd</B> process logs the user
+into the local file system of the machine where the <B>ftpd</B> process is
+running. The success of this local login depends on the user name
+appearing in the local password file and on the user providing the correct
+local password. In the case of a local login, AFS server processes
+consider the issuer of the <B>ftp</B> command to be the user
+<B>anonymous</B>.
+<P>In the recommended configuration, the AFS version of the <B>ftpd</B>
+process is substituted for the standard version (only one of the versions can
+run at a time). The administrator then has two choices:
+<UL>
+<P><LI>Name the binary for the AFS version something like
+<B>ftpd.afs</B>, leaving the standard version as the
+<B>ftpd</B> process. Change the <B>inetd.conf</B>
+configuration file to refer to the <B>ftpd.afs</B> file rather than
+to the standard version.
+<P><LI>Rename the binary for the AFS version to the standard name (such as
+<B>ftpd</B>) and rename the binary for the standard version to something
+like <B>ftpd.orig</B>. No change to the
+<B>inetd.conf</B> file is necessary, but it is not as obvious that
+the standard version of the <B>ftpd</B> process is no longer in
+use.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>The AFS distribution does not include an AFS-modified version of this
+command for every system type. On system types that use an integrated
+authentication system, it is appropriate instead to control the
+<B>ftpd</B> daemon's handling of AFS authentication through the
+integrated system. For example, on system types that use the Pluggable
+Authentication Module (PAM), add an <B>ftpd</B> entry that references the
+AFS PAM module to the PAM configuration file. For instructions on
+incorporating AFS into a machine's integrated authentication system, see
+the <I>IBM AFS Quick Beginnings</I>.
+<P>Some system types impose the following requirement. If the issuer of
+the <B>ftp</B> command on the remote machine is using a shell other than
+<B>/bin/csh</B>, then the <B>/etc/shells</B> file on the local disk of
+the machine being accessed (the machine running the <B>ftpd</B> process)
+must include an entry for the alternate shell.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-d
+</B><DD>Directs debugging information to the system log daemon.
+<P><DT><B>-l
+</B><DD>Directs each FTP session to be logged to the system log daemon.
+<P><DT><B>-t
+</B><DD>Specifies a timeout period. By default, the FTP server will timeout
+an inactive session after 15 minutes.
+<P><DT><B>-v
+</B><DD>Same as <B>-d</B>.
+<P><DT><B>-T
+</B><DD>Specifies a timeout period in seconds. By default, the FTP server
+will timeout after 2 hours (7200 seconds).
+<P><DT><B>-s
+</B><DD>Turns on socket level debugging. Do not use this flag. It is
+valid only on an operating system level that AFS does not support.
+<P><DT><B>-u
+</B><DD>Specifies the default UNIX mode bit file mask to use.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>See the UNIX manual page for the <B>ftpd</B> process.
+<P><STRONG>Related Information</STRONG>
+<P>UNIX manual page for <B>ftp</B>
+<P>UNIX manual page for <B>ftpd</B>
+<P><I>IBM AFS Quick Beginnings</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf177.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf179.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf178.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf180.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRINETD" HREF="auarf002.htm#ToC_193">inetd (AFS version)</A></H2>
+<A NAME="IDX5049"></A>
+<A NAME="IDX5050"></A>
+<A NAME="IDX5051"></A>
+<A NAME="IDX5052"></A>
+<A NAME="IDX5053"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Internet service daemon
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>inetd</B> [<B>-d</B>] [<<VAR>configfile</VAR>>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The AFS-modified <B>inetd</B> program functions like the standard UNIX
+<B>inetd</B> program, but also enables users of the remote services it
+supports to access them as authenticated AFS users, provided that the
+supported services are also AFS-modified versions that pass AFS tokens
+(authentication information). Examples of supported services are the
+<B>rcp</B> and <B>rsh</B> programs.
+<P>The AFS <B>inetd</B> program can service the standard UNIX versions of
+the remote services, but it is instead recommended that the standard UNIX
+version of the <B>inetd</B> program be run in parallel with the AFS
+version. Name the AFS version something like
+<B>inetd.afs</B> and use it to service requests from AFS-modified
+programs; use the standard <B>inetd</B> program to service requests
+from standard UNIX programs. This separation requires using two
+different <B>inetd.conf</B> files, as described in the following
+section.
+<P><STRONG>Cautions</STRONG>
+<P>Several configuration changes are necessary for token passing to work
+correctly with the AFS version of the <B>inetd</B> program. There
+are possibly other UNIX-based requirements or restrictions not mentioned
+here; consult the UNIX manual page. (One important restriction is
+that there can be no blank lines in the configuration file other than at the
+end.)
+<P>The requirements and restrictions include the following. They assume
+that the <B>inetd.afs</B> process is running in parallel with the
+standard <B>inetd</B> process.
+<UL>
+<P><LI>For token passing to work, the request must come from the AFS version of
+the remote service (such as the AFS <B>rcp</B> or AFS <B>rsh</B>
+command). If the remote service is the standard UNIX version, it cannot
+pass a token. The issuer of the remote command is authenticated only in
+the local file system, not with AFS.
+<P><LI>The machine's initialization files (<B>/etc/rc</B> file or
+equivalent) must invoke both the standard <B>inetd</B> and
+<B>inetd.afs</B> programs.
+<P><LI>An AFS-specific <B>inetd.conf</B> file, perhaps called
+<B>inetd.conf.afs</B>, must exist alongside the standard
+one. When initializing the <B>inetd.afs</B> program, specify
+this configuration file rather than the standard one. Each line in the
+<B>inetd.conf.afs</B> file must include an additional field,
+fifth from the left, to specify the identity under which the program is to
+run. The normal choice is the local superuser <B>root</B>.
+The following sample shows the only lines that need to appear in this
+file:
+<PRE> ta-rauth stream tcp nowait root internal ta-rauth
+ shell stream tcp nowait root /usr/etc/rshd rshd
+ login stream tcp nowait root /usr/etc/rlogind rlogind
+</PRE>
+<P>Substitute appropriate values for the binary locations and names in the
+instructions, particularly for the <TT>shell</TT> and <TT>login</TT>
+processes. Include the <TT>login</TT> instruction only if the
+AFS-modified versions of login utilities are also in use in the cell;
+otherwise, refer to <TT>login</TT> in the standard
+<B>inetd.conf</B> instead.
+<P>Note also that some system types use different process names. For
+example, on Sun system types change <TT>rshd</TT> to
+<TT>in.rshd</TT> and <TT>rlogind.afs</TT> to
+<TT>in.rlogind.afs</TT> in the <TT>shell</TT> and
+<TT>login</TT> instructions, respectively.
+<P><LI>Edit the standard <B>inetd.conf</B> file (referenced by the
+standard <B>inetd</B> process): comment out the <TT>shell</TT>
+instruction and, if AFS-modified versions of login utilities are in use in the
+cell, the <TT>login</TT> instruction. The
+<B>inetd.conf.afs</B> file references these processes
+instead. Retain the <TT>login</TT> instruction if AFS-modified
+versions of login utilities are not being used. Alter the
+<TT>ftp</TT> instruction to refer to the AFS version of the <B>ftpd</B>
+process, if it is substituted for the standard version. Do not insert
+the extra fifth column into instructions in the standard
+<B>inetd.conf</B> file if it does not already appear there.
+See the following <B>Examples</B> section for an illustration.
+</UL>
+<P><STRONG>Options</STRONG>
+<P>See the UNIX manual page for the <B>inetd</B> program.
+<P><STRONG>Examples</STRONG>
+<P>The following are sample <B>inetd.conf.afs</B> and
+<B>inetd.conf</B> files, appropriate for use when the
+<B>inetd.afs</B> program is running in parallel with the standard
+<B>inetd</B> and AFS-modified login utilities are being used in the
+cell. Changes to the standard <B>inetd.conf</B> file include
+referencing the AFS version of the <B>ftpd</B> binary and commenting out
+the <TT>shell</TT> and <TT>login</TT> lines. The example
+<B>inetd.conf</B> file does not include the extra fifth
+column. Do not use these examples without modifying them appropriately
+for the local machine type or cell.
+<PRE> # AFS version of Internet server configuration database
+ #(EXAMPLE ONLY)
+ #
+ ta-rauth stream tcp nowait root internal ta-rauth
+ shell stream tcp nowait root /usr/etc/rshd rshd
+ login stream tcp nowait root /usr/etc/rlogind rlogind
+
+ # Standard version of Internet server configuration database
+ #(EXAMPLE ONLY)
+ #
+ ftp stream tcp nowait /etc/ftpd.afs ftpd.afs
+ telnet stream tcp nowait /etc/telnetd telnetd
+ #shell stream tcp nowait /etc/rshd rshd
+ #login stream tcp nowait /etc/rlogind rlogind
+ finger stream tcp nowait /usr/etc/fingd fingd
+ uucp stream tcp nowait /etc/uucpd uucpd
+ exec stream tcp nowait /etc/rexecd rexecd
+ comsat dgram udp wait /etc/comsat comsat
+ talk dgram udp wait /etc/talkd talkd
+ ntalk dgram udp wait /usr/etc/ntalkd talkd
+ time dgram udp wait /etc/miscd timed
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>See the UNIX manual page for the <B>inetd</B> program.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf228.htm#HDRRCP">rcp (AFS version)</A>
+<P><A HREF="auarf229.htm#HDRRSH">rsh (AFS version)</A>
+<P>UNIX manual page for <B>inetd</B>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf178.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf180.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf179.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf181.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKADB_CHECK" HREF="auarf002.htm#ToC_194">kadb_check</A></H2>
+<A NAME="IDX5054"></A>
+<A NAME="IDX5055"></A>
+<A NAME="IDX5056"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Checks the integrity of the Authentication Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kadb_check -database</B> <<VAR>kadb_file</VAR>> [<B>-uheader</B>] [<B>-kheader</B>] [<B>-entries</B>]
+ [<B>-verbose</B>] [<B>-rebuild</B> <<VAR>out_file</VAR>>] [<B>-help</B>]
+
+<B>kadb_check -d</B> <<VAR>kadb_file</VAR>> [<B>-u</B>] [<B>-k</B>] [<B>-e</B>] [<B>-v</B>] [<B>-r</B> <<VAR>out_file</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kadb_check</B> command checks the integrity of the Protection
+Database, reporting any errors or corruption it finds. If there are
+problems, do not issue any <B>kas</B> commands until the database is
+repaired.
+<P><STRONG>Cautions</STRONG>
+<P>The results can be unpredictable if the Authentication Server makes changes
+to the Authentication Database while this command is running. Use the
+<B>bos shutdown</B> command to shutdown the local <B>kaserver</B>
+process before running this command, or before creating a second copy of the
+<B>kaserver.DB0</B> file (with a different name) on which to run
+the command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-database
+</B><DD>Names the Authentication Database (copy of the
+<B>kaserver.DB0</B> file) to check. If the current working
+directory is not the location of the file, provide a pathname, either full or
+relative to the current working directory.
+<P><DT><B>-uheader
+</B><DD>Displays information which Ubik maintains in the database's
+header.
+<P><DT><B>-kheader
+</B><DD>Displays information which the Authentication Server maintains in the
+database's header.
+<P><DT><B>-entries
+</B><DD>Outputs every entry in the database, providing information similar to that
+returned by the <B>kas examine</B> command.
+<P><DT><B>-verbose
+</B><DD>Reports additional information about the database, including the number of
+free (allocated but unused) entries in the database.
+<P><DT><B>-rebuild
+</B><DD>Names the file in which to record a list of <B>kas</B> commands which,
+if issued in the command shell, recreate the current state of the database
+being verified. Partial pathnames are interpreted relative to the
+current working directory.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If there are errors in the database, the output always reports them on the
+standard error stream. If any options other than <B>-database</B>
+or <B>-help</B> are provided, the output written to the standard output
+stream includes additional information as described for each option in the
+preceding <B>Options</B> section of this reference page. The output
+is intended for debugging purposes and is meaningful to someone familiar with
+the internal structure of the Authentication Database.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf179.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf181.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf180.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf182.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_INTRO" HREF="auarf002.htm#ToC_195">kas</A></H2>
+<A NAME="IDX5057"></A>
+<A NAME="IDX5058"></A>
+<A NAME="IDX5059"></A>
+<A NAME="IDX5060"></A>
+<A NAME="IDX5061"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>kas</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>kas</B> command suite are the administrative
+interface to the Authentication Server, which runs on each database server
+machine in a cell, maintains the Authentication Database, and provides the
+authentication tickets that client applications must present to AFS servers in
+order to obtain access to AFS data and other services.
+<P>There are several categories of commands in the <B>kas</B> command
+suite:
+<UL>
+<P><LI>Commands to create, modify, examine and delete entries in the
+Authentication Database, including passwords: <B>kas create</B>,
+<B>kas delete</B>, <B>kas examine</B>, <B>kas list</B>, <B>kas
+setfields</B>, <B>kas setkey</B>, <B>kas setpassword</B>, and
+<B>kas unlock</B>
+<P><LI>Commands to create, delete, and examine tokens and server tickets:
+<B>kas forgetticket</B>, <B>kas listtickets</B>, <B>kas
+noauthentication</B>, and <B>kas stringtokey</B>
+<P><LI>A command to enter interactive mode: <B>kas interactive</B>
+<P><LI>A command to trace Authentication Server operations: <B>kas
+statistics</B>
+<P><LI>Commands to obtain help: <B>kas apropos</B> and <B>kas
+help</B>
+</UL>
+<P>Because of the sensitivity of information in the Authentication Database,
+the Authentication Server authenticates issuers of <B>kas</B> commands
+directly, rather than accepting the standard token generated by the Ticket
+Granting Service. Any <B>kas</B> command that requires
+administrative privilege prompts the issuer for a password. The
+resulting ticket is valid for six hours unless the maximum ticket lifetime for
+the issuer or the Authentication Server's Ticket Granting Service is
+shorter.
+<A NAME="IDX5062"></A>
+<A NAME="IDX5063"></A>
+<P>To avoid having to provide a password repeatedly when issuing a sequence of
+<B>kas</B> commands, enter <I>interactive mode</I> by issuing the
+<B>kas interactive</B> command, typing <B>kas</B> without any
+operation code, or typing <B>kas</B> followed by a user and cell name,
+separated by an at-sign (<B>@</B>; an example is <B>kas
+smith.admin@abc.com</B>). After prompting once for a
+password, the Authentication Server accepts the resulting token for every
+command issued during the interactive session. See the reference page
+for the <B>kas interactive</B> command for a discussion of when to use
+each method for entering interactive mode and of the effects of entering a
+session.
+<P>The Authentication Server maintains two databases on the local disk of the
+machine where it runs:
+<UL>
+<P><LI>The Authentication Database (<B>/usr/afs/db/kaserver.DB0</B>)
+stores the information used to provide AFS authentication services to users
+and servers, including the password scrambled as an encryption key. The
+reference page for the <B>kas examine</B> command describes the
+information in a database entry.
+<P><LI>An auxiliary file (<B>/usr/afs/local/kaauxdb</B> by default) that
+tracks how often the user has provided an incorrect password to the local
+Authentication Server. The reference page for the <B>kas
+setfields</B> command describes how the Authentication Server uses this file
+to enforce the limit on consecutive authentication failures. To
+designate an alternate directory for the file, use the <B>kaserver</B>
+command's <B>-localfiles</B> argument.
+</UL>
+<P><STRONG>Options</STRONG>
+<P>The following arguments and flags are available on many commands in the
+<B>kas</B> suite. (Some of them are unavailable on commands entered
+in interactive mode, because the information they specify is established when
+entering interactive mode and cannot be changed except by leaving interactive
+mode.) The reference page for each command also lists them, but they
+are described here in greater detail.
+<DL>
+<P><DT><B>
+<A NAME="IDX5064"></A>
+<B>-admin_username</B>
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. If this argument is
+omitted, the <B>kas</B> command interpreter requests authentication for
+the identity under which the issuer is logged onto the local machine.
+Do not combine this argument with the <B>-noauth</B> flag.
+<A NAME="IDX5065"></A>
+<P><DT><B>-cell <<VAR>cell name</VAR>>
+</B><DD>Names the cell in which to run the command. It is acceptable to
+abbreviate the cell name to the shortest form that distinguishes it from the
+other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
+machine. If the <B>-cell</B> argument is omitted, the command
+interpreter determines the name of the local cell by reading the following in
+order:
+<OL TYPE=1>
+<P><LI>The value of the AFSCELL environment variable
+<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
+</OL>
+<P>
+<P>The <B>-cell</B> argument is not available on commands issued in
+interactive mode. The cell defined when the <B>kas</B> command
+interpreter enters interactive mode applies to all commands issued during the
+interactive session.
+<A NAME="IDX5066"></A>
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+<P><DT><B>
+<A NAME="IDX5067"></A>
+<B>-noauth</B>
+</B><DD>Establishes an unauthenticated connection to the Authentication Server, in
+which the Authentication Server treats the issuer as the unprivileged user
+<B>anonymous</B>. It is useful only when authorization checking is
+disabled on the server machine (during the installation of a server machine or
+when the <B>bos setauth</B> command has been used during other unusual
+circumstances). In normal circumstances, the Authentication Server
+allows only privileged users to issue most <B>kas</B> commands, and
+refuses to perform such an action even if the <B>-noauth</B> flag is
+provided. Do not combine this flag with the <B>-admin_username</B>
+and <B>-password_for_admin</B> arguments.
+<P><DT><B>
+<A NAME="IDX5068"></A>
+<B>-password_for_admin</B>
+</B><DD>Specifies the password of the command's issuer. It is best to
+omit this argument, which echoes the password visibly in the command shell,
+instead enter the password at the prompt. Do not combine this argument
+with the <B>-noauth</B> flag.
+<P><DT><B>
+<A NAME="IDX5069"></A>
+<B>-servers</B>
+</B><DD>Establishes a connection with the Authentication Server running on each
+specified database server machine, instead of on each machine listed in the
+local <B>/usr/vice/etc/CellServDB</B> file. In either case, the
+<B>kas</B> command interpreter then chooses one of the machines at random
+to contact for execution of each subsequent command. The issuer can
+abbreviate the machine name to the shortest form that allows the local name
+service to identify it uniquely.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>To issue most <B>kas</B> commands, the issuer must have the
+<TT>ADMIN</TT> flag set in his or her Authentication Database entry (use the
+<B>kas setfields</B> command to turn the flag on).
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
+<P><A HREF="auarf046.htm#HDRKASERVERAUXDB">kaserverauxdb</A>
+<P><A HREF="auarf182.htm#HDRKAS_APROPOS">kas apropos</A>
+<P><A HREF="auarf183.htm#HDRKAS_CREATE">kas create</A>
+<P><A HREF="auarf184.htm#HDRKAS_DELETE">kas delete</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf186.htm#HDRKAS_FORGETTICKET">kas forgetticket</A>
+<P><A HREF="auarf187.htm#HDRKAS_HELP">kas help</A>
+<P><A HREF="auarf188.htm#HDRKAS_INTERACTIVE">kas interactive</A>
+<P><A HREF="auarf189.htm#HDRKAS_LIST">kas list</A>
+<P><A HREF="auarf190.htm#HDRKAS_LISTTICKETS">kas listtickets</A>
+<P><A HREF="auarf191.htm#HDRKAS_NOAUTH">kas noauthentication</A>
+<P><A HREF="auarf192.htm#HDRKAS_QUIT">kas quit</A>
+<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<P><A HREF="auarf195.htm#HDRKAS_STATISTICS">kas statistics</A>
+<P><A HREF="auarf196.htm#HDRKAS_STRINGTOKEY">kas stringtokey</A>
+<P><A HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf180.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf182.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf181.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf183.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_APROPOS" HREF="auarf002.htm#ToC_196">kas apropos</A></H2>
+<A NAME="IDX5070"></A>
+<A NAME="IDX5071"></A>
+<A NAME="IDX5072"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>kas a -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas apropos</B> command displays the first line of the online
+help entry for any <B>kas</B> command that has the string specified by the
+<B>-topic</B> argument in its name or short description.
+<P>To display the syntax for a command, use the <B>kas help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>kas</B> command where the string specified with the <B>-topic</B>
+argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>kas</B> commands that include the
+word <B>key</B> in their names or short descriptions:
+<PRE> %<B> kas apropos key</B>
+ setkey: set a user's key
+ stringtokey: convert a string to a key
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf187.htm#HDRKAS_HELP">kas help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf181.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf183.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf182.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf184.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_CREATE" HREF="auarf002.htm#ToC_197">kas create</A></H2>
+<A NAME="IDX5073"></A>
+<A NAME="IDX5074"></A>
+<A NAME="IDX5075"></A>
+<A NAME="IDX5076"></A>
+<A NAME="IDX5077"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates an entry in the Authentication Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas create -name</B> <<VAR>name of user</VAR>> [<B>-initial_password</B> <<VAR>initial password</VAR>>]
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas c -na</B> <<VAR>name of user</VAR>> [<B>-i</B> <<VAR>initial password</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas create</B> command creates an entry in the Authentication
+Database for the user named by the <B>-name</B> argument.
+<P>To avoid having the account's initial password echo visibly at the
+shell prompt, omit the <B>-initial_password</B> argument; the command
+interpreter prompts for the password and does not echo it visibly.
+Whether or not <B>-initial_password</B> is omitted, the Authentication
+Server converts the password into a form suitable for use as an encryption
+key, and records it in the entry's key field.
+<P>To alter settings in an Authentication Database entry, use the <B>kas
+setfields</B> command. To examine an entry, use the <B>kas
+examine</B> command. To list every entry in the database, use the
+<B>kas list</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the new Authentication Database entry. Because it is the name
+under which the user logs in, it must obey the restrictions that many
+operating systems impose on user names (usually, to contain no more than eight
+lowercase letters).
+<P><DT><B>-initial_password
+</B><DD>Sets the user's password; provide a character string that can
+include uppercase and lowercase letters, numerals and punctuation. The
+Authentication Server scrambles the string into an octal string suitable for
+use as an encryption key before placing it in the entry's key
+field. If this argument is omitted, the command interpreter prompts for
+the string and does not echo it visibly.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the prompts that appear when an administrator
+logged in as <B>admin</B> creates an Authentication Database entry for the
+user <B>smith</B>, and does not include either the
+<B>-initial_password</B> or <B>-password_for_admin</B>
+arguments.
+<PRE> % <B>kas create smith</B>
+ Password for admin:
+ initial_password:
+ Verifying, please re-enter initial_password:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <TT>ADMIN</TT> flag set on his or her
+Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf189.htm#HDRKAS_LIST">kas list</A>
+<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf182.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf184.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf183.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf185.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_DELETE" HREF="auarf002.htm#ToC_198">kas delete</A></H2>
+<A NAME="IDX5078"></A>
+<A NAME="IDX5079"></A>
+<A NAME="IDX5080"></A>
+<A NAME="IDX5081"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes an entry from the Authentication Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas delete -name</B> <<VAR>name of user</VAR>>
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas d -na</B> <<VAR>name of user</VAR>> [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+
+<B>kas rm -na</B> <<VAR>name of user</VAR>> [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas delete</B> command removes from the Authentication Database
+the user entry named by the <B>-name</B> argument. The indicated
+user becomes unable to log in, or the indicated server becomes unreachable
+(because the Authentication Server's Ticket Granting Service module no
+longer has a key with which to seal tickets for the server).
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the Authentication Database entry to delete.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the administrative user <B>admin</B>
+entering interactive mode to delete three accounts.
+<PRE> % <B>kas</B>
+ Password for admin:
+ ka> <B>delete smith</B>
+ ka><B> delete pat</B>
+ ka> <B>delete terry</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <TT>ADMIN</TT> flag set on his or her
+Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf183.htm#HDRKAS_CREATE">kas create</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf183.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf185.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf184.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf186.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_EXAMINE" HREF="auarf002.htm#ToC_199">kas examine</A></H2>
+<A NAME="IDX5082"></A>
+<A NAME="IDX5083"></A>
+<A NAME="IDX5084"></A>
+<A NAME="IDX5085"></A>
+<A NAME="IDX5086"></A>
+<A NAME="IDX5087"></A>
+<A NAME="IDX5088"></A>
+<A NAME="IDX5089"></A>
+<A NAME="IDX5090"></A>
+<A NAME="IDX5091"></A>
+<A NAME="IDX5092"></A>
+<A NAME="IDX5093"></A>
+<A NAME="IDX5094"></A>
+<A NAME="IDX5095"></A>
+<A NAME="IDX5096"></A>
+<A NAME="IDX5097"></A>
+<A NAME="IDX5098"></A>
+<A NAME="IDX5099"></A>
+<A NAME="IDX5100"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays information from an Authentication Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas examine -name</B> <<VAR>name of user</VAR>> [<B>-showkey</B>]
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas e -na</B> <<VAR>name of user</VAR>> [<B>-sh</B>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-se</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas examine</B> command formats and displays information from
+the Authentication Database entry of the user named by the <B>-name</B>
+argument.
+<P>To alter the settings displayed with this command, issue the <B>kas
+setfields</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>Displaying actual keys on the standard output stream by including the
+<B>-showkey</B> flag constitutes a security exposure. For most
+purposes, it is sufficient to display a checksum.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the Authentication Database entry from which to display
+information.
+<P><DT><B><B>-showkey</B>
+</B><DD>Displays the octal digits that constitute the key. The issuer must
+have the <TT>ADMIN</TT> flag on his or her Authentication Database
+entry.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes:
+<UL>
+<P><LI>The entry name, following the string <TT>User data for</TT>.
+<P><LI>One or more status flags in parentheses; they appear only if an
+administrator has used the <B>kas setfields</B> command to change them
+from their default values. A plus sign (<TT>+</TT>) separates the
+flags if there is more than one. The nondefault values that can appear,
+and their meanings, are as follows:
+<DL>
+<P><DT><B><TT>ADMIN</TT>
+</B><DD>Enables the user to issue privileged <B>kas</B> commands (default is
+<TT>NOADMIN</TT>)
+<P><DT><B><TT>NOTGS</TT>
+</B><DD>Prevents the user from obtaining tickets from the Authentication
+Server's Ticket Granting Service (default is <TT>TGS</TT>)
+<P><DT><B><TT>NOSEAL</TT>
+</B><DD>Prevents the Ticket Granting Service from using the entry's key field
+as an encryption key (default is <TT>SEAL</TT>)
+<P><DT><B><TT>NOCPW</TT>
+</B><DD>Prevents the user from changing his or her password (default is
+<TT>CPW</TT>)
+</DL>
+<A NAME="IDX5101"></A>
+<A NAME="IDX5102"></A>
+<A NAME="IDX5103"></A>
+<P><LI>The key version number, in parentheses, following the word <TT>key</TT>,
+then one of the following.
+<UL>
+<P><LI>A checksum equivalent of the key, following the string <TT>cksum
+is</TT>, if the <B>-showkey</B> flag is not included. The checksum
+is a decimal number derived by encrypting a constant with the key. In
+the case of the <B><B>afs</B></B> entry, this number must match the
+checksum with the corresponding key version number in the output of the
+<B>bos listkeys</B> command; if not, follow the instructions in the
+<I>IBM AFS Administration Guide</I> for creating a new server encryption
+key.
+<P><LI>The actual key, following a colon, if the <B>-showkey</B> flag is
+included. The key consists of eight octal numbers, each represented as
+a backslash followed by three decimal digits.
+</UL>
+<P><LI>The date the user last changed his or her own password, following the
+string <TT>last cpw</TT> (which stands for "last change of
+password").
+<P><LI>The string <TT>password will never expire</TT> indicates that the
+associated password never expires; the string <TT>password will
+expire</TT> is followed by the password's expiration date. After
+the indicated date, the user cannot authenticate, but has 30 days after it in
+which to use the <B>kpasswd</B> or <B>kas setpassword</B> command to
+set a new password. After 30 days, only an administrator (one whose
+account is marked with the <TT>ADMIN</TT> flag) can change the password by
+using the <B>kas setpassword</B> command. To set the password
+expiration date, use the <B>kas setfields</B> command's
+<B>-pwexpires</B> argument.
+<P><LI>The number of times the user can fail to provide the correct password
+before the account locks, followed by the string <TT>consecutive unsuccessful
+authentications are permitted</TT>, or the string <TT>An unlimited number of
+unsuccessful authentications is permitted</TT> to indicate that there is no
+limit. To set the limit, use the <B>kas setfields</B>
+command's <B>-attempts</B> argument. To unlock a locked
+account, use the <B>kas unlock</B> command. The <B>kas
+setfields</B> reference page discusses how the implementation of the lockout
+feature interacts with this setting.
+<P><LI>The number of minutes for which the Authentication Server refuses the
+user's login attempts after the limit on consecutive unsuccessful
+authentication attempts is exceeded, following the string <TT>The lock time
+for this user is</TT>. Use the <B>kas</B> command's
+<B>-locktime</B> argument to set the lockout time. This line
+appears only if a limit on the number of unsuccessful authentication attempts
+has been set with the the <B>kas setfields</B> command's
+<B>-attempts</B> argument.
+<P><LI>An indication of whether the Authentication Server is currently refusing
+the user's login attempts. The string <TT>User is not
+locked</TT> indicates that authentication can succeed, whereas the string
+<TT>User is locked until</TT> <VAR>time</VAR> indicates that the user cannot
+authenticate until the indicated time. Use the <B>kas unlock</B>
+command to enable a user to attempt authentication. This line appears
+only if a limit on the number of unsuccessful authentication attempts has been
+set with the <B>kas setfields</B> command's <B>-attempts</B>
+argument.
+<P><LI>The date on which the Authentication Server entry expires, or the string
+<TT>entry never expires</TT> to indicate that the entry does not
+expire. A user becomes unable to authenticate when his or her entry
+expires. Use the <B>kas setfields</B> command's
+<B>-expiration</B> argument to set the expiration date.
+<P><LI>The maximum possible lifetime of the tokens that the Authentication Server
+grants the user. This value interacts with several others to determine
+the actual lifetime of the token, as described on the <B>klog</B>
+reference page. Use the <B>kas setfields</B> command's
+<B>-lifetime</B> argument to set this value.
+<P><LI>The date on which the entry was last modified, following the string
+<TT>last mod on</TT> and the user name of the administrator who modified
+it. The date on which a user changed his or her own password is
+recorded on the second line of output as <TT>last cpw</TT> instead.
+<P><LI>An indication of whether the user can reuse one of his or her last twenty
+passwords when issuing the <B>kpasswd</B>, <B>kas setpassword</B>, or
+<B>kas setkey</B> commands. Use the <B>kas setfields</B>
+command's <B>-reuse</B> argument to set this restriction.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command shows the user <B>smith</B> displaying
+her own Authentication Database entry. Note the <TT>ADMIN</TT> flag,
+which shows that <B>smith</B> is privileged.
+<PRE> % <B>kas examine smith</B>
+ Password for smith:
+ User data for smith (ADMIN)
+ key (0) cksum is 3414844392, last cpw: Thu Mar 25 16:05:44 1999
+ password will expire: Fri Apr 30 20:44:36 1999
+ 5 consecutive unsuccessful authentications are permitted.
+ The lock time for this user is 25.5 minutes.
+ User is not locked.
+ entry never expires. Max ticket lifetime 100.00 hours.
+ last mod on Tue Jan 5 08:22:29 1999 by admin
+ permit password reuse
+
+</PRE>
+<P>In the following example, the user <B>pat</B> examines his
+Authentication Database entry to determine when the account lockout currently
+in effect will end.
+<PRE> % <B>kas examine pat</B>
+ Password for pat:
+ User data for pat
+ key (0) cksum is 73829292912, last cpw: Wed Apr 7 11:23:01 1999
+ password will expire: Fri Jun 11 11:23:01 1999
+ 5 consecutive unsuccessful authentications are permitted.
+ The lock time for this user is 25.5 minutes.
+ User is locked until Tue Sep 21 12:25:07 1999
+ entry expires on never. Max ticket lifetime 100.00 hours.
+ last mod on Thu Feb 4 08:22:29 1999 by admin
+ permit password reuse
+
+</PRE>
+<P>In the following example, an administrator logged in as <B>admin</B>
+uses the <B>-showkey</B> flag to display the octal digits that constitute
+the key in the <B>afs</B> entry.
+<PRE> % <B>kas examine -name afs -showkey</B>
+ Password for admin: <VAR>admin_password</VAR>
+ User data for afs
+ key (12): \357\253\304\352\234\236\253\352, last cpw: no date
+ entry never expires. Max ticket lifetime 100.00 hours.
+ last mod on Thu Mar 25 14:53:29 1999 by admin
+ permit password reuse
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>A user can examine his or her own entry. To examine others'
+entries or to include the <B>-showkey</B> flag, the issuer must have the
+<TT>ADMIN</TT> flag set in his or her Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf107.htm#HDRBOS_LISTKEYS">bos listkeys</A>
+<P><A HREF="auarf115.htm#HDRBOS_SETAUTH">bos setauth</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<P><A HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf202.htm#HDRKPASSWD">kpasswd</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf184.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf186.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf185.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf187.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_FORGETTICKET" HREF="auarf002.htm#ToC_200">kas forgetticket</A></H2>
+<A NAME="IDX5104"></A>
+<A NAME="IDX5105"></A>
+<A NAME="IDX5106"></A>
+<A NAME="IDX5107"></A>
+<A NAME="IDX5108"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Discards all tickets for the issuer
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas forgetticket</B> [<B>-all</B>] [<B>-help</B>]
+
+<B>kas f</B> [<B>-a</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas forgetticket</B> command discards all of the issuer's
+tickets stored in the local machine's kernel memory. This includes
+the AFS server ticket from each cell in which the user has authenticated, and
+any tickets that the user have acquired during the current <B>kas</B>
+session (either when entering the session or by using the <B>kas
+getticket</B> command).
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-all
+</B><DD>Discards all tickets. This argument explicitly invokes the
+command's default behavior.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command discards all of the issuer's tickets.
+<PRE> % <B>kas forgetticket</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf185.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf187.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf186.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf188.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_HELP" HREF="auarf002.htm#ToC_201">kas help</A></H2>
+<A NAME="IDX5109"></A>
+<A NAME="IDX5110"></A>
+<A NAME="IDX5111"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of each specified <B>kas</B> command or lists
+functional descriptions of all <B>kas</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas help </B>[<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>kas h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>kas</B> command.
+<P>To list every <B>kas</B> command whose name or short description
+includes a specified keyword, use the <B>kas apropos</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>kas</B> part of the command name, providing only
+the operation code (for example, specify <B>setpassword</B>, not <B>kas
+setpassword</B>). If this argument is omitted, the output briefly
+describes every <B>kas</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>kas</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>kas
+setpassword</B> command:
+<PRE> % <B>kas help setpassword</B>
+ kas setpassword: set a user's password
+ aliases: sp
+ Usage: kas setpassword -name <name of user>
+ [-new_password <new password>] [-kvno <key version number>]
+ [-admin_username <admin principal to use for authentication>]
+ [-password_for_admin <password>] [-cell <cell name>]
+ [-servers <explicit list of authentication servers>+] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf182.htm#HDRKAS_APROPOS">kas apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf186.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf188.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf187.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf189.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_INTERACTIVE" HREF="auarf002.htm#ToC_202">kas interactive</A></H2>
+<P><STRONG>Purpose</STRONG>
+<P>Enters interactive mode
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas interactive</B> [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas i</B> [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-n</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas interactive</B> command establishes an interactive session
+for the issuer of the command. By default, the command interpreter
+establishes an authenticated connection for the user logged into the local
+file system with all of the Authentication Servers listed in the local
+<B>/usr/vice/etc/CellServDB</B> file for the cell named in the local
+<B>/usr/vice/etc/ThisCell</B> file. To specify an alternate
+identity, cell name, or list of Authentication Servers, include the
+<B>-admin_username</B>, <B>-cell</B>, or <B>-servers</B> arguments
+respectively. Interactive mode lasts for six hours unless the maximum
+ticket lifetime for the issuer or the Authentication Server's Ticket
+Granting Service is shorter.
+<P>There are two other ways to enter interactive mode, in addition to the
+<B>kas interactive</B> command:
+<OL TYPE=1>
+<P><LI>Type the <B>kas</B> command at the shell prompt without any operation
+code. If appropriate, include one or more of the
+<B>-admin_username</B>, <B>-password_for_admin</B>, <B>-cell</B>,
+and <B>-servers</B> arguments.
+<P><LI>Type the <B>kas</B> command followed by a user name and cell name,
+separated by an <B>@</B> sign (for example: <B>kas
+admin@abc.com</B>), to establish a connection under the specified
+identity with the Authentication Servers listed in the local
+<B>/usr/vice/etc/CellServDB</B> file for the indicated cell. If
+appropriate, provide the <B>-servers</B> argument to specify an alternate
+list of Authentication Server machines that belong to the indicated
+cell.
+</OL>
+<P>There are several consequences of entering interactive mode:
+<UL>
+<P><LI>The <TT>ka></TT> prompt replaces the system (shell) prompt. When
+typing commands at this prompt, provide only the operation code (omit the
+command suite name, <B>kas</B>).
+<P><LI>The command interpreter does not prompt for the issuer's
+password.
+<P>The issuer's identity and password, the relevant cell, and the set of
+Authentication Server machines specified when entering interactive mode apply
+to all commands issued during the session. They cannot be changed
+without leaving the session, except by using the <B>(kas)
+noauthentication</B> command to replace the current authenticated
+connections with unauthenticated ones. The <B>-admin_username</B>,
+<B>-password_for_admin</B>, <B>-cell</B>, and <B>-servers</B>
+arguments are ignored if provided on a command issued during interactive
+mode.
+</UL>
+<P>To establish an unauthenticated connection to the Authentication Server,
+include the <B>-noauth</B> flag or provide an incorrect password.
+Unless authorization checking is disabled on each Authentication Server
+machine involved, however, it is not possible to perform any privileged
+operations within such a session.
+<P>To end the current authenticated connection and establish an
+unauthenticated one, issue the <B>(kas) noauthentication</B>
+command. To leave interactive mode and return to the regular shell
+prompt, issue the <B>(kas) quit</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows a user entering interactive mode as the
+privileged user <B>admin</B>.
+<PRE> % <B>kas interactive admin</B>
+ Password for admin: <VAR>admin_password</VAR>
+ ka>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf191.htm#HDRKAS_NOAUTH">kas noauthentication</A>
+<P><A HREF="auarf192.htm#HDRKAS_QUIT">kas quit</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf187.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf189.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf188.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf190.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_LIST" HREF="auarf002.htm#ToC_203">kas list</A></H2>
+<A NAME="IDX5112"></A>
+<A NAME="IDX5113"></A>
+<A NAME="IDX5114"></A>
+<A NAME="IDX5115"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays all entries in the Authentication Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas list</B> [<B>-long</B>] [<B>-showadmin</B>] [<B>-showkey</B>]
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas ls</B> [<B>-l</B>] [<B>-showa</B>] [<B>-showk</B>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-se</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-n</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas list</B> command either displays all entries from the
+Authentication Database by name, or displays the full database entry for a
+defined set of entries, as determined by the flag provided:
+<UL>
+<P><LI>To display every entry in the Authentication Database in full, include the
+<B>-long</B> flag.
+<P><LI>To display only those entries in full that have the <TT>ADMIN</TT> flag
+set, include the <B>-showadmin</B> flag.
+<P><LI>To list only the name of each Authentication Database entry, omit both the
+<B>-long</B> and <B>-showadmin</B> flags.
+</UL>
+<P>By default, full entries include a checksum for the encryption key, rather
+than the actual octal digits that constitute the key. To display the
+octal digits, include the <B>-showkey</B> flag with the <B>-long</B>
+or <B>-showadmin</B> flag.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-long
+</B><DD>Displays every Authentication Database entry in full. Provide this
+flag or the <B>-showadmin</B> flag, or omit both to display just the name
+of every database entry.
+<P><DT><B>-showadmin
+</B><DD>Displays in full only the Authentication Database entries that have the
+<TT>ADMIN</TT> flag set. Provide this flag or the <B>-long</B>
+flag, or omit both to display just the name of every database entry.
+<P><DT><B>-showkey
+</B><DD>Displays the octal digits that constitute the key in each full
+entry. Provide either the <B>-long</B> or <B>-showadmin</B>
+flag along with this one.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If neither the <B>-long</B> or <B>-showadmin</B> flag is provided,
+the output lists the name of each entry in the Authentication Database on its
+own line.
+<P>If the <B>-long</B> flag is included, the output includes every
+Authentication Database entry in full. If the <B>-showadmin</B>
+flag is included, the output includes in full only the Authentication Database
+entries that have the <TT>ADMIN</TT> flag set. If the
+<B>-showkey</B> is provided along with either one, the output includes the
+octal digits that constitute the encryption key in each entry.
+<P>A full Authentication Database entry includes the same information
+displayed by the <B>kas examine</B> command; for details, see that
+command's reference page.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <TT>ADMIN</TT> flag set on his or her
+Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf188.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf190.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf189.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf191.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_LISTTICKETS" HREF="auarf002.htm#ToC_204">kas listtickets</A></H2>
+<A NAME="IDX5116"></A>
+<A NAME="IDX5117"></A>
+<A NAME="IDX5118"></A>
+<A NAME="IDX5119"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays all of the issuer's tickets (tokens)
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas listtickets</B> [<B>-name</B> <<VAR>name of server</VAR>>] [<B>-long</B>] [<B>-help</B>]
+
+<B>kas listt</B> [<B>-n</B> <<VAR>name of server</VAR>>] [<B>-l</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas listtickets</B> command displays the associated user ID (AFS
+UID), cell name, and expiration date of some or all of the issuer's
+tickets (tokens), depending on which options are provided:
+<UL>
+<P><LI>To display all tokens, provide neither the <B>-name</B> argument nor
+<B>-long</B> flag. The output is similar to that of the
+<B>tokens</B> command.
+<P><LI>To display a single token, provide the <B>-name</B> argument to
+specify name of the Authentication Database entry for the entity that accepts
+the token. All AFS server processes accept tokens sealed with the key
+from the <B>afs</B> entry.
+<P><LI>To display in addition the octal numbers that constitute the token and
+session key, provide the <B>-long</B> flag.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the Authentication Database entry of the entity (usually a server
+process) that accepts the token to display.
+<P><DT><B>-long
+</B><DD>Displays the octal numbers that constitute the session key and
+ticket.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output reports the AFS UID of the user who owns the token, the service
+(usually, <TT>afs</TT>) and cell for which it is valid, and its expiration
+date, using the following format. If the message does not specify a
+cell, the ticket is for the local cell.
+<PRE> User's (AFS ID <VAR>AFS UID</VAR>) tokens for <VAR>service</VAR>[@<VAR>cellname</VAR>] [Expires <VAR>date</VAR>]
+
+</PRE>
+<P>If the <B>-long</B> flag is provided, the output also includes the
+octal numbers making up the session key and token, along with the key version
+number and the number of bytes in the token (if the number of bytes is not 56,
+there is an error).
+<P>If the marker <TT>[>> POSTDATED <]</TT> appears instead of an
+expiration date, the ticket does not become valid until the indicated
+time. (Only internal calls can create a postdated ticket; there is
+no standard interface that allows users to do this.)
+<P><STRONG>Examples</STRONG>
+<P>The following two examples are for a user with AFS UID 1020 in the
+<B>abc.com</B> cell and AFS UID 35 in the
+<B>test.abc.com</B> cell. He is working on a machine
+in the first cell and is authenticated in both cells.
+<PRE> % <B>kas listtickets</B>
+ User's (AFS ID 1020) tokens for afs [Expires Wed Mar 31 9:30:54 1999]
+ User's (AFS ID 35@test.abc.com) tokens for afs@test.abc.com \
+ [Expires Wed Mar 31 13:54:26 1999]
+
+ % <B>kas listtickets -name afs -long</B>
+ User's (AFS ID 1020) tokens for afs [Expires Wed Mar 31 9:30:54 1999]
+ SessionKey: \375\205\351\227\032\310\263\013
+ Ticket: (kvno = 0, len = 56): \033\005\221\156\203\278\312\058\016\133 <VAR>(etc.)</VAR>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf189.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf191.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf190.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf192.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_NOAUTH" HREF="auarf002.htm#ToC_205">kas noauthentication</A></H2>
+<A NAME="IDX5120"></A>
+<A NAME="IDX5121"></A>
+<A NAME="IDX5122"></A>
+<A NAME="IDX5123"></A>
+<A NAME="IDX5124"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Discards an authenticated identity in interactive mode
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>noauthentication</B> [<B>-help</B>]
+
+<B>n</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas noauthentication</B> command closes the (presumably
+authenticated) connection that the issuer established with one or more
+Authentication Server processes when entering interactive mode. It
+opens a new unauthenticated connection to each server, assigning the issuer
+the unprivileged identity <B>anonymous</B>. It does not actually
+discard the user's tokens from the Cache Manager's memory (as the
+<B>unlog</B> or <B>kas forgetticket</B> command does). Unless
+authorization checking is disabled on each Authentication Server machine, it
+becomes impossible to perform any privileged operations within the session
+established by this command.
+<P>This command is operative only during interactive mode, so omit the
+<B>kas</B> command suite name from the command line.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command discards the authentication information with
+which the user entered interactive mode.
+<PRE> ka><B> noauthentication</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf186.htm#HDRKAS_FORGETTICKET">kas forgetticket</A>
+<P><A HREF="auarf188.htm#HDRKAS_INTERACTIVE">kas interactive</A>
+<P><A HREF="auarf238.htm#HDRUNLOG">unlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf190.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf192.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf191.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf193.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_QUIT" HREF="auarf002.htm#ToC_206">kas quit</A></H2>
+<A NAME="IDX5125"></A>
+<A NAME="IDX5126"></A>
+<A NAME="IDX5127"></A>
+<A NAME="IDX5128"></A>
+<A NAME="IDX5129"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Leaves interactive mode
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>quit</B> [<B>-help</B>]
+
+<B>q</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas quit</B> command ends interactive mode, severing the
+authenticated connection to one or more Authentication Server processes and
+returning the issuer to the normal shell prompt.
+<P>This command is operative only during interactive mode, so omit the
+<B>kas</B> command suite name from the command line.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example demonstrates how the normal command shell prompt
+returns when the issuer leaves interactive mode.
+<PRE> ka> <B>quit</B>
+ %
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf188.htm#HDRKAS_INTERACTIVE">kas interactive</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf191.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf193.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf192.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf194.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_SETFIELDS" HREF="auarf002.htm#ToC_207">kas setfields</A></H2>
+<A NAME="IDX5130"></A>
+<A NAME="IDX5131"></A>
+<A NAME="IDX5132"></A>
+<A NAME="IDX5133"></A>
+<A NAME="IDX5134"></A>
+<A NAME="IDX5135"></A>
+<A NAME="IDX5136"></A>
+<A NAME="IDX5137"></A>
+<A NAME="IDX5138"></A>
+<A NAME="IDX5139"></A>
+<A NAME="IDX5140"></A>
+<A NAME="IDX5141"></A>
+<A NAME="IDX5142"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets optional characteristics in an Authentication Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas setfields -name</B> <<VAR>name of user</VAR>>
+ [<B>-flags</B> <<VAR>hex flag value or flag name expression</VAR>>]
+ [<B>-expiration</B> <<VAR>date of account expiration</VAR>>]
+ [<B>-lifetime</B> <<VAR>maximum ticket lifetime</VAR>>]
+ [<B>-pwexpires</B> <<VAR>number days password is valid ([0..254])</VAR>>]
+ [<B>-reuse</B> <<VAR>permit password reuse (yes/no)</VAR>>]
+ [<B>-attempts</B> <<VAR>maximum successive failed login tries ([0..254])</VAR>>]
+ [<B>-locktime</B> <<VAR>failure penalty [hh:mm or minutes]</VAR>>]
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas setf -na</B> <<VAR>name of user</VAR>> [<B>-f</B> <<VAR>hex flag value or flag name expression</VAR>>]
+ [<B>-e</B> <<VAR>date of account expiration</VAR>>] [<B>-li</B> <<VAR>maximum ticket lifetime</VAR>>]
+ [<B>-pw</B> <<VAR>number days password is valid ([0..254])</VAR>>]
+ [<B>-r</B> <<VAR>permit password reuse (yes/no)</VAR>>]
+ [<B>-at</B> <<VAR>maximum successive failed login tries ([0..254])</VAR>>]
+ [<B>-lo</B> <<VAR>failure penalty [hh:mm or minutes]</VAR>>]
+ [<B>-ad</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-pa</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+
+<B>kas sf -na</B> <<VAR>name of user</VAR>> [<B>-f</B> <<VAR>hex flag value or flag name expression</VAR>>]
+ [<B>-e</B> <<VAR>date of account expiration</VAR>>] [<B>-li</B> <<VAR>maximum ticket lifetime</VAR>>]
+ [<B>-pw</B> <<VAR>number days password is valid ([0..254])</VAR>>]
+ [<B>-r</B> <<VAR>permit password reuse (yes/no)</VAR>>]
+ [<B>-at</B> <<VAR>maximum successive failed login tries ([0..254])</VAR>>]
+ [<B>-lo</B> <<VAR>failure penalty [hh:mm or minutes]</VAR>>]
+ [<B>-ad</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-pa</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas setfields</B> command changes the Authentication Database
+entry for the user named by the <B>-name</B> argument in the manner
+specified by the various optional arguments, which can occur singly or in
+combination:
+<UL>
+<P><LI>To set the flags that determine whether the user has administrative
+privileges to the Authentication Server, can obtain a ticket, can change his
+or her password, and so on, include the <B>-flags</B> argument.
+<P><LI>To set when the Authentication Database entry expires, include the
+<B>-expiration</B> argument.
+<P><LI>To set the maximum ticket lifetime associated with the entry, include the
+<B>-lifetime</B> argument. The reference page for the
+<B>klog</B> command explains how this value interacts with others to
+determine the actual lifetime of a token.
+<P><LI>To set when the user's password expires, include the
+<B>-pwexpires</B> argument.
+<P><LI>To set whether the user can reuse any of the previous twenty passwords
+when creating a new one, include the <B>-reuse</B> argument.
+<P><LI>To set the maximum number of times the user can provide an incorrect
+password before the Authentication Server refuses to accept any more attempts
+(locks the issuer out), include the <B>-attempts</B> argument.
+After the sixth failed authentication attempt, the Authentication Server logs
+a message in the UNIX system log file (the <B>syslog</B> file or
+equivalent, for which the standard location varies depending on the operating
+system).
+<P><LI>To set how long the Authentication Server refuses to process
+authentication attempts for a locked-out user, set the <B>-locktime</B>
+argument.
+</UL>
+<P>The <B>kas examine</B> command displays the settings made with this
+command.
+<P><STRONG>Cautions</STRONG>
+<P>The password lifetime set with the <B>-pwexpires</B> argument begins at
+the time the user's password was last changed, rather than when this
+command is issued. It can therefore be retroactive. If, for
+example, a user changed her password 100 days ago and the password lifetime is
+set to 100 days or less, the password effectively expires immediately.
+To avoid retroactive expiration, instruct the user to change the password just
+before setting a password lifetime.
+<P>Administrators whose authentication accounts have the <TT>ADMIN</TT> flag
+enjoy complete access to the sensitive information in the Authentication
+Database. To prevent access by unauthorized users, use the
+<B>-attempts</B> argument to impose a fairly strict limit on the number of
+times that a user obtaining administrative tokens can provide an incorrect
+password. Note, however, that there must be more than one account in
+the cell with the <TT>ADMIN</TT> flag. The <B>kas unlock</B>
+command requires the <TT>ADMIN</TT> privilege, so it is important that the
+locked-out administrator (or a colleague) can access another
+<TT>ADMIN</TT>-privileged account to unlock the current account.
+<P>In certain circumstances, the mechanism used to enforce the number of
+failed authentication attempts can cause a lockout even though the number of
+failed attempts is less than the limit set by the <B>-attempts</B>
+argument. Client-side authentication programs such as <B>klog</B>
+and an AFS-modified login utility normally choose an Authentication Server at
+random for each authentication attempt, and in case of a failure are likely to
+choose a different Authentication Server for the next attempt. The
+Authentication Servers running on the various database server machines do not
+communicate with each other about how many times a user has failed to provide
+the correct password to them. Instead, each Authentication Server
+maintains its own separate copy of the auxiliary database file
+<B>kaserverauxdb</B> (located in the <B>/usr/afs/local</B> directory
+by default), which records the number of consecutive authentication failures
+for each user account and the time of the most recent failure. This
+implementation means that on average each Authentication Server knows about
+only a fraction of the total number of failed attempts. The only way to
+avoid allowing more than the number of attempts set by the
+<B>-attempts</B> argument is to have each Authentication Server allow only
+some fraction of the total. More specifically, if the limit on failed
+attempts is <I>f</I>, and the number of Authentication Servers is
+<I>S</I>, then each Authentication Server can only permit a number of
+attempts equal to <I>f</I> divided by <I>S</I> (the Ubik
+synchronization site for the Authentication Server tracks any remainder,
+<I>fmodS</I>).
+<P>Normally, this implementation does not reduce the number of allowed
+attempts to less than the configured limit (<I>f</I>). If one
+Authentication Server refuses an attempt, the client contacts another instance
+of the server, continuing until either it successfully authenticates or has
+contacted all of the servers. However, if one or more of the
+Authentication Server processes is unavailable, the limit is effectively
+reduced by a percentage equal to the quantity <I>U</I> divided by
+<I>S</I>, where <I>U</I> is the number of unavailable servers and
+<I>S</I> is the number normally available.
+<P>To avoid the undesirable consequences of setting a limit on failed
+authentication attempts, note the following recommendations:
+<UL>
+<P><LI>Do not set the <B>-attempts</B> argument (the limit on failed
+authentication attempts) too low. A limit of nine failed attempts is
+recommended for regular user accounts, to allow three failed attempts per
+Authentication Server in a cell with three database server machines.
+<P><LI>Set fairly short lockout times when including the <B>-locktime</B>
+argument. Although guessing passwords is a common method of attack, it
+is not a very sophisticated one. Setting a lockout time can help
+discourage attackers, but excessively long times are likely to be more of a
+burden to authorized users than to potential attackers. A lockout time
+of 25 minutes is recommended for regular user accounts.
+<P><LI>Do not assign an infinite lockout time on an account (by setting the
+<B>-locktime</B> argument to <B>0</B> [zero]) unless there is a highly
+compelling reason. Such accounts almost inevitably become locked at
+some point, because each Authentication Server never resets the account's
+failure counter in its copy of the <B>kaauxdb</B> file (in contrast, when
+the lockout time is not infinite, the counter resets after the specified
+amount of time has passed since the last failed attempt to that Authentication
+Server). Furthermore, the only way to unlock an account with an
+infinite lockout time is for an administrator to issue the <B>kas
+unlock</B> command. It is especially dangerous to set an infinite
+lockout time on an administrative account; if all administrative accounts
+become locked, the only way to unlock them is to shut down all instances of
+the Authentication Server and remove the <B>kaauxdb</B> file on
+each.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the Authentication Database account for which to change
+settings.
+<P><DT><B>-flags
+</B><DD>Sets one or more of four toggling flags, adding them to any flags
+currently set. Either specify one or more of the following strings, or
+specify a hexidecimal number that combines the indicated values. To
+return all four flags to their defaults, provide a value of <B>0</B>
+(zero). To set more than one flag at once using the strings, connect
+them with plus signs (example: <B>NOTGS+ADMIN+CPW</B>). To
+remove all the current flag settings before setting new ones, precede the list
+with an equal sign (example: <B>=NOTGS+ADMIN+CPW</B>).
+<DL>
+<P><DT><B>ADMIN
+</B><DD>The user is allowed to issue privileged <B>kas</B> commands
+(hexadecimal equivalent is <B>0x004</B>, default is
+<B>NOADMIN</B>).
+<A NAME="IDX5143"></A>
+<P><DT><B>NOTGS
+</B><DD>The Authentication Server's Ticket Granting Service (TGS) refuses to
+issue tickets to the user (hexadecimal equivalent is <B>0x008</B>, default
+is <B>TGS</B>).
+<A NAME="IDX5144"></A>
+<P><DT><B>NOSEAL
+</B><DD>The Ticket Granting Service cannot use the contents of this entry's
+key field as an encryption key (hexadecimal equivalent is <B>0x020</B>,
+default is <B>SEAL</B>).
+<A NAME="IDX5145"></A>
+<P><DT><B>NOCPW
+</B><DD>The user cannot change his or her own password or key (hexadecimal
+equivalent is <B>0x040</B>, default is <B>CPW</B>).
+<A NAME="IDX5146"></A>
+</DL>
+<P><DT><B>-expiration
+</B><DD>Determines when the entry itself expires. When a user entry
+expires, the user becomes unable to log in; when a server entry such as
+<B>afs</B> expires, all server processes that use the associated key
+become inaccessible. Provide one of the three acceptable values:
+<DL>
+<P><DT><B>never
+</B><DD>The account never expires (the default).
+<P><DT><B><VAR>mm/dd/yyyy</VAR>
+</B><DD>Sets the expiration date to 12:00 a.m. on the
+indicated date (month/day/year). Examples: <B>01/23/1999</B>,
+<B>10/07/2000</B>.
+<P><DT><B>"<VAR>mm/dd/yyyy hh:MM</VAR>"
+</B><DD>Sets the expiration date to the indicated time (hours:minutes) on
+the indicated date (month/day/year). Specify the time in 24-hour format
+(for example, <B>20:30</B> is 8:30 p.m.) Date
+format is the same as for a date alone. Surround the entire instance
+with quotes because it contains a space. Examples:
+<B>"01/23/1999 22:30"</B>, <B>"10/07/2000
+3:45"</B>.
+</DL>
+<P>
+<P>Acceptable values for the year range from <B>1970</B> (1 January 1970
+is time 0 in the standard UNIX date representation) through <B>2037</B>
+(2037 is the maximum because the UNIX representation cannot accommodate dates
+later than a value in February 2038).
+<P><DT><B>-lifetime
+</B><DD>Specifies the maximum lifetime that the Authentication Server's
+Ticket Granting Service (TGS) can assign to a ticket. If the account
+belongs to a user, this value is the maximum lifetime of a token issued to the
+user. If the account corresponds to a server such as <B>afs</B>,
+this value is the maximum lifetime of a ticket that the TGS issues to clients
+for presentation to the server during mutual authentication.
+<P>Specify an integer that represents a number of seconds (<B>3600</B>
+equals one hour), or include a colon in the number to indicate a number of
+hours and minutes (<B>10:00</B> equals 10 hours). If this
+argument is omitted, the default setting is 100:00 hours (360000
+seconds).
+<P><DT><B>-pwexpires
+</B><DD>Sets the number of days after the user's password was last changed
+that it remains valid. Provide an integer from the range <B>1</B>
+through <B>254</B> to specify the number of days until expiration, or the
+value <B>0</B> to indicate that the password never expires (the
+default).
+<P>When the password expires, the user is unable to authenticate, but has 30
+days after the expiration date in which to use the <B>kpasswd</B> command
+to change the password (after that, only an administrator can change it by
+using the <B>kas setpassword</B> command). Note that the clock
+starts at the time the password was last changed, not when the <B>kas
+setfields</B> command is issued. To avoid retroactive expiration,
+have the user change the password just before issuing a command that includes
+this argument.
+<P><DT><B>-reuse
+</B><DD>Specifies whether or not the user can reuse any of his or her last 20
+passwords. The acceptable values are <B>yes</B> to allow reuse of
+old passwords (the default) and <B>no</B> to prohibit reuse of a password
+that is similar to one of the previous 20 passwords.
+<P><DT><B>-attempts
+</B><DD>Sets the number of consecutive times the user can provide an incorrect
+password during authentication (using the <B>klog</B> command or a login
+utility that grants AFS tokens). When the user exceeds the limit, the
+Authentication Server rejects further attempts (locks the user out) for the
+amount of time specified by the <B>-locktime</B> argument. Provide
+an integer from the range <B>1</B> through <B>254</B> to specify the
+number of failures allowed, or <B>0</B> to indicate that there is no limit
+on authentication attempts (the default value).
+<P><DT><B>-locktime
+</B><DD>Specifies how long the Authentication Server refuses authentication
+attempts from a user who has exceeded the failure limit set by the
+<B>-attempts</B> argument.
+<P>Specify a number of hours and minutes (<VAR>hh</VAR>:<VAR>mm</VAR>) or
+minutes only (<VAR>mm</VAR>), from the range <B>01</B> (one minute) through
+<B>36:00</B> (36 hours). The <B>kas</B> command
+interpreter automatically reduces any larger value to <B>36:00</B>
+and also rounds up any non-zero value to the next higher multiple of
+8.5 minutes. A value of <B>0</B> (zero) sets an infinite
+lockout time; an administrator must issue the <B>kas unlock</B>
+command to unlock the account.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, an administrator using the <B>admin</B>
+account grants administrative privilege to the user <B>smith</B>, and sets
+the Authentication Database entry to expire at midnight on 31 December
+2000.
+<PRE> %<B> kas setfields -name smith -flags ADMIN -expiration 12/31/2000</B>
+ Password for admin:
+
+</PRE>
+<P>In the following example, an administrator using the <B>admin</B>
+account sets the user <B>pat</B>'s password to expire in 60 days from
+when it last changed, and prohibits reuse of passwords.
+<PRE> %<B> kas setfields -name pat -pwexpires 60 -reuse no</B>
+ Password for admin:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <TT>ADMIN</TT> flag set on his or her
+Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf046.htm#HDRKASERVERAUXDB">kaserverauxdb</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<P><A HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf202.htm#HDRKPASSWD">kpasswd</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf192.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf194.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf193.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf195.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_SETPASSWORD" HREF="auarf002.htm#ToC_208">kas setpassword</A></H2>
+<A NAME="IDX5147"></A>
+<A NAME="IDX5148"></A>
+<A NAME="IDX5149"></A>
+<A NAME="IDX5150"></A>
+<A NAME="IDX5151"></A>
+<A NAME="IDX5152"></A>
+<A NAME="IDX5153"></A>
+<A NAME="IDX5154"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes the key field in an Authentication Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas setpassword -name</B> <<VAR>name of user</VAR>> [<B>-new_password</B> <<VAR>new password</VAR>>]
+ [<B>-kvno</B> <<VAR>key version number</VAR>>]
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas setpasswd -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>]
+ [<B>-k</B> <<VAR>key version number</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [-c <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+
+<B>kas setp -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>] [<B>-k</B> <<VAR>key version number</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [-c <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+
+<B>kas sp -na</B> <<VAR>name of user</VAR>> [<B>-ne</B> <<VAR>new password</VAR>>] [<B>-k</B> <<VAR>key version number</VAR>>]
+ [<B>-a</B> <<VAR>admin principal to use for authentication </VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas setpassword</B> command accepts a character string of
+unlimited length, scrambles it into a form suitable for use as an encryption
+key, places it in the key field of the Authentication Database entry named by
+the <B>-name</B> argument, and assigns it the key version number specified
+by the <B>-kvno</B> argument.
+<P>To avoid making the password string visible at the shell prompt, omit the
+<B>-new_password</B> argument. Prompts then appear at the shell
+which do not echo the password visibly.
+<P>When changing the <B>afs</B> server key, also issue <B>bos
+addkey</B> command to add the key (with the same key version number) to the
+<B>/usr/afs/etc/KeyFile</B> file. See the <I>IBM AFS
+Administration Guide</I> for instructions.
+<P>The command interpreter checks the password string subject to the following
+conditions:
+<UL>
+<P><LI>If there is a program called <B>kpwvalid</B> in the same directory as
+the <B>kas</B> binary, the command interpreter invokes it to process the
+password. For details, see the <B>kpwvalid</B> reference
+page.
+<P><LI>If the <B>-reuse</B> argument to the <B>kas setfields</B> command
+has been used to prohibit reuse of previous passwords, the command interpreter
+verifies that the password is not too similar too any of the user's
+previous 20 passwords. It generates the following error message at the
+shell:
+<PRE> Password was not changed because it seems like a reused password
+
+</PRE>
+<P>To prevent a user from subverting this restriction by changing the password
+twenty times in quick succession (manually or by running a script), use the
+<B>-minhours</B> argument on the <B>kaserver</B> initialization
+command. The following error message appears if a user attempts to
+change a password before the minimum time has passed:
+<PRE> Password was not changed because you changed it too
+ recently; see your systems administrator
+
+</PRE>
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the entry in which to record the new key.
+<P><DT><B>-new_password
+</B><DD>Specifies the character string the user types when authenticating to
+AFS. Omit this argument and type the string at the resulting prompts so
+that the password does not echo visibly. Note that some non-AFS
+programs cannot handle passwords longer than eight characters.
+<P><DT><B>-kvno
+</B><DD>Specifies the key version number associated with the new key.
+Provide an integer in the range from <B>0</B> through
+<B>255</B>. If omitted, the default is 0 (zero), which is probably
+not desirable for server keys.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, an administrator using the <B>admin</B>
+account changes the password for <B>pat</B> (presumably because
+<B>pat</B> forgot the former password or got locked out of his account in
+some other way).
+<PRE> % <B>kas setpassword pat</B>
+ Password for admin:
+ new_password:
+ Verifying, please re-enter new_password:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>Individual users can change their own passwords. To change another
+user's password or the password (server encryption key) for server
+entries such as <B>afs</B>, the issuer must have the <TT>ADMIN</TT> flag
+set in his or her Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf095.htm#HDRBOS_ADDKEY">bos addkey</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf193.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf195.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf194.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf196.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_STATISTICS" HREF="auarf002.htm#ToC_209">kas statistics</A></H2>
+<A NAME="IDX5155"></A>
+<A NAME="IDX5156"></A>
+<A NAME="IDX5157"></A>
+<A NAME="IDX5158"></A>
+<A NAME="IDX5159"></A>
+<A NAME="IDX5160"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays statistics from an Authentication Server process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas statistics</B> [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas sta</B> [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-n</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas statistics</B> command displays statistics from the
+Authentication Server running on one of the cell's database server
+machines. Use the <B>-servers</B> argument to name a specific
+machine, or the command interpreter chooses one at random from all the
+database server machines with which it has established connections.
+<P><STRONG>Cautions</STRONG>
+<P>The <B>-servers</B> argument is not available in interactive mode,
+making it impossible to specify a certain machine.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The information in the output includes:
+<UL>
+<P><LI>The number of allocation and freeing operations the Authentication Server
+has performed, and how many password change requests it has processed.
+<P><LI>An indication of its hash table use.
+<P><LI>The server machine's IP address in hexadecimal and the date when the
+current instance of the Authentication Server started.
+<P><LI>The number of requests and aborted requests for various services:
+authentication, ticket granting, password setting, entry listing, and so
+on.
+<P><LI>The amount of CPU time that the Authentication Server has used to process
+requests since it started. The amount is not accurate on all system
+types, however.
+<P><LI>The number of entries in the Authentication Database that are marked with
+the <TT>ADMIN</TT> flag.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, an administrator using the <B>admin</B>
+account gathers statistics from the Authentication Server running on the
+machine <B>fs1.abc.com</B>.
+<PRE> % <B>kas statistics -servers fs1.abc.com</B>
+ 56 allocs, 46 frees, 0 password changes
+ Hash table utilization = 0.100000%
+ From host bfff21a7 started at Tue Mar 23 12:42:02 1999:
+ of 88 requests for Authenticate, 18 were aborted.
+ of 14 requests for GetTicket, 0 were aborted.
+ of 4 requests for CreateUser, 1 were aborted.
+ of 12 requests for SetFields, 4 were aborted.
+ of 3 requests for DeleteUser, 0 were aborted.
+ of 23 requests for GetEntry, 4 were aborted.
+ of 18 requests for ListEntry, 0 were aborted.
+ of 2 requests for GetStats, 1 were aborted.
+ of 2 requests for GetRandomKey, 0 were aborted.
+ Used 6.015 seconds of CPU time.
+ 3 admin accounts
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <TT>ADMIN</TT> flag set on his or her
+Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf194.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf196.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf195.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf197.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_STRINGTOKEY" HREF="auarf002.htm#ToC_210">kas stringtokey</A></H2>
+<A NAME="IDX5161"></A>
+<A NAME="IDX5162"></A>
+<A NAME="IDX5163"></A>
+<A NAME="IDX5164"></A>
+<A NAME="IDX5165"></A>
+<A NAME="IDX5166"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Converts a character string into an octal key
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas stringtokey -string</B> <<VAR>password string</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>kas str -s</B> <<VAR>password string</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas stringtokey</B> command converts the character string
+specified with the <B>-string</B> argument into an octal string suitable
+for use as an encryption key.
+<P>The <B>kas</B> command interpreter generates the octal key by using an
+encryption algorithm on the combination of the specified string and the name
+of the local cell (as recorded in the local <B>/usr/vice/etc/ThisCell</B>
+file). Use the <B>-cell</B> argument to convert a string into a key
+appropriate for a cell other than the local one.
+<P><STRONG>Cautions</STRONG>
+<P>This command writes the key to the standard output stream, on which it can
+possibly be intercepted by third parties. It is not very secure to use
+the key in an actual Authentication Database entry.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-string
+</B><DD>Specifies the character string to convert into an octal key.
+<P><DT><B>-cell
+</B><DD>Specifies the complete Internet domain name of the cell to combine with
+the password string while generating the key. If this argument is
+omitted, the <B>kas</B> command interpreter determines the name of the
+local cell by consulting:
+<UL>
+<P><LI>First, the value of the environment variable AFSCELL.
+<P><LI>Second, the cellname in the <B>/usr/vice/etc/ThisCell</B> file on the
+local machine.
+</UL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output is of the following form:
+<PRE> Converting <VAR>password string</VAR> in realm '<VAR>cell_name</VAR>' yields key='<VAR>key</VAR>'.
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the octal key equivalent of the string
+<B>new_pswd</B> in the ABC Corporation cell.
+<PRE> %<B> kas stringtokey new_pswd</B>
+ Converting new_pswd in realm 'ABC.COM' yields
+ key='\346\307\364\320\263\233\342\354'.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None, and no password is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf032.htm#HDRCLI_THISCELL">ThisCell (client version)</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf195.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf197.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf196.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf198.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKAS_UNLOCK" HREF="auarf002.htm#ToC_211">kas unlock</A></H2>
+<A NAME="IDX5167"></A>
+<A NAME="IDX5168"></A>
+<A NAME="IDX5169"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Unlocks a locked user account
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kas unlock -name</B> <<VAR>authentication ID</VAR>>
+ [<B>-admin_username</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-password_for_admin</B> <<VAR>admin password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>]
+ [<B>-noauth</B>] [<B>-help</B>]
+
+<B>kas u -na</B> <<VAR>authentication ID</VAR>>
+ [<B>-a</B> <<VAR>admin principal to use for authentication</VAR>>]
+ [<B>-p</B> <<VAR>admin password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of authentication servers</VAR>><SUP>+</SUP>] [<B>-no</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kas unlock</B> command unlocks the Authentication Database entry
+named by the <B>-name</B> argument. An entry becomes locked when
+the user exceeds the limit on failed authentication attempts, generally by
+providing the wrong password to either an AFS-modified login utility or the
+<B>klog</B> command. Use the <B>kas setfields</B> command to
+set the limit and the lockout time, and the <B>kas examine</B> command to
+examine the settings.
+<P>To unlock all locked user accounts at once, shutdown the
+<B>kaserver</B> process on every database server machine, and remove the
+<B>/usr/afs/local/kaauxdb</B> file from each one. The
+<B>kaserver</B> process recreates the file as it restarts.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Names the Authentication Database entry to unlock.
+<P><DT><B>-admin_username
+</B><DD>Specifies the user identity under which to authenticate with the
+Authentication Server for execution of the command. For more details,
+see the introductory <B>kas</B> reference page.
+<P><DT><B>-password_for_admin
+</B><DD>Specifies the password of the command's issuer. If it is
+omitted (as recommended), the <B>kas</B> command interpreter prompts for
+it and does not echo it visibly. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>kas</B> reference page.
+<P><DT><B>-servers
+</B><DD>Names each machine running an Authentication Server with which to
+establish a connection. For more details, see the introductory
+<B>kas</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>kas</B> reference
+page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, an administrator using the <B>admin</B>
+account unlocks the entry for <B>jones</B>:
+<PRE> % <B>kas unlock -name jones -admin_username admin</B>
+ Administrator's (admin) Password:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <TT>ADMIN</TT> flag set on his or her
+Authentication Database entry.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf196.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf198.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf197.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf199.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKASERVER" HREF="auarf002.htm#ToC_212">kaserver</A></H2>
+<A NAME="IDX5170"></A>
+<A NAME="IDX5171"></A>
+<A NAME="IDX5172"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Authentication Server
+<P><STRONG>Description</STRONG>
+<PRE><B>kaserver</B> [<B>-noAuth</B>] [<B>-fastKeys</B>] [<B>-database</B> <<VAR>dbpath</VAR>>]
+ [<B>-localfiles</B> <<VAR>lclpath</VAR>>] [<B>-minhours</B> <<VAR>n</VAR>>]
+ [<B>-servers</B> <<VAR>serverlist</VAR>>] [<B>-enable_peer_stats</B>]
+ [<B>-enable_process_stats</B>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>kaserver</B> command initializes the Authentication Server,
+which runs on every database server machine. In the conventional
+configuration, its binary file is located in the <B>/usr/afs/bin</B>
+directory on a file server machine.
+<P>The <B>kaserver</B> command is not normally issued at the command shell
+prompt but rather placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a database server machine as the local superuser
+<B>root</B>.
+<P>As it initializes, the Authentication Server process creates the two files
+that constitute the Authentication Database, <B>kaserver.DB0</B>
+and <B>kaserver.DBSYS1</B>, in the <B>/usr/afs/db</B> directory
+if they do not already exist. Use the commands in the <B>kas</B>
+suite to administer the database.
+<P>The Authentication Server is responsible for several aspects of AFS
+security, including:
+<UL>
+<P><LI>Maintenance of all AFS server encryption keys and user passwords in the
+Authentication Database.
+<P><LI>Creation of the tickets and tokens that users and servers use to establish
+secure connections. Its Ticket Granting Service (TGS) component
+performs this function.
+</UL>
+<P>The Authentication Server records a trace of its activity in the
+<B>/usr/afs/logs/AuthLog</B> file. Use the <B>bos getlog</B>
+command to display the contents of the file. Use the <B>kdb</B>
+command to read the protected files associated with the <B>AuthLog</B>
+file, <B>AuthLog.dir</B> and <B>AuthLog.pag</B>.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-noAuth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Thus, it establishes an unauthenticated connection between the
+issuer and the Authentication Server. It is useful only when
+authorization checking is disabled on the database server machine. In
+normal circumstances, the Authentication Server allows only authorized
+(privileged) users to issue commands that affect or contact the Authentication
+Database and will refuse to perform such an action even if the
+<B>-noAuth</B> flag is used.
+<P><DT><B>-fastKeys
+</B><DD>Is a test flag for use by the AFS Development staff; it serves no
+functional purpose.
+<P><DT><B>-database
+</B><DD>Specifies the pathname of an alternate directory in which the
+Authentication Database files reside. Provide the complete pathname,
+ending in the base filename to which the <B>.DB0</B> and
+<B>.DBSYS1</B> extensions are appended. For example, the
+appropriate value for the default database files is
+<B>/usr/afs/db/kaserver</B>.
+<P>Provide the <B>-localfiles</B> argument along with this one;
+otherwise, the <B>-localfiles</B> argument is also set to the value of
+this argument, which is probably inappropriate.
+<P><DT><B>-localfiles
+</B><DD>Specifies the pathname of an alternate directory in which the auxiliary
+Authentication Database file resides. Provide the complete pathname,
+ending in the base filename to which the <B>auxdb</B> suffix is
+appended. For example, the appropriate value for the default auxiliary
+database file is <B>/usr/afs/local/kaserver</B>.
+<P><DT><B>-minhours
+</B><DD>Specifies the minimum number of hours that must pass between password
+changes made by any regular user. System administrators (with the
+<TT>ADMIN</TT> flag in their Authentication Database entry) can change
+passwords as often as desired. Setting a minimum time between password
+changes is not recommended.
+<P><DT><B>-servers
+</B><DD>Names each database server machine running an Authentication Server with
+which the local Authentication Server is to synchronize its copy of the
+Authentication Database , rather than with the machines listed in the local
+<B>/usr/afs/etc/CellServDB</B> file.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following <B>bos create</B> command creates a <B>kaserver</B>
+process on <B>fs3.abc.com</B> (the command appears on two
+lines here only for legibility):
+<PRE> % <B>bos create -server fs3.abc.com -instance kaserver</B> \
+ <B>-type simple -cmd /usr/afs/bin/kaserver</B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf012.htm#HDRAUTHLOG">AuthLog</A>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf045.htm#HDRKASERVERDB">kaserver.DB0 and kaserver.DBSYS1</A>
+<P><A HREF="auarf046.htm#HDRKASERVERAUXDB">kaserverauxdb</A>
+<P><A HREF="auarf093.htm#HDRBOS_INTRO">bos</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf181.htm#HDRKAS_INTRO">kas</A>
+<P><A HREF="auarf199.htm#HDRKDB">kdb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf197.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf199.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf198.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf200.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKDB" HREF="auarf002.htm#ToC_213">kdb</A></H2>
+<A NAME="IDX5173"></A>
+<A NAME="IDX5174"></A>
+<A NAME="IDX5175"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays log or privileged actions performed by the Authentication Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kdb</B> [<B>-dbmfile</B> <<VAR>dbmfile to use (default /usr/afs/logs/AuthLog)</VAR>>]
+ [<B>-key</B> <<VAR>extract entries that match specified key</VAR>>] [<B>-help</B>]
+
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kdb</B> command displays the contents of the
+<B>AuthLog.dir</B> and <B>AuthLog.pag</B> files
+associated with the <B>AuthLog</B> file that resides on the local disk, by
+default in the <B>/usr/afs/logs</B> directory. The files must exist
+in that directory, which normally implies that the Authentication Server is
+running on the machine. The files contain information on privileged
+actions performed by the Authentication Server.
+<P><STRONG>Cautions</STRONG>
+<P>It is possible that on some operating systems that AFS otherwise supports,
+the Authentication Server cannot create the
+<B>/usr/afs/logs/AuthLog.dir</B> and
+<B>/usr/afs/logs/AuthLog.pag</B> files, making this command
+inoperative. See the <I>IBM AFS Release Notes</I> for
+details.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dbmfile
+</B><DD>Specifies the pathname of the file to display. Provide either a
+complete pathname, a pathname relative to the <B>/usr/afs/logs</B>
+directory, or a filename only, in which case the file must reside in the
+<B>/usr/afs/logs</B> directory. Omit this argument to display
+information from the <B>AuthLog.dir</B> and
+<B>AuthLog.pag</B> files in the <B>/usr/afs/logs</B>
+directory.
+<P><DT><B>-key
+</B><DD>Specifies each entry to be displayed from the indicated file.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of output indicates the location of the files from which the
+subsequent information is derived:
+<PRE> Printing all entries found in <VAR>file_location</VAR>
+</PRE>
+<P>Each entry then includes the following two fields, separated by a
+colon:
+<DL>
+<P><DT><B><TT>user/server</TT>
+</B><DD>Identifies the user requesting the corresponding service and the server
+that performed that service. In cases where no user is directly
+involved, only the server appears; in cases where no server is directly
+involved, only the user appears.
+<P><DT><B><TT>service</TT>
+</B><DD>Identifies one of the following actions or services performed by the user
+or server process.
+<UL>
+<P><LI><TT>auth</TT>: Obtained a ticket-granting ticket
+<P><LI><TT>chp</TT>: Changed a user password
+<P><LI><TT>cruser</TT>: Created a user entry in the Authentication
+Database
+<P><LI><TT>delu</TT>: Deleted a user entry from the Authentication
+Database
+<P><LI><TT>gtck</TT>: Obtained a ticket other than a ticket-granting
+ticket
+<P><LI><TT>setf</TT>: Set fields in an Authentication Database entry
+<P><LI><TT>unlok</TT>: Unlocked an Authentication Database entry
+</UL>
+</DL>
+<P>The final line of output sums the number of entries.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output of the <B>kdb</B> command in the
+ABC Corporation cell (<B>abc.com</B>):
+<PRE> % <B>kdb</B>
+ Printing all entries found in /usr/afs/logs/AuthLog
+ admin,krbtgt.ABC.COM:auth
+ admin,afs:gtck
+ admin:cruser
+ admin:delu
+ 4 entries were found
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf013.htm#HDRWQ5">AuthLog.dir, AuthLog.pag</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf198.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf200.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf199.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf201.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKLOG" HREF="auarf002.htm#ToC_214">klog</A></H2>
+<A NAME="IDX5176"></A>
+<A NAME="IDX5177"></A>
+<A NAME="IDX5178"></A>
+<A NAME="IDX5179"></A>
+<A NAME="IDX5180"></A>
+<A NAME="IDX5181"></A>
+<A NAME="IDX5182"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Authenticates with the Authentication Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>klog</B> [<B>-x</B>] [<B>-principal</B> <<VAR>user name</VAR>>] [<B>-password</B> <<VAR>user's password</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-servers</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>]
+ [<B>-pipe</B>] [<B>-silent</B>] [<B>-lifetime</B> <<VAR>ticket lifetime in hh[:mm[:ss]]</VAR>>]
+ [<B>-setpag</B>] [<B>-tmp</B>] [<B>-help</B>]
+
+<B>klog</B> [<B>-x</B>] [<B>-pr</B> <<VAR>user name</VAR>>] [<B>-pa</B> <<VAR>user's password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>] [<B>-pi</B>] [<B>-si</B>]
+ [<B>-l</B> <<VAR>ticket lifetime in hh[:mm[:ss]]</VAR>>] [<B>-se</B>] [<B>-t</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>klog</B> command obtains an AFS token from the Authentication
+Server. The Cache Manager on the local machine stores the token in a
+credential structure in kernel memory and uses it when obtaining authenticated
+access to the AFS filespace. This command does not affect the
+issuer's identity (UNIX UID) in the local file system.
+<P>By default, the command interpreter obtains a token for the AFS user name
+that matches the issuer's identity in the local file system. To
+specify an alternate user, include the <B>-principal</B> argument.
+The user named by the <B>-principal</B> argument does not have to appear
+in the local password file (the <B>/etc/passwd</B> file or
+equivalent).
+<P>By default, the command interpreter obtains a token for the local cell, as
+defined by the AFSCELL environment variable set in the command shell or by the
+<B>/usr/vice/etc/ThisCell</B> file on the local machine. To specify
+an alternate cell, include the <B>-cell</B> argument. The command
+interpreter contacts an Authentication Server chosen at random from the
+cell's entry in the local <B>/usr/afs/etc/CellServDB</B> file, unless
+the <B>-servers</B> argument is used to name one or more database server
+machines.
+<P>A user can have tokens in multiple cells simultaneously, but only one token
+per cell per connection to the client machine. If the user's
+credential structure already contains a token for the requested cell, the
+token resulting from this command replaces it.
+<P>Sites that employ standard Kerberos authentication instead of the AFS
+Authentication Server must use the Kerberos version of this command,
+<B>klog.krb</B>, on all client machines. It automatically
+places the issuer's Kerberos tickets in the file named by the KRBTKFILE
+environment variable, which the <B>pagsh.krb</B> command defines
+automatically as <B>/tmp/tktp</B><I>X</I> where <I>X</I> is the
+number of the user's PAG.
+<P>The lifetime of the token resulting from this command is the smallest of
+the following.
+<UL>
+<P><LI>The lifetime specified by the issuer with the <B>-lifetime</B>
+argument. If the issuer does not include this argument, the value
+defaults to 720 hours (30 days).
+<P><LI>The maximum ticket lifetime recorded for the <B>afs</B> entry in the
+Authentication Database. The default is 100 hours.
+<P><LI>The maximum ticket lifetime recorded in the specified user's
+Authentication Database entry. The default is 25 hours for user entries
+created by an Authentication Server running AFS 3.1 or later.
+<P><LI>The maximum ticket lifetime recorded in the
+<B>krbtgt.</B><VAR>CELLNAME</VAR> entry in the Authentication
+Database; this entry corresponds to the ticket-granting ticket used
+internally in generating the token. The default is 720 hours (30
+days).
+</UL>
+<P>The output from the <B>kas examine</B> command displays an
+Authentication Database entry's maximum ticket lifetime as <TT>Max
+ticket lifetime</TT>. Administrators can display any entry, and users
+can display their own entries.
+<P>If none of the defaults have been changed, the token lifetime is 25 hours
+for user accounts created by an Authentication Server running AFS 3.1
+or higher. The maximum lifetime for any token is 720 hours (30 days),
+and the minimum is 5 minutes.
+<P>Between the minimum and maximum values, the Authentication Server uses a
+defined set of values, according to the following rules. Requested
+lifetimes between 5 minutes and 10 hours 40 minutes are granted at 5 minute
+intervals, rounding up. For example, if the issuer requests a lifetime
+of 12 minutes, the token's actual lifetime is 15 minutes.
+<P>For token lifetimes greater than 10 hours 40 minutes, consult the following
+table, which presents all the possible times in units of
+<VAR>hours</VAR><B>:</B><VAR>minutes</VAR><B>:</B><VAR>seconds</VAR>.
+The number in parentheses is an approximation of the corresponding time in
+days and hours (as indicated by the <TT>d</TT> and <TT>h</TT>
+letters). For example, <TT>282:22:17</TT> means 282
+hours, 22 minutes, and 17 seconds, which translates to approximately 11 days
+and 18 hours (<TT>11d 18h</TT>). The Authentication Server rounds up
+a requested lifetime to the next highest possible lifetime.
+<PRE> 11:24:15 (0d 11h) 46:26:01 (1d 22h) 189:03:38 (7d 21h)
+ 12:11:34 (0d 12h) 49:38:40 (2d 01h) 202:08:00 (8d 10h)
+ 13:02:09 (0d 13h) 53:04:37 (2d 05h) 216:06:35 (9d 00h)
+ 13:56:14 (0d 13h) 56:44:49 (2d 08h) 231:03:09 (9d 15h)
+ 14:54:03 (0d 14h) 60:40:15 (2d 12h) 247:01:43 (10d 07h)
+ 15:55:52 (0d 15h) 64:51:57 (2d 16h) 264:06:34 (11d 00h)
+ 17:01:58 (0d 17h) 69:21:04 (2d 21h) 282:22:17 (11d 18h)
+ 18:12:38 (0d 18h) 74:08:46 (3d 02h) 301:53:45 (12d 13h)
+ 19:28:11 (0d 19h) 79:16:23 (3d 07h) 322:46:13 (13d 10h)
+ 20:48:57 (0d 20h) 84:45:16 (3d 12h) 345:05:18 (14d 09h)
+ 22:15:19 (0d 22h) 90:36:53 (3d 18h) 368:56:58 (15d 08h)
+ 23:47:38 (0d 23h) 96:52:49 (4d 00h) 394:27:37 (16d 10h)
+ 25:26:21 (1d 01h) 103:34:45 (4d 07h) 421:44:07 (17d 13h)
+ 27:11:54 (1d 03h) 110:44:28 (4d 14h) 450:53:46 (18d 18h)
+ 29:04:44 (1d 05h) 118:23:54 (4d 22h) 482:04:24 (20d 02h)
+ 31:05:22 (1d 07h) 126:35:05 (5d 06h) 515:24:22 (21d 11h)
+ 33:14:21 (1d 09h) 135:20:15 (5d 15h) 551:02:38 (22d 23h)
+ 35:32:15 (1d 11h) 144:41:44 (6d 00h) 589:08:45 (24d 13h)
+ 37:59:41 (1d 13h) 154:42:01 (6d 10h) 629:52:56 (26d 05h)
+ 40:37:19 (1d 16h) 165:23:50 (6d 21h) 673:26:07 (28d 01h)
+ 43:25:50 (1d 19h) 176:50:01 (7d 08h)
+
+</PRE>
+<P><STRONG>Cautions</STRONG>
+<P>By default, this command does not create a new process authentication group
+(PAG); see the description of the <B>pagsh</B> command to learn about
+PAGs. If a cell does not use an AFS-modified login utility, users must
+include <B>-setpag</B> option to this command, or issue the
+<B>pagsh</B> command before this one, to have their tokens stored in a
+credential structure that is identified by PAG rather than by local
+UID.
+<P>When a credential structure is identified by local UID, the potential
+security exposure is that the local superuser <B>root</B> can use the UNIX
+<B>su</B> command to assume any other identity and automatically inherit
+the tokens associated with that UID. Identifying the credential
+structure by PAG eliminates this exposure.
+<P>If the <B>-password</B> argument is used, the specified password cannot
+begin with a hyphen, because it is interpreted as another option name.
+Use of the <B>-password</B> argument is not recommended in any
+case.
+<P>By default, it is possible to issue this command on a properly configured
+NFS client machine that is accessing AFS via the NFS/AFS Translator, assuming
+that the NFS client machine is a supported system type. However, if the
+translator machine's administrator has enabled UID checking by including
+the <B>-uidcheck on</B> argument to the <B>fs exportafs</B> command,
+the command fails with an error message similar to the following:
+<PRE>
+ Warning: Remote pioctl to <VAR>translator_machine</VAR> has failed (err=8). . .
+ Unable to authenticate to AFS because a pioctl failed.
+</PRE>
+<P>Enabling UID checking means that the credential structure in which tokens
+are stored on the translator machine must be identified by a UID that matches
+the local UID of the process that is placing the tokens in the credential
+structure. After the <B>klog</B> command interpreter obtains the
+token on the NFS client, it passes it to the remote executor daemon on the
+translator machine, which makes the system call that stores the token in a
+credential structure on the translator machine. The remote executor
+generally runs as the local superuser <B>root</B>, so in most cases its
+local UID (normally zero) does not match the local UID of the user who issued
+the <B>klog</B> command on the NFS client machine.
+<P>Issuing the <B>klog</B> command on an NFS client machine creates a
+security exposure: the command interpreter passes the token across the
+network to the remote executor daemon in clear text mode.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-x
+</B><DD>Appears only for backwards compatibility. Its former function is
+now the default behavior of this command.
+<P><DT><B>-principal
+</B><DD>Specifies the user name to authenticate. If this argument is
+omitted, the Authentication Server attempts to authenticate the user logged
+into the local file system.
+<P><DT><B>-password
+</B><DD>Specifies the issuer's password (or that of the alternate user
+identified by the <B>-principal</B> argument). Omit this argument
+to have the command interpreter prompt for the password, in which case it does
+not echo visibly in the command shell.
+<P><DT><B>-cell
+</B><DD>Specifies the cell for which to obtain a token. The command is
+directed to that cell's Authentication Servers. During a single
+login session on a given machine, a user can be authenticated in multiple
+cells simultaneously, but can have only one token at a time for each of them
+(that is, can only authenticate under one identity per cell per session on a
+machine). It is acceptable to abbreviate the cell name to the shortest
+form that distinguishes it from the other cells listed in the
+<B>/usr/vice/etc/CellServDB</B> file on the client machine on which the
+command is issued.
+<P>If this argument is omitted, the command is executed in the local cell, as
+defined
+<UL>
+<P><LI>First, by the value of the environment variable AFSCELL
+<P><LI>Second, in the <B>/usr/vice/etc/ThisCell</B> file on the client
+machine on which the command is issued
+</UL>
+<P><DT><B>-servers
+</B><DD>Establishes a connection with the Authentication Server running on each
+specified database server machine. The command interpreter then chooses
+one of these at random to execute the command. It is best to provide
+fully-qualified hostnames, but abbreviated forms are possibly acceptable
+depending on the state of the cell's name server at the time the command
+is issued. This option is useful for testing specific servers if
+problems are encountered.
+<P>If this argument is omitted, the command interpreter establishes a
+connection with each machine listed for the indicated cell in the local copy
+of the <B>/usr/vice/etc/CellServDB</B> file, and then chooses one of them
+at random for command execution.
+<P><DT><B>-pipe
+</B><DD>Suppresses all output to the standard output stream, including prompts and
+error messages. The <B>klog</B> command interpreter expects to
+receive the password from the standard input stream. Do not use this
+argument; it is designed for use by application programs rather than
+human users.
+<P><DT><B>-silent
+</B><DD>Suppresses some of the trace messages that the <B>klog</B> command
+produces on the standard output stream by default. It still reports on
+major problems encountered.
+<P><DT><B>-lifetime
+</B><DD>Requests a specific lifetime for the token. Provide a number of
+hours and optionally minutes and seconds in the format
+<VAR>hh</VAR>[<B>:</B><VAR>mm</VAR>[<B>:</B><VAR>ss</VAR>]].
+The value is used in calculating the token lifetime as described in the
+<B>Description</B> section.
+<P><DT><B>-setpag
+</B><DD>Creates a process authentication group (PAG) prior to requesting
+authentication. The token is associated with the newly created
+PAG.
+<P><DT><B>-tmp
+</B><DD>Creates a Kerberos-style ticket file in the <B>/tmp</B> directory of
+the local machine. The file is called
+<B>tkt.</B><VAR>AFS_UID</VAR> where <VAR>AFS_UID</VAR> is the AFS UID
+of the issuer.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Cautions</STRONG>
+<P><STRONG>Output</STRONG>
+<P>The following message indicates that the limit on consecutive
+authentication failures has been exceeded. An administrator can use the
+<B>kas unlock</B> command to unlock the account, or the issuer can wait
+until the lockout time for the account has passed. (The time is set
+with the <B>-locktime</B> argument to the <B>kas setfields</B> command
+and displayed in the output from the <B>kas examine</B> command).
+<PRE>
+ Unable to authenticate to AFS because ID is locked - see your system admin
+
+</PRE>
+<P>If the <B>-tmp</B> flag is included, the following message confirms
+that a Kerberos-style ticket file was created:
+<PRE>
+ Wrote ticket file to /tmp
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>Most often, this command is issued without arguments. The
+appropriate password is for the person currently logged into the local file
+system. The ticket's lifetime is calculated as described in the
+<B>Description</B> section (if no defaults have been changed, it is 25
+hours for a user whose Authentication Database entry was created in AFS
+3.1 or later).
+<PRE>
+ % <B>klog</B>
+ Password:
+
+</PRE>
+<P>The following example authenticates the user as <B>admin</B> in the ABC
+Corporation's test cell:
+<PRE>
+ % <B>klog -principal admin -cell test.abc.com</B>
+ Password:
+
+</PRE>
+<P>In the following, the issuer requests a ticket lifetime of 104 hours 30
+minutes (4 days 8 hours 30 minutes). Presuming that this lifetime is
+allowed by the maximum ticket lifetimes and other factors described in the
+<B>Description</B> section, the token's lifetime is
+110:44:28, which is the next largest possible value.
+<PRE> % <B>klog -lifetime 104:30</B>
+ Password:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf139.htm#HDRFS_EXPORTAFS">fs exportafs</A>
+<P><A HREF="auarf185.htm#HDRKAS_EXAMINE">kas examine</A>
+<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<P><A HREF="auarf197.htm#HDRKAS_UNLOCK">kas unlock</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf208.htm#HDRPAGSH">pagsh</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf199.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf201.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf200.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf202.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKNFS" HREF="auarf002.htm#ToC_215">knfs</A></H2>
+<A NAME="IDX5183"></A>
+<A NAME="IDX5184"></A>
+<A NAME="IDX5185"></A>
+<A NAME="IDX5186"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Establishes basis for authenticated access to AFS from a non-supported NFS
+client using the NFS/AFS Translator
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>knfs -host</B> <<VAR>host name</VAR>> [<B>-id</B> <<VAR>user ID (decimal)</VAR>>]
+ [<B>-sysname</B> <<VAR>host's '@sys' value</VAR>>] [<B>-unlog</B>] [<B>-tokens</B>] [<B>-help</B>]
+
+<B>knfs -ho</B> <<VAR>host name</VAR>> [<B>-i</B> <<VAR>user ID (decimal)</VAR>>]
+ [<B>-s</B> <<VAR>host's '@sys' value</VAR>>] [<B>-u</B>] [<B>-t</B>] [<B>-he</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>knfs</B> command creates an AFS credential structure on the
+local machine, identifying it by a process authentication group (PAG) number
+associated with the NFS client machine named by the <B>-hostname</B>
+argument and by default with a local UID on the NFS client machine that
+matches the issuer's local UID on the local machine. It places in
+the credential structure the AFS tokens that the issuer has previously
+obtained (by logging onto the local machine if an AFS-modified login utility
+is installed, by issuing the <B>klog</B> command, or both). To
+associate the credential structure with an NFS UID that does not match the
+issuer's local UID, use the <B>-id</B> argument.
+<P>Issue this command only on the NFS<SUP>(R)</SUP>/AFS translator machine that is
+serving the NFS client machine, after obtaining AFS tokens on the translator
+machine for every cell to which authenticated access is required. The
+Cache Manager on the translator machine uses the tokens to obtain
+authenticated AFS access for the designated user working on the NFS client
+machine. This command is not effective if issued on an NFS client
+machine.
+<P>To enable the user on the NFS client machine to issue AFS commands, use the
+<B>-sysname</B> argument to specify the NFS client machine's system
+type, which can differ from the translator machine's. The NFS
+client machine must be a system type for which AFS is supported.
+<P>The <B>-unlog</B> flag discards the tokens in the credential structure,
+but does not destroy the credential structure itself. The Cache Manager
+on the translator machine retains the credential structure until the next
+reboot, and uses it each time the issuer accesses AFS through the translator
+machine. The credential structure only has tokens in it if the user
+reissues the <B>knfs</B> command on the translator machine each time the
+user logs into the NFS client machine.
+<P>To display the tokens associated with the designated user on the NFS client
+machine, include the <B>-tokens</B> flag.
+<P>Users working on NFS client machines of system types for which AFS binaries
+are available (and for which the cell has purchased a license) can use the
+<B>klog</B> command rather than the <B>knfs</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>If the translator machine's administrator has enabled UID checking by
+issuing the <B>fs exportafs</B> command with the <B>-uidcheck on</B>
+argument, it is not possible to use the <B>-id</B> argument to assign the
+tokens to an NFS UID that differs from the issuer's local UID. In
+this case, there is no point in including the <B>-id</B> argument, because
+the only acceptable value (the issuer's local UID) is the value used when
+the <B>-id</B> argument is omitted. Requiring matching UIDs is
+effective only when users have the same local UID on the translator machine as
+on NFS client machines. In that case, it guarantees that users assign
+their tokens only to their own NFS sessions.
+<P>This command does not make it possible for users working on non-supported
+system types to issue AFS commands. This is possible only on NFS
+clients of a system type for which AFS is available.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-host
+</B><DD>Names the NFS client machine on which the issuer is to work.
+Providing a fully-qualified hostname is best, but abbreviated forms are
+possibly acceptable depending on the state of the cell's name server at
+the time the command is issued.
+<P><DT><B>-id
+</B><DD>Specifies the local UID on the NFS client to which to assign the
+tokens. The NFS client identifies file requests by the NFS UID, so
+creating the association enables the Cache Manager on the translator machine
+to use the appropriate tokens when filling the requests. If this
+argument is omitted, the command interpreter uses an NFS UID that matches the
+issuer's local UID on the translator machine (as returned by the
+<B>getuid</B> function).
+<P><DT><B>-sysname
+</B><DD>Specifies the value that the local (translator) machine's remote
+executor daemon substitutes for the <B>@sys</B> variable in pathnames when
+executing AFS commands issued on the NFS client machine (which must be a
+supported system type). If the NFS user's PATH environment
+variable uses the <B>@sys</B> variable in the pathnames for directories
+that house AFS binaries (as recommended), then setting this argument enables
+NFS users to issue AFS commands by leading the remote executor daemon to
+access the AFS binaries appropriate to the NFS client machine even if its
+system type differs from the translator machine's.
+<P><DT><B>-unlog
+</B><DD>Discards the tokens stored in the credential structure identified by the
+PAG associated with the <B>-host</B> argument and, optionally, the
+<B>-id</B> argument.
+<P><DT><B>-tokens
+</B><DD>Displays the AFS tokens assigned to the designated user on the indicated
+NFS client machine.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following error message indicates that UID checking is enabled on the
+translator machine and that the value provided for the <B>-id</B> argument
+differs from the issuer's local UID.
+<PRE>
+ knfs: Translator in 'passwd sync' mode; remote uid must be the same as local uid
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example illustrates a typical use of this command. The
+issuer <B>smith</B> is working on the machine
+<B>nfscli1.abc.com</B> and has user ID <B>1020</B> on
+that machine. The translator machine
+<B>tx4.abc.com</B> uses an AFS-modified login utility, so
+<B>smith</B> obtains tokens for the ABC Corporation cell automatically
+upon login via the <B>telnet</B> program. She then issues the
+<B>klog</B> command to obtain tokens as <B>admin</B> in the ABC
+Corporation's test cell, <B>test.abc.com</B>, and the
+<B>knfs</B> command to associate both tokens with the credential structure
+identified by machine name <B>nfs-cli1</B> and user ID
+<B>1020</B>. She breaks the connection to <B>tx4</B> and works
+on <B>nfscli1</B>.
+<PRE> % <B>telnet tx4.abc.com</B>
+ . . .
+ login: <B>smith</B>
+ Password:
+ AFS(R) login
+
+ % <B>klog admin -cell test.abc.com</B>
+ Password:
+
+ % <B>knfs nfscli1.abc.com 1020</B>
+
+ % <B>exit</B>
+
+</PRE>
+<P>The following example shows user <B>smith</B> again connecting to the
+machine <B>tx4</B> via the <B>telnet</B> program and discarding the
+tokens.
+<PRE> % <B>telnet translator4.abc.com</B>
+ . . .
+ login: <B>smith</B>
+ Password:
+ AFS(R) login
+
+ % <B>knfs nfscli1.abc.com 1020 -unlog</B>
+
+ % <B>exit</B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf208.htm#HDRPAGSH">pagsh</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf200.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf202.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf201.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf203.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKPASSWD" HREF="auarf002.htm#ToC_216">kpasswd</A></H2>
+<A NAME="IDX5187"></A>
+<A NAME="IDX5188"></A>
+<A NAME="IDX5189"></A>
+<A NAME="IDX5190"></A>
+<A NAME="IDX5191"></A>
+<A NAME="IDX5192"></A>
+<A NAME="IDX5193"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes the issuer's password in the Authentication Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>kpasswd</B> [<B>-x</B>] [<B>-principal</B> <<VAR>user name</VAR>>] [<B>-password</B> <<VAR>user's password</VAR>>]
+ [<B>-newpassword</B> <<VAR>user's new password</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-servers</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>] [<B>-pipe</B>] [<B>-help</B>]
+
+<B>kpasswd</B> [<B>-x</B>] [<B>-pr</B> <<VAR>user name</VAR>>] [<B>-pa</B> <<VAR>user's password</VAR>>]
+ [<B>-n</B> <<VAR>user's new password</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-s</B> <<VAR>explicit list of servers</VAR>><SUP>+</SUP>] [<B>-pi</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>kpasswd</B> command changes the password recorded in an
+Authentication Database entry. By default, the command interpreter
+changes the password for the AFS user name that matches the issuer's
+local identity (UNIX UID). To specify an alternate user, include the
+<B>-principal</B> argument. The user named by the
+<B>-principal</B> argument does not have to appear in the local password
+file (the <B>/etc/passwd</B> file or equivalent).
+<P>By default, the command interpreter sends the password change request to
+the Authentication Server running on one of the database server machines
+listed for the local cell in the <B>/usr/afs/etc/CellServDB</B> file on
+the local disk; it chooses the machine at random. It consults the
+<B>/usr/vice/etc/ThisCell</B> file on the local disk to learn the local
+cell name. To specify an alternate cell, include the <B>-cell</B>
+argument.
+<P>Unlike the UNIX <B>passwd</B> command, the <B>kpasswd</B> command
+does not restrict passwords to eight characters or less; it accepts
+passwords of virtually any length. All AFS commands that require
+passwords (including the <B>klog</B>, <B>kpasswd</B>, and AFS-modified
+login utilities, and the commands in the <B>kas</B> suite) accept
+passwords longer than eight characters, but some other applications and
+operating system utilities do not. Selecting an AFS password of eight
+characters or less enables the user to maintain matching AFS and UNIX
+passwords.
+<P>The command interpreter makes the following checks:
+<UL>
+<P><LI>If the program <B>kpwvalid</B> exists in the same directory as the
+<B>kpasswd</B> command, the command interpreter pass the new password to
+it for verification. For details, see the <B>kpwvalid</B> reference
+page.
+<P><LI>If the <B>-reuse</B> argument to the <B>kas setfields</B> command
+has been used to prohibit reuse of previous passwords, the command interpreter
+verifies that the password is not too similar too any of the user's
+previous 20 passwords. It generates the following error message at the
+shell:
+<PRE> Password was not changed because it seems like a reused password
+
+</PRE>
+<P>To prevent a user from subverting this restriction by changing the password
+twenty times in quick succession (manually or by running a script), use the
+<B>-minhours</B> argument on the <B>kaserver</B> initialization
+command. The following error message appears if a user attempts to
+change a password before the minimum time has passed:
+<PRE> Password was not changed because you changed it too
+ recently; see your systems administrator
+</PRE>
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-x
+</B><DD>Appears only for backwards compatibility.
+<P><DT><B>-principal
+</B><DD>Names the Authentication Database entry for which to change the
+password. If this argument is omitted, the database entry with the same
+name as the issuer's local identity (UNIX UID) is changed.
+<P><DT><B>-password
+</B><DD>Specifies the current password. Omit this argument to have the
+command interpreter prompt for the password, which does not echo
+visibly:
+<PRE> Old password: <VAR>current_password</VAR>
+
+</PRE>
+<P><DT><B>-newpassword
+</B><DD>Specifies the new password, which the <B>kpasswd</B> command
+interpreter converts into an encryption key (string of octal numbers) before
+sending it to the Authentication Server for storage in the user's
+Authentication Database entry.
+<P>Omit this argument to have the command interpreter prompt for the password,
+which does not echo visibly:
+<PRE> New password (RETURN to abort): <VAR>new_password</VAR>
+ Retype new password: <VAR>new_password</VAR>
+
+</PRE>
+<P><DT><B>-cell
+</B><DD>Specifies the cell in which to change the password, by directing the
+command to that cell's Authentication Servers. The issuer can
+abbreviate the cell name to the shortest form that distinguishes it from the
+other cells listed in the local <B>/usr/vice/etc/CellServDB</B>
+file.
+<P>By default, the command is executed in the local cell, as defined
+<UL>
+<P><LI>First, by the value of the environment variable AFSCELL
+<P><LI>Second, in the <B>/usr/vice/etc/ThisCell</B> file on the client
+machine on which the command is issued
+</UL>
+<P><DT><B>-servers
+</B><DD>Establishes a connection with the Authentication Server running on each
+specified machine, rather than with all of the database server machines listed
+for the relevant cell in the local copy of the
+<B>/usr/vice/etc/CellServDB</B> file. The <B>kpasswd</B>
+command interpreter then sends the password-changing request to one machine
+chosen at random from the set.
+<P><DT><B>-pipe
+</B><DD>Suppresses all output to the standard output stream or standard error
+stream. The <B>kpasswd</B> command interpreter expects to receive
+all necessary arguments, each on a separate line, from the standard input
+stream. Do not use this argument, which is provided for use by
+application programs rather than human users.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows user <B>pat</B> changing her password in
+the ABC Corporation cell.
+<PRE> % <B>kpasswd</B>
+ Changing password for 'pat' in cell 'abc.com'.
+ Old password:
+ New password (RETURN to abort):
+ Verifying, please re-enter new_password:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf193.htm#HDRKAS_SETFIELDS">kas setfields</A>
+<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf203.htm#HDRKPWVALID">kpwvalid</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf201.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf203.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf202.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf204.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRKPWVALID" HREF="auarf002.htm#ToC_217">kpwvalid</A></H2>
+<A NAME="IDX5194"></A>
+<A NAME="IDX5195"></A>
+<A NAME="IDX5196"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Checks quality of new password
+<P><STRONG>Description</STRONG>
+<P>The <B>kpwvalid</B> command checks the quality of a new password passed
+to it from the <B>kpasswd</B> or <B>kas setpassword</B>
+command. It is optional. If it exists, it must reside in the
+same AFS directory as the binaries for the <B>kpasswd</B> and
+<B>kas</B> command suites (create a symbolic link from the client
+machine's local disk to this directory). The directory's ACL
+must extend the <B>a</B> (<B>administer</B>) and <B>w</B>
+(<B>write</B>) permissions to the <B>system:administrators</B>
+group only. These requirements prevent unauthorized users from
+substituting a spurious <B>kpwvalid</B> binary.
+<P>The AFS distribution includes an example <B>kpwvalid</B> program that
+checks that the password is at least eight characters long; the code for
+it appears in the following <B>Examples</B> section.
+<P>The script or program must accept a sequence of password strings, one per
+line, on the standard input stream. The first is the current password
+and is ignored. Each subsequent string is a candidate password to be
+checked. The program must write the following to the standard output
+stream for each one:
+<UL>
+<P><LI><TT>0</TT> (zero) and a newline character to indicate that the password
+is acceptable
+<P><LI>A non-zero decimal number and a newline character to indicate that the
+password is not acceptable
+</UL>
+<P>Further, it must write any error messages only to the standard error
+stream, not to the standard output stream.
+<P><STRONG>Examples</STRONG>
+<P>The following example program, included in the AFS distribution, verifies
+that the requested password includes eight or more characters.
+<PRE> #include <stdio.h>
+ /* prints 0 if the password is long enough, otherwise non-zero */
+ main()
+ {
+ char oldpassword[512];
+ char password[512];
+
+ if (fgets(oldpassword, 512, stdin))
+ while (fgets(password, 512, stdin)) {
+ if (strlen(password) > 8) { /* password includes a newline */
+ fputs("0\n",stdout);
+ fflush(stdout);
+ }
+ else {
+ fputs("Passwords must contain at least 8 characters.\n",
+ stderr);
+ fputs("1\n",stdout);
+ fflush(stdout);
+ }
+ return 0;
+ }
+
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf194.htm#HDRKAS_SETPASSWORD">kas setpassword</A>
+<P><A HREF="auarf202.htm#HDRKPASSWD">kpasswd</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf202.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf204.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf203.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf205.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPACKAGE" HREF="auarf002.htm#ToC_218">package</A></H2>
+<A NAME="IDX5197"></A>
+<A NAME="IDX5198"></A>
+<A NAME="IDX5199"></A>
+<A NAME="IDX5200"></A>
+<A NAME="IDX5201"></A>
+<A NAME="IDX5202"></A>
+<A NAME="IDX5203"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Configures files and directories on the local disk
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>package</B> [<B>initcmd</B>] [<B>-config</B> <<VAR>base name of configuration file</VAR>>]
+ [<B>-fullconfig</B> <<VAR>full name of configuration file, or stdin for standard input</VAR>>]
+ [<B>-overwrite</B>] [<B>-noaction</B>] [<B>-verbose</B>] [<B>-silent</B>] [<B>-rebootfiles</B>]
+ [<B>-debug</B>] [<B>-help</B>]
+
+<B>package</B> [<B>i</B>] [<B>-c</B> <<VAR>base name of configuration file</VAR>>]
+ [<B>-f</B> <<VAR>full name of configuration file, or stdin for standard input</VAR>>]
+ [<B>-o</B>] [<B>-n</B>] [<B>-v</B>] [<B>-s</B>] [<B>-r</B>] [<B>-d</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>package</B> command configures the machine's local disk to
+comply with the instructions in the configuration file named by the
+<B>-config</B> or <B>-fullconfig</B> argument.
+<P>By default, the <B>package</B> command alters any existing local disk
+element whose contents or configuration does not match the element defined in
+the configuration file. For example, if a configuration file
+<B>D</B> instruction defines a directory that has the same name as a
+symbolic link on the local disk, the <B>package</B> command replaces the
+symbolic link with the directory. The <B>F</B> and <B>L</B>
+instructions include an optional <VAR>update_code</VAR> field that alters this
+behavior.
+<P>Also by default, the <B>package</B> command takes no action on elements
+on the local disk that are not mentioned in the configuration file. Use
+the <B>D</B> instruction's <B>R</B> update code to remove files
+from the disk directory that are not mentioned in the configuration
+file.
+<P>Before running the <B>package</B> command, the administrator must
+create the template file and other files on the local disk. For
+instructions, see the <I>IBM AFS Administration Guide</I>.
+<P>It is not possible to configure a remote client machine's disk using
+this command.
+<P><STRONG>Cautions</STRONG>
+<P>The <B>package</B> command interpreter exits without executing any
+instruction if there are any syntax errors or incorrect values in the
+configuration file.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>initcmd
+</B><DD>Accommodates the command's use of the AFS command parser, and is
+optional.
+<P><DT><B>-config
+</B><DD>Specifies the pathname of the configuration file to use, ending in the
+file's base name, which omits the suffix that indicates the machine
+type. The <B>package</B> command determines the machine's
+system type name and automatically appends it to the base name. An
+example of the proper value for this argument is <B>staff</B> rather than
+<B>staff.rs_aix42</B>. Partial pathnames are interpreted
+relative to the current working directory.
+<P>Provide this argument or the <B>-fullconfig</B> argument.
+<P><DT><B>-fullconfig
+</B><DD>Specifies the configuration file to use. Two types of values are
+acceptable:
+<UL>
+<P><LI>The full pathname of the configuration file to use, complete with an
+extension indicating the machine type (examples:
+<B>staff.rs_aix42</B>, <B>admin.sun4x_56</B>).
+<P><LI>The string <B>stdin</B> to indicate that the issuer is providing
+configuration information via the standard input stream, either by piping in
+the contents of a file, or by typing configuration lines at the shell.
+In the latter case, type <B><Ctrl-d></B> to conclude the input.
+</UL>
+<P>Provide this argument or the <B>-config</B> argument.
+<P><DT><B>-overwrite
+</B><DD>Overwrites elements on the local disk with the source version indicated in
+the configuration file, even if the owner <B>write</B> (<B>w</B>) mode
+bit is turned on the disk element. Files protected by the <B>I</B>
+update code on an <B>F</B> line in the configuration file are not
+overwritten.
+<P><DT><B>-noaction
+</B><DD>Checks the sequence of operations to be performed when the command
+actually runs and reports any problems that the <B>package</B> command
+interpreter expects to encounter. No elements on the local disk or in
+AFS are changed. If the <B>-verbose</B> flag is also provided, the
+trace includes all actions to be performed as well as anticipated
+errors.
+<P><DT><B>-silent
+</B><DD>Suppresses some of the trace messages sent to the standard output stream
+by default. The output still reports major problems.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-rebootfiles
+</B><DD>Prevents overwriting of any file marked with the <B>Q</B> update code
+on an <B>F</B> line in the configuration file. This effectively
+prevents the machine from rebooting automatically again when the
+<B>package</B> command is invoked in the machine's AFS initialization
+file.
+<P><DT><B>-debug
+</B><DD>Enables debugging output, which is directed to the standard output stream
+by default. By default, no debugging output is produced.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>This command is usually invoked in a client machine's AFS
+initialization file (<B>/etc/rc</B> or equivalent), rather than issued at
+the command shell prompt.
+<P>The following command invokes the version of the <B>staff</B>
+configuration file appropriate for this machine's system type, and
+produces verbose output.
+<PRE> # <B>/etc/package -c staff -v</B>
+
+</PRE>
+<P>The following example uses the configuration file whose basename is defined
+in the <B>/.package</B> file on the local machine. This
+method enables the administrator to use the same <B>package</B> command in
+every machine's AFS initialization file but still customize configuration
+by putting the appropriate basename in the <B>/.package</B>
+file.
+<PRE> # <B>/etc/package -c `cat /.package` -v</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf053.htm#HDRPACKAGECONFIG">package Configuration File</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf203.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf205.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf204.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf206.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPACKAGE_APROPOS" HREF="auarf002.htm#ToC_219">package apropos</A></H2>
+<A NAME="IDX5204"></A>
+<A NAME="IDX5205"></A>
+<A NAME="IDX5206"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>package apropos</B> [<B>-topic</B> <<VAR>help string</VAR>>] [<B>-help</B>]
+
+<B>package a</B> [<B>-t</B> <<VAR>help string</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>package apropos</B> command displays the first line of the
+online help entry for any <B>package</B> command that has in its name or
+short description the string specified by the <B>-topic</B>
+argument.
+<P>To display the syntax for a command, use the <B>package help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>package</B> command where the string specified with the
+<B>-topic</B> argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>package</B> commands that include
+the word <B>help</B> in their names or short descriptions:
+<PRE> % <B>package apropos help</B>
+ apropos: search by help text
+ help: get help on commands
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf204.htm#HDRPACKAGE">package</A>
+<P><A HREF="auarf206.htm#HDRPACKAGE_HELP">package help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf204.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf206.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf205.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf207.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPACKAGE_HELP" HREF="auarf002.htm#ToC_220">package help</A></H2>
+<A NAME="IDX5207"></A>
+<A NAME="IDX5208"></A>
+<A NAME="IDX5209"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>package</B> commands or lists
+functional descriptions of all <B>package</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>package help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>package h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>package help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>package</B>
+command.
+<P>To list every <B>package</B> command whose name or short description
+includes a specified keyword, use the <B>package apropos</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>package</B> part of the command name, providing
+only the operation code (for example, specify <B>initcmd</B>, not
+<B>package initcmd</B>). If this argument is omitted, the output
+briefly describes every <B>package</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>package</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>package
+initcmd</B> command:
+<PRE> % <B>package help initcmd</B>
+ package initcmd: initialize the program
+ Usage: package [initcmd] [-config <base name of configuration file>]
+ [-fullconfig <full name of configuration file, or stdin for standard input>]
+ [-overwrite] [-noaction] [-verbose] [-silent] [-rebootfiles]
+ [-debug] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf204.htm#HDRPACKAGE">package</A>
+<P><A HREF="auarf205.htm#HDRPACKAGE_APROPOS">package apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf205.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf207.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf206.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf208.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPACKAGE_TEST" HREF="auarf002.htm#ToC_221">package_test</A></H2>
+<A NAME="IDX5210"></A>
+<A NAME="IDX5211"></A>
+<A NAME="IDX5212"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Tests the validity of a package configuration file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>package_test</B> <<VAR>config file</VAR>>
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>package_test</B> command tests the validity of a
+<B>package</B> configuration file created when a prototype file is
+compiled. The command interpreter prints error messages on the standard
+output stream.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><VAR>config file</VAR>
+</B><DD>Specifies the package configuration file to validate.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example tests the validity of the <B>package</B>
+configuration file <I>staff.sun4x_56</I>.
+<PRE> % <B>package_test staff.sun4x_56</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf053.htm#HDRPACKAGECONFIG">package Configuration File</A>
+<P><A HREF="auarf204.htm#HDRPACKAGE">package</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf206.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf208.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf207.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf209.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPAGSH" HREF="auarf002.htm#ToC_222">pagsh</A></H2>
+<A NAME="IDX5213"></A>
+<A NAME="IDX5214"></A>
+<A NAME="IDX5215"></A>
+<A NAME="IDX5216"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a new PAG
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pagsh</B>
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pagsh</B> command creates a new command shell (owned by the
+issuer of the command) and associates a new <I>process authentication
+group</I> (PAG) with the shell and the user. A PAG is a number
+guaranteed to identify the issuer of commands in the new shell uniquely to the
+local Cache Manager. The PAG is used, instead of the issuer's UNIX
+UID, to identify the issuer in the credential structure that the Cache Manager
+creates to track each user.
+<P>Any tokens acquired subsequently (presumably for other cells) become
+associated with the PAG, rather than with the user's UNIX UID.
+This method for distinguishing users has two advantages.
+<UL>
+<P><LI>It means that processes spawned by the user inherit the PAG and so share
+the token; thus they gain access to AFS as the authenticated user.
+In many environments, for example, printer and other daemons run under
+identities (such as the local superuser <B>root</B>) that the AFS server
+processes recognize only as <B>anonymous</B>. Unless PAGs are used,
+such daemons cannot access files in directories whose access control lists
+(ACLs) do not extend permissions to the <B>system:anyuser</B>
+group.
+<P><LI>It closes a potential security loophole: UNIX allows anyone already
+logged in as the local superuser <B>root</B> on a machine to assume any
+other identity by issuing the UNIX <B>su</B> command. If the
+credential structure is identified by a UNIX UID rather than a PAG, then the
+local superuser <B>root</B> can assume a UNIX UID and use any tokens
+associated with that UID. Use of a PAG as an identifier eliminates that
+possibility.
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The <B>pagsh.krb</B> version of this command is intended for use
+by sites that employ standard Kerberos authentication for their
+clients. The <B>pagsh.krb</B> command provides all the
+functionality of the <B>pagsh</B> command. In addition, it defines
+the environment variable KRBTKFILE (which specifies the storage location of
+Kerberos tickets) to be the <B>/tmp/tktp</B><VAR>X</VAR> file (where
+<VAR>X</VAR> is the number of the user's PAG). The functionality of
+this command supports the placement of Kerberos tickets by the
+<B>klog.krb</B> command and Kerberized AFS-modified login utilities
+in the file specified by the environment variable KRBTKFILE.
+</TD></TR></TABLE>
+<P><STRONG>Cautions</STRONG>
+<P>Each PAG created uses two of the memory slots that the kernel uses to
+record the UNIX groups associated with a user. If none of these slots
+are available, the <B>pagsh</B> command fails. This is not a
+problem with most operating systems, which make at least 16 slots available
+per user.
+<P>In cells that do not use an AFS-modified login utility, use this command to
+obtain a PAG before issuing the <B>klog</B> command (or include the
+<B>-setpag</B> argument to the <B>klog</B> command). If a PAG
+is not acquired, the Cache Manager stores the token in a credential structure
+identified by local UID rather than PAG. This creates the potential
+security exposure described in the <B>Description</B> section.
+<P>If users of NFS client machines for which AFS is supported are to issue
+this command as part of authenticating with AFS, do not use the <B>fs
+exportafs</B> command's <B>-uidcheck on</B> argument to enable UID
+checking on NFS/AFS Translator machines. Enabling UID checking prevents
+this command from succeeding. See the reference page for the
+<B>klog</B> command.
+<P>If UID checking is not enabled on Translator machines, then by default it
+is possible to issue this command on a properly configured NFS client machine
+that is accessing AFS via the NFS/AFS Translator, assuming that the NFS client
+machine is a supported system type. The <B>pagsh</B> binary
+accessed by the NFS client must be owned by, and grant setuid privilege to,
+the local superuser <B>root</B>. The complete set of mode bits must
+be <B>-rwsr-xr-x</B>. This is not a requirement when the command is
+issued on AFS client machines.
+<P>However, if the translator machine's administrator has enabled UID
+checking by including the <B>-uidcheck on</B> argument to the <B>fs
+exportafs</B> command, the command fails with an error message similar to
+the following:
+<PRE>
+ Warning: Remote setpag to <VAR>translator_machine</VAR> has failed (err=8). . .
+ setpag: Exec format error
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, the issuer invokes the C shell instead of the
+default Bourne shell:
+<PRE> # <B>pagsh -c /bin/csh</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf139.htm#HDRFS_EXPORTAFS">fs exportafs</A>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf207.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf209.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf208.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf210.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPRDB_CHECK" HREF="auarf002.htm#ToC_223">prdb_check</A></H2>
+<A NAME="IDX5217"></A>
+<A NAME="IDX5218"></A>
+<A NAME="IDX5219"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Checks the integrity of the Protection Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>prdb_check -database</B> <<VAR>ptdb_file</VAR>> [<B>-uheader</B>] [<B>-pheader</B>] [<B>-entries</B>]
+ [<B>-verbose</B>] [<B>-help</B>]
+
+<B>prdb_check -d</B> <<VAR>ptdb_file</VAR>> [<B>-u</B>] [<B>-p</B>] [<B>-e</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>prdb_check</B> command checks the integrity of the Protection
+Database, reporting any errors or corruption it finds. If there are
+problems, do not issue any <B>pts</B> commands until the database is
+repaired.
+<P><STRONG>Cautions</STRONG>
+<P>The results can be unpredictable if the Protection Server makes changes to
+the Protection Database while this command is running. Use the <B>bos
+shutdown</B> command to shutdown the local <B>ptserver</B> process
+before running this command, or before creating a second copy of the
+<B>prdb.DB0</B> file (with a different name) on which to run the
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-database
+</B><DD>Names the Protection Database (copy of the <B>prdb.DB0</B>
+file) to check. If the current working directory is not the location of
+the file, provide a pathname, either full or relative to the current working
+directory.
+<P><DT><B>-uheader
+</B><DD>Displays information which Ubik maintains in the database's
+header.
+<P><DT><B>-pheader
+</B><DD>Displays information which the Protection Server maintains in the
+database's header.
+<P><DT><B>-entries
+</B><DD>Outputs every entry in the database. Some of the information is
+similar to that returned by the <B>pts examine</B> command.
+<P><DT><B>-verbose
+</B><DD>Reports additional information about the database, including the number of
+entries in the database and a trace of the internal database structures the
+command is verifying.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If there are errors in the database, the output always reports them on the
+standard error stream. If any options other than <B>-database</B>
+or <B>-help</B> are provided, the output written to the standard output
+stream includes additional information as described for each option in the
+preceding <B>Options</B> section of this reference page. The output
+is intended for debugging purposes and is meaningful to someone familiar with
+the internal structure of the Protection Database.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf047.htm#HDRPRDBDB">prdb.DB0 and prdb.DBSYS1</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf208.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf210.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf209.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf211.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_INTRO" HREF="auarf002.htm#ToC_224">pts</A></H2>
+<A NAME="IDX5220"></A>
+<A NAME="IDX5221"></A>
+<A NAME="IDX5222"></A>
+<A NAME="IDX5223"></A>
+<A NAME="IDX5224"></A>
+<A NAME="IDX5225"></A>
+<A NAME="IDX5226"></A>
+<A NAME="IDX5227"></A>
+<A NAME="IDX5228"></A>
+<A NAME="IDX5229"></A>
+<A NAME="IDX5230"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>pts</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>pts</B> command suite are the administrative
+interface to the Protection Server, which runs on each database server machine
+in a cell and maintains the Protection Database. The database stores
+the information that AFS uses to augment and refine the standard UNIX scheme
+for controlling access to files and directories.
+<P>Instead of relying only on the mode bits that define access rights for
+individual files, AFS associates an access control list (ACL) with each
+directory. The ACL lists users and groups and specifies which of seven
+possible access permissions they have for the directory and the files it
+contains. (It is still possible to set a directory or file's mode
+bits, but AFS interprets them in its own way; see the chapter on
+protection in the <I>IBM AFS Administration Guide</I> for details.)
+<P>AFS enables users to define groups in the Protection Database and place
+them on ACLs to extend a set of rights to multiple users
+simultaneously. Groups simplify administration by making it possible to
+add someone to many ACLs by adding them to a group that already exists on
+those ACLs. Machines can also be members of a group, so that users
+logged into the machine automatically inherit the permissions granted to the
+group.
+<P>There are several categories of commands in the <B>pts</B> command
+suite:
+<UL>
+<P><LI>Commands to create and remove Protection Database entries: <B>pts
+creategroup</B>, <B>pts createuser</B>, and <B>pts delete</B>
+<P><LI>Commands to administer and display group membership: <B>pts
+adduser</B>,
+<P><B>pts listowned</B>, <B>pts membership</B>, and <B>pts
+removeuser</B>
+<P><LI>Commands to administer and display properties of user and group entries
+other than membership: <B>pts chown</B>, <B>pts examine</B>,
+<B>pts listentries</B>, <B>pts rename</B>, and <B>pts
+setfields</B>
+<P><LI>Commands to set and examine the counters used when assigning IDs to users
+and groups: <B>pts listmax</B> and <B>pts setmax</B>
+<P><LI>Commands to obtain help: <B>pts apropos</B> and <B>pts
+help</B>
+</UL>
+<P><STRONG>Options</STRONG>
+<P>The following arguments and flags are available on many commands in the
+<B>pts</B> suite. The reference page for each command also lists
+them, but they are described here in greater detail.
+<DL>
+<A NAME="IDX5231"></A>
+<P><DT><B>-cell <<VAR>cell name</VAR>>
+</B><DD>Names the cell in which to run the command. It is acceptable to
+abbreviate the cell name to the shortest form that distinguishes it from the
+other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
+machine. If the <B>-cell</B> argument is omitted, the command
+interpreter determines the name of the local cell by reading the following in
+order:
+<OL TYPE=1>
+<P><LI>The value of the AFSCELL environment variable
+<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
+</OL>
+<P><DT><B>-force
+</B><DD>
+<A NAME="IDX5232"></A>
+Enables the command to continue executing as far as possible when errors or
+other problems occur, rather than halting execution immediately.
+Without it, the command halts as soon as the first error is
+encountered. In either case, the <B>pts</B> command interpreter
+reports errors at the command shell. This flag is especially useful if
+the issuer provides many values for a command line argument; if one of
+them is invalid, the command interpreter continues on to process the remaining
+arguments.
+<A NAME="IDX5233"></A>
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+<P><DT><B>-noauth
+</B><DD>
+<A NAME="IDX5234"></A>
+Establishes an unauthenticated connection to the Protection Server, in which
+the server treats the issuer as the unprivileged user
+<B>anonymous</B>. It is useful only when authorization checking is
+disabled on the server machine (during the installation of a file server
+machine or when the <B>bos setauth</B> command has been used during other
+unusual circumstances). In normal circumstances, the Protection Server
+allows only privileged users to issue commands that change the Protection
+Database, and refuses to perform such an action even if the <B>-noauth</B>
+flag is provided.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>Members of the <B>system:administrators</B> group can issue all
+<B>pts</B> commands on any entry in the Protection Database.
+<P>Users who do not belong to the <B>system:administrators</B> group
+can list information about their own entry and any group entries they
+own. The privacy flags set with the <B>pts setfields</B> command
+control access to entries owned by other users.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
+<P><A HREF="auarf212.htm#HDRPTS_APROPOS">pts apropos</A>
+<P><A HREF="auarf213.htm#HDRPTS_CHOWN">pts chown</A>
+<P><A HREF="auarf214.htm#HDRPTS_CREATEGROUP">pts creategroup</A>
+<P><A HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
+<P><A HREF="auarf216.htm#HDRPTS_DELETE">pts delete</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf218.htm#HDRPTS_HELP">pts help</A>
+<P><A HREF="auarf219.htm#HDRPTS_LISTENTRIES">pts listentries</A>
+<P><A HREF="auarf220.htm#HDRPTS_LISTMAX">pts listmax</A>
+<P><A HREF="auarf221.htm#HDRPTS_LISTOWNED">pts listowned</A>
+<P><A HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
+<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<P><A HREF="auarf224.htm#HDRPTS_RENAME">pts rename</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P><A HREF="auarf226.htm#HDRPTS_SETMAX">pts setmax</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf209.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf211.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf210.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf212.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_ADDUSER" HREF="auarf002.htm#ToC_225">pts adduser</A></H2>
+<A NAME="IDX5235"></A>
+<A NAME="IDX5236"></A>
+<A NAME="IDX5237"></A>
+<A NAME="IDX5238"></A>
+<A NAME="IDX5239"></A>
+<A NAME="IDX5240"></A>
+<A NAME="IDX5241"></A>
+<A NAME="IDX5242"></A>
+<A NAME="IDX5243"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Adds a user or machine to a Protection Database group
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts adduser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts ad -u</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-g</B> <<VAR>group name</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts adduser</B> command adds each user or machine entry named by
+the <B>-user</B> argument as a member of each group named by the
+<B>-group</B> argument.
+<P>To remove members of a group, use the <B>pts removeuser</B>
+command. To list the groups to which a user or machine belongs, or the
+members of a specified group, use the <B>pts membership</B>
+command.
+<P><STRONG>Cautions</STRONG>
+<P>After being added as a group member, a currently authenticated user must
+reauthenticate (for example, by issuing the <B>klog</B> command) to obtain
+permissions granted to the group on an access control list (ACL).
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-user
+</B><DD>Specifies the name of each user or machine entry to add to each group
+named by the <B>-group</B> argument. The name of a machine entry
+resembles an IP address and can use the wildcard notation described on the
+<B>pts createuser</B> reference page. The user or machine entry
+must already exist in the Protection Database.
+<P><DT><B>-group
+</B><DD>Specifies the complete name (including the owner prefix if applicable) of
+each group to which to add members. The group entry must already exist
+in the Protection Database.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example adds user <B>smith</B> to the group
+<B>system:administrators</B>.
+<PRE> % <B>pts adduser -user smith -group system:administrators</B>
+
+</PRE>
+<P>The following example adds users <B>jones</B>, <B>terry</B>, and
+<B>pat</B> to the <B>smith:colleagues</B> group.
+<PRE> % <B>pts adduser -user jones terry pat -group smith:colleagues</B>
+
+</PRE>
+<P>The following example adds the machine entries in the ABC Corporation
+subnet to the group <B>bin-prot</B>. Because of the IP address
+range of the ABC Corporation subnet, the system administrator was able to
+group the machines into three machine entries (using the wildcard notation
+discussed on the <B>pts createuser</B> reference page).
+<PRE> % <B>pts adduser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The required privilege depends on the setting of the fourth privacy flag in
+the Protection Database entry for each group named by the <B>-group</B>
+argument (use the <B>pts examine</B> command to display the flags):
+<UL>
+<P><LI>If it is the hyphen, only the group's owner and members of the
+<B>system:administrators</B> group can add members.
+<P><LI>If it is lowercase <TT>a</TT>, current members of the group can add new
+members.
+<P><LI>If it is uppercase <TT>A</TT>, anyone who can access the cell's
+database server machines can add new members.
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
+<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf210.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf212.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf211.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf213.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_APROPOS" HREF="auarf002.htm#ToC_226">pts apropos</A></H2>
+<A NAME="IDX5244"></A>
+<A NAME="IDX5245"></A>
+<A NAME="IDX5246"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>pts ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts apropos</B> command displays the first line of the online
+help entry for any <B>pts</B> command that has in its name or short
+description the string specified by the <B>-topic</B> argument.
+<P>To display the syntax for a command, use the <B>pts help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>pts</B> command in which the string specified by the <B>-topic</B>
+argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>pts</B> commands that include the
+word <B>create</B> in their names or short descriptions:
+<PRE> % <B>pts apropos create</B>
+ creategroup: create a new group
+ createuser: create a new user
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf218.htm#HDRPTS_HELP">pts help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf211.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf213.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf212.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf214.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_CHOWN" HREF="auarf002.htm#ToC_227">pts chown</A></H2>
+<A NAME="IDX5247"></A>
+<A NAME="IDX5248"></A>
+<A NAME="IDX5249"></A>
+<A NAME="IDX5250"></A>
+<A NAME="IDX5251"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes the owner of a Protection Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts chown -name</B> <<VAR>group name</VAR>> <B>-owner</B> <<VAR>new owner</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts cho -na</B> <<VAR>group name</VAR>> <B>-o</B> <<VAR>new owner</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts chown</B> command designates the user or group named by the
+<B>-owner</B> argument as the owner of the group named by the
+<B>-name</B> argument, and records the new owner in the owner field of the
+group's Protection Database entry.
+<P>In the case of regular groups, this command automatically changes the group
+name's owner prefix (the part of the group name before the colon) to
+match the new owner. If the new owner is itself a group, then only its
+owner prefix, not its complete name, becomes the owner prefix in the new
+name. The change to the owner prefix does not propagate to any groups
+owned by the group, however. To make the owner prefix of such
+group-owned groups reflect the new owning group, use the <B>pts rename</B>
+command.
+<P>It is not possible to change a user or machine entry's owner from the
+default set at creation time, the <B>system:administrators</B>
+group.
+<P><STRONG>Cautions</STRONG>
+<P>While designating a machine as a group's owner does not cause an
+error, it is not recommended. The Protection Server does not extend the
+usual privileges of group ownership to users logged onto the machine.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies the current name of the group to which to assign a new
+owner.
+<P><DT><B>-owner
+</B><DD>Names the user or group to become the group's owner.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example changes the owner of the group
+<B>terry:friends</B> from the user <B>terry</B> to the user
+<B>pat</B>. A side effect is that the group name changes to
+<B>pat:friends</B>.
+<PRE> % <B>pts chown -name terry:friends -owner pat</B>
+
+</PRE>
+<P>The following example changes the owner of the group
+<B>terry:friends</B> from the user <B>terry</B> to the group
+<B>pat:buddies</B>. A side effect is that the group name
+changes to <B>pat:friends</B>.
+<PRE> % <B>pts chown -name terry:friends -owner pat:buddies</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B> group
+or currently own the group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf224.htm#HDRPTS_RENAME">pts rename</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf212.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf214.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf213.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf215.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_CREATEGROUP" HREF="auarf002.htm#ToC_228">pts creategroup</A></H2>
+<A NAME="IDX5252"></A>
+<A NAME="IDX5253"></A>
+<A NAME="IDX5254"></A>
+<A NAME="IDX5255"></A>
+<A NAME="IDX5256"></A>
+<A NAME="IDX5257"></A>
+<A NAME="IDX5258"></A>
+<A NAME="IDX5259"></A>
+<A NAME="IDX5260"></A>
+<A NAME="IDX5261"></A>
+<A NAME="IDX5262"></A>
+<A NAME="IDX5263"></A>
+<A NAME="IDX5264"></A>
+<A NAME="IDX5265"></A>
+<A NAME="IDX5266"></A>
+<A NAME="IDX5267"></A>
+<A NAME="IDX5268"></A>
+<A NAME="IDX5269"></A>
+<A NAME="IDX5270"></A>
+<A NAME="IDX5271"></A>
+<A NAME="IDX5272"></A>
+<A NAME="IDX5273"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates an (empty) Protection Database group entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts creategroup -name</B> <<VAR>group name</VAR>><SUP>+</SUP> [<B>-owner</B> <<VAR>owner of the group</VAR>>]
+ [<B>-id</B> <<VAR>id (negated) for the group</VAR>><SUP>+</SUP>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts createg -na</B> <<VAR>group name</VAR>><SUP>+</SUP> [<B>-o</B> <<VAR>owner of the group</VAR>>]
+ [<B>-i</B> <<VAR>id (negated) for the group</VAR>><SUP>+</SUP>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+
+<B>pts cg -na</B> <<VAR>group name</VAR>><SUP>+</SUP> [<B>-o</B> <<VAR>owner of the group</VAR>>]
+ [<B>-i</B> <<VAR>id (negated) for the group</VAR>><SUP>+</SUP>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts creategroup</B> command creates an entry in the Protection
+Database for each group specified by the <B>-name</B> argument. The
+entry records the issuer of the command as the group's creator, and as
+the group's owner unless the <B>-owner</B> argument names an
+alternate user or group as the owner.
+<P>There are two types of groups:
+<UL>
+<P><LI><I>regular</I>, the names of which have two parts separated by a
+colon. The part before the colon names the group's owner.
+Any user can create such groups.
+<P><LI><I>prefix-less</I>, which do not have an owner prefix. Only
+members of the <B>system:administrators</B> group can create
+prefix-less groups.
+</UL>
+<P>Creating a group lowers the issuer's group-creation quota by
+one. This is true even if the <B>-owner</B> argument is used to
+assign ownership to an alternate user or group. To display a
+user's group-creation quota, use the <B>pts examine</B> command;
+to set it, use the <B>pts setfields</B> command.
+<P>AFS group ID (AFS GID) numbers are negative integers and by default the
+Protection Server assigns a GID that is one less (more negative) than the
+current value of the <TT>max group id</TT> counter in the Protection
+Database, decrementing the counter by one for each group. Members of
+the <B>system:administrators</B> group can use the <B>-id</B>
+argument to assign specific AFS GID numbers. If any of the specified
+GIDs is lower (more negative) than the current value of the <TT>max group
+id</TT> counter, the counter is reset to that value. It is acceptable
+to specify a GID greater (less negative) than the current value of the
+counter, but the creation operation fails if an existing group already has
+it. To display or set the value of the <TT>max group id</TT> counter,
+use the <B>pts listmax</B> or <B>pts setmax</B> command,
+respectively.
+<P><STRONG>Output</STRONG>
+<P>The command generates the following string to confirm creation of each
+group:
+<PRE> group <VAR>name</VAR> has id <VAR>AFS GID</VAR>
+
+</PRE>
+<P><STRONG>Cautions</STRONG>
+<P>Although using the <B>-owner</B> argument to designate a machine entry
+as a group's owner does not generate an error, it is not
+recommended. The Protection Server does not extend the usual privileges
+of group ownership to users logged onto the machine.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies the name of each group to create. Provide a string of up
+to 63 characters, which can include lowercase (but not uppercase) letters,
+numbers, and punctuation marks. A regular name includes a single colon
+(<B>:</B>) to separate the two parts of the name; the colon
+cannot appear in a prefix-less group name.
+<P>A regular group's name must have the following format:
+<PRE> <VAR>owner_name</VAR><B>:</B><VAR>group_name</VAR>
+
+</PRE>
+<P>and the <VAR>owner_name</VAR> field must reflect the actual owner of the
+group, as follows:
+<UL>
+<P><LI>If the optional <B>-owner</B> argument is not included, the field must
+match the AFS username under which the issuer is currently
+authenticated.
+<P><LI>If the <B>-owner</B> argument names an alternate AFS user, the field
+must match that AFS username.
+<P><LI>If the <B>-owner</B> argument names another regular group, the field
+must match the owning group's owner field (the part of its name before
+the colon). If the <B>-owner</B> argument names a prefix-less
+group, the field must match the owning group's complete name.
+</UL>
+<P><DT><B>-owner
+</B><DD>Specifies a user or group as the owner for each group, rather than the
+issuer of the command. Provide either an AFS username or the name of a
+regular or prefix-less group. An owning group must already have at
+least one member. This requirement prevents assignment of
+self-ownership to a group during its creation; use the <B>pts
+chown</B> command after issuing this command, if desired.
+<P><DT><B>-id
+</B><DD>Specifies a negative integer AFS GID number for each group, rather than
+allowing the Protection Server to assign it. Precede the integer with a
+hyphen (<B>-</B>) to indicate that it is negative.
+<P>If this argument is used and the <B>-name</B> argument names multiple
+new groups, it is best to provide an equivalent number of AFS GIDs. The
+first GID is assigned to the first group, the second to the second group, and
+so on. If there are fewer GIDs than groups, the Protection Server
+assigns GIDs to the unmatched groups based on the <TT>max group id</TT>
+counter. If there are more GIDs than groups, the excess GIDs are
+ignored. If any of the GIDs is lower (more negative) than the current
+value of the <TT>max group id</TT> counter, the counter is reset to that
+value.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>In the following example, the user <B>pat</B> creates groups called
+<B>pat:friends</B> and <B>pat:colleagues</B>.
+<PRE> % <B>pts creategroup -name pat:friends pat:colleagues</B>
+
+</PRE>
+<P>The following example shows a member of the
+<B>system:administrators</B> group creating the prefix-less group
+<B>staff</B> and assigning its ownership to the
+<B>system:administrators</B> group rather than to herself.
+<PRE> % <B>pts creategroup -name staff -owner system:administrators</B>
+
+</PRE>
+<P>In the following example, the user <B>pat</B> creates a group called
+<B>smith:team-members</B>, which is allowed because the
+<B>-owner</B> argument specifies the required value
+(<B>smith</B>).
+<PRE> % <B>pts creategroup -name smith:team-members -owner smith</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B> group
+to create prefix-less groups or include the <B>-id</B> argument.
+<P>To create a regular group, the issuer must
+<UL>
+<P><LI>Be authenticated. The command fails if the <B>-noauth</B> flag
+is provided.
+<P><LI>Have a group-creation quota greater than zero. The <B>pts
+examine</B> command displays this quota.
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf220.htm#HDRPTS_LISTMAX">pts listmax</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P><A HREF="auarf226.htm#HDRPTS_SETMAX">pts setmax</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf213.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf215.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf214.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf216.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_CREATEUSER" HREF="auarf002.htm#ToC_229">pts createuser</A></H2>
+<A NAME="IDX5274"></A>
+<A NAME="IDX5275"></A>
+<A NAME="IDX5276"></A>
+<A NAME="IDX5277"></A>
+<A NAME="IDX5278"></A>
+<A NAME="IDX5279"></A>
+<A NAME="IDX5280"></A>
+<A NAME="IDX5281"></A>
+<A NAME="IDX5282"></A>
+<A NAME="IDX5283"></A>
+<A NAME="IDX5284"></A>
+<A NAME="IDX5285"></A>
+<A NAME="IDX5286"></A>
+<A NAME="IDX5287"></A>
+<A NAME="IDX5288"></A>
+<A NAME="IDX5289"></A>
+<A NAME="IDX5290"></A>
+<A NAME="IDX5291"></A>
+<A NAME="IDX5292"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a user or machine entry in the Protection Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts createuser -name</B> <<VAR>user name</VAR>><SUP>+</SUP> [<B>-id</B> <<VAR>user id</VAR>><SUP>+</SUP>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts createu -na</B> <<VAR>user name</VAR>><SUP>+</SUP> [<B>-i</B> <<VAR>user id</VAR>><SUP>+</SUP>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+
+<B>pts cu -na</B> <<VAR>user name</VAR>><SUP>+</SUP> [<B>-i</B> <<VAR>user id</VAR>><SUP>+</SUP>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts createuser</B> command creates an entry in the Protection
+Database for each user or machine specified by the <B>-name</B>
+argument. A user entry name becomes the user's AFS username (the
+one to provide when authenticating with the AFS Authentication Server).
+A machine entry's name is the machine's IP address or a wildcard
+notation that represents a range of consecutive IP addresses (a group of
+machines on the same network). It is not possible to authenticate as a
+machine, but a group to which a machine entry belongs can appear on a
+directory's access control list (ACL), thereby granting the indicated
+permissions to any user logged on to the machine.
+<P>AFS user IDs (AFS UIDs) are positive integers and by default the Protection
+Server assigns an AFS UID that is one greater than the current value of the
+<TT>max user id</TT> counter in the Protection Database, incrementing the
+counter by one for each user. To assign a specific AFS UID, use the
+<B>-id</B> argument. If any of the specified AFS UIDs is greater
+than the current value of the <TT>max user id</TT> counter, the counter is
+reset to that value. It is acceptable to specify an AFS UID smaller
+than the current value of the counter, but the creation operation fails if an
+existing user or machine entry already has it. To display or set the
+value of the <TT>max user id</TT> counter, use the <B>pts listmax</B> or
+<B>pts setmax</B> command, respectively.
+<P>The issuer of the <B>pts createuser</B> command is recorded as the
+entry's creator and the group <B>system:administrators</B> as
+its owner.
+<P><STRONG>Cautions</STRONG>
+<P>The Protection Server reserves AFS UID 0 (zero) and returns an error if the
+<B>-id</B> argument has that value.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies either a username for a user entry, or an IP address (complete
+or wildcarded) for a machine entry:
+<UL>
+<P><LI>A username can include up to 63 numbers and lowercase letters, but it is
+best to make it shorter than eight characters, because many application
+programs cannot handle longer names. Also, it is best not to include
+shell metacharacters or other punctuation marks. In particular, the
+colon (<B>:</B>) and at-sign (<B>@</B>) characters are not
+acceptable. The period is generally used only in special administrative
+names, to separate the username and an <I>instance</I>, as in the example
+<B>pat.admin</B>.
+<P><LI>A machine identifier is its IP address in dotted decimal notation (for
+example, 192.12.108.240), or a wildcard notation that
+represents a set of IP addresses (a group of machines on the same
+network). The following are acceptable wildcard formats. The
+letters <B>W</B>, <B>X</B>, <B>Y</B> and <B>Z</B> each
+represent an actual number from the range 1 through 255.
+<UL>
+<P><LI><B>W.X.Y.Z</B> represents a single machine, for
+example <B>192.12.108.240</B>.
+<P><LI><B>W.X.Y.0</B> matches all machines whose IP
+addresses start with the first three numbers. For example,
+<B>192.12.108.0</B> matches both
+<B>192.12.108.119</B> and
+<B>192.12.108.120</B>, but does not match
+<B>192.12.105.144</B>.
+<P><LI><B>W.X.0.0</B> matches all machines whose IP
+addresses start with the first two numbers. For example, the address
+<B>192.12.0.0</B> matches both
+<B>192.12.106.23</B> and
+<B>192.12.108.120</B>, but does not match
+<B>192.5.30.95</B>.
+<P><LI><B>W.0.0.0</B> matches all machines whose IP
+addresses start with the first number in the specified address. For
+example, the address <B>192.0.0.0</B> matches both
+<B>192.5.30.95</B> and
+<B>192.12.108.120</B>, but does not match
+<B>138.255.63.52</B>.
+</UL>
+<P>Do not define a machine entry with the name
+<B>0.0.0.0</B> to match every machine. The
+<B>system:anyuser</B> group is equivalent.
+</UL>
+<P><DT><B>-id
+</B><DD>Specifies an AFS UID for each user or machine entry, rather than allowing
+the Protection Server to assign it. Provide a positive integer.
+<P>If this argument is used and the <B>-name</B> argument names multiple
+new entries, it is best to provide an equivalent number of AFS UIDs.
+The first UID is assigned to the first entry, the second to the second entry,
+and so on. If there are fewer UIDs than entries, the Protection Server
+assigns UIDs to the unmatched entries based on the <TT>max user id</TT>
+counter. If there are more UIDs than entries, the excess UIDs are
+ignored. If any of the UIDs is greater than the current value of the
+<TT>max user id</TT> counter, the counter is reset to that value.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The command generates the following string to confirm creation of each
+user:
+<PRE> User <VAR>name</VAR> has id <VAR>id</VAR>
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example creates a Protection Database entry for the user
+<B>johnson</B>.
+<PRE> % <B>pts createuser -name johnson</B>
+
+</PRE>
+<P>The following example creates three wildcarded machine entries in the ABC
+Corporation cell. The three entries encompass all of the machines on
+the company's networks without including machines on other
+networks:
+<PRE> % <B>pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B>
+group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf220.htm#HDRPTS_LISTMAX">pts listmax</A>
+<P><A HREF="auarf226.htm#HDRPTS_SETMAX">pts setmax</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf214.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf216.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf215.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf217.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_DELETE" HREF="auarf002.htm#ToC_230">pts delete</A></H2>
+<A NAME="IDX5293"></A>
+<A NAME="IDX5294"></A>
+<A NAME="IDX5295"></A>
+<A NAME="IDX5296"></A>
+<A NAME="IDX5297"></A>
+<A NAME="IDX5298"></A>
+<A NAME="IDX5299"></A>
+<A NAME="IDX5300"></A>
+<A NAME="IDX5301"></A>
+<A NAME="IDX5302"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes a Protection Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts delete -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts d -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts delete</B> command removes each entry specified by the
+<B>-nameorid</B> argument from the Protection Database. Deleting
+entries affects other parts of the system in various ways:
+<UL>
+<P><LI>Deleted users and groups still appear on access control lists (ACLs), but
+are listed by AFS UID or GID rather than by name, because there is no longer
+an associated name to which to translate the ID. To remove these
+obsolete entries from ACLs, use the <B>fs cleanacl</B> command.
+<P><LI>Deleting a user or machine's entry removes it from the membership
+list of any group to which it belonged.
+<P><LI>Deleting a group entry removes it from the membership list of any user or
+machine entry that belonged to the group, and also increments the
+group-creation quota of the group's creator by one, even if the creator
+no longer owns the group.
+</UL>
+<P>To remove a user or machine from a group without actually deleting the
+entry, use the <B>pts removeuser</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS UID of each user, the name or AFS GID of each
+group, or the IP address (complete or wildcard-style) or AFS UID of each
+machine entry to delete. It is acceptable to mix users, machines, and
+groups on the same command line, as well as names (IP addresses for machines)
+and IDs. Precede the GID of each group with a hyphen to indicate that
+it is negative.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example deletes the user entries <B>pat</B> and
+<B>terry</B>:
+<PRE> % <B>pts delete pat terry</B>
+
+</PRE>
+<P>The following example deletes the Protection Database entry of the group
+with AFS GID -215.
+<PRE> %<B> pts delete -215</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B> group
+to delete user and machine entries. To delete group entries, the issuer
+must either own the group or belong to the
+<B>system:administrators</B> group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf135.htm#HDRFS_CLEANACL">fs cleanacl</A>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf215.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf217.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf216.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf218.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_EXAMINE" HREF="auarf002.htm#ToC_231">pts examine</A></H2>
+<A NAME="IDX5303"></A>
+<A NAME="IDX5304"></A>
+<A NAME="IDX5305"></A>
+<A NAME="IDX5306"></A>
+<A NAME="IDX5307"></A>
+<A NAME="IDX5308"></A>
+<A NAME="IDX5309"></A>
+<A NAME="IDX5310"></A>
+<A NAME="IDX5311"></A>
+<A NAME="IDX5312"></A>
+<A NAME="IDX5313"></A>
+<A NAME="IDX5314"></A>
+<A NAME="IDX5315"></A>
+<A NAME="IDX5316"></A>
+<A NAME="IDX5317"></A>
+<A NAME="IDX5318"></A>
+<A NAME="IDX5319"></A>
+<A NAME="IDX5320"></A>
+<A NAME="IDX5321"></A>
+<A NAME="IDX5322"></A>
+<A NAME="IDX5323"></A>
+<A NAME="IDX5324"></A>
+<A NAME="IDX5325"></A>
+<A NAME="IDX5326"></A>
+<A NAME="IDX5327"></A>
+<A NAME="IDX5328"></A>
+<A NAME="IDX5329"></A>
+<A NAME="IDX5330"></A>
+<A NAME="IDX5331"></A>
+<A NAME="IDX5332"></A>
+<A NAME="IDX5333"></A>
+<A NAME="IDX5334"></A>
+<A NAME="IDX5335"></A>
+<A NAME="IDX5336"></A>
+<A NAME="IDX5337"></A>
+<A NAME="IDX5338"></A>
+<A NAME="IDX5339"></A>
+<A NAME="IDX5340"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays a Protection Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts examine -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts e -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+
+<B>pts check -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+
+<B>pts che -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts examine</B> command displays information from the Protection
+Database entry of each user, machine or group specified by the
+<B>-nameorid</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS UID of each user, the name or AFS GID of each
+group, or the IP address (complete or wildcard-style) or AFS UID of each
+machine for which to display the Protection Database entry. It is
+acceptable to mix users, machines, and groups on the same command line, as
+well as names (IP addresses for machines) and IDs. Precede the GID of
+each group with a hyphen to indicate that it is negative.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output for each entry consists of two lines that include the following
+fields:
+<DL>
+<P><DT><B><TT>Name</TT>
+</B><DD>The contents of this field depend on the type of entry:
+<UL>
+<P><LI>For a user entry, it is the username that the user types when
+authenticating with AFS.
+<P><LI>For a machine entry, it is either the IP address of a single machine in
+dotted decimal format, or a wildcard notation that represents a group of
+machines on the same network. See the <B>pts createuser</B>
+reference page for an explanation of the wildcard notation.
+<P><LI>For a group entry, it is one of two types of group name. If the
+name has a colon between the two parts, it represents a regular group and the
+part before the prefix reflects the group's owner. A prefix-less
+group does not have the owner field or the colon. For more details on
+group names, see the <B>pts creategroup</B> reference page.
+</UL>
+<A NAME="IDX5341"></A>
+<A NAME="IDX5342"></A>
+<A NAME="IDX5343"></A>
+<P><DT><B><TT>id</TT>
+</B><DD>A unique number that the AFS server processes use to identify AFS users,
+machines and groups. AFS UIDs for user and machine entries are positive
+integers, and AFS GIDs for group entries are negative integers. AFS
+UIDs and GIDs are similar in function to the UIDs and GIDs used in local file
+systems such as UFS, but apply only to AFS operations.
+<A NAME="IDX5344"></A>
+<A NAME="IDX5345"></A>
+<P><DT><B><TT>owner</TT>
+</B><DD>The user or group that owns the entry and thus can administer it (change
+the values in most of the fields displayed in the output of this command), or
+delete it entirely. The Protection Server automatically records the
+<B>system:administrators</B> group in this field for user and
+machine entries at creation time.
+<A NAME="IDX5346"></A>
+<P><DT><B><TT>creator</TT>
+</B><DD>The user who issued the <B>pts createuser</B> or <B>pts
+creategroup</B> command to create the entry. This field serves as an
+audit trail, and cannot be changed.
+<A NAME="IDX5347"></A>
+<P><DT><B><TT>membership</TT>
+</B><DD>An integer that for users and machines represents the number of groups to
+which the user or machine belongs. For groups, it represents the number
+of group members.
+<P><DT><B><TT>flags</TT>
+</B><DD>A string of five characters, referred to as <I>privacy flags</I>,
+which indicate who can display or administer certain aspects of the
+entry.
+<DL>
+<P><DT><B>s
+</B><DD>Controls who can issue the <B>pts examine</B> command to display the
+entry.
+<P><DT><B>o
+</B><DD>Controls who can issue the <B>pts listowned</B> command to display the
+groups that a user or group owns.
+<P><DT><B>m
+</B><DD>Controls who can issue the <B>pts membership</B> command to display
+the groups a user or machine belongs to, or which users or machines belong to
+a group.
+<P><DT><B>a
+</B><DD>Controls who can issue the <B>pts adduser</B> command to add a user or
+machine to a group. It is meaningful only for groups, but a value must
+always be set for it even on user and machine entries.
+<P><DT><B>r
+</B><DD>Controls who can issue the <B>pts removeuser</B> command to remove a
+user or machine from a group. It is meaningful only for groups, but a
+value must always be set for it even on user and machine entries.
+</DL>
+<P>
+<P>Each flag can take three possible types of values to enable a different set
+of users to issue the corresponding command:
+<UL>
+<P><LI>A hyphen (<B>-</B>) designates the members of the
+<B>system:administrators</B> group and the entry's
+owner. For user entries, it designates the user in addition.
+<P><LI>The lowercase version of the letter applies meaningfully to groups only,
+and designates members of the group in addition to the individuals designated
+by the hyphen.
+<P><LI>The uppercase version of the letter designates everyone.
+</UL>
+<P>
+<P>For example, the flags <TT>SOmar</TT> on a group entry indicate that
+anyone can examine the group's entry and display the groups that it owns,
+and that only the group's members can display, add, or remove its
+members.
+<P>The default privacy flags for user and machine entries are
+<TT>S----</TT>, meaning that anyone can display the entry. The
+ability to perform any other functions is restricted to members of the
+<B>system:administrators</B> group and the entry's owner (as
+well as the user for a user entry).
+<P>The default privacy flags for group entries are <TT>S-M--</TT>, meaning
+that all users can display the entry and the members of the group, but only
+the entry owner and members of the <B>system:administrators</B>
+group can perform other functions.
+<P><DT><B><TT>group quota</TT>
+</B><DD>The number of additional groups the user is allowed to create. The
+<B>pts createuser</B> command sets it to 20 for both users and machines,
+but it has no meaningful interpretation for a machine, because it is not
+possible to authenticate as a machine. Similarly, it has no meaning in
+group entries and the <B>pts creategroup</B> command sets it to 0
+(zero); do not change this value.
+<A NAME="IDX5348"></A>
+<A NAME="IDX5349"></A>
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the user entry for <B>terry</B> and the
+machine entry <B>158.12.105.44</B>.
+<PRE> % <B>pts examine terry 158.12.105.44</B>
+ Name: terry, id: 1045, owner: system:administrators, creator: admin,
+ membership: 9, flags: S----, group quota: 15.
+ Name: 158.12.105.44, id: 5151, owner: system:administrators,
+ creator: byu, membership: 1, flags: S----, group quota: 20.
+
+</PRE>
+<P>The following example displays the entries for the AFS groups with GIDs
+-673 and -674.
+<PRE> % <B>pts examine -673 -674</B>
+ Name: terry:friends, id: -673, owner: terry, creator: terry,
+ membership: 5, flags: S-M--, group quota: 0.
+ Name: smith:colleagues, id: -674, owner: smith, creator: smith,
+ membership: 14, flags: SOM--, group quota: 0.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The required privilege depends on the setting of the first privacy flag in
+the Protection Database entry of each entry specified by the
+<B>-nameorid</B> argument:
+<UL>
+<P><LI>If it is lowercase <TT>s</TT>, members of the
+<B>system:administrators</B> group and the user associated with a
+user entry can examine it, and only members of the
+<B>system:administrators</B> group can examine a machine or group
+entry.
+<P><LI>If it is uppercase <TT>S</TT>, anyone who can access the cell's
+database server machines can examine the entry.
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
+<P><A HREF="auarf213.htm#HDRPTS_CHOWN">pts chown</A>
+<P><A HREF="auarf214.htm#HDRPTS_CREATEGROUP">pts creategroup</A>
+<P><A HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
+<P><A HREF="auarf221.htm#HDRPTS_LISTOWNED">pts listowned</A>
+<P><A HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
+<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<P><A HREF="auarf224.htm#HDRPTS_RENAME">pts rename</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf216.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf218.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf217.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf219.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_HELP" HREF="auarf002.htm#ToC_232">pts help</A></H2>
+<A NAME="IDX5350"></A>
+<A NAME="IDX5351"></A>
+<A NAME="IDX5352"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>pts</B> commands or lists
+functional descriptions for all <B>pts</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>pts h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>pts</B> command.
+<P>To list every <B>pts</B> command whose name or short description
+includes a specified keyword, use the <B>pts apropos</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>pts</B> part of the command name, providing only
+the operation code (for example, specify <B>membership</B>, not <B>pts
+membership</B>). If this argument is omitted, the output briefly
+describes every <B>pts</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>pts</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>pts
+membership</B> command:
+<PRE> % <B>pts help membership</B>
+ pts membership: list membership of a user or group
+ aliases: groups
+ Usage: pts membership -nameorid <user or group name or id>+
+ [-cell <cell name>] [-noauth] [-force] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf212.htm#HDRPTS_APROPOS">pts apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf217.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf219.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf218.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf220.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_LISTENTRIES" HREF="auarf002.htm#ToC_233">pts listentries</A></H2>
+<A NAME="IDX5353"></A>
+<A NAME="IDX5354"></A>
+<A NAME="IDX5355"></A>
+<A NAME="IDX5356"></A>
+<A NAME="IDX5357"></A>
+<A NAME="IDX5358"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays all user or group entries in the Protection Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts listentries</B> [<B>-users</B>] [<B>-groups</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts liste</B> [<B>-u</B>] [<B>-g</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts listentries</B> command displays the name and AFS ID of all
+Protection Database entries of the indicated type. It also displays the
+AFS ID of each entry's owner and creator.
+<P>To display all user and machine entries, either include the
+<B>-users</B> flag or omit both it and the <B>-groups</B> flag.
+To display all group entries, include the <B>-groups</B> flag. To
+display all entries, provide both flags.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-users
+</B><DD>Displays user and machine entries.
+<P><DT><B>-groups
+</B><DD>Displays group entries.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output includes a line for each entry, with information in four columns
+that have the following headers:
+<DL>
+<P><DT><B><TT>Name</TT>
+</B><DD>The entry's name
+<P><DT><B><TT>ID</TT>
+</B><DD>The entry's AFS ID (AFS UID for a user or machine, negative AFS GID
+for a group)
+<P><DT><B><TT>Owner</TT>
+</B><DD>The AFS ID of the user or group that owns the entry
+<P><DT><B><TT>Creator</TT>
+</B><DD>The AFS ID of the user who created the entry (the
+<B>system:administrators</B> group is listed as the creator of the
+entry for <B>anonymous</B> and the system groups, but it is not otherwise
+possible for a group to create groups)
+</DL>
+<P>In general, the entries appear in the order in which they were
+created.
+<P><STRONG>Examples</STRONG>
+<P>The following example displays both user and group entries.
+<PRE> % <B>pts listentries -users -groups</B>
+ Name ID Owner Creator
+ system:administrators -204 -204 -204
+ system:anyuser -101 -204 -204
+ system:authuser -102 -204 -204
+ anonymous 32766 -204 -204
+ admin 1 -204 32766
+ pat 100 -204 1
+ smith 101 -204 1
+ pat:friends -206 100 100
+ staff -207 -204 1
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B>
+group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf214.htm#HDRPTS_CREATEGROUP">pts creategroup</A>
+<P><A HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf218.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf220.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf219.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf221.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_LISTMAX" HREF="auarf002.htm#ToC_234">pts listmax</A></H2>
+<A NAME="IDX5359"></A>
+<A NAME="IDX5360"></A>
+<A NAME="IDX5361"></A>
+<A NAME="IDX5362"></A>
+<A NAME="IDX5363"></A>
+<A NAME="IDX5364"></A>
+<A NAME="IDX5365"></A>
+<A NAME="IDX5366"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the <TT>max user id</TT> and <TT>max group id</TT> counters
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts listmax</B> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts listm</B> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts listmax</B> command displays the values of the <TT>max user
+id</TT> and <TT>max group id</TT> counters, which the Protection Server
+uses to track the AFS user IDs (AFS UIDs) it allocates to new users or
+machines, and the AFS group IDs (AFS GIDs) it allocates to new groups,
+respectively. When an administrator next issues the <B>pts
+createuser</B> command and does not include the <B>-id</B> argument, the
+new user or machine receives an AFS UID one greater than the <TT>max user
+id</TT> counter, and when a user issues the <B>pts creategroup</B>
+command and does not include the <B>-id</B> argument, the new group
+receives an AFS UID one less (more negative) than the <TT>max group id</TT>
+counter.
+<P>To reset one or both counters, members of the
+<B>system:administrators</B> group can issue the <B>pts
+setmax</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The command displays the counters in the following format:
+<PRE> Max user id is <VAR>user_counter</VAR> and max group id is <VAR>group_counter</VAR>.
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays the output of this command:
+<PRE> %<B> pts listmax</B>
+ Max user name is 1271 and max group id is -382.
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf226.htm#HDRPTS_SETMAX">pts setmax</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf219.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf221.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf220.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf222.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_LISTOWNED" HREF="auarf002.htm#ToC_235">pts listowned</A></H2>
+<A NAME="IDX5367"></A>
+<A NAME="IDX5368"></A>
+<A NAME="IDX5369"></A>
+<A NAME="IDX5370"></A>
+<A NAME="IDX5371"></A>
+<A NAME="IDX5372"></A>
+<A NAME="IDX5373"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the Protection Database groups owned by a user or group
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts listowned -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts listo -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts listowned</B> command lists the groups owned by each user or
+group specified by the <B>-nameorid</B> argument.
+<P>To list any <I>orphaned group</I>s, whose owners have themselves been
+deleted from the Protection Database, provide a value of <B>0</B> (zero)
+for the <B>-nameorid</B> argument. To change the owner to a user or
+group that still exists, use the <B>pts chown</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS UID of each user, or the name or AFS GID of each
+group, for which to display the list of owned groups. It is acceptable
+to mix users and groups on the same command line, as well as names and
+IDs. Precede the GID of each group with a hyphen to indicate that it is
+negative.
+<P>A value of <B>0</B> (zero) lists group entries for groups whose owners
+no longer have entries in the Protection Database.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of the output indicates the name and AFS UID or AFS GID of
+each user or group for which ownership information is requested, in the
+following format:
+<PRE> Groups owned by <VAR>name</VAR> (id: <VAR>ID</VAR>) are:
+
+</PRE>
+<P>A list of groups follows. The list does not include groups owned by
+groups that the user or group owns, or to which the user or group
+belongs. If the user or group does not own any groups, only the header
+line appears.
+<P>The following error message appears if the issuer is not privileged to view
+ownership information. By default, for both user and group entries the
+second privacy flag is the hyphen, which denies permission to anyone other
+than the user (for a user entry) and the members of the
+<B>system:administrators</B> group.
+<PRE> pts: Permission denied so failed to get owner list for <VAR>name</VAR> (id: <VAR>ID</VAR>)
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example lists the groups owned by user <B>terry</B> and
+shows that the group <B>terry:friends</B> does not own any
+groups:
+<PRE> % <B>pts listowned terry terry:friends</B>
+ Groups owned by terry (id: 1045) are:
+ terry:friends
+ terry:project1
+ terry:project2
+ Groups owned by terry:friends (id: -673) are:
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The required privilege depends on the setting of the second privacy flag in
+the Protection Database entry of each user or group indicated by the
+<B>-nameorid</B> argument (use the <B>pts examine</B> command to
+display the flags):
+<UL>
+<P><LI>If it is the hyphen and the <B>-nameorid</B> argument specifies a
+group, only the members of the <B>system:administrators</B> group
+and the owner of a group can list the groups it owns.
+<P><LI>If it is the hyphen and the <B>-nameorid</B> argument specifies a
+user, only the members of the <B>system:administrators</B> group and
+the associated user can list the groups he or she owns.
+<P><LI>If it is uppercase letter <TT>O</TT>, anyone who can access the
+cell's database server machines can list the groups owned by this user or
+group.
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf213.htm#HDRPTS_CHOWN">pts chown</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf220.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf222.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf221.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf223.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_MEMBERSHIP" HREF="auarf002.htm#ToC_236">pts membership</A></H2>
+<A NAME="IDX5374"></A>
+<A NAME="IDX5375"></A>
+<A NAME="IDX5376"></A>
+<A NAME="IDX5377"></A>
+<A NAME="IDX5378"></A>
+<A NAME="IDX5379"></A>
+<A NAME="IDX5380"></A>
+<A NAME="IDX5381"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the membership list for a user or group
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts membership -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts m -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+
+<B>pts groups -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+
+<B>pts g -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts membership</B> command lists the groups to which each user
+or machine specified by the <B>-nameorid</B> argument belongs, or lists
+the users and machines that belong to each group specified by the
+<B>-nameorid</B> argument.
+<P>It is not possible to list the members of the
+<B>system:anyuser</B> or <B>system:authuser</B> groups,
+and they do not appear in the list of groups to which a user belongs.
+<P>To add users or machine to groups, use the <B>pts adduser</B>
+command; to remove them, use the <B>pts removeuser</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS UID of each user entry, the IP address (complete
+or wildcard-style) or AFS UID of each machine entry, or the name or AFS GID of
+each group, for which to list group membership. It is acceptable to mix
+users, machines, and groups on the same command line, as well as names and
+IDs. Precede the GID of each group with a hyphen to indicate that it is
+negative.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>For each user and machine, the output begins with the following header
+line, followed by a list of the groups to which the user or machine
+belongs:
+<PRE> Groups <VAR>name</VAR> (id: <VAR>AFS UID</VAR>) is a member of:
+
+</PRE>
+<P>For each group, the output begins with the following header line, followed
+by a list of the users and machines who belong to the group:
+<PRE> Members of <VAR>group_name</VAR> (id: <VAR>AFS GID</VAR>) are:
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example lists the groups to which the user <B>pat</B>
+belongs and the members of the group <B>smith:friends</B>.
+Note that third privacy flag for the <B>pat</B> entry was changed from the
+default hyphen to enable a non-administrative user to obtain this
+listing.
+<PRE> % <B>pts membership pat smith:friends</B>
+ Groups pat (id: 1144) is a member of:
+ smith:friends
+ staff
+ johnson:project-team
+ Members of smith:friends (id: -562) are:
+ pat
+ terry
+ jones
+ richard
+ thompson
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The required privilege depends on the setting of the third privacy flag in
+the Protection Database entry of each user or group indicated by the
+<B>-nameorid</B> argument (use the <B>pts examine</B> command to
+display the flags):
+<UL>
+<P><LI>If it is the hyphen and the <B>-nameorid</B> argument specifies a
+user, only the associated user and members of the
+<B>system:administrators</B> group can list the groups to which the
+user belongs.
+<P><LI>If it is the hyphen and the <B>-nameorid</B> argument specifies a
+machine, only the members of the <B>system:administrators</B> group
+can list the groups to which the machine belongs.
+<P><LI>If it is the hyphen and the <B>-nameorid</B> argument specifies a
+group, only the owner of the group and members of the
+<B>system:administrators</B> group can list the members of the
+group.
+<P><LI>If it is lowercase <TT>m</TT> and the <B>-nameorid</B> argument
+specifies a user or machine entry, the meaning is equivalent to the
+hyphen.
+<P><LI>If it is lowercase <TT>m</TT> and the <B>-nameorid</B> argument
+specifies a group, members of the group can also list the other
+members.
+<P><LI>If it is uppercase <TT>M</TT>, anyone who can access the cell's
+database server machines can list group memberships.
+</UL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf221.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf223.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf222.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf224.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_REMOVEUSER" HREF="auarf002.htm#ToC_237">pts removeuser</A></H2>
+<A NAME="IDX5382"></A>
+<A NAME="IDX5383"></A>
+<A NAME="IDX5384"></A>
+<A NAME="IDX5385"></A>
+<A NAME="IDX5386"></A>
+<A NAME="IDX5387"></A>
+<A NAME="IDX5388"></A>
+<A NAME="IDX5389"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a user from a Protection Database group
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts removeuser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts rem -u</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-g</B> <<VAR>group name</VAR>><SUP>+</SUP> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts removeuser</B> command removes each user or machine named by
+the <B>-user</B> argument from each group named by the <B>-group</B>
+argument.
+<P>To add users to a group, use the <B>pts adduser</B> command. To
+list group membership, use the <B>pts membership</B> command. To
+remove users from a group and delete the group's entry completely in a
+single step, use the <B>pts delete</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>AFS compiles each user's group membership as he or she
+authenticates. Any users who have valid tokens when they are removed
+from a group retain the privileges extended to that group's members until
+they discard their tokens or reauthenticate.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies the name of each user entry or the IP address (complete or
+wildcard-style) of each machine entry to remove.
+<P><DT><B>-group
+</B><DD>Names each group from which to remove members.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example removes user <B>smith</B> from the groups
+<B>staff</B> and <B>staff:finance</B>. Note that no
+switch names are necessary because only a single instance is provided for the
+first argument (the username).
+<PRE> % <B>pts removeuser smith staff staff:finance</B>
+
+</PRE>
+<P>The following example removes three machine entries, which represent all
+machines in the ABC Corporation network, from the group
+<B>bin-prot</B>:
+<PRE> % <B>pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The required privilege depends on the setting of the fifth privacy flag in
+the Protection Database for the group named by the <B>-group</B> argument
+(use the <B>pts examine</B> command to display the flags):
+<UL>
+<P><LI>If it is the hyphen, only the group's owner and members of the
+<B>system:administrators</B> group can remove members.
+<P><LI>If it is lowercase <TT>r</TT>, members of the group can also remove
+other members.
+</UL>
+<P>(It is not possible to set the fifth flag to uppercase
+<TT>R</TT>.)
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
+<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf222.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf224.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf223.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf225.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_RENAME" HREF="auarf002.htm#ToC_238">pts rename</A></H2>
+<A NAME="IDX5390"></A>
+<A NAME="IDX5391"></A>
+<A NAME="IDX5392"></A>
+<A NAME="IDX5393"></A>
+<A NAME="IDX5394"></A>
+<A NAME="IDX5395"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes the name of a Protection Database entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts rename -oldname</B> <<VAR>old name</VAR>> <B>-newname</B> <<VAR>new name</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts ren -o</B> <<VAR>old name</VAR>> <B>-ne</B> <<VAR>new name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts rename</B> command changes the name of the user, machine, or
+group entry specified by the <B>-oldname</B> argument to the name
+specified by the <B>-newname</B> argument. It is not possible to
+change a user or machine entry's name to look like a regular group
+entry's name (have a colon in it).
+<P>Members of the <B>system:administrators</B> group can change a
+regular group name into a prefix-less name and vice versa. When
+changing a prefix-less group name into a regular group name or a regular group
+name to another regular group name, the owner field of the new name (the part
+before the colon) must correctly reflect the group's owner.
+<P>Changing a regular group's owner with the <B>pts chown</B> command
+automatically changes the owner field (the part before the colon) of the
+group's name, but does not change the owner field of any groups owned by
+the group. Use this command to rename those groups to a form that
+accurately reflects their ownership.
+<P><STRONG>Cautions</STRONG>
+<P>By convention, many aspects of an AFS user account have the same name as
+the user's Protection Database entry, including the Authentication
+Database entry, volume, and mount point. When using this command to
+change a user name, also change the names of all related entities to maintain
+consistency. For instructions, see the chapter on user accounts in the
+<I>IBM AFS Administration Guide</I>.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-oldname
+</B><DD>Specifies the current full name of the entry.
+<P><DT><B>-newname
+</B><DD>Specifies the new full name for the entry. For regular groups, the
+owner field (the part before the colon) of the new name must reflect the
+actual ownership of the group.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example changes the name of the group <B>staff</B>, owned
+by the privileged user <B>admin</B>, to
+<B>admin:staff</B>:
+<PRE> % <B>pts rename -oldname staff -newname admin:staff</B>
+
+</PRE>
+<P>The following example changes the name of the group
+<B>admin:finance</B> to the group <B>finance</B>. The
+issuer must belong to the <B>system:administrators</B> group.
+<PRE> % <B>pts rename -oldname admin:finance -newname finance</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To change a regular group name to a prefix-less name or vice versa, or to
+change a user or machine entry's name, the issuer must belong to the
+<B>system:administrators</B> group.
+<P>To change a group name to a new name of the same type (regular or
+prefix-less), the issuer must own the group or belong to the
+<B>system:administrators</B> group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf213.htm#HDRPTS_CHOWN">pts chown</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf223.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf225.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf224.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf226.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_SETFIELDS" HREF="auarf002.htm#ToC_239">pts setfields</A></H2>
+<A NAME="IDX5396"></A>
+<A NAME="IDX5397"></A>
+<A NAME="IDX5398"></A>
+<A NAME="IDX5399"></A>
+<A NAME="IDX5400"></A>
+<A NAME="IDX5401"></A>
+<A NAME="IDX5402"></A>
+<A NAME="IDX5403"></A>
+<A NAME="IDX5404"></A>
+<A NAME="IDX5405"></A>
+<A NAME="IDX5406"></A>
+<A NAME="IDX5407"></A>
+<A NAME="IDX5408"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets privacy flags or the group-creation quota for a Protection Database
+entry.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts setfields -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+ [<B>-access</B> <<VAR>set privacy flags</VAR>>]
+ [<B>-groupquota</B> <<VAR>set limit on group creation</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts setf -na</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP> [<B>-a</B> <<VAR>set privacy flags</VAR>>]
+ [<B>-g</B> <<VAR>set limit on group creation</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts setfields</B> command sets the group-creation quota, the
+privacy flags, or both, associated with each user, machine, or group entry
+specified by the <B>-nameorid</B> argument.
+<P>To examine the current quota and privacy flags, use the <B>pts
+examine</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>Changing a machine or group's group-creation quota is allowed, but not
+recommended. The concept is meaningless for machines and groups,
+because it is impossible to authenticate as a group or machine.
+<P>Similarly, some privacy flag settings do not have a sensible
+interpretation. The <B>Arguments</B> section specifies the
+appropriate settings.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS UID of each user, the IP address (complete or
+wildcard-style) of each machine, or the name or AFS GID of each machine for
+which to set privacy flags or group-creation quota. It is acceptable to
+mix users, machines, and groups on the same command line, as well as names (IP
+addresses for machines) and IDs. Precede the GID of each group with a
+hyphen to indicate that it is negative.
+<P><DT><B>-access
+</B><DD>Specifies the privacy flags to apply to each entry. Provide a
+string of five characters, one for each of the permissions. If this
+option is omitted, the current setting remains unchanged.
+<P>Set each flag to achieve the desired combination of permissions. If
+the following list does not mention a certain setting, it is not
+acceptable. For further discussion of the privacy flags, see the
+<B>pts examine</B> reference page.
+<UL>
+<P><LI>The first flag determines who can use the <B>pts examine</B> command
+to display information from a user, machine or group's Protection
+Database entry.
+<UL>
+<P><LI>Set it to lowercase <B>s</B> to permit the members of the
+<B>system:administrators</B> group to display a user, machine, or
+group entry, and the associated user to display a user entry.
+<P><LI>Set it to uppercase <B>S</B> to permit anyone who can access the
+cell's database server machines to display a user, machine, or group
+entry.
+</UL>
+<P><LI>The second flag determines who can use the <B>pts listowned</B>
+command to list the groups that a user or group owns.
+<UL>
+<P><LI>Set it to the hyphen (<B>-</B>) to permit the members of the
+<B>system:administrators</B> group and a user to list the groups he
+or she owns, or to permit the members of the
+<B>system:administrators</B> group and a group's owner to list
+the groups that a group owns.
+<P><LI>Set it to uppercase letter <B>O</B> to permit anyone who can access
+the cell's database server machines to list the groups owned by a machine
+or group entry.
+</UL>
+<P><LI>The third flag determines who can use the <B>pts membership</B>
+command to list the groups to which a user or machine belongs, or the users
+and machines that belong to a group.
+<UL>
+<P><LI>Set it to the hyphen (<B>-</B>) to permit the members of the
+<B>system:administrators</B> group and a user to list the groups he
+or she belongs to, to permit the members of the
+<B>system:administrators</B> group to list the groups a machine
+belongs to, or to permit the members of the
+<B>system:administrators</B> group and a group's owner to list
+the users and machines that belong to it.
+<P><LI>Set it to lowercase <B>m</B> to permit members of a group to list the
+other members. (For user and machine entries, this setting is
+equivalent to the hyphen.)
+<P><LI>Set it to uppercase <B>M</B> to permit anyone who can access the
+cell's database server machines to list membership information for a
+user, machine or group.
+</UL>
+<P><LI>The fourth flag determines who can use the <B>pts adduser</B> command
+to add users and machines as members of a group. This flag has no
+sensible interpretation for user and machine entries, but must be set
+nonetheless, preferably to the hyphen.
+<UL>
+<P><LI>Set it to the hyphen (<B>-</B>) to permit the members of the
+<B>system:administrators</B> group and the owner of the group to add
+members.
+<P><LI>Set it to lowercase <B>a</B> to permit members of a group to add other
+members.
+<P><LI>Set it to uppercase <B>A</B> to permit anyone who can access the
+cell's database server machines to add members to a group.
+</UL>
+<P><LI>The fifth flag determines who can use the <B>pts removeuser</B>
+command to remove users and machines from membership in a group. This
+flag has no sensible interpretation for user and machine entries, but must be
+set nonetheless, preferably to the hyphen.
+<UL>
+<P><LI>Set it to the hyphen (<B>-</B>) to permit the members of the
+<B>system:administrators</B> group and the owner of the group to
+remove members.
+<P><LI>Set it to lowercase <B>r</B> to permit members of a group to remove
+other members.
+</UL>
+</UL>
+<P><DT><B>-groupquota
+</B><DD>Specifies the number of additional groups a user can create (it does not
+matter how many he or she has created already). Do not include this
+argument for a group or machine entry.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example changes the privacy flags on the group
+<B>operators</B>, retaining the default values of the first, second and
+third flags, but setting the fourth and fifth flags to enable the group's
+members to add and remove other members.
+<PRE> % <B>pts setfields -nameorid operators -access S-Mar</B>
+
+</PRE>
+<P>The following example changes the privacy flags and sets group quota on the
+user entry <B>admin</B>. It retains the default values of the
+first, fourth, and fifth flags, but sets the second and third flags, to enable
+anyone to list the groups that <B>admin</B> owns and belongs to.
+Users authenticated as <B>admin</B> can create an additional 50
+groups.
+<PRE> % <B>pts setfields -nameorid admin -access SOM-- -groupquota 50</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To edit group entries or set the privacy flags on any type of entry, the
+issuer must own the entry or belong to the
+<B>system:administrators</B> group. To set group-creation
+quota on a user entry, the issuer must belong to the
+<B>system:administrators</B> group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
+<P><A HREF="auarf217.htm#HDRPTS_EXAMINE">pts examine</A>
+<P><A HREF="auarf221.htm#HDRPTS_LISTOWNED">pts listowned</A>
+<P><A HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
+<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf224.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf226.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf225.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf227.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTS_SETMAX" HREF="auarf002.htm#ToC_240">pts setmax</A></H2>
+<A NAME="IDX5409"></A>
+<A NAME="IDX5410"></A>
+<A NAME="IDX5411"></A>
+<A NAME="IDX5412"></A>
+<A NAME="IDX5413"></A>
+<A NAME="IDX5414"></A>
+<A NAME="IDX5415"></A>
+<A NAME="IDX5416"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Sets the value of the <TT>max group id</TT> or <TT>max user id</TT>
+counter
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>pts setmax</B> [<B>-group</B> <<VAR>group max</VAR>>] [<B>-user</B> <<VAR>user max</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-force</B>] [<B>-help</B>]
+
+<B>pts setm</B> [<B>-g</B> <VAR>group max</VAR>>] [<B>-u</B> <<VAR>user max</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-f</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>pts setmax</B> command sets the value of one or both counters
+that track the IDs the Protection Server allocates to new users, machines, or
+groups: the <TT>max user id</TT> counter for the AFS user IDs (AFS
+UIDs) assigned to users and machines, and the <TT>max group id</TT> counter
+for the AFS group IDs (AFS GIDs) assigned to groups.
+<P>Use the <B>pts listmax</B> command to display the current value of both
+counters.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-group
+</B><DD>Sets the <TT>max group id</TT> counter. Precede the value with a
+hyphen to indicate that it is negative. When an administrator next uses
+the <B>pts creategroup</B> command to create a group entry and does not
+include that command's <B>-id</B> argument, the Protection Server
+assigns the group an AFS GID one less (more negative) than this value.
+<P><DT><B>-user
+</B><DD>Sets the <TT>max user id</TT> counter. When an administrator next
+uses the <B>pts createuser</B> command to create a user or machine entry
+and does not include that command's <B>-id</B> argument, the
+Protection Server assigns the group an AFS UID one greater than this
+value.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. For more details, see
+the introductory <B>pts</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. For more details, see the introductory <B>pts</B> reference
+page.
+<P><DT><B>-force
+</B><DD>Enables the command to continue executing as far as possible when errors
+or other problems occur, rather than halting execution at the first
+error.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command sets the <TT>max group id</TT> counter to -500 and
+the <TT>max user id</TT> counter to 1000.
+<PRE> % <B>pts setmax -group -500 -user 1000</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must belong to the <B>system:administrators</B>
+group.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P><A HREF="auarf214.htm#HDRPTS_CREATEGROUP">pts creategroup</A>
+<P><A HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
+<P><A HREF="auarf220.htm#HDRPTS_LISTMAX">pts listmax</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf225.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf227.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf226.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf228.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRPTSERVER" HREF="auarf002.htm#ToC_241">ptserver</A></H2>
+<A NAME="IDX5417"></A>
+<A NAME="IDX5418"></A>
+<A NAME="IDX5419"></A>
+<A NAME="IDX5420"></A>
+<A NAME="IDX5421"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Protection Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>ptserver</B> [<B>-database</B> <<VAR>db path</VAR>>] [<B>-p</B> <<VAR>number of processes</VAR>>] [<B>-rebuildDB</B>]
+ [<B>-enable_peer_stats</B>] [<B>-enable_process_stats</B>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>ptserver</B> command initializes the Protection Server, which
+must run on every database server machine. In the conventional
+configuration, its binary file is located in the <B>/usr/afs/bin</B>
+directory on a file server machine.
+<P>The <B>ptserver</B> command is not normally issued at the command shell
+prompt, but rather placed into a database server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a file server machine as the local superuser
+<B>root</B>.
+<P>The Protection Server performs the following tasks:
+<UL>
+<P><LI>Maintains the Protection Database, which contains entries for every user
+and group in the cell. Use the <B>pts</B> commands to administer
+the database.
+<P><LI>Allocates AFS IDs for new user, machine and group entries and maps each ID
+to the corresponding name.
+<P><LI>Generates a current protection subgroup (CPS) at the File Server's
+request. The CPS lists all groups to which a user or machine
+belongs.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-database
+</B><DD>Specifies the pathname of an alternate directory in which the Protection
+Database files reside. Provide the complete pathname, ending in the
+base filename to which the <B>.DB0</B> and
+<B>.DBSYS1</B> extensions are appended. For example, the
+appropriate value for the default database files is
+<B>/usr/afs/db/prdb</B>.
+<P><DT><B>-p
+</B><DD>Sets the number of server lightweight processes (LWPs) to run.
+Provide a positive integer from the range <B>3</B> to
+<B>16</B>. The default value is 3.
+<P><DT><B>-rebuildDB
+</B><DD>Rebuilds the Protection Database at the beginning of Protection Server
+initialization. Use this argument only in consultation with AFS
+Development or Product Support.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following <B>bos create</B> command creates a <B>ptserver</B>
+process on the machine <B>fs3.abc.com</B>. The
+command appears here on multiple lines only for legibility.
+<PRE> % <B>bos create -server fs3.abc.com -instance ptserver</B> \
+ <B>-type simple -cmd /usr/afs/bin/ptserver</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf047.htm#HDRPRDBDB">prdb.DB0 and prdb.DBSYS1</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf226.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf228.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf227.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf229.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRRCP" HREF="auarf002.htm#ToC_242">rcp (AFS version)</A></H2>
+<A NAME="IDX5422"></A>
+<A NAME="IDX5423"></A>
+<A NAME="IDX5424"></A>
+<A NAME="IDX5425"></A>
+<A NAME="IDX5426"></A>
+<A NAME="IDX5427"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Copies a file on a remote machine
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>rcp</B> [<B>-p</B>] <<VAR>file1</VAR>> <<VAR>file2</VAR>>
+
+<B>rcp</B> [<B>-r</B>] [<B>-p</B>] <<VAR>file</VAR>><SUP>+</SUP> <<VAR>directory</VAR>>
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The AFS-modified <B>rcp</B> program functions like the standard UNIX
+<B>rcp</B> program, but also passes the issuer's AFS token to the
+remote machine's Cache Manager, to enable authenticated access to the AFS
+filespace via that machine.
+<P>Token passing is most effective if both the remote machine and local
+machine belong to the same cell, because the <B>rcp</B> command can pass
+only one token even if the user has several tokens--it passes the token
+listed first in the output from the <B>tokens</B> command. If the
+remote and local machine do not belong to the same cell, the possibilities are
+as follows:
+<UL>
+<P><LI>The passed token is for the remote machine's cell. The issuer
+accesses the remote cell's AFS file tree as an authenticated AFS user,
+but is considered <B>anonymous</B> in the local cell and so can exercise
+only the access rights granted to the <B>system:anyuser</B> group
+there. For example, to copy a file into a local AFS directory from the
+remote cell, the directory's ACL must grant the <B>l</B>
+(<B>lookup</B>) and <B>i</B> (<B>insert</B>) permissions to the
+<B>system:anyuser</B> group.
+<P><LI>The passed token is for the local machine's cell. The issuer
+accesses the remote cell's AFS file tree as <B>anonymous</B>, and so
+can only exercise the access rights granted to the
+<B>system:anyuser</B> group.
+</UL>
+<P>In addition to running the AFS version of the <B>rcp</B> binary on the
+machine where the <B>rcp</B> command is issued, other configuration
+changes are necessary for token passing to work properly. See the
+<B>Cautions</B> section for a list.
+<P>The AFS version of the <B>rcp</B> command is compatible with the
+standard <B>inetd</B> command, but token passing works only if both
+programs are modified to handle AFS tokens. If only one of them is
+modified, the issuer accesses the AFS filespace through the remote machine as
+the <B>anonymous</B> user.
+<P><STRONG>Cautions</STRONG>
+<P>The AFS distribution does not include an AFS-modified version of this
+command for every system type, in some cases because the operating system
+vendor has already modified the standard version in the required way.
+For details, see the <I>IBM AFS Release Notes</I>.
+<P>The AFS <B>rcp</B> command does not allow third party copies, in which
+neither the source file nor the target file is stored on the machine where the
+command is issued. The standard UNIX <B>rcp</B> command claims to
+provide this functionality.
+<P>For security's sake, use the AFS version of the <B>rcp</B> command
+only in conjunction with PAGs, either by using an AFS-modified login utility,
+issuing the <B>pagsh</B> command before obtaining tokens, or including the
+<B>-setpag</B> flag to the <B>klog</B> command.
+<P>Several configuration requirements and restrictions are necessary for token
+passing to work correctly with an AFS-modified version of the <B>rcp</B>
+command. Some of these are also necessary with the standard UNIX
+version, but are included here because the issuer accustomed to AFS
+protections is possibly unlikely to consider them. There are possibly
+other UNIX-based requirements and restrictions not mentioned here;
+consult the UNIX manual page. (One important one is that no
+<TT>stty</TT> commands can appear in the issuer's shell initialization
+file, such as the <B>.cshrc</B> file.)
+<P>The requirements and restrictions for token passing include the
+following.
+<UL>
+<P><LI>The local machine must be running the AFS version of the <B>rcp</B>
+command, with the <B>rcp</B> binary file locally installed to grant setuid
+privilege to the owner, the local superuser <B>root</B>.
+<P><LI>The remote machine must be running the AFS version of the <B>inetd</B>
+program.
+<P><LI>If the <B>rcp</B> command is to consult a <B>.rhosts</B>
+file on the remote machine, the file must have UNIX protections no more
+liberal than <B>-rw-r--r--</B>. If the <B>.rhosts</B>
+file resides in a user home directory in AFS, the home directory must also
+grant the <B>lookup</B> (<B>l</B>) and <B>read</B> (<B>r</B>)
+permissions to the <B>system:anyuser</B> group.
+</UL>
+<P><STRONG>Options</STRONG>
+<P>Consult the UNIX manual page for the <B>rcp</B> command.
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P>UNIX manual page for <B>rcp</B>
+<P><I>IBM AFS Release Notes</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf227.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf229.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf228.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf230.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRRSH" HREF="auarf002.htm#ToC_243">rsh (AFS version)</A></H2>
+<A NAME="IDX5428"></A>
+<A NAME="IDX5429"></A>
+<A NAME="IDX5430"></A>
+<A NAME="IDX5431"></A>
+<A NAME="IDX5432"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Opens a shell on a remote machine
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>rsh</B> <VAR>host</VAR> [<B>-n</B>] [<B>-l</B> <<VAR>username</VAR>>] <<VAR>command</VAR>>
+
+<VAR>host</VAR> [<B>-n</B>] [<B>-l</B> <<VAR>username</VAR>>] <<VAR>command</VAR>>
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The AFS-modified <B>rsh</B> program functions like the standard UNIX
+<B>rsh</B> program, but also passes the issuer's AFS token to the
+remote machine's Cache Manager, to enable authenticated access to the AFS
+filespace via that machine.
+<P>Token passing is most effective if both the remote machine and local
+machine belong to the same cell, because the <B>rsh</B> program can pass
+only one token even if the user has several tokens--it passes the token
+listed first in the output from the <B>tokens</B> command. If the
+remote and local machine do not belong to the same cell, the first token must
+be valid for the remote machine's cell, in order for the remote
+cell's server processes to recognize the issuer as authenticated.
+<P>In addition to running the AFS version of the <B>rsh</B> binary on the
+machine where the <B>rsh</B> command is issued, other configuration
+changes are necessary for token passing to work properly. See the
+<B>Cautions</B> section for a list.
+<P>The AFS version of the <B>rsh</B> command is compatible with the
+standard UNIX <B>inetd</B> command, but token passing works only if both
+programs are modified to handle AFS tokens. If only one of them is
+modified, the issuer accesses the AFS filespace through the remote machine as
+the user <B>anonymous</B>.
+<P><STRONG>Cautions</STRONG>
+<P>Some operating systems assign an alternate name to this program, such as
+<B>remsh</B>. The version included in the AFS distribution uses the
+same name as the operating system.
+<P>The AFS distribution does not include an AFS-modified version of this
+command for every system type, in some cases because the operating system
+vendor has already modified the standard version in the required way.
+For details, see the <I>IBM AFS Release Notes</I>.
+<P>For security's sake, use the AFS version of the <B>rsh</B> command
+only in conjunction with PAGs, either by using an AFS-modified login utility,
+issuing the <B>pagsh</B> command before obtaining tokens, or including the
+<B>-setpag</B> flag to the <B>klog</B> command.
+<P>Several configuration requirements and restrictions are necessary for token
+passing to work correctly with the AFS version of the <B>rsh</B>
+command. Some of these are also necessary with the standard UNIX
+version, but are included here because the issuer used to AFS protections is
+possibly unlikely to think of them. There are possibly other UNIX-based
+requirements or restrictions not mentioned here; consult the UNIX manual
+page for the <B>rsh</B> command. (One important one is that no
+<TT>stty</TT> commands can appear in the issuer's shell initialization
+file, such as the <B>.cshrc</B> file.)
+<P>The requirements and restrictions for token passing include the
+following.
+<UL>
+<P><LI>The local machine must be running the AFS version of the <B>rsh</B>
+command, with the binary file locally installed to grant setuid privilege to
+the owner, the local superuser <B>root</B>.
+<P><LI>The remote machine must be running the AFS version of the <B>inetd</B>
+program.
+<P><LI>If the <B>rsh</B> command is to consult an <B>.rhosts</B>
+file on the remote machine, the file must have UNIX mode bits no more liberal
+than <B>-rw-r--r--</B>. If the <B>.rhosts</B> file
+resides in a user home directory in AFS, the home directory must also grant
+the <B>l</B> (<B>lookup</B>) and <B>r</B> (<B>read</B>)
+permissions to the <B>system:anyuser</B> group.
+</UL>
+<P><STRONG>Options</STRONG>
+<P>Consult the UNIX manual page for the <B>rsh</B> command.
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf179.htm#HDRINETD">inetd (AFS version)</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P>UNIX manual page for <B>rsh</B> or <B>remsh</B>
+<P><I>IBM AFS Release Notes</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf228.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf230.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf229.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf231.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRRUNNTP" HREF="auarf002.htm#ToC_244">runntp</A></H2>
+<A NAME="IDX5433"></A>
+<A NAME="IDX5434"></A>
+<A NAME="IDX5435"></A>
+<A NAME="IDX5436"></A>
+<A NAME="IDX5437"></A>
+<A NAME="IDX5438"></A>
+<A NAME="IDX5439"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Network Time Protocol Daemon
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>runntp</B> [<B>-localclock</B>] [<B>-precision</B> <<VAR>small negative integer</VAR>>]
+ [<B>-logfile</B> <<VAR>filename for ntpd's stdout/stderr</VAR>>]
+ [<B>-ntpdpath</B> <<VAR>pathname of ntpd executable (/usr/afs/bin/ntpd)</VAR>>]
+ [<<VAR>host</VAR>><SUP>+</SUP>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>runntp</B> command initializes the Network Time Protocol Daemon
+(NTPD) and related programs on the local machine and constructs an
+<B>ntp.conf</B> configuration file. The intended use is on
+AFS file server machines as a convenient interface to the standard
+<B>ntpd</B> program.
+<P>In the conventional configuration, the binary file for the command is
+located in the <B>/usr/afs/bin</B> directory on a file server
+machine. The command is not normally issued at the command shell
+prompt, but rather placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a server machine as the local superuser
+<B>root</B>.
+<P><STRONG>Cautions</STRONG>
+<P>Do not run the <B>runntp</B> program if NTPD or another time protocol
+is already in use in the cell. Running two time-synchronization
+protocols can cause errors.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-localclock
+</B><DD>Designates the local machine's internal clock as a possible time
+source if a network partition separates the machine from the other source
+machines listed on the command line. In cells that are not connected to
+an exterior network or are behind a firewall, include this flag on every
+machine that runs the <B>runntp</B> process. In cells that
+frequently lose access to exterior networks (voluntarily or not), include it
+only on the <B>runntp</B> process running on the system control
+machine. Do not include the flag if the cell is reliably connected to
+exterior networks.
+<P><DT><B>-precision
+</B><DD>Specifies the precision of the local clock. This argument is not
+normally provided. As the <B>ntpd</B> process initializes, it
+determines the precision of the local clock on its own. If provided, it
+is a small integer preceded by a hyphen to show that it is negative.
+The value is used as an exponent on the number 2, and the result interpreted
+as the frequency, in fractions of a second, at which the local clock ticks
+(advances).
+<P>For example, a value of <B>-6</B>, which translates to
+<B>2<SUP>-6</SUP></B> or 1/64, means that the local clock ticks once every
+1/64th of a second, or has a precision of about 60 ticks per second. A
+value of <B>-7</B> translates to about 100 ticks per second. A
+value of <B>-10</B> translates to about 1000 ticks per second (a
+millisecond clock).
+<P><DT><B>-logfile
+</B><DD>Specifies the local disk pathname for the NTP daemon's log file, such
+as <B>/usr/afs/logs/ntp.log</B>. The log records which
+machines are serving as time sources and peers, what adjustments have been
+made to reduce drift, and so on. Use the <B>ntpd</B> process's
+debugging mechanism to control the amount of information produced. If
+this argument is omitted, the information is discarded.
+<P><DT><B>-ntpdpath
+</B><DD>Specifies the local disk pathname of the binary for the <B>ntpd</B>
+program. If this argument is omitted, the default is
+<B>/usr/afs/bin/ntpd</B>.
+<P><DT><B><VAR>host</VAR>
+</B><DD>Is the fully qualified hostname of each machine to consult as a time
+source. By convention, the machines are outside the cell if exterior
+networks are accessible.
+<P>In general, this argument is necessary only on the system control
+machine. If the issuer omits it, then the local machine consults the
+local database server machines listed in its copy of the
+<B>/usr/afs/etc/CellServDB</B> file.
+<P>For advice on selecting appropriate time sources, see the <I>IBM AFS
+Quick Beginnings</I> or ask AFS Product Support.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P>UNIX manual page for <B>ntp</B>
+<P>UNIX manual page for <B>ntpd</B>
+<P>UNIX manual page for <B>ntpdc</B>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf229.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf231.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf230.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf232.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRRXDEBUG" HREF="auarf002.htm#ToC_245">rxdebug</A></H2>
+<A NAME="IDX5440"></A>
+<A NAME="IDX5441"></A>
+<A NAME="IDX5442"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Provides debugging trace of Rx activity
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>rxdebug -servers</B> <<VAR>server machine</VAR>> [<B>-port</B> <<VAR>IP port</VAR>>] [<B>-nodally</B>]
+ [<B>-allconnections</B>] [<B>-rxstats</B>] [<B>-onlyserver</B>] [<B>-onlyclient</B>]
+ [<B>-onlyport</B> <<VAR>show only <port></VAR>>] [<B>-onlyhost</B> <<VAR>show only <host></VAR>>]
+ [<B>-onlyauth</B> <<VAR>show only <auth level></VAR>>] [<B>-version</B>] [<B>-noconns</B>]
+ [<B>-peers</B>] [<B>-help</B>]
+
+<B>rxdebug -s</B> <<VAR>server machine</VAR>> [<B>-po</B> <<VAR>IP port</VAR>>] [<B>-nod</B>] [<B>-a</B>] [<B>-r</B>]
+ [<B>-onlys</B>] [<B>-onlyc</B>] [<B>-onlyp</B> <<VAR>show only <port></VAR>>]
+ [<B>-onlyh</B> <<VAR>show only <host></VAR>>] [<B>-onlya</B> <<VAR>show only <auth level></VAR>>]
+ [<B>-v</B>] [<B>-noc</B>] [<B>-pe</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>rxdebug</B> command provides a trace of Rx activity for the
+server or client machine named by the <B>-servers</B> argument. Rx
+is AFS's proprietary remote procedure call (RPC) protocol, so this
+command enables the issuer to check the status of communication between the
+Cache Manager or an AFS server process (as specified with the <B>-port</B>
+argument) on the machine and one or more processes on other machines.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-servers
+</B><DD>Specifies the machine that is running the Cache Manager or server process
+for which to trace Rx activity. Provide the machine's IP address
+in dotted decimal format, its fully qualified host name (for example,
+<B>fs1.abc.com</B>), or the shortest abbreviated form of its
+host name that distinguishes it from other machines. Successful use of
+an abbreviated form depends on the availability of a name resolution service
+(such as the Domain Name Service or a local host table) at the time the
+command is issued.
+<P><DT><B>-port
+</B><DD>Specifies the process for which to trace Rx activity. Omit this
+argument to specify the File Server (<B>fileserver</B> process), or
+provide one of the following values:
+<DL>
+<DD><P><B>7000</B> for the File Server (<B>fileserver</B> process)
+<DD><P><B>7001</B> for the Cache Manager (specifically, its callback
+interface)
+<DD><P><B>7002</B> for the Protection Server (<B>ptserver</B> process)
+<DD><P><B>7003</B> for the Volume Location (VL) Server (<B>vlserver</B>
+process)
+<DD><P><B>7004</B> for the Authentication Server (<B>kaserver</B>
+process)
+<DD><P><B>7005</B> for the Volume Server (<B>volserver</B> process)
+<DD><P><B>7007</B> for the BOS Server (<B>bosserver</B> process)
+<DD><P><B>7008</B> for the Update Server (<B>upserver</B> process)
+<DD><P><B>7009</B> for the NFS/AFS Translator's <B>rmtsysd</B>
+daemon
+<DD><P><B>7021</B> for the Backup Server (<B>buserver</B> process)
+<DD><P><B>7025</B> through <B>65535</B> for the Backup Tape Coordinator
+(<B>butc</B> process) that has the port offset number derived by
+subtracting 7025 from this value
+</DL>
+<P><DT><B>-nodally
+</B><DD>Produces output only for connections that are not in dally mode.
+<P><DT><B>-allconnections
+</B><DD>Produces output for all connections, even inactive ones. By
+default, the output includes information only for connections that are active
+or in dally mode when the <B>rxdebug</B> command is issued.
+<P><DT><B>-rxstats
+</B><DD>Produces detailed statistics about Rx history and performance (for
+example, counts of the number of packets of various types the process has read
+and sent, calculations of average and minimum roundtrip time, and so
+on).
+<P><DT><B>-onlyserver
+</B><DD>Produces output only for connections in which the process designated by
+the <B>-port</B> argument is acting as the server.
+<P><DT><B>-onlyclient
+</B><DD>Produces output only for connections in which the process designated by
+the <B>-port</B> argument is acting as the client.
+<P><DT><B>-onlyport
+</B><DD>Produces output only for connections between the process designated by the
+<B>-port</B> argument and the specified port on any another
+machine. Use the same port identifiers as for the <B>-port</B>
+argument.
+<P><DT><B>-onlyhost
+</B><DD>Produces output only for connections between the process designated by the
+<B>-port</B> argument and any process on the specified machine. To
+identify the machine, use the same notation as for the <B>-servers</B>
+argument.
+<P><DT><B>-onlyauth
+</B><DD>Produces output only for connections that are using the specified
+authentication level. Provide one of the following values:
+<UL>
+<P><LI><B>auth</B> for connections at authentication level
+<B>rxkad_auth</B>
+<P><LI><B>clear</B> for connections at authentication level
+<B>rxkad_clear</B>
+<P><LI><B>crypt</B> for connections at authentication level
+<B>rxkad_crypt</B>
+<P><LI><B>none</B> for unauthenticated connections (equivalents are
+<B>null</B>, <B>noauth</B>, and <B>unauth</B>)
+</UL>
+<P><DT><B>-version
+</B><DD>Reports the AFS build level of the binary file for the process designated
+by the <B>-port</B> argument (or of the kernel extensions file for port
+7001, the Cache Manager's callback interface). Any other options
+combined with this one are ignored.
+<P><DT><B>-noconns
+</B><DD>Produces only the standard statistics that begin the output produced by
+every option (other than <B>-version</B>), without reporting on any
+connections. Any other options combined with this one are
+ignored.
+<P><DT><B>-peers
+</B><DD>Outputs information from the <I>peer structure</I> maintained for each
+port on another machine to which the process designated by the
+<B>-port</B> argument has a connection. There is information about
+roundtrip time and numbers of packets sent and received, for example.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If any options other than <B>-version</B> or <B>-help</B> are
+provided, the output written to the standard output stream begins with basic
+statistics about packet usage and availability, how many calls are waiting for
+a thread, how many threads are free, and so on (this is the only information
+provided by the <B>-noconns</B> flag). Adding other options
+produces additional information as described in the preceding
+<B>Options</B> section of this reference page. The output is
+intended for debugging purposes and is meaningful to someone familiar with the
+implementation of Rx.
+<P><STRONG>Privilege Required</STRONG>
+<P>None.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf058.htm#HDRAFSD">afsd</A>
+<P><A HREF="auarf124.htm#HDRBOSSERVER">bosserver</A>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P><A HREF="auarf126.htm#HDRBUTC">butc</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf230.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf232.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf231.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf233.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSALVAGER" HREF="auarf002.htm#ToC_246">salvager</A></H2>
+<A NAME="IDX5443"></A>
+<A NAME="IDX5444"></A>
+<A NAME="IDX5445"></A>
+<A NAME="IDX5446"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Salvager component of the <B>fs</B> process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>salvager</B> [<B>initcmd</B>] [<B>-partition</B> <<VAR>Name of partition to salvage</VAR>>]
+ [<B>-volumeid</B> <<VAR>Volume Id to salvage</VAR>>] [<B>-debug</B>]
+ [<B>-nowrite</B>] [<B>-inodes</B>] [<B>-force</B>] [<B>-oktozap</B>]
+ [<B>-rootinodes</B>] [<B>-salvagedirs</B>] [<B>-blockreads</B>]
+ [<B>-parallel</B> <<VAR># of max parallel partition salvaging</VAR>>]
+ [<B>-tmpdir</B> <<VAR>Name of dir to place tmp files</VAR>>]
+ [<B>-showlog</B>] [<B>-showsuid</B>] [<B>-showmounts</B>]
+ [<B>-orphans</B> <<B>ignore</B> | <B>remove</B> | <B>attach</B>>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>salvager</B> command initializes the Salvager component of the
+<B>fs</B> process. In the conventional configuration, its binary
+file is located in the <B>/usr/afs/bin</B> directory on a file server
+machine.
+<P>The Salvager restores internal consistency to corrupted read/write volumes
+on the local file server machine where possible. For read-only or
+backup volumes, it inspects only the volume header:
+<UL>
+<P><LI>If the volume header is corrupted, the Salvager removes the volume
+completely and records the removal in its log file,
+<B>/usr/afs/logs/SalvageLog</B>. Issue the <B>vos release</B>
+or <B>vos backup</B> command to create the read-only or backup volume
+again.
+<P><LI>If the volume header is intact, the Salvager skips the volume (does not
+check for corruption in the contents). However, if the File Server
+notices corruption as it initializes, it sometimes refuses to attach the
+volume or bring it online. In this case, it is simplest to remove the
+volume by issuing the <B>vos remove</B> or <B>vos zap</B>
+command. Then issue the <B>vos release</B> or <B>vos backup</B>
+command to create it again.
+</UL>
+<P>Unlike other server process initialization commands, the
+<B>salvager</B> command is designed to be issued at the command shell
+prompt, as well as being placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. It is also possible to invoke the Salvager remotely by issuing
+the <B>bos salvage</B> command.
+<P>Combine the command's options as indicated to salvage different
+numbers of read/write volumes:
+<UL>
+<P><LI>To salvage all volumes on the file server machine, provide no
+arguments. No volumes on the machine are accessible to Cache Managers
+during the salvage, because the BOS Server stops the File Server and Volume
+Server processes while the Salvager runs.
+<P><LI>To salvage all of the volumes on one partition, provide the
+<B>-partition</B> argument. As for a salvage of all volumes on the
+machine, no volumes on the machine are accessible to Cache Managers during the
+salvage operation.
+<P><LI>To salvage only one volume, combine the <B>-partition</B> and
+<B>-volumeid</B> arguments. Only that volume is inaccessible to
+Cache Managers, because the BOS Server does not shutdown the File Server and
+Volume Server processes.
+</UL>
+<P>The Salvager normally salvages only those read/write volumes that are
+marked as having been active when a crash occurred. To have it salvage
+all relevant read/write volumes, add the <B>-force</B> flag.
+<P>The Salvager normally creates new inodes as it repairs damage. If
+the partition is so full that there is no room for new inodes, use the
+<B>-nowrite</B> argument to bringing undamaged volumes online without
+attempting to salvage damaged volumes. Then use the <B>vos move</B>
+command to move one or more of the undamaged volumes to other partitions,
+freeing up the space that the Salvager needs to create new inodes.
+<P>By default, multiple Salvager subprocesses run in parallel: one for
+each partition up to four, and four subprocesses for four or more
+partitions. To increase or decrease the number of subprocesses running
+in parallel, provide a positive integer value for the <B>-parallel</B>
+argument.
+<P>If there is more than one server partition on a physical disk, the Salvager
+by default salvages them serially to avoid the inefficiency of constantly
+moving the disk head from one partition to another. However, this
+strategy is often not ideal if the partitions are configured as logical
+volumes that span multiple disks. To force the Salvager to salvage
+logical volumes in parallel, provide the string <B>all</B> as the value
+for the <B>-parallel</B> argument. Provide a positive integer to
+specify the number of subprocesses to run in parallel (for example,
+<B>-parallel 5all</B> for five subprocesses), or omit the integer to run
+up to four subprocesses, depending on the number of logical volumes being
+salvaged.
+<P>The Salvager creates temporary files as it runs, by default writing them to
+the partition it is salvaging. The number of files can be quite large,
+and if the partition is too full to accommodate them, the Salvager terminates
+without completing the salvage operation (it always removes the temporary
+files before exiting). Other Salvager subprocesses running at the same
+time continue until they finish salvaging all other partitions where there is
+enough disk space for temporary files. To complete the interrupted
+salvage, reissue the command against the appropriate partitions, adding the
+<B>-tmpdir</B> argument to redirect the temporary files to a local disk
+directory that has enough space.
+<P>The <B>-orphans</B> argument controls how the Salvager handles orphaned
+files and directories that it finds on server partitions it is
+salvaging. An <I>orphaned</I> element is completely inaccessible
+because it is not referenced by the vnode of any directory that can act as its
+parent (is higher in the filespace). Orphaned objects occupy space on
+the server partition, but do not count against the volume's quota.
+<P>To generate a list of all mount points that reside in one or more volumes,
+rather than actually salvaging them, include the <B>-showmounts</B>
+flag.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>initcmd
+</B><DD>Accommodates the command's use of the AFS command parser, and is
+optional.
+<P><DT><B>-partition
+</B><DD>Specifies the name of the partition to salvage. Specify the full
+partition name using the form <B>/vicep</B><VAR>x</VAR> or
+<B>/vicep</B><VAR>xx</VAR>. Omit this argument to salvage every
+partition on the file server machine.
+<P><DT><B>-volumeid
+</B><DD>Specifies the volume ID of a specific read/write volume to salvage.
+The <B>-partition</B> argument must be provided along with this one and
+specify the volume's actual site.
+<P><DT><B>-debug
+</B><DD>Allows only one Salvager subprocess to run at a time, regardless of the
+setting of the <B>-parallel</B> option. Include it when running the
+Salvager in a debugger to make the trace easier to interpret.
+<P><DT><B>-nowrite
+</B><DD>Brings all undamaged volumes online without attempting to salvage any
+damaged volumes.
+<P><DT><B>-inodes
+</B><DD>Records in the <B>/usr/afs/logs/SalvageLog</B> file a list of all AFS
+inodes that the Salvager modified.
+<P><DT><B>-force
+</B><DD>Inspects all volumes for corruption, not just those that are marked as
+having been active when a crash occurred.
+<P><DT><B>-oktozap
+</B><DD>Removes a volume that is so damaged that even issuing the <B>vos
+zap</B> command with the <B>-force</B> flag is ineffective. Use
+this argument only in consultation with AFS Development or Product
+Support. Combine it with the <B>-partition</B> and
+<B>-volumeid</B> arguments to identify the volume to remove.
+<P><DT><B>-rootinodes
+</B><DD>Records in the <B>/usr/afs/logs/SalvageLog</B> file a list of all AFS
+inodes owned by the local superuser <B>root</B>.
+<P><DT><B>-salvagedirs
+</B><DD>Salvages entire directory structures, even if they do not appear to be
+damaged. By default, the Salvager salvages a directory only if it is
+flagged as corrupted.
+<P><DT><B>-blockreads
+</B><DD>Forces the Salvager to read a partition one disk block (512 bytes) at a
+time and to skip any blocks that are too badly damaged to be salvaged.
+This allows it to salvage as many volumes as possible. By default, the
+Salvager reads large disk blocks, which can cause it to exit prematurely if it
+encounters disk errors. Use this flag if the partition to be salvaged
+has disk errors.
+<P><DT><B>-parallel
+</B><DD>Specifies the maximum number of Salvager subprocesses to run in
+parallel. Provide one of three values:
+<UL>
+<P><LI>An integer from the range <B>1</B> to <B>32</B>. A value of
+<B>1</B> means that a single Salvager process salvages the partitions
+sequentially.
+<P><LI>The string <B>all</B> to run up to four Salvager subprocesses in
+parallel on partitions formatted as logical volumes that span multiple
+physical disks. Use this value only with such logical volumes.
+<P><LI>The string <B>all</B> followed immediately (with no intervening space)
+by an integer from the range <B>1</B> to <B>32</B>, to run the
+specified number of Salvager subprocesses in parallel on partitions formatted
+as logical volumes. Use this value only with such logical
+volumes.
+</UL>
+<P>The BOS Server never starts more Salvager subprocesses than there are
+partitions, and always starts only one process to salvage a single
+volume. If this argument is omitted, up to four Salvager subprocesses
+run in parallel.
+<P><DT><B>-tmpdir
+</B><DD>Names a local disk directory in which the Salvager places the temporary
+files it creates during a salvage operation, instead of writing them to the
+partition being salvaged (the default). If the Salvager cannot write to
+the specified directory, it attempts to write to the partition being
+salvaged.
+<P><DT><B>-showlog
+</B><DD>Displays on the standard output stream all log data that is being written
+to the <B>/usr/afs/logs/SalvageLog</B> file.
+<P><DT><B>-showsuid
+</B><DD>Displays a list of the pathnames for all files that have the setuid or
+setgid mode bit set.
+<P><DT><B>-showmounts
+</B><DD>Records in the <B>/usr/afs/logs/SalvageLog</B> file all mount points
+found in each volume. The Salvager does not repair corruption in the
+volumes, if any exists.
+<P><DT><B>-orphans
+</B><DD>Controls how the Salvager handles orphaned files and directories.
+Choose one of the following three values:
+<DL>
+<P><DT><B>ignore
+</B><DD>Leaves the orphaned objects on the disk, but prints a message to the
+<B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were found
+and the approximate number of kilobytes they are consuming. This is the
+default if the <B>-orphans</B> argument is omitted.
+<P><DT><B>remove
+</B><DD>Removes the orphaned objects, and prints a message to the
+<B>/usr/afs/logs/SalvageLog</B> file reporting how many orphans were
+removed and the approximate number of kilobytes they were consuming.
+<P><DT><B>attach
+</B><DD>Attaches the orphaned objects by creating a reference to them in the vnode
+of the volume's root directory. Since each object's actual
+name is now lost, the Salvager assigns each one a name of the following
+form:
+<DL>
+<DD><P><B>_ _ORPHANFILE_ _.</B><VAR>index</VAR> for files
+<DD><P><B>_ _ORPHANDIR_ _.</B><VAR>index</VAR> for directories
+</DL>
+<P>
+<P>where <VAR>index</VAR> is a two-digit number that uniquely identifies each
+object. The orphans are charged against the volume's quota and
+appear in the output of the <B>ls</B> command issued against the
+volume's root directory.
+</DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command instructs the Salvager to attempt to salvage the
+volume with volume ID 258347486 on <B>/vicepg</B> on the local
+machine.
+<PRE> % <B>/usr/afs/bin/salvager -partition /vicepg -volumeid 258347486</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>To issue the command at the shell prompt, the issuer must be logged in as
+the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf030.htm#HDRSALVAGELOG">SalvageLog</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<P><A HREF="auarf268.htm#HDRVOS_MOVE">vos move</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf231.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf233.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf232.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf234.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSCOUT" HREF="auarf002.htm#ToC_247">scout</A></H2>
+<A NAME="IDX5447"></A>
+<A NAME="IDX5448"></A>
+<A NAME="IDX5449"></A>
+<A NAME="IDX5450"></A>
+<A NAME="IDX5451"></A>
+<A NAME="IDX5452"></A>
+<A NAME="IDX5453"></A>
+<A NAME="IDX5454"></A>
+<A NAME="IDX5455"></A>
+<A NAME="IDX5456"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Monitors the File Server process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>scout</B> [<B>initcmd</B>] <B>-server</B> <<VAR>FileServer name(s) to monitor</VAR>><SUP>+</SUP>
+ [<B>-basename</B> <<VAR>base server name</VAR>>]
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>] [<B>-host</B>]
+ [<B>-attention</B> <<VAR>specify attention (highlighting) level</VAR>><SUP>+</SUP>]
+ [<B>-debug</B> <<VAR>turn debugging output on to the named file</VAR>>] [<B>-help</B>]
+
+<B>scout</B> [<B>i</B>] <B>-s</B> <<VAR>FileServer name(s) to monitor</VAR>><SUP>+</SUP>
+ [<B>-b</B> <<VAR>base server name</VAR>>] [<B>-f</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-ho</B>] [<B>-a</B> <<VAR>specify attention (highlighting) level</VAR>><SUP>+</SUP>]
+ [<B>-d</B> <<VAR>turn debugging output on to the named file</VAR>>] [<B>-he</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>scout</B> command displays statistics gathered from the File
+Server process running on each machine specified with the <B>-server</B>
+argument. The <B>Output</B> section explains the meaning of the
+statistics and describes how they appear in the command shell, which is
+preferably a window managed by a window manager program.
+<P><STRONG>Cautions</STRONG>
+<P>The <B>scout</B> program must be able to access the <B>curses</B>
+graphics package, which it uses to display statistics. Most UNIX
+distributions include <B>curses</B> as a standard utility.
+<P>Both dumb terminals and windowing systems that emulate terminals can
+display the <B>scout</B> program's statistics. The display
+makes use of reverse video and cursor addressing, so the display environment
+must support those features for it to look its best (most windowing systems
+do, most dumb terminals do not). Also, set the TERM environment
+variable to the correct terminal type, or one with characteristics similar to
+the actual ones. For machines running the AIX operating system, the
+recommended setting for TERM is <B>vt100</B>, as long as the terminal is
+similar to that. For other operating systems, the wider range of
+acceptable values includes <B>xterm</B>, <B>xterms</B>,
+<B>vt100</B>, <B>vt200</B>, and <B>wyse85</B>.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>initcmd
+</B><DD>Accommodates the command's use of the AFS command parser, and is
+optional.
+<P><DT><B>-server
+</B><DD>Specifies each file server machine running a File Server process to
+monitor. Provide each machine's fully qualified hostname unless
+the <B>-basename</B> argument is used. In that case, specify only
+the unique initial part of each machine name, omitting the domain name suffix
+(the basename) common to all the names. It is also acceptable to use
+the shortest abbreviated form of a host name that distinguishes it from other
+machines, but successful resolution depends on the availability of a name
+resolution service (such as the Domain Name Service or a local host table) at
+the time the command is issued.
+<P><DT><B>-basename
+</B><DD>Specifies the basename (domain name) suffix common to all of the file
+server machine names specified with the <B>-server</B> argument, and is
+automatically appended to them. This argument is normally the name of
+the cell to which the machines belong. Do not include the period that
+separates this suffix from the distinguishing part of each file server machine
+name, but do include any periods that occur within the suffix itself.
+For example, in the ABC Corporation cell, the proper value is
+<B>abc.com</B> rather than
+<B>.abc.com</B>.
+<P><DT><B>-frequency
+</B><DD>Indicates how often to probe the File Server processes. Specify a
+number of seconds greater than <B>0</B> (zero). The default is 60
+seconds.
+<P><DT><B>-host
+</B><DD>Displays the name of the machine that is running the <B>scout</B>
+program, in the banner line of the display screen.
+<P><DT><B>-attention
+</B><DD>Defines a list of entries, each of which pairs a statistic and a threshold
+value. When the value of the statistic exceeds the indicated threshold
+value, it is highlighted (in reverse video) in the display. List the
+pairs in any order. The acceptable values are the following:
+<UL>
+<P><LI><B>conn</B> <VAR>connections</VAR>. Indicates the number of open
+connections to client processes at which to highlight the statistic.
+The statistic returns to regular display when the value goes back below the
+threshold. There is no default threshold.
+<P>An example of an acceptable value is <B>conn 300</B>.
+<P><LI><B>disk</B>, which takes one of two types of values:
+<UL>
+<P><LI><B>disk</B> <VAR>blocks_free</VAR>. Indicates the number of
+remaining free kilobyte blocks at which to highlight the statistic. The
+statistic returns to regular display when the value again exceeds the
+threshold. There is no default threshold.
+<P>An example of an acceptable value is <B>disk 5000</B>.
+<P><LI><B>disk</B> <VAR>percent_full</VAR><B>%</B>. Indicates the
+percentage of disk usage at which to highlight the statistic. The
+statistic returns to regular display when the value goes back below the
+threshold. The default threshold is 95%. Acceptable values are
+the integers in the range from <B>0</B> to <B>99</B>, followed by the
+percent sign (<B>%</B>) to distinguish this type of value from the one
+described just previously.
+<P>An example is <B>disk 90%</B>.
+</UL>
+<P><LI><B>fetch</B> <VAR>fetch_RPCs</VAR>. Indicates the cumulative
+number of fetch RPCs from client processes at which to highlight the
+statistic. The statistic does not return to regular display until the
+File Server process restarts, at which time the value returns to zero.
+There is no default threshold.
+<P>Example of a legal value: <B>fetch 6000000</B>
+<P><LI><B>store</B> <VAR>store_RPCs</VAR>. Indicates the cumulative
+number of store RPCs from client processes at which to highlight the
+statistic. The statistic does not return to regular display until the
+File Server process restarts, at which time the value returns to zero.
+There is no default threshold.
+<P>Example of an acceptable value: <B>store 200000</B>
+<P><LI><B>ws</B> <VAR>active_client_machines</VAR>. Indicates the number
+of client machines with active open connections at which to highlight the
+statistic. An active connection is defined as one over which the File
+Server and client have communicated in the last 15 minutes. The
+statistic returns to regular display when the value goes back below the
+threshold. There is no default threshold.
+<P>Example of an acceptable value: <B>ws 65</B>
+</UL>
+<P><DT><B>-debug
+</B><DD>Specifies the pathname of the file into which to write a debugging
+trace. Partial pathnames are interpreted relative to the current
+working directory.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The <B>scout</B> program can display statistics either in a dedicated
+window or on a plain screen if a windowing environment is not
+available. For best results, the window or screen needs the ability to
+print in reverse video.
+<P>The <B>scout</B> screen has three main parts: the banner line,
+the statistics display region and the message/probe line.
+<P><B><I>The Banner Line</I></B>
+<P>By default, the string <TT>Scout</TT> appears in the banner line at the
+top of the window or screen. Two optional arguments place additional
+information in the banner line:
+<UL>
+<P><LI>The <B>-host</B> flag displays the name of the machine where the
+<B>scout</B> program is running. As mentioned previously, this is
+useful when running the <B>scout</B> program on several machines but
+displaying the results on a single machine.
+<P>For example, when the <B>-host</B> flag is included and the
+<B>scout</B> program is running on the machine
+<B>client1.abc.com</B>, the banner line reads as
+follows:
+<PRE> [client1.abc.com] Scout
+
+</PRE>
+<P><LI>The <B>-basename</B> argument displays the indicated basename on the
+banner line. For example, including the argument <B>-basename
+abc.com</B> argument results in the following banner line:
+<PRE> Scout for abc.com
+
+</PRE>
+</UL>
+<P><B><I>The Statistics Display Region</I></B>
+<P>In this region, which occupies the majority of the window, the
+<B>scout</B> process displays the statistics gathered for each File Server
+process. Each process appears on its own line.
+<P>The region is divided into six columns, labeled as indicated and displaying
+the following information:
+<A NAME="IDX5457"></A>
+<A NAME="IDX5458"></A>
+<UL>
+<P><LI><TT>Conn</TT>: The first column displays the number of RPC
+connections open between the File Server process and client machines.
+This number equals or exceeds the number in the <TT>Ws</TT> column (see the
+fourth entry below), because each user on the machine can have several
+separate connections open at once, and one client machine can handle several
+users.
+<A NAME="IDX5459"></A>
+<P><LI><TT>Fetch</TT>: The second column displays the number of
+fetch-type RPCs (fetch data, fetch access list, and fetch status) that client
+machines have made to the File Server process since the latter started.
+This number is reset to zero each time the File Server process
+restarts.
+<A NAME="IDX5460"></A>
+<P><LI><TT>Store</TT>: The third column displays the number of store-type
+RPCs (store data, store access list, and store status) that client machines
+have made to the File Server process since the latter started. This
+number is reset to zero each time the File Server process restarts.
+<A NAME="IDX5461"></A>
+<P><LI><TT>Ws</TT>: The fourth column displays the number of client
+machines (<TT>Ws</TT> stands for workstations) that have communicated with
+the File Server process within the last 15 minutes. Such machines are
+termed <I>active</I>). This number is likely to be smaller than the
+number in the first (<TT>Conn</TT>) column because a single client machine
+can have several connections open to one File Server.
+<A NAME="IDX5462"></A>
+<A NAME="IDX5463"></A>
+<A NAME="IDX5464"></A>
+<P><LI>The fifth, unlabeled, column displays the name of the file server machine
+on which the File Server process is running. Names of 12 characters or
+less are displayed in full; longer names are truncated and an asterisk
+(<TT>*</TT>) appears as the last character in the name. Using the
+<B>-basename</B> argument is a good way to avoid truncation, but only if
+all machine names end in a common string.
+<P><LI><TT>Disk attn</TT>: The sixth column displays the number of
+available kilobyte blocks on each AFS disk partition on the file server
+machine.
+<A NAME="IDX5465"></A>
+<A NAME="IDX5466"></A>
+<A NAME="IDX5467"></A>
+ The display for each partition has the following form:
+<PRE> x:<VAR>free_blocks</VAR>
+
+</PRE>
+<P>where <TT>x</TT> indicates the partition name. For example,
+<TT><B>a:8949</B></TT> specifies that the <B>/vicepa</B>
+partition has 8,949 1-KB blocks free. Available space can be displayed
+for up to 26 partitions. If the window is not wide enough for all
+partition entries to appear on a single line, the <B>scout</B> process
+automatically creates multiple lines, stacking the partition entries into
+sub-columns within the sixth column.
+<P>The label on the <TT>Disk</TT> <TT>attn</TT> column indicates the
+threshold value at which entries in the column become highlighted. By
+default, the label is
+<PRE> Disk attn: > 95% used
+
+</PRE>
+<P>because by default the <B>scout</B> program highlights the entry for
+any partition that is over 95% full.
+</UL>
+<P>For all columns except the fifth (file server machine name), the optional
+<B>-attention</B> argument sets the value at which entries in the column
+are highlighted to indicate that a certain value has been exceeded.
+Only values in the fifth and <TT>Disk attn</TT> columns ever become
+highlighted by default.
+<P>If the <B>scout</B> program is unable to access or otherwise obtain
+information about a partition, it generates a message similar to the following
+example:
+<PRE> Could not get information on server fs1.abc.com partition /vicepa
+
+</PRE>
+<P><B><I>The Message/Probe Line</I></B>
+<P>The bottom line of the <B>scout</B> screen indicates how many times the
+<B>scout</B> program has probed the File Server processes for
+statistics. The statistics gathered in the latest probe appear in the
+statistics display region. The <B>-frequency</B> argument overrides
+the default probe frequency of 60 seconds.
+<P><STRONG>Examples</STRONG>
+<P>See the chapter on monitoring tools in the <I>IBM AFS Administration
+Guide</I>, which illustrates the displays that result from different
+combinations of options.
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf059.htm#HDRAFSMONITOR">afsmonitor</A>
+<P><A HREF="auarf169.htm#HDRFSTRACE_INTRO">fstrace</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf232.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf234.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf233.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf235.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRSYS" HREF="auarf002.htm#ToC_248">sys</A></H2>
+<P><STRONG>Purpose</STRONG>
+<A NAME="IDX5468"></A>
+<A NAME="IDX5469"></A>
+<A NAME="IDX5470"></A>
+<A NAME="IDX5471"></A>
+<A NAME="IDX5472"></A>
+<A NAME="IDX5473"></A>
+<A NAME="IDX5474"></A>
+<P>Reports the CPU/operating system type
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>sys</B>
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>sys</B> command displays the string stored in kernel memory that
+indicates the local machine's CPU/operating system (OS) type. The
+Cache Manager substitutes the string for the <VAR>@sys</VAR> variable which can
+occur in AFS pathnames; the <I>IBM AFS Quick Beginnings</I> and
+<I>IBM AFS Administration Guide</I> explain how using <VAR>@sys</VAR> can
+simplify cell configuration.
+<P>The command always reports the value for the local machine only. To
+set a new value in kernel memory, use the <B>fs sysname</B> command, which
+like this command can also be used to display the current value.
+<P><STRONG>Output</STRONG>
+<P>The machine's system type appears as a text string:
+<PRE> <VAR>system_type</VAR>
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output produced on a Sun SPARCStation
+running Solaris 5.7:
+<PRE> % <B>sys</B>
+ sun4x_57
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf165.htm#HDRFS_SYSNAME">fs sysname</A>
+<P><I>IBM AFS Quick Beginnings</I>
+<P><I>IBM AFS Administration Guide</I>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf233.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf235.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf234.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf236.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRTOKENS" HREF="auarf002.htm#ToC_249">tokens</A></H2>
+<A NAME="IDX5475"></A>
+<A NAME="IDX5476"></A>
+<A NAME="IDX5477"></A>
+<A NAME="IDX5478"></A>
+<A NAME="IDX5479"></A>
+<A NAME="IDX5480"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the issuer's tokens
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>tokens</B> [<B>-help</B>]
+
+<B>tokens</B> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>tokens</B> command displays all tokens (tickets) cached on the
+local machine for the issuer. AFS server processes require that their
+clients present a token as evidence that they have authenticated in the
+server's local cell.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The <B>tokens.krb</B> version of this command is intended for use
+by sites that employ standard Kerberos authentication for their
+clients. The <B>tokens.krb</B> command provides all of the
+functionality of the <B>tokens</B> command. In addition, it
+provides information on the Kerberos tickets stored in the file specified by
+the KRBTKFILE environment variable (the <B>/tmp/tkt</B><VAR>X</VAR> file,
+where <VAR>X</VAR> is the number of the user's PAG).
+</TD></TR></TABLE>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output lists one token for each cell in which the user is
+authenticated. The output indicates the
+<UL>
+<P><LI>User's AFS UID, if it is available for display.
+<P><LI>Server for which the token is valid (normally, <B>afs</B>).
+This includes a cell specification.
+<P><LI>Day and time the token expires.
+</UL>
+<P>The output of the Kerberos version of this command,
+<B>tokens.krb</B>, also reports the following about the Kerberos
+ticket-granting ticket: the ticket owner, which Kerberos ticket-granting
+service that issued the ticket (for example,
+<B>krbtgt.ABC.COM</B>), and ticket's expiration
+date.
+<P>The string <TT>--End of list--</TT> appears at the end of the
+output. If the user is not authenticated in any cell, this line is all
+that appears.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output when the issuer is not authenticated
+in any cell.
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+
+ --End of list--
+
+</PRE>
+<P>The following example shows the output when the issuer is authenticated in
+ABC Corporation cell, where he or she has AFS UID 1000.
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1000) tokens for afs@abc.com [Expires Jan 2 10:00]
+ --End of list--
+
+</PRE>
+<P>The following example shows the output when the issuer is authenticated in
+the ABC Corporation cell, the State University cell, and the XYZ Company
+cell. The user has different AFS UIDs in the three cells. Tokens
+for last cell are expired:
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1000) tokens for afs@abc.com [Expires Jan 3 10:00]
+ User's (AFS ID 4286) tokens for afs@stateu.edu [Expires Jan 3 1:34]
+ User's (AFS ID 22) tokens for afs@xyz.com [>>Expired<]
+ --End of list--
+
+</PRE>
+<P>The following example shows the output when the issuer uses the
+<B>tokens.krb</B> version of the command after authenticating in
+the ABC Corporation cell using the <B>klog.krb</B> command.
+<PRE> % <B>tokens.krb</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1000) tokens for afs@abc.com [Expires Jan 31 00:09]
+ User smiths tokens for krbtgt.ABC.COM@abc.com [Expires Jan 31 00:09]
+ --End of list--
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf238.htm#HDRUNLOG">unlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf234.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf236.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf235.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf237.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRTRANSLATE_ET" HREF="auarf002.htm#ToC_250">translate_et</A></H2>
+<A NAME="IDX5481"></A>
+<A NAME="IDX5482"></A>
+<A NAME="IDX5483"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Translates numbered error codes into text messages
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>translate_et</B> <<VAR>error number</VAR>><SUP>+</SUP>
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>translate_et</B> command translates each specified error number
+into a text message.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><VAR>error number</VAR>
+</B><DD>Specifies each error number to translate.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command translates the error numbers 1 and 4:
+<PRE> % <B>translate_et 1 4</B>
+ 1 ().1 = Not owner
+ 4 ().4 = Interrupted system call
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf235.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf237.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf236.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf238.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUDEBUG" HREF="auarf002.htm#ToC_251">udebug</A></H2>
+<A NAME="IDX5484"></A>
+<A NAME="IDX5485"></A>
+<A NAME="IDX5486"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports status of Ubik process associated with a database server process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>udebug -servers</B> <<VAR>server machine</VAR>> [<B>-port</B> <<VAR>IP port</VAR>>] [<B>-long</B>] [<B>-help</B>]
+
+<B>udebug -s</B> <<VAR>server machine</VAR>> [<B>-p</B> <<VAR>IP port</VAR>>] [<B>-l</B>] [<B>-h</B>]
+
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>udebug</B> command displays the status of the lightweight Ubik
+process for the database server process identified by the <B>-port</B>
+argument that is running on the database server machine named by the
+<B>-servers</B> argument. The output identifies the machines where
+peer database server processes are running, which of them is the
+synchronization site (Ubik coordinator), and the status of the connections
+between them.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-servers
+</B><DD>Names the database server machine that is running the process for which to
+display status information. Provide the machine's IP address in
+dotted decimal format, its fully qualified host name (for example,
+<B>fs1.abc.com</B>), or the shortest abbreviated form of its
+host name that distinguishes it from other machines. Successful use of
+an abbreviated form depends on the availability of a name resolution service
+(such as the Domain Name Service or a local host table) at the time the
+command is issued.
+<P><DT><B>-port
+</B><DD>Identifies the database server process for which to display status
+information, either by its process name or port number. Provide one of
+the following values.
+<DL>
+<DD><P><B>buserver</B> or <B>7021</B> for the Backup Server
+<DD><P><B>kaserver</B> or <B>7004</B> for the Authentication Server
+<DD><P><B>ptserver</B> or <B>7002</B> for the Protection Server
+<DD><P><B>vlserver</B> or <B>7003</B> for the Volume Location Server
+</DL>
+<P><DT><B>-long
+</B><DD>Reports additional information about each peer of the machine named by the
+<B>-servers</B> argument. The information appears by default if
+that machine is the synchronization site.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>Several of the messages in the output provide basic status information
+about the Ubik process on the machine specified by the <B>-servers</B>
+argument, and the remaining messages are useful mostly for debugging
+purposes.
+<P>To check basic Ubik status, issue the command for each database server
+machine in turn. In the output for each, one of the following messages
+appears in the top third of the output.
+<PRE> I am sync site . . . (<VAR>#_sites</VAR> servers)
+
+ I am not sync site
+</PRE>
+<P>For the synchronization site, the following message indicates that all
+sites have the same version of the database, which implies that Ubik is
+functioning correctly. See the following for a description of values
+other than <TT>1f</TT>.
+<PRE> Recovery state 1f
+</PRE>
+<P>For correct Ubik operation, the database server machine clocks must agree
+on the time. The following messages, which are the second and third
+lines in the output, report the current date and time according to the
+database server machine's clock and the clock on the machine where the
+<B>udebug</B> command is issued.
+<PRE> Host's <VAR>IP_addr</VAR> time is <VAR>dbserver_date/time</VAR>
+ Local time is <VAR>local_date/time</VAR> (time differential <VAR>skew</VAR> secs)
+</PRE>
+<P>The <VAR>skew</VAR> is the difference between the database server machine
+clock and the local clock. Its absolute value is not vital for Ubik
+functioning, but a difference of more than a few seconds between the
+<VAR>skew</VAR> values for the database server machines indicates that their
+clocks are not synchronized and Ubik performance is possibly hampered.
+<P>Following is a description of all messages in the output. As noted,
+it is useful mostly for debugging and most meaningful to someone who
+understands Ubik's implementation.
+<P>The output begins with the following messages. The first message
+reports the IP addresses that are configured with the operating system on the
+machine specified by the <B>-servers</B> argument. As previously
+noted, the second and third messages report the current date and time
+according to the clocks on the database server machine and the machine where
+the <B>udebug</B> command is issued, respectively. All subsequent
+timestamps in the output are expressed in terms of the local clock rather than
+the database server machine clock.
+<PRE> Host's addresses are: <VAR>list_of_IP_addrs</VAR>
+ Host's <VAR>IP_addr</VAR> time is <VAR>dbserver_date/time</VAR>
+ Local time is <VAR>local_date/time</VAR> (time differential <VAR>skew</VAR> secs)
+</PRE>
+<P>If the <VAR>skew</VAR> is more than about 10 seconds, the following message
+appears. As noted, it does not necessarily indicate Ubik
+malfunction: it denotes clock skew between the database server machine
+and the local machine, rather than among the database server machines.
+<PRE> ****clock may be bad
+</PRE>
+<P>If the <B>udebug</B> command is issued during the coordinator election
+process and voting has not yet begun, the following message appears
+next.
+<PRE> Last yes vote not cast yet
+</PRE>
+<P>Otherwise, the output continues with the following messages.
+<PRE> Last yes vote for <VAR>sync_IP_addr</VAR> was <VAR>last_vote</VAR> secs ago (sync site);
+ Last vote started <VAR>vote_start</VAR> secs ago (at <VAR>date/time</VAR>)
+ Local db version is <VAR>db_version</VAR>
+</PRE>
+<P>The first indicates which peer this Ubik process last voted for as
+coordinator (it can vote for itself) and how long ago it sent the vote.
+The second message indicates how long ago the Ubik coordinator requested
+confirming votes from the secondary sites. Usually, the
+<VAR>last_vote</VAR> and <VAR>vote_start</VAR> values are the same; a
+difference between them can indicate clock skew or a slow network connection
+between the two database server machines. A small difference is not
+harmful. The third message reports the current version number
+<VAR>db_version</VAR> of the database maintained by this Ubik process. It
+has two fields separated by a period. The field before the period is
+based on a timestamp that reflects when the database first changed after the
+most recent coordinator election, and the field after the period indicates the
+number of changes since the election.
+<P>The output continues with messages that differ depending on whether the
+Ubik process is the coordinator or not.
+<UL>
+<P><LI>If there is only one database server machine, it is always the coordinator
+(synchronization site), as indicated by the following message.
+<PRE> I am sync site forever (1 server)
+</PRE>
+<P><LI>If there are multiple database sites, and the <B>-servers</B> argument
+names the coordinator (synchronization site), the output continues with the
+following two messages.
+<PRE> I am sync site until <VAR>expiration</VAR> secs from now (at <VAR>date/time</VAR>) (<VAR>#_sites</VAR> servers)
+ Recovery state <VAR>flags</VAR>
+</PRE>
+<P>The first message reports how much longer the site remains coordinator even
+if the next attempt to maintain quorum fails, and how many sites are
+participating in the quorum. The <VAR>flags</VAR> field in the second
+message is a hexadecimal number that indicates the current state of the
+quorum. A value of <TT>1f</TT> indicates complete database
+synchronization, whereas a value of <TT>f</TT> means that the coordinator
+has the correct database but cannot contact all secondary sites to determine
+if they also have it. Lesser values are acceptable if the
+<B>udebug</B> command is issued during coordinator election, but they
+denote a problem if they persist. The individual flags have the
+following meanings:
+<DL>
+<P><DT><B><TT>0x1</TT>
+</B><DD>This machine is the coordinator
+<P><DT><B><TT>0x2</TT>
+</B><DD>The coordinator has determined which site has the database with the
+highest version number
+<P><DT><B><TT>0x4</TT>
+</B><DD>The coordinator has a copy of the database with the highest version number
+<P><DT><B><TT>0x8</TT>
+</B><DD>The database's version number has been updated correctly
+<P><DT><B><TT>0x10</TT>
+</B><DD>All sites have the database with the highest version number
+</DL>
+<P>If the <B>udebug</B> command is issued while the coordinator is writing
+a change into the database, the following additional message appears.
+<PRE> I am currently managing write transaction <VAR>identifier</VAR>
+</PRE>
+<P><LI>If the <B>-servers</B> argument names a secondary site, the output
+continues with the following messages.
+<PRE> I am not sync site
+ Lowest host <VAR>lowest_IP_addr</VAR> was set <VAR>low_time</VAR> secs ago
+ Sync host <VAR>sync_IP_addr</VAR> was set <VAR>sync_time</VAR> secs ago
+</PRE>
+<P>The <VAR>lowest_IP_addr</VAR> is the lowest IP address of any peer from which
+the Ubik process has received a message recently, whereas the
+<VAR>sync_IP_addr</VAR> is the IP address of the current coordinator. If
+they differ, the machine with the lowest IP address is not currently the
+coordinator. The Ubik process continues voting for the current
+coordinator as long as they remain in contact, which provides for maximum
+stability. However, in the event of another coordinator election, this
+Ubik process votes for the <VAR>lowest_IP_addr</VAR> site instead (assuming they
+are in contact), because it has a bias to vote in elections for the site with
+the lowest IP address.
+</UL>
+<P>For both the synchronization and secondary sites, the output continues with
+the following messages. The first message reports the version number of
+the database at the synchronization site, which needs to match the
+<VAR>db_version</VAR> reported by the preceding <TT>Local db version</TT>
+message. The second message indicates how many VLDB records are
+currently locked for any operation or for writing in particular. The
+values are nonzero if the <B>udebug</B> command is issued while an
+operation is in progress.
+<PRE> Sync site's db version is <VAR>db_version</VAR>
+ <VAR>locked</VAR> locked pages, <VAR>writes</VAR> of them for write
+</PRE>
+<P>The following messages appear next only if there are any read or write
+locks on database records:
+<PRE> There are read locks held
+ There are write locks held
+</PRE>
+<P>Similarly, one or more of the following messages appear next only if there
+are any read or write transactions in progress when the <B>udebug</B>
+command is issued:
+<PRE> There is an active write transaction
+ There is at least one active read transaction
+ Transaction tid is <VAR>tid</VAR>
+</PRE>
+<P>If the machine named by the <B>-servers</B> argument is the
+coordinator, the next message reports when the current coordinator last
+updated the database.
+<PRE> Last time a new db version was labelled was:
+ <VAR>last_restart</VAR> secs ago (at <VAR>date/time</VAR>)
+</PRE>
+<P>If the machine named by the <B>-servers</B> argument is the
+coordinator, the output concludes with an entry for each secondary site that
+is participating in the quorum, in the following format.
+<PRE> Server( <VAR>IP_address</VAR> ): (db <VAR>db_version</VAR>)
+ last vote rcvd <VAR>last_vote</VAR> secs ago (at <VAR>date/time</VAR>),
+ last beacon sent <VAR>last_beacon</VAR> secs ago (at <VAR>date/time</VAR>), last vote was { yes | no }
+ dbcurrent={ 0 | 1 }, up={ 0 | 1 } beaconSince={ 0 | 1 }
+</PRE>
+<P>The first line reports the site's IP address and the version number of
+the database it is maintaining. The <VAR>last_vote</VAR> field reports
+how long ago the coordinator received a vote message from the Ubik process at
+the site, and the <VAR>last_beacon</VAR> field how long ago the coordinator last
+requested a vote message. If the <B>udebug</B> command is issued
+during the coordinator election process and voting has not yet begun, the
+following messages appear instead.
+<PRE> Last vote never rcvd
+ Last beacon never sent
+</PRE>
+<P>On the final line of each entry, the fields have the following
+meaning:
+<UL>
+<P><LI><TT>dbcurrent</TT> is <TT>1</TT> if the site has the database with the
+highest version number, <TT>0</TT> if it does not
+<P><LI><TT>up</TT> is <TT>1</TT> if the Ubik process at the site is
+functioning correctly, <TT>0</TT> if it is not
+<P><LI><TT>beaconSince</TT> is <TT>1</TT> if the site has responded to the
+coordinator's last request for votes, <TT>0</TT> if it has not
+</UL>
+<P>Including the <B>-long</B> flag produces peer entries even when the
+<B>-servers</B> argument names a secondary site, but in that case only the
+<VAR>IP_address</VAR> field is guaranteed to be accurate. For example,
+the value in the <VAR>db_version</VAR> field is usually <TT>0.0</TT>,
+because secondary sites do not poll their peers for this information.
+The values in the <VAR>last_vote</VAR> and <VAR>last_beacon</VAR> fields indicate
+when this site last received or requested a vote as coordinator; they
+generally indicate the time of the last coordinator election.
+<P><STRONG>Examples</STRONG>
+<P>This example checks the status of the Ubik process for the Volume Location
+Server on the machine <B>afs1</B>, which is the synchronization
+site.
+<PRE> % <B>udebug afs1 vlserver</B>
+ Host's addresses are: 192.12.107.33
+ Host's 192.12.107.33 time is Wed Oct 27 09:49:50 1999
+ Local time is Wed Oct 27 09:49:52 1999 (time differential 2 secs)
+ Last yes vote for 192.12.107.33 was 1 secs ago (sync site);
+ Last vote started 1 secs ago (at Wed Oct 27 09:49:51 1999)
+ Local db version is 940902602.674
+ I am sync site until 58 secs from now (at Wed Oct 27 09:50:50 1999) (3 servers)
+ Recovery state 1f
+ Sync site's db version is 940902602.674
+ 0 locked pages, 0 of them for write
+ Last time a new db version was labelled was:
+ 129588 secs ago (at Mon Oct 25 21:50:04 1999)
+
+ Server( 192.12.107.35 ): (db 940902602.674)
+ last vote rcvd 2 secs ago (at Wed Oct 27 09:49:50 1999),
+ last beacon sent 1 secs ago (at Wed Oct 27 09:49:51 1999), last vote was yes
+ dbcurrent=1, up=1 beaconSince=1
+
+ Server( 192.12.107.34 ): (db 940902602.674)
+ last vote rcvd 2 secs ago (at Wed Oct 27 09:49:50 1999),
+ last beacon sent 1 secs ago (at Wed Oct 27 09:49:51 1999), last vote was yes
+ dbcurrent=1, up=1 beaconSince=1
+</PRE>
+<P>This example checks the status of the Authentication Server on the machine
+with IP address 192.12.107.34, which is a secondary
+site. The local clock is about 4 minutes behind the database server
+machine's clock.
+<PRE> % <B>udebug 192.12.107.34 7004</B>
+ Host's addresses are: 192.12.107.34
+ Host's 192.12.107.34 time is Wed Oct 27 09:54:15 1999
+ Local time is Wed Oct 27 09:50:08 1999 (time differential -247 secs)
+ ****clock may be bad
+ Last yes vote for 192.12.107.33 was 6 secs ago (sync site);
+ Last vote started 6 secs ago (at Wed Oct 27 09:50:02 1999)
+ Local db version is 940906574.25
+ I am not sync site
+ Lowest host 192.12.107.33 was set 6 secs ago
+ Sync host 192.12.107.33 was set 6 secs ago
+ Sync site's db version is 940906574.25
+ 0 locked pages, 0 of them for write
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf125.htm#HDRBUSERVER">buserver</A>
+<P><A HREF="auarf198.htm#HDRKASERVER">kaserver</A>
+<P><A HREF="auarf227.htm#HDRPTSERVER">ptserver</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf236.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf238.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf237.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf239.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUNLOG" HREF="auarf002.htm#ToC_252">unlog</A></H2>
+<A NAME="IDX5487"></A>
+<A NAME="IDX5488"></A>
+<A NAME="IDX5489"></A>
+<A NAME="IDX5490"></A>
+<A NAME="IDX5491"></A>
+<A NAME="IDX5492"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Discards all of the issuer's tokens
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>unlog</B> [<B>-cell</B> <<VAR>cell name</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>unlog</B> [<B>-c </B><<VAR>cell name</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>unlog</B> command by default discards all tokens that the issuer
+currently holds. To discard tokens for certain cells only, name them
+with the <B>-cell</B> argument.
+<P>Since a token pertains to one client machine only, destroying tokens on one
+machine has no effect on tokens on another machine.
+<P><STRONG>Cautions</STRONG>
+<P>Specifying one or more cell names can cause a brief authentication outage
+during which the issuer has no valid tokens in any cell. This is
+because the command actually discards all tokens and then restores the ones
+for cells not named by the <B>-cell</B> argument. The outage can
+sometimes interrupt the operation of jobs that require authentication.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Specifies each cell for to discard the token. If this argument is
+omitted, the Cache Manager discards all tokens. Provide the fully
+qualified domain name, or a shortened form, in which case successful
+resolution depends on the availability of a name resolution service (such as
+the Domain Name Service or a local host table) at the time the command is
+issued.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command discards all tokens.
+<PRE> % <B>unlog</B>
+
+</PRE>
+<P>The following command discards only the tokens for the
+<B>abc.com</B> and <B>stateu.edu</B> cells.
+<PRE> % <B>unlog -cell abc.com stateu</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf235.htm#HDRTOKENS">tokens</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf237.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf239.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf238.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf240.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUP" HREF="auarf002.htm#ToC_253">up</A></H2>
+<A NAME="IDX5493"></A>
+<A NAME="IDX5494"></A>
+<A NAME="IDX5495"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Recursively copies the contents of a source directory to a destination
+directory.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>up</B> [<B>-v</B>] [<B>-1</B>] [<B>-f</B>] [<B>-r</B>] [<B>-x</B>] <<VAR>source directory</VAR>> <<VAR>destination directory</VAR>>
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>up</B> command recursively copies the files and subdirectories
+in a specified source directory to a specified destination directory.
+The command interpreter changes the destination directory and the files and
+subdirectories in it in the following ways:
+<UL>
+<P><LI>It copies the source directory's access control list (ACL) to the
+destination directory and its subdirectories, overwriting any existing
+ACLs.
+<P><LI>If the issuer is logged on as the local superuser <B>root</B> and has
+AFS tokens as a member of the group <B>system:administrators</B>,
+then the source directory's owner (as reported by the <B>ls -ld</B>
+command) becomes the owner of the destination directory and all files and
+subdirectories in it. Otherwise, the issuer's user name is
+recorded as the owner.
+<P><LI>If a file or directory exists in both the source and destination
+directories, the source version overwrites the destination version. The
+overwrite operation fails if the first (user) <B>w</B> (<B>write</B>)
+mode bit is turned off on the version in the destination directory, unless the
+<B>-f</B> flag is provided.
+<P><LI>The modification timestamp on a file (as displayed by the <B>ls -l</B>
+command) in the source directory overwrites the timestamp on a file of the
+same name in the destination directory, but the timestamp on an existing
+subdirectory in the destination directory remains unchanged. If the
+command creates a new subdirectory in the destination directory, the new
+subdirectory's timestamp is set to the time of the copy operation, rather
+than to the timestamp that the subdirectory has in the source
+directory.
+</UL>
+<P>The <B>up</B> command is idempotent, meaning that if its execution is
+interrupted by a network, server machine, or process outage, then a subsequent
+reissue of the same command continues from the interruption point, rather than
+starting over at the beginning. This saves time and reduces network
+traffic in comparison to the UNIX commands that provide similar
+functionality.
+<P>The <B>up</B> command returns a status code of <B>0</B> (zero) only
+if it succeeds. Otherwise, it returns a status code of <B>1</B>
+(one).
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-v
+</B><DD>Prints a detailed trace to the standard output stream as the command
+runs.
+<P><DT><B>-1
+</B><DD>Copies only the files in the top level source directory to the destination
+directory, rather than copying recursively through subdirectories. The
+source directory's ACL still overwrites the destination
+directory's. (This is the number one, not the letter
+<B>l</B>.)
+<P><DT><B>-f
+</B><DD>Overwrites existing directories, subdirectories, and files even if the
+first (user) <B>w</B> (<B>write</B>) mode bit is turned off on the
+version in the destination directory.
+<P><DT><B>-r
+</B><DD>Creates a backup copy of all files overwritten in the destination
+directory and its subdirectories, by adding a <B>.old</B> extension
+to each filename.
+<P><DT><B>-x
+</B><DD>Sets the modification timestamp on each file to the time of the copying
+operation.
+<P><DT><B><VAR>source directory</VAR>
+</B><DD>Names the directory to copy recursively.
+<P><DT><B><VAR>destination directory</VAR>
+</B><DD>Names the directory to which to copy. It does not have to exist
+already.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command copies the contents of the directory <VAR>dir1</VAR> to
+directory <VAR>dir2</VAR>:
+<PRE> % <B>up dir1 dir2</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must have the <B>a</B> (<B>administer</B>) permission on
+the ACL of both the source and destination directories.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf238.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf240.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf239.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf241.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUPCLIENT" HREF="auarf002.htm#ToC_254">upclient</A></H2>
+<A NAME="IDX5496"></A>
+<A NAME="IDX5497"></A>
+<A NAME="IDX5498"></A>
+<A NAME="IDX5499"></A>
+<A NAME="IDX5500"></A>
+<A NAME="IDX5501"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the client portion of the Update Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>upclient</B> <<VAR>hostname</VAR>> [<B>-crypt</B>] [<B>-clear</B>] [<B>-t </B><<VAR>retry time</VAR>>]
+ [<B>-verbose</B>]<SUP>*</SUP> <<VAR>dir</VAR>><SUP>+</SUP> [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>upclient</B> command initializes the client portion of the
+Update Server. In the conventional configuration, its binary file is
+located in the <B>/usr/afs/bin</B> directory on a file server
+machine.
+<P>The <B>upclient</B> command is not normally issued at the command shell
+prompt but rather placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a database server machine as the local superuser
+<B>root</B>.
+<P>The <B>upclient</B> process periodically checks that all files in each
+local directory named by the <VAR>dir</VAR> argument match the files in the
+corresponding directory on the source machine named by the
+<VAR>hostname</VAR>argument. If a file does not match, the
+<B>upclient</B> process requests the source copy from the
+<B>upserver</B> process running on the source machine.
+<P>By default, the <B>upclient</B> process in the United States edition of
+AFS requests that the <B>upserver</B> process encrypt the data before
+transferring it, whereas in the international edition it requests unencrypted
+transfer. If using the United States edition, use the <B>-clear</B>
+flag to request unencrypted transfer if appropriate. (The
+<B>-crypt</B> flag explicitly sets the default in the United States
+edition, and is not available in the international edition.)
+<P>In the conventional configuration, separate instances of the
+<B>upclient</B> process request data from the <B>/usr/afs/bin</B> and
+<B>/usr/afs/etc</B> directories, except on machines for which the system
+control machine is also the binary distribution machine for the machine's
+system type. The conventional names for the separate instances are
+<B>upclientbin</B> and <B>upclientetc</B> respectively.
+<P>The <B>upclient</B> and <B>upserver</B> processes always mutually
+authenticate, whether or not the data they pass is encrypted; they use
+the key with the highest key version number in the
+<B>/usr/afs/etc/KeyFile</B> file to construct a server ticket for mutual
+authentication.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use the Update Server to distribute the contents of the
+<B>/usr/afs/etc</B> directory if using the international edition of
+AFS. The contents of this directory are sensitive and the international
+edition of AFS does not include the encryption routines necessary for
+encrypting files before transfer across the network.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><VAR>hostname</VAR>
+</B><DD>Names either the cell's system control machine (if the requested
+directory is <B>/usr/afs/etc</B>), or the binary distribution machine for
+the local machine's CPU and operating system type (if the requested
+directory is <B>/usr/afs/bin</B>).
+<P><DT><B>-crypt
+</B><DD>Requests the transfer of data from the <B>upserver</B> process in
+encrypted form. With the United States edition of AFS, use this flag to
+set the default explicitly. Provide this flag or the <B>-crypt</B>
+flag, but not both.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This flag is not available in the international edition of AFS.
+</TD></TR></TABLE>
+<P><DT><B>-clear
+</B><DD>Requests transfer of data from the <B>upserver</B> process in
+unencrypted form. Use this flag to change from the default for the
+United States edition of AFS. Provide this flag or the
+<B>-crypt</B> flag, but not both.
+<P><DT><B>-t
+</B><DD>Specifies how often to check for changes in each specified directory, as a
+number of seconds. If this argument is omitted, the default is 300 (5
+minutes). This argument determines the maximum amount of time it takes
+for a change made on the source machine to propagate to this machine.
+<P><DT><B>-verbose
+</B><DD>Writes a trace of the <B>upclient</B> process's operations on the
+standard output stream, which usually corresponds to the machine
+console. Provide one, two, or three instances of the flag; each
+additional instance generates increasingly numerous and detailed
+messages.
+<P><DT><B><VAR>dir</VAR>
+</B><DD>Names each directory to check for modified files. The conventional
+choices are the following:
+<UL>
+<P><LI><B>/usr/afs/bin</B>, in which case the recommended name for the
+process (assigned with the <B>-instance</B> argument to the <B>bos
+create</B> command) is <B>upclientbin</B>. The <VAR>hostname</VAR>
+is the binary distribution machine for the local machine's system
+type. Use the <B>-clear</B> flag be used for the
+<B>/usr/afs/bin</B> directory, since binaries are not particularly
+sensitive and encrypting them can take a long time.
+<P><LI><B>/usr/afs/etc</B>, in which case the recommended name for the
+process (assigned with the <B>-instance</B> argument to the <B>bos
+create</B> command) is <B>upclientetc</B>. The <VAR>hostname</VAR>
+is the cell's system control machine. Use the <B>-crypt</B>
+flag for the <B>/usr/afs/etc</B> directory, since it contains the
+<B>KeyFile</B> file and other data vital to cell security.
+<P>As a reminder, do not use the Update Server to transfer the contents of the
+<B>/usr/afs/etc</B> directory if using the international edition of
+AFS.
+</UL>
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following <B>bos create</B> command creates an
+<B>upclientbin</B> process on the machine
+<B>fs4.abc.com</B> that refers to the machine
+<B>fs1.abc.com</B> as the source for the
+<B>/usr/afs/bin</B> directory (thus <B>fs1.abc.com</B>
+is the binary distribution machine for machines of
+<B>fs4.abc.com</B>'s type). The files in the
+<B>/usr/afs/bin</B> directory are distributed every 120 seconds.
+The command requests transfer in unencrypted form.
+<PRE> % <B>bos create -server fs4.abc.com -instance upclientbin -type simple</B> \
+ <B>-cmd "/usr/afs/bin/upclient fs1.abc.com -clear</B> \
+ <B>-t 120 /usr/afs/bin"</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf241.htm#HDRUPSERVER">upserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf239.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf241.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf240.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf242.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUPSERVER" HREF="auarf002.htm#ToC_255">upserver</A></H2>
+<A NAME="IDX5502"></A>
+<A NAME="IDX5503"></A>
+<A NAME="IDX5504"></A>
+<A NAME="IDX5505"></A>
+<A NAME="IDX5506"></A>
+<A NAME="IDX5507"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the server portion of the Update Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>upserver</B> [<<VAR>directory</VAR>><SUP>+</SUP>] [<B>-crypt</B> <<VAR>directory</VAR>><SUP>+</SUP>] [<B>-clear</B> <<VAR>directory</VAR>><SUP>+</SUP>]
+ [<B>-auth</B> <<VAR>directory</VAR>><SUP>+</SUP>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>upserver</B> command initializes the server portion of the
+Update Server (the <B>upserver</B> process). In the conventional
+configuration, its binary file is located in the <B>/usr/afs/bin</B>
+directory on a file server machine.
+<P>The <B>upserver</B> command is not normally issued at the command shell
+prompt but rather placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a database server machine as the local superuser
+<B>root</B>.
+<P>The <B>upserver</B> command specifies which of the directories on the
+local disk are eligible for distribution in response to requests from the
+client portion of the Update Server (the <B>upclient</B> process) running
+on other machines. If no directories are specified, the
+<B>upserver</B> process distributes the contents of any directory on its
+local disk.
+<P>The <B>upserver</B> process can distribute a directory's contents
+in encrypted or unencrypted form. By default, it does not use
+encryption unless an <B>upclient</B> process requests it (this default is
+equivalent to setting the <B>-clear</B> flag). When the
+<B>-crypt</B> flag is provided, the <B>upserver</B> process only
+fulfills requests for encrypted transfer.
+<P>For the United States edition of AFS, using the <B>-crypt</B> flag
+guarantees that the <B>upserver</B> process transfers a directory's
+contents only in encrypted form. For the international edition, using
+the <B>-crypt</B> flag completely blocks data transfer, because the
+international edition of the <B>upclient</B> process cannot request
+encrypted transfer (the <B>upclient</B> initialization command does not
+include the <B>-crypt</B> flag).
+<P>The <B>upclient</B> and <B>upserver</B> processes always mutually
+authenticate, whether or not the data they pass is encrypted; they use
+the key with the highest key version number in the
+<B>/usr/afs/etc/KeyFile</B> file to construct a server ticket for mutual
+authentication.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use the Update Server to distribute the contents of the
+<B>/usr/afs/etc</B> directory if using the international edition of
+AFS. The contents of this directory are sensitive and the international
+edition of AFS does not include the encryption routines necessary for
+encrypting files before transfer across the network.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><VAR>directory</VAR>
+</B><DD>Names each directory to distribute in unencrypted form (because they
+appear before the first <B>-crypt</B> or <B>-clear</B> flag on the
+command line). If this argument is omitted, all directories on the
+machine's local disk are eligible for distribution.
+<P><DT><B>-crypt
+</B><DD>Precedes a list of one or more directories that the <B>upserver</B>
+process distributes only in encrypted form.
+<P><DT><B>-clear
+</B><DD>Precedes a list of one or more directories that the <B>upserver</B>
+process distributes in unencrypted form unless the <B>upclient</B> process
+requests them in encrypted form. Use this argument only if a list of
+directories headed by the <B>-crypt</B> flag precedes it on the command
+line.
+<P><DT><B>-auth
+</B><DD>Precedes a list of one or more directories which the <B>upserver</B>
+process distributes using a form of encryption that is intermediate in
+complexity and security between the unencrypted and encrypted levels set by
+the <B>-clear</B> and <B>-crypt</B> arguments. Do not use this
+argument, because the <B>upclient</B> process does not have a
+corresponding argument that it can use to request data transfer at this
+level.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example <B>bos create</B> command defines and starts an
+<B>upserver</B> process on the host machine
+<B>fs1.abc.com</B>. The last parameter (enclosed in
+quotes) instructs the <B>upserver</B> process to distribute the contents
+of the <B>/usr/afs/bin</B> directory in unencrypted form and the contents
+of the <B>/usr/afs/etc</B> directory in encrypted form.
+<PRE> % <B>bos create -server fs1.abc.com -instance upserver -type simple</B> \
+ <B>-cmd "/usr/afs/bin/upserver /usr/afs/bin -crypt /usr/afs/etc"</B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf240.htm#HDRUPCLIENT">upclient</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf240.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf242.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf241.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf243.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSS_INTRO" HREF="auarf002.htm#ToC_256">uss</A></H2>
+<A NAME="IDX5508"></A>
+<A NAME="IDX5509"></A>
+<A NAME="IDX5510"></A>
+<A NAME="IDX5511"></A>
+<A NAME="IDX5512"></A>
+<A NAME="IDX5513"></A>
+<A NAME="IDX5514"></A>
+<A NAME="IDX5515"></A>
+<A NAME="IDX5516"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>uss</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>uss</B> command suite help administrators to
+create AFS user accounts more easily and efficiently. If <B>uss</B>
+commands are not used, creating an account requires issuing at least six
+separate commands to five different AFS servers.
+<P>There are three main commands in the suite:
+<UL>
+<P><LI>The <B>uss add</B> command creates a single complete user account,
+based on command line arguments and instructions in a template file.
+<P><LI>The <B>uss bulk</B> command creates multiple complete accounts at
+once, based on command line arguments, instructions in a template file and a
+bulk input file.
+<P><LI>the <B>uss delete</B> command removes most parts of a user
+account.
+</UL>
+<P>To obtain help, issue the <B>uss apropos</B> and <B>uss help</B>
+commands.
+<P><STRONG>Options</STRONG>
+<P>The following arguments and flags are available on many commands in the
+<B>uss</B> suite. The reference page for each command also lists
+them, but they are described here in greater detail.
+<DL>
+<P><DT><B>-admin <<VAR>administrator to authenticate</VAR>>
+</B><DD>Specifies the AFS user name under which to establish a connection to the
+AFS server processes that administer the various parts of a user
+account. If it is omitted, the connection is established under the
+issuer's effective user ID (his or her identity in the local file
+system). Even when this argument is included, UNIX commands that run
+during the <B>uss</B> operation (for instance, the UNIX
+<B>/etc/chown</B> command) run under the effective user ID.
+<P><DT><B>-cell <<VAR>cell name</VAR>>
+</B><DD>Names the cell in which to run the command. It is acceptable to
+abbreviate the cell name to the shortest form that distinguishes it from the
+other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
+machine. If the <B>-cell</B> argument is omitted, the command
+interpreter determines the name of the local cell by reading the following in
+order:
+<OL TYPE=1>
+<P><LI>The value of the AFSCELL environment variable
+<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
+</OL>
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform when
+executing the <B>uss</B> operation, without actually performing
+them. Include this flag to verify that the command produces the desired
+account configuration. Combine it with the <B>-verbose</B> flag to
+yield even more detailed information. Note that the output does not
+necessarily reveal all possible problems that can prevent successful execution
+of the command, especially those that result from transient server or network
+outages.
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+<P><DT><B>-skipauth
+</B><DD>Bypasses mutual authentication with the AFS Authentication Server,
+allowing a site that uses Kerberos instead of the AFS Authentication Server to
+substitute that form of authentication.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer of a <B>uss</B> command must have all the rights required
+for performing the equivalent actions individually. See each
+<B>uss</B> command's reference page.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
+<P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
+<P><A HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
+<P><A HREF="auarf244.htm#HDRUSS_APROPOS">uss apropos</A>
+<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
+<P><A HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
+<P><A HREF="auarf247.htm#HDRUSS_HELP">uss help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf241.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf243.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf242.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf244.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSS_ADD" HREF="auarf002.htm#ToC_257">uss add</A></H2>
+<A NAME="IDX5517"></A>
+<A NAME="IDX5518"></A>
+<A NAME="IDX5519"></A>
+<A NAME="IDX5520"></A>
+<A NAME="IDX5521"></A>
+<A NAME="IDX5522"></A>
+<A NAME="IDX5523"></A>
+<A NAME="IDX5524"></A>
+<A NAME="IDX5525"></A>
+<A NAME="IDX5526"></A>
+<A NAME="IDX5527"></A>
+<A NAME="IDX5528"></A>
+<A NAME="IDX5529"></A>
+<A NAME="IDX5530"></A>
+<A NAME="IDX5531"></A>
+<A NAME="IDX5532"></A>
+<A NAME="IDX5533"></A>
+<A NAME="IDX5534"></A>
+<A NAME="IDX5535"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a user account
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>uss add -user</B> <<VAR>login name</VAR>> [<B>-realname</B> <<VAR>full name in quotes</VAR>>]
+ [<B>-pass</B> <<VAR>initial password</VAR>>]
+ [<B>-pwexpires</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>]
+ [<B>-server</B> <<VAR>FileServer for home volume</VAR>>]
+ [<B>-partition</B> <<VAR>FileServer's disk partition for home volume</VAR>>]
+ [<B>-mount</B> <<VAR>home directory mount point</VAR>>]
+ [<B>-uid</B> <<VAR>uid to assign the user</VAR>>]
+ [<B>-template</B> <<VAR>pathname of template file</VAR>>]
+ [<B>-verbose</B>] [<B>-var</B> <<VAR>auxiliary argument pairs (Num val)</VAR>><SUP>+</SUP>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-admin</B> <<VAR>administrator to authenticate</VAR>>]
+ [<B>-dryrun</B>] [<B>-skipauth</B>] [<B>-overwrite</B>] [<B>-help</B>]
+
+<B>uss ad -us</B> <<VAR>login name</VAR>> [<B>-r</B> <<VAR>full name in quotes</VAR>>]
+ [<B>-pas</B> <<VAR>initial password</VAR>>]
+ [<B>-pw</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>]
+ [<B>-se</B> <<VAR>FileServer for home volume</VAR>>]
+ [<B>-par</B> <<VAR>FileServer's disk partition for home volume</VAR>>]
+ [<B>-m</B> <<VAR>home directory mount point</VAR>>] [<B>-ui</B> <<VAR>uid to assign the user</VAR>>]
+ [<B>-t</B> <<VAR>pathname of template file</VAR>>] [<B>-ve</B>]
+ [<B>-va</B> <<VAR>auxiliary argument pairs (Num val)</VAR>><SUP>+</SUP>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-a</B> <<VAR>administrator to authenticate</VAR>>] [<B>-d</B>] [<B>-sk</B>] [<B>-o</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>uss add</B> command creates entries in the Protection Database
+and Authentication Database for the user name specified by the
+<B>-user</B> argument. By default, the Protection Server
+automatically allocates an AFS user ID (UID) for the new user; to specify
+an alternate AFS UID, include the <B>-uid</B> argument. If a
+password is provided with the <B>-pass</B> argument, it is stored as the
+user's password in the Authentication Database after conversion into a
+form suitable for use as an encryption key. Otherwise, the string
+<B>changeme</B> is assigned as the user's initial password.
+<P>The other results of the command depend on which instructions and which of
+a defined set of variables appear in the template file specified with the
+<B>-template</B> argument. Many of the command's arguments
+supply a value for one of the defined variables, and failure to provide an
+argument when the corresponding variable appears in the template file halts
+the account creation process at the point where the command interpreter first
+encounters the variable in the template file.
+<P>To create multiple accounts with a single command, use the <B>uss
+bulk</B> command. To delete accounts with a single command, use the
+<B>uss delete</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-user
+</B><DD>Names the user's Authentication Database and Protection Database
+entries. It can include up to eight alphanumeric characters, but not
+any of the following characters: <B>:</B> (colon),
+<B>@</B> (at-sign), <B>.</B> (period), space, or
+newline. Because it becomes the username (the name under which a user
+logs in), it is best not to include shell metacharacters and to obey the
+restrictions that many operating systems impose on usernames (usually, to
+contain no more than eight lowercase letters).
+<P>Corresponding variable in the template file: $USER.
+<P><DT><B>-realname
+</B><DD>Specifies the user's full name. If it contains spaces or
+punctuation, surround it with double quotes. If not provided, it
+defaults to the user name provided with the <B>-user</B> argument.
+<P>Corresponding variable in the template file: $NAME. Many
+operating systems include a field for the full name in a user's entry in
+the local password file (<B>/etc/passwd</B> or equivalent), and this
+variable can be used to pass a value to be used in that field.
+<P><DT><B>-pass
+</B><DD>Specifies the user's initial password. Although the AFS
+commands that handle passwords accept strings of virtually unlimited length,
+it is best to use a password of eight characters or less, which is the maximum
+length that many applications and utilities accept. If not provided,
+this argument defaults to the string <B>changeme</B>.
+<P>Corresponding variable in the template file: none.
+<P><DT><B>-pwexpires
+</B><DD>Sets the number of days after a user's password is changed that it
+remains valid. Provide an integer from the range <B>1</B> through
+<B>254</B> to specify the number of days until expiration, or the value
+<B>0</B> to indicate that the password never expires (the default).
+<P>When the password becomes invalid (expires), the user is unable to
+authenticate, but has 30 more days in which to issue the <B>kpasswd</B>
+command to change the password (after that, only an administrator can change
+it).
+<P>Corresponding variable in the template file: $PWEXPIRES.
+<P><DT><B>-server
+</B><DD>Names the file server machine on which to create the new user's
+volume. It is best to provide a fully qualified hostname (for example,
+<B>fs1.abc.com</B>), but an abbreviated form is acceptable
+provided that the cell's naming service is available to resolve it at the
+time the volume is created.
+<P>Corresponding variable in the template file: $SERVER.
+<P><DT><B>-partition
+</B><DD>Specifies the partition on which to create the user's volume; it
+must be on the file server machine named by the <B>-server</B>
+argument. Provide the complete partition name (for example
+<B>/vicepa</B>) or one of the following abbreviated forms:
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P>
+<P>Corresponding variable in the template file: $PART.
+<P><DT><B>-mount
+</B><DD>Specifies the pathname for the user's home directory. Partial
+pathnames are interpreted relative to the current working directory.
+<P>Specify the read/write path to the directory, to avoid the failure that
+results from attempting to create a new mount point in a read-only
+volume. By convention, the read/write path is indicated by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P>Corresponding variable in template: $MTPT, but in the template
+file's <B>V</B> instruction only. Occurrences of the $MTPT
+variable in template instructions that follow the <B>V</B> instruction
+take their value from the <B>V</B> instruction's
+<B>mount_point</B> field. Thus the value of this command line
+argument becomes the value for the $MTPT variable in instructions that follow
+the <B>V</B> instruction only if the string $MTPT appears alone in the
+<B>V</B> instruction's <B>mount_point</B> field.
+<P><DT><B>-uid
+</B><DD>Specifies a positive integer other than 0 (zero) to assign as the
+user's AFS UID. If this argument is omitted, the Protection Server
+assigns an AFS UID that is one greater than the current value of the
+<TT>max</TT> <TT>user</TT> <TT>id</TT> counter (use the <B>pts
+listmax</B> command to display the counter). If including this
+argument, it is best first to use the <B>pts examine</B> command to verify
+that no existing account already has the desired AFS UID; it one does,
+the account creation process terminates with an error.
+<P>Corresponding variable in the template file: $UID.
+<P><DT><B>-template
+</B><DD>Specifies the pathname of the template file. If this argument is
+omitted, the command interpreter searches the following directories in the
+indicated order for a file called <B>uss.template</B>:
+<OL TYPE=1>
+<P><LI>The current working directory
+<P><LI><B>/afs/</B><VAR>cellname</VAR><B>/common/uss</B>, where
+<VAR>cellname</VAR> names the local cell
+<P><LI><B>/etc</B>
+</OL>
+<P>
+<P>If the issuer provides a filename other than <B>uss.template</B>
+but without a pathname, the command interpreter searches for it in the
+indicated directories. If the issuer provides a full or partial
+pathname, the command interpreter consults the specified file only; it
+interprets partial pathnames relative to the current working directory.
+<P>
+<P>If the specified template file is empty (zero-length), the command creates
+Protection and Authentication Database entries only.
+<P>The <B>uss Template File</B> reference page details the file's
+format.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-var
+</B><DD>Specifies values for each of the number variables $1 through $9 that can
+appear in the template file. Use the number variables to assign values
+to variables in the <B>uss</B> template file that are not part of the
+standard set.
+<P>Corresponding variables in the template file: $1 through $9.
+<P>For each instance of this argument, provide two parts in the indicated
+order, separated by a space:
+<UL>
+<P><LI>The integer from the range <B>1</B> through <B>9</B> that matches
+the variable in the template file. Do not precede it with a dollar
+sign.
+<P><LI>A string of alphanumeric characters to assign as the value of the
+variable.
+</UL>
+<P>See the chapter on <B>uss</B> in the <I>IBM AFS Administration
+Guide</I> for further explanation.
+<P><DT><B>-cell
+</B><DD>Specifies the cell in which to run the command. For more details,
+see the introductory <B>uss</B> reference page.
+<P><DT><B>-admin
+</B><DD>Specifies the AFS user name under which to establish authenticated
+connections to the AFS server processes that maintain the various components
+of a user account. For more details, see the introductory
+<B>uss</B> reference page.
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform while
+executing the command, without actually performing them. For more
+details, see the introductory <B>uss</B> reference page.
+<P><DT><B>-skipauth
+</B><DD>Prevents authentication with the AFS Authentication Server, allowing a
+site using Kerberos to substitute that form of authentication.
+<P><DT><B>-overwrite
+</B><DD>Overwrites any directories, files and links that exist in the file system
+and for which there are definitions in <B>D</B>, <B>E</B>,
+<B>F</B>, <B>L</B>, or <B>S</B> instructions in the template file
+named by the <B>-template</B> argument. If this flag is omitted,
+the command interpreter prompts once for confirmation that it is to overwrite
+all such elements.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The combination of the following example <B>uss add</B> command and
+<B>V</B> instruction in a template file called <B>uss.tpl</B>
+creates Protection and Authentication Database entries named <B>smith</B>,
+and a volume called <TT>user.smith</TT> with a quota of 2500 kilobyte
+blocks, mounted at the pathname
+<B>/afs/abc.com/usr/smith</B>. The access control list (ACL)
+on the mount point grants <B>smith</B> all rights.
+<P>The issuer of the <B>uss add</B> command provides only the template
+file's name, not its complete pathname, because it resides in the current
+working directory. The command and <B>V</B> instruction appear here
+on two lines only for legibility; there are no line breaks in the actual
+instruction or command.
+<PRE> V user.$USER $SERVER.abc.com /vice$PART $1 \
+ /afs/abc.com/usr/$USER $UID $USER all
+
+ % <B>uss add -user smith -realname "John Smith" -pass js_pswd -server fs2</B> \
+ <B>-partition b -template uss.tpl -var 1 2500</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer (or the user named by the <B>-admin</B> argument) must
+belong to the <B>system:administrators</B> group in the Protection
+Database and must have the <TT>ADMIN</TT> flag turned on in his or her
+Authentication Database entry.
+<P>If the template contains a <B>V</B> instruction, the issuer must be
+listed in the <B>/usr/afs/etc/UserList</B> file and must have at least
+<B>a</B> (<B>administer</B>) and <B>i</B> (<B>insert</B>)
+permissions on the ACL of the directory that houses the new mount
+point. If the template file includes instructions for creating other
+types of objects (directories, files or links), the issuer must have each
+privilege necessary to create them.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
+<P><A HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf242.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf244.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf243.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf245.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSS_APROPOS" HREF="auarf002.htm#ToC_258">uss apropos</A></H2>
+<A NAME="IDX5536"></A>
+<A NAME="IDX5537"></A>
+<A NAME="IDX5538"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>uss apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>uss ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>uss apropos</B> command displays the first line of the online
+help entry for any <B>uss</B> command that has in its name or short
+description the string specified by the <B>-topic</B> argument.
+<P>To display the syntax for a command, use the <B>uss help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-topic</B>
+</B><DD>Specifies the keyword string to match, in lowercase letters only.
+If the string is more than a single word, surround it with double quotes ("")
+or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>uss</B> command where the string specified by the <B>-topic</B>
+argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command lists all <B>uss</B> commands that include the
+word <B>create</B> in their names or short descriptions:
+<PRE> % <B>uss apropos create</B>
+ add: create a new user
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<P><A HREF="auarf247.htm#HDRUSS_HELP">uss help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf243.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf245.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf244.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf246.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSS_BULK" HREF="auarf002.htm#ToC_259">uss bulk</A></H2>
+<A NAME="IDX5539"></A>
+<A NAME="IDX5540"></A>
+<A NAME="IDX5541"></A>
+<A NAME="IDX5542"></A>
+<A NAME="IDX5543"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Executes multiple <B>uss</B> commands listed in a file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>uss bulk -file</B> <<VAR>bulk input file</VAR>> [<B>-template</B> <<VAR>pathname of template file</VAR>>]
+ [<B>-verbose</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-admin</B> <<VAR>administrator to authenticate</VAR>>] [<B>-dryrun</B>]
+ [<B>-skipauth</B>] [<B>-overwrite</B>]
+ [<B>-pwexpires</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>]
+ [<B>-pipe</B>] [<B>-help</B>]
+
+<B>uss b -f</B> <<VAR>bulk input file</VAR>> [<B>-t</B> <<VAR>pathname of template file</VAR>>] [<B>-v</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-a</B> <<VAR>administrator to authenticate</VAR>>] [<B>-d</B>] [<B>-s</B>]
+ [<B>-o</B>] [<B>-pw</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>]
+ [<B>-pi</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>uss bulk</B> command executes the <B>uss</B> commands listed
+in the <B>bulk input file</B> specified with the <B>-file</B>
+argument. If the bulk input file includes <B>add</B> instructions
+that reference a template file, then the <B>-template</B> argument is
+required.
+<P>To create a single account, use the <B>uss add</B> command. To
+delete one or more accounts, use the <B>uss delete</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-file
+</B><DD>Specifies the pathname of the bulk input file. Partial pathnames
+are interpreted relative to the current working directory. For details
+on the file's format, see <A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>.
+<P><DT><B>-template
+</B><DD>Specifies the pathname of the template file for any <B>uss add</B>
+commands that appear in the bulk input file. Partial pathnames are
+interpreted relative to the current working directory. For details on
+the file's format, see <A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-cell
+</B><DD>Specifies the cell in which to run the command. For more details,
+see the introductory <B>uss</B> reference page.
+<P><DT><B>-admin
+</B><DD>Specifies the AFS user name under which to establish authenticated
+connections to the AFS server processes that maintain the various components
+of a user account. For more details, see the introductory
+<B>uss</B> reference page.
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform while
+executing the command, without actually performing them. For more
+details, see the introductory <B>uss</B> reference page.
+<P><DT><B>-skipauth
+</B><DD>Prevents authentication with the AFS Authentication Server, allowing a
+site using Kerberos to substitute that form of authentication.
+<P><DT><B>-overwrite
+</B><DD>Overwrites any directories, files and links that exist in the file system
+and for which there are also <B>D</B>, <B>E</B>, <B>F</B>,
+<B>L</B>, or <B>S</B> instructions in a template file referenced by an
+<B>add</B> instruction in the bulk input file. If this flag is
+omitted, the command interpreter prompts, once for each <B>add</B>
+instruction in the bulk input file, for confirmation that it should overwrite
+such elements. Do not include this flag if the bulk input file does not
+contain <B>add</B> instructions.
+<P><DT><B>-pwexpires
+</B><DD>Sets the number of days after a user's password is changed that it
+remains valid, for each user named by an <B>add</B> instruction in the
+bulk input file. Provide an integer from the range <B>1</B> through
+<B>254</B> to specify the number of days until expiration, or the value
+<B>0</B> to indicate that the password never expires (the default).
+<P>When the password becomes invalid (expires), the user is unable to
+authenticate, but has 30 more days in which to issue the <B>kpasswd</B>
+command to change the password (after that, only an administrator can change
+it).
+<P><DT><B>-pipe
+</B><DD>Suppresses the Authentication Server's prompt for the password of the
+issuer or the user named by the <B>-admin</B> argument (the Authentication
+Server always separately authenticates the creator of an entry in the
+Authentication Database). Instead, the command interpreter accepts the
+password via the standard input stream, as piped in from another
+program. This enables the <B>uss bulk</B> command to run as part of
+unattended batch jobs.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command executes the instructions in the bulk input
+file called <B>new_students</B>, which includes <B>add</B>
+instructions that refer to the template file
+<B>student.template</B>. Both files reside in the current
+working directory.
+<PRE> % <B>uss bulk new_students student.template</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer (or the user named by the <B>-admin</B> argument) must have
+the privileges necessary to run the commands that correspond to instructions
+in the bulk input file.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
+<P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
+<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<P><A HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
+<P><A HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf244.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf246.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf245.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf247.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSS_DELETE" HREF="auarf002.htm#ToC_260">uss delete</A></H2>
+<A NAME="IDX5544"></A>
+<A NAME="IDX5545"></A>
+<A NAME="IDX5546"></A>
+<A NAME="IDX5547"></A>
+<A NAME="IDX5548"></A>
+<A NAME="IDX5549"></A>
+<A NAME="IDX5550"></A>
+<A NAME="IDX5551"></A>
+<A NAME="IDX5552"></A>
+<A NAME="IDX5553"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes a user account
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>uss delete -user</B> <<VAR>login name</VAR>> [<B>-mountpoint</B> <<VAR>mountpoint for user's volume</VAR>>]
+ [<B>-savevolume</B>] [<B>-verbose</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-admin</B> <<VAR>administrator to authenticate</VAR>>] [<B>-dryrun</B>]
+ [<B>-skipauth</B>] [<B>-help</B>]
+
+<B>uss d -u</B> <<VAR>login name</VAR>> [<B>-m</B> <<VAR>mountpoint for user's volume</VAR>>] [<B>-sa</B>] [<B>-v</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] <B>-a</B> <<VAR>administrator to authenticate</VAR>>]
+ [<B>-d</B>] [<B>-sk</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>uss delete</B> command removes the Authentication Database and
+Protection Database entries for the user named by <B>-user</B>
+argument. In addition, it can remove the user's home volume and
+associated VLDB entry, a mount point for the volume or both, depending on
+whether the <B>-mountpoint</B> and <B>-savevolume</B> options are
+provided.
+<UL>
+<P><LI>To remove both the volume and mount point, use the <B>-mountpoint</B>
+argument to name the user's home directory. It is best to create a
+tape backup of a volume before deleting it. Note that other mount
+points for the volume are not removed, if they exist.
+<P><LI>To remove the mount point only, provide both the <B>-mountpoint</B>
+and <B>-savevolume</B> options.
+<P><LI>To preserve both the volume and mount point, omit the
+<B>-mountpoint</B> argument (or both it and the <B>-savevolume</B>
+flag).
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-user
+</B><DD>Names the entry to delete from the Protection and Authentication
+Databases.
+<P><DT><B>-mountpoint
+</B><DD>Specifies the pathname to the user's home directory, which is deleted
+from the filespace. By default, the volume referenced by the mount
+point is also removed from the file server machine that houses it, along with
+its Volume Location Database (VLDB) entry. To retain the volume and
+VLDB entry, include the <B>-savevolume</B> flag. Partial pathnames
+are interpreted relative to the current working directory.
+<P>Specify the read/write path to the mount point, to avoid the failure that
+results from attempting to remove a mount point from a read-only
+volume. By convention, the read/write path is indicated by placing a
+period before the cell name at the pathname's second level (for example,
+<B>/afs/.abc.com</B>). For further discussion of the
+concept of read/write and read-only paths through the filespace, see the
+<B>fs mkmount</B> reference page.
+<P><DT><B>-savevolume
+</B><DD>Preserves the user's volume and VLDB entry.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-cell
+</B><DD>Specifies the cell in which to run the command. For more details,
+see the introductory <B>uss</B> reference page.
+<P><DT><B>-admin
+</B><DD>Specifies the AFS user name under which to establish authenticated
+connections to the AFS server processes that maintain the various components
+of a user account. For more details, see the introductory
+<B>uss</B> reference page.
+<P><DT><B>-dryrun
+</B><DD>Reports actions that the command interpreter needs to perform while
+executing the command, without actually performing them. For more
+details, see the introductory <B>uss</B> reference page.
+<P><DT><B>-skipauth
+</B><DD>Prevents authentication with the AFS Authentication Server, allowing a
+site using Kerberos to substitute that form of authentication.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes <B>smith</B>'s user account from the
+<B>abc.com</B> cell. The <B>-savevolume</B> argument
+retains the <TT>user.smith</TT> volume on its file server
+machine.
+<PRE> % <B>uss delete smith -mountpoint /afs/abc.com/usr/smith -savevolume</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer (or the user named by <B>-admin</B> argument) must belong to
+the <B>system:administrators</B> group in the Protection Database,
+must have the <TT>ADMIN</TT> flag turned on in his or her Authentication
+Database entry, and must have at least <B>a</B> (<B>administer</B>)
+and <B>d</B> (<B>delete</B>) permissions on the access control list
+(ACL) of the mount point's parent directory. If the
+<B>-savevolume</B> flag is not included, the issuer must also be listed in
+the <B>/usr/afs/etc/UserList</B> file.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
+<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf245.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf247.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf246.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf248.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRUSS_HELP" HREF="auarf002.htm#ToC_261">uss help</A></H2>
+<A NAME="IDX5554"></A>
+<A NAME="IDX5555"></A>
+<A NAME="IDX5556"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>uss</B> commands or lists
+functional descriptions of all <B>uss</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>uss help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>uss h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>uss help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>uss</B> command.
+<P>To list every <B>uss</B> command whose name or short description
+includes a specified keyword, use the <B>uss apropos</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Indicates each command for which to display the complete online help
+entry. Omit the <B>uss</B> part of the command name, providing only
+the operation code (for example, specify <B>bulk</B>, not <B>uss
+bulk</B>). If this argument is omitted, the output briefly describes
+every <B>uss</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>uss</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>uss
+bulk</B> command:
+<PRE> % <B>uss help bulk</B>
+ uss bulk: bulk input mode
+ Usage: uss bulk -file <bulk input file> [-template <pathname
+ of template file>] [-verbose] [-cell <cell name>] [-admin
+ <administrator to authenticate>] [-dryrun] [-skipauth] [-overwrite]
+ [-pwexpires <password expires in [0..254] days (0 => never)>] [-pipe]
+ [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
+<P><A HREF="auarf244.htm#HDRUSS_APROPOS">uss apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf246.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf248.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf247.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf249.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVLDB_CHECK" HREF="auarf002.htm#ToC_262">vldb_check</A></H2>
+<A NAME="IDX5557"></A>
+<A NAME="IDX5558"></A>
+<A NAME="IDX5559"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Checks the integrity of the VLDB
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vldb_check -database</B> <<VAR>vldb_file</VAR>> [<B>-uheader</B>] [<B>-vheader</B>] [<B>-servers</B>]
+ [<B>-entries</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vldb_check -d</B> <<VAR>vldb_file</VAR>> [<B>-u</B>] [<B>-vh</B>] [<B>-s</B>] [<B>-e</B>] [<B>-ve</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vldb_check</B> command checks the integrity of the Volume
+Location Database (VLDB), reporting any errors or corruption it finds.
+If there are problems, do not issue any <B>vos</B> commands until the
+database is repaired.
+<P><STRONG>Cautions</STRONG>
+<P>The results can be unpredictable if the Volume Location (VL) Server makes
+changes to the VLDB while this command is running. Use the <B>bos
+shutdown</B> command to shutdown the local <B>vlserver</B> process
+before running this command, or before creating a second copy of the
+<B>vldb.DB0</B> file (with a different name) on which to run the
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-database
+</B><DD>Names the VLDB (copy of the <B>vldb.DB0</B> file) to
+check. If the current working directory is not the location of the
+file, provide a pathname, either full or relative to the current working
+directory.
+<P><DT><B>-uheader
+</B><DD>Displays information which Ubik maintains in the database's
+header.
+<P><DT><B>-pheader
+</B><DD>Displays information which the VL Server maintains in the database's
+header.
+<P><DT><B>-servers
+</B><DD>Outputs the server entries from the VLDB, which list the IP addresses
+registered for each file server machine in the cell.
+<P><DT><B>-entries
+</B><DD>Outputs every volume entry in the database. The information
+includes the volume's name and the volume ID number for each of its
+versions.
+<P><DT><B>-verbose
+</B><DD>Reports additional information about the database, including the number of
+entries for each type of volume.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If there are errors in the database, the output always reports them on the
+standard error stream. If any options other than <B>-database</B>
+or <B>-help</B> are provided, the output written to the standard output
+stream includes additional information as described for each option in the
+preceding <B>Options</B> section of this reference page. The output
+is intended for debugging purposes and is meaningful to someone familiar with
+the internal structure of the VLDB.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<P><A HREF="auarf118.htm#HDRBOS_SHUTDOWN">bos shutdown</A>
+<P><A HREF="auarf249.htm#HDRVLSERVER">vlserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf247.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf249.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf248.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf250.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVLSERVER" HREF="auarf002.htm#ToC_263">vlserver</A></H2>
+<A NAME="IDX5560"></A>
+<A NAME="IDX5561"></A>
+<A NAME="IDX5562"></A>
+<A NAME="IDX5563"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Volume Location Server
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vlserver</B> [<B>-p</B> <<VAR>lwp processes</VAR>>] [<B>-nojumbo</B>]
+ [<B>-enable_peer_stats</B>] [<B>-enable_process_stats</B>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>vlserver</B> command initializes the Volume Location (VL)
+Server, which runs on every database server machine. In the
+conventional configuration, its binary file is located in the
+<B>/usr/afs/bin</B> directory on a file server machine.
+<P>The <B>vlserver</B> command is not normally issued at the command shell
+prompt but rather placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a database server machine as the local superuser
+<B>root</B>.
+<P>As it initializes, the VL Server process creates the two files that
+constitute the Volume Location Database (VLDB), <B>vldb.DB0</B> and
+<B>vldb.DBSYS1</B>, in the <B>/usr/afs/db</B> directory if they
+do not already exist. Use the commands in the <B>vos</B> suite to
+administer the database.
+<P>The VL Server maintains the record of volume locations in the Volume
+Location Database (VLDB). When the Cache Manager fills a file request
+from an application program, it first contacts the VL Server to learn which
+file server machine currently houses the volume that contains the file.
+The Cache Manager then requests the file from the File Server process running
+on that file server machine.
+<P>The VL Server records a trace of its activity in the
+<B>/usr/afs/logs/VLLog</B> file. Use the <B>bos getlog</B>
+command to display the contents of the file. By default, it records on
+a minimal number of messages. For instructions on increasing the amount
+of logging, see the <B>VLLog</B> reference page.
+<P>By default, the VL Server runs nine lightweight processes (LWPs). To
+change the number, use the <B>-p</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-p
+</B><DD>Sets the number of server lightweight processes (LWPs) to run.
+Provide an integer between <B>4</B> and <B>16</B>. The default
+is 9.
+<P><DT><B>-nojumbo
+</B><DD>Prohibits the server from sending or receiving jumbograms. A
+jumbogram is a large-size packet composed of 2 to 4 normal Rx data packets
+that share the same header. The VL Server uses jumbograms by default,
+but some routers are not capable of properly breaking the jumbogram into
+smaller packets and reassembling them.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following <B>bos create</B> command creates a <B>vlserver</B>
+process on the machine <B>fs2.abc.com</B> that uses six
+lightweight processes. Type the command on a single line:
+<PRE> % <B>bos create -server fs2.abc.com -instance vlserver -type simple</B> \
+ <B>-cmd "/usr/afs/bin/vlserver -p 6"</B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf038.htm#HDRVLLOG">VLLog</A>
+<P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf248.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf250.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf249.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf251.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOLINFO" HREF="auarf002.htm#ToC_264">volinfo</A></H2>
+<A NAME="IDX5564"></A>
+<A NAME="IDX5565"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Produces detailed statistics about one or more volume headers and the
+partition that houses them
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>volinfo</B> [<B>-online</B>] [<B>-vnode</B>] [<B>-date</B>] [<B>-inode</B>] [<B>-itime</B>]
+ [<B>-part</B> <<VAR>AFS partition name (default current partition)</VAR>><SUP>+</SUP>]
+ [<B>-volumeid</B> <<VAR>Volume id</VAR>><SUP>+</SUP>] [<B>-header</B>] [<B>-sizeOnly</B>] [<B>-fixheader</B>]
+ [<B>-saveinodes</B>] [<B>-orphaned</B>] [<B>-help</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>volinfo</B> command displays detailed statistics about one or
+more volume headers and the partition that houses them. The command
+must be issued on a file server machine and by default produces output for
+every volume on every AFS server partition on the machine. To display
+output for the volumes on one partition only, include the <B>-part</B>
+argument. To display output for one volume only, include the
+<B>-volumeid</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-online
+</B><DD>Is nonoperational.
+<P><DT><B>-vnode
+</B><DD>Displays a table for each volume which lists the large (directory) and
+small (file) vnodes in it, in addition to the default output.
+<P><DT><B>-date
+</B><DD>When combined with the <B>-vnode</B> flag, adds the
+<TT>ServerModTime</TT> field to each vnode entry in the large vnode and
+small vnode tables, reporting its most recent modification time.
+<P><DT><B>-inode
+</B><DD>When combined with the <B>-vnode</B> flag, adds the <TT>inode</TT>
+field to each vnode entry in the large vnode and small vnode tables, reporting
+the associated inode number.
+<P><DT><B>-itime
+</B><DD>When combined with the <B>-vnode</B> flag, displays a change,
+modification, and access timestamp for each of the large vnode and small vnode
+tables.
+<P><DT><B>-part
+</B><DD>Specifies the partition that houses each volume for which to produce
+output. Use the format <B>/vicep</B><VAR>xx</VAR>, where <VAR>xx</VAR>
+is one or two lowercase letters. This argument can be omitted if the
+current working directory is the mount location for an AFS server
+partition; it is not the mount location for an AFS server partition, the
+command produces output for every volume on all local AFS server
+partitions.
+<P><DT><B>-volumeid
+</B><DD>Specifies the ID number of one volume for which to produce output.
+The <B>-part</B> argument must be provided along with this one unless the
+current working directory is the mount location for the AFS server partition
+that houses the volume.
+<P><DT><B>-header
+</B><DD>Displays statistics about the volume header of each volume, in addition to
+the default output.
+<P><DT><B>-sizeOnly
+</B><DD>Displays a single line of output for each volume, reporting the size of
+various structures associated with it. The default output is suppressed
+and any flags that modify it (such as <B>-vnode</B>) are ignored.
+<P><DT><B>-fixheader
+</B><DD>Repairs damaged inodes in each volume if possible. If there are
+any, it reports the action it is taking to repair them. Otherwise, it
+produces no output in addition to the default output.
+<P><DT><B>-saveinodes
+</B><DD>Creates a file in the current working directory for each inode in each
+volume. Each file is called
+<B>TmpInode.</B><VAR>vnode_number</VAR> and contains the inode's
+contents. The default output is suppressed and any flags that modify it
+(such as <B>-vnode</B>) are ignored.
+<P><DT><B>-orphaned
+</B><DD>Displays a large vnode and small vnode table for each volume, which lists
+only orphaned vnodes (vnodes that have no parent). If there are none,
+the tables are empty (only the headers appear).
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>By default, the command produces several line of statistics for each
+volume. Adding other options produces or substitutes additional
+information as described in the preceding <B>Options</B> section of this
+reference page. The output is intended for debugging purposes and is
+meaningful to someone familiar with the internal structure of volume
+headers.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf051.htm#HDRVLDBDB">vldb.DB0 and vldb.DBSYS1</A>
+<P><A HREF="auarf251.htm#HDRVOLSERVER">volserver</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf249.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf251.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf250.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf252.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOLSERVER" HREF="auarf002.htm#ToC_265">volserver</A></H2>
+<A NAME="IDX5566"></A>
+<A NAME="IDX5567"></A>
+<A NAME="IDX5568"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Initializes the Volume Server component of the <B>fs</B> process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>volserver</B> [<B>-log</B>] [<B>-p</B> <<VAR>number of processes</VAR>>]
+ [<B>-udpsize</B> <<VAR>size of socket buffer in bytes</VAR>>]
+ [<B>-enable_peer_stats</B>] [<B>-enable_process_stats</B>] [<B>-help</B>]
+</PRE>
+<P>This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
+<P><STRONG>Description</STRONG>
+<P>The <B>volserver</B> command initializes the Volume Server component of
+the <B>fs</B> process. In the conventional configuration, its
+binary file is located in the <B>/usr/afs/bin</B> directory on a file
+server machine.
+<P>The <B>volserver</B> command is not normally issued at the command
+shell prompt but rather placed into a file server machine's
+<B>/usr/afs/local/BosConfig</B> file with the <B>bos create</B>
+command. If it is ever issued at the command shell prompt, the issuer
+must be logged onto a database server machine as the local superuser
+<B>root</B>.
+<P>The Volume Server records a trace of its activity in the
+<B>/usr/afs/logs/VolserLog</B> file. Use the <B>bos getlog</B>
+command to display the contents of the file.
+<P>The Volume Server processes the <B>vos</B> commands that administrators
+use to create, delete, move, and replicate volumes, as well as prepare them
+for archiving to tape or other media.
+<P>By default, the VL Server runs nine lightweight processes (LWPs). To
+change the number, use the <B>-p</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-log
+</B><DD>Records in the <B>/usr/afs/logs/VolserLog</B> file the names of all
+users who successfully initiate a <B>vos</B> command. The Volume
+Server also records any file removals that result from issuing the <B>vos
+release</B> command with the <B>-f</B> flag.
+<P><DT><B>-p
+</B><DD>Sets the number of server lightweight processes (LWPs) to run.
+Provide an integer between <B>4</B> and <B>16</B>. The default
+is 9.
+<P><DT><B>-udpsize
+</B><DD>Sets the size of the UDP buffer, which is 64 KB by default. Provide
+a positive integer, preferably larger than the default.
+<P><DT><B>-enable_peer_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. For each connection with a specific UDP port on another
+machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
+and so on) sent or received. To display or otherwise access the
+records, use the Rx Monitoring API.
+<P><DT><B>-enable_process_stats
+</B><DD>Activates the collection of Rx statistics and allocates memory for their
+storage. A separate record is kept for each type of RPC (FetchFile,
+GetStatus, and so on) sent or received, aggregated over all connections to
+other machines. To display or otherwise access the records, use the Rx
+Monitoring API.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following <B>bos create</B> command creates a <B>volserver</B>
+process on the machine <B>fs2.abc.com</B>:
+<PRE> % <B>bos create -server fs2.abc.com -instance volserver -type simple</B> \
+ <B>-cmd /usr/afs/bin/volserver </B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the superuser <B>root</B> on a file
+server machine to issue the command at a command shell prompt. It is
+conventional instead to create and start the process by issuing the <B>bos
+create</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf016.htm#HDRBOSCONFIG">BosConfig</A>
+<P><A HREF="auarf039.htm#HDRVOLSERLOG">VolserLog</A>
+<P><A HREF="auarf098.htm#HDRBOS_CREATE">bos create</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf250.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf252.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf251.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf253.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_INTRO" HREF="auarf002.htm#ToC_266">vos</A></H2>
+<A NAME="IDX5569"></A>
+<A NAME="IDX5570"></A>
+<A NAME="IDX5571"></A>
+<A NAME="IDX5572"></A>
+<A NAME="IDX5573"></A>
+<A NAME="IDX5574"></A>
+<A NAME="IDX5575"></A>
+<A NAME="IDX5576"></A>
+<A NAME="IDX5577"></A>
+<A NAME="IDX5578"></A>
+<A NAME="IDX5579"></A>
+<A NAME="IDX5580"></A>
+<A NAME="IDX5581"></A>
+<A NAME="IDX5582"></A>
+<A NAME="IDX5583"></A>
+<A NAME="IDX5584"></A>
+<A NAME="IDX5585"></A>
+<A NAME="IDX5586"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Introduction to the <B>vos</B> command suite
+<P><STRONG>Description</STRONG>
+<P>The commands in the <B>vos</B> command suite are the administrative
+interface to the Volume Server and Volume Location (VL) Server. System
+administrators use <B>vos</B> commands to create, move, delete, replicate,
+back up and examine volumes, among other operations. The VL Server
+automatically records in the Volume Location Database (VLDB) changes in volume
+status and location that result from <B>vos</B> commands.
+<P>The operations invoked by most <B>vos</B> commands are idempotent,
+meaning that if an operation is interrupted by a network, server machine, or
+process outage, then a subsequent attempt at the same operation continues from
+the interruption point, rather than starting over at the beginning of the
+operation. Before executing a command, the Volume and VL Servers check
+the current state of the volumes and VLDB records to be altered by the
+command. If they are already in the desired end state (or a consistent
+intermediate state), there is no need to repeat the internal steps that
+brought them there. Idempotency does not apply if the command issuer
+explicitly interrupts the operation with the <<B>Ctrl-c</B>> command or
+another interrupt signal. In that case, the volume is left locked and
+the administrator must use the <B>vos unlock</B> command to unlock it
+before proceeding.
+<P>It is important that the VLDB accurately indicate the status of the volumes
+on file server machines at all times. The reference pages for the files
+<B>vldb.DB0</B> and
+<B>V</B><VAR>vol_ID</VAR><B>.vol</B> describe the information
+recorded in the VLDB and volume headers, respectively. If a
+<B>vos</B> command changes volume status, it automatically records the
+change in the corresponding VLDB entry. The most common cause of
+discrepancies between the VLDB and volume status on file server machines is
+interrupted operations; to restore consistency, use the <B>vos
+syncserv</B> and <B>vos syncvldb</B> commands.
+<P>There are several categories of commands in the <B>vos</B> command
+suite:
+<UL>
+<P><LI>Commands to create, move, and rename volumes: <B>vos backup</B>,
+<B>vos backupsys</B>, <B>vos create</B>, <B>vos move</B>, and
+<B>vos rename</B>
+<P><LI>Commands to remove VLDB volume records or volumes or both: <B>vos
+delentry</B>, <B>vos remove</B>, and <B>vos zap</B>
+<P><LI>Commands to edit or display VLDB server entries: <B>vos
+changeaddr</B> and <B>vos listaddrs</B>
+<P><LI>Commands to create and restore dump files: <B>vos dump</B> and
+<B>vos restore</B>
+<P><LI>Commands to administer replicated volumes: <B>vos addsite</B>,
+<B>vos release</B>, and <B>vos remsite</B>
+<P><LI>Commands to display VLDB records, volume headers, or both: <B>vos
+examine</B>, <B>vos listvldb</B>, and <B>vos listvol</B>
+<P><LI>Commands to display information about partitions that house volumes:
+<B>vos listpart</B> and <B>vos partinfo</B>
+<P><LI>Commands to restore consistency between the VLDB and volume headers:
+<B>vos syncserv</B> and <B>vos syncvldb</B>
+<P><LI>Commands to lock and unlock VLDB entries: <B>vos lock</B>,
+<B>vos unlock</B>, and <B>vos unlockvldb</B>
+<P><LI>A command to report Volume Server status: <B>vos status</B>
+<P><LI>Commands to obtain help: <B>vos apropos</B> and <B>vos
+help</B>
+</UL>
+<P><STRONG>Options</STRONG>
+<P>The following arguments and flags are available on many commands in the
+<B>bos</B> suite. The reference page for each command also lists
+them, but they are described here in greater detail.
+<DL>
+<P><DT><B>-cell <<VAR>cell name</VAR>>
+</B><DD>Names the cell in which to run the command. It is acceptable to
+abbreviate the cell name to the shortest form that distinguishes it from the
+other entries in the <B>/usr/vice/etc/CellServDB</B> file on the local
+machine. If the <B>-cell</B> argument is omitted, the command
+interpreter determines the name of the local cell by reading the following in
+order:
+<OL TYPE=1>
+<P><LI>The value of the AFSCELL environment variable
+<P><LI>The local <B>/usr/vice/etc/ThisCell</B> file
+</OL>
+<P>
+<P>Do not combine the <B>-cell</B> and <B>-localauth</B>
+options. A command on which the <B>-localauth</B> flag is included
+always runs in the local cell (as defined in the server machine's local
+<B>/usr/afs/etc/ThisCell</B> file), whereas a command on which the
+<B>-cell</B> argument is included runs in the specified foreign
+cell.
+<P><DT><B>-help
+</B><DD>Prints a command's online help message on the standard output
+stream. Do not combine this flag with any of the command's other
+options; when it is provided, the command interpreter ignores all other
+options, and only prints the help message.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using the server encryption key with the
+highest key version number in the local <B>/usr/afs/etc/KeyFile</B>
+file. The <B>vos</B> command interpreter presents the ticket, which
+never expires, to the Volume Server and VL Server during mutual
+authentication.
+<P>Use this flag only when issuing a command on a server machine; client
+machines do not usually have a <B>/usr/afs/etc/KeyFile</B> file.
+The issuer of a command that includes this flag must be logged on to the
+server machine as the local superuser <B>root</B>. The flag is
+useful for commands invoked by an unattended application program, such as a
+process controlled by the UNIX <B>cron</B> utility or by a cron entry in
+the machine's <B>/usr/afs/local/BosConfig</B> file. It is also
+useful if an administrator is unable to authenticate to AFS but is logged in
+as the local superuser <B>root</B>.
+<P>Do not combine the <B>-cell</B> and <B>-localauth</B>
+options. A command on which the <B>-localauth</B> flag is included
+always runs in the local cell (as defined in the server machine's local
+<B>/usr/afs/etc/ThisCell</B> file), whereas a command on which the
+<B>-cell</B> argument is included runs in the specified foreign
+cell. Also, do not combine the <B>-localauth</B> and
+<B>-noauth</B> flags.
+<P><DT><B>-noauth
+</B><DD>Establishes an unauthenticated connection to the Volume Server and VL
+Server, in which the servers treat the issuer as the unprivileged user
+<B>anonymous</B>. It is useful only when authorization checking is
+disabled on the server machine (during the installation of a file server
+machine or when the <B>bos setauth</B> command has been used during other
+unusual circumstances). In normal circumstances, the servers allow only
+privileged users to issue commands that change the status of a volume or VLDB
+record, and refuses to perform such an action even if the <B>-noauth</B>
+flag is provided. Do not combine the <B>-noauth</B> and
+<B>-localauth</B> flags.
+<P><DT><B>-partition <<VAR>partition name</VAR>>
+</B><DD>Identifies the AFS server partition on a file server machine that houses,
+or is to house, the volumes of interest, or about which to list
+information. The <B>vos</B> command interpreter accepts any of the
+following four name formats:
+<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
+ <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
+
+</PRE>
+<P>
+<P>After <B>/vicepz</B> (for which the index is 25) comes
+<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
+ <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
+
+</PRE>
+<P>and so on through
+<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
+
+</PRE>
+<P>The <B>-frompartition</B> and <B>-topartition</B> arguments to the
+<B>vos move</B> command also accept this notation.
+<P><DT><B>-server <<VAR>machine name</VAR>>
+</B><DD>Identifies the file server machine that houses, or is to house, the
+volumes or AFS server partitions of interest. Provide the
+machine's IP address in dotted decimal format, its fully qualified host
+name (for example, <B>fs1.abc.com</B>), or the shortest
+abbreviated form of its host name that distinguishes it from other
+machines. Successful use of an abbreviated form depends on the
+availability of a name resolution service (such as the Domain Name Service or
+a local host table) at the time the command is issued.
+<P>The <B>-fromserver</B> and <B>-toserver</B> arguments to the
+<B>vos move</B> command also accept these name formats.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+</DL>
+<P><STRONG>Privilege Required</STRONG>
+<P>To issue most <B>vos</B> commands, the issuer must be listed in the
+<B>/usr/afs/etc/UserList</B> file on each server machine that houses or is
+to house an affected volume, and on each database server machine. The
+most predictable performance results if all database server and file server
+machines in the cell share a common <B>UserList</B> file.
+Alternatively, if the <B>-localauth</B> flag is included, the issuer must
+be logged on to a server machine as the local superuser
+<B>root</B>.
+<P>To issue a <B>vos</B> command that only displays information, no
+privilege is required.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf253.htm#HDRVOS_ADDSITE">vos addsite</A>
+<P><A HREF="auarf254.htm#HDRVOS_APROPOS">vos apropos</A>
+<P><A HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<P><A HREF="auarf256.htm#HDRVOS_BACKUPSYS">vos backupsys</A>
+<P><A HREF="auarf257.htm#HDRVOS_CHANGEADDR">vos changeaddr</A>
+<P><A HREF="auarf258.htm#HDRVOS_CREATE">vos create</A>
+<P><A HREF="auarf259.htm#HDRVOS_DELENTRY">vos delentry</A>
+<P><A HREF="auarf260.htm#HDRVOS_DUMP">vos dump</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf262.htm#HDRVOS_HELP">vos help</A>
+<P><A HREF="auarf263.htm#HDRVOS_LISTADDRS">vos listaddrs</A>
+<P><A HREF="auarf264.htm#HDRVOS_LISTPART">vos listpart</A>
+<P><A HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<P><A HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<P><A HREF="auarf267.htm#HDRVOS_LOCK">vos lock</A>
+<P><A HREF="auarf268.htm#HDRVOS_MOVE">vos move</A>
+<P><A HREF="auarf269.htm#HDRVOS_PARTINFO">vos partinfo</A>
+<P><A HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P><A HREF="auarf272.htm#HDRVOS_REMSITE">vos remsite</A>
+<P><A HREF="auarf273.htm#HDRVOS_RENAME">vos rename</A>
+<P><A HREF="auarf274.htm#HDRVOS_RESTORE">vos restore</A>
+<P><A HREF="auarf275.htm#HDRVOS_STATUS">vos status</A>
+<P><A HREF="auarf276.htm#HDRVOS_SYNCSERV">vos syncserv</A>
+<P><A HREF="auarf277.htm#HDRVOS_SYNCVLDB">vos syncvldb</A>
+<P><A HREF="auarf278.htm#HDRVOS_UNLOCK">vos unlock</A>
+<P><A HREF="auarf279.htm#HDRVOS_UNLOCKVLDB">vos unlockvldb</A>
+<P><A HREF="auarf280.htm#HDRVOS_ZAP">vos zap</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf251.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf253.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf252.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf254.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_ADDSITE" HREF="auarf002.htm#ToC_267">vos addsite</A></H2>
+<A NAME="IDX5587"></A>
+<A NAME="IDX5588"></A>
+<A NAME="IDX5589"></A>
+<A NAME="IDX5590"></A>
+<A NAME="IDX5591"></A>
+<A NAME="IDX5592"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Adds a read-only site definition to a volume's VLDB entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos addsite -server</B> <<VAR>machine name for new site</VAR>>
+ <B>-partition</B> <<VAR>partition name for new site</VAR>>
+ <B>-id</B> <<VAR>volume name or ID</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos ad -s</B> <<VAR>machine name for new site</VAR>> <B>-p</B> <<VAR>partition name for new site</VAR>>
+ <B>-i</B> <<VAR>volume name or ID</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos addsite</B> command defines a new read-only site (partition
+on a file server machine, specified by the <B>-server</B> and
+<B>-partition</B> arguments) in the Volume Location Database (VLDB) entry
+of the read/write volume named by the <B>-id</B> argument. When the
+<B>vos release</B> command is next issued against the read/write volume, a
+read-only copy of it is distributed to all of the read-only sites, including
+the newly defined one.
+<P><STRONG>Cautions</STRONG>
+<P>A volume's VLDB entry accommodates a maximum number of site
+definitions, as defined in the <I>IBM AFS Release Notes</I>. The
+site housing the read/write and backup versions of the volume counts as one
+site, and each read-only site counts as an additional site (even the read-only
+site defined on the same file server machine and partition as the read/write
+site counts as a separate site). The limit in the VLDB entry
+effectively determines the maximum number of copies of the volume that are
+available to AFS clients.
+<P>Attempts to create additional sites by using this command fail with an
+error.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine where the read-only volume is to
+reside. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition where the read-only volume is to reside, on the
+file server machine named by the <B>-server</B> argument. Provide
+the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of the read/write
+source volume.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example, appropriate in the State University cell, defines a
+read-only site for the cell's <B>root.afs</B> volume.
+<PRE> % <B>vos addsite -server sv7.stateu.edu -partition /vicepb -id root.afs</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf252.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf254.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf253.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf255.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_APROPOS" HREF="auarf002.htm#ToC_268">vos apropos</A></H2>
+<A NAME="IDX5593"></A>
+<A NAME="IDX5594"></A>
+<A NAME="IDX5595"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays each help entry containing a keyword string
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos apropos -topic</B> <<VAR>help string</VAR>> [<B>-help</B>]
+
+<B>vos ap -t</B> <<VAR>help string</VAR>> [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos apropos</B> command displays the first line of the online
+help entry for any <B>vos</B> command that has in its name or short
+description the string specified by the <B>-topic</B> argument.
+<P>To display the syntax for a command, use the <B>vos help</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Specifies the keyword string to match. Use lowercase letters only,
+except for the acronym <B>VLDB</B>. If the string is more than a
+single word, surround it with double quotes ("") or other delimiters.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first line of a command's online help entry names it and briefly
+describes its function. This command displays the first line for any
+<B>vos</B> command where the string specified with the <B>-topic</B>
+argument is part of the command name or first line.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays all <B>vos</B> commands that include the
+word <B>lock</B> in their names or short descriptions:
+<PRE> % <B>vos apropos lock</B>
+ lock: lock VLDB entry for a volume
+ unlock: release lock on VLDB entry for a volume
+ unlockvldb: unlock all the locked entries in the VLDB
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf262.htm#HDRVOS_HELP">vos help</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf253.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf255.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf254.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf256.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_BACKUP" HREF="auarf002.htm#ToC_269">vos backup</A></H2>
+<A NAME="IDX5596"></A>
+<A NAME="IDX5597"></A>
+<A NAME="IDX5598"></A>
+<A NAME="IDX5599"></A>
+<A NAME="IDX5600"></A>
+<A NAME="IDX5601"></A>
+<A NAME="IDX5602"></A>
+<A NAME="IDX5603"></A>
+<A NAME="IDX5604"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a backup volume for a single read/write volume
+<P><STRONG>Synopsis</STRONG>
+<PRE>
+<B>vos backup -id</B> <<VAR>volume name or ID</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos backup -i</B> <<VAR>volume name or ID</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos backup</B> command clones the indicated read/write volume to
+create a backup version, placing it at the same site as the read/write
+version. The backup volume's name is the same as the read/write
+source's with the addition of the <B>.backup</B>
+extension. Its volume ID number is the one allocated for it in the
+Volume Location Database (VLDB) when the read/write source was created with
+the <B>vos create</B> command. If a backup version already exists,
+the new clone replaces it.
+<P>To create a backup version of multiple volumes, use the <B>vos
+backupsys</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of the read/write
+source volume.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following message confirms that the command succeeded:
+<PRE> Created backup volume for <VAR>volume name</VAR>
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example creates a backup version of the volume
+<B>user.smith</B>.
+<PRE> % <B>vos backup user.smith</B>
+ Created backup volume for user.smith
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf256.htm#HDRVOS_BACKUPSYS">vos backupsys</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf254.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf256.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf255.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf257.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_BACKUPSYS" HREF="auarf002.htm#ToC_270">vos backupsys</A></H2>
+<A NAME="IDX5605"></A>
+<A NAME="IDX5606"></A>
+<A NAME="IDX5607"></A>
+<A NAME="IDX5608"></A>
+<A NAME="IDX5609"></A>
+<A NAME="IDX5610"></A>
+<A NAME="IDX5611"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a backup volume for several read/write volumes
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos backupsys</B> [<B>-prefix</B> <<VAR>common prefix on volume(s)</VAR>><SUP>+</SUP>]
+ [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-exclude</B>] [<B>-xprefix</B> <<VAR>negative prefix on volume(s)</VAR>><SUP>+</SUP>]
+ [<B>-dryrun</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>]
+ [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos backups</B> [<B>-pr</B> <<VAR>common prefix on volume(s)</VAR>><SUP>+</SUP>] [<B>-s</B> <<VAR>machine name</VAR>>]
+ [<B>-pa</B> <<VAR>partition name</VAR>>] [<B>-e</B>] [<B>-x</B> <<VAR>negative prefix on volume(s)</VAR>><SUP>+</SUP>]
+ [<B>-d</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos backupsys</B> command clones each indicated read/write
+volume to create a backup version, placing each clone at the same site as its
+read/write source version. It assigns each clone the same name as the
+read/write source, adding a <B>.backup</B> extension. It
+assigns the volume ID number already allocated for the backup version in the
+Volume Location Database (VLDB). If a backup version already exists for
+a given volume, the new clone replaces it.
+<P>To clone every read/write volume listed in the VLDB, omit all of the
+command's options. Otherwise, combine the command's options
+to clone various groups of volumes. The options use one of two basic
+criteria to select volumes: location (the <B>-server</B> and
+<B>-partition</B> arguments) or presence in the volume name of one of a
+set of specified character strings (the <B>-prefix</B>,
+<B>-exclude</B>, and <B>-xprefix</B> options).
+<P>To clone only volumes that reside on one file server machine, include the
+<B>-server</B> argument. To clone only volumes that reside on one
+partition, combine the <B>-server</B> and <B>-partition</B>
+arguments. The <B>-partition</B> argument can also be used alone to
+clone volumes that reside on the indicated partition on every file server
+machine. These arguments can be combined with those that select volumes
+based on their names.
+<P>Combine the <B>-prefix</B>, <B>-exclude</B>, and
+<B>-xprefix</B> options (with or without the <B>-server</B> and
+<B>-partition</B> arguments) in the indicated ways to select volumes based
+on character strings contained in their names:
+<UL>
+<P><LI>To clone every read/write volume at the specified location whose name
+includes one of a set of specified character strings (for example, begins with
+<B>user.</B> or includes the string <B>afs</B>), use the
+<B>-prefix</B> argument or combine the <B>-xprefix</B> and
+<B>-exclude</B> options.
+<P><LI>To clone every read/write volume at the specified location except those
+whose name includes one of a set of specified character strings, use the
+<B>-xprefix</B> argument or combine the <B>-prefix</B> and
+<B>-exclude</B> options.
+<P><LI>To clone every read/write volume at the specified location whose name
+includes one of one of a set of specified character strings, except those
+whose names include one of a different set of specified character strings,
+combine the <B>-prefix</B> and <B>-xprefix</B> arguments. The
+command creates a list of all volumes that match the <B>-prefix</B>
+argument and then removes from the list the volumes that match the
+<B>-xprefix</B> argument. For effective results, the strings
+specified by the <B>-xprefix</B> argument must designate a subset of the
+volumes specified by the <B>-prefix</B> argument.
+<P>If the <B>-exclude</B> flag is combined with the <B>-prefix</B> and
+<B>-xprefix</B> arguments, the command creates a list of all volumes that
+do not match the <B>-prefix</B> argument and then adds to the list any
+volumes that match the <B>-xprefix</B> argument. As when the
+<B>-exclude</B> flag is not used, the result is effective only if the
+strings specified by the <B>-xprefix</B> argument designate a subset of
+the volumes specified by the <B>-prefix</B> argument.
+</UL>
+<P>The <B>-prefix</B> and <B>-xprefix</B> arguments both accept
+multiple values, which can be used to define disjoint groups of
+volumes. Each value can be one of two types:
+<OL TYPE=1>
+<P><LI>A simple character string, which matches volumes whose name begin with the
+string. All characters are interpreted literally (that is, characters
+that potentially have special meaning to the command shell, such as the
+period, have only their literal meaning).
+<P><LI>A regular expression, which matches volumes whose names contain the
+expressions. Place a caret ( <B>^</B> ) at the
+beginning of the expression, and enclose the entire string in single quotes
+(<B>'</B> <B>'</B>). Explaining regular
+expressions is outside the scope of this reference page; see the UNIX
+manual page for <B>regexp(5)</B> or (for a brief introduction) the
+<B>backup addvolentry</B> reference page in this document. As an
+example, the following expression matches volumes that have the string
+<B>aix</B> anywhere in their names:
+<PRE> <B>-prefix '^.*aix'</B>
+</PRE>
+</OL>
+<P>To display a list of the volumes to be cloned, without actually cloning
+them, include the <B>-dryrun</B> flag. To display a statement that
+summarizes the criteria being used to select volume, include the
+<B>-verbose</B> flag.
+<P>This command can be used to clone a single read/write volume; specify
+its complete name as the <B>-prefix</B> argument. However, it is
+more efficient to use the <B>vos backup</B> command, which employs a more
+streamlined technique for finding a single volume.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-prefix
+</B><DD>Specifies one or more simple character strings or regular expressions of
+any length; a volume whose name includes the string is placed on the set
+of volumes to be cloned. Include field separators (such as periods) if
+appropriate. This argument can be combined with any combination of the
+<B>-server</B>, <B>-partition</B>, <B>-exclude</B>, and
+<B>-xprefix</B> options.
+<P><DT><B>-server
+</B><DD>Identifies the file server machine where each read/write source volume
+resides. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P>This argument can be combined with any combination of the
+<B>-prefix</B>, <B>-partition</B>, <B>-exclude</B>, and
+<B>-xprefix</B> options.
+<P><DT><B><B>-partition</B>
+</B><DD>Identifies the partition where each read/write source volume
+resides. Provide the partition's complete name with preceding
+slash (for example, <B>/vicepa</B>) or use one of the three acceptable
+abbreviated forms. For details, see the introductory reference page for
+the <B>vos</B> command suite.
+<P>This argument can be combined with any combination of the
+<B>-prefix</B>, <B>-server</B>, <B>-exclude</B>, and
+<B>-xprefix</B> options.
+<P><DT><B>-exclude
+</B><DD>Reverses the meaning of the <B>-prefix</B> or <B>-xprefix</B>
+argument. This flag can be combined with any combination of the
+<B>-prefix</B>, <B>-server</B>, <B>-partition</B>, and
+<B>-xprefix</B> options.
+<P><DT><B>-xprefix
+</B><DD>Specifies a simple character string or regular expression of any
+length; a volume whose name includes the string is removed from the set
+of volumes to be cloned. Include field separators (such as periods) if
+appropriate. This argument can be combined with any combination of the
+<B>-prefix</B>, <B>-server</B>, <B>-partition</B>, and
+<B>-exclude</B> options.
+<P><DT><B>-dryrun
+</B><DD>Displays on the standard output stream a list of the volumes to be cloned,
+without actually cloning them.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The command generates the following messages on the standard output stream
+to confirm that the operation was successful:
+<PRE> done
+ Total volumes backed up: <VAR>number_cloned</VAR>; failed to backup: <VAR>failures</VAR>
+</PRE>
+<P>If the <B>-dryrun</B> flag is included, a list of the volumes to be
+backed up precedes the standard confirmation messages.
+<P>If the <B>-verbose</B> flag is included but not the <B>-dryrun</B>
+flag, the following messages appear for each volume. The output
+concludes with the standard confirmation messages.
+<PRE> Creating backup volume for <VAR>volume_name</VAR> on <VAR>date/time</VAR>
+ {Recloning backup volume | Creating a new backup clone} <VAR>backup_volumeID</VAR> . . .done
+</PRE>
+<P>If both the <B>-dryrun</B> and <B>-verbose</B> flags are included,
+the output begins with a statement summarizing the criteria being used to
+select the volumes, followed by a list of the volumes and the standard
+confirmation messages. The format of the criteria summary statement
+depends on which other options are provided:
+<UL>
+<P><LI>If only the <B>-prefix</B> argument is provided, or the
+<B>-xprefix</B> and <B>-exclude</B> options are combined:
+<PRE> Would have backed up volumes which are prefixed with <VAR>string</VAR> [or<VAR>string</VAR>] . .
+</PRE>
+<P><LI>If only the <B>-xprefix</B> argument is provided, or the
+<B>-prefix</B> and <B>-exclude</B> options are combined:
+<PRE> Would have backed up volumes which are not prefixed with <VAR>string</VAR> [nor<VAR>string</VAR>] . .
+</PRE>
+<P><LI>If the <B>-prefix</B> and <B>-xprefix</B> arguments are
+combined:
+<PRE> Would have backed up volumes which are prefixed with <VAR>string</VAR> [or<VAR>string</VAR>] \
+ removing those which are prefixed with <VAR>x_string</VAR> [or<VAR>x_string</VAR>] . .
+</PRE>
+<P><LI>If the <B>-prefix</B>, <B>-xprefix</B>, and <B>-exclude</B>
+options are provided:
+<PRE> Would have backed up volumes which are not prefixed with <VAR>string</VAR> [nor<VAR>string</VAR>] \
+ adding those which are prefixed with <VAR>x_string</VAR> [or<VAR>x_string</VAR>] . .
+</PRE>
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example creates a backup version of every read/write volume
+listed in the cell's VLDB whose name begins with the string
+<B>user</B>.
+<PRE> % <B>vos backupsys -prefix user</B>
+
+</PRE>
+<P>The following example, appropriate in the ABC Corporation cell, creates a
+backup version of every read/write volume on the file server machine
+<B>fs3.abc.com</B>.
+<PRE> % <B>vos backupsys -server fs3.abc.com</B>
+
+</PRE>
+<P>The following example, appropriate in the State University cell, creates a
+backup version of every read/write volume on the file server machine
+<B>db1.stateu.edu</B> except those whose name includes the
+string <B>temp</B>.
+<PRE> % <B>vos backupsys -server db1.stateu.edu -prefix '^.*temp'</B>
+
+</PRE>
+<P>The following example creates a backup version of every volume listed in
+the cell's VLDB, excluding those whose names contain the string
+<B>source</B>, but including those whose names contain the string
+<B>source.current</B>.
+<PRE> % <B>vos backupsys -prefix '^.*source' -exclude -xprefix '^.*source\.current'</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf063.htm#HDRBK_ADDVOLENTRY">backup addvolentry</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<P>UNIX manual page for <B>regexp(5)</B>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf255.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf257.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf256.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf258.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_CHANGEADDR" HREF="auarf002.htm#ToC_271">vos changeaddr</A></H2>
+<A NAME="IDX5612"></A>
+<A NAME="IDX5613"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Changes or removes a file server machine's entry in the VLDB
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos changeaddr -oldaddr</B> <<VAR>original IP address</VAR>> [<B>-newaddr</B> <<VAR>new IP address</VAR>>]
+ [<B>-remove</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>]
+ [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos ch -o</B> <<VAR>original IP address</VAR>> [<B>-ne</B> <<VAR>new IP address</VAR>>] [<B>-r</B>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos changeaddr</B> command removes a server entry from the
+Volume Location Database (VLDB) when the <B>-remove</B> flag is combined
+with the <B>-oldaddr</B> argument. There must be no VLDB entries
+that list the machine as a site for any version of a volume (if necessary, use
+the <B>vos move</B> or <B>vos remove</B> command to more or remove
+volumes). It is appropriate to remove a VLDB server entry when removing
+the corresponding file server machine from service; this is the only
+recommended use of the command.
+<P>To display all VLDB server entries, use the <B>vos listaddrs</B>
+command.
+<P><STRONG>Cautions</STRONG>
+<P>Combining the command's <B>-oldaddr</B> and <B>-newaddr</B>
+arguments is no longer the appropriate way to change the IP address registered
+for a file server machine. Furthermore, if a machine is multihomed and
+its server entry includes several addresses, then the address specified with
+the <B>-newaddr</B> argument replaces all of the addresses currently
+listed in the server entry that includes the address specified by the
+<B>-oldaddr</B> argument. This effectively makes the machine
+single-homed with respect to AFS operations, which is probably not the desired
+result.
+<P>The recommended method for changing the IP addresses in a server entry is
+instead to restart the <B>fs</B> process group (which includes the File
+Server) after using the utilities provided by the operating system to
+reconfigure the machine's network interfaces. For a description of
+how the File Server constructs and registers a list of its network interfaces
+in the VLDB, see the reference page for the <B>sysid</B> file.
+<P>If, counter to recommended usage, the command is used to change the IP
+address in a server entry, it does not also change the names of machine
+entries in the Protection Database. Operations fail when they refer to
+a protection group that has an obsolete IP address in it. Use the
+<B>pts rename</B> command to change the names of machine entries that
+correspond to the addresses changed with this command. Changing the
+address of a database server machine also requires updating the client and
+server versions of the <B>CellServDB</B> file on every machine.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-oldaddr
+</B><DD>Specifies the IP address currently registered for the file server machine
+in the VLDB server entry. If there are multiple addresses registered
+for a multihomed machine, use any of them to identify the server entry.
+<P><DT><B>-newaddr
+</B><DD>Specifies the new IP address that replaces all currently registered
+addresses.
+<P><DT><B>-remove
+</B><DD>Removes from the VLDB the server entry that includes the address specified
+by the <B>-oldaddr</B> argument.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the VLDB server entry that includes the IP
+address <B>192.12.107.214</B>.
+<PRE> % <B>vos changeaddr -oldaddr 192.12.107.214 -remove</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>Issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on the
+machine specified with the <B>-oldaddr</B> argument and on each database
+server machine.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf019.htm#HDRCLI_CSDB">CellServDB (client version)</A>
+<P><A HREF="auarf020.htm#HDRSV_CSDB">CellServDB (server version)</A>
+<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
+<P><A HREF="auarf049.htm#HDRSYSID">sysid</A>
+<P><A HREF="auarf129.htm#HDRFILESERVER">fileserver</A>
+<P><A HREF="auarf224.htm#HDRPTS_RENAME">pts rename</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf263.htm#HDRVOS_LISTADDRS">vos listaddrs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf256.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf258.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf257.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf259.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_CREATE" HREF="auarf002.htm#ToC_272">vos create</A></H2>
+<A NAME="IDX5614"></A>
+<A NAME="IDX5615"></A>
+<A NAME="IDX5616"></A>
+<A NAME="IDX5617"></A>
+<A NAME="IDX5618"></A>
+<A NAME="IDX5619"></A>
+<A NAME="IDX5620"></A>
+<A NAME="IDX5621"></A>
+<A NAME="IDX5622"></A>
+<A NAME="IDX5623"></A>
+<A NAME="IDX5624"></A>
+<A NAME="IDX5625"></A>
+<A NAME="IDX5626"></A>
+<A NAME="IDX5627"></A>
+<A NAME="IDX5628"></A>
+<A NAME="IDX5629"></A>
+<A NAME="IDX5630"></A>
+<A NAME="IDX5631"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Creates a read/write volume and associated VLDB entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos create -server</B> <<VAR>machine name</VAR>> <B>-partition</B> <<VAR>partition name</VAR>>
+ <B>-name</B> <<VAR>volume name</VAR>> [<B>-maxquota</B> <<VAR>initial quota (KB)</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos cr -s</B> <<VAR>machine name</VAR>> <B>-p</B> <<VAR>partition name</VAR>> <B>-na</B> <<VAR>volume name</VAR>>
+ [<B>-m</B> <<VAR>initial quota (KB)</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-no</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos create</B> command creates a read/write volume with the name
+specified by the <B>-name</B> argument at the site specified by the
+<B>-server</B> and <B>-partition</B> arguments. In addition,
+the command allocates or sets the following:
+<UL>
+<P><LI>Volume ID numbers for the read/write volume and its associated read-only
+and backup volumes (this command does not actually create the latter two types
+of volume). A volume ID number is an identification number guaranteed
+to be unique within a cell.
+<A NAME="IDX5632"></A>
+<A NAME="IDX5633"></A>
+<A NAME="IDX5634"></A>
+<A NAME="IDX5635"></A>
+<A NAME="IDX5636"></A>
+<A NAME="IDX5637"></A>
+<P><LI>An access control list (ACL) associated with the volume's root
+directory, which takes the same name as volume's mount point when the
+volume is mounted with the <B>fs mkmount</B> command. An entry that
+grants all seven permissions to the members of the
+<B>system:administrators</B> group is automatically placed on the
+ACL. (In addition, the File Server by default always implicitly grants
+the <B>l</B> (<B>lookup</B>) and <B>a</B> (<B>administer</B>)
+permissions on every ACL to members of the
+<B>system:administrators</B> group, even when the group does not
+appear on an ACL; use the <B>-implicit</B> argument to the
+<B>fileserver</B> initialization command to alter the set of rights on a
+server-by-server basis if desired.)
+<P><LI>The volume's space quota, set to 5000 kilobyte blocks by
+default. Use the <B>-maxquota</B> argument to specify a different
+quota, or use the <B>fs setquota</B> command to change the volume's
+quota after mounting the volume with the <B>fs mkmount</B> command.
+</UL>
+<P>The volume is empty when created. To access it via the Cache
+Manager, mount it in the file space by using the <B>fs mkmount</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine on which to create the read/write
+volume. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition on which to create the read/write volume, on the
+file server machine specified by the <B>-server</B> argument.
+Provide the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-name
+</B><DD>Specifies a name for the read/write volume. The maximum length is
+22 characters, which can include any alphanumeric or punctuation
+character. By convention, periods separate the fields in a name.
+Do not apply the <B>.backup</B> or <B>.readonly</B>
+extension to a read/write volume name; they are reserved for the Volume
+Server to add to the read/write name when creating those backup and read-only
+volumes respectively.
+<P><DT><B>-maxquota
+</B><DD>Specifies the maximum amount of disk space the volume can use, as a number
+of kilobyte blocks (a value of <B>1024</B> is one megabyte). The
+value <B>0</B> (zero) grants an unlimited quota, but the size of the disk
+partition that houses the volume places an absolute limit on its size.
+If this argument is omitted, the default value is <B>5000</B>.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The Volume Server produces the following message to confirm that it created
+the volume:
+<PRE> Volume <VAR>volume_ID</VAR> created on partition <VAR>partition_name</VAR> of <VAR>machine_name</VAR>
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command creates the read/write volume
+<B>user.pat</B> on the <B>/vicepf</B> partition of the file
+server machine <B>fs4.abc.com</B>.
+<PRE> % <B>vos create -server fs4.abc.com -partition /vicepf -name user.pat</B>
+ Volume user.pat created on partition /vicepf of fs4.abc.com
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf257.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf259.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf258.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf260.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_DELENTRY" HREF="auarf002.htm#ToC_273">vos delentry</A></H2>
+<A NAME="IDX5638"></A>
+<A NAME="IDX5639"></A>
+<A NAME="IDX5640"></A>
+<A NAME="IDX5641"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a volume entry from the VLDB.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos delentry</B> [<B>-id</B> <<VAR>volume name or ID</VAR>><SUP>+</SUP>]
+ [<B>-prefix</B> <<VAR>prefix of volume whose VLDB entry is to be deleted</VAR>>]
+ [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos de</B> [<B>-i</B> <<VAR>volume name or ID</VAR>><SUP>+</SUP>]
+ [<B>-pr</B> <<VAR>prefix of volume whose VLDB entry is to be deleted</VAR>>]
+ [<B>-s</B> <<VAR>machine name</VAR>>] [<B>-pa</B> <<VAR>partition name</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos delentry</B> command removes the Volume Location Database
+(VLDB) entry for each specified volume. A specified volume can be any
+of the three types (read/write, read-only, or backup), but the entire entry is
+removed no matter which type is provided. The command has no effect on
+the actual volumes on file server machines, if they exist.
+<P>This command is useful if a volume removal operation did not update the
+VLDB (perhaps because the <B>vos zap</B> command was used), but the system
+administrator does not feel it is necessary to use the <B>vos syncserv</B>
+and <B>vos syncvldb</B> commands to synchronize an entire file server
+machine.
+<P>To remove the VLDB entry for a single volume, use the <B> -id</B>
+argument. To remove groups of volumes, combine the <B> -prefix</B>,
+<B>-server</B>, and <B>-partition</B> arguments. The following
+list describes how to remove the VLDB entry for the indicated group of
+volumes:
+<UL>
+<P><LI>For every volume whose name begins with a certain character string (for
+example, <B>sys.</B> or <B>user.</B>): use the
+<B>-prefix</B> argument.
+<P><LI>Every volume for which the VLDB lists a site on a certain file server
+machine: specify the file server name with the <B>-server</B>
+argument.
+<P><LI>Every volume for which the VLDB lists a site on a partition of the same
+name (for instance, on the <B>/vicepa</B> partition on any file server
+machine): specify the partition name with the <B> -partition</B>
+argument.
+<P><LI>Every volume for which the VLDB lists a site one a specific partition of a
+file server machine: specify both the <B>-server</B> and
+<B>-partition</B> arguments.
+<P><LI>Every volume whose name begins with a certain prefix and for which the
+VLDB lists a site on a file server machine: combine the
+<B>-prefix</B> and <B>-server</B> arguments. Combine the
+<B>-prefix</B> argument with the <B>-partition</B> argument, or both
+the <B>-server</B> and <B>-partition</B> arguments, to remove a more
+specific group of volumes.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>Do not use this command to remove a volume in normal circumstances; it
+does not remove a volume from the file server machine, and so is likely to
+make the VLDB inconsistent with state of the volumes on server
+machines. Use the <B>vos remove</B> command to remove both the
+volume and its VLDB entry.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies the complete name or the volume ID number of each volume for
+which to remove the VLDB entry. The entire entry is removed, regardless
+of whether the read/write, read-only, or backup version is indicated.
+Provide this argument or some combination of the <B>-prefix</B>,
+<B>-server</B>, and <B>-partition</B> arguments.
+<P><DT><B>-prefix
+</B><DD>Specifies a character string of any length; the VLDB entry for a
+volume whose name begins with the string is removed. Include field
+separators (such as periods) if appropriate. Combine this argument with
+the <B>-server</B> argument, <B>-partition</B> argument, or
+both.
+<P><DT><B>-server
+</B><DD>Identifies a file server machine; if a volume's VLDB entry lists
+a site on the machine, the entry is removed. Provide the machine's
+IP address or its host name (either fully qualified or using an unambiguous
+abbreviation). For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P>Combine this argument with the <B>-prefix</B> argument, the
+<B>-partition</B> argument, or both.
+<P><DT><B>-partition
+</B><DD>Identifies a partition; if a volume's VLDB entry lists a site on
+the partition, the entry is removed. Provide the partition's
+complete name with preceding slash (for example, <B>/vicepa</B>) or use
+one of the three acceptable abbreviated forms. For details, see the
+introductory reference page for the <B>vos</B> command suite.
+<P>Combine this argument with the <B>-prefix</B> argument, the
+<B>-server</B> argument, or both.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following message confirms the success of the command by indicating how
+many VLDB entries were removed.
+<PRE> Deleted <VAR>number</VAR> VLDB entries
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the VLDB entry for the volume
+<B>user.temp</B>.
+<PRE> % <B>vos delentry user.temp</B>
+
+</PRE>
+<P>The following command removes the VLDB entry for every volume whose name
+begins with the string <B>test</B> and for which the VLDB lists a site on
+the file server machine <B>fs3.abc.com</B>.
+<PRE> % <B>vos delentry -prefix test -server fs3.abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P><A HREF="auarf276.htm#HDRVOS_SYNCSERV">vos syncserv</A>
+<P><A HREF="auarf277.htm#HDRVOS_SYNCVLDB">vos syncvldb</A>
+<P><A HREF="auarf280.htm#HDRVOS_ZAP">vos zap</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf258.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf260.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf259.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf261.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_DUMP" HREF="auarf002.htm#ToC_274">vos dump</A></H2>
+<A NAME="IDX5642"></A>
+<A NAME="IDX5643"></A>
+<A NAME="IDX5644"></A>
+<A NAME="IDX5645"></A>
+<A NAME="IDX5646"></A>
+<A NAME="IDX5647"></A>
+<A NAME="IDX5648"></A>
+<A NAME="IDX5649"></A>
+<A NAME="IDX5650"></A>
+<A NAME="IDX5651"></A>
+<A NAME="IDX5652"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Converts a volume into ASCII format and writes it to a file
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos dump -id</B> <<VAR>volume name or ID</VAR>> [<B>-time</B> <<VAR>dump from time</VAR>>] [<B>-file</B> <<VAR>dump file</VAR>>]
+ [<B>-server</B> <<VAR>server</VAR>>] [<B>-partition</B> <<VAR>partition</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos du -i</B> <<VAR>volume name or ID</VAR>> [<B>-t</B> <<VAR>dump from time</VAR>>] [<B>-f</B> <<VAR>dump file</VAR>>]
+ [<B>-s</B> <<VAR>server</VAR>>] [<B>-p</B> <<VAR>partition</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos dump</B> command converts the contents of the indicated
+volume, which can be read/write, read-only or backup, into ASCII
+format. The Volume Server writes the converted contents to the file
+named by the <B>-file</B> argument, or to the standard output
+stream. In the latter case, the output can be directed to a named pipe,
+which enables interoperation with third-party backup utilities.
+<P>To dump the complete contents of a volume (create a <I>full dump</I>),
+omit the <B>-time</B> argument or specify the value <B>0</B> (zero)
+for it. To create an <I>incremental dump</I>, which includes only
+the files and directories in the volume that have modification timestamps
+later than a certain time, specify a date and time as the value for the
+<B>-time</B> argument.
+<P>By default, the <B>vos</B> command interpreter consults the Volume
+Location Database (VLDB) to learn the volume's location, so the
+<B>-server</B> and <B>-partition</B> arguments are not
+required. If the <B>-id</B> argument identifies a read-only volume
+that resides at multiple sites, the command dumps the version from just one of
+them (normally, the one listed first in the volume's VLDB entry as
+reported by the <B>vos examine</B> or <B>vos listvldb</B>
+command). To dump the read-only volume from a particular site, use the
+<B>-server</B> and <B>-partition</B> arguments to specify the
+site. To bypass the VLDB lookup entirely, provide a volume ID number
+(rather than a volume name) as the value for the <B>-id</B> argument,
+together with the <B>-server</B> and <B>-partition</B>
+arguments. This makes it possible to dump a volume for which there is
+no VLDB entry.
+<P>During the dump operation, the volume is inaccessible both to Cache
+Managers and to other volume operations. Dumping a volume does not
+otherwise affect its status on the partition or its VLDB entry.
+<P>To restore a dumped volume back into AFS, use the <B>vos restore</B>
+command.
+<P><STRONG>Cautions</STRONG>
+<P>Support for incremental dumps is provided to facilitate interoperation with
+third-party backup utilities. The <B>vos dump</B> command does not
+provide any of the administrative facilities of an actual backup system, so
+the administrator must keep manual records of dump times and the relationship
+between full and incremental dumps of a volume. For a volume's
+contents to be consistent after restoration of incremental dumps, there must
+be no gap between the time at which a prior dump of the volume was created and
+the value of the <B>-time</B> argument to the <B>vos dump</B> command
+that creates the incremental dump. More specifically, for a read/write
+volume, the <B>-time</B> argument must specify the time that the prior
+dump was performed, and for a read-only or backup volume it must specify the
+time that the volume was last released (using the <B>vos release</B>
+command) or cloned (using the <B>vos backup</B> or <B>vos
+backupsys</B> command) prior to dumping it. The parent dump can be
+either a full dump or another incremental dump.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of the read/write,
+read-only, or backup volume to dump.
+<P><DT><B>-time
+</B><DD>Specifies whether the dump is full or incremental. Omit this
+argument to create a full dump, or provide one of three acceptable
+values:
+<UL>
+<P><LI>The value <B>0</B> (zero) to create a full dump.
+<P><LI>A date in the format
+<VAR>mm</VAR><B>/</B><VAR>dd</VAR><B>/</B><VAR>yyyy</VAR> (month, day and
+year) to create an incremental dump that includes only files and directories
+with modification timestamps later than midnight (12:00
+a.m.) on the indicated date. Valid values for the year
+range from <B>1970</B> to <B>2037</B>; higher values are not
+valid because the latest possible date in the standard UNIX representation is
+in 2038. The command interpreter automatically reduces later dates to
+the maximum value. An example is <B>01/13/1999</B>.
+<P><LI>A date and time in the format
+<B>"</B><VAR>mm</VAR><B>/</B><VAR>dd</VAR><B>/</B><VAR>yyyy</VAR>
+<VAR>hh</VAR><B>:</B><VAR>MM</VAR><B>"</B> to create an incremental
+dump that includes only files and directories with modification timestamps
+later than the specified date and time. The date format is the same as
+for a date alone. Express the time as hours and minutes
+(<VAR>hh</VAR>:<VAR>MM</VAR>) in 24-hour format (for example,
+<B>20:30</B> is 8:30 p.m.). Surround the
+entire expression with double quotes (" ") because it contains a space.
+An example is <B>"01/13/1999 22:30"</B>.
+</UL>
+<P><DT><B>-file
+</B><DD>Specifies the pathname of the file to which to write the dump. The
+file can be in AFS, but not in the volume being dumped. A partial
+pathname is interpreted relative to the current working directory. If
+this argument is omitted, the dump is directed to the standard output
+stream.
+<P><DT><B>-server
+</B><DD>Specifies the file server machine on which the volume resides.
+Provide the <B>-partition</B> argument along with this one.
+<P><DT><B>-partition
+</B><DD>Specifies the partition on which the volume resides. Provide the
+<B>-server</B> argument along with this one.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command writes a full dump of the volume
+<B>user.terry</B> to the file
+<B>/afs/abc.com/common/dumps/terry.dump</B>.
+<PRE> % <B>vos dump -id user.terry -time 0 -file /afs/abc.com/common/dumps/terry.dump</B>
+
+</PRE>
+<P>The following command writes an incremental dump of the volume
+<B>user.smith</B> to the file
+<B>smith.990131.dump</B> in the current working
+directory. Only those files in the volume with modification time stamps
+later than 6:00 p.m. on 31 January 1999 are included in
+the dump.
+<PRE> % <B>vos dump -id user.smith -time "01/31/1999 18:00" -file smith.990131.dump</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P>If the <B>-file</B> argument is included, the issuer must also have
+permission to insert and write in the directory that houses the file.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<P><A HREF="auarf274.htm#HDRVOS_RESTORE">vos restore</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf259.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf261.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf260.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf262.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_EXAMINE" HREF="auarf002.htm#ToC_275">vos examine</A></H2>
+<A NAME="IDX5653"></A>
+<A NAME="IDX5654"></A>
+<A NAME="IDX5655"></A>
+<A NAME="IDX5656"></A>
+<A NAME="IDX5657"></A>
+<A NAME="IDX5658"></A>
+<A NAME="IDX5659"></A>
+<A NAME="IDX5660"></A>
+<A NAME="IDX5661"></A>
+<A NAME="IDX5662"></A>
+<A NAME="IDX5663"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays information from the volume header and VLDB entry for a
+volume.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos examine -id</B> <<VAR>volume name or ID</VAR>> [<B>-extended</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos e -i</B> <<VAR>volume name or ID</VAR>> [<B>-e</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+
+<B>vos volinfo -i</B> <<VAR>volume name or ID</VAR>> [<B>-e</B>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+
+<B>vos v -i</B> <<VAR>volume name or ID</VAR>> [<B>-e</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos examine</B> command formats and displays information from
+the Volume Location Database (VLDB) entry and the volume header of the volume
+specified by the <B>-id</B> argument.
+<P>To display the volume header only, use the <B>vos listvol</B>
+command. To display information from the VLDB only, use the <B>vos
+listvldb</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of the volume,
+which can be read/write, read-only, or backup.
+<P><DT><B>-extended
+</B><DD>Display statistics about read and write operations on files and
+directories in the volume.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The first seven lines of the output show information from the volume header
+and the remaining lines come from the VLDB. Each item in the following
+list corresponds to a line of output derived from the volume header.
+<UL>
+<P><LI>Basic information about the specified volume (displayed on a single
+line):
+<UL>
+<P><LI>Name
+<P><LI>Volume ID number
+<A NAME="IDX5664"></A>
+<P><LI>Type (the flag is <TT>RW</TT> for read/write, <TT>RO</TT> for
+read-only, <TT>BK</TT> for backup)
+<P><LI>Size in kilobytes (<TT>1024</TT> equals a megabyte)
+<P><LI>Number of files in the volume, if the <B>-extended</B> flag is
+provided
+<A NAME="IDX5665"></A>
+<P><LI>Status on the file server machine, which is one of the following:
+<DL>
+<A NAME="IDX5666"></A>
+<P><DT><B><TT>On-line</TT>
+</B><DD>The volume is completely accessible to Cache Managers.
+<A NAME="IDX5667"></A>
+<P><DT><B><TT>Off-line</TT>
+</B><DD>The volume is not accessible to Cache Managers, but does not seem to be
+corrupted. This status appears while a volume is being dumped, for
+example.
+<A NAME="IDX5668"></A>
+<P><DT><B><TT>Off-line**needs salvage**</TT>
+</B><DD>The volume is not accessible to Cache Managers, because it seems to be
+corrupted. Use the <B>bos salvage</B> or <B>salvager</B>
+command to repair the corruption.
+</DL>
+</UL>
+<P><LI>The file server machine and partition that house the volume, as determined
+by the command interpreter as the command runs, rather than derived from the
+VLDB or the volume header.
+<A NAME="IDX5669"></A>
+<A NAME="IDX5670"></A>
+<A NAME="IDX5671"></A>
+<A NAME="IDX5672"></A>
+<A NAME="IDX5673"></A>
+<A NAME="IDX5674"></A>
+<A NAME="IDX5675"></A>
+<A NAME="IDX5676"></A>
+<P><LI>The volume ID numbers associated with the various versions of the
+volume: read/write (<TT>RWrite</TT>), read-only (<TT>ROnly</TT>),
+backup (<TT>Backup</TT>), and ReleaseClone (<TT>RClone</TT>). One
+of them matches the volume ID number that appears on the first line of the
+volume's output. If the value in the <TT>RWrite</TT>,
+<TT>ROnly</TT>, or <TT>Backup</TT> field is <TT>0</TT> (zero), there is
+no volume of that type. If there is currently no ReleaseClone, the
+<TT>RClone</TT> field does not appear at all.
+<A NAME="IDX5677"></A>
+<A NAME="IDX5678"></A>
+<P><LI>The maximum space quota allotted to the read/write copy of the volume,
+expressed in kilobyte blocks in the <TT>MaxQuota</TT> field.
+<A NAME="IDX5679"></A>
+<A NAME="IDX5680"></A>
+<P><LI>The date and time the volume was created, in the <TT>Creation</TT>
+field. If the volume has been restored with the <B>backup
+diskrestore</B>, <B>backup volrestore</B>, or <B>vos restore</B>
+command, this is the restore time.
+<A NAME="IDX5681"></A>
+<A NAME="IDX5682"></A>
+<P><LI>The date and time when the contents of the volume last changed, in the
+<TT>Last Update</TT> field. For read-only and backup volumes, it
+matches the timestamp in the <TT>Creation</TT> field.
+<A NAME="IDX5683"></A>
+<A NAME="IDX5684"></A>
+<P><LI>The number of times the volume has been accessed for a fetch or store
+operation since the later of the two following times:
+<UL>
+<P><LI>12:00 a.m. on the day the command is issued
+<P><LI>The last time the volume changed location
+</UL>
+</UL>
+<P>When the <B>-extended</B> flag is included, two tables appear
+next:
+<UL>
+<P><LI>The table labeled <TT>Raw Read/Write Stats</TT> contains information on
+the number of reads (fetches) and writes (stores) made on the specified
+volume.
+<P><LI>The table labeled <TT>Writes Affecting Authorship</TT> contains
+information on writes made to files and directories in the specified
+volume.
+</UL>
+<P>If the following message appears instead of the previously listed
+information, it indicates that a volume is not accessible to Cache Managers or
+the <B>vos</B> command interpreter, for example because a clone is being
+created.
+<PRE> **** Volume <VAR>volume_ID</VAR> is busy ****
+</PRE>
+<P>If the following message appears instead of the previously listed
+information, it indicates that the File Server is unable to attach the volume,
+perhaps because it is seriously corrupted. The <B>FileLog</B> and
+<B>VolserLog</B> log files in the <B>/usr/afs/logs</B> directory on
+the file server machine possibly provide additional information; use the
+<B>bos getlog</B> command to display them.
+<PRE> **** Could not attach volume <VAR>volume_ID</VAR> ****
+</PRE>
+<P>Following a blank line, information from the VLDB entry appears.
+Each item in this list corresponds to a separate line in the output:
+<UL>
+<P><LI>The base (read/write) volume name. The read-only and backup
+versions have the same name with a <B>.readonly</B> and
+<B>.backup</B> extension, respectively.
+<P><LI>The volume ID numbers allocated to the versions of the volume that
+actually exist, in fields labeled <TT>RWrite</TT> for the read/write,
+<TT>ROnly</TT> for the read-only, <TT>Backup</TT> for the backup, and
+<TT>RClone</TT> for the ReleaseClone. (If a field does not appear,
+the corresponding version of the volume does not exist.) The appearance
+of the <TT>RClone</TT> field normally indicates that a release operation did
+not complete successfully; the <TT>Old release</TT> and <TT>New
+release</TT> flags often also appear on one or more of the site definition
+lines described just following.
+<A NAME="IDX5685"></A>
+<A NAME="IDX5686"></A>
+<P><LI>The number of sites that house a read/write or read-only copy of the
+volume, following the string <TT>number of sites -></TT>.
+<A NAME="IDX5687"></A>
+<A NAME="IDX5688"></A>
+<A NAME="IDX5689"></A>
+<A NAME="IDX5690"></A>
+<A NAME="IDX5691"></A>
+<P><LI>A line for each site that houses a read/write or read-only copy of the
+volume, specifying the file server machine, partition, and type of volume
+(<TT>RW</TT> for read/write or <TT>RO</TT> for read-only). If a
+backup version exists, it is understood to share the read/write site.
+Several flags can appear with a site definition:
+<DL>
+<A NAME="IDX5692"></A>
+<P><DT><B><TT>Not released</TT>
+</B><DD>Indicates that the <B>vos release</B> command has not been issued
+since the <B>vos addsite</B> command was used to define the read-only
+site.
+<A NAME="IDX5693"></A>
+<P><DT><B><TT>Old release</TT>
+</B><DD>Indicates that a <B>vos release</B> command did not complete
+successfully, leaving the previous, obsolete version of the volume at this
+site.
+<A NAME="IDX5694"></A>
+<P><DT><B><TT>New release</TT>
+</B><DD>Indicates that a <B>vos release</B> command did not complete
+successfully, but that this site did receive the correct new version of the
+volume.
+</DL>
+<P><LI>If the VLDB entry is locked, the string <TT>Volume is currently
+LOCKED</TT>.
+</UL>
+<P>For further discussion of the <TT>New release</TT> and <TT>Old
+release</TT> flags, see the reference page for the <B>vos release</B>
+command.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows output for the ABC Corporation volume called
+<B>usr</B> with two read-only replication sites (this volume is mounted at
+the <B>/afs/abc.com/usr</B> directory). For the sake of
+illustration, the output shows the volume as locked.
+<PRE> % <B>vos examine usr</B>
+ usr 536870981 RW 3459 K On-line
+ fs2.abc.com /vicepb
+ RWrite 5360870981 ROnly 536870982 Backup 536870983
+ MaxQuota 40000 K
+ Creation Mon Jun 12 15:22:06 1989
+ Last Update Fri Jun 16 09:34:35 1989
+ 5719 accesses in the past day (i.e., vnode references)
+ RWrite: 5360870981 ROnly: 536870982 Backup: 536870983
+ number of sites -> 3
+ server fs1.abc.com partition /vicepa RO Site
+ server fs3.abc.com partition /vicepa RO Site
+ server fs2.abc.com partition /vicepb RW Site
+ Volume is currently LOCKED
+
+</PRE>
+<P>The following example shows the output for the volume
+<B>user.terry</B> using the <B>-extended</B> flag. The
+volume has no read-only replication sites.
+<PRE> %<B> vos examine -id user.terry -extended</B>
+ user.terry 354287190 RW 2302 K used 119 files On-line
+ fs4.abc.com /vicepc
+ RWrite 354287190 ROnly 0 Backup 354287192
+ MaxQuota 5000 K
+ Creation Wed Nov 25 17:38:57 1992
+ Last Update Tue Dec 15 10:46:20 1992
+ 598 accesses in the past day (i.e., vnode references)
+ Raw Read/Write Stats
+ |-------------------------------------------|
+ | Same Network | Diff Network |
+ |----------|----------|----------|----------|
+ | Total | Auth | Total | Auth |
+ |----------|----------|----------|----------|
+ Reads | 55 | 55 | 38 | 38 |
+ Writes | 95 | 95 | 0 | 0 |
+ |-------------------------------------------|
+ Writes Affecting Authorship
+ |-------------------------------------------|
+ | File Authorship | Directory Authorship|
+ |----------|----------|----------|----------|
+ | Same | Diff | Same | Diff |
+ |----------|----------|----------|----------|
+ 0-60 sec | 38 | 0 | 21 | 1 |
+ 1-10 min | 2 | 0 | 7 | 0 |
+ 10min-1hr | 0 | 0 | 1 | 0 |
+ 1hr-1day | 1 | 0 | 5 | 1 |
+ 1day-1wk | 0 | 0 | 0 | 0 |
+ > 1wk | 0 | 0 | 0 | 0 |
+ |-------------------------------------------|
+ RWrite: 354287190 Backup: 354287192
+ number of sites -> 1
+ server fs4.abc.com partition /vicepc RW Site
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<P><A HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<P><A HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<P><A HREF="auarf274.htm#HDRVOS_RESTORE">vos restore</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf260.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf262.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf261.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf263.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_HELP" HREF="auarf002.htm#ToC_276">vos help</A></H2>
+<A NAME="IDX5695"></A>
+<A NAME="IDX5696"></A>
+<A NAME="IDX5697"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays the syntax of specified <B>vos</B> commands or functional
+descriptions for all <B>vos</B> commands
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos help</B> [<B>-topic</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-help</B>]
+
+<B>vos h</B> [<B>-t</B> <<VAR>help string</VAR>><SUP>+</SUP>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos help</B> command displays the complete online help entry
+(short description and syntax statement) for each command operation code
+specified by the <B>-topic</B> argument. If the <B>-topic</B>
+argument is omitted, the output includes the first line (name and short
+description) of the online help entry for every <B>vos</B> command.
+<P>To list every <B>vos</B> command whose name or short description
+includes a specified keyword, use the <B>vos apropos</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-topic
+</B><DD>Identifies each command for which to display the complete online help
+entry. Omit the <B>vos</B> part of the command name, providing only
+the operation code (for example, specify <B>create</B>, not <B>vos
+create</B>). If this argument is omitted, the output briefly
+describes every <B>vos</B> command.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The online help entry for each <B>vos</B> command consists of the
+following two or three lines:
+<UL>
+<P><LI>The first line names the command and briefly describes its
+function.
+<P><LI>The second line lists aliases for the command, if any.
+<P><LI>The final line, which begins with the string <TT>Usage</TT>, lists the
+command's options in the prescribed order. Online help entries use
+the same symbols (for example, brackets) as the reference pages in this
+document.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the online help entry for the <B>vos
+create</B> command:
+<PRE> % <B>vos help create</B>
+ vos create: create a new volume
+ Usage: vos create -server <machine name> -partition <partition name>
+ -name <volume name> [-cell <cell name>] [-noauth] [-localauth]
+ [-verbose] [-help]
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf254.htm#HDRVOS_APROPOS">vos apropos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf261.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf263.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf262.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf264.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_LISTADDRS" HREF="auarf002.htm#ToC_277">vos listaddrs</A></H2>
+<A NAME="IDX5698"></A>
+<A NAME="IDX5699"></A>
+<A NAME="IDX5700"></A>
+<A NAME="IDX5701"></A>
+<A NAME="IDX5702"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays all VLDB server entries
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos listaddrs</B> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos lista</B> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos listaddrs</B> command displays all of the server entries
+from the Volume Location Database (VLDB). An entry is created as the
+File Server initializes and registers the contents of its
+<B>/usr/afs/local/sysid</B> file in the VLDB.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output displays all server entries from the VLDB, each on its own
+line. If a file server machine is multihomed, all of its registered
+addresses appear on the line. The first one is the one reported as a
+volume's site in the output from the <B>vos examine</B> and <B>vos
+listvldb</B> commands.
+<P>The VLDB records IP addresses, and the command interpreter has the local
+name service (either a process like the Domain Name Service or a local host
+table) translate them to hostnames before displaying them. If an IP
+address appears in the output, it is not possible to translate it.
+<P>The existence of an entry does not necessarily indicate that the machine
+that is still an active file server machine. To remove obsolete server
+entries, use the <B>vos changeaddr</B> command with the <B>-remove</B>
+argument.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the VLDB server entries in the ABC
+Corporation cell:
+<PRE> % <B>vos listaddrs </B>
+ sv5.abc.com
+ sv1.abc.com
+ sv2.abc.com afs2.abc.com
+ sv6.abc.com
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf049.htm#HDRSYSID">sysid</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf257.htm#HDRVOS_CHANGEADDR">vos changeaddr</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf262.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf264.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf263.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf265.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_LISTPART" HREF="auarf002.htm#ToC_278">vos listpart</A></H2>
+<A NAME="IDX5703"></A>
+<A NAME="IDX5704"></A>
+<A NAME="IDX5705"></A>
+<A NAME="IDX5706"></A>
+<A NAME="IDX5707"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays all AFS partitions on a file server machine
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos listpart -server</B> <<VAR>machine name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos listp -s</B> <<VAR>machine name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos listpart</B> command displays all of the valid AFS
+partitions on the indicated file server machine, without consulting the Volume
+Location Database (VLDB). The <B>vos partinfo</B> command reports
+the size of a partition and the available space on that partition.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine for which to list the
+partitions. Provide the machine's IP address or its host name
+(either fully qualified or using an unambiguous abbreviation). For
+details, see the introductory reference page for the <B>vos</B> command
+suite.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output consists of a list of partition names of the form
+<B>/vicep</B><VAR>xx</VAR>, following the header:
+<PRE> The partitions on the server are:
+
+</PRE>
+<P>The last line of the output reports the total number of partitions.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays the partitions on
+<B>fs1.abc.com</B>:
+<PRE> % <B>vos listpart fs1.abc.com</B>
+ The partitions on the server are:
+ /vicepa /vicepb /vicepc /vicepd
+ Total: 4
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf269.htm#HDRVOS_PARTINFO">vos partinfo</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf263.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf265.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf264.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf266.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_LISTVLDB" HREF="auarf002.htm#ToC_279">vos listvldb</A></H2>
+<A NAME="IDX5708"></A>
+<A NAME="IDX5709"></A>
+<A NAME="IDX5710"></A>
+<A NAME="IDX5711"></A>
+<A NAME="IDX5712"></A>
+<A NAME="IDX5713"></A>
+<A NAME="IDX5714"></A>
+<A NAME="IDX5715"></A>
+<A NAME="IDX5716"></A>
+<A NAME="IDX5717"></A>
+<A NAME="IDX5718"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays a volume's VLDB entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos listvldb</B> [<B>-name</B> <<VAR>volume name or ID</VAR>>] [<B>-server</B> <<VAR>machine name</VAR>>]
+ [<B>-partition</B> <<VAR>partition name</VAR>>] [<B>-locked</B>] [<B>-quiet</B>] [<B>-nosort</B>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos listvl</B> [<B>-na</B> <<VAR>volume name or ID</VAR>>] [<B>-s</B> <<VAR>machine name</VAR>>]
+ [<B>-p</B> <<VAR>partition name</VAR>>] [<B>-lock</B>] [<B>-q</B>] [<B>-nos</B>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-noa</B>] [<B>-loca</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos listvldb</B> command formats and displays information from
+the Volume Location Database (VLDB) entry for each volume specified.
+The output depends on the combination of options supplied on the command
+line. Combine options as indicated to display the desired type of VLDB
+entries:
+<UL>
+<P><LI>Every entry in the VLDB: provide no options
+<P><LI>Every VLDB entry that mentions a certain file server machine as the site
+for a volume: specify the machine's name as the <B>-server</B>
+argument
+<P><LI>Every VLDB entry that mentions a certain partition on any file server
+machine as the site for a volume: specify the partition name as the
+<B>-partition</B> argument
+<P><LI>Every VLDB entry that mentions a certain partition on a certain file
+server machine as the site for a volume: combine the <B>-server</B>
+and <B>-partition</B> arguments
+<P><LI>A single VLDB entry: specify a volume name or ID number with the
+<B>-name</B> argument
+<P><LI>The VLDB entry only for the volumes with locked VLDB entries found at a
+certain site: combine the <B>-locked</B> flag with any of arguments
+that define sites
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-name
+</B><DD>Specifies either the complete name or volume ID number of a volume of any
+of the three types.
+<P><DT><B>-server
+</B><DD>Identifies the file server machine listed as a site in each VLDB entry to
+display. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P>This argument can be combined with the <B>-partition</B> argument, the
+<B>-locked</B> flag, or both.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) listed as a site in each VLDB entry to
+display. Provide the partition's complete name with preceding
+slash (for example, <B>/vicepa</B>) or use one of the three acceptable
+abbreviated forms. For details, see the introductory reference page for
+the <B>vos</B> command suite.
+<P>This argument can be combined with the <B>-server</B> argument, the
+<B>-locked</B> flag, or both.
+<P><DT><B>-locked
+</B><DD>Displays only locked VLDB entries. This flag can be combined with
+the <B>-server</B> argument, the <B>-partition</B> argument, or
+both.
+<P><DT><B>-quiet
+</B><DD>Suppresses the lines that summarize the number of volumes listed and their
+status, which otherwise appear at the beginning and end of the output when the
+output includes more than one volume.
+<P><DT><B>-nosort
+</B><DD>Suppresses the default sorting of volume entries alphabetically by volume
+name.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the output includes more than one VLDB entry, by default the first line
+reports which file server machine, partition, or both, houses the
+volumes. The final line of output reports the total number of entries
+displayed. Including the <B>-quiet</B> flag suppresses these
+lines.
+<P>By default, volumes are sorted alphabetically by volume name.
+Including the <B>-nosort</B> flag skips the sorting step, which can speed
+up the production of output if there are a large number of entries.
+<P>The VLDB entry for each volume includes the following information:
+<UL>
+<P><LI>The base (read/write) volume name. The read-only and backup
+versions have the same name with a <B>.readonly</B> and
+<B>.backup</B> extension, respectively.
+<P><LI>The volume ID numbers allocated to the versions of the volume that
+actually exist, in fields labeled <TT>RWrite</TT> for the read/write,
+<TT>ROnly</TT> for the read-only, <TT>Backup</TT> for the backup, and
+<TT>RClone</TT> for the ReleaseClone. (If a field does not appear,
+the corresponding version of the volume does not exist.) The appearance
+of the <TT>RClone</TT> field normally indicates that a release operation did
+not complete successfully; the <TT>Old release</TT> and <TT>New
+release</TT> flags often also appear on one or more of the site definition
+lines described just following.
+<A NAME="IDX5719"></A>
+<A NAME="IDX5720"></A>
+<P><LI>The number of sites that house a read/write or read-only copy of the
+volume, following the string <TT>number of sites -></TT>.
+<A NAME="IDX5721"></A>
+<A NAME="IDX5722"></A>
+<A NAME="IDX5723"></A>
+<A NAME="IDX5724"></A>
+<A NAME="IDX5725"></A>
+<P><LI>A line for each site that houses a read/write or read-only copy of the
+volume, specifying the file server machine, partition, and type of volume
+(<TT>RW</TT> for read/write or <TT>RO</TT> for read-only). If a
+backup version exists, it is understood to share the read/write site.
+Several flags can appear with a site definition:
+<DL>
+<A NAME="IDX5726"></A>
+<P><DT><B><TT>Not released</TT>
+</B><DD>Indicates that the <B>vos release</B> command has not been issued
+since the <B>vos addsite</B> command was used to define the read-only
+site.
+<A NAME="IDX5727"></A>
+<P><DT><B><TT>Old release</TT>
+</B><DD>Indicates that a <B>vos release</B> command did not complete
+successfully, leaving the previous, obsolete version of the volume at this
+site.
+<A NAME="IDX5728"></A>
+<P><DT><B><TT>New release</TT>
+</B><DD>Indicates that a <B>vos release</B> command did not complete
+successfully, but that this site did receive the correct new version of the
+volume.
+</DL>
+<P><LI>If the VLDB entry is locked, the string <TT>Volume is currently
+LOCKED</TT>.
+</UL>
+<P>For further discussion of the <TT>New release</TT> and <TT>Old
+release</TT> flags, see the reference page for the <B>vos release</B>
+command.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays VLDB information for the ABC Corporation
+volume called <B>usr</B>, which has two read-only replication sites:
+<PRE> % <B>vos listvldb -name usr</B>
+ usr
+ RWrite: 5360870981 ROnly: 536870982 Backup: 536870983
+ number of sites -> 3
+ server fs1.abc.com partition /vicepa RO Site
+ server fs3.abc.com partition /vicepa RO Site
+ server fs2.abc.com partition /vicepb RW Site
+
+</PRE>
+<P>The following example shows entries for two of the volumes that reside on
+the file server machine <B>fs4.abc.com</B>. The first
+VLDB entry is currently locked. There are 508 entries that mention the
+machine as a volume site.
+<PRE> % <B>vos listvldb -server fs4.abc.com</B>
+ VLDB entries for server fs4.abc.com
+ . . . .
+ . . . .
+ user.smith
+ RWrite: 278541326 ROnly: 278541327 Backup: 278542328
+ number of sites -> 1
+ server fs4.abc.com partition /vicepg RW Site
+ Volume is currently LOCKED
+ user.terry
+ RWrite 354287190 ROnly 354287191 Backup 354287192
+ number of sites -> 1
+ server fs4.abc.com partition /vicepc RW Site
+ . . . .
+ . . . .
+ Total entries: 508
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<P><A HREF="auarf267.htm#HDRVOS_LOCK">vos lock</A>
+<P><A HREF="auarf278.htm#HDRVOS_UNLOCK">vos unlock</A>
+<P><A HREF="auarf279.htm#HDRVOS_UNLOCKVLDB">vos unlockvldb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf264.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf266.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf265.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf267.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_LISTVOL" HREF="auarf002.htm#ToC_280">vos listvol</A></H2>
+<A NAME="IDX5729"></A>
+<A NAME="IDX5730"></A>
+<A NAME="IDX5731"></A>
+<A NAME="IDX5732"></A>
+<A NAME="IDX5733"></A>
+<A NAME="IDX5734"></A>
+<A NAME="IDX5735"></A>
+<A NAME="IDX5736"></A>
+<A NAME="IDX5737"></A>
+<A NAME="IDX5738"></A>
+<A NAME="IDX5739"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays information from a volume header
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos listvol -server</B> <<VAR>machine name</VAR>> [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-fast</B>] [<B>-long</B>] [<B>-quiet</B>] [<B>-extended</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos listvo -s</B> <<VAR>machine name</VAR>> [<B>-p</B> <<VAR>partition name</VAR>>] [<B>-f</B>] [<B>-lon</B>]
+ [<B>-q</B>] [<B>-e</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-loc</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos listvol</B> command formats and displays the following
+information from the volume header of each specified volume: volume
+name, volume ID, volume type, size, and status at the server. The
+actual information displayed depends on the combination of arguments supplied
+when the command is issued. To display volume header information for
+various numbers of volumes, combine the command's arguments as
+indicated:
+<UL>
+<P><LI>For every volume on a file server machine, specify the machine's name
+with the <B>-server</B> argument.
+<P><LI>For every volume at a particular site, combine the <B>-server</B>
+argument with the <B>-partition</B> argument.
+</UL>
+<P>To display the Volume Location Database (VLDB) entry for one or more
+volumes, use the <B>vos listvldb</B> command. To display both the
+VLDB entry and the volume header for a single volume, use the <B>vos
+examine</B> command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine that houses volumes for which to
+display the header. Provide the machine's IP address or its host
+name (either fully qualified or using an unambiguous abbreviation). For
+details, see the introductory reference page for the <B>vos</B> command
+suite.
+<P>This argument can be combined with the <B>-partition</B> argument, as
+well as the <B>-fast</B>, <B>-long</B>, or <B>-extended</B>
+flag.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) that houses volumes for which to display the
+header. Provide the partition's complete name with preceding slash
+(for example, <B>/vicepa</B>) or use one of the three acceptable
+abbreviated forms. For details, see the introductory reference page for
+the <B>vos</B> command suite.
+<P><DT><B>-fast
+</B><DD>Displays only the volume ID numbers of volumes stored at the site
+specified by the <B>-server</B>, and optionally <B>-partition</B>,
+argument. Do not combine this flag with the <B>-extended</B>
+flag.
+<P><DT><B>-long
+</B><DD>Displays more detailed information about each volume stored at the site
+specified by the <B>-server</B>, and optionally <B>-partition</B>,
+argument. The information includes the volume IDs of all three volume
+types associated with the volume, and the read/write volume's quota,
+creation date and update date.
+<P><DT><B>-quiet
+</B><DD>Suppresses the lines that summarize the number of volumes listed and their
+status, which otherwise appear at the beginning and end of the output when the
+output includes more than one volume.
+<P><DT><B>-extended
+</B><DD>Displays extensive statistics about access patterns for each volume stored
+at the site specified by the <B>-server</B>, and optionally
+<B>-partition</B>, argument. The statistics include the number of
+reads and writes to files in the volume, and how recently files and
+directories have been updated by their owners or other users. Do not
+combine this flag with the <B>-fast</B> flag.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The output is ordered alphabetically by volume name and by default provides
+the following information on a single line for each volume:
+<UL>
+<P><LI>Name
+<P><LI>Volume ID number
+<A NAME="IDX5740"></A>
+<P><LI>Type (the flag is <TT>RW</TT> for read/write, <TT>RO</TT> for
+read-only, <TT>BK</TT> for backup)
+<P><LI>Size in kilobytes (<TT>1024</TT> equals a megabyte)
+<P><LI>Number of files in the volume, if the <B>-extended</B> flag is
+provided
+<A NAME="IDX5741"></A>
+<P><LI>Status on the file server machine, which is one of the following:
+<DL>
+<A NAME="IDX5742"></A>
+<P><DT><B><TT>On-line</TT>
+</B><DD>The volume is completely accessible to Cache Managers.
+<A NAME="IDX5743"></A>
+<P><DT><B><TT>Off-line</TT>
+</B><DD>The volume is not accessible to Cache Managers, but does not seem to be
+corrupted. This status appears while a volume is being dumped, for
+example.
+<A NAME="IDX5744"></A>
+<P><DT><B><TT>Off-line**needs salvage**</TT>
+</B><DD>The volume is not accessible to Cache Managers, because it seems to be
+corrupted. Use the <B>bos salvage</B> or <B>salvager</B>
+command to repair the corruption.
+</DL>
+</UL>
+<P>If the following message appears instead of the previously listed
+information, it indicates that a volume is not accessible to Cache Managers or
+the <B>vos</B> command interpreter, for example because a clone is being
+created.
+<PRE> **** Volume <VAR>volume_ID</VAR> is busy ****
+</PRE>
+<P>If the following message appears instead of the previously listed
+information, it indicates that the File Server is unable to attach the volume,
+perhaps because it is seriously corrupted. The <B>FileLog</B> and
+<B>VolserLog</B> log files in the <B>/usr/afs/logs</B> directory on
+the file server machine possibly provide additional information; use the
+<B>bos getlog</B> command to display them.
+<PRE> **** Could not attach volume <VAR>volume_ID</VAR> ****
+</PRE>
+<P>The information about individual volumes is bracketed by summary
+lines. The first line of output specifies the number of volumes in the
+listing. The last line of output summarizes the number of volumes that
+are online, offline, and busy. These lines do not appear if the
+<B>-quiet</B> flag is used.
+<P>If the <B>-fast</B> flag is added, the output displays only the volume
+ID number of each volume, arranged in increasing numerical order. The
+final line (which summarizes the number of online, offline, and busy volumes)
+is omitted.
+<P>If the <B>-long</B> flag is included, the output for each volume
+includes all of the information in the default listing plus the
+following. Each item in this list corresponds to a separate line of
+output:
+<UL>
+<P><LI>The file server machine and partition that house the volume, as determined
+by the command interpreter as the command runs, rather than derived from the
+VLDB or the volume header.
+<A NAME="IDX5745"></A>
+<A NAME="IDX5746"></A>
+<A NAME="IDX5747"></A>
+<A NAME="IDX5748"></A>
+<A NAME="IDX5749"></A>
+<A NAME="IDX5750"></A>
+<A NAME="IDX5751"></A>
+<A NAME="IDX5752"></A>
+<P><LI>The volume ID numbers associated with the various versions of the
+volume: read/write (<TT>RWrite</TT>), read-only (<TT>ROnly</TT>),
+backup (<TT>Backup</TT>), and ReleaseClone (<TT>RClone</TT>). One
+of them matches the volume ID number that appears on the first line of the
+volume's output. If the value in the <TT>RWrite</TT>,
+<TT>ROnly</TT>, or <TT>Backup</TT> field is <TT>0</TT> (zero), there is
+no volume of that type. If there is currently no ReleaseClone, the
+<TT>RClone</TT> field does not appear at all.
+<A NAME="IDX5753"></A>
+<A NAME="IDX5754"></A>
+<P><LI>The maximum space quota allotted to the read/write copy of the volume,
+expressed in kilobyte blocks in the <TT>MaxQuota</TT> field.
+<A NAME="IDX5755"></A>
+<A NAME="IDX5756"></A>
+<P><LI>The date and time the volume was created, in the <TT>Creation</TT>
+field. If the volume has been restored with the <B>backup
+diskrestore</B>, <B>backup volrestore</B>, or <B>vos restore</B>
+command, this is the restore time.
+<A NAME="IDX5757"></A>
+<A NAME="IDX5758"></A>
+<P><LI>The date and time when the contents of the volume last changed, in the
+<TT>Last Update</TT> field. For read-only and backup volumes, it
+matches the timestamp in the <TT>Creation</TT> field.
+<A NAME="IDX5759"></A>
+<A NAME="IDX5760"></A>
+<P><LI>The number of times the volume has been accessed for a fetch or store
+operation since the later of the two following times:
+<UL>
+<P><LI>12:00 a.m. on the day the command is issued
+<P><LI>The last time the volume changed location
+</UL>
+</UL>
+<P>If the <B>-extended</B> flag is included, the output for each volume
+includes all of the information reported with the <B>-long</B> flag, plus
+two tables of statistics:
+<UL>
+<P><LI>The table labeled <TT>Raw Read/Write Stats</TT> table summarizes the
+number of times the volume has been accessed for reading or writing.
+<P><LI>The table labeled <TT>Writes Affecting Authorship</TT> table contains
+information on writes made to files and directories in the specified
+volume.
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows the output for the <B>/vicepb</B> partition
+on the file server machine <B>fs2.abc.com</B> when no flags
+are provided:
+<PRE> % <B>vos listvol -server fs2.abc.com -partition b</B>
+ Total number of volumes on server fs2.abc.com \
+ partition /vicepb : 66
+ sys 1969534847 RW 1582 K On-line
+ sys.backup 1969535105 BK 1582 K On-line
+ . . . . . .
+ . . . . . .
+ user.pat 1969534536 RW 17518 K On-line
+ user.pat.backup 1969534538 BK 17537 K On-line
+ Total volumes onLine 66 ; Total volumes offLine 0 ; Total busy 0
+
+</PRE>
+<P>The following example shows the output when the <B>-fast</B> flag is
+added:
+<PRE> % <B>vos listvol -server fs2.abc.com -partition b -fast</B>
+ Total number of volumes on server fs2.abc.com \
+ partition /vicepb : 66
+ 1969516782
+ 1969516784
+ .
+ .
+ 1969535796
+
+</PRE>
+<P>The following example shows two volumes from the output that appears when
+the <B>-long</B> flag is added:
+<PRE> % <B>vos listvol -server fs2.abc.com -partition b -long</B>
+ Total number of volumes on server fs2.abc.com \
+ partition /vicepb: 66
+ . . . . . .
+ . . . . . .
+ user.pat 1969534536 RW 17518 K On-line
+ fs2.abc.com /vicepb
+ RWrite 1969534536 ROnly 0 Backup 1969534538
+ MaxQuota 20000 K
+ Creation Mon Jun 12 09:02:25 1989
+ Last Update Thu May 20 17:39:34 1999
+ 1573 accesses in the past day (i.e., vnode references)
+ user.pat.backup 1969534538 BK 17537 K On-line
+ fs2.abc.com /vicepb
+ RWrite 1969534536 ROnly 0 Backup 1969534538
+ MaxQuota 20000 K
+ Creation Tue Jun 13 04:37:59 1989
+ Last Update Wed May 19 06:37:59 1999
+ 0 accesses in the past day (i.e., vnode references)
+ . . . . . .
+ . . . . . .
+ Total volumes onLine 66 ; Total volumes offLine 0 ; \
+ Total busy 0
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf072.htm#HDRBK_DISKRESTORE">backup diskrestore</A>
+<P><A HREF="auarf091.htm#HDRBK_VOLRESTORE">backup volrestore</A>
+<P><A HREF="auarf102.htm#HDRBOS_GETLOG">bos getlog</A>
+<P><A HREF="auarf114.htm#HDRBOS_SALVAGE">bos salvage</A>
+<P><A HREF="auarf232.htm#HDRSALVAGER">salvager</A>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<P><A HREF="auarf274.htm#HDRVOS_RESTORE">vos restore</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf265.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf267.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf266.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf268.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_LOCK" HREF="auarf002.htm#ToC_281">vos lock</A></H2>
+<A NAME="IDX5761"></A>
+<A NAME="IDX5762"></A>
+<A NAME="IDX5763"></A>
+<A NAME="IDX5764"></A>
+<A NAME="IDX5765"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Locks a VLDB volume entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos lock -id</B> <<VAR>volume name or ID</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos lo -i</B> <<VAR>volume name or ID</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos lock</B> command locks the Volume Location Database (VLDB)
+entry for the indicated volume, blocking any operation that requires a write
+to that entry. The lock applies to all of the volume versions
+associated with the entry, not just the one specified with the <B>-id</B>
+argument.
+<P>To unlock a single VLDB entry, use the <B>vos unlock</B>
+command. To unlock several entries, or all locked entries in the VLDB,
+use the <B>vos unlockvldb</B> command.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use this command in normal circumstances. It is useful for
+guaranteeing that the volume stays unchanged when there is reason to believe
+that volume operations cannot properly lock VLDB volume entries as they
+normally do to synchronize with one another.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of a volume of the
+any of the three types.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command locks the VLDB entry for
+<B>user.terry</B>.
+<PRE> % <B>vos lock user.terry</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf278.htm#HDRVOS_UNLOCK">vos unlock</A>
+<P><A HREF="auarf279.htm#HDRVOS_UNLOCKVLDB">vos unlockvldb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf266.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf268.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf267.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf269.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_MOVE" HREF="auarf002.htm#ToC_282">vos move</A></H2>
+<A NAME="IDX5766"></A>
+<A NAME="IDX5767"></A>
+<A NAME="IDX5768"></A>
+<A NAME="IDX5769"></A>
+<A NAME="IDX5770"></A>
+<A NAME="IDX5771"></A>
+<A NAME="IDX5772"></A>
+<A NAME="IDX5773"></A>
+<A NAME="IDX5774"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Moves a read/write volume to another site
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos move -id</B> <<VAR>volume name or ID</VAR>> <B>-fromserver</B> <<VAR>machine name on source</VAR>>
+ <B>-frompartition</B> <<VAR>partition name on source</VAR>>
+ <B>-toserver</B> <<VAR>machine name on destination</VAR>>
+ <B>-topartition</B> <<VAR>partition name on destination</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos m -i</B> <<VAR>volume name or ID</VAR>> <B>-froms</B> <<VAR>machine name on source</VAR>>
+ <B>-fromp</B> <<VAR>partition name on source</VAR>> <B>-tos</B> <<VAR>machine name on destination</VAR>>
+ <B>-top</B> <<VAR>partition name on destination</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos move</B> command moves the indicated read/write volume from
+its current site (specified with the <B>-fromserver</B> and
+<B>-frompartition</B> arguments) to the destination site (specified with
+the <B>-toserver</B> and <B>-topartition</B> arguments). This
+command automatically removes the backup copy from the current site, if it
+exists. To create a new backup volume at the destination site, use the
+<B>vos backup</B> command.
+<P>This command works on read/write volumes only. To move a read-only
+volume, use the <B>vos addsite</B> and <B>vos release</B> commands to
+define a new read-only site and release the volume contents to it, and then
+use the <B>vos remove</B> command to remove the previous read-only
+volume's definition from the Volume Location Database (VLDB) and data
+from the partition. To move a backup volume, use this command to move
+its read/write source and then issue the <B>vos backup</B> command.
+<P>Before executing this command, the <B>vos</B> command interpreter
+initiates a check that the destination partition contains enough space to
+house the volume being moved. If there is not enough space, the move
+operation is not attempted and the following message appears:
+<PRE> vos: no space on target partition <VAR>dest_part</VAR> to move volume <VAR>volume</VAR>
+
+</PRE>
+<P><STRONG>Cautions</STRONG>
+<P>Unless there is a compelling reason, do not interrupt a <B>vos move</B>
+command in progress. Interrupting a move can result in one or more of
+the following inconsistent states:
+<UL>
+<P><LI>There are two versions of the volume, one at the source site and one at
+the destination site. (If this happens, retain the version identified
+by the VLDB and use the <B>vos zap</B> command to remove the other
+version.)
+<P><LI>The backup version of the volume is stranded at the old site. (If
+this happens, use the <B>vos zap</B> command to remove it.)
+<P><LI>The volume is off-line. (If this happens, run the <B>bos
+salvage</B> command to bring it back on line.)
+</UL>
+<P>If the <<B>Ctrl-c</B>> interrupt signal is pressed while a <B>vos
+move</B> operation is executing, the following message warns of the
+consequences and requests confirmation of the kill signal:
+<PRE> SIGINT handler: vos move operation in progress
+ WARNING: may leave AFS storage and metadata in indeterminate state
+ enter second control-c to exit
+
+</PRE>
+<P>To confirm termination of the operation, press <<B>Ctrl-c</B>> a
+second time; press any other key to continue the operation.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of a read/write
+volume.
+<P><DT><B>-fromserver
+</B><DD>Identifies the file server machine where the volume currently
+resides. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-frompartition
+</B><DD>Names the partition where the volume currently resides. Provide the
+full partition name (for, example, <B>/vicepa</B>) or one of the
+abbreviated forms described on the introductory <B>vos</B> reference
+page.
+<P><DT><B>-toserver
+</B><DD>Identifies the file server machine to which to move the volume.
+Provide the machine's IP address or its host name (either fully qualified
+or using an unambiguous abbreviation). For details, see the
+introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-topartition
+</B><DD>Names the partition to which to move the volume. Provide the full
+partition name (for, example, <B>/vicepa</B>) or one of the abbreviated
+forms described on the introductory <B>vos</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example moves the volume <B>user.smith</B> from
+the <B>/vicepb</B> partition on the file server machine
+<B>fs3.abc.com</B> to the <B>/vicepg</B> partition on
+the file server machine <B>fs7.abc.com</B>.
+<PRE> % <B>vos move -id user.smith -fromserver fs3.abc.com -frompartition b</B> \
+ <B>-toserver fs7.abc.com -topartition g</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machines specified with the <B>-toserver</B> and
+<B>-fromserver</B> arguments and on each database server machine.
+If the <B>-localauth</B> flag is included, the issuer must instead be
+logged on to a server machine as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf253.htm#HDRVOS_ADDSITE">vos addsite</A>
+<P><A HREF="auarf255.htm#HDRVOS_BACKUP">vos backup</A>
+<P><A HREF="auarf270.htm#HDRVOS_RELEASE">vos release</A>
+<P><A HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf267.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf269.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf268.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf270.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_PARTINFO" HREF="auarf002.htm#ToC_283">vos partinfo</A></H2>
+<A NAME="IDX5775"></A>
+<A NAME="IDX5776"></A>
+<A NAME="IDX5777"></A>
+<A NAME="IDX5778"></A>
+<A NAME="IDX5779"></A>
+<A NAME="IDX5780"></A>
+<A NAME="IDX5781"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports the available and total space on a partition
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos partinfo -server</B> <<VAR>machine name</VAR>> [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos p -s</B> <<VAR>machine name</VAR>> [<B>-p</B> <<VAR>partition name</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos partinfo</B> command reports the amount of space available
+and total size on <B>either</B> all of the partitions on the indicated
+file server machine (if the <B>-partition</B> argument is omitted)
+<B>or</B> the specified partition on that file server machine. The
+Volume Location Database (VLDB) is not consulted.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine for which to display partition
+information. Provide the machine's IP address or its host name
+(either fully qualified or using an unambiguous abbreviation). For
+details, see the introductory reference page for the <B>vos</B> command
+suite.
+<P><DT><B>-partition
+</B><DD>Identifies which partition on the file server machine specified by the
+<B>-server</B> argument for which to display information. Provide
+the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Cautions</STRONG>
+<P>The partition-related statistics in this command's output do not
+always agree with the corresponding values in the output of the standard UNIX
+<B>df</B> command. The statistics reported by this command can be
+up to five minutes old, because the Cache Manager polls the File Server for
+partition information at that frequency. Also, on some operating
+systems, the <B>df</B> command's report of partition size includes
+reserved space not included in this command's calculation, and so is
+likely to be about 10% larger.
+<P><STRONG>Output</STRONG>
+<P>The output reports the amount of space available and total space for each
+specified partition.
+<P><STRONG>Examples</STRONG>
+<P>The following command displays all partitions on the file server machine
+<B>fs2.abc.com</B>.
+<PRE> % <B>vos partinfo fs2.abc.com</B>
+ Free space on partition /vicepa: 27301 K blocks out of total 549197
+ Free space on partition /vicepb: 13646 K blocks out of total 69194
+ Free space on partition /vicepc: 31798 K blocks out of total 320315
+ Free space on partition /vicepd: 33302 K blocks out of total 494954
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf264.htm#HDRVOS_LISTPART">vos listpart</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf268.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf270.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf269.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf271.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_RELEASE" HREF="auarf002.htm#ToC_284">vos release</A></H2>
+<A NAME="IDX5782"></A>
+<A NAME="IDX5783"></A>
+<A NAME="IDX5784"></A>
+<A NAME="IDX5785"></A>
+<A NAME="IDX5786"></A>
+<A NAME="IDX5787"></A>
+<A NAME="IDX5788"></A>
+<A NAME="IDX5789"></A>
+<A NAME="IDX5790"></A>
+<A NAME="IDX5791"></A>
+<A NAME="IDX5792"></A>
+<A NAME="IDX5793"></A>
+<A NAME="IDX5794"></A>
+<A NAME="IDX5795"></A>
+<A NAME="IDX5796"></A>
+<A NAME="IDX5797"></A>
+<A NAME="IDX5798"></A>
+<A NAME="IDX5799"></A>
+<A NAME="IDX5800"></A>
+<A NAME="IDX5801"></A>
+<A NAME="IDX5802"></A>
+<A NAME="IDX5803"></A>
+<A NAME="IDX5804"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Updates the contents of read-only volumes to match their read/write source
+volume
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos release -id</B> <<VAR>volume name or ID</VAR>> [<B>-f</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos rel -i</B> <<VAR>volume name or ID</VAR>> [<B>-f</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos release</B> command copies the contents of the indicated
+read/write source volume to each read-only site defined in the source
+volume's Volume Location Database (VLDB) entry. (Use the <B>vos
+addsite</B> command to define sites as necessary before issuing this
+command). Each read-only copy has the same name as read/write source
+with the addition of a <B>.readonly</B> extension.
+<P>For users to have a consistent view of the file system, the release of the
+new volume version must be atomic: either all read-only sites receive
+the new version, or all sites keep the version they currently have. The
+<B>vos release</B> command is designed to ensure that all copies of the
+volume's read-only version match both the read/write source and each
+other. In cases where problems such as machine or server process
+outages prevent successful completion of the release operation, AFS uses two
+mechanisms to alert the administrator.
+<P>First, the command interpreter generates an error message on the standard
+error stream naming each read-only site that did not receive the new volume
+version. Second, during the release operation the Volume Location (VL)
+Server marks site definitions in the VLDB entry with flags (<TT>New
+release</TT> and <TT>Old release</TT>) that indicate whether or not the
+site has the new volume version. If any flags remain after the
+operation completes, it was not successful. The Cache Manager refuses
+to access a read-only site marked with the <TT>Old release</TT> flag, which
+potentially imposes a greater load on the sites marked with the <TT>New
+release</TT> flag. It is important to investigate and eliminate the
+cause of the failure and then to issue the <B>vos release</B> command as
+many times as necessary to complete the release without errors.
+<P>The pattern of site flags remaining in the volume's VLDB entry after a
+failed release operation can help determine the point at which the operation
+failed. Use the <B>vos examine</B> or <B>vos listvldb</B>
+command to display the VLDB entry. The VL Server sets the flags in
+concert with the Volume Server's operations, as follows:
+<OL TYPE=1>
+<P><LI>Before the operation begins, the VL Server sets the <TT>New release</TT>
+flag on the read/write site definition in the VLDB entry and the <TT>Old
+release</TT> flag on read-only site definitions (unless the read-only site
+has been defined since the last release operation and has no actual volume, in
+which case its site flag remains <TT>Not released</TT>).
+<P><LI>If necessary, the Volume Server creates a temporary copy (a
+<I>clone</I>) of the read/write source called the ReleaseClone (see the
+following discussion of when the Volume Server does or does not create a new
+ReleaseClone.) It assigns the ReleaseClone its own volume ID number,
+which the VL Server records in the <TT>RClone</TT> field of the source
+volume's VLDB entry.
+<P><LI>The Volume Server distributes a copy of the ReleaseClone to each read-only
+site defined in the VLDB entry. As the site successfully receives the
+new clone, the VL Server sets the site's flag in the VLDB entry to
+<TT>New release</TT>.
+<P><LI>When all the read-only copies are successfully released, the VL Server
+clears all the <TT>New release</TT> site flags. The ReleaseClone is
+no longer needed, so the Volume Server deletes it and the VL Server erases its
+ID from the VLDB entry.
+</OL>
+<P>By default, the Volume Server determines automatically whether or not it
+needs to create a new ReleaseClone:
+<UL>
+<P><LI>If there are no flags (<TT>New release</TT>, <TT>Old release</TT>, or
+<TT>Not released</TT>) on site definitions in the VLDB entry, the previous
+<B>vos release</B> command completed successfully and all read-only sites
+currently have the same volume. The Volume Server infers that the
+current <B>vos release</B> command was issued because the read/write
+volume has changed. The Volume Server creates a new ReleaseClone and
+distributes it to all of the read-only sites.
+<P><LI>If any site definition in the VLDB entry is marked with a flag, either the
+previous release operation did not complete successfully or a new read-only
+site was defined since the last release. The Volume Server does not
+create a new ReleaseClone, instead distributing the existing ReleaseClone to
+sites marked with the <TT>Old release</TT> or <TT>Not released</TT>
+flag. As previously noted, the VL Server marks each VLDB site
+definition with the <TT>New release</TT> flag as the site receives the
+ReleaseClone, and clears all flags after all sites successfully receive
+it.
+</UL>
+<P>To override the default behavior, forcing the Volume Server to create and
+release a new ReleaseClone to the read-only sites, include the <B>-f</B>
+flag. This is appropriate if, for example, the data at the read/write
+site has changed since the existing ReleaseClone was created during the
+previous release operation.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of a read/write
+volume.
+<P><DT><B>-f
+</B><DD>Creates a new ReleaseClone and distributes it all read-only sites
+regardless of whether or not any site definitions in the VLDB entry are marked
+with a flag.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command clones the read/write volume <B>usr</B> and
+releases it to the read-only sites defined in its VLDB entry.
+<PRE> % <B>vos release usr</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf253.htm#HDRVOS_ADDSITE">vos addsite</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf265.htm#HDRVOS_LISTVLDB">vos listvldb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf269.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf271.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf270.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf272.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_REMOVE" HREF="auarf002.htm#ToC_285">vos remove</A></H2>
+<A NAME="IDX5805"></A>
+<A NAME="IDX5806"></A>
+<A NAME="IDX5807"></A>
+<A NAME="IDX5808"></A>
+<A NAME="IDX5809"></A>
+<A NAME="IDX5810"></A>
+<A NAME="IDX5811"></A>
+<A NAME="IDX5812"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a volume from a site
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos remove</B> [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>]
+ <B>-id</B> <<VAR>volume name or ID</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos remo</B> [<B>-s</B> <<VAR>machine name</VAR>>] [<B>-p</B> <<VAR>partition name</VAR>>] <B>-i</B> <<VAR>volume name or ID</VAR>>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos remove</B> command removes the indicated volume from the
+partition on which it resides. The Volume Location Database (VLDB)
+record is altered appropriately, as described in the following
+paragraphs. Use this command to remove any of the three types of
+volumes; the effect depends on the type.
+<UL>
+<P><LI>If the <B>-id</B> argument names the read/write volume (that is,
+specifies the volume's base name), both it and the associated backup
+volume are removed from the partition that houses them. The
+<B>-server</B> and <B>-partition</B> arguments are optional, because
+there can be only one read/write site. When the volume is removed, the
+site information is also removed from the VLDB entry. The read/write
+and backup volume ID numbers no longer appear in the output from the <B>vos
+listvldb</B> or <B>vos examine</B> commands, but they are preserved
+internally. Read-only sites, if any, are not affected, but cannot be
+changed unless a read/write site is again defined. The site count
+reported by the <B>vos examine</B> and <B>vos listvldb</B> commands as
+<TT>number of sites</TT> decrements by one. The entire VLDB entry is
+removed if there are no read-only sites.
+<P><LI>If the <B>-id</B> argument names a read-only volume, it is removed
+from the partition that houses it, and the corresponding site information is
+removed from the VLDB entry. The site count reported by the <B>vos
+examine</B> and <B>vos listvldb</B> commands as <TT>number of
+sites</TT> decrements by one for each volume you remove. If there is
+more than one read-only site, the <B>-server</B> argument (and optionally
+<B>-partition</B> argument) must be used to specify the site from which to
+remove the volume. If there is only one read-only site, the
+<B>-id</B> argument is sufficient; if there is also no read/write
+volume in this case, the entire VLDB entry is removed.
+<P><LI>If the <B>-id</B> argument names a backup volume, it is removed from
+the partition that houses it. The <B>-server</B> and
+<B>-partition</B> arguments are optional, because there can be only one
+backup site. The backup volume ID number no longer appears in the
+output from the <B>vos listvldb</B> command or in the corresponding
+portion of the output from the <B>vos examine</B> command, but is
+preserved internally.
+</UL>
+<P>This command is the most appropriate one for removing volumes in almost all
+cases. Other commands that remove only volumes or only VLDB entries
+(such as the <B>vos delentry</B>, <B>vos remsite</B> and <B>vos
+zap</B> commands) by definition can put the volumes and VLDB out of
+sync. Use them only in the special circumstances mentioned on their
+reference pages. Like the <B>vos delentry</B> command, this command
+can remove a VLDB entry when no corresponding volumes exist on the file server
+machine. Like the <B>vos zap</B> command, this command can remove a
+volume that does not have a VLDB entry, as long as the volume is online,
+<B>-server</B> and <B>-partition</B> arguments are provided, and the
+<B>-id</B> argument specifies the volume's ID number.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine that houses the volume to
+remove. It is necessary only when the <B>-id</B> argument names a
+read-only volume that exists at multiple sites. Provide the
+machine's IP address or its host name (either fully qualified or using an
+unambiguous abbreviation). For details, see the introductory reference
+page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) that houses the volume to remove. Provide
+the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P>Including this argument is necessary only when the <B>-id</B> argument
+names a read-only volume that exists at multiple sites. Provide the
+<B>-server</B> argument along with this one.
+<P><DT><B>-id
+</B><DD>Identifies the volume to remove, either by its complete name or volume ID
+number. If identifying a read-only or backup volume by name, include
+the appropriate extension (<B>.readonly</B> or
+<B>.backup</B>).
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the <B>-server</B> and <B>-partition</B> arguments are omitted,
+the <B>-id</B> switch must be provided.
+</TD></TR></TABLE>
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example removes the read/write volume
+<B>user.terry</B> and its backup version, if any.
+<PRE> % <B>vos remove -id user.terry</B>
+
+</PRE>
+<P>The following example removes the read-only volume
+<B>root.afs.readonly</B> from one of its sites, the
+<B>/vicepa</B> partition on the file server machine
+<B>fs1.abc.com</B>.
+<PRE> % <B>vos remove fs1.abc.com a root.afs.readonly</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf259.htm#HDRVOS_DELENTRY">vos delentry</A>
+<P><A HREF="auarf272.htm#HDRVOS_REMSITE">vos remsite</A>
+<P><A HREF="auarf280.htm#HDRVOS_ZAP">vos zap</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf270.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf272.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf271.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf273.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_REMSITE" HREF="auarf002.htm#ToC_286">vos remsite</A></H2>
+<A NAME="IDX5813"></A>
+<A NAME="IDX5814"></A>
+<A NAME="IDX5815"></A>
+<A NAME="IDX5816"></A>
+<A NAME="IDX5817"></A>
+<A NAME="IDX5818"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a read-only site definition from a VLDB entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos remsite -server</B> <<VAR>machine name</VAR>> <B>-partition</B> <<VAR>partition name</VAR>>
+ <B>-id</B> <<VAR>volume name or ID</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos rems -s</B> <<VAR>machine name</VAR>> <B>-p</B> <<VAR>partition name</VAR>> <B>-i</B> <<VAR>volume name or ID</VAR>>
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos remsite</B> command removes the read-only replication site
+specified by the <B>-machine</B> and <B>-partition</B> arguments from
+the Volume Location Database (VLDB) entry for the indicated volume, which is
+read/write.
+<P>This command is useful for removing read-only sites that were mistakenly
+created with the <B>vos addsite</B> command, before the <B>vos
+release</B> command actually releases them. If a read-only copy
+already exists at the site, it is not affected. However, if this
+read-only site was the last site housing any version of the volume, then the
+entire VLDB entry is removed, even if a copy of the read-only version still
+actually exists at the site. The VL Server does not correct the
+discrepancy until the <B>vos syncserv</B> and <B>vos syncvldb</B>
+commands are run.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use this command as the standard way to remove a read-only volume,
+because it can create a discrepancy between the VLDB and the volumes on file
+server machines. Use the <B>vos remove</B> command instead.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Specifies the file server machine portion of the site definition to
+remove. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Specifies the partition name portion of the site definition to
+remove. Provide the partition's complete name with preceding slash
+(for example, <B>/vicepa</B>) or use one of the three acceptable
+abbreviated forms. For details, see the introductory reference page for
+the <B>vos</B> command suite.
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of the read/write
+volume to remove.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the mistakenly defined read-only site
+<B>/viceph</B> on the file server machine
+<B>fs5.abc.com</B> from the VLDB entry for the volume
+<B>root.cell</B>.
+<PRE> % <B>vos remsite -server fs5.abc.com -partition h -id root.cell</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf259.htm#HDRVOS_DELENTRY">vos delentry</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P><A HREF="auarf280.htm#HDRVOS_ZAP">vos zap</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf271.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf273.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf272.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf274.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_RENAME" HREF="auarf002.htm#ToC_287">vos rename</A></H2>
+<A NAME="IDX5819"></A>
+<A NAME="IDX5820"></A>
+<A NAME="IDX5821"></A>
+<A NAME="IDX5822"></A>
+<A NAME="IDX5823"></A>
+<A NAME="IDX5824"></A>
+<A NAME="IDX5825"></A>
+<A NAME="IDX5826"></A>
+<A NAME="IDX5827"></A>
+<A NAME="IDX5828"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Renames a volume
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos rename -oldname</B> <<VAR>old volume name</VAR>> <B>-newname</B> <<VAR>new volume name</VAR>>
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos ren -o</B> <<VAR>old volume name</VAR>> <B>-ne</B> <<VAR>new volume name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos rename</B> command changes the name of the read/write volume
+specified with the <B>-oldname</B> argument to the name specified with the
+<B>-newname</B> argument. The names of the read/write's
+read-only copies and backup copy, if any, change automatically to
+match.
+<P>After issuing this command, remember to correct any mount points that refer
+to the old volume name, by removing the old mount point with the <B>fs
+rmmount</B> command and creating a new one with the <B>fs mkmount</B>
+command.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-oldname
+</B><DD>Is the current name of the read/write volume.
+<P><DT><B>-newname
+</B><DD>Is the desired new name for the volume.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The <B>vos rename</B> command produces no output if the command
+succeeds.
+<P>If the volume named by the <B>-oldname</B> argument does not exist, the
+following message appears:
+<PRE> vos: Could not find entry for volume <VAR>old volume name</VAR>.
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example changes the mistaken volume name
+<B>sun4x_56.afsws</B> to the correct alternative
+<TT>sun4x_56.usr.afsws</TT>.
+<PRE> % <B>vos rename -oldname sun4x_56.afsws -newname sun4x_56.usr.afsws</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf272.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf274.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf273.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf275.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_RESTORE" HREF="auarf002.htm#ToC_288">vos restore</A></H2>
+<A NAME="IDX5829"></A>
+<A NAME="IDX5830"></A>
+<A NAME="IDX5831"></A>
+<A NAME="IDX5832"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Converts an ASCII file into proper volume format and writes it to the file
+system
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos restore -server</B> <<VAR>machine name</VAR>> <B>-partition</B> <<VAR>partition name</VAR>>
+ <B>-name</B> <<VAR>name of volume to be restored</VAR>> [<B>-file</B> <<VAR>dump file</VAR>>]
+ [<B>-id</B> <<VAR>volume ID</VAR>>] [<B>-overwrite</B> <<B>abort</B> | <B>full</B> | <B>incremental</B>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>]
+ [<B>-help</B>]
+
+<B>vos res -s</B> <<VAR>machine name</VAR>> <B>-p</B> <<VAR>partition name</VAR>>
+ <B>-na</B> <<VAR>name of volume to be restored</VAR>> [<B>-f</B> <<VAR>dump file</VAR>>]
+ [<B>-i</B> <<VAR>volume ID</VAR>>] [<B>-o</B> <<B>a</B> | <B>f</B> | <B>inc</B>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-no</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos restore</B> command converts a volume dump file previously
+created with the <B>vos dump</B> command from ASCII into the volume format
+appropriate for the machine type indicated by the <B>-server</B> argument,
+and restores it as a read/write volume to the partition named by the
+<B>-partition</B> argument on that machine. The Volume Server
+assigns the volume name indicated with the <B>-name</B> argument, and
+resets the volume's creation timestamp to the time at which the restore
+operation begins (the creation timestamp is stored in the volume header and
+reported in the <TT>Creation</TT> field in the output from the <B>vos
+examine</B> and <B>vos listvol</B> commands.)
+<P>Use the <B>-file</B> argument to name the dump file, or omit the
+argument to provide the file via the standard input stream, presumably through
+a pipe. The pipe can be named, which enables interoperation with
+third-party backup utilities.
+<P>As described in the following list, the command can create a completely new
+volume or overwrite an existing volume. In all cases, the full dump of
+the volume must be restored before any incremental dumps. If there are
+multiple incremental dump files, they must be restored in the order they were
+created.
+<UL>
+<P><LI>To create a new read/write volume, use the <B>-name</B> argument to
+specify a volume name that does not already exist in the Volume Location
+Database (VLDB), and the <B>-server</B> and <B>-partition</B>
+arguments to specify the new volume's site. It is best to omit the
+<B>-id</B> argument so that the Volume Location (VL) Server allocates a
+volume ID automatically. Do not include the <B>-overwrite</B>
+argument, because there is no existing volume to overwrite.
+<P><LI>To overwrite an existing volume at its current site, specify its name and
+site with the <B>-name</B>, <B>-server</B>, and <B>-partition</B>
+arguments. The volume retains its current volume ID number unless the
+<B>-id</B> argument is provided. Specify the value <B>f</B> or
+<B>i</B> for the <B>-overwrite</B> argument to indicate whether the
+dump file is full or incremental, respectively.
+<P><LI>To overwrite an existing volume and move it to a new site, specify its
+name and the new site with the <B>-name</B>, <B>-server</B>, and
+<B>-partition</B> arguments. The volume retains its current volume
+ID number unless the <B>-id</B> argument is provided. The volume is
+removed from its original site. Specify the value <B>f</B> for the
+<B>-overwrite</B> argument to indicate that the dump file is a full dump
+(it is not possible to restore an incremental dump and move the volume at the
+same time).
+</UL>
+<P>If the volume named by the <B>-name</B> argument already exists and the
+<B>-overwrite</B> argument is omitted, the command interpreter produces
+the following prompt:
+<P>
+<PRE> Do you want to do a full/incremental restore or abort? [fia](a):
+
+</PRE>
+<P>Respond by entering one of the following values:
+<UL>
+<P><LI><B>f</B> if restoring a full dump file
+<P><LI><B>i</B> if restoring an incremental dump file
+<P><LI><B>a</B> or <<B>Return</B>> to cancel the restore operation
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>If the <B>-file</B> argument is omitted, the issuer must provide all
+other necessary arguments, because the standard input stream is unavailable
+for responding to the command interpreter's prompts for missing
+information. In particular, the issuer must provide the
+<B>-overwrite</B> argument if overwriting an existing volume.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine onto which to restore the
+volume. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) onto which to restore the volume. Provide
+the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-name
+</B><DD>Specifies the name under which to restore the volume. It can be up
+to 22 characters long, but cannot end with a <B>.readonly</B> or
+<B>.backup</B> extension. If the volume already exists, it
+is overwritten subject to the value of the <B>-overwrite</B>
+argument.
+<P><DT><B>-file
+</B><DD>Names the dump file to restore. Incomplete pathnames are
+interpreted relative to the current working directory. Omit this
+argument to provide the dump file via the standard input stream.
+<P><DT><B>-id
+</B><DD>Specifies the volume ID number to assign to the restored volume.
+<P><DT><B>-overwrite
+</B><DD>Specifies which type of dump file is being restored when overwriting an
+existing volume. Provide one of the following values:
+<UL>
+<P><LI><B>a</B> to terminate the restore operation.
+<P><LI><B>f</B> if restoring a full dump file.
+<P><LI><B>i</B> if restoring an incremental dump file. This value is
+not acceptable if the <B>-server</B> and <B>-partition</B> arguments
+do not indicate the volume's current site.
+</UL>
+<P>
+<P>This argument is mandatory if the <B>-file</B> argument is not
+provided.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command restores the contents of the dump file
+<B>/afs/abc.com/common/dumps/terry.dump</B> to the
+<B>/vicepc</B> partition on the file server machine
+<B>fs3.abc.com</B>. The restored volume is named
+<B>user.terry</B>.
+<PRE> % <B>cd /afs/abc.com/common/dumps</B>
+
+ % <B>vos restore -file terry.dump -server fs3.abc.com -partition c</B> \
+ <B>-name user.terry</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf260.htm#HDRVOS_DUMP">vos dump</A>
+<P><A HREF="auarf261.htm#HDRVOS_EXAMINE">vos examine</A>
+<P><A HREF="auarf266.htm#HDRVOS_LISTVOL">vos listvol</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf273.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf275.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf274.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf276.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_STATUS" HREF="auarf002.htm#ToC_289">vos status</A></H2>
+<A NAME="IDX5833"></A>
+<A NAME="IDX5834"></A>
+<A NAME="IDX5835"></A>
+<A NAME="IDX5836"></A>
+<A NAME="IDX5837"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports a Volume Server's status
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos status -server</B> <<VAR>machine name</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos st -s</B> <<VAR>machine name</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos status</B> command reports on what the Volume Server on a
+certain file server machine is doing at the moment the command is
+issued. If there is no activity, the following message appears:
+<PRE> No active transactions on <VAR>machine_name</VAR>
+
+</PRE>
+<P>This command is useful mainly if there is concern that the Volume Server is
+not performing requested actions.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B><B>-server</B>
+</B><DD>Identifies the file server machine running the Volume Server for which to
+display status information. Provide the machine's IP address or
+its host name (either fully qualified or using an unambiguous
+abbreviation). For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>There are two possible types of output.
+<P>The following message indicates that the Volume Server is not currently
+performing any actions.
+<PRE> No active transactions on <VAR>machine name</VAR>
+
+</PRE>
+<P>The other possible output is a set of information which is probably more
+useful to programmers than to system administrators. A full
+understanding of all the fields requires familiarity with the code for the
+Volume Server, as many of the fields report ID numbers and flag values that
+the Volume Server sets for internal use.
+<P>Among the fields of possible interest to an administrator are:
+<UL>
+<P><LI><TT>created</TT> on the first line, which indicates the time at which
+this transaction started
+<P><LI><TT>attachFlags</TT> on the second line, where a value of
+<TT>offline</TT> indicates that the volume is not available for other read
+or write operations during this transaction
+<P><LI><TT>volume</TT> on the third line, which specifies the affected
+volume's ID number
+<P><LI><TT>partition</TT> on the third line, which indicates where the affected
+volume resides (at the beginning of the transaction if this is a move)
+<P><LI><TT>procedure</TT> on the third line, which indicates the internal
+subprocedure being executed
+</UL>
+<P>A fourth line can appear during certain transactions, and includes the
+following fields:
+<UL>
+<P><LI><TT>packetRead</TT> tracks whether information is being read into the
+volume. Its absolute value is not informative, but the way it changes
+shows whether the <B>vos restore</B> command is executing properly.
+As the <B>vos status</B> command is issued repeatedly during a restore,
+<TT>readNext</TT> increases monotonically to indicate that information is
+being read into the volume.
+<P><LI><TT>packetSend</TT> tracks whether information is being sent out of the
+volume. Its absolute value is not informative, but the way it changes
+shows whether the <B>vos dump</B> command is executing properly. As
+the <B>vos status</B> command is issued repeatedly during a dump,
+<TT>transmitNext</TT> increases monotonically to indicate that information
+is being transferred from the volume into the dump file.
+</UL>
+<P>The <TT>lastReceiveTime</TT> and <TT>lastSendTime</TT> are for internal
+use.
+<P><STRONG>Examples</STRONG>
+<P>The following example illustrates the kind of output that sometimes appears
+when the Volume Server on <B>fs1.abc.com</B> is executing a
+dump at the time this command is issued.
+<PRE> % <B>vos status fs1.abc.com</B>
+ --------------------------------------------
+ transaction: 575 created: Tue Jan 2 8:34:56 1990
+ attachFlags: offline
+ volume: 536871080 partition: /vicepb procedure: Dump
+ packetRead: 2 lastReceiveTime: 113313 packetSend: 24588
+ lastSendTime: 113317
+ --------------------------------------------
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>None
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf274.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf276.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf275.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf277.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_SYNCSERV" HREF="auarf002.htm#ToC_290">vos syncserv</A></H2>
+<A NAME="IDX5838"></A>
+<A NAME="IDX5839"></A>
+<A NAME="IDX5840"></A>
+<A NAME="IDX5841"></A>
+<A NAME="IDX5842"></A>
+<A NAME="IDX5843"></A>
+<A NAME="IDX5844"></A>
+<A NAME="IDX5845"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Verifies VLDB entries that mention a specified site
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos syncserv -server</B> <<VAR>machine name</VAR>> [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>]
+ [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos syncs -s</B> <<VAR>machine name</VAR>> [<B>-p</B> <<VAR>partition name</VAR>>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos syncserv</B> command verifies that each volume mentioned in
+a VLDB entry actually exists at the site indicated in the entry. It
+checks all VLDB entries that mention a read/write, read-only, or backup site
+either on any partition on the file server machine specified by the
+<B>-server</B> argument, or on the one partition specified by the
+<B>-server</B> and <B>-partition</B> arguments. Note that the
+command can end up inspecting sites other than those specified by the
+<B>-server</B> and <B>-partition</B> arguments, if there are versions
+of the volume at sites other than the one specified.
+<P>The command alters any incorrect information in the VLDB, unless there is
+an irreconcilable conflict with other VLDB entries. In that case, it
+writes a message to the standard error stream instead. The command
+never removes volumes from file server machines.
+<P>To achieve complete VLDB consistency, first run the <B>vos syncvldb</B>
+command on all file server machines in the cell, then run this command on all
+file server machines in the cell.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine mentioned in each VLDB entry to
+check. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition mentioned in each VLDB entry to check.
+Provide the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example verifies the VLDB entries in which a site definition
+mentions the file server machine <B>fs3.abc.com</B>.
+<PRE> % <B>vos syncserv -server fs3.abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf277.htm#HDRVOS_SYNCVLDB">vos syncvldb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf275.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf277.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf276.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf278.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_SYNCVLDB" HREF="auarf002.htm#ToC_291">vos syncvldb</A></H2>
+<A NAME="IDX5846"></A>
+<A NAME="IDX5847"></A>
+<A NAME="IDX5848"></A>
+<A NAME="IDX5849"></A>
+<A NAME="IDX5850"></A>
+<A NAME="IDX5851"></A>
+<A NAME="IDX5852"></A>
+<A NAME="IDX5853"></A>
+<A NAME="IDX5854"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Verifies VLDB entries for volumes residing at specified site
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos syncvldb</B> [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-volume</B> <<VAR>volume name or ID</VAR>>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos syncv</B> [<B>-s</B> <<VAR>machine name</VAR>>] [<B>-p</B> <<VAR>partition name</VAR>>] [<B>-vo</B> <<VAR>volume name or ID</VAR>>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-ve</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos syncvldb</B> command verifies that the status of the volumes
+housed either on all partitions on the file server machine specified by the
+<B>-server</B> argument, or on the single partition specified by the
+<B>-server</B> and <B>-partition</B> arguments, is recorded correctly
+in the VLDB. If the <B>-volume</B> argument is included to indicate
+a single volume, the command compares only its status on the file server
+machine with its VLDB entry.
+<P>If the <B>-volume</B> argument is not included, the command interpreter
+obtains from the Volume Server a list of the volumes that reside on each
+partition, then changes information in the VLDB as necessary to reflect their
+state on the partition. For example, it creates or updates a VLDB entry
+when it finds a volume for which the VLDB entry is missing or
+incomplete. However, if there is already a VLDB entry that defines a
+different location for the volume, or there are irreconcilable conflicts with
+other VLDB entries, it instead writes a message about the conflict to the
+standard error stream. The command never removes volumes from the file
+server machine.
+<P>To achieve complete VLDB consistency, run this command on all file server
+machines in the cell, and then run the <B>vos syncserv</B> command on all
+file server machines in the cell.
+<P>Using the <B>-volume</B> argument basically combines the effects of
+this command with those of the <B>vos syncserv</B> command, for a single
+volume. The command not only verifies that the VLDB entry is correct
+for the specified volume type (read/write, backup, or read-only), but also
+checks that any related volume types mentioned in the VLDB entry actually
+exist at the site listed in the entry. It is not necessary to provide
+the <B>-server</B> argument (and optionally, <B>-partition</B>
+argument); if one or both is provided, the results are reliable only if
+they specify the actual location of the volume indicated by the
+<B>-volume</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine housing the volumes for which to verify
+VLDB entries. Provide the machine's IP address or its host name
+(either fully qualified or using an unambiguous abbreviation). For
+details, see the introductory reference page for the <B>vos</B> command
+suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition housing the volumes for which to verify VLDB
+entries. Provide the <B>-server</B> argument along with this
+one. Provide the partition's complete name with preceding slash
+(for example, <B>/vicepa</B>) or use one of the three acceptable
+abbreviated forms. For details, see the introductory reference page for
+the <B>vos</B> command suite.
+<P><DT><B>-volume
+</B><DD>Specifies the name or volume ID number of a single volume for which to
+verify the VLDB entry. This argument can be combined with the
+<B>-server</B> (and optionally, the <B>-partition</B>)
+argument.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example command verifies the VLDB entry for each volume
+stored on the file server machine <B>fs4.abc.com</B>.
+<PRE> % <B>vos syncvldb fs4.abc.com</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf276.htm#HDRVOS_SYNCSERV">vos syncserv</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf276.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf278.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf277.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf279.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_UNLOCK" HREF="auarf002.htm#ToC_292">vos unlock</A></H2>
+<A NAME="IDX5855"></A>
+<A NAME="IDX5856"></A>
+<A NAME="IDX5857"></A>
+<A NAME="IDX5858"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Unlocks a single VLDB entry
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos unlock -id</B> <<VAR>volume name or ID</VAR>> [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>]
+ [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos unlock -i</B> <<VAR>volume name or ID</VAR>> [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos unlock</B> command releases the lock on the Volume Location
+Database (VLDB) entry for the indicated volume.
+<P><STRONG>Cautions</STRONG>
+<P>Do not user this command under normal circumstances.
+<P>It is useful if the VLDB entry is locked but there is no reason to suspect
+inconsistency within the volume or between it and the VLDB. Note that
+it is possible to list information from locked VLDB entries, even though they
+cannot be manipulated in other ways.
+<P>The <B>vos unlockvldb</B> command unlocks several VLDB entries at once,
+or even the entire VLDB. The <B>vos lock</B> command locks a VLDB
+entry so that no one else can perform an action that requires writing the
+VLDB.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies either the complete name or volume ID number of a volume of any
+of the three types.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example unlocks the VLDB entry for the volume
+<B>user.terry</B>.
+<PRE> % <B>vos unlock user.terry</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf267.htm#HDRVOS_LOCK">vos lock</A>
+<P><A HREF="auarf279.htm#HDRVOS_UNLOCKVLDB">vos unlockvldb</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf277.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf279.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf278.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf280.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_UNLOCKVLDB" HREF="auarf002.htm#ToC_293">vos unlockvldb</A></H2>
+<A NAME="IDX5859"></A>
+<A NAME="IDX5860"></A>
+<A NAME="IDX5861"></A>
+<A NAME="IDX5862"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Unlocks several locked VLDB entries
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos unlockvldb</B> [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>]
+ [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos unlockv</B> [<B>-s</B> <<VAR>machine name</VAR>>] [<B>-p</B> <<VAR>partition name</VAR>>]
+ [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos unlockvldb</B> command releases the lock on the Volume
+Location Database (VLDB) entries indicated by the combination of arguments
+provided:
+<UL>
+<P><LI>To unlock all entries in the VLDB, provide no arguments
+<P><LI>To unlock all entries that mention a file server machine in a site
+definition, provide its name with the <B>-server</B> argument
+<P><LI>To unlock all entries that mention a partition on any file server machine
+in a site definition, provide the partition name with the
+<B>-partition</B> argument
+<P><LI>To unlock all entries that mention a specific site, provide both the
+<B>-server</B> and <B>-partition</B> arguments.
+</UL>
+<P>To unlock a single volume, use the <B>vos unlock</B> command
+instead.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use this command under normal circumstances.
+<P>It is useful if VLDB entries for volumes at a certain site are locked but
+there is no reason to suspect inconsistency within the volume or between it
+and the VLDB. Note that it is possible to list information from locked
+VLDB entries, even though they cannot be manipulated in other ways.
+<P>The <B>vos lock</B> command locks a VLDB entry so that no one else can
+perform an action that requires writing the VLDB.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine for which to unlock VLDB
+entries. Provide the machine's IP address or its host name (either
+fully qualified or using an unambiguous abbreviation). For details, see
+the introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) for which to unlock VLDB entries. Provide
+the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following command unlocks all locked entries in the VLDB.
+<PRE> % <B>vos unlockvldb</B>
+
+</PRE>
+<P>The following command unlocks all locked VLDB entries that mention the
+<B>/vicepa</B> partition in a site definition.
+<PRE> % <B>vos unlockvldb -partition a</B>
+
+</PRE>
+<P>The following command unlocks all locked VLDB entries that refer to volumes
+on the <B>/vicepc</B> partition of the file server machine
+<B>fs3.abc.com</B>.
+<PRE> % <B>vos unlockvldb -server fs3.abc.com -partition c</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf267.htm#HDRVOS_LOCK">vos lock</A>
+<P><A HREF="auarf278.htm#HDRVOS_UNLOCK">vos unlock</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf278.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf280.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf279.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf281.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRVOS_ZAP" HREF="auarf002.htm#ToC_294">vos zap</A></H2>
+<A NAME="IDX5863"></A>
+<A NAME="IDX5864"></A>
+<A NAME="IDX5865"></A>
+<A NAME="IDX5866"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a volume from its site without writing to the VLDB
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos zap -server</B> <<VAR>machine name</VAR>> <B>-partition</B> <<VAR>partition name</VAR>>
+ <B>-id</B> <<VAR>volume ID</VAR>> [<B>-force</B>] [<B>-backup</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos z -s</B> <<VAR>machine name</VAR>> <B>-p</B> <<VAR>partition name</VAR>> <B>-i</B> <<VAR>volume ID</VAR>>
+ [<B>-f</B>] [<B>-b</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos zap</B> command removes the volume with the specified
+<VAR>volume ID</VAR> from the site defined by the <B>-server</B> and
+<B>-partition</B> arguments, without attempting to change the
+corresponding Volume Location Database (VLDB) entry. If removing the
+volume can possibly result in incorrect data in the VLDB, a warning message is
+displayed.
+<P>The <B>-force</B> flag removes a volume even if it cannot be "attached"
+(brought online), which can happen either because the volume is extremely
+damaged or because the Salvager functioned abnormally. Without this
+flag, this command cannot remove volumes that are not attachable. See
+also the <B>Cautions</B> section.
+<P>To remove the specified read/write volume's backup version at the same
+time, include the <B>-backup</B> flag.
+<P><STRONG>Cautions</STRONG>
+<P>Do not use this command as the standard way to remove a volume, as it is
+likely to put the VLDB out of sync with the volumes on servers. Use the
+<B>vos remove</B> command instead.
+<P>This command is useful in situations where it is important to delete the
+volume, but for some reason the VLDB is unreachable--for example, because
+s the Volume Location Server is unavailable. The issuer can remove the
+VLDB entry later with the <B>vos remove</B> or <B>vos delentry</B>
+command, or it is removed automatically when the <B>vos syncserv</B> and
+<B>vos syncvldb</B> commands run.
+<P>To remove a read-only site defined in the VLDB by mistake, before a copy
+actually exists at the site, use the <B>vos remsite</B> command. To
+remove an entire VLDB entry without affecting volumes at their sites, use the
+<B>vos delentry</B> command.
+<P>Do not use the <B>-force</B> flag if the volume is online, but only
+when attempts to remove the volume with the <B>vos remove</B> or the
+<B>vos zap</B> command have failed, or the volume definitely cannot be
+attached. After using the <B>-force</B> flag, make sure that the
+volume's VLDB entry is also removed (issue the <B>vos delentry</B>
+command if necessary).
+<P>Adding the <B>-force</B> flag makes the command take considerably
+longer--about as long as a salvage of the relevant partition--since
+the Volume Server examines all inodes on the partition for traces of the
+volume.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-server
+</B><DD>Identifies the file server machine from which to remove the volume.
+Provide the machine's IP address or its host name (either fully qualified
+or using an unambiguous abbreviation). For details, see the
+introductory reference page for the <B>vos</B> command suite.
+<P><DT><B>-partition
+</B><DD>Identifies the partition (on the file server machine specified by the
+<B>-server</B> argument) from which to remove the volume. Provide
+the partition's complete name with preceding slash (for example,
+<B>/vicepa</B>) or use one of the three acceptable abbreviated
+forms. For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P><DT><B>-id
+</B><DD>Specifies the volume ID number of the volume to remove, which can be of
+any of the three types. The volume name is not acceptable.
+<P><DT><B>-force
+</B><DD>Removes the volume even though it cannot be attached (brought
+online). Use only after the failure of previous attempts to remove the
+volume by using the <B>vos remove</B> command or the <B>vos</B>
+command without this flag.
+<P><DT><B>-backup
+</B><DD>Removes the backup version of the read/write volume specified by the
+<B>-id</B> argument. Do not use this flag if the <B>-id</B>
+argument identifies a read-only or backup volume.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Examples</STRONG>
+<P>The following example removes the volume with volume ID 536870988 from the
+<B>/vicepf</B> partition of the file server machine
+<B>fs6.abc.com</B>, without noting the change in the
+VLDB.
+<PRE> % <B>vos zap -server fs6.abc.com -partition f -id 536870988</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf252.htm#HDRVOS_INTRO">vos</A>
+<P><A HREF="auarf259.htm#HDRVOS_DELENTRY">vos delentry</A>
+<P><A HREF="auarf271.htm#HDRVOS_REMOVE">vos remove</A>
+<P><A HREF="auarf272.htm#HDRVOS_REMSITE">vos remsite</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf279.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf281.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf280.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf282.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRXFS_SIZE_CHECK" HREF="auarf002.htm#ToC_295">xfs_size_check</A></H2>
+<A NAME="IDX5867"></A>
+<A NAME="IDX5868"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Verifies proper inode configuration
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>xfs_size_check</B>
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>xfs_size_check</B> command, when run on a file server machine
+that runs IRIX version 6.2 or higher and uses XFS-formatted partitions
+as server partitions (conventionally mounted at <B>/vicep</B>
+directories), verifies that each partition uses 512-byte inodes. AFS
+stores information in the inodes on server partitions, and the 256-byte inode
+size that XFS uses by default is not large enough.
+<P><STRONG>Cautions</STRONG>
+<P>This command is available on in the AFS distribution for IRIX system types
+that can use XFS-formatted partitions as server partitions.
+<P><STRONG>Output</STRONG>
+<P>If all server partitions are properly configured, the command produces no
+output. Otherwise, it prints the following header:
+<PRE> Need to remake the following partitions:
+
+</PRE>
+<P>and then the following message for each partition on which to run the IRIX
+<B>mkfs</B> command with the indicated options:
+<PRE> <VAR>device</VAR>: mkfs -t xfs -i size=512 -l size=4000b <VAR>device</VAR>
+
+</PRE>
+<P>where <VAR>device</VAR> is in a format like <B>/dev/dsk/dks0d0s0</B> for
+a single disk partition or <B>/dev/xlv/xlv0</B> for a logical
+volume.
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf280.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf282.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf281.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf283.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRXSTAT_CM_TEST" HREF="auarf002.htm#ToC_296">xstat_cm_test</A></H2>
+<A NAME="IDX5869"></A>
+<A NAME="IDX5870"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays data collections from the Cache Manager
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>xstat_cm_test</B> [<B>initcmd</B>] <B>-cmname</B> <<VAR>Cache Manager name(s) to monitor</VAR>><SUP>+</SUP>
+ <B>-collID</B> <<VAR>Collection(s) to fetch</VAR>><SUP>+</SUP> [<B>-onceonly</B>]
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-period</B> <<VAR>data collection time, in minutes</VAR>>] [<B>-debug</B>] [<B>-help</B>]
+
+<B>xstat_cm_test</B> [<B>i</B>] <B>-cm</B> <<VAR>Cache Manager name(s) to monitor</VAR>><SUP>+</SUP>
+ <B>-co</B> <<VAR>Collection(s) to fetch</VAR>><SUP>+</SUP> [<B>-o</B>]
+ [<B>-f</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-p</B> <<VAR>data collection time, in minutes</VAR>>] [<B>-d</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>xstat_cm_test</B> command tests the routines in the
+<B>libxstat_cm.a</B> library and displays the data collections
+associated with the Cache Manager. The command executes in the
+foreground.
+<P>The command produces a large volume of output; to save it for later
+analysis, direct it to a file.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>initcmd
+</B><DD>Accommodates the command's use of the AFS command parser, and is
+optional.
+<P><DT><B>-cmname
+</B><DD>Specifies the fully qualified hostname of each client machine for which to
+monitor the Cache Manager.
+<P><DT><B>-collID
+</B><DD>Specifies each data collection to return, which defines the type and
+amount of data the command interpreter gathers about the Cache Manager.
+Data is returned in a predefined data structure.
+<P>There are three acceptable values:
+<DL>
+<P><DT><B>0
+</B><DD>Provides profiling information about the numbers of times different
+internal Cache Manager routines were called since the Cache Manager
+started.
+<P><DT><B>1
+</B><DD>Reports various internal performance statistics related to the Cache
+Manager (for example, statistics about how effectively the cache is being used
+and the quantity of intracell and intercell data access).
+<P><DT><B>2
+</B><DD>Reports all of the internal performance statistics provided by the
+<B>1</B> setting, plus some additional, detailed performance figures (for
+example, statistics about the number of RPCs sent by the Cache Manager and how
+long they take to complete, and statistics regarding authentication, access,
+and PAG information associated with data access).
+</DL>
+<P><DT><B>-onceonly
+</B><DD>Gathers statistics just one time. Omit this flag to have the
+command continue to probe the Cache Manager for statistics at the frequency
+specified by the <B>-frequency</B> argument; in this case press
+<<B>Ctrl-c</B>> to stop the probes.
+<P><DT><B>-frequency
+</B><DD>Sets the frequency in seconds at which the program initiates probes to the
+Cache Manager. The default is 30 seconds.
+<P><DT><B>-period
+</B><DD>Sets the number of minutes the program runs; at the end of this
+period of time, the program exits. The default is 10 minutes.
+<P><DT><B>-debug
+</B><DD>Displays a trace on the standard output stream as the command runs.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf283.htm#HDRXSTAT_FS_TEST">xstat_fs_test</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf281.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf283.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf282.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf284.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRXSTAT_FS_TEST" HREF="auarf002.htm#ToC_297">xstat_fs_test</A></H2>
+<A NAME="IDX5871"></A>
+<A NAME="IDX5872"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Displays data collections from the File Server process
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>xstat_fs_test</B> [<B>initcmd</B>] <B>-fsname</B> <<VAR>File Server name(s) to monitor</VAR>><SUP>+</SUP>
+ <B>-collID</B> <<VAR>Collection(s) to fetch</VAR>><SUP>+</SUP> [<B>-onceonly</B>]
+ [<B>-frequency</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-period</B> <<VAR>data collection time, in minutes</VAR>>] [<B>-debug</B>] [<B>-help</B>]
+
+<B>xstat_fs_test</B> [<B>initcmd</B>] <B>-fs</B> <<VAR>File Server name(s) to monitor</VAR>><SUP>+</SUP>
+ <B>-c</B> <<VAR>Collection(s) to fetch</VAR>><SUP>+</SUP> [<B>-o</B>]
+ [<B>-fr</B> <<VAR>poll frequency, in seconds</VAR>>]
+ [<B>-p</B> <<VAR>data collection time, in minutes</VAR>>] [<B>-d</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>xstat_fs_test</B> command tests the routines in the
+<B>libxstat_fs.a</B> library and displays the data collections
+associated with the File Server (the <B>fs</B> process). The
+command executes in the foreground.
+<P>The command produces a large volume of output; to save it for later
+analysis, direct it to a file.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>initcmd
+</B><DD>Accommodates the command's use of the AFS command parser, and is
+optional.
+<P><DT><B>-fsname
+</B><DD>Specifies the fully qualified hostname of each file server machine for
+which to monitor the File Server process.
+<P><DT><B>-collID
+</B><DD>Specifies each data collection to return, which defines the type and
+amount of data the command interpreter gathers about the File Server.
+Data is returned in a predefined data structure.
+<P>There are three acceptable values:
+<DL>
+<P><DT><B>0
+</B><DD>Provides profiling information about the numbers of times different
+internal File Server routines were called since the File Server
+started. This value is not currently implemented; it returns no
+data.
+<P><DT><B>1
+</B><DD>Reports various internal performance statistics related to the File Server
+(for example, vnode cache entries and <B>Rx</B> protocol activity).
+<P><DT><B>2
+</B><DD>Reports all of the internal performance statistics provided by the
+<B>1</B> setting, plus some additional, detailed performance figures about
+the File Server (for example, minimum, maximum, and cumulative statistics
+regarding File Server RPCs, how long they take to complete, and how many
+succeed).
+</DL>
+<P><DT><B>-onceonly
+</B><DD>Gathers statistics just one time. Omit this flag to have the
+command continue to probe the Cache Manager for statistics at the frequency
+specified by the <B>-frequency</B> argument; in this case press
+<<B>Ctrl-c</B>> to stop the probes.
+<P><DT><B>-frequency
+</B><DD>Sets the frequency in seconds at which the program initiates probes to the
+Cache Manager. The default is 30 seconds.
+<P><DT><B>-period
+</B><DD>Sets the number of minutes the program runs; at the end of this
+period of time, the program exits. The default is 10 minutes.
+<P><DT><B>-debug
+</B><DD>Displays a trace on the standard output stream as the command runs.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf282.htm#HDRXSTAT_CM_TEST">xstat_cm_test</A>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf282.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf284.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf283.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRINDEX" HREF="auarf002.htm#ToC_298">Index</A></H1>
+<A NAME="IDX0_41" HREF="#IDX1_41">A</A>
+<A NAME="IDX0_42" HREF="#IDX1_42">B</A>
+<A NAME="IDX0_43" HREF="#IDX1_43">C</A>
+<A NAME="IDX0_44" HREF="#IDX1_44">D</A>
+<A NAME="IDX0_45" HREF="#IDX1_45">E</A>
+<A NAME="IDX0_46" HREF="#IDX1_46">F</A>
+<A NAME="IDX0_47" HREF="#IDX1_47">G</A>
+<A NAME="IDX0_48" HREF="#IDX1_48">H</A>
+<A NAME="IDX0_49" HREF="#IDX1_49">I</A>
+<A NAME="IDX0_4A" HREF="#IDX1_4A">J</A>
+<A NAME="IDX0_4B" HREF="#IDX1_4B">K</A>
+<A NAME="IDX0_4C" HREF="#IDX1_4C">L</A>
+<A NAME="IDX0_4D" HREF="#IDX1_4D">M</A>
+<A NAME="IDX0_4E" HREF="#IDX1_4E">N</A>
+<A NAME="IDX0_4F" HREF="#IDX1_4F">O</A>
+<A NAME="IDX0_50" HREF="#IDX1_50">P</A>
+<A NAME="IDX0_51" HREF="#IDX1_51">Q</A>
+<A NAME="IDX0_52" HREF="#IDX1_52">R</A>
+<A NAME="IDX0_53" HREF="#IDX1_53">S</A>
+<A NAME="IDX0_54" HREF="#IDX1_54">T</A>
+<A NAME="IDX0_55" HREF="#IDX1_55">U</A>
+<A NAME="IDX0_56" HREF="#IDX1_56">V</A>
+<A NAME="IDX0_57" HREF="#IDX1_57">W</A>
+<A NAME="IDX0_58" HREF="#IDX1_58">X</A>
+<HR>
+<STRONG><A NAME="IDX1_41" HREF="#IDX0_41">A</A></STRONG>
+<MENU>
+<LI>A instruction
+<MENU>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4119">(4119)</A>
+</MENU>
+<LI>access
+<MENU>
+<LI>count, in volume header
+<A HREF="auarf261.htm#IDX5683">(5683)</A>, <A HREF="auarf266.htm#IDX5759">(5759)</A>
+</MENU>
+<LI>access control list
+<MENU>
+<LI>see entry: <I>ACL</I>
+<A HREF="auarf210.htm#IDX5222">(5222)</A>
+</MENU>
+<LI>ACL
+<MENU>
+<LI>adding entries
+<A HREF="auarf157.htm#IDX4925">(4925)</A>
+<LI>all shorthand notation
+<A HREF="auarf157.htm#IDX4938">(4938)</A>
+<LI>cleaning
+<A HREF="auarf135.htm#IDX4747">(4747)</A>
+<LI>clearing
+<A HREF="auarf157.htm#IDX4927">(4927)</A>
+<LI>copying
+<A HREF="auarf136.htm#IDX4753">(4753)</A>
+<LI>default set by vos create command
+<A HREF="auarf258.htm#IDX5625">(5625)</A>
+<LI>defined
+<A HREF="auarf210.htm#IDX5221">(5221)</A>
+<LI>displaying
+<A HREF="auarf148.htm#IDX4854">(4854)</A>
+<LI>none shorthand notation
+<A HREF="auarf157.htm#IDX4942">(4942)</A>
+<LI>read shorthand notation
+<A HREF="auarf157.htm#IDX4944">(4944)</A>
+<LI>removing entries
+<A HREF="auarf157.htm#IDX4926">(4926)</A>
+<LI>removing obsolete AFS UIDs
+<A HREF="auarf135.htm#IDX4746">(4746)</A>
+<LI>setting
+<A HREF="auarf157.htm#IDX4924">(4924)</A>
+<LI>setting with uss
+<A HREF="auarf055.htm#IDX4127">(4127)</A>, <A HREF="auarf055.htm#IDX4179">(4179)</A>
+<LI>shorthand notation for permissions
+<A HREF="auarf157.htm#IDX4939">(4939)</A>
+<LI>write shorthand notation
+<A HREF="auarf157.htm#IDX4946">(4946)</A>
+</MENU>
+<LI>active clients statistic in scout
+<A HREF="auarf233.htm#IDX5462">(5462)</A>
+<LI>add instruction in uss bulk input file
+<A HREF="auarf054.htm#IDX4103">(4103)</A>
+<LI>adding
+<MENU>
+<LI>ACL permissions entry
+<A HREF="auarf157.htm#IDX4930">(4930)</A>
+<LI>database server machine to CellServDB file (server)
+<A HREF="auarf094.htm#IDX4453">(4453)</A>
+<LI>dump level to Backup System dump hierarchy
+<A HREF="auarf061.htm#IDX4222">(4222)</A>
+<LI>privileged user to UserList file
+<A HREF="auarf096.htm#IDX4466">(4466)</A>
+<LI>read-only site definition in VLDB
+<A HREF="auarf253.htm#IDX5590">(5590)</A>
+<LI>server encryption key to KeyFile file
+<A HREF="auarf095.htm#IDX4456">(4456)</A>
+<LI>Tape Coordinator entry to Backup Database
+<A HREF="auarf062.htm#IDX4237">(4237)</A>
+<LI>user or machine to group
+<A HREF="auarf211.htm#IDX5237">(5237)</A>
+<LI>volume entry to volume set in Backup Database
+<A HREF="auarf063.htm#IDX4245">(4245)</A>, <A HREF="auarf063.htm#IDX4252">(4252)</A>
+<LI>volume set definition to Backup Database
+<A HREF="auarf064.htm#IDX4260">(4260)</A>
+</MENU>
+<LI>admin argument
+<MENU>
+<LI>on uss commands
+<A HREF="auarf242.htm#IDX5510">(5510)</A>
+</MENU>
+<LI>ADMIN flag in Authentication Database entry
+<A HREF="auarf181.htm#IDX5061">(5061)</A>, <A HREF="auarf193.htm#IDX5143">(5143)</A>
+<LI>administrative file
+<MENU>
+<LI>see entry: <I>files</I>
+<A HREF="auarf011.htm#IDX3863">(3863)</A>
+</MENU>
+<LI>admin_username argument
+<MENU>
+<LI>on all kas commands
+<A HREF="auarf181.htm#IDX5064">(5064)</A>
+</MENU>
+<LI>AFS Backup System
+<MENU>
+<LI>see entry: <I>Backup System</I>
+<A HREF="auarf060.htm#IDX4207">(4207)</A>
+</MENU>
+<LI>AFS GID (group ID)
+<MENU>
+<LI>assigning to group
+<A HREF="auarf214.htm#IDX5267">(5267)</A>
+<LI>learning given group name
+<A HREF="auarf217.htm#IDX5326">(5326)</A>
+</MENU>
+<LI>AFS server process
+<MENU>
+<LI>see entry: <I>server process</I>
+<A HREF="auarf093.htm#IDX4440">(4440)</A>
+</MENU>
+<LI>AFS tape name
+<MENU>
+<LI>see entry: <I>tape (Backup System)</I>
+<A HREF="auarf079.htm#IDX4355">(4355)</A>
+</MENU>
+<LI>AFS UID
+<MENU>
+<LI>assigning in uss
+<A HREF="auarf243.htm#IDX5528">(5528)</A>
+<LI>assigning to user or machine with pts createuser command
+<A HREF="auarf215.htm#IDX5286">(5286)</A>
+<LI>displaying
+<A HREF="auarf217.htm#IDX5341">(5341)</A>
+<LI>learning given user/machine name
+<A HREF="auarf217.htm#IDX5325">(5325)</A>
+<LI>removing obsolete from ACL
+<A HREF="auarf135.htm#IDX4750">(4750)</A>
+</MENU>
+<LI>afsd command
+<A HREF="auarf058.htm#IDX4184">(4184)</A>
+<LI>afsmonitor
+<MENU>
+<LI>configuration file
+<A HREF="auarf052.htm#IDX4036">(4036)</A>
+</MENU>
+<LI>afsmonitor program
+<MENU>
+<LI>initialization command
+<A HREF="auarf058.htm#IDX4193">(4193)</A>
+<LI>setting terminal type
+<A HREF="auarf059.htm#IDX4200">(4200)</A>
+</MENU>
+<LI>afszcm.cat file
+<A HREF="auarf041.htm#IDX4005">(4005)</A>
+<LI>all shorthand notation for ACL permissions
+<A HREF="auarf157.htm#IDX4937">(4937)</A>
+<LI>all-or-nothing release of read-only volumes
+<A HREF="auarf270.htm#IDX5795">(5795)</A>
+<LI>appended dump
+<MENU>
+<LI>displaying record for
+<A HREF="auarf074.htm#IDX4323">(4323)</A>
+<LI>see entry: <I>dump</I>
+<A HREF="auarf073.htm#IDX4311">(4311)</A>
+</MENU>
+<LI>ASK instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3905">(3905)</A>
+<LI>assigning
+<MENU>
+<LI>AFS GID to group
+<A HREF="auarf214.htm#IDX5271">(5271)</A>
+<LI>AFS UID to user
+<A HREF="auarf215.htm#IDX5290">(5290)</A>
+</MENU>
+<LI>at-sys (@sys) variable in pathnames
+<A HREF="auarf165.htm#IDX4998">(4998)</A>, <A HREF="auarf234.htm#IDX5472">(5472)</A>
+<LI>authenticated identity
+<MENU>
+<LI>acquiring on NFS client of non-supported type
+<A HREF="auarf201.htm#IDX5185">(5185)</A>
+<LI>acquiring with klog
+<A HREF="auarf200.htm#IDX5182">(5182)</A>
+<LI>discarding while in kas interactive mode
+<A HREF="auarf191.htm#IDX5123">(5123)</A>
+</MENU>
+<LI>authentication
+<MENU>
+<LI>imposing restrictions with kas
+<A HREF="auarf193.htm#IDX5142">(5142)</A>
+<LI>imposing restrictions with uss template A instruction
+<A HREF="auarf055.htm#IDX4118">(4118)</A>
+</MENU>
+<LI>Authentication Database
+<MENU>
+<LI>changing/setting password in
+<A HREF="auarf202.htm#IDX5191">(5191)</A>
+<LI>creating entry
+<A HREF="auarf183.htm#IDX5076">(5076)</A>
+<LI>deleting entry
+<A HREF="auarf184.htm#IDX5081">(5081)</A>
+<LI>displaying all entries
+<A HREF="auarf189.htm#IDX5115">(5115)</A>
+<LI>displaying entry
+<A HREF="auarf185.htm#IDX5085">(5085)</A>
+<LI>displaying key
+<A HREF="auarf185.htm#IDX5086">(5086)</A>
+<LI>entry, creating with uss
+<A HREF="auarf243.htm#IDX5527">(5527)</A>
+<LI>entry, deleting with uss
+<A HREF="auarf246.htm#IDX5551">(5551)</A>
+<LI>files constituting
+<A HREF="auarf045.htm#IDX4015">(4015)</A>
+<LI>information in
+<A HREF="auarf185.htm#IDX5099">(5099)</A>
+<LI>setting flags and expiration dates
+<A HREF="auarf193.htm#IDX5133">(5133)</A>
+<LI>setting key field using password
+<A HREF="auarf194.htm#IDX5150">(5150)</A>
+<LI>setting password in
+<A HREF="auarf194.htm#IDX5151">(5151)</A>
+<LI>status, verifying
+<A HREF="auarf180.htm#IDX5056">(5056)</A>
+</MENU>
+<LI>Authentication Server
+<MENU>
+<LI>displaying statistics
+<A HREF="auarf195.htm#IDX5159">(5159)</A>
+<LI>displaying traces of privileged actions
+<A HREF="auarf199.htm#IDX5175">(5175)</A>
+<LI>listed in client CellServDB file
+<A HREF="auarf019.htm#IDX3914">(3914)</A>
+<LI>listed in server CellServDB file
+<A HREF="auarf020.htm#IDX3922">(3922)</A>
+<LI>log file
+<A HREF="auarf012.htm#IDX3870">(3870)</A>
+<LI>log files for privileged actions
+<A HREF="auarf013.htm#IDX3873">(3873)</A>
+<LI>starting
+<A HREF="auarf198.htm#IDX5172">(5172)</A>
+<LI>unlocking locked user account
+<A HREF="auarf197.htm#IDX5169">(5169)</A>
+</MENU>
+<LI>AuthLog file
+<A HREF="auarf012.htm#IDX3868">(3868)</A>
+<LI>AuthLog.dir and AuthLog.pag files
+<A HREF="auarf013.htm#IDX3871">(3871)</A>
+<LI>authorization checking
+<MENU>
+<LI>NoAuth file
+<A HREF="auarf028.htm#IDX3966">(3966)</A>
+<LI>setting requirements on server machine
+<A HREF="auarf115.htm#IDX4617">(4617)</A>
+</MENU>
+<LI>automatic restart times for BOS Server
+<MENU>
+<LI>see entry: <I>restart times for BOS Server</I>
+<A HREF="auarf103.htm#IDX4541">(4541)</A>
+</MENU>
+<LI>AUTOQUERY instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3906">(3906)</A>
+<LI>availability of data
+<MENU>
+<LI>interrupted by dumping
+<A HREF="auarf260.htm#IDX5649">(5649)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_42" HREF="#IDX0_42">B</A></STRONG>
+<MENU>
+<LI>B instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4041">(4041)</A>
+</MENU>
+<LI>backup
+<MENU>
+<LI>see entry: <I>backup commands</I>
+<A HREF="auarf060.htm#IDX4206">(4206)</A>
+<LI>see entry: <I>Backup System</I>
+<A HREF="auarf060.htm#IDX4205">(4205)</A>
+</MENU>
+<LI>backup commands
+<MENU>
+<LI>adddump
+<A HREF="auarf061.htm#IDX4218">(4218)</A>
+<LI>addhost
+<A HREF="auarf062.htm#IDX4229">(4229)</A>
+<LI>addvolentry
+<A HREF="auarf063.htm#IDX4240">(4240)</A>, <A HREF="auarf063.htm#IDX4247">(4247)</A>
+<LI>addvolset
+<A HREF="auarf064.htm#IDX4255">(4255)</A>
+<LI>apropos
+<A HREF="auarf065.htm#IDX4261">(4261)</A>
+<LI>common options
+<A HREF="auarf060.htm#IDX4211">(4211)</A>
+<LI>dbverify
+<A HREF="auarf066.htm#IDX4264">(4264)</A>
+<LI>deldump
+<A HREF="auarf067.htm#IDX4267">(4267)</A>
+<LI>deletedump
+<A HREF="auarf068.htm#IDX4275">(4275)</A>
+<LI>delhost
+<A HREF="auarf069.htm#IDX4281">(4281)</A>
+<LI>delvolentry
+<A HREF="auarf070.htm#IDX4286">(4286)</A>
+<LI>delvolset
+<A HREF="auarf071.htm#IDX4292">(4292)</A>
+<LI>diskrestore
+<A HREF="auarf072.htm#IDX4296">(4296)</A>
+<LI>dump
+<A HREF="auarf073.htm#IDX4302">(4302)</A>
+<LI>dumpinfo
+<A HREF="auarf074.htm#IDX4316">(4316)</A>
+<LI>help
+<A HREF="auarf075.htm#IDX4324">(4324)</A>
+<LI>interactive
+<A HREF="auarf076.htm#IDX4327">(4327)</A>
+<LI>introduction
+<A HREF="auarf060.htm#IDX4204">(4204)</A>
+<LI>jobs
+<A HREF="auarf077.htm#IDX4332">(4332)</A>
+<LI>kill
+<A HREF="auarf078.htm#IDX4339">(4339)</A>
+<LI>labeltape
+<A HREF="auarf079.htm#IDX4345">(4345)</A>
+<LI>listdumps
+<A HREF="auarf080.htm#IDX4357">(4357)</A>
+<LI>listhosts
+<A HREF="auarf081.htm#IDX4365">(4365)</A>
+<LI>listvolsets
+<A HREF="auarf082.htm#IDX4374">(4374)</A>
+<LI>privilege requirements
+<A HREF="auarf060.htm#IDX4217">(4217)</A>
+<LI>quit
+<A HREF="auarf083.htm#IDX4380">(4380)</A>
+<LI>readlabel
+<A HREF="auarf084.htm#IDX4386">(4386)</A>
+<LI>restoredb
+<A HREF="auarf085.htm#IDX4394">(4394)</A>
+<LI>savedb
+<A HREF="auarf086.htm#IDX4397">(4397)</A>
+<LI>scantape
+<A HREF="auarf087.htm#IDX4400">(4400)</A>
+<LI>setexp
+<A HREF="auarf088.htm#IDX4406">(4406)</A>
+<LI>status
+<A HREF="auarf089.htm#IDX4412">(4412)</A>
+<LI>volinfo
+<A HREF="auarf090.htm#IDX4416">(4416)</A>
+<LI>volrestore
+<A HREF="auarf091.htm#IDX4422">(4422)</A>
+<LI>volsetrestore
+<A HREF="auarf092.htm#IDX4428">(4428)</A>
+</MENU>
+<LI>Backup Database
+<MENU>
+<LI>dump hierarchy, displaying
+<A HREF="auarf080.htm#IDX4361">(4361)</A>
+<LI>dump level, creating
+<A HREF="auarf061.htm#IDX4224">(4224)</A>
+<LI>dump level, removing
+<A HREF="auarf067.htm#IDX4271">(4271)</A>
+<LI>dump record, deleting
+<A HREF="auarf068.htm#IDX4278">(4278)</A>
+<LI>dump record, displaying
+<A HREF="auarf074.htm#IDX4319">(4319)</A>
+<LI>expiration date, setting on existing dump level
+<A HREF="auarf088.htm#IDX4409">(4409)</A>
+<LI>expiration date, setting on new dump level
+<A HREF="auarf061.htm#IDX4226">(4226)</A>
+<LI>files constituting
+<A HREF="auarf042.htm#IDX4010">(4010)</A>
+<LI>information recorded
+<A HREF="auarf060.htm#IDX4209">(4209)</A>
+<LI>port offset number, assigning to Tape Coordinator
+<A HREF="auarf062.htm#IDX4234">(4234)</A>
+<LI>port offset number, displaying
+<A HREF="auarf081.htm#IDX4370">(4370)</A>
+<LI>restoring from tape
+<A HREF="auarf085.htm#IDX4396">(4396)</A>
+<LI>saving to tape
+<A HREF="auarf086.htm#IDX4399">(4399)</A>
+<LI>status, verifying
+<A HREF="auarf066.htm#IDX4266">(4266)</A>
+<LI>Tape Coordinator entry, creating
+<A HREF="auarf062.htm#IDX4235">(4235)</A>
+<LI>Tape Coordinator entry, deleting
+<A HREF="auarf069.htm#IDX4283">(4283)</A>
+<LI>Tape Coordinator entry, displaying
+<A HREF="auarf081.htm#IDX4371">(4371)</A>
+<LI>volume dump history, displaying
+<A HREF="auarf090.htm#IDX4418">(4418)</A>
+<LI>volume entry in volume set, displaying
+<A HREF="auarf082.htm#IDX4378">(4378)</A>
+<LI>volume entry, adding to volume set
+<A HREF="auarf063.htm#IDX4243">(4243)</A>, <A HREF="auarf063.htm#IDX4250">(4250)</A>
+<LI>volume entry, removing from volume set
+<A HREF="auarf070.htm#IDX4289">(4289)</A>
+<LI>volume set, creating
+<A HREF="auarf064.htm#IDX4258">(4258)</A>
+<LI>volume set, deleting
+<A HREF="auarf071.htm#IDX4294">(4294)</A>
+<LI>volume set, restoring
+<A HREF="auarf092.htm#IDX4433">(4433)</A>
+</MENU>
+<LI>backup extension on volume name
+<A HREF="auarf255.htm#IDX5603">(5603)</A>
+<MENU>
+<LI>added by vos backup command
+<A HREF="auarf255.htm#IDX5604">(5604)</A>
+<LI>added by vos backupsys command
+<A HREF="auarf256.htm#IDX5611">(5611)</A>
+</MENU>
+<LI>Backup field in volume header
+<A HREF="auarf261.htm#IDX5675">(5675)</A>, <A HREF="auarf266.htm#IDX5751">(5751)</A>
+<LI>Backup Server
+<MENU>
+<LI>initialization command
+<A HREF="auarf125.htm#IDX4687">(4687)</A>
+<LI>listed in client CellServDB file
+<A HREF="auarf019.htm#IDX3917">(3917)</A>
+<LI>listed in server CellServDB file
+<A HREF="auarf020.htm#IDX3925">(3925)</A>
+<LI>log file
+<A HREF="auarf014.htm#IDX3876">(3876)</A>, <A HREF="auarf015.htm#IDX3879">(3879)</A>
+</MENU>
+<LI>Backup System
+<MENU>
+<LI>Backup Server process, starting
+<A HREF="auarf125.htm#IDX4690">(4690)</A>
+<LI>database (see entry: <I>Backup Database</I>)
+<A HREF="auarf060.htm#IDX4208">(4208)</A>
+<LI>interactive mode, entering
+<A HREF="auarf076.htm#IDX4331">(4331)</A>
+<LI>interactive mode, exiting
+<A HREF="auarf083.htm#IDX4385">(4385)</A>
+<LI>job ID number, displaying
+<A HREF="auarf077.htm#IDX4334">(4334)</A>
+<LI>job ID number, using to halt operation
+<A HREF="auarf078.htm#IDX4343">(4343)</A>
+<LI>operations, displaying pending and running
+<A HREF="auarf077.htm#IDX4335">(4335)</A>
+<LI>operations, halting in interactive mode
+<A HREF="auarf078.htm#IDX4341">(4341)</A>
+<LI>regular expressions
+<A HREF="auarf063.htm#IDX4254">(4254)</A>
+<LI>tape capacity, displaying from label
+<A HREF="auarf084.htm#IDX4391">(4391)</A>
+<LI>tape capacity, recording on label
+<A HREF="auarf079.htm#IDX4352">(4352)</A>
+<LI>Tape Coordinator, initializing
+<A HREF="auarf126.htm#IDX4696">(4696)</A>
+<LI>tape, creating label
+<A HREF="auarf079.htm#IDX4351">(4351)</A>
+<LI>tape, displaying label
+<A HREF="auarf084.htm#IDX4390">(4390)</A>
+</MENU>
+<LI>backup volume
+<MENU>
+<LI>creating
+<A HREF="auarf255.htm#IDX5602">(5602)</A>
+<LI>creating many at once
+<A HREF="auarf256.htm#IDX5610">(5610)</A>
+<LI>dumping
+<A HREF="auarf260.htm#IDX5648">(5648)</A>
+<LI>ID number
+<A HREF="auarf258.htm#IDX5637">(5637)</A>
+<LI>ID number in volume header
+<A HREF="auarf261.htm#IDX5671">(5671)</A>, <A HREF="auarf266.htm#IDX5747">(5747)</A>
+<LI>moving
+<A HREF="auarf268.htm#IDX5774">(5774)</A>
+<LI>name, changing
+<A HREF="auarf273.htm#IDX5828">(5828)</A>
+<LI>removed by read/write move
+<A HREF="auarf268.htm#IDX5772">(5772)</A>
+<LI>removed by read/write removal
+<A HREF="auarf271.htm#IDX5810">(5810)</A>
+<LI>removing
+<A HREF="auarf271.htm#IDX5812">(5812)</A>
+</MENU>
+<LI>BackupLog file
+<A HREF="auarf014.htm#IDX3874">(3874)</A>
+<LI>BAK version of binary file
+<MENU>
+<LI>creation by bos install command
+<A HREF="auarf105.htm#IDX4554">(4554)</A>
+<LI>listing time stamp on
+<A HREF="auarf101.htm#IDX4521">(4521)</A>
+<LI>removing from /usr/afs/bin directory
+<A HREF="auarf109.htm#IDX4578">(4578)</A>
+<LI>use by bos uninstall command
+<A HREF="auarf123.htm#IDX4678">(4678)</A>
+</MENU>
+<LI>Basic OverSeer Server
+<MENU>
+<LI>see entry: <I>BOS Server</I>
+<A HREF="auarf093.htm#IDX4437">(4437)</A>
+</MENU>
+<LI>bdb.DB0 file
+<A HREF="auarf042.htm#IDX4006">(4006)</A>
+<LI>bdb.DBSYS1 file
+<A HREF="auarf042.htm#IDX4008">(4008)</A>
+<LI>binary distribution machine
+<A HREF="auarf105.htm#IDX4552">(4552)</A>, <A HREF="auarf123.htm#IDX4676">(4676)</A>
+<LI>binary file
+<MENU>
+<LI>installing
+<A HREF="auarf105.htm#IDX4550">(4550)</A>
+<LI>listing time stamp on
+<A HREF="auarf101.htm#IDX4519">(4519)</A>
+<LI>uninstalling
+<A HREF="auarf123.htm#IDX4674">(4674)</A>
+</MENU>
+<LI>block special device
+<MENU>
+<LI>defining with package
+<A HREF="auarf053.htm#IDX4045">(4045)</A>
+</MENU>
+<LI>bos commands
+<MENU>
+<LI>addhost
+<A HREF="auarf094.htm#IDX4451">(4451)</A>
+<LI>addkey
+<A HREF="auarf095.htm#IDX4463">(4463)</A>
+<LI>adduser
+<A HREF="auarf096.htm#IDX4471">(4471)</A>
+<LI>apropos
+<A HREF="auarf097.htm#IDX4473">(4473)</A>
+<LI>common options
+<A HREF="auarf093.htm#IDX4443">(4443)</A>
+<LI>create
+<A HREF="auarf098.htm#IDX4485">(4485)</A>
+<LI>delete
+<A HREF="auarf099.htm#IDX4509">(4509)</A>
+<LI>exec
+<A HREF="auarf100.htm#IDX4513">(4513)</A>
+<LI>getcell (see entry: <I>listhosts</I>)
+<A HREF="auarf106.htm#IDX4562">(4562)</A>
+<LI>getdate
+<A HREF="auarf101.htm#IDX4516">(4516)</A>
+<LI>getlog
+<A HREF="auarf102.htm#IDX4527">(4527)</A>
+<LI>getrestart
+<A HREF="auarf103.htm#IDX4543">(4543)</A>
+<LI>help
+<A HREF="auarf104.htm#IDX4545">(4545)</A>
+<LI>install
+<A HREF="auarf105.htm#IDX4548">(4548)</A>
+<LI>listhosts
+<A HREF="auarf106.htm#IDX4561">(4561)</A>
+<LI>listkeys
+<A HREF="auarf107.htm#IDX4566">(4566)</A>
+<LI>listusers
+<A HREF="auarf108.htm#IDX4573">(4573)</A>
+<LI>privilege requirements
+<A HREF="auarf093.htm#IDX4450">(4450)</A>
+<LI>prune
+<A HREF="auarf109.htm#IDX4575">(4575)</A>
+<LI>removehost
+<A HREF="auarf110.htm#IDX4588">(4588)</A>
+<LI>removekey
+<A HREF="auarf111.htm#IDX4596">(4596)</A>
+<LI>removeuser
+<A HREF="auarf112.htm#IDX4601">(4601)</A>
+<LI>restart
+<A HREF="auarf113.htm#IDX4603">(4603)</A>
+<LI>salvage
+<A HREF="auarf114.htm#IDX4615">(4615)</A>
+<LI>setauth
+<A HREF="auarf115.htm#IDX4620">(4620)</A>
+<LI>setcellname
+<A HREF="auarf116.htm#IDX4622">(4622)</A>
+<LI>setrestart
+<A HREF="auarf117.htm#IDX4634">(4634)</A>
+<LI>shutdown
+<A HREF="auarf118.htm#IDX4640">(4640)</A>
+<LI>start
+<A HREF="auarf119.htm#IDX4644">(4644)</A>
+<LI>startup
+<A HREF="auarf120.htm#IDX4652">(4652)</A>
+<LI>status
+<A HREF="auarf121.htm#IDX4656">(4656)</A>
+<LI>stop
+<A HREF="auarf122.htm#IDX4665">(4665)</A>
+<LI>uninstall
+<A HREF="auarf123.htm#IDX4671">(4671)</A>
+</MENU>
+<LI>BOS Server
+<A HREF="auarf093.htm#IDX4436">(4436)</A>
+<MENU>
+<LI>memory state
+<A HREF="auarf016.htm#IDX3894">(3894)</A>
+<LI>restart times, displaying
+<A HREF="auarf103.htm#IDX4537">(4537)</A>
+<LI>restart times, setting
+<A HREF="auarf117.htm#IDX4631">(4631)</A>
+<LI>restarting
+<A HREF="auarf113.htm#IDX4607">(4607)</A>
+<LI>SALVAGE.fs file, response to
+<A HREF="auarf029.htm#IDX3971">(3971)</A>
+<LI>starting
+<A HREF="auarf124.htm#IDX4682">(4682)</A>
+</MENU>
+<LI>BosConfig file
+<A HREF="auarf016.htm#IDX3880">(3880)</A>
+<MENU>
+<LI>creating entry with bos create command
+<A HREF="auarf098.htm#IDX4484">(4484)</A>
+<LI>displaying entry with bos status command
+<A HREF="auarf121.htm#IDX4662">(4662)</A>
+<LI>removing entry with bos delete command
+<A HREF="auarf099.htm#IDX4506">(4506)</A>
+</MENU>
+<LI>BosLog file
+<A HREF="auarf015.htm#IDX3877">(3877)</A>
+<LI>bosserver command
+<A HREF="auarf124.htm#IDX4680">(4680)</A>
+<LI>BUFFERSIZE instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3907">(3907)</A>
+<LI>bulk input file
+<MENU>
+<LI>see entry: <I>uss bulk input file</I>
+<A HREF="auarf054.htm#IDX4100">(4100)</A>
+</MENU>
+<LI>bulk mode in uss
+<A HREF="auarf245.htm#IDX5543">(5543)</A>
+<LI>buserver command
+<A HREF="auarf125.htm#IDX4685">(4685)</A>
+<LI>buserver process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4487">(4487)</A>
+</MENU>
+<LI>butc command
+<A HREF="auarf126.htm#IDX4691">(4691)</A>
+</MENU>
+<STRONG><A NAME="IDX1_43" HREF="#IDX0_43">C</A></STRONG>
+<MENU>
+<LI>C instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4042">(4042)</A>
+</MENU>
+<LI>Cache Manager
+<MENU>
+<LI>changing database server machines known to
+<A HREF="auarf154.htm#IDX4908">(4908)</A>
+<LI>configuring with afsd
+<A HREF="auarf058.htm#IDX4189">(4189)</A>
+<LI>configuring with fs commands
+<A HREF="auarf131.htm#IDX4716">(4716)</A>
+<LI>disabling messages
+<A HREF="auarf152.htm#IDX4890">(4890)</A>
+<LI>displaying amount of cache used
+<A HREF="auarf143.htm#IDX4832">(4832)</A>
+<LI>displaying cache size
+<A HREF="auarf143.htm#IDX4831">(4831)</A>
+<LI>displaying database server machines known to
+<A HREF="auarf149.htm#IDX4862">(4862)</A>
+<LI>displaying inaccessible server machines
+<A HREF="auarf133.htm#IDX4734">(4734)</A>
+<LI>displaying server machine preference ranks
+<A HREF="auarf146.htm#IDX4846">(4846)</A>
+<LI>flushing directory/file from data cache
+<A HREF="auarf140.htm#IDX4808">(4808)</A>
+<LI>flushing entire volume from data cache
+<A HREF="auarf142.htm#IDX4821">(4821)</A>
+<LI>flushing mount point from data cache
+<A HREF="auarf141.htm#IDX4815">(4815)</A>
+<LI>initializing with afsd
+<A HREF="auarf058.htm#IDX4188">(4188)</A>
+<LI>interfaces not registered with File Server, setting
+<A HREF="auarf026.htm#IDX3956">(3956)</A>
+<LI>interfaces registered with File Server, displaying
+<A HREF="auarf145.htm#IDX4841">(4841)</A>
+<LI>interfaces registered with File Server, setting
+<A HREF="auarf024.htm#IDX3945">(3945)</A>, <A HREF="auarf160.htm#IDX4963">(4963)</A>
+<LI>logging messages
+<A HREF="auarf152.htm#IDX4889">(4889)</A>
+<LI>monitoring status with afsmonitor
+<A HREF="auarf058.htm#IDX4196">(4196)</A>
+<LI>NetInfo file
+<A HREF="auarf024.htm#IDX3944">(3944)</A>
+<LI>NetRestrict file
+<A HREF="auarf026.htm#IDX3955">(3955)</A>
+<LI>setting cache size
+<A HREF="auarf158.htm#IDX4952">(4952)</A>
+<LI>setting server machine preference ranks
+<A HREF="auarf162.htm#IDX4973">(4973)</A>
+<LI>setting the interval between server probes
+<A HREF="auarf133.htm#IDX4735">(4735)</A>
+<LI>volume name to ID mapping, forcing update of
+<A HREF="auarf134.htm#IDX4739">(4739)</A>
+<LI>VolumeItems file
+<A HREF="auarf040.htm#IDX4002">(4002)</A>
+</MENU>
+<LI>cache-related file
+<MENU>
+<LI>see entry: <I>files</I>
+<A HREF="auarf011.htm#IDX3864">(3864)</A>
+</MENU>
+<LI>CacheItems file
+<A HREF="auarf017.htm#IDX3897">(3897)</A>
+<LI>cell
+<MENU>
+<LI>client
+<A HREF="auarf149.htm#IDX4864">(4864)</A>, <A HREF="auarf154.htm#IDX4906">(4906)</A>
+<LI>database server machines listed in client CellServDB file
+<A HREF="auarf019.htm#IDX3919">(3919)</A>
+<LI>database server machines listed in server CellServDB file
+<A HREF="auarf020.htm#IDX3927">(3927)</A>
+<LI>membership of client machine
+<A HREF="auarf032.htm#IDX3977">(3977)</A>
+<LI>membership of server machine
+<A HREF="auarf033.htm#IDX3982">(3982)</A>
+<LI>name, setting
+<A HREF="auarf116.htm#IDX4628">(4628)</A>
+<LI>setuid status, displaying
+<A HREF="auarf144.htm#IDX4835">(4835)</A>
+<LI>setuid status, setting
+<A HREF="auarf159.htm#IDX4955">(4955)</A>
+</MENU>
+<LI>cell argument
+<MENU>
+<LI>on backup commands
+<A HREF="auarf060.htm#IDX4212">(4212)</A>
+<LI>on bos commands
+<A HREF="auarf093.htm#IDX4444">(4444)</A>
+<LI>on kas commands
+<A HREF="auarf181.htm#IDX5065">(5065)</A>
+<LI>on pts commands
+<A HREF="auarf210.htm#IDX5231">(5231)</A>
+<LI>on uss commands
+<A HREF="auarf242.htm#IDX5511">(5511)</A>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5578">(5578)</A>
+</MENU>
+<LI>CellServDB file (client version)
+<A HREF="auarf019.htm#IDX3912">(3912)</A>
+<MENU>
+<LI>displaying contents as copied into kernel memory
+<A HREF="auarf149.htm#IDX4865">(4865)</A>
+</MENU>
+<LI>CellServDB file (server version)
+<A HREF="auarf020.htm#IDX3920">(3920)</A>
+<MENU>
+<LI>adding entry with bos addhost command
+<A HREF="auarf094.htm#IDX4454">(4454)</A>
+<LI>creating with bos setcellname command
+<A HREF="auarf116.htm#IDX4623">(4623)</A>
+<LI>displaying contents with bos listhosts command
+<A HREF="auarf106.htm#IDX4558">(4558)</A>
+<LI>removing entry with bos removehost command
+<A HREF="auarf110.htm#IDX4590">(4590)</A>
+</MENU>
+<LI>cellular mount point
+<A HREF="auarf153.htm#IDX4902">(4902)</A>
+<LI>CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3900">(3900)</A>
+<LI>changing
+<MENU>
+<LI>data cache size
+<A HREF="auarf158.htm#IDX4947">(4947)</A>
+<LI>database server machines listed in client kernel
+<A HREF="auarf154.htm#IDX4905">(4905)</A>
+<LI>name of Protection Database entry
+<A HREF="auarf224.htm#IDX5393">(5393)</A>
+<LI>owner of Protection Database entry
+<A HREF="auarf213.htm#IDX5251">(5251)</A>
+<LI>password in Authentication Database
+<A HREF="auarf202.htm#IDX5189">(5189)</A>
+<LI>volume name
+<A HREF="auarf273.htm#IDX5824">(5824)</A>
+<LI>volume quota
+<A HREF="auarf161.htm#IDX4967">(4967)</A>
+</MENU>
+<LI>character special device
+<MENU>
+<LI>defining with package
+<A HREF="auarf053.htm#IDX4052">(4052)</A>
+</MENU>
+<LI>character string
+<MENU>
+<LI>converting to octal key form
+<A HREF="auarf196.htm#IDX5164">(5164)</A>
+</MENU>
+<LI>checking
+<MENU>
+<LI>AFS client as exporter non-AFS file system
+<A HREF="auarf139.htm#IDX4800">(4800)</A>
+<LI>server machine status
+<A HREF="auarf133.htm#IDX4731">(4731)</A>
+</MENU>
+<LI>cleaning
+<MENU>
+<LI>ACL
+<A HREF="auarf135.htm#IDX4748">(4748)</A>
+</MENU>
+<LI>clearing
+<MENU>
+<LI>ACL
+<A HREF="auarf157.htm#IDX4932">(4932)</A>
+</MENU>
+<LI>client machine
+<MENU>
+<LI>as exporter of non-AFS file system
+<A HREF="auarf139.htm#IDX4802">(4802)</A>
+<LI>cell membership
+<A HREF="auarf032.htm#IDX3978">(3978)</A>
+<LI>changing database server machines known to
+<A HREF="auarf154.htm#IDX4909">(4909)</A>
+<LI>changing size of data cache
+<A HREF="auarf158.htm#IDX4951">(4951)</A>
+<LI>configuring local disk with package
+<A HREF="auarf204.htm#IDX5200">(5200)</A>
+<LI>displaying database server machines known to
+<A HREF="auarf149.htm#IDX4863">(4863)</A>
+<LI>displaying home cell of
+<A HREF="auarf168.htm#IDX5018">(5018)</A>
+<LI>displaying system type
+<A HREF="auarf165.htm#IDX4989">(4989)</A>, <A HREF="auarf234.htm#IDX5470">(5470)</A>
+<LI>setting system type
+<A HREF="auarf165.htm#IDX4993">(4993)</A>
+</MENU>
+<LI>client machines statistic in scout
+<A HREF="auarf233.htm#IDX5463">(5463)</A>
+<LI>client portion of Update Server
+<MENU>
+<LI>see entry: <I>upclient process</I>
+<A HREF="auarf240.htm#IDX5500">(5500)</A>
+</MENU>
+<LI>clone
+<A HREF="auarf270.htm#IDX5785">(5785)</A>
+<MENU>
+<LI>forcing creation of new
+<A HREF="auarf270.htm#IDX5802">(5802)</A>
+</MENU>
+<LI>cloning
+<MENU>
+<LI>for backup
+<A HREF="auarf255.htm#IDX5599">(5599)</A>, <A HREF="auarf256.htm#IDX5608">(5608)</A>
+<LI>volume for replication
+<A HREF="auarf270.htm#IDX5790">(5790)</A>
+</MENU>
+<LI>commands
+<MENU>
+<LI>afsd
+<A HREF="auarf058.htm#IDX4185">(4185)</A>
+<LI>afsmonitor
+<A HREF="auarf058.htm#IDX4194">(4194)</A>
+<LI>backup (introduction)
+<A HREF="auarf060.htm#IDX4203">(4203)</A>
+<LI>backup adddump
+<A HREF="auarf061.htm#IDX4219">(4219)</A>
+<LI>backup addhost
+<A HREF="auarf062.htm#IDX4230">(4230)</A>
+<LI>backup addvolentry
+<A HREF="auarf063.htm#IDX4239">(4239)</A>, <A HREF="auarf063.htm#IDX4246">(4246)</A>
+<LI>backup addvolset
+<A HREF="auarf064.htm#IDX4256">(4256)</A>
+<LI>backup apropos
+<A HREF="auarf065.htm#IDX4262">(4262)</A>
+<LI>backup dbverify
+<A HREF="auarf066.htm#IDX4265">(4265)</A>
+<LI>backup deldump
+<A HREF="auarf067.htm#IDX4268">(4268)</A>
+<LI>backup deletedump
+<A HREF="auarf068.htm#IDX4276">(4276)</A>
+<LI>backup delhost
+<A HREF="auarf069.htm#IDX4280">(4280)</A>
+<LI>backup delvolentry
+<A HREF="auarf070.htm#IDX4285">(4285)</A>
+<LI>backup delvolset
+<A HREF="auarf071.htm#IDX4291">(4291)</A>
+<LI>backup diskrestore
+<A HREF="auarf072.htm#IDX4297">(4297)</A>
+<LI>backup dump
+<A HREF="auarf073.htm#IDX4303">(4303)</A>
+<LI>backup dumpinfo
+<A HREF="auarf074.htm#IDX4317">(4317)</A>
+<LI>backup help
+<A HREF="auarf075.htm#IDX4325">(4325)</A>
+<LI>backup interactive
+<A HREF="auarf076.htm#IDX4328">(4328)</A>
+<LI>backup jobs
+<A HREF="auarf077.htm#IDX4333">(4333)</A>
+<LI>backup kill
+<A HREF="auarf078.htm#IDX4340">(4340)</A>
+<LI>backup labeltape
+<A HREF="auarf079.htm#IDX4346">(4346)</A>
+<LI>backup listdumps
+<A HREF="auarf080.htm#IDX4358">(4358)</A>
+<LI>backup listhosts
+<A HREF="auarf081.htm#IDX4366">(4366)</A>
+<LI>backup listvolsets
+<A HREF="auarf082.htm#IDX4375">(4375)</A>
+<LI>backup quit
+<A HREF="auarf083.htm#IDX4381">(4381)</A>
+<LI>backup readlabel
+<A HREF="auarf084.htm#IDX4387">(4387)</A>
+<LI>backup restoredb
+<A HREF="auarf085.htm#IDX4395">(4395)</A>
+<LI>backup savedb
+<A HREF="auarf086.htm#IDX4398">(4398)</A>
+<LI>backup scantape
+<A HREF="auarf087.htm#IDX4401">(4401)</A>
+<LI>backup setexp
+<A HREF="auarf088.htm#IDX4407">(4407)</A>
+<LI>backup status
+<A HREF="auarf089.htm#IDX4413">(4413)</A>
+<LI>backup volinfo
+<A HREF="auarf090.htm#IDX4417">(4417)</A>
+<LI>backup volrestore
+<A HREF="auarf091.htm#IDX4423">(4423)</A>
+<LI>backup volsetrestore
+<A HREF="auarf092.htm#IDX4429">(4429)</A>
+<LI>bos (introduction)
+<A HREF="auarf093.htm#IDX4435">(4435)</A>
+<LI>bos addhost
+<A HREF="auarf094.htm#IDX4452">(4452)</A>
+<LI>bos addkey
+<A HREF="auarf095.htm#IDX4464">(4464)</A>
+<LI>bos adduser
+<A HREF="auarf096.htm#IDX4472">(4472)</A>
+<LI>bos apropos
+<A HREF="auarf097.htm#IDX4474">(4474)</A>
+<LI>bos create
+<A HREF="auarf098.htm#IDX4486">(4486)</A>
+<LI>bos delete
+<A HREF="auarf099.htm#IDX4510">(4510)</A>
+<LI>bos exec
+<A HREF="auarf100.htm#IDX4514">(4514)</A>
+<LI>bos getdate
+<A HREF="auarf101.htm#IDX4520">(4520)</A>
+<LI>bos getlog
+<A HREF="auarf102.htm#IDX4528">(4528)</A>
+<LI>bos getrestart
+<A HREF="auarf103.htm#IDX4544">(4544)</A>
+<LI>bos help
+<A HREF="auarf104.htm#IDX4546">(4546)</A>
+<LI>bos install
+<A HREF="auarf105.htm#IDX4553">(4553)</A>
+<LI>bos listhosts
+<A HREF="auarf106.htm#IDX4560">(4560)</A>
+<LI>bos listkeys
+<A HREF="auarf107.htm#IDX4567">(4567)</A>
+<LI>bos listusers
+<A HREF="auarf108.htm#IDX4574">(4574)</A>
+<LI>bos prune
+<A HREF="auarf109.htm#IDX4582">(4582)</A>
+<LI>bos removehost
+<A HREF="auarf110.htm#IDX4592">(4592)</A>
+<LI>bos removekey
+<A HREF="auarf111.htm#IDX4597">(4597)</A>
+<LI>bos removeuser
+<A HREF="auarf112.htm#IDX4602">(4602)</A>
+<LI>bos restart
+<A HREF="auarf113.htm#IDX4608">(4608)</A>
+<LI>bos salvage
+<A HREF="auarf114.htm#IDX4616">(4616)</A>
+<LI>bos setauth
+<A HREF="auarf115.htm#IDX4621">(4621)</A>
+<LI>bos setcellname
+<A HREF="auarf116.htm#IDX4629">(4629)</A>
+<LI>bos setrestart
+<A HREF="auarf117.htm#IDX4635">(4635)</A>
+<LI>bos shutdown
+<A HREF="auarf118.htm#IDX4641">(4641)</A>
+<LI>bos start
+<A HREF="auarf119.htm#IDX4649">(4649)</A>
+<LI>bos startup
+<A HREF="auarf120.htm#IDX4655">(4655)</A>
+<LI>bos status
+<A HREF="auarf121.htm#IDX4660">(4660)</A>
+<LI>bos stop
+<A HREF="auarf122.htm#IDX4670">(4670)</A>
+<LI>bos uninstall
+<A HREF="auarf123.htm#IDX4677">(4677)</A>
+<LI>bosserver
+<A HREF="auarf124.htm#IDX4681">(4681)</A>
+<LI>buserver
+<A HREF="auarf125.htm#IDX4686">(4686)</A>
+<LI>butc
+<A HREF="auarf126.htm#IDX4692">(4692)</A>
+<LI>dlog
+<A HREF="auarf127.htm#IDX4698">(4698)</A>
+<LI>dpass
+<A HREF="auarf128.htm#IDX4700">(4700)</A>
+<LI>executing remotely
+<A HREF="auarf100.htm#IDX4512">(4512)</A>
+<LI>fileserver
+<A HREF="auarf129.htm#IDX4702">(4702)</A>
+<LI>fms
+<A HREF="auarf130.htm#IDX4706">(4706)</A>
+<LI>fs apropos
+<A HREF="auarf132.htm#IDX4726">(4726)</A>
+<LI>fs checkservers
+<A HREF="auarf133.htm#IDX4729">(4729)</A>
+<LI>fs checkvolumes
+<A HREF="auarf134.htm#IDX4737">(4737)</A>
+<LI>fs cleanacl
+<A HREF="auarf135.htm#IDX4752">(4752)</A>
+<LI>fs copyacl
+<A HREF="auarf136.htm#IDX4756">(4756)</A>
+<LI>fs diskfree
+<A HREF="auarf137.htm#IDX4771">(4771)</A>
+<LI>fs examine
+<A HREF="auarf138.htm#IDX4795">(4795)</A>
+<LI>fs exportafs
+<A HREF="auarf139.htm#IDX4797">(4797)</A>
+<LI>fs flush
+<A HREF="auarf140.htm#IDX4812">(4812)</A>
+<LI>fs flushmount
+<A HREF="auarf141.htm#IDX4818">(4818)</A>
+<LI>fs flushvolume
+<A HREF="auarf142.htm#IDX4824">(4824)</A>
+<LI>fs getcacheparms
+<A HREF="auarf143.htm#IDX4826">(4826)</A>
+<LI>fs getcellstatus
+<A HREF="auarf144.htm#IDX4834">(4834)</A>
+<LI>fs getclientaddrs
+<A HREF="auarf145.htm#IDX4840">(4840)</A>
+<LI>fs getserverprefs
+<A HREF="auarf146.htm#IDX4845">(4845)</A>
+<LI>fs help
+<A HREF="auarf147.htm#IDX4852">(4852)</A>
+<LI>fs listacl
+<A HREF="auarf148.htm#IDX4859">(4859)</A>
+<LI>fs listcells
+<A HREF="auarf149.htm#IDX4868">(4868)</A>
+<LI>fs listquota
+<A HREF="auarf150.htm#IDX4870">(4870)</A>
+<LI>fs lsmount
+<A HREF="auarf151.htm#IDX4888">(4888)</A>
+<LI>fs messages
+<A HREF="auarf152.htm#IDX4892">(4892)</A>
+<LI>fs mkmount
+<A HREF="auarf153.htm#IDX4897">(4897)</A>
+<LI>fs newcell
+<A HREF="auarf154.htm#IDX4912">(4912)</A>
+<LI>fs quota
+<A HREF="auarf155.htm#IDX4914">(4914)</A>
+<LI>fs rmmount
+<A HREF="auarf156.htm#IDX4923">(4923)</A>
+<LI>fs setacl
+<A HREF="auarf157.htm#IDX4936">(4936)</A>
+<LI>fs setcachesize
+<A HREF="auarf158.htm#IDX4954">(4954)</A>
+<LI>fs setcell
+<A HREF="auarf159.htm#IDX4960">(4960)</A>
+<LI>fs setclientaddrs
+<A HREF="auarf160.htm#IDX4962">(4962)</A>
+<LI>fs setquota
+<A HREF="auarf161.htm#IDX4970">(4970)</A>
+<LI>fs setserverprefs
+<A HREF="auarf162.htm#IDX4972">(4972)</A>
+<LI>fs setvol
+<A HREF="auarf163.htm#IDX4984">(4984)</A>
+<LI>fs storebehind
+<A HREF="auarf164.htm#IDX4985">(4985)</A>
+<LI>fs sysname
+<A HREF="auarf165.htm#IDX4988">(4988)</A>
+<LI>fs whereis
+<A HREF="auarf166.htm#IDX5007">(5007)</A>
+<LI>fs whichcell
+<A HREF="auarf167.htm#IDX5014">(5014)</A>
+<LI>fs wscell
+<A HREF="auarf168.htm#IDX5020">(5020)</A>
+<LI>fstrace (introduction)
+<A HREF="auarf169.htm#IDX5026">(5026)</A>
+<LI>fstrace apropos
+<A HREF="auarf170.htm#IDX5029">(5029)</A>
+<LI>fstrace dump
+<A HREF="auarf172.htm#IDX5032">(5032)</A>
+<LI>fstrace help
+<A HREF="auarf173.htm#IDX5034">(5034)</A>
+<LI>fstrace lslog
+<A HREF="auarf174.htm#IDX5037">(5037)</A>
+<LI>fstrace lsset
+<A HREF="auarf175.htm#IDX5039">(5039)</A>
+<LI>fstrace setlog
+<A HREF="auarf176.htm#IDX5041">(5041)</A>
+<LI>fstrace setset
+<A HREF="auarf177.htm#IDX5043">(5043)</A>
+<LI>ftpd (AFS version)
+<A HREF="auarf178.htm#IDX5045">(5045)</A>
+<LI>inetd (AFS version)
+<A HREF="auarf179.htm#IDX5050">(5050)</A>
+<LI>kadb_check
+<A HREF="auarf180.htm#IDX5055">(5055)</A>
+<LI>kas apropos
+<A HREF="auarf182.htm#IDX5071">(5071)</A>
+<LI>kas create
+<A HREF="auarf183.htm#IDX5074">(5074)</A>
+<LI>kas delete
+<A HREF="auarf184.htm#IDX5079">(5079)</A>
+<LI>kas examine
+<A HREF="auarf185.htm#IDX5083">(5083)</A>
+<LI>kas forgetticket
+<A HREF="auarf186.htm#IDX5105">(5105)</A>
+<LI>kas help
+<A HREF="auarf187.htm#IDX5110">(5110)</A>
+<LI>kas list
+<A HREF="auarf189.htm#IDX5113">(5113)</A>
+<LI>kas listtickets
+<A HREF="auarf190.htm#IDX5117">(5117)</A>
+<LI>kas noauthentication
+<A HREF="auarf191.htm#IDX5120">(5120)</A>
+<LI>kas quit
+<A HREF="auarf192.htm#IDX5125">(5125)</A>
+<LI>kas setfields
+<A HREF="auarf193.htm#IDX5131">(5131)</A>
+<LI>kas setpassword
+<A HREF="auarf194.htm#IDX5148">(5148)</A>
+<LI>kas statistics
+<A HREF="auarf195.htm#IDX5156">(5156)</A>
+<LI>kas stringtokey
+<A HREF="auarf196.htm#IDX5162">(5162)</A>
+<LI>kas unlock
+<A HREF="auarf197.htm#IDX5168">(5168)</A>
+<LI>kaserver
+<A HREF="auarf198.htm#IDX5171">(5171)</A>
+<LI>kdb
+<A HREF="auarf199.htm#IDX5174">(5174)</A>
+<LI>klog
+<A HREF="auarf200.htm#IDX5177">(5177)</A>
+<LI>knfs
+<A HREF="auarf201.htm#IDX5184">(5184)</A>
+<LI>kpasswd
+<A HREF="auarf202.htm#IDX5188">(5188)</A>
+<LI>kpwvalid
+<A HREF="auarf203.htm#IDX5195">(5195)</A>
+<LI>package
+<A HREF="auarf204.htm#IDX5198">(5198)</A>
+<LI>package apropos
+<A HREF="auarf205.htm#IDX5205">(5205)</A>
+<LI>package help
+<A HREF="auarf206.htm#IDX5208">(5208)</A>
+<LI>package_test
+<A HREF="auarf207.htm#IDX5211">(5211)</A>
+<LI>pagsh
+<A HREF="auarf208.htm#IDX5214">(5214)</A>
+<LI>prdb_check
+<A HREF="auarf209.htm#IDX5218">(5218)</A>
+<LI>pts adduser
+<A HREF="auarf211.htm#IDX5236">(5236)</A>
+<LI>pts apropos
+<A HREF="auarf212.htm#IDX5245">(5245)</A>
+<LI>pts chown
+<A HREF="auarf213.htm#IDX5248">(5248)</A>
+<LI>pts creategroup
+<A HREF="auarf214.htm#IDX5253">(5253)</A>
+<LI>pts createuser
+<A HREF="auarf215.htm#IDX5275">(5275)</A>
+<LI>pts delete
+<A HREF="auarf216.htm#IDX5294">(5294)</A>
+<LI>pts examine
+<A HREF="auarf217.htm#IDX5304">(5304)</A>
+<LI>pts help
+<A HREF="auarf218.htm#IDX5351">(5351)</A>
+<LI>pts listentries
+<A HREF="auarf219.htm#IDX5354">(5354)</A>
+<LI>pts listmax
+<A HREF="auarf220.htm#IDX5360">(5360)</A>
+<LI>pts listowned
+<A HREF="auarf221.htm#IDX5368">(5368)</A>
+<LI>pts membership
+<A HREF="auarf222.htm#IDX5375">(5375)</A>
+<LI>pts removeuser
+<A HREF="auarf223.htm#IDX5383">(5383)</A>
+<LI>pts rename
+<A HREF="auarf224.htm#IDX5391">(5391)</A>
+<LI>pts setfields
+<A HREF="auarf225.htm#IDX5397">(5397)</A>
+<LI>pts setmax
+<A HREF="auarf226.htm#IDX5410">(5410)</A>
+<LI>ptserver
+<A HREF="auarf227.htm#IDX5418">(5418)</A>
+<LI>rcp (AFS version)
+<A HREF="auarf228.htm#IDX5423">(5423)</A>
+<LI>rsh (AFS version)
+<A HREF="auarf229.htm#IDX5429">(5429)</A>
+<LI>runntp
+<A HREF="auarf230.htm#IDX5434">(5434)</A>
+<LI>rxdebug
+<A HREF="auarf231.htm#IDX5441">(5441)</A>
+<LI>salvager
+<A HREF="auarf232.htm#IDX5443">(5443)</A>
+<LI>scout
+<A HREF="auarf233.htm#IDX5448">(5448)</A>
+<LI>sys
+<A HREF="auarf234.htm#IDX5469">(5469)</A>
+<LI>tokens
+<A HREF="auarf235.htm#IDX5478">(5478)</A>
+<LI>translate_et
+<A HREF="auarf236.htm#IDX5482">(5482)</A>
+<LI>udebug
+<A HREF="auarf237.htm#IDX5485">(5485)</A>
+<LI>unlog
+<A HREF="auarf238.htm#IDX5488">(5488)</A>
+<LI>up
+<A HREF="auarf239.htm#IDX5494">(5494)</A>
+<LI>upclient
+<A HREF="auarf240.htm#IDX5498">(5498)</A>
+<LI>upserver
+<A HREF="auarf241.htm#IDX5504">(5504)</A>
+<LI>uss add
+<A HREF="auarf243.htm#IDX5518">(5518)</A>
+<LI>uss apropos
+<A HREF="auarf244.htm#IDX5537">(5537)</A>
+<LI>uss bulk
+<A HREF="auarf245.htm#IDX5540">(5540)</A>
+<LI>uss delete
+<A HREF="auarf246.htm#IDX5544">(5544)</A>
+<LI>uss help
+<A HREF="auarf247.htm#IDX5555">(5555)</A>
+<LI>vldb_check
+<A HREF="auarf248.htm#IDX5558">(5558)</A>
+<LI>vlserver
+<A HREF="auarf249.htm#IDX5561">(5561)</A>
+<LI>volinfo
+<A HREF="auarf250.htm#IDX5565">(5565)</A>
+<LI>volserver
+<A HREF="auarf251.htm#IDX5567">(5567)</A>
+<LI>vos (introduction)
+<A HREF="auarf252.htm#IDX5569">(5569)</A>
+<LI>vos addsite
+<A HREF="auarf253.htm#IDX5588">(5588)</A>
+<LI>vos apropos
+<A HREF="auarf254.htm#IDX5594">(5594)</A>
+<LI>vos backup
+<A HREF="auarf255.htm#IDX5597">(5597)</A>
+<LI>vos backupsys
+<A HREF="auarf256.htm#IDX5606">(5606)</A>
+<LI>vos changeaddr
+<A HREF="auarf257.htm#IDX5613">(5613)</A>
+<LI>vos create
+<A HREF="auarf258.htm#IDX5615">(5615)</A>
+<LI>vos delentry
+<A HREF="auarf259.htm#IDX5639">(5639)</A>
+<LI>vos dump
+<A HREF="auarf260.htm#IDX5643">(5643)</A>
+<LI>vos examine
+<A HREF="auarf261.htm#IDX5655">(5655)</A>
+<LI>vos help
+<A HREF="auarf262.htm#IDX5696">(5696)</A>
+<LI>vos listaddrs
+<A HREF="auarf263.htm#IDX5699">(5699)</A>
+<LI>vos listpart
+<A HREF="auarf264.htm#IDX5704">(5704)</A>
+<LI>vos listvldb
+<A HREF="auarf265.htm#IDX5709">(5709)</A>
+<LI>vos listvol
+<A HREF="auarf266.htm#IDX5730">(5730)</A>
+<LI>vos lock
+<A HREF="auarf267.htm#IDX5762">(5762)</A>
+<LI>vos move
+<A HREF="auarf268.htm#IDX5767">(5767)</A>
+<LI>vos partinfo
+<A HREF="auarf269.htm#IDX5776">(5776)</A>
+<LI>vos release
+<A HREF="auarf270.htm#IDX5783">(5783)</A>
+<LI>vos remove
+<A HREF="auarf271.htm#IDX5806">(5806)</A>
+<LI>vos remsite
+<A HREF="auarf272.htm#IDX5814">(5814)</A>
+<LI>vos rename
+<A HREF="auarf273.htm#IDX5820">(5820)</A>
+<LI>vos restore
+<A HREF="auarf274.htm#IDX5830">(5830)</A>
+<LI>vos status
+<A HREF="auarf275.htm#IDX5834">(5834)</A>
+<LI>vos syncserv
+<A HREF="auarf276.htm#IDX5839">(5839)</A>
+<LI>vos syncvldb
+<A HREF="auarf277.htm#IDX5847">(5847)</A>
+<LI>vos unlock
+<A HREF="auarf278.htm#IDX5856">(5856)</A>
+<LI>vos unlockvldb
+<A HREF="auarf279.htm#IDX5860">(5860)</A>
+<LI>vos zap
+<A HREF="auarf280.htm#IDX5864">(5864)</A>
+<LI>xfs_size_check
+<A HREF="auarf281.htm#IDX5868">(5868)</A>
+<LI>xstat_cm_test
+<A HREF="auarf282.htm#IDX5870">(5870)</A>
+<LI>xstat_fs_test
+<A HREF="auarf283.htm#IDX5872">(5872)</A>
+</MENU>
+<LI>common options
+<MENU>
+<LI>on backup commands
+<A HREF="auarf060.htm#IDX4210">(4210)</A>
+<LI>on bos commands
+<A HREF="auarf093.htm#IDX4442">(4442)</A>
+<LI>on fs commands
+<A HREF="auarf131.htm#IDX4720">(4720)</A>
+<LI>on fstrace commands
+<A HREF="auarf169.htm#IDX5024">(5024)</A>
+<LI>on kas commands
+<A HREF="auarf181.htm#IDX5057">(5057)</A>
+<LI>on pts commands
+<A HREF="auarf210.htm#IDX5227">(5227)</A>
+<LI>on uss commands
+<A HREF="auarf242.htm#IDX5508">(5508)</A>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5576">(5576)</A>
+</MENU>
+<LI>configuration file
+<MENU>
+<LI>see entry: <I>afsmonitor configuration file</I>
+<A HREF="auarf052.htm#IDX4037">(4037)</A>
+<LI>see entry: <I>CFG_<device_name> configuration file</I>
+<A HREF="auarf018.htm#IDX3904">(3904)</A>
+<LI>see entry: <I>files</I>
+<A HREF="auarf011.htm#IDX3862">(3862)</A>
+<LI>see entry: <I>package configuration file</I>
+<A HREF="auarf053.htm#IDX4039">(4039)</A>
+</MENU>
+<LI>configuring
+<MENU>
+<LI>Cache Manager with afsd
+<A HREF="auarf058.htm#IDX4187">(4187)</A>
+<LI>Cache Manager with fs commands
+<A HREF="auarf131.htm#IDX4718">(4718)</A>
+<LI>local disk of client with package
+<A HREF="auarf204.htm#IDX5199">(5199)</A>
+</MENU>
+<LI>connections statistic in scout
+<A HREF="auarf233.htm#IDX5459">(5459)</A>
+<LI>contacting
+<MENU>
+<LI>file server with fs commands
+<A HREF="auarf131.htm#IDX4717">(4717)</A>
+</MENU>
+<LI>controller file
+<MENU>
+<LI>see entry: <I>files</I>
+<A HREF="auarf011.htm#IDX3867">(3867)</A>
+</MENU>
+<LI>controlling
+<MENU>
+<LI>Cache Manager with fs commands
+<A HREF="auarf131.htm#IDX4719">(4719)</A>
+<LI>server process status with entry in BosConfig file
+<A HREF="auarf016.htm#IDX3883">(3883)</A>
+</MENU>
+<LI>converting
+<MENU>
+<LI>character string to octal key form
+<A HREF="auarf196.htm#IDX5163">(5163)</A>
+</MENU>
+<LI>copying
+<MENU>
+<LI>access control list
+<A HREF="auarf136.htm#IDX4754">(4754)</A>
+<LI>file remotely with rcp command (AFS version)
+<A HREF="auarf228.htm#IDX5426">(5426)</A>
+<LI>files and directories
+<A HREF="auarf239.htm#IDX5495">(5495)</A>
+</MENU>
+<LI>core files
+<MENU>
+<LI>removing from /usr/afs/logs directory
+<A HREF="auarf109.htm#IDX4581">(4581)</A>
+</MENU>
+<LI>creating
+<MENU>
+<LI>Authentication Database entry
+<A HREF="auarf183.htm#IDX5075">(5075)</A>
+<LI>Authentication Database entry with uss
+<A HREF="auarf243.htm#IDX5523">(5523)</A>
+<LI>backup volume
+<A HREF="auarf255.htm#IDX5600">(5600)</A>
+<LI>backup volumes, many at once
+<A HREF="auarf256.htm#IDX5609">(5609)</A>
+<LI>buserver process
+<A HREF="auarf098.htm#IDX4488">(4488)</A>
+<LI>directory with uss
+<A HREF="auarf055.htm#IDX4125">(4125)</A>, <A HREF="auarf055.htm#IDX4145">(4145)</A>
+<LI>dump level in Backup System dump hierarchy
+<A HREF="auarf061.htm#IDX4221">(4221)</A>
+<LI>file with uss
+<A HREF="auarf055.htm#IDX4133">(4133)</A>, <A HREF="auarf055.htm#IDX4139">(4139)</A>
+<LI>fs process
+<A HREF="auarf098.htm#IDX4490">(4490)</A>
+<LI>group in Protection Database
+<A HREF="auarf214.htm#IDX5255">(5255)</A>
+<LI>hard link with uss
+<A HREF="auarf055.htm#IDX4152">(4152)</A>
+<LI>kaserver process
+<A HREF="auarf098.htm#IDX4492">(4492)</A>
+<LI>machine entry in Protection Database
+<A HREF="auarf215.htm#IDX5279">(5279)</A>
+<LI>mount point
+<A HREF="auarf153.htm#IDX4894">(4894)</A>
+<LI>mount point with uss
+<A HREF="auarf055.htm#IDX4168">(4168)</A>
+<LI>PAG with pagsh command
+<A HREF="auarf208.htm#IDX5216">(5216)</A>
+<LI>privileged user in UserList file
+<A HREF="auarf096.htm#IDX4468">(4468)</A>
+<LI>Protection Database entry with uss
+<A HREF="auarf243.htm#IDX5522">(5522)</A>
+<LI>ptserver process
+<A HREF="auarf098.htm#IDX4494">(4494)</A>
+<LI>read-only volume
+<A HREF="auarf270.htm#IDX5789">(5789)</A>
+<LI>read/write volume
+<A HREF="auarf258.htm#IDX5616">(5616)</A>
+<LI>runntp process
+<A HREF="auarf098.htm#IDX4496">(4496)</A>
+<LI>server encryption key
+<A HREF="auarf095.htm#IDX4458">(4458)</A>
+<LI>server process in BosConfig file
+<A HREF="auarf098.htm#IDX4479">(4479)</A>
+<LI>symbolic link with uss
+<A HREF="auarf055.htm#IDX4158">(4158)</A>
+<LI>Tape Coordinator entry in Backup Database
+<A HREF="auarf062.htm#IDX4236">(4236)</A>
+<LI>ticket (tokens) for server process
+<A HREF="auarf200.htm#IDX5178">(5178)</A>
+<LI>upclient process
+<A HREF="auarf098.htm#IDX4498">(4498)</A>
+<LI>upserver process
+<A HREF="auarf098.htm#IDX4500">(4500)</A>
+<LI>user account with uss
+<A HREF="auarf243.htm#IDX5520">(5520)</A>
+<LI>user accounts in bulk
+<A HREF="auarf245.htm#IDX5541">(5541)</A>
+<LI>user entry in Protection Database
+<A HREF="auarf215.htm#IDX5278">(5278)</A>
+<LI>vlserver process
+<A HREF="auarf098.htm#IDX4502">(4502)</A>
+<LI>volume (see type--read/write, etc.)
+<A HREF="auarf258.htm#IDX5617">(5617)</A>
+<LI>volume set in Backup Database
+<A HREF="auarf064.htm#IDX4259">(4259)</A>
+<LI>volume with uss
+<A HREF="auarf055.htm#IDX4167">(4167)</A>, <A HREF="auarf243.htm#IDX5524">(5524)</A>
+</MENU>
+<LI>creation date
+<MENU>
+<LI>recorded in volume header
+<A HREF="auarf261.htm#IDX5679">(5679)</A>, <A HREF="auarf266.htm#IDX5755">(5755)</A>
+</MENU>
+<LI>creator
+<MENU>
+<LI>Protection Database entry, displaying
+<A HREF="auarf217.htm#IDX5332">(5332)</A>
+</MENU>
+<LI>cron process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4505">(4505)</A>
+<LI>recorded in <I>BosConfig</I> file
+<A HREF="auarf016.htm#IDX3886">(3886)</A>
+</MENU>
+<LI>curses graphics utility
+<MENU>
+<LI>afsmonitor program
+<A HREF="auarf059.htm#IDX4198">(4198)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_44" HREF="#IDX0_44">D</A></STRONG>
+<MENU>
+<LI>D instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4056">(4056)</A>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4120">(4120)</A>
+</MENU>
+<LI>daily restart time for new binaries
+<MENU>
+<LI>see entry: <I>restart times for BOS Server</I>
+<A HREF="auarf103.htm#IDX4540">(4540)</A>
+</MENU>
+<LI>data
+<MENU>
+<LI>availability interrupted by dumping
+<A HREF="auarf260.htm#IDX5650">(5650)</A>
+</MENU>
+<LI>data cache
+<MENU>
+<LI>changing size of
+<A HREF="auarf158.htm#IDX4949">(4949)</A>
+<LI>displaying amount used
+<A HREF="auarf143.htm#IDX4828">(4828)</A>
+<LI>displaying size
+<A HREF="auarf143.htm#IDX4827">(4827)</A>
+<LI>flushing directory/file
+<A HREF="auarf140.htm#IDX4806">(4806)</A>
+<LI>flushing entire volume
+<A HREF="auarf142.htm#IDX4819">(4819)</A>
+<LI>flushing mount point
+<A HREF="auarf141.htm#IDX4813">(4813)</A>
+<LI>resetting to default size
+<A HREF="auarf158.htm#IDX4950">(4950)</A>
+<LI>setting location with afsd
+<A HREF="auarf058.htm#IDX4191">(4191)</A>
+<LI>setting size with afsd
+<A HREF="auarf058.htm#IDX4190">(4190)</A>
+</MENU>
+<LI>database file
+<MENU>
+<LI>see entry: <I>files</I>
+<A HREF="auarf011.htm#IDX3866">(3866)</A>
+</MENU>
+<LI>database server machine
+<MENU>
+<LI>adding to CellServDB file (server)
+<A HREF="auarf094.htm#IDX4455">(4455)</A>
+<LI>changing client kernel list of
+<A HREF="auarf154.htm#IDX4907">(4907)</A>
+<LI>displaying from client kernel
+<A HREF="auarf149.htm#IDX4861">(4861)</A>
+<LI>displaying list in CellServDB file (server)
+<A HREF="auarf106.htm#IDX4559">(4559)</A>
+<LI>listed in client CellServDB file
+<A HREF="auarf019.htm#IDX3918">(3918)</A>
+<LI>listed in server CellServDB file
+<A HREF="auarf020.htm#IDX3926">(3926)</A>
+<LI>removing from CellServDB file (server)
+<A HREF="auarf110.htm#IDX4591">(4591)</A>
+</MENU>
+<LI>date on file
+<MENU>
+<LI>see entry: <I>time stamp</I>
+<A HREF="auarf101.htm#IDX4524">(4524)</A>
+</MENU>
+<LI>date-specific restore
+<MENU>
+<LI>see entry: <I>restoring</I>
+<A HREF="auarf091.htm#IDX4427">(4427)</A>
+</MENU>
+<LI>default
+<MENU>
+<LI>ACL for new volume
+<A HREF="auarf258.htm#IDX5627">(5627)</A>
+<LI>volume quota
+<A HREF="auarf258.htm#IDX5628">(5628)</A>
+</MENU>
+<LI>define statement
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4085">(4085)</A>
+</MENU>
+<LI>defining
+<MENU>
+<LI>block special device with package
+<A HREF="auarf053.htm#IDX4044">(4044)</A>
+<LI>capacity of Backup System tape
+<A HREF="auarf079.htm#IDX4348">(4348)</A>
+<LI>character special device with package
+<A HREF="auarf053.htm#IDX4051">(4051)</A>
+<LI>directory with package
+<A HREF="auarf053.htm#IDX4059">(4059)</A>
+<LI>file with package
+<A HREF="auarf053.htm#IDX4066">(4066)</A>
+<LI>privileged user in UserList file
+<A HREF="auarf096.htm#IDX4467">(4467)</A>
+<LI>read-only site in VLDB
+<A HREF="auarf253.htm#IDX5589">(5589)</A>
+<LI>server encryption key
+<A HREF="auarf095.htm#IDX4457">(4457)</A>
+<LI>socket with package
+<A HREF="auarf053.htm#IDX4080">(4080)</A>
+<LI>symbolic link with package
+<A HREF="auarf053.htm#IDX4073">(4073)</A>
+<LI>system type of client machine
+<A HREF="auarf165.htm#IDX4991">(4991)</A>
+</MENU>
+<LI>delete instruction in uss bulk input file
+<A HREF="auarf054.htm#IDX4105">(4105)</A>
+<LI>deleting
+<MENU>
+<LI>Authentication Database entry
+<A HREF="auarf184.htm#IDX5080">(5080)</A>
+<LI>Authentication Database entry with uss
+<A HREF="auarf246.htm#IDX5549">(5549)</A>
+<LI>dump level from Backup Database
+<A HREF="auarf067.htm#IDX4272">(4272)</A>
+<LI>dump record from Backup Database
+<A HREF="auarf068.htm#IDX4279">(4279)</A>
+<LI>Protection Database entry
+<A HREF="auarf216.htm#IDX5295">(5295)</A>
+<LI>Protection Database entry with uss
+<A HREF="auarf246.htm#IDX5548">(5548)</A>
+<LI>see also entry: <I>removing</I>
+<A HREF="auarf067.htm#IDX4273">(4273)</A>
+<LI>server process from BosConfig file
+<A HREF="auarf099.htm#IDX4507">(4507)</A>
+<LI>Tape Coordinator entry from Backup Database
+<A HREF="auarf069.htm#IDX4284">(4284)</A>
+<LI>user account with uss
+<A HREF="auarf246.htm#IDX5546">(5546)</A>
+<LI>VLDB entry (but not volume header)
+<A HREF="auarf259.htm#IDX5641">(5641)</A>
+<LI>volume set from Backup Database
+<A HREF="auarf071.htm#IDX4295">(4295)</A>
+<LI>volume with uss
+<A HREF="auarf246.htm#IDX5552">(5552)</A>
+</MENU>
+<LI>delvolume instruction in uss bulk input file
+<A HREF="auarf054.htm#IDX4107">(4107)</A>
+<LI>desynchronization of VLDB/volume headers
+<MENU>
+<LI>fixing
+<A HREF="auarf276.htm#IDX5845">(5845)</A>, <A HREF="auarf277.htm#IDX5854">(5854)</A>
+</MENU>
+<LI>determining
+<MENU>
+<LI>cell membership of client machine
+<A HREF="auarf032.htm#IDX3979">(3979)</A>
+<LI>cell membership of server machine
+<A HREF="auarf033.htm#IDX3984">(3984)</A>
+<LI>filemark size for tape device
+<A HREF="auarf130.htm#IDX4709">(4709)</A>
+<LI>success of replication
+<A HREF="auarf270.htm#IDX5793">(5793)</A>
+<LI>tape capacity (Backup System)
+<A HREF="auarf130.htm#IDX4710">(4710)</A>
+</MENU>
+<LI>device
+<MENU>
+<LI>see entry: <I>block special device</I>
+<A HREF="auarf053.htm#IDX4046">(4046)</A>
+<LI>see entry: <I>character special device</I>
+<A HREF="auarf053.htm#IDX4053">(4053)</A>
+</MENU>
+<LI>directories
+<MENU>
+<LI>/usr/afs/bin
+<A HREF="auarf101.htm#IDX4526">(4526)</A>, <A HREF="auarf109.htm#IDX4583">(4583)</A>
+<LI>/usr/afs/logs
+<A HREF="auarf102.htm#IDX4535">(4535)</A>, <A HREF="auarf109.htm#IDX4584">(4584)</A>
+</MENU>
+<LI>directory
+<MENU>
+<LI>creating with uss
+<A HREF="auarf055.htm#IDX4126">(4126)</A>, <A HREF="auarf055.htm#IDX4146">(4146)</A>
+<LI>defining with package
+<A HREF="auarf053.htm#IDX4060">(4060)</A>
+<LI>displaying ACL
+<A HREF="auarf148.htm#IDX4855">(4855)</A>
+<LI>displaying home cell
+<A HREF="auarf167.htm#IDX5012">(5012)</A>
+<LI>flushing from cache
+<A HREF="auarf140.htm#IDX4809">(4809)</A>
+<LI>name, translating to volume name
+<A HREF="auarf137.htm#IDX4766">(4766)</A>
+<LI>name, translating to volume name or ID
+<A HREF="auarf138.htm#IDX4783">(4783)</A>
+<LI>overwriting with uss
+<A HREF="auarf243.htm#IDX5532">(5532)</A>
+<LI>setting ACL
+<A HREF="auarf157.htm#IDX4933">(4933)</A>
+</MENU>
+<LI>directory/file name
+<MENU>
+<LI>translating to volume name
+<A HREF="auarf150.htm#IDX4880">(4880)</A>
+</MENU>
+<LI>disabling
+<MENU>
+<LI>export of non-AFS file system
+<A HREF="auarf139.htm#IDX4799">(4799)</A>
+</MENU>
+<LI>discarding
+<MENU>
+<LI>authenticated identity in kas interactive mode
+<A HREF="auarf191.htm#IDX5121">(5121)</A>
+<LI>ticket/tokens
+<A HREF="auarf238.htm#IDX5490">(5490)</A>
+<LI>tickets
+<A HREF="auarf186.htm#IDX5108">(5108)</A>
+</MENU>
+<LI>disk cache
+<MENU>
+<LI>CacheItems file
+<A HREF="auarf017.htm#IDX3899">(3899)</A>
+<LI>V<I>n</I> files
+<A HREF="auarf036.htm#IDX3989">(3989)</A>
+<LI>VolumeItems file
+<A HREF="auarf040.htm#IDX4003">(4003)</A>
+</MENU>
+<LI>disk partition
+<MENU>
+<LI>see entry: <I>partition</I>
+<A HREF="auarf072.htm#IDX4300">(4300)</A>
+</MENU>
+<LI>displaying
+<MENU>
+<LI>ACL
+<A HREF="auarf148.htm#IDX4857">(4857)</A>
+<LI>all entries in Authentication Database
+<A HREF="auarf189.htm#IDX5114">(5114)</A>
+<LI>Authentication Database entry
+<A HREF="auarf185.htm#IDX5084">(5084)</A>
+<LI>Backup System operations, pending and running
+<A HREF="auarf077.htm#IDX4338">(4338)</A>
+<LI>BOS Server restart times
+<A HREF="auarf103.htm#IDX4538">(4538)</A>
+<LI>Cache Manager preference ranks for server machines
+<A HREF="auarf146.htm#IDX4848">(4848)</A>
+<LI>CellServDB file (server version) contents
+<A HREF="auarf106.htm#IDX4557">(4557)</A>
+<LI>client interfaces registered with File Server
+<A HREF="auarf145.htm#IDX4843">(4843)</A>
+<LI>client machine
+<A HREF="auarf168.htm#IDX5017">(5017)</A>
+<LI>creator of Protection Database entry
+<A HREF="auarf217.htm#IDX5317">(5317)</A>
+<LI>data cache amount used
+<A HREF="auarf143.htm#IDX4829">(4829)</A>
+<LI>data cache size
+<A HREF="auarf143.htm#IDX4830">(4830)</A>
+<LI>database server machines from client kernel
+<A HREF="auarf149.htm#IDX4860">(4860)</A>
+<LI>database server machines in CellServDB file (server version)
+<A HREF="auarf106.htm#IDX4556">(4556)</A>
+<LI>directory/file location
+<A HREF="auarf166.htm#IDX5003">(5003)</A>
+<LI>dump hierarchy from Backup Database
+<A HREF="auarf080.htm#IDX4362">(4362)</A>
+<LI>dump level expiration date from Backup System
+<A HREF="auarf080.htm#IDX4363">(4363)</A>
+<LI>dump record from Backup Database
+<A HREF="auarf074.htm#IDX4320">(4320)</A>
+<LI>dump record from tape (Backup System)
+<A HREF="auarf087.htm#IDX4403">(4403)</A>
+<LI>expiration date for tape from Backup Database
+<A HREF="auarf074.htm#IDX4321">(4321)</A>
+<LI>file server machine entries from VLDB
+<A HREF="auarf263.htm#IDX5701">(5701)</A>
+<LI>group memberships, number
+<A HREF="auarf217.htm#IDX5318">(5318)</A>
+<LI>group-creation quota
+<A HREF="auarf217.htm#IDX5320">(5320)</A>
+<LI>groups owned by user/group
+<A HREF="auarf221.htm#IDX5369">(5369)</A>
+<LI>groups user or machine belongs to
+<A HREF="auarf222.htm#IDX5377">(5377)</A>
+<LI>home cell of directory/file
+<A HREF="auarf167.htm#IDX5010">(5010)</A>
+<LI>job ID number (Backup System)
+<A HREF="auarf077.htm#IDX4337">(4337)</A>
+<LI>key version number from Authentication Database
+<A HREF="auarf185.htm#IDX5088">(5088)</A>
+<LI>key version number from KeyFile file
+<A HREF="auarf107.htm#IDX4568">(4568)</A>
+<LI>log files from server machine
+<A HREF="auarf102.htm#IDX4529">(4529)</A>
+<LI>max group id counter in Protection Database
+<A HREF="auarf220.htm#IDX5363">(5363)</A>
+<LI>max user id counter in Protection Database
+<A HREF="auarf220.htm#IDX5364">(5364)</A>
+<LI>members of group
+<A HREF="auarf222.htm#IDX5376">(5376)</A>
+<LI>mount point
+<A HREF="auarf151.htm#IDX4885">(4885)</A>
+<LI>owner of Protection Database entry
+<A HREF="auarf217.htm#IDX5316">(5316)</A>
+<LI>partition blocks available
+<A HREF="auarf137.htm#IDX4764">(4764)</A>, <A HREF="auarf138.htm#IDX4782">(4782)</A>
+<LI>partition blocks used
+<A HREF="auarf137.htm#IDX4763">(4763)</A>
+<LI>partition percent used
+<A HREF="auarf137.htm#IDX4762">(4762)</A>, <A HREF="auarf150.htm#IDX4879">(4879)</A>
+<LI>partition size
+<A HREF="auarf137.htm#IDX4761">(4761)</A>, <A HREF="auarf138.htm#IDX4781">(4781)</A>
+<LI>partition size, space available
+<A HREF="auarf269.htm#IDX5777">(5777)</A>
+<LI>partitions on file server machine
+<A HREF="auarf264.htm#IDX5707">(5707)</A>
+<LI>port offset number for Tape Coordinator, from Backup Database
+<A HREF="auarf081.htm#IDX4373">(4373)</A>
+<LI>privacy flags on Protection Database entry
+<A HREF="auarf217.htm#IDX5319">(5319)</A>
+<LI>privileged users from UserList file
+<A HREF="auarf108.htm#IDX4570">(4570)</A>
+<LI>Protection Database entries, all
+<A HREF="auarf219.htm#IDX5355">(5355)</A>
+<LI>Protection Database entry
+<A HREF="auarf217.htm#IDX5307">(5307)</A>
+<LI>server encryption key in Authentication Database
+<A HREF="auarf185.htm#IDX5091">(5091)</A>
+<LI>server encryption keys in KeyFile file
+<A HREF="auarf107.htm#IDX4563">(4563)</A>
+<LI>server machine status
+<A HREF="auarf133.htm#IDX4732">(4732)</A>
+<LI>server process run status and BosConfig entry
+<A HREF="auarf121.htm#IDX4659">(4659)</A>
+<LI>setuid status
+<A HREF="auarf144.htm#IDX4837">(4837)</A>
+<LI>statistics from Authentication Server
+<A HREF="auarf195.htm#IDX5157">(5157)</A>
+<LI>system type of client machine
+<A HREF="auarf165.htm#IDX4990">(4990)</A>, <A HREF="auarf234.htm#IDX5471">(5471)</A>
+<LI>Tape Coordinator entry from Backup Database
+<A HREF="auarf081.htm#IDX4372">(4372)</A>
+<LI>Tape Coordinator status
+<A HREF="auarf089.htm#IDX4415">(4415)</A>
+<LI>tape label (Backup System)
+<A HREF="auarf084.htm#IDX4393">(4393)</A>
+<LI>tickets held by issuer
+<A HREF="auarf190.htm#IDX5118">(5118)</A>
+<LI>time stamp on binary file
+<A HREF="auarf101.htm#IDX4517">(4517)</A>
+<LI>VLDB entry for volume
+<A HREF="auarf265.htm#IDX5711">(5711)</A>
+<LI>volume dump history from Backup Database
+<A HREF="auarf090.htm#IDX4420">(4420)</A>
+<LI>volume entry from VLDB
+<A HREF="auarf265.htm#IDX5710">(5710)</A>
+<LI>volume header
+<A HREF="auarf266.htm#IDX5731">(5731)</A>
+<LI>volume header and VLDB entry
+<A HREF="auarf261.htm#IDX5656">(5656)</A>
+<LI>volume percent used
+<A HREF="auarf150.htm#IDX4878">(4878)</A>
+<LI>volume quota percent used
+<A HREF="auarf155.htm#IDX4916">(4916)</A>
+<LI>volume quota, with volume & partition info.
+<A HREF="auarf138.htm#IDX4779">(4779)</A>
+<LI>volume quota, with volume size
+<A HREF="auarf150.htm#IDX4876">(4876)</A>
+<LI>Volume Server status
+<A HREF="auarf275.htm#IDX5836">(5836)</A>
+<LI>volume set (Backup System)
+<A HREF="auarf082.htm#IDX4379">(4379)</A>
+<LI>volume size
+<A HREF="auarf138.htm#IDX4780">(4780)</A>, <A HREF="auarf150.htm#IDX4877">(4877)</A>
+</MENU>
+<LI>dlog command
+<A HREF="auarf127.htm#IDX4697">(4697)</A>
+<LI>dpass command
+<A HREF="auarf128.htm#IDX4699">(4699)</A>
+<LI>dryrun flag
+<MENU>
+<LI>on uss commands
+<A HREF="auarf242.htm#IDX5513">(5513)</A>
+</MENU>
+<LI>dumb terminal
+<MENU>
+<LI>use with afsmonitor
+<A HREF="auarf059.htm#IDX4202">(4202)</A>
+</MENU>
+<LI>dump
+<MENU>
+<LI>appended, creating
+<A HREF="auarf073.htm#IDX4308">(4308)</A>
+<LI>creating
+<A HREF="auarf073.htm#IDX4315">(4315)</A>
+<LI>full, creating
+<A HREF="auarf073.htm#IDX4309">(4309)</A>
+<LI>incremental, creating
+<A HREF="auarf073.htm#IDX4310">(4310)</A>
+<LI>initial, creating
+<A HREF="auarf073.htm#IDX4307">(4307)</A>
+</MENU>
+<LI>dump hierarchy (Backup System)
+<MENU>
+<LI>adding dump level
+<A HREF="auarf061.htm#IDX4223">(4223)</A>
+<LI>displaying
+<A HREF="auarf080.htm#IDX4360">(4360)</A>
+<LI>removing dump level
+<A HREF="auarf067.htm#IDX4270">(4270)</A>
+</MENU>
+<LI>dump level (Backup System)
+<MENU>
+<LI>creating in dump hierarchy
+<A HREF="auarf061.htm#IDX4220">(4220)</A>
+<LI>displaying
+<A HREF="auarf080.htm#IDX4359">(4359)</A>
+<LI>removing from dump hierarchy
+<A HREF="auarf067.htm#IDX4269">(4269)</A>
+<LI>setting expiration date at creation time
+<A HREF="auarf061.htm#IDX4225">(4225)</A>
+<LI>setting expiration date on existing
+<A HREF="auarf088.htm#IDX4408">(4408)</A>
+</MENU>
+<LI>dump record (Backup System)
+<MENU>
+<LI>created in Backup Database during dump
+<A HREF="auarf073.htm#IDX4306">(4306)</A>
+<LI>deleting from Backup Database
+<A HREF="auarf068.htm#IDX4277">(4277)</A>
+<LI>displaying for single volume
+<A HREF="auarf090.htm#IDX4421">(4421)</A>
+<LI>displaying from Backup Database
+<A HREF="auarf074.htm#IDX4318">(4318)</A>
+<LI>reading from tape
+<A HREF="auarf087.htm#IDX4402">(4402)</A>
+</MENU>
+<LI>dumping
+<MENU>
+<LI>volume with backup dump command
+<A HREF="auarf073.htm#IDX4304">(4304)</A>
+<LI>volume with vos dump command
+<A HREF="auarf260.htm#IDX5644">(5644)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_45" HREF="#IDX0_45">E</A></STRONG>
+<MENU>
+<LI>E instruction
+<MENU>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4131">(4131)</A>
+</MENU>
+<LI>enabling
+<MENU>
+<LI>export of non-AFS file system
+<A HREF="auarf139.htm#IDX4798">(4798)</A>
+</MENU>
+<LI>encryption key
+<MENU>
+<LI>in Authentication Database
+<A HREF="auarf185.htm#IDX5101">(5101)</A>
+<LI>see entry: <I>server encryption key</I>
+<A HREF="auarf023.htm#IDX3937">(3937)</A>
+</MENU>
+<LI>End-of-File mark
+<MENU>
+<LI>see: <I>filemark</I>
+<A HREF="auarf130.htm#IDX4712">(4712)</A>
+</MENU>
+<LI>entering
+<MENU>
+<LI>interactive mode (Backup System)
+<A HREF="auarf076.htm#IDX4330">(4330)</A>
+</MENU>
+<LI>entry
+<MENU>
+<LI>Authentication Database (see entry: <I>Authentication Database</I>)
+<A HREF="auarf185.htm#IDX5100">(5100)</A>
+<LI>VLDB (see entry: <I>volume, VLDB entry</I>)
+<A HREF="auarf261.htm#IDX5658">(5658)</A>
+</MENU>
+<LI>EOF mark
+<MENU>
+<LI>see: <I>filemark</I>
+<A HREF="auarf130.htm#IDX4713">(4713)</A>
+</MENU>
+<LI>error codes
+<MENU>
+<LI>translating numbers to messages
+<A HREF="auarf236.htm#IDX5483">(5483)</A>
+</MENU>
+<LI>examining
+<MENU>
+<LI>see entry: <I>displaying</I>
+<A HREF="auarf217.htm#IDX5305">(5305)</A>
+</MENU>
+<LI>executing
+<MENU>
+<LI>commands remotely
+<A HREF="auarf100.htm#IDX4511">(4511)</A>
+</MENU>
+<LI>exiting
+<MENU>
+<LI>interactive mode (Backup System)
+<A HREF="auarf083.htm#IDX4383">(4383)</A>
+</MENU>
+<LI>expiration date
+<MENU>
+<LI>of Authentication Database entry, displaying
+<A HREF="auarf185.htm#IDX5092">(5092)</A>
+<LI>of Authentication Database entry, setting
+<A HREF="auarf193.htm#IDX5135">(5135)</A>
+</MENU>
+<LI>expiration date (Backup System)
+<MENU>
+<LI>displaying for dump level
+<A HREF="auarf080.htm#IDX4364">(4364)</A>
+<LI>displaying for tape
+<A HREF="auarf074.htm#IDX4322">(4322)</A>
+<LI>setting for dump level at creation
+<A HREF="auarf061.htm#IDX4227">(4227)</A>
+<LI>setting for existing dump level
+<A HREF="auarf088.htm#IDX4410">(4410)</A>
+</MENU>
+<LI>export of non-AFS file system
+<MENU>
+<LI>by AFS client
+<A HREF="auarf139.htm#IDX4801">(4801)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_46" HREF="#IDX0_46">F</A></STRONG>
+<MENU>
+<LI>F instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4063">(4063)</A>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4137">(4137)</A>
+</MENU>
+<LI>failed authentication attempts
+<MENU>
+<LI>displaying limit from Authentication Database entry
+<A HREF="auarf185.htm#IDX5096">(5096)</A>
+</MENU>
+<LI>fast flag on vos listvol command
+<A HREF="auarf266.htm#IDX5734">(5734)</A>
+<LI>fetching statistic in scout
+<A HREF="auarf233.htm#IDX5460">(5460)</A>
+<LI>file
+<MENU>
+<LI>copying remotely with rcp command (AFS version)
+<A HREF="auarf228.htm#IDX5427">(5427)</A>
+<LI>creating with uss
+<A HREF="auarf055.htm#IDX4134">(4134)</A>, <A HREF="auarf055.htm#IDX4140">(4140)</A>
+<LI>defining with package
+<A HREF="auarf053.htm#IDX4067">(4067)</A>
+<LI>displaying ACL on parent directory
+<A HREF="auarf148.htm#IDX4856">(4856)</A>
+<LI>displaying home cell
+<A HREF="auarf167.htm#IDX5011">(5011)</A>
+<LI>flushing from cache
+<A HREF="auarf140.htm#IDX4810">(4810)</A>
+<LI>name, translating to volume name
+<A HREF="auarf137.htm#IDX4767">(4767)</A>
+<LI>name, translating to volume name or ID
+<A HREF="auarf138.htm#IDX4784">(4784)</A>
+<LI>overwriting with uss
+<A HREF="auarf243.htm#IDX5533">(5533)</A>
+<LI>setting ACL on parent directory
+<A HREF="auarf157.htm#IDX4934">(4934)</A>
+</MENU>
+<LI>FILE instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3908">(3908)</A>
+<LI>File Server
+<MENU>
+<LI>client interfaces not registered, setting
+<A HREF="auarf026.htm#IDX3957">(3957)</A>
+<LI>client interfaces registered, displaying
+<A HREF="auarf145.htm#IDX4842">(4842)</A>
+<LI>client interfaces registered, setting
+<A HREF="auarf024.htm#IDX3946">(3946)</A>, <A HREF="auarf160.htm#IDX4964">(4964)</A>
+<LI>contacting with fs commands
+<A HREF="auarf131.htm#IDX4715">(4715)</A>
+<LI>interfaces not registered in VLDB
+<MENU>
+<LI>setting in NetRestrict file
+<A HREF="auarf027.htm#IDX3961">(3961)</A>
+</MENU>
+<LI>interfaces registered in VLDB
+<MENU>
+<LI>listed in sysid file
+<A HREF="auarf049.htm#IDX4025">(4025)</A>
+<LI>setting in NetInfo file
+<A HREF="auarf025.htm#IDX3950">(3950)</A>
+</MENU>
+<LI>log file
+<A HREF="auarf021.htm#IDX3930">(3930)</A>
+<LI>monitoring status with afsmonitor
+<A HREF="auarf058.htm#IDX4195">(4195)</A>
+<LI>monitoring status with scout
+<A HREF="auarf233.htm#IDX5451">(5451)</A>
+<LI>starting
+<A HREF="auarf129.htm#IDX4703">(4703)</A>
+</MENU>
+<LI>file server machine
+<MENU>
+<LI>as site for volume
+<A HREF="auarf166.htm#IDX5002">(5002)</A>
+<LI>displaying AFS partitions on
+<A HREF="auarf264.htm#IDX5706">(5706)</A>
+<LI>displaying interfaces from VLDB server entry
+<A HREF="auarf263.htm#IDX5700">(5700)</A>
+<LI>displaying log files
+<A HREF="auarf102.htm#IDX4532">(4532)</A>
+<LI>installing AFS server binary files
+<A HREF="auarf105.htm#IDX4551">(4551)</A>
+<LI>monitoring outages of
+<A HREF="auarf233.htm#IDX5456">(5456)</A>
+<LI>partition size and space available, displaying
+<A HREF="auarf269.htm#IDX5780">(5780)</A>
+<LI>restoring all volumes on partition (Backup System)
+<A HREF="auarf072.htm#IDX4301">(4301)</A>
+<LI>salvaging volumes on
+<A HREF="auarf114.htm#IDX4611">(4611)</A>
+<LI>see also entry: <I>server machine</I>
+<A HREF="auarf102.htm#IDX4533">(4533)</A>
+</MENU>
+<LI>file system
+<MENU>
+<LI>export of non-AFS by AFS client
+<A HREF="auarf139.htm#IDX4803">(4803)</A>
+<LI>restoring internal consistency (salvaging)
+<A HREF="auarf114.htm#IDX4614">(4614)</A>
+</MENU>
+<LI>FileLog file
+<A HREF="auarf021.htm#IDX3928">(3928)</A>
+<LI>filemark
+<MENU>
+<LI>size, determining for tape device
+<A HREF="auarf130.htm#IDX4711">(4711)</A>
+</MENU>
+<LI>files
+<MENU>
+<LI>afszcm.cat
+<A HREF="auarf041.htm#IDX4004">(4004)</A>
+<LI>AuthLog
+<A HREF="auarf012.htm#IDX3869">(3869)</A>
+<LI>AuthLog.dir and AuthLog.pag
+<A HREF="auarf013.htm#IDX3872">(3872)</A>
+<LI>BackupLog
+<A HREF="auarf014.htm#IDX3875">(3875)</A>
+<LI>bdb.DB0
+<A HREF="auarf042.htm#IDX4007">(4007)</A>
+<LI>bdb.DBSYS1
+<A HREF="auarf042.htm#IDX4009">(4009)</A>
+<LI>BosConfig
+<A HREF="auarf016.htm#IDX3881">(3881)</A>
+<LI>BosLog
+<A HREF="auarf015.htm#IDX3878">(3878)</A>
+<LI>CacheItems
+<A HREF="auarf017.htm#IDX3898">(3898)</A>
+<LI>CellServDB (client version)
+<A HREF="auarf019.htm#IDX3913">(3913)</A>
+<LI>CellServDB (server version)
+<A HREF="auarf020.htm#IDX3921">(3921)</A>
+<LI>CFG_<I>device_name</I>
+<A HREF="auarf018.htm#IDX3901">(3901)</A>
+<LI>FileLog
+<A HREF="auarf021.htm#IDX3929">(3929)</A>
+<LI>FORCESALVAGE
+<A HREF="auarf022.htm#IDX3932">(3932)</A>
+<LI>kaserver.DB0
+<A HREF="auarf045.htm#IDX4012">(4012)</A>
+<LI>kaserver.DBSYS1
+<A HREF="auarf045.htm#IDX4014">(4014)</A>
+<LI>kaserverauxdb
+<A HREF="auarf046.htm#IDX4017">(4017)</A>
+<LI>KeyFile
+<A HREF="auarf023.htm#IDX3935">(3935)</A>
+<LI>NetInfo (client version)
+<A HREF="auarf024.htm#IDX3943">(3943)</A>
+<LI>NetInfo (server version)
+<A HREF="auarf025.htm#IDX3949">(3949)</A>
+<LI>NetRestrict (client version)
+<A HREF="auarf026.htm#IDX3954">(3954)</A>
+<LI>NetRestrict (server version)
+<A HREF="auarf027.htm#IDX3960">(3960)</A>
+<LI>NoAuth
+<A HREF="auarf028.htm#IDX3965">(3965)</A>
+<LI>prdb.DB0
+<A HREF="auarf047.htm#IDX4019">(4019)</A>
+<LI>prdb.DBSYS1
+<A HREF="auarf047.htm#IDX4021">(4021)</A>
+<LI>SALVAGE.fs
+<A HREF="auarf029.htm#IDX3968">(3968)</A>
+<LI>SalvageLog
+<A HREF="auarf030.htm#IDX3973">(3973)</A>
+<LI>sysid
+<A HREF="auarf049.htm#IDX4024">(4024)</A>
+<LI>tapeconfig
+<A HREF="auarf050.htm#IDX4028">(4028)</A>
+<LI>ThisCell (client version)
+<A HREF="auarf032.htm#IDX3976">(3976)</A>
+<LI>ThisCell (server version)
+<A HREF="auarf033.htm#IDX3981">(3981)</A>
+<LI>UserList
+<A HREF="auarf035.htm#IDX3986">(3986)</A>
+<LI>V<I>n</I>
+<A HREF="auarf036.htm#IDX3988">(3988)</A>
+<LI>V<I>vol_ID</I>.vol
+<A HREF="auarf037.htm#IDX3991">(3991)</A>
+<LI>vldb.DB0
+<A HREF="auarf051.htm#IDX4031">(4031)</A>
+<LI>vldb.DBSYS1
+<A HREF="auarf051.htm#IDX4033">(4033)</A>
+<LI>VLLog
+<A HREF="auarf038.htm#IDX3995">(3995)</A>
+<LI>VolserLog
+<A HREF="auarf039.htm#IDX3998">(3998)</A>
+<LI>VolumeItems
+<A HREF="auarf040.htm#IDX4001">(4001)</A>
+</MENU>
+<LI>fileserver command
+<A HREF="auarf129.htm#IDX4701">(4701)</A>
+<LI>fileserver process
+<MENU>
+<LI>part of fs entry in BosConfig file
+<A HREF="auarf016.htm#IDX3888">(3888)</A>
+</MENU>
+<LI>flag
+<MENU>
+<LI>see entry: <I>privacy flags</I>
+<A HREF="auarf217.htm#IDX5334">(5334)</A>
+<LI>see entry: <I>status flag, in BosConfig file</I>
+<A HREF="auarf016.htm#IDX3893">(3893)</A>
+</MENU>
+<LI>flushing
+<MENU>
+<LI>directory/file from data cache
+<A HREF="auarf140.htm#IDX4807">(4807)</A>
+<LI>entire volume from data cache
+<A HREF="auarf142.htm#IDX4820">(4820)</A>
+<LI>mount point from data cache
+<A HREF="auarf141.htm#IDX4814">(4814)</A>
+</MENU>
+<LI>fms command
+<A HREF="auarf130.htm#IDX4705">(4705)</A>
+<LI>force flag
+<MENU>
+<LI>on pts commands
+<A HREF="auarf210.htm#IDX5232">(5232)</A>
+</MENU>
+<LI>FORCESALVAGE file
+<A HREF="auarf022.htm#IDX3931">(3931)</A>
+<LI>fs commands
+<MENU>
+<LI>apropos
+<A HREF="auarf132.htm#IDX4725">(4725)</A>
+<LI>checkservers
+<A HREF="auarf133.htm#IDX4728">(4728)</A>
+<LI>checkvolumes
+<A HREF="auarf134.htm#IDX4736">(4736)</A>
+<LI>cleanacl
+<A HREF="auarf135.htm#IDX4751">(4751)</A>
+<LI>common options
+<A HREF="auarf131.htm#IDX4721">(4721)</A>
+<LI>copyacl
+<A HREF="auarf136.htm#IDX4755">(4755)</A>
+<LI>diskfree
+<A HREF="auarf137.htm#IDX4770">(4770)</A>
+<LI>examine
+<A HREF="auarf138.htm#IDX4794">(4794)</A>
+<LI>exportafs
+<A HREF="auarf139.htm#IDX4796">(4796)</A>
+<LI>flush
+<A HREF="auarf140.htm#IDX4811">(4811)</A>
+<LI>flushmount
+<A HREF="auarf141.htm#IDX4817">(4817)</A>
+<LI>flushvolume
+<A HREF="auarf142.htm#IDX4823">(4823)</A>
+<LI>getcacheparms
+<A HREF="auarf143.htm#IDX4825">(4825)</A>
+<LI>getcellstatus
+<A HREF="auarf144.htm#IDX4833">(4833)</A>
+<LI>getclientaddrs
+<A HREF="auarf145.htm#IDX4839">(4839)</A>
+<LI>getserverprefs
+<A HREF="auarf146.htm#IDX4844">(4844)</A>
+<LI>help
+<A HREF="auarf147.htm#IDX4851">(4851)</A>
+<LI>listacl
+<A HREF="auarf148.htm#IDX4858">(4858)</A>
+<LI>listcells
+<A HREF="auarf149.htm#IDX4867">(4867)</A>
+<LI>listquota
+<A HREF="auarf150.htm#IDX4869">(4869)</A>
+<LI>lsmount
+<A HREF="auarf151.htm#IDX4887">(4887)</A>
+<LI>messages
+<A HREF="auarf152.htm#IDX4891">(4891)</A>
+<LI>mkmount
+<A HREF="auarf153.htm#IDX4896">(4896)</A>
+<LI>newcell
+<A HREF="auarf154.htm#IDX4911">(4911)</A>
+<LI>privilege requirements
+<A HREF="auarf131.htm#IDX4724">(4724)</A>
+<LI>quota
+<A HREF="auarf155.htm#IDX4913">(4913)</A>
+<LI>rmmount
+<A HREF="auarf156.htm#IDX4922">(4922)</A>
+<LI>setacl
+<A HREF="auarf157.htm#IDX4935">(4935)</A>
+<LI>setcachesize
+<A HREF="auarf158.htm#IDX4953">(4953)</A>
+<LI>setcell
+<A HREF="auarf159.htm#IDX4959">(4959)</A>
+<LI>setclientaddrs
+<A HREF="auarf160.htm#IDX4961">(4961)</A>
+<LI>setquota
+<A HREF="auarf161.htm#IDX4969">(4969)</A>
+<LI>setserverprefs
+<A HREF="auarf162.htm#IDX4971">(4971)</A>
+<LI>setvol
+<A HREF="auarf163.htm#IDX4983">(4983)</A>
+<LI>storebehind
+<A HREF="auarf164.htm#IDX4986">(4986)</A>
+<LI>sysname
+<A HREF="auarf165.htm#IDX4987">(4987)</A>
+<LI>whereis
+<A HREF="auarf166.htm#IDX5006">(5006)</A>
+<LI>whichcell
+<A HREF="auarf167.htm#IDX5013">(5013)</A>
+<LI>wscell
+<A HREF="auarf168.htm#IDX5019">(5019)</A>
+</MENU>
+<LI>fs process
+<MENU>
+<LI>creating
+<A HREF="auarf098.htm#IDX4504">(4504)</A>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4489">(4489)</A>
+<LI>recorded in <I>BosConfig</I> file
+<A HREF="auarf016.htm#IDX3887">(3887)</A>
+</MENU>
+<LI>fstrace commands
+<MENU>
+<LI>apropos
+<A HREF="auarf170.htm#IDX5028">(5028)</A>
+<LI>common options
+<A HREF="auarf169.htm#IDX5025">(5025)</A>
+<LI>dump
+<A HREF="auarf172.htm#IDX5031">(5031)</A>
+<LI>help
+<A HREF="auarf173.htm#IDX5033">(5033)</A>
+<LI>lslog
+<A HREF="auarf174.htm#IDX5036">(5036)</A>
+<LI>lsset
+<A HREF="auarf175.htm#IDX5038">(5038)</A>
+<LI>privilege requirements
+<A HREF="auarf169.htm#IDX5022">(5022)</A>
+<LI>setlog
+<A HREF="auarf176.htm#IDX5040">(5040)</A>
+<LI>setset
+<A HREF="auarf177.htm#IDX5042">(5042)</A>
+</MENU>
+<LI>ftpd command (AFS version)
+<A HREF="auarf178.htm#IDX5044">(5044)</A>
+<LI>full dump
+<A HREF="auarf260.htm#IDX5651">(5651)</A>
+<MENU>
+<LI>see entry: <I>dump</I>
+<A HREF="auarf073.htm#IDX4312">(4312)</A>
+</MENU>
+<LI>full restore
+<A HREF="auarf092.htm#IDX4431">(4431)</A>
+<MENU>
+<LI>see entry: <I>restoring</I>
+<A HREF="auarf091.htm#IDX4426">(4426)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_47" HREF="#IDX0_47">G</A></STRONG>
+<MENU>
+<LI>G instruction
+<MENU>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4143">(4143)</A>
+</MENU>
+<LI>gathering
+<MENU>
+<LI>statistics from Authentication Server
+<A HREF="auarf195.htm#IDX5158">(5158)</A>
+</MENU>
+<LI>group
+<MENU>
+<LI>AFS GID, displaying
+<A HREF="auarf217.htm#IDX5330">(5330)</A>
+<LI>AFS GID, mapping to name
+<A HREF="auarf217.htm#IDX5328">(5328)</A>
+<LI>AFS GID, setting
+<A HREF="auarf214.htm#IDX5269">(5269)</A>
+<LI>defined
+<A HREF="auarf210.htm#IDX5223">(5223)</A>
+<LI>groups owned, displaying
+<A HREF="auarf221.htm#IDX5370">(5370)</A>
+<LI>members, adding
+<A HREF="auarf211.htm#IDX5238">(5238)</A>
+<LI>members, displaying
+<A HREF="auarf222.htm#IDX5378">(5378)</A>
+<LI>members, displaying number
+<A HREF="auarf217.htm#IDX5335">(5335)</A>
+<LI>members, removing
+<A HREF="auarf223.htm#IDX5385">(5385)</A>
+<LI>name, changing in Protection Database
+<A HREF="auarf224.htm#IDX5395">(5395)</A>
+<LI>name, mapping to AFS GID
+<A HREF="auarf217.htm#IDX5329">(5329)</A>
+<LI>name, rules for format
+<A HREF="auarf214.htm#IDX5261">(5261)</A>
+<LI>orphaned, displaying
+<A HREF="auarf221.htm#IDX5371">(5371)</A>
+<LI>prefix-less
+<A HREF="auarf214.htm#IDX5263">(5263)</A>
+<LI>privacy flags on Protection Database entry, displaying
+<A HREF="auarf217.htm#IDX5338">(5338)</A>
+<LI>privacy flags on Protection Database entry, setting
+<A HREF="auarf225.htm#IDX5404">(5404)</A>
+<LI>Protection Database entries, display all
+<A HREF="auarf219.htm#IDX5357">(5357)</A>
+<LI>Protection Database entry, creating
+<A HREF="auarf214.htm#IDX5256">(5256)</A>
+<LI>Protection Database entry, deleting
+<A HREF="auarf216.htm#IDX5296">(5296)</A>
+<LI>regular
+<A HREF="auarf214.htm#IDX5262">(5262)</A>
+</MENU>
+<LI>group ID
+<MENU>
+<LI>see entry: <I>AFS GID</I>
+<A HREF="auarf214.htm#IDX5268">(5268)</A>
+</MENU>
+<LI>group-creation quota
+<MENU>
+<LI>defined
+<A HREF="auarf217.htm#IDX5349">(5349)</A>
+<LI>displaying
+<A HREF="auarf217.htm#IDX5337">(5337)</A>
+<LI>lowered by pts creategroup command
+<A HREF="auarf214.htm#IDX5259">(5259)</A>
+<LI>restored by pts delete
+<A HREF="auarf216.htm#IDX5302">(5302)</A>
+<LI>setting on Protection Database entry
+<A HREF="auarf225.htm#IDX5403">(5403)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_48" HREF="#IDX0_48">H</A></STRONG>
+<MENU>
+<LI>hard link
+<MENU>
+<LI>creating with uss
+<A HREF="auarf055.htm#IDX4153">(4153)</A>
+<LI>overwriting with uss
+<A HREF="auarf243.htm#IDX5534">(5534)</A>
+</MENU>
+<LI>help
+<MENU>
+<LI>for backup commands
+<A HREF="auarf075.htm#IDX4326">(4326)</A>
+<LI>for bos commands
+<A HREF="auarf104.htm#IDX4547">(4547)</A>
+<LI>for fs commands
+<A HREF="auarf147.htm#IDX4853">(4853)</A>
+<LI>for fstrace commands
+<A HREF="auarf173.htm#IDX5035">(5035)</A>
+<LI>for kas commands
+<A HREF="auarf187.htm#IDX5111">(5111)</A>
+<LI>for package commands
+<A HREF="auarf206.htm#IDX5209">(5209)</A>
+<LI>for pts commands
+<A HREF="auarf218.htm#IDX5352">(5352)</A>
+<LI>for uss commands
+<A HREF="auarf247.htm#IDX5556">(5556)</A>
+<LI>for vos commands
+<A HREF="auarf262.htm#IDX5697">(5697)</A>
+</MENU>
+<LI>help flag
+<MENU>
+<LI>on backup commands
+<A HREF="auarf060.htm#IDX4213">(4213)</A>
+<LI>on bos commands
+<A HREF="auarf093.htm#IDX4445">(4445)</A>
+<LI>on fs commands
+<A HREF="auarf131.htm#IDX4722">(4722)</A>
+<LI>on fstrace commands
+<A HREF="auarf169.htm#IDX5023">(5023)</A>, <A HREF="auarf169.htm#IDX5027">(5027)</A>
+<LI>on kas commands
+<A HREF="auarf181.htm#IDX5066">(5066)</A>
+<LI>on pts commands
+<A HREF="auarf210.htm#IDX5233">(5233)</A>
+<LI>on uss commands
+<A HREF="auarf242.htm#IDX5512">(5512)</A>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5579">(5579)</A>
+</MENU>
+<LI>help string
+<MENU>
+<LI>see entry: <I>keyword</I>
+<A HREF="auarf097.htm#IDX4476">(4476)</A>
+</MENU>
+<LI>home cell
+<MENU>
+<LI>displaying for client machine
+<A HREF="auarf168.htm#IDX5016">(5016)</A>
+<LI>displaying for directory/file
+<A HREF="auarf167.htm#IDX5009">(5009)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_49" HREF="#IDX0_49">I</A></STRONG>
+<MENU>
+<LI>idempotency
+<MENU>
+<LI>of vos commands
+<A HREF="auarf252.htm#IDX5572">(5572)</A>
+</MENU>
+<LI>ifdef statement
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4091">(4091)</A>
+</MENU>
+<LI>ifndef statement
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4094">(4094)</A>
+</MENU>
+<LI>include statement
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4096">(4096)</A>
+</MENU>
+<LI>incremental dump
+<A HREF="auarf260.htm#IDX5652">(5652)</A>
+<MENU>
+<LI>see entry: <I>dump</I>
+<A HREF="auarf073.htm#IDX4314">(4314)</A>
+</MENU>
+<LI>inetd command (AFS version)
+<A HREF="auarf179.htm#IDX5049">(5049)</A>
+<LI>initial dump
+<MENU>
+<LI>see entry: <I>dump</I>
+<A HREF="auarf073.htm#IDX4313">(4313)</A>
+</MENU>
+<LI>initializing
+<MENU>
+<LI>Backup Server
+<A HREF="auarf125.htm#IDX4689">(4689)</A>
+<LI>Cache Manager with afsd
+<A HREF="auarf058.htm#IDX4186">(4186)</A>
+<LI>FTP Daemon
+<A HREF="auarf178.htm#IDX5048">(5048)</A>
+<LI>Internet daemon
+<A HREF="auarf179.htm#IDX5053">(5053)</A>
+<LI>NTPD, with runntp
+<A HREF="auarf230.htm#IDX5437">(5437)</A>
+<LI>Protection Server
+<A HREF="auarf227.htm#IDX5421">(5421)</A>
+<LI>server process
+<A HREF="auarf098.htm#IDX4483">(4483)</A>
+<LI>Tape Coordinator
+<A HREF="auarf126.htm#IDX4695">(4695)</A>
+</MENU>
+<LI>installing
+<MENU>
+<LI>binary file
+<A HREF="auarf105.htm#IDX4549">(4549)</A>
+</MENU>
+<LI>interactive mode
+<MENU>
+<LI>kas commands
+<A HREF="auarf181.htm#IDX5062">(5062)</A>
+<LI>kas, quitting from
+<A HREF="auarf192.htm#IDX5129">(5129)</A>
+</MENU>
+<LI>interactive mode (Backup System)
+<MENU>
+<LI>entering
+<A HREF="auarf076.htm#IDX4329">(4329)</A>
+<LI>exiting
+<A HREF="auarf083.htm#IDX4382">(4382)</A>
+<LI>halting operation
+<A HREF="auarf078.htm#IDX4342">(4342)</A>
+</MENU>
+<LI>Internet file transfer protocol daemon (AFS version)
+<A HREF="auarf178.htm#IDX5047">(5047)</A>
+<LI>Internet services daemon (AFS version)
+<A HREF="auarf179.htm#IDX5052">(5052)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4A" HREF="#IDX0_4A">J</A></STRONG>
+<MENU>
+<LI>job ID number (Backup System)
+<MENU>
+<LI>displaying
+<A HREF="auarf077.htm#IDX4336">(4336)</A>
+<LI>using to halt operation
+<A HREF="auarf078.htm#IDX4344">(4344)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4B" HREF="#IDX0_4B">K</A></STRONG>
+<MENU>
+<LI>kadb_check command
+<A HREF="auarf180.htm#IDX5054">(5054)</A>
+<LI>kas commands
+<MENU>
+<LI>apropos
+<A HREF="auarf182.htm#IDX5070">(5070)</A>
+<LI>common options
+<A HREF="auarf181.htm#IDX5058">(5058)</A>
+<LI>create
+<A HREF="auarf183.htm#IDX5073">(5073)</A>
+<LI>delete
+<A HREF="auarf184.htm#IDX5078">(5078)</A>
+<LI>examine
+<A HREF="auarf185.htm#IDX5082">(5082)</A>
+<LI>forgetticket
+<A HREF="auarf186.htm#IDX5104">(5104)</A>
+<LI>help
+<A HREF="auarf187.htm#IDX5109">(5109)</A>
+<LI>interactive mode
+<A HREF="auarf181.htm#IDX5063">(5063)</A>
+<LI>list
+<A HREF="auarf189.htm#IDX5112">(5112)</A>
+<LI>listtickets
+<A HREF="auarf190.htm#IDX5116">(5116)</A>
+<LI>noauthentication
+<A HREF="auarf191.htm#IDX5124">(5124)</A>
+<LI>privilege requirements
+<A HREF="auarf181.htm#IDX5060">(5060)</A>
+<LI>quit
+<A HREF="auarf192.htm#IDX5126">(5126)</A>
+<LI>setfields
+<A HREF="auarf193.htm#IDX5130">(5130)</A>
+<LI>setpassword
+<A HREF="auarf194.htm#IDX5147">(5147)</A>
+<LI>statistics
+<A HREF="auarf195.htm#IDX5155">(5155)</A>
+<LI>stringtokey
+<A HREF="auarf196.htm#IDX5161">(5161)</A>
+<LI>unlock
+<A HREF="auarf197.htm#IDX5167">(5167)</A>
+</MENU>
+<LI>kaserver command
+<A HREF="auarf198.htm#IDX5170">(5170)</A>
+<LI>kaserver process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4491">(4491)</A>
+</MENU>
+<LI>kaserver.DB0 file
+<A HREF="auarf045.htm#IDX4011">(4011)</A>
+<LI>kaserver.DBSYS1 file
+<A HREF="auarf045.htm#IDX4013">(4013)</A>
+<LI>kaserverauxdb file
+<A HREF="auarf046.htm#IDX4016">(4016)</A>
+<LI>kdb command
+<A HREF="auarf199.htm#IDX5173">(5173)</A>
+<LI>kernel
+<MENU>
+<LI>list of database server machines, changing
+<A HREF="auarf154.htm#IDX4910">(4910)</A>
+<LI>list of database server machines, examining
+<A HREF="auarf149.htm#IDX4866">(4866)</A>
+</MENU>
+<LI>key
+<MENU>
+<LI>deriving from character string
+<A HREF="auarf196.htm#IDX5165">(5165)</A>
+<LI>see entry: <I>server encryption key</I>
+<A HREF="auarf023.htm#IDX3938">(3938)</A>
+</MENU>
+<LI>key field in Authentication Database
+<MENU>
+<LI>setting using password
+<A HREF="auarf194.htm#IDX5152">(5152)</A>
+</MENU>
+<LI>key version number
+<A HREF="auarf023.htm#IDX3939">(3939)</A>
+<MENU>
+<LI>displaying from Authentication Database
+<A HREF="auarf185.htm#IDX5089">(5089)</A>
+<LI>listing from KeyFile file
+<A HREF="auarf107.htm#IDX4569">(4569)</A>
+<LI>rules for
+<A HREF="auarf095.htm#IDX4465">(4465)</A>
+<LI>setting in KeyFile file
+<A HREF="auarf095.htm#IDX4461">(4461)</A>
+</MENU>
+<LI>KeyFile file
+<A HREF="auarf023.htm#IDX3934">(3934)</A>
+<MENU>
+<LI>adding key with bos addkey command
+<A HREF="auarf095.htm#IDX4460">(4460)</A>
+<LI>displaying keys with bos listkeys command
+<A HREF="auarf107.htm#IDX4565">(4565)</A>
+<LI>removing key with bos removekey command
+<A HREF="auarf111.htm#IDX4595">(4595)</A>
+</MENU>
+<LI>keyword
+<MENU>
+<LI>using to get help on backup commands
+<A HREF="auarf065.htm#IDX4263">(4263)</A>
+<LI>using to get help on bos commands
+<A HREF="auarf097.htm#IDX4475">(4475)</A>
+<LI>using to get help on fs commands
+<A HREF="auarf132.htm#IDX4727">(4727)</A>
+<LI>using to get help on fstrace commands
+<A HREF="auarf170.htm#IDX5030">(5030)</A>
+<LI>using to get help on kas commands
+<A HREF="auarf182.htm#IDX5072">(5072)</A>
+<LI>using to get help on package commands
+<A HREF="auarf205.htm#IDX5206">(5206)</A>
+<LI>using to get help on pts commands
+<A HREF="auarf212.htm#IDX5246">(5246)</A>
+<LI>using to get help on uss commands
+<A HREF="auarf244.htm#IDX5538">(5538)</A>
+<LI>using to get help on vos commands
+<A HREF="auarf254.htm#IDX5595">(5595)</A>
+</MENU>
+<LI>klog command
+<A HREF="auarf200.htm#IDX5176">(5176)</A>
+<LI>knfs command
+<A HREF="auarf201.htm#IDX5183">(5183)</A>
+<LI>kpasswd command
+<A HREF="auarf202.htm#IDX5187">(5187)</A>
+<LI>kpwvalid command
+<A HREF="auarf203.htm#IDX5194">(5194)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4C" HREF="#IDX0_4C">L</A></STRONG>
+<MENU>
+<LI>L instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4070">(4070)</A>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4149">(4149)</A>
+</MENU>
+<LI>labeling
+<MENU>
+<LI>tape for Backup System
+<A HREF="auarf079.htm#IDX4347">(4347)</A>
+</MENU>
+<LI>learning
+<MENU>
+<LI>home cell of directory/file
+<A HREF="auarf167.htm#IDX5008">(5008)</A>
+<LI>volume ID number given directory/file name
+<A HREF="auarf138.htm#IDX4787">(4787)</A>
+<LI>volume location given directory/file name
+<A HREF="auarf166.htm#IDX5005">(5005)</A>
+<LI>volume name given directory/file name
+<A HREF="auarf137.htm#IDX4769">(4769)</A>, <A HREF="auarf138.htm#IDX4786">(4786)</A>, <A HREF="auarf150.htm#IDX4882">(4882)</A>
+<LI>volume quota given directory/file name
+<A HREF="auarf138.htm#IDX4788">(4788)</A>
+</MENU>
+<LI>leaving
+<MENU>
+<LI>kas interactive mode
+<A HREF="auarf192.htm#IDX5127">(5127)</A>
+</MENU>
+<LI>lifetime
+<MENU>
+<LI>see entry: <I>ticket lifetime</I>
+<A HREF="auarf185.htm#IDX5094">(5094)</A>
+</MENU>
+<LI>link
+<MENU>
+<LI>see entry: <I>hard link, symbolic link</I>
+<A HREF="auarf055.htm#IDX4156">(4156)</A>
+</MENU>
+<LI>listing
+<MENU>
+<LI>see entry: <I>displaying</I>
+<A HREF="auarf217.htm#IDX5306">(5306)</A>
+<LI>tokens held by issuer
+<A HREF="auarf235.htm#IDX5479">(5479)</A>
+</MENU>
+<LI>local disk
+<MENU>
+<LI>configuring on client, using package
+<A HREF="auarf204.htm#IDX5201">(5201)</A>
+</MENU>
+<LI>localauth flag
+<MENU>
+<LI>on backup commands
+<A HREF="auarf060.htm#IDX4214">(4214)</A>
+<LI>on bos commands
+<A HREF="auarf093.htm#IDX4446">(4446)</A>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5580">(5580)</A>
+</MENU>
+<LI>lock status
+<MENU>
+<LI>displaying limit from Authentication Database entry
+<A HREF="auarf185.htm#IDX5098">(5098)</A>
+</MENU>
+<LI>locking
+<MENU>
+<LI>VLDB entry
+<A HREF="auarf267.htm#IDX5763">(5763)</A>
+</MENU>
+<LI>locktime
+<MENU>
+<LI>displaying limit from Authentication Database entry
+<A HREF="auarf185.htm#IDX5097">(5097)</A>
+<LI>setting in Authentication Database entry
+<A HREF="auarf193.htm#IDX5140">(5140)</A>
+</MENU>
+<LI>log file
+<MENU>
+<LI>displaying from server machine
+<A HREF="auarf102.htm#IDX4530">(4530)</A>
+<LI>see entry: <I>files</I>
+<A HREF="auarf011.htm#IDX3865">(3865)</A>
+</MENU>
+<LI>long flag on vos listvol command
+<A HREF="auarf266.htm#IDX5735">(5735)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4D" HREF="#IDX0_4D">M</A></STRONG>
+<MENU>
+<LI>machine entry in Protection Database
+<MENU>
+<LI>adding to group
+<A HREF="auarf211.htm#IDX5240">(5240)</A>
+<LI>AFS UID, setting
+<A HREF="auarf215.htm#IDX5288">(5288)</A>
+<LI>creating
+<A HREF="auarf215.htm#IDX5284">(5284)</A>
+<LI>deleting
+<A HREF="auarf216.htm#IDX5298">(5298)</A>
+<LI>group memberships, displaying
+<A HREF="auarf222.htm#IDX5380">(5380)</A>
+<LI>group-creation quota, setting
+<A HREF="auarf225.htm#IDX5407">(5407)</A>
+<LI>privacy flags, setting
+<A HREF="auarf225.htm#IDX5408">(5408)</A>
+<LI>wildcard name format
+<A HREF="auarf215.htm#IDX5285">(5285)</A>
+</MENU>
+<LI>maintaining
+<MENU>
+<LI>synchrony of VLDB with volume headers
+<A HREF="auarf252.htm#IDX5575">(5575)</A>
+</MENU>
+<LI>max group id counter in Protection Database
+<MENU>
+<LI>affected by setting AFS GID
+<A HREF="auarf214.htm#IDX5273">(5273)</A>
+<LI>displaying
+<A HREF="auarf220.htm#IDX5362">(5362)</A>
+<LI>setting
+<A HREF="auarf226.htm#IDX5412">(5412)</A>
+</MENU>
+<LI>max user id counter in Protection Database
+<MENU>
+<LI>affected by setting AFS UID
+<A HREF="auarf215.htm#IDX5291">(5291)</A>
+<LI>displaying
+<A HREF="auarf220.htm#IDX5361">(5361)</A>
+<LI>setting
+<A HREF="auarf226.htm#IDX5411">(5411)</A>
+</MENU>
+<LI>MaxQuota field in volume header
+<A HREF="auarf261.htm#IDX5678">(5678)</A>, <A HREF="auarf266.htm#IDX5754">(5754)</A>
+<LI>member
+<MENU>
+<LI>Protection Database group, adding
+<A HREF="auarf211.htm#IDX5241">(5241)</A>
+<LI>Protection Database group, removing
+<A HREF="auarf223.htm#IDX5387">(5387)</A>
+</MENU>
+<LI>memory state of BOS Server
+<A HREF="auarf016.htm#IDX3895">(3895)</A>
+<LI>messages
+<MENU>
+<LI>associated with volume, creating
+<A HREF="auarf163.htm#IDX4981">(4981)</A>
+<LI>associated with volume, examining
+<A HREF="auarf138.htm#IDX4792">(4792)</A>
+</MENU>
+<LI>monitoring
+<MENU>
+<LI>disk usage with scout
+<A HREF="auarf233.htm#IDX5449">(5449)</A>, <A HREF="auarf233.htm#IDX5466">(5466)</A>
+<LI>File Server status with scout
+<A HREF="auarf233.htm#IDX5450">(5450)</A>
+<LI>outages with scout
+<A HREF="auarf233.htm#IDX5455">(5455)</A>
+</MENU>
+<LI>MOUNT instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3909">(3909)</A>
+<LI>mount point
+<MENU>
+<LI>cellular
+<A HREF="auarf153.htm#IDX4903">(4903)</A>
+<LI>creating
+<A HREF="auarf153.htm#IDX4893">(4893)</A>
+<LI>creating with uss
+<A HREF="auarf055.htm#IDX4170">(4170)</A>
+<LI>displaying
+<A HREF="auarf151.htm#IDX4884">(4884)</A>
+<LI>flushing from cache
+<A HREF="auarf141.htm#IDX4816">(4816)</A>
+<LI>read/write
+<A HREF="auarf153.htm#IDX4901">(4901)</A>
+<LI>regular
+<A HREF="auarf153.htm#IDX4899">(4899)</A>
+<LI>removing
+<A HREF="auarf156.htm#IDX4918">(4918)</A>
+</MENU>
+<LI>mounting
+<MENU>
+<LI>foreign volume in local cell
+<A HREF="auarf153.htm#IDX4904">(4904)</A>
+</MENU>
+<LI>moving
+<MENU>
+<LI>volume
+<A HREF="auarf268.htm#IDX5768">(5768)</A>
+</MENU>
+<LI>mutual authentication
+<A HREF="auarf023.htm#IDX3940">(3940)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4E" HREF="#IDX0_4E">N</A></STRONG>
+<MENU>
+<LI>name
+<MENU>
+<LI>cell (see entry: <I>cell, name</I>)
+<A HREF="auarf116.htm#IDX4625">(4625)</A>
+<LI>see entry: <I> group name</I>
+<A HREF="auarf214.htm#IDX5257">(5257)</A>
+<LI>see entry: <I>username</I>
+<A HREF="auarf215.htm#IDX5292">(5292)</A>
+<LI>see entry: <I>volume name</I>
+<A HREF="auarf273.htm#IDX5825">(5825)</A>
+</MENU>
+<LI>NAME_CHECK instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3910">(3910)</A>
+<LI>needs salvage status flag in volume header
+<A HREF="auarf261.htm#IDX5668">(5668)</A>, <A HREF="auarf266.htm#IDX5744">(5744)</A>
+<LI>negative ACL permissions
+<MENU>
+<LI>setting
+<A HREF="auarf157.htm#IDX4928">(4928)</A>
+</MENU>
+<LI>NetInfo file (client version)
+<A HREF="auarf024.htm#IDX3942">(3942)</A>
+<LI>NetInfo file (server version)
+<A HREF="auarf025.htm#IDX3948">(3948)</A>
+<LI>NetRestrict file (client version)
+<A HREF="auarf026.htm#IDX3953">(3953)</A>
+<LI>NetRestrict file (server version)
+<A HREF="auarf027.htm#IDX3959">(3959)</A>
+<LI>Network File System
+<MENU>
+<LI>see entry: <I>NFS</I>
+<A HREF="auarf139.htm#IDX4805">(4805)</A>
+</MENU>
+<LI>Network Time Protocol Daemon
+<MENU>
+<LI>see entry:<I> NTPD</I>
+<A HREF="auarf230.htm#IDX5436">(5436)</A>
+</MENU>
+<LI>New release
+<MENU>
+<LI>status flag on site definition in VLDB entry
+<A HREF="auarf261.htm#IDX5694">(5694)</A>, <A HREF="auarf265.htm#IDX5728">(5728)</A>
+</MENU>
+<LI>New Release flag in VLDB
+<MENU>
+<LI>as indicator of failed vos release operation
+<A HREF="auarf270.htm#IDX5800">(5800)</A>
+</MENU>
+<LI>NFS
+<MENU>
+<LI>export of by AFS client
+<A HREF="auarf139.htm#IDX4804">(4804)</A>
+<LI>obtaining authenticated AFS access from non-supported client
+<A HREF="auarf201.htm#IDX5186">(5186)</A>
+</MENU>
+<LI>NFS/AFS Translator
+<MENU>
+<LI>enabling Cache Manager
+<A HREF="auarf058.htm#IDX4192">(4192)</A>
+</MENU>
+<LI>NoAuth file
+<A HREF="auarf028.htm#IDX3964">(3964)</A>
+<LI>noauth flag
+<MENU>
+<LI>on bos commands
+<A HREF="auarf093.htm#IDX4447">(4447)</A>, <A HREF="auarf252.htm#IDX5581">(5581)</A>
+<LI>on kas commands
+<A HREF="auarf181.htm#IDX5067">(5067)</A>
+<LI>on pts commands
+<A HREF="auarf210.htm#IDX5234">(5234)</A>
+</MENU>
+<LI>NOCPW flag in Authentication Database entry
+<A HREF="auarf193.htm#IDX5146">(5146)</A>
+<LI>none shorthand notation for ACL permissions
+<A HREF="auarf157.htm#IDX4941">(4941)</A>
+<LI>NOSEAL flag in Authentication Database entry
+<A HREF="auarf193.htm#IDX5145">(5145)</A>
+<LI>Not released
+<MENU>
+<LI>status flag on site definition in VLDB entry
+<A HREF="auarf261.htm#IDX5692">(5692)</A>, <A HREF="auarf265.htm#IDX5726">(5726)</A>
+</MENU>
+<LI>NOTGS flag in Authentication Database entry
+<A HREF="auarf193.htm#IDX5144">(5144)</A>
+<LI>NTPD
+<MENU>
+<LI>initializing with runntp
+<A HREF="auarf230.htm#IDX5435">(5435)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4F" HREF="#IDX0_4F">O</A></STRONG>
+<MENU>
+<LI>Off-line status flag in volume header
+<A HREF="auarf261.htm#IDX5667">(5667)</A>, <A HREF="auarf266.htm#IDX5743">(5743)</A>
+<LI>offline message
+<MENU>
+<LI>creating
+<A HREF="auarf163.htm#IDX4982">(4982)</A>
+<LI>examining
+<A HREF="auarf138.htm#IDX4793">(4793)</A>
+</MENU>
+<LI>Old release
+<MENU>
+<LI>status flag on site definition in VLDB entry
+<A HREF="auarf261.htm#IDX5693">(5693)</A>, <A HREF="auarf265.htm#IDX5727">(5727)</A>
+</MENU>
+<LI>Old Release flag in VLDB
+<MENU>
+<LI>as indicator of failed vos release operation
+<A HREF="auarf270.htm#IDX5801">(5801)</A>
+</MENU>
+<LI>OLD version of binary file
+<MENU>
+<LI>creation by bos install command
+<A HREF="auarf105.htm#IDX4555">(4555)</A>
+<LI>listing time stamp on
+<A HREF="auarf101.htm#IDX4522">(4522)</A>
+<LI>removing from /usr/afs/bin directory
+<A HREF="auarf109.htm#IDX4579">(4579)</A>
+<LI>use by bos uninstall command
+<A HREF="auarf123.htm#IDX4679">(4679)</A>
+</MENU>
+<LI>On-line status flag in volume header
+<A HREF="auarf261.htm#IDX5666">(5666)</A>, <A HREF="auarf266.htm#IDX5742">(5742)</A>
+<LI>operating system
+<MENU>
+<LI>AFS system names
+<A HREF="auarf165.htm#IDX4997">(4997)</A>
+</MENU>
+<LI>outages
+<MENU>
+<LI>BOS Server
+<A HREF="auarf124.htm#IDX4684">(4684)</A>
+<LI>monitoring with afsmonitor
+<A HREF="auarf058.htm#IDX4197">(4197)</A>
+<LI>monitoring with scout
+<A HREF="auarf233.htm#IDX5453">(5453)</A>
+</MENU>
+<LI>overwriting
+<MENU>
+<LI>directories/files/links with uss
+<A HREF="auarf243.htm#IDX5531">(5531)</A>
+</MENU>
+<LI>owner
+<MENU>
+<LI>Protection Database entry, changing
+<A HREF="auarf213.htm#IDX5250">(5250)</A>
+<LI>Protection Database entry, defined
+<A HREF="auarf217.htm#IDX5345">(5345)</A>
+<LI>Protection Database entry, displaying
+<A HREF="auarf217.htm#IDX5331">(5331)</A>
+<LI>Protection Database entry, setting
+<A HREF="auarf214.htm#IDX5258">(5258)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_50" HREF="#IDX0_50">P</A></STRONG>
+<MENU>
+<LI>package
+<MENU>
+<LI>C instruction in configuration file
+<A HREF="auarf053.htm#IDX4049">(4049)</A>
+<LI>command, syntax defined
+<A HREF="auarf204.htm#IDX5197">(5197)</A>
+<LI>configuration file (see entry: <I>package configuration file</I>)
+<A HREF="auarf053.htm#IDX4038">(4038)</A>
+<LI>D instruction in configuration file
+<A HREF="auarf053.htm#IDX4057">(4057)</A>
+<LI>define instruction in configuration file
+<A HREF="auarf053.htm#IDX4084">(4084)</A>
+<LI>defining block special device with B instruction
+<A HREF="auarf053.htm#IDX4043">(4043)</A>
+<LI>defining character special device
+<A HREF="auarf053.htm#IDX4050">(4050)</A>
+<LI>defining directory
+<A HREF="auarf053.htm#IDX4058">(4058)</A>
+<LI>defining file
+<A HREF="auarf053.htm#IDX4065">(4065)</A>
+<LI>defining socket
+<A HREF="auarf053.htm#IDX4079">(4079)</A>
+<LI>defining symbolic link
+<A HREF="auarf053.htm#IDX4072">(4072)</A>
+<LI>F instruction in configuration file
+<A HREF="auarf053.htm#IDX4064">(4064)</A>
+<LI>ifdef instruction in configuration file
+<A HREF="auarf053.htm#IDX4090">(4090)</A>
+<LI>ifndef instruction in configuration file
+<A HREF="auarf053.htm#IDX4093">(4093)</A>
+<LI>include instruction in configuration file
+<A HREF="auarf053.htm#IDX4097">(4097)</A>
+<LI>L instruction in configuration file
+<A HREF="auarf053.htm#IDX4071">(4071)</A>
+<LI>privilege requirements
+<A HREF="auarf204.htm#IDX5203">(5203)</A>
+<LI>S instruction in configuration file
+<A HREF="auarf053.htm#IDX4078">(4078)</A>
+<LI>undef instruction in configuration file
+<A HREF="auarf053.htm#IDX4087">(4087)</A>
+</MENU>
+<LI>package commands
+<MENU>
+<LI>apropos
+<A HREF="auarf205.htm#IDX5204">(5204)</A>
+<LI>help
+<A HREF="auarf206.htm#IDX5207">(5207)</A>
+</MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4040">(4040)</A>
+<MENU>
+<LI>B instruction
+<A HREF="auarf053.htm#IDX4047">(4047)</A>
+<LI>C instruction
+<A HREF="auarf053.htm#IDX4054">(4054)</A>
+<LI>D instruction
+<A HREF="auarf053.htm#IDX4061">(4061)</A>
+<LI>define instruction
+<A HREF="auarf053.htm#IDX4086">(4086)</A>
+<LI>defining block special device
+<A HREF="auarf053.htm#IDX4048">(4048)</A>
+<LI>defining character special device
+<A HREF="auarf053.htm#IDX4055">(4055)</A>
+<LI>defining directory
+<A HREF="auarf053.htm#IDX4062">(4062)</A>
+<LI>defining file
+<A HREF="auarf053.htm#IDX4069">(4069)</A>
+<LI>defining socket
+<A HREF="auarf053.htm#IDX4083">(4083)</A>
+<LI>defining symbolic link
+<A HREF="auarf053.htm#IDX4076">(4076)</A>
+<LI>F instruction
+<A HREF="auarf053.htm#IDX4068">(4068)</A>
+<LI>ifdef instruction
+<A HREF="auarf053.htm#IDX4092">(4092)</A>
+<LI>ifndef instruction
+<A HREF="auarf053.htm#IDX4095">(4095)</A>
+<LI>include instruction
+<A HREF="auarf053.htm#IDX4098">(4098)</A>
+<LI>L instruction
+<A HREF="auarf053.htm#IDX4075">(4075)</A>
+<LI>S instruction
+<A HREF="auarf053.htm#IDX4082">(4082)</A>
+<LI>undef instruction
+<A HREF="auarf053.htm#IDX4089">(4089)</A>
+</MENU>
+<LI>package_test command
+<A HREF="auarf207.htm#IDX5210">(5210)</A>
+<LI>PAG
+<MENU>
+<LI>creating with pagsh command
+<A HREF="auarf208.htm#IDX5215">(5215)</A>
+</MENU>
+<LI>pagsh command
+<A HREF="auarf208.htm#IDX5213">(5213)</A>
+<LI>partition
+<MENU>
+<LI>blocks available, displaying
+<A HREF="auarf137.htm#IDX4760">(4760)</A>, <A HREF="auarf269.htm#IDX5779">(5779)</A>
+<LI>blocks used, displaying
+<A HREF="auarf137.htm#IDX4759">(4759)</A>
+<LI>displaying blocks available
+<A HREF="auarf138.htm#IDX4775">(4775)</A>
+<LI>displaying for file server machine
+<A HREF="auarf264.htm#IDX5705">(5705)</A>
+<LI>displaying size
+<A HREF="auarf138.htm#IDX4774">(4774)</A>
+<LI>monitoring usage of
+<A HREF="auarf233.htm#IDX5465">(5465)</A>
+<LI>monitoring usage with scout
+<A HREF="auarf233.htm#IDX5452">(5452)</A>
+<LI>moving volumes
+<A HREF="auarf268.htm#IDX5770">(5770)</A>
+<LI>percent used, displaying
+<A HREF="auarf137.htm#IDX4758">(4758)</A>
+<LI>restoring all volumes (Backup System)
+<A HREF="auarf072.htm#IDX4299">(4299)</A>
+<LI>salvage triggered by SALVAGE.fs file
+<A HREF="auarf029.htm#IDX3970">(3970)</A>
+<LI>salvaging volumes on
+<A HREF="auarf114.htm#IDX4610">(4610)</A>
+<LI>size, displaying
+<A HREF="auarf137.htm#IDX4757">(4757)</A>, <A HREF="auarf269.htm#IDX5778">(5778)</A>
+</MENU>
+<LI>partition argument
+<MENU>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5582">(5582)</A>
+</MENU>
+<LI>password
+<MENU>
+<LI>changing/setting in Authentication Database
+<A HREF="auarf202.htm#IDX5190">(5190)</A>
+<LI>checking quality of
+<A HREF="auarf194.htm#IDX5154">(5154)</A>, <A HREF="auarf202.htm#IDX5193">(5193)</A>
+<LI>checking quality using kpwvalid program
+<A HREF="auarf203.htm#IDX5196">(5196)</A>
+<LI>defining initial in Authentication Database
+<A HREF="auarf183.htm#IDX5077">(5077)</A>
+<LI>generating octal form of
+<A HREF="auarf196.htm#IDX5166">(5166)</A>
+<LI>imposing restrictions with kas setfields command
+<A HREF="auarf193.htm#IDX5141">(5141)</A>
+<LI>imposing restrictions with uss template A instruction
+<A HREF="auarf055.htm#IDX4117">(4117)</A>
+<LI>in Authentication Database
+<A HREF="auarf185.htm#IDX5102">(5102)</A>
+<LI>setting in Authentication Database
+<A HREF="auarf194.htm#IDX5153">(5153)</A>
+</MENU>
+<LI>password lifetime
+<MENU>
+<LI>displaying from Authentication Database entry
+<A HREF="auarf185.htm#IDX5095">(5095)</A>
+<LI>setting in Authentication Database entry
+<A HREF="auarf193.htm#IDX5138">(5138)</A>
+</MENU>
+<LI>password reuse
+<MENU>
+<LI>setting restrictions on in Authentication Database entry
+<A HREF="auarf193.htm#IDX5139">(5139)</A>
+</MENU>
+<LI>password_for_admin argument
+<MENU>
+<LI>on kas commands
+<A HREF="auarf181.htm#IDX5068">(5068)</A>
+</MENU>
+<LI>permanent name
+<MENU>
+<LI>see entry: <I>tape (Backup System)</I>
+<A HREF="auarf079.htm#IDX4354">(4354)</A>
+</MENU>
+<LI>port offset number (Tape Coordinator)
+<MENU>
+<LI>assigning in Backup Database
+<A HREF="auarf062.htm#IDX4233">(4233)</A>
+<LI>displaying from Backup Database
+<A HREF="auarf081.htm#IDX4369">(4369)</A>
+</MENU>
+<LI>portoffset argument
+<MENU>
+<LI>on backup commands
+<A HREF="auarf060.htm#IDX4215">(4215)</A>
+</MENU>
+<LI>prdb.DB0 file
+<A HREF="auarf047.htm#IDX4018">(4018)</A>
+<LI>prdb.DBSYS1 file
+<A HREF="auarf047.htm#IDX4020">(4020)</A>
+<LI>prdb_check command
+<A HREF="auarf209.htm#IDX5217">(5217)</A>
+<LI>preference ranks
+<MENU>
+<LI>displaying
+<A HREF="auarf146.htm#IDX4850">(4850)</A>
+<LI>setting
+<A HREF="auarf162.htm#IDX4977">(4977)</A>
+</MENU>
+<LI>prefix-less group
+<MENU>
+<LI>see entry: <I>group</I>
+<A HREF="auarf214.htm#IDX5264">(5264)</A>
+</MENU>
+<LI>privacy flags
+<MENU>
+<LI>Protection Database entry, displaying
+<A HREF="auarf217.htm#IDX5333">(5333)</A>
+<LI>Protection Database entry, setting
+<A HREF="auarf225.htm#IDX5402">(5402)</A>
+</MENU>
+<LI>privilege requirements
+<MENU>
+<LI>for backup commands
+<A HREF="auarf060.htm#IDX4216">(4216)</A>
+<LI>for bos commands
+<A HREF="auarf093.htm#IDX4449">(4449)</A>
+<LI>for fs commands
+<A HREF="auarf131.htm#IDX4723">(4723)</A>
+<LI>for fstrace commands
+<A HREF="auarf169.htm#IDX5021">(5021)</A>
+<LI>for kas commands
+<A HREF="auarf181.htm#IDX5059">(5059)</A>
+<LI>for package command
+<A HREF="auarf204.htm#IDX5202">(5202)</A>
+<LI>for pts commands
+<A HREF="auarf210.htm#IDX5229">(5229)</A>
+<LI>for uss commands
+<A HREF="auarf242.htm#IDX5515">(5515)</A>
+<LI>for vos commands
+<A HREF="auarf252.htm#IDX5585">(5585)</A>
+</MENU>
+<LI>privileged users
+<MENU>
+<LI>adding to UserList file
+<A HREF="auarf096.htm#IDX4470">(4470)</A>
+<LI>listing from UserList file
+<A HREF="auarf108.htm#IDX4571">(4571)</A>
+<LI>removing from UserList file
+<A HREF="auarf112.htm#IDX4599">(4599)</A>
+<LI>setting ADMIN flag in Authentication Database
+<A HREF="auarf193.htm#IDX5137">(5137)</A>
+<LI>system:administrators group, adding
+<A HREF="auarf211.htm#IDX5243">(5243)</A>
+<LI>system:administrators group, removing
+<A HREF="auarf223.htm#IDX5389">(5389)</A>
+</MENU>
+<LI>process
+<MENU>
+<LI>see entry: <I>server process</I>
+<A HREF="auarf093.htm#IDX4439">(4439)</A>
+</MENU>
+<LI>program
+<MENU>
+<LI>controlling setuid status
+<A HREF="auarf159.htm#IDX4956">(4956)</A>
+<LI>displaying setuid status
+<A HREF="auarf144.htm#IDX4836">(4836)</A>
+</MENU>
+<LI>protection
+<MENU>
+<LI>AFS vs. UNIX
+<A HREF="auarf210.htm#IDX5220">(5220)</A>
+</MENU>
+<LI>Protection Database
+<A HREF="auarf210.htm#IDX5225">(5225)</A>
+<MENU>
+<LI>all entries, displaying
+<A HREF="auarf219.htm#IDX5356">(5356)</A>
+<LI>creator of entry defined
+<A HREF="auarf217.htm#IDX5346">(5346)</A>
+<LI>creator of entry, displaying
+<A HREF="auarf217.htm#IDX5312">(5312)</A>
+<LI>files constituting
+<A HREF="auarf047.htm#IDX4022">(4022)</A>
+<LI>group entry, creating
+<A HREF="auarf214.htm#IDX5254">(5254)</A>
+<LI>group entry, deleting
+<A HREF="auarf216.htm#IDX5301">(5301)</A>
+<LI>group entry, displaying
+<A HREF="auarf217.htm#IDX5310">(5310)</A>
+<LI>group members, adding
+<A HREF="auarf211.htm#IDX5242">(5242)</A>
+<LI>group members, removing
+<A HREF="auarf223.htm#IDX5388">(5388)</A>
+<LI>group membership, displaying
+<A HREF="auarf222.htm#IDX5381">(5381)</A>
+<LI>group memberships, displaying number
+<A HREF="auarf217.htm#IDX5315">(5315)</A>
+<LI>group-creation quota defined
+<A HREF="auarf217.htm#IDX5348">(5348)</A>
+<LI>group-creation quota, displaying
+<A HREF="auarf217.htm#IDX5314">(5314)</A>
+<LI>group-creation quota, setting
+<A HREF="auarf225.htm#IDX5401">(5401)</A>
+<LI>groups owned, displaying
+<A HREF="auarf221.htm#IDX5373">(5373)</A>
+<LI>machine entry, creating
+<A HREF="auarf215.htm#IDX5277">(5277)</A>
+<LI>machine entry, deleting
+<A HREF="auarf216.htm#IDX5300">(5300)</A>
+<LI>machine entry, displaying
+<A HREF="auarf217.htm#IDX5309">(5309)</A>
+<LI>max group id counter, displaying
+<A HREF="auarf220.htm#IDX5366">(5366)</A>
+<LI>max group id counter, setting
+<A HREF="auarf226.htm#IDX5416">(5416)</A>
+<LI>max user id counter, displaying
+<A HREF="auarf220.htm#IDX5365">(5365)</A>
+<LI>max user id counter, setting
+<A HREF="auarf226.htm#IDX5415">(5415)</A>
+<LI>membership count defined
+<A HREF="auarf217.htm#IDX5347">(5347)</A>
+<LI>membership count, displaying
+<A HREF="auarf217.htm#IDX5340">(5340)</A>
+<LI>name of entry, changing
+<A HREF="auarf224.htm#IDX5392">(5392)</A>
+<LI>owner of entry defined
+<A HREF="auarf217.htm#IDX5344">(5344)</A>
+<LI>owner of entry, changing
+<A HREF="auarf213.htm#IDX5249">(5249)</A>
+<LI>owner of entry, displaying
+<A HREF="auarf217.htm#IDX5311">(5311)</A>
+<LI>owner of entry, setting initial
+<A HREF="auarf214.htm#IDX5266">(5266)</A>
+<LI>privacy flags, displaying
+<A HREF="auarf217.htm#IDX5313">(5313)</A>
+<LI>privacy flags, setting
+<A HREF="auarf225.htm#IDX5400">(5400)</A>
+<LI>status, verifying
+<A HREF="auarf209.htm#IDX5219">(5219)</A>
+<LI>user entry, creating
+<A HREF="auarf215.htm#IDX5276">(5276)</A>
+<LI>user entry, creating with uss
+<A HREF="auarf243.htm#IDX5526">(5526)</A>
+<LI>user entry, deleting
+<A HREF="auarf216.htm#IDX5299">(5299)</A>
+<LI>user entry, deleting with uss
+<A HREF="auarf246.htm#IDX5550">(5550)</A>
+<LI>user entry, displaying
+<A HREF="auarf217.htm#IDX5308">(5308)</A>
+</MENU>
+<LI>protection group
+<MENU>
+<LI>see entry: <I>group</I>
+<A HREF="auarf210.htm#IDX5224">(5224)</A>
+</MENU>
+<LI>Protection Server
+<A HREF="auarf210.htm#IDX5226">(5226)</A>
+<MENU>
+<LI>listed in client CellServDB file
+<A HREF="auarf019.htm#IDX3915">(3915)</A>
+<LI>listed in server CellServDB file
+<A HREF="auarf020.htm#IDX3923">(3923)</A>
+<LI>starting
+<A HREF="auarf227.htm#IDX5419">(5419)</A>
+</MENU>
+<LI>pts commands
+<MENU>
+<LI>adduser
+<A HREF="auarf211.htm#IDX5235">(5235)</A>
+<LI>apropos
+<A HREF="auarf212.htm#IDX5244">(5244)</A>
+<LI>chown
+<A HREF="auarf213.htm#IDX5247">(5247)</A>
+<LI>common options
+<A HREF="auarf210.htm#IDX5228">(5228)</A>
+<LI>creategroup
+<A HREF="auarf214.htm#IDX5252">(5252)</A>
+<LI>createuser
+<A HREF="auarf215.htm#IDX5274">(5274)</A>
+<LI>delete
+<A HREF="auarf216.htm#IDX5293">(5293)</A>
+<LI>examine
+<A HREF="auarf217.htm#IDX5303">(5303)</A>
+<LI>help
+<A HREF="auarf218.htm#IDX5350">(5350)</A>
+<LI>listentries
+<A HREF="auarf219.htm#IDX5353">(5353)</A>
+<LI>listmax
+<A HREF="auarf220.htm#IDX5359">(5359)</A>
+<LI>listowned
+<A HREF="auarf221.htm#IDX5367">(5367)</A>
+<LI>membership
+<A HREF="auarf222.htm#IDX5374">(5374)</A>
+<LI>privilege requirements
+<A HREF="auarf210.htm#IDX5230">(5230)</A>
+<LI>removeuser
+<A HREF="auarf223.htm#IDX5382">(5382)</A>
+<LI>rename
+<A HREF="auarf224.htm#IDX5390">(5390)</A>
+<LI>setfields
+<A HREF="auarf225.htm#IDX5396">(5396)</A>
+<LI>setmax
+<A HREF="auarf226.htm#IDX5409">(5409)</A>
+</MENU>
+<LI>ptserver command
+<A HREF="auarf227.htm#IDX5417">(5417)</A>
+<LI>ptserver process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4493">(4493)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_51" HREF="#IDX0_51">Q</A></STRONG>
+<MENU>
+<LI>quitting
+<MENU>
+<LI>backup interactive mode
+<A HREF="auarf083.htm#IDX4384">(4384)</A>
+<LI>kas interactive mode
+<A HREF="auarf192.htm#IDX5128">(5128)</A>
+</MENU>
+<LI>quota
+<MENU>
+<LI>(see entry: <I>volume quota</I>)
+<A HREF="auarf258.htm#IDX5623">(5623)</A>
+<LI>see entry: <I>group-creation quota</I>
+<A HREF="auarf214.htm#IDX5260">(5260)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_52" HREF="#IDX0_52">R</A></STRONG>
+<MENU>
+<LI>RClone field in volume header
+<A HREF="auarf261.htm#IDX5676">(5676)</A>, <A HREF="auarf266.htm#IDX5752">(5752)</A>
+<LI>rcp command (AFS version)
+<A HREF="auarf228.htm#IDX5422">(5422)</A>
+<LI>read shorthand notation for ACL permissions
+<A HREF="auarf157.htm#IDX4943">(4943)</A>
+<LI>read-only extension on volume name
+<MENU>
+<LI>added by vos release command
+<A HREF="auarf270.htm#IDX5804">(5804)</A>
+</MENU>
+<LI>read-only volume
+<MENU>
+<LI>creating
+<A HREF="auarf270.htm#IDX5788">(5788)</A>
+<LI>defining site in VLDB
+<A HREF="auarf253.htm#IDX5591">(5591)</A>
+<LI>dumping
+<A HREF="auarf260.htm#IDX5647">(5647)</A>
+<LI>forcing Cache Manager to see new release
+<A HREF="auarf134.htm#IDX4741">(4741)</A>
+<LI>ID number
+<A HREF="auarf258.htm#IDX5636">(5636)</A>
+<LI>ID number in volume header
+<A HREF="auarf261.htm#IDX5670">(5670)</A>, <A HREF="auarf266.htm#IDX5746">(5746)</A>
+<LI>moving
+<A HREF="auarf268.htm#IDX5773">(5773)</A>
+<LI>name, changing
+<A HREF="auarf273.htm#IDX5827">(5827)</A>
+<LI>need for all-or-nothing release
+<A HREF="auarf270.htm#IDX5796">(5796)</A>
+<LI>removing
+<A HREF="auarf271.htm#IDX5811">(5811)</A>
+<LI>site, removing mistakenly defined
+<A HREF="auarf272.htm#IDX5817">(5817)</A>
+</MENU>
+<LI>read/write mount point
+<A HREF="auarf153.htm#IDX4900">(4900)</A>
+<LI>read/write volume
+<MENU>
+<LI>cloning for backup version
+<A HREF="auarf255.htm#IDX5598">(5598)</A>
+<LI>cloning for replication
+<A HREF="auarf270.htm#IDX5791">(5791)</A>
+<LI>cloning multiple for backup version
+<A HREF="auarf256.htm#IDX5607">(5607)</A>
+<LI>creating
+<A HREF="auarf258.htm#IDX5624">(5624)</A>
+<LI>dumping
+<A HREF="auarf260.htm#IDX5646">(5646)</A>
+<LI>ID number
+<A HREF="auarf258.htm#IDX5635">(5635)</A>
+<LI>ID number in volume header
+<A HREF="auarf261.htm#IDX5669">(5669)</A>, <A HREF="auarf266.htm#IDX5745">(5745)</A>
+<LI>moving
+<A HREF="auarf268.htm#IDX5771">(5771)</A>
+<LI>name, changing
+<A HREF="auarf273.htm#IDX5826">(5826)</A>
+<LI>removing
+<A HREF="auarf271.htm#IDX5809">(5809)</A>
+</MENU>
+<LI>regular expression
+<MENU>
+<LI>Backup System
+<A HREF="auarf063.htm#IDX4253">(4253)</A>
+</MENU>
+<LI>regular group
+<MENU>
+<LI>see entry: <I>group</I>
+<A HREF="auarf214.htm#IDX5265">(5265)</A>
+</MENU>
+<LI>regular mount point
+<A HREF="auarf153.htm#IDX4898">(4898)</A>
+<LI>release
+<MENU>
+<LI>status flags on site definitions in VLDB entry
+<A HREF="auarf261.htm#IDX5689">(5689)</A>, <A HREF="auarf265.htm#IDX5723">(5723)</A>
+</MENU>
+<LI>ReleaseClone
+<A HREF="auarf270.htm#IDX5798">(5798)</A>
+<LI>ReleaseClone volume
+<MENU>
+<LI>ID number in volume header
+<A HREF="auarf261.htm#IDX5672">(5672)</A>, <A HREF="auarf266.htm#IDX5748">(5748)</A>
+</MENU>
+<LI>releasing read-only volume
+<MENU>
+<LI>forcing Cache Manager to see
+<A HREF="auarf134.htm#IDX4745">(4745)</A>
+<LI>with vos release command
+<A HREF="auarf270.htm#IDX5797">(5797)</A>
+</MENU>
+<LI>remote
+<MENU>
+<LI>command execution with bos exec
+<A HREF="auarf100.htm#IDX4515">(4515)</A>
+<LI>file copy with rcp command (AFS version)
+<A HREF="auarf228.htm#IDX5425">(5425)</A>
+<LI>shell with rsh command (AFS version)
+<A HREF="auarf229.htm#IDX5431">(5431)</A>
+</MENU>
+<LI>removing
+<MENU>
+<LI>.BAK version of binary file
+<A HREF="auarf109.htm#IDX4576">(4576)</A>
+<LI>.OLD version of binary file
+<A HREF="auarf109.htm#IDX4577">(4577)</A>
+<LI>ACL entry
+<A HREF="auarf157.htm#IDX4931">(4931)</A>
+<LI>core file from /usr/afs/logs directory
+<A HREF="auarf109.htm#IDX4580">(4580)</A>
+<LI>database server machine from CellServDB file (server)
+<A HREF="auarf110.htm#IDX4589">(4589)</A>
+<LI>mount point
+<A HREF="auarf156.htm#IDX4919">(4919)</A>
+<LI>obsolete AFS UIDs from ACL
+<A HREF="auarf135.htm#IDX4749">(4749)</A>
+<LI>privileged users from UserList file
+<A HREF="auarf112.htm#IDX4598">(4598)</A>
+<LI>see also entry: <I>deleting</I>
+<A HREF="auarf067.htm#IDX4274">(4274)</A>
+<LI>server encryption key from KeyFile file
+<A HREF="auarf111.htm#IDX4593">(4593)</A>
+<LI>user from group
+<A HREF="auarf223.htm#IDX5384">(5384)</A>
+<LI>volume
+<A HREF="auarf271.htm#IDX5808">(5808)</A>
+<LI>volume entry from volume set in Backup Database
+<A HREF="auarf070.htm#IDX4290">(4290)</A>
+<LI>volume from site, without changing VLDB
+<A HREF="auarf280.htm#IDX5865">(5865)</A>
+<LI>volume site mistakenly defined
+<A HREF="auarf272.htm#IDX5815">(5815)</A>
+</MENU>
+<LI>renaming
+<MENU>
+<LI>volume
+<A HREF="auarf273.htm#IDX5821">(5821)</A>
+</MENU>
+<LI>replacing binary file
+<MENU>
+<LI>see entry: <I>uninstalling</I>
+<A HREF="auarf123.htm#IDX4673">(4673)</A>
+</MENU>
+<LI>replication
+<A HREF="auarf270.htm#IDX5784">(5784)</A>
+<MENU>
+<LI>determining success of
+<A HREF="auarf270.htm#IDX5792">(5792)</A>
+<LI>forcing creation of new clone
+<A HREF="auarf270.htm#IDX5803">(5803)</A>
+<LI>need for all-or-nothing release
+<A HREF="auarf270.htm#IDX5794">(5794)</A>
+<LI>role of ReleaseClone in
+<A HREF="auarf270.htm#IDX5799">(5799)</A>
+</MENU>
+<LI>restart times for BOS Server
+<MENU>
+<LI>displaying
+<A HREF="auarf103.htm#IDX4536">(4536)</A>
+<LI>setting
+<A HREF="auarf117.htm#IDX4630">(4630)</A>
+</MENU>
+<LI>restarting
+<MENU>
+<LI>server process
+<A HREF="auarf113.htm#IDX4606">(4606)</A>
+</MENU>
+<LI>restoring
+<MENU>
+<LI>internal consistency in file system (salvaging)
+<A HREF="auarf114.htm#IDX4613">(4613)</A>
+<LI>synchrony of VLDB and volume headers
+<A HREF="auarf276.htm#IDX5843">(5843)</A>, <A HREF="auarf277.htm#IDX5852">(5852)</A>
+<LI>volume, all in volume set (Backup System)
+<A HREF="auarf092.htm#IDX4434">(4434)</A>
+<LI>volume, all on partition (Backup System)
+<A HREF="auarf072.htm#IDX4298">(4298)</A>
+<LI>volume, single (Backup System)
+<A HREF="auarf091.htm#IDX4425">(4425)</A>
+<LI>volumes with vos command
+<A HREF="auarf274.htm#IDX5832">(5832)</A>
+</MENU>
+<LI>ROnly field in volume header
+<A HREF="auarf261.htm#IDX5674">(5674)</A>, <A HREF="auarf266.htm#IDX5750">(5750)</A>
+<LI>rsh command (AFS version)
+<A HREF="auarf229.htm#IDX5428">(5428)</A>
+<LI>runntp command
+<A HREF="auarf230.htm#IDX5433">(5433)</A>
+<LI>runntp process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4495">(4495)</A>
+</MENU>
+<LI>RWrite field in volume header
+<A HREF="auarf261.htm#IDX5673">(5673)</A>, <A HREF="auarf266.htm#IDX5749">(5749)</A>
+<LI>Rx
+<MENU>
+<LI>tracing activity
+<A HREF="auarf231.htm#IDX5442">(5442)</A>
+</MENU>
+<LI>rxdebug command
+<A HREF="auarf231.htm#IDX5440">(5440)</A>
+</MENU>
+<STRONG><A NAME="IDX1_53" HREF="#IDX0_53">S</A></STRONG>
+<MENU>
+<LI>S instruction
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4077">(4077)</A>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4150">(4150)</A>
+</MENU>
+<LI>SALVAGE.fs file
+<A HREF="auarf029.htm#IDX3967">(3967)</A>
+<LI>SalvageLog file
+<A HREF="auarf030.htm#IDX3972">(3972)</A>
+<LI>salvager process
+<MENU>
+<LI>command for invoking manually
+<A HREF="auarf232.htm#IDX5445">(5445)</A>
+<LI>log file
+<A HREF="auarf030.htm#IDX3974">(3974)</A>
+<LI>part of fs entry in BosConfig file
+<A HREF="auarf016.htm#IDX3890">(3890)</A>
+<LI>SALVAGE.fs file as trigger
+<A HREF="auarf029.htm#IDX3969">(3969)</A>
+</MENU>
+<LI>salvaging volume
+<MENU>
+<LI>with bos salvage command
+<A HREF="auarf114.htm#IDX4612">(4612)</A>
+<LI>with salvager command
+<A HREF="auarf232.htm#IDX5444">(5444)</A>
+</MENU>
+<LI>savevolume instruction in uss bulk input file
+<A HREF="auarf054.htm#IDX4109">(4109)</A>
+<LI>scanning
+<MENU>
+<LI>Backup System tape
+<A HREF="auarf087.htm#IDX4405">(4405)</A>
+</MENU>
+<LI>scout
+<MENU>
+<LI>command syntax for
+<A HREF="auarf233.htm#IDX5447">(5447)</A>
+<LI>disk usage
+<A HREF="auarf233.htm#IDX5467">(5467)</A>
+<LI>outages, monitoring
+<A HREF="auarf233.htm#IDX5454">(5454)</A>
+<LI>statistics available
+<A HREF="auarf233.htm#IDX5457">(5457)</A>
+</MENU>
+<LI>server
+<MENU>
+<LI>see entry: <I>server process</I>
+<A HREF="auarf093.htm#IDX4441">(4441)</A>
+</MENU>
+<LI>server argument
+<MENU>
+<LI>on bos commands
+<A HREF="auarf093.htm#IDX4448">(4448)</A>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5583">(5583)</A>
+</MENU>
+<LI>server encryption key
+<A HREF="auarf023.htm#IDX3936">(3936)</A>
+<MENU>
+<LI>adding to KeyFile file
+<A HREF="auarf095.htm#IDX4459">(4459)</A>
+<LI>displaying from Authentication Database
+<A HREF="auarf185.htm#IDX5090">(5090)</A>
+<LI>in Authentication Database
+<A HREF="auarf185.htm#IDX5103">(5103)</A>
+<LI>listing from KeyFile file
+<A HREF="auarf107.htm#IDX4564">(4564)</A>
+<LI>removing from KeyFile file
+<A HREF="auarf111.htm#IDX4594">(4594)</A>
+</MENU>
+<LI>server machine
+<MENU>
+<LI>cell membership
+<A HREF="auarf033.htm#IDX3983">(3983)</A>
+<LI>checking status with fs checkservers command
+<A HREF="auarf133.htm#IDX4730">(4730)</A>
+<LI>displaying Cache Manager preference ranks
+<A HREF="auarf146.htm#IDX4847">(4847)</A>
+<LI>maintaining clock with NTPD
+<A HREF="auarf230.htm#IDX5439">(5439)</A>
+<LI>restart times, displaying
+<A HREF="auarf103.htm#IDX4542">(4542)</A>
+<LI>restart times, setting
+<A HREF="auarf117.htm#IDX4633">(4633)</A>
+<LI>setting authorization checking requirements
+<A HREF="auarf115.htm#IDX4619">(4619)</A>
+<LI>setting Cache Manager preference ranks
+<A HREF="auarf162.htm#IDX4974">(4974)</A>
+</MENU>
+<LI>server partition
+<MENU>
+<LI>FORCESALVAGE file
+<A HREF="auarf022.htm#IDX3933">(3933)</A>
+<LI>V<I>vol_ID</I>.vol files
+<A HREF="auarf037.htm#IDX3992">(3992)</A>
+</MENU>
+<LI>server portion of Update Server
+<MENU>
+<LI>see entry: <I>upserver process</I>
+<A HREF="auarf241.htm#IDX5506">(5506)</A>
+</MENU>
+<LI>server process
+<A HREF="auarf093.htm#IDX4438">(4438)</A>
+<MENU>
+<LI>BosConfig file entry
+<A HREF="auarf016.htm#IDX3882">(3882)</A>
+<LI>creating in BosConfig file
+<A HREF="auarf098.htm#IDX4477">(4477)</A>
+<LI>creating ticket (tokens) for
+<A HREF="auarf200.htm#IDX5179">(5179)</A>
+<LI>deleting from BosConfig file
+<A HREF="auarf099.htm#IDX4508">(4508)</A>
+<LI>displaying BosConfig entry
+<A HREF="auarf121.htm#IDX4658">(4658)</A>
+<LI>displaying log file
+<A HREF="auarf102.htm#IDX4531">(4531)</A>
+<LI>listing run status
+<A HREF="auarf121.htm#IDX4657">(4657)</A>
+<LI>listing time stamp on binary file
+<A HREF="auarf101.htm#IDX4518">(4518)</A>
+<LI>restarting
+<A HREF="auarf113.htm#IDX4604">(4604)</A>
+<LI>starting
+<A HREF="auarf120.htm#IDX4650">(4650)</A>
+<LI>starting (changing status flag in BosConfig)
+<A HREF="auarf119.htm#IDX4642">(4642)</A>
+<LI>starting on server
+<A HREF="auarf098.htm#IDX4478">(4478)</A>
+<LI>stopping (changing BosConfig status flag)
+<A HREF="auarf122.htm#IDX4663">(4663)</A>
+<LI>stopping (no change to BosConfig status flag)
+<A HREF="auarf118.htm#IDX4636">(4636)</A>
+<LI>stopping and immediately restarting
+<A HREF="auarf113.htm#IDX4605">(4605)</A>
+<LI>types
+<A HREF="auarf016.htm#IDX3885">(3885)</A>
+<LI>uninstalling binary file
+<A HREF="auarf123.htm#IDX4675">(4675)</A>
+</MENU>
+<LI>server tickets
+<MENU>
+<LI>discarding
+<A HREF="auarf186.htm#IDX5106">(5106)</A>
+</MENU>
+<LI>servers argument
+<MENU>
+<LI>on kas commands
+<A HREF="auarf181.htm#IDX5069">(5069)</A>
+</MENU>
+<LI>setting
+<MENU>
+<LI>ACL
+<A HREF="auarf157.htm#IDX4929">(4929)</A>
+<LI>ACL with uss
+<A HREF="auarf055.htm#IDX4128">(4128)</A>, <A HREF="auarf055.htm#IDX4180">(4180)</A>
+<LI>AFS GID for group
+<A HREF="auarf214.htm#IDX5270">(5270)</A>
+<LI>AFS UID for user
+<A HREF="auarf215.htm#IDX5289">(5289)</A>
+<LI>Authentication Database entry flags and expiration dates
+<A HREF="auarf193.htm#IDX5132">(5132)</A>
+<LI>authorization checking requirements on server machine
+<A HREF="auarf115.htm#IDX4618">(4618)</A>
+<LI>BOS Server
+<A HREF="auarf117.htm#IDX4632">(4632)</A>
+<LI>Cache Manager preference ranks
+<A HREF="auarf162.htm#IDX4976">(4976)</A>
+<LI>cell name in CellServDB file
+<A HREF="auarf116.htm#IDX4627">(4627)</A>
+<LI>cell name in ThisCell file
+<A HREF="auarf116.htm#IDX4626">(4626)</A>
+<LI>client interfaces not registered with File Server, in NetInfo file
+<A HREF="auarf026.htm#IDX3958">(3958)</A>
+<LI>client interfaces registered with File Server
+<A HREF="auarf160.htm#IDX4965">(4965)</A>
+<LI>client interfaces registered with File Server, in NetInfo file
+<A HREF="auarf024.htm#IDX3947">(3947)</A>
+<LI>data cache size
+<A HREF="auarf158.htm#IDX4948">(4948)</A>
+<LI>expiration date on existing Backup System dump level
+<A HREF="auarf088.htm#IDX4411">(4411)</A>
+<LI>expiration date on new dump level (Backup System)
+<A HREF="auarf061.htm#IDX4228">(4228)</A>
+<LI>File Server interfaces not registered in VLDB, in NetRestrict file
+<A HREF="auarf027.htm#IDX3963">(3963)</A>
+<LI>File Server interfaces registered in VLDB, in NetInfo file
+<A HREF="auarf025.htm#IDX3952">(3952)</A>
+<LI>group-creation quota
+<A HREF="auarf225.htm#IDX5399">(5399)</A>
+<LI>initial owner for group
+<A HREF="auarf214.htm#IDX5272">(5272)</A>
+<LI>key field in Authentication Database, using password
+<A HREF="auarf194.htm#IDX5149">(5149)</A>
+<LI>key version number in KeyFile file
+<A HREF="auarf095.htm#IDX4462">(4462)</A>
+<LI>max group id counter in Protection Database
+<A HREF="auarf226.htm#IDX5413">(5413)</A>
+<LI>max user id counter in Protection Database
+<A HREF="auarf226.htm#IDX5414">(5414)</A>
+<LI>password in Authentication Database
+<A HREF="auarf202.htm#IDX5192">(5192)</A>
+<LI>privacy flags on Protection Database entry
+<A HREF="auarf225.htm#IDX5398">(5398)</A>
+<LI>setuid status
+<A HREF="auarf159.htm#IDX4957">(4957)</A>
+<LI>status flag in BOS Server memory to NotRun
+<A HREF="auarf122.htm#IDX4669">(4669)</A>
+<LI>status flag in BOS Server memory to Run
+<A HREF="auarf119.htm#IDX4648">(4648)</A>, <A HREF="auarf120.htm#IDX4654">(4654)</A>
+<LI>status flag in BosConfig file
+<A HREF="auarf098.htm#IDX4482">(4482)</A>
+<LI>status flag in BosConfig file to NotRun
+<A HREF="auarf122.htm#IDX4668">(4668)</A>
+<LI>status flag in BosConfig file to Run
+<A HREF="auarf119.htm#IDX4647">(4647)</A>
+<LI>system type of client machine
+<A HREF="auarf165.htm#IDX4992">(4992)</A>
+<LI>volume ACL, default at creation
+<A HREF="auarf258.htm#IDX5629">(5629)</A>
+<LI>volume quota
+<A HREF="auarf161.htm#IDX4966">(4966)</A>, <A HREF="auarf163.htm#IDX4978">(4978)</A>
+<LI>volume quota with uss
+<A HREF="auarf055.htm#IDX4177">(4177)</A>
+<LI>volume quota, default at creation
+<A HREF="auarf258.htm#IDX5630">(5630)</A>
+</MENU>
+<LI>setuid privilege
+<MENU>
+<LI>controlling
+<A HREF="auarf159.htm#IDX4958">(4958)</A>
+<LI>displaying
+<A HREF="auarf144.htm#IDX4838">(4838)</A>
+</MENU>
+<LI>shell
+<MENU>
+<LI>opening remotely with rsh command (AFS version)
+<A HREF="auarf229.htm#IDX5432">(5432)</A>
+</MENU>
+<LI>shorthand notation for ACL permissions
+<A HREF="auarf157.htm#IDX4940">(4940)</A>
+<LI>shutting down
+<MENU>
+<LI>server process
+<A HREF="auarf118.htm#IDX4638">(4638)</A>
+</MENU>
+<LI>simple process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4503">(4503)</A>
+<LI>recorded in <I>BosConfig</I> file
+<A HREF="auarf016.htm#IDX3891">(3891)</A>
+</MENU>
+<LI>site
+<MENU>
+<LI>count in VLDB
+<A HREF="auarf261.htm#IDX5685">(5685)</A>, <A HREF="auarf265.htm#IDX5719">(5719)</A>
+</MENU>
+<LI>size
+<MENU>
+<LI>displaying from Backup System tape label
+<A HREF="auarf084.htm#IDX4392">(4392)</A>
+<LI>partition, displaying with space available
+<A HREF="auarf269.htm#IDX5781">(5781)</A>
+<LI>recording on Backup System tape label
+<A HREF="auarf079.htm#IDX4353">(4353)</A>
+<LI>tape device filemark, determining
+<A HREF="auarf130.htm#IDX4714">(4714)</A>
+</MENU>
+<LI>skipauth flag
+<MENU>
+<LI>on uss commands
+<A HREF="auarf242.htm#IDX5514">(5514)</A>
+</MENU>
+<LI>socket
+<MENU>
+<LI>defining with package
+<A HREF="auarf053.htm#IDX4081">(4081)</A>
+</MENU>
+<LI>starting
+<MENU>
+<LI>Backup Server
+<A HREF="auarf125.htm#IDX4688">(4688)</A>
+<LI>client portion of Update Server
+<A HREF="auarf240.htm#IDX5501">(5501)</A>
+<LI>NTPD, with runntp
+<A HREF="auarf230.htm#IDX5438">(5438)</A>
+<LI>process on server (changing status flag in BosConfig)
+<A HREF="auarf119.htm#IDX4643">(4643)</A>
+<LI>process on server (no change to status flag in BosConfig)
+<A HREF="auarf120.htm#IDX4651">(4651)</A>
+<LI>Protection Server
+<A HREF="auarf227.htm#IDX5420">(5420)</A>
+<LI>Salvager by hand
+<A HREF="auarf232.htm#IDX5446">(5446)</A>
+<LI>server portion of Update Server
+<A HREF="auarf241.htm#IDX5507">(5507)</A>
+<LI>server process
+<A HREF="auarf098.htm#IDX4480">(4480)</A>
+<LI>Tape Coordinator
+<A HREF="auarf126.htm#IDX4694">(4694)</A>
+</MENU>
+<LI>statistics
+<MENU>
+<LI>Authentication Server
+<A HREF="auarf195.htm#IDX5160">(5160)</A>
+<LI>available in scout
+<A HREF="auarf233.htm#IDX5458">(5458)</A>
+</MENU>
+<LI>status
+<MENU>
+<LI>displaying for server machine
+<A HREF="auarf133.htm#IDX4733">(4733)</A>
+<LI>listing for server process
+<A HREF="auarf121.htm#IDX4661">(4661)</A>
+<LI>Volume Server, displaying
+<A HREF="auarf275.htm#IDX5835">(5835)</A>
+</MENU>
+<LI>status flag
+<MENU>
+<LI>for process in BOS Server memory, about
+<A HREF="auarf016.htm#IDX3896">(3896)</A>
+<LI>for process in BosConfig file, about
+<A HREF="auarf016.htm#IDX3892">(3892)</A>
+<LI>in Authentication Database, displaying
+<A HREF="auarf185.htm#IDX5087">(5087)</A>
+<LI>in Authentication Database, setting
+<A HREF="auarf193.htm#IDX5134">(5134)</A>
+<LI>release, on site definitions in VLDB entry
+<A HREF="auarf261.htm#IDX5691">(5691)</A>, <A HREF="auarf265.htm#IDX5725">(5725)</A>
+<LI>setting to NotRun for process, in BosConfig file
+<A HREF="auarf122.htm#IDX4666">(4666)</A>
+<LI>setting to NotRun for process, in BOS Server memory
+<A HREF="auarf118.htm#IDX4639">(4639)</A>, <A HREF="auarf122.htm#IDX4667">(4667)</A>
+<LI>setting to Run for process, in BOS Server memory
+<A HREF="auarf119.htm#IDX4646">(4646)</A>, <A HREF="auarf120.htm#IDX4653">(4653)</A>
+<LI>setting to Run for process, in BosConfig file
+<A HREF="auarf098.htm#IDX4481">(4481)</A>, <A HREF="auarf119.htm#IDX4645">(4645)</A>
+</MENU>
+<LI>status flags in volume header
+<A HREF="auarf261.htm#IDX5665">(5665)</A>, <A HREF="auarf266.htm#IDX5741">(5741)</A>
+<LI>stopping
+<MENU>
+<LI>server process (changing status flag in BosConfig)
+<A HREF="auarf122.htm#IDX4664">(4664)</A>
+<LI>server process (no change to BosConfig status flag)
+<A HREF="auarf118.htm#IDX4637">(4637)</A>
+</MENU>
+<LI>storing statistic in scout
+<A HREF="auarf233.htm#IDX5461">(5461)</A>
+<LI>symbolic link
+<MENU>
+<LI>creating with uss
+<A HREF="auarf055.htm#IDX4159">(4159)</A>
+<LI>defining with package
+<A HREF="auarf053.htm#IDX4074">(4074)</A>
+<LI>overwriting with uss
+<A HREF="auarf243.htm#IDX5535">(5535)</A>
+</MENU>
+<LI>synchrony of VLDB and volume headers
+<MENU>
+<LI>maintained by VL and Volume Servers
+<A HREF="auarf252.htm#IDX5574">(5574)</A>
+<LI>restoring
+<A HREF="auarf276.htm#IDX5842">(5842)</A>, <A HREF="auarf277.htm#IDX5848">(5848)</A>, <A HREF="auarf277.htm#IDX5851">(5851)</A>
+</MENU>
+<LI>sys (@sys) variable in pathnames
+<A HREF="auarf165.htm#IDX4999">(4999)</A>, <A HREF="auarf234.htm#IDX5473">(5473)</A>
+<LI>sys command
+<A HREF="auarf234.htm#IDX5468">(5468)</A>
+<LI>sysid file
+<A HREF="auarf049.htm#IDX4023">(4023)</A>
+<LI>sysname
+<A HREF="auarf165.htm#IDX4996">(4996)</A>
+<LI>system outages, reducing
+<A HREF="auarf124.htm#IDX4683">(4683)</A>
+<LI>system type
+<MENU>
+<LI>AFS system names
+<A HREF="auarf165.htm#IDX4995">(4995)</A>
+<LI>client machine
+<A HREF="auarf165.htm#IDX4994">(4994)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_54" HREF="#IDX0_54">T</A></STRONG>
+<MENU>
+<LI>tape (Backup System)
+<MENU>
+<LI>capacity on label, setting
+<A HREF="auarf079.htm#IDX4350">(4350)</A>
+<LI>capacity, determining
+<A HREF="auarf130.htm#IDX4708">(4708)</A>
+<LI>capacity, displaying from label
+<A HREF="auarf084.htm#IDX4389">(4389)</A>
+<LI>label, displaying
+<A HREF="auarf084.htm#IDX4388">(4388)</A>
+<LI>labeling
+<A HREF="auarf079.htm#IDX4349">(4349)</A>
+<LI>reading dump records
+<A HREF="auarf087.htm#IDX4404">(4404)</A>
+</MENU>
+<LI>Tape Coordinator
+<MENU>
+<LI>Backup Database entry, creating
+<A HREF="auarf062.htm#IDX4231">(4231)</A>
+<LI>Backup Database entry, deleting
+<A HREF="auarf069.htm#IDX4282">(4282)</A>
+<LI>Backup Database entry, displaying
+<A HREF="auarf081.htm#IDX4368">(4368)</A>
+<LI>CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3903">(3903)</A>
+<LI>configuration file for all devices
+<A HREF="auarf050.htm#IDX4029">(4029)</A>
+<LI>configuration file for specific device (CFG)
+<A HREF="auarf018.htm#IDX3902">(3902)</A>
+<LI>filemark size, determining
+<A HREF="auarf130.htm#IDX4707">(4707)</A>
+<LI>initializing
+<A HREF="auarf126.htm#IDX4693">(4693)</A>
+<LI>port offset number, assigning in Backup Database
+<A HREF="auarf062.htm#IDX4232">(4232)</A>
+<LI>port offset number, displaying from Backup Database
+<A HREF="auarf081.htm#IDX4367">(4367)</A>
+<LI>status, displaying
+<A HREF="auarf089.htm#IDX4414">(4414)</A>
+</MENU>
+<LI>tape device (Backup System)
+<MENU>
+<LI>see entry: <I>Tape Coordinator</I>
+<A HREF="auarf062.htm#IDX4238">(4238)</A>
+</MENU>
+<LI>tape name
+<MENU>
+<LI>see entry: <I>tape (Backup System)</I>
+<A HREF="auarf079.htm#IDX4356">(4356)</A>
+</MENU>
+<LI>tapeconfig file
+<A HREF="auarf050.htm#IDX4027">(4027)</A>
+<LI>template file in uss
+<MENU>
+<LI>see entry: <I>uss template file</I>
+<A HREF="auarf055.htm#IDX4111">(4111)</A>
+</MENU>
+<LI>terminal type
+<MENU>
+<LI>setting for afsmonitor
+<A HREF="auarf059.htm#IDX4201">(4201)</A>
+</MENU>
+<LI>testing
+<MENU>
+<LI>package files
+<A HREF="auarf207.htm#IDX5212">(5212)</A>
+</MENU>
+<LI>ThisCell file (client version)
+<A HREF="auarf032.htm#IDX3975">(3975)</A>
+<LI>ThisCell file (client)
+<MENU>
+<LI>displaying contents with fs wscell command
+<A HREF="auarf168.htm#IDX5015">(5015)</A>
+</MENU>
+<LI>ThisCell file (server version)
+<A HREF="auarf033.htm#IDX3980">(3980)</A>
+<LI>ThisCell file (server)
+<MENU>
+<LI>creating with bos setcellname command
+<A HREF="auarf116.htm#IDX4624">(4624)</A>
+</MENU>
+<LI>ticket lifetime
+<MENU>
+<LI>displaying from Authentication Database
+<A HREF="auarf185.htm#IDX5093">(5093)</A>
+<LI>setting in Authentication Database
+<A HREF="auarf193.htm#IDX5136">(5136)</A>
+</MENU>
+<LI>tickets
+<A HREF="auarf023.htm#IDX3941">(3941)</A>
+<MENU>
+<LI>creating for server process
+<A HREF="auarf200.htm#IDX5180">(5180)</A>
+<LI>discarding
+<A HREF="auarf238.htm#IDX5489">(5489)</A>
+<LI>displaying for issuer of command
+<A HREF="auarf190.htm#IDX5119">(5119)</A>
+<LI>listing for user
+<A HREF="auarf235.htm#IDX5480">(5480)</A>
+<LI>see entry: <I>server tickets</I>
+<A HREF="auarf186.htm#IDX5107">(5107)</A>
+</MENU>
+<LI>time stamp
+<MENU>
+<LI>listing for binary file
+<A HREF="auarf101.htm#IDX4523">(4523)</A>
+</MENU>
+<LI>tokens
+<MENU>
+<LI>command
+<A HREF="auarf235.htm#IDX5477">(5477)</A>
+<LI>creating for server process
+<A HREF="auarf200.htm#IDX5181">(5181)</A>
+<LI>discarding
+<A HREF="auarf238.htm#IDX5491">(5491)</A>
+<LI>listing for user
+<A HREF="auarf235.htm#IDX5476">(5476)</A>
+</MENU>
+<LI>tokens command
+<A HREF="auarf235.htm#IDX5475">(5475)</A>
+<LI>translate_et command
+<A HREF="auarf236.htm#IDX5481">(5481)</A>
+<LI>translating
+<MENU>
+<LI>AFS ID to user/group name
+<A HREF="auarf217.htm#IDX5322">(5322)</A>
+<LI>directory/file name to volume ID number
+<A HREF="auarf138.htm#IDX4777">(4777)</A>
+<LI>directory/file name to volume location
+<A HREF="auarf166.htm#IDX5004">(5004)</A>
+<LI>directory/file name to volume name
+<A HREF="auarf137.htm#IDX4765">(4765)</A>, <A HREF="auarf138.htm#IDX4776">(4776)</A>, <A HREF="auarf150.htm#IDX4874">(4874)</A>
+<LI>directory/file name to volume quota
+<A HREF="auarf138.htm#IDX4778">(4778)</A>, <A HREF="auarf150.htm#IDX4875">(4875)</A>
+<LI>directory/file name to volume quota percent used
+<A HREF="auarf155.htm#IDX4917">(4917)</A>
+<LI>user/group name to AFS ID
+<A HREF="auarf217.htm#IDX5321">(5321)</A>
+<LI>volume ID number from location
+<A HREF="auarf266.htm#IDX5737">(5737)</A>
+<LI>volume location from volume name/ID number
+<A HREF="auarf265.htm#IDX5714">(5714)</A>
+<LI>volume location to ID number
+<A HREF="auarf266.htm#IDX5736">(5736)</A>
+<LI>volume name to volume ID number
+<A HREF="auarf261.htm#IDX5661">(5661)</A>
+<LI>volume name/ID number to volume location
+<A HREF="auarf265.htm#IDX5713">(5713)</A>
+</MENU>
+<LI>type flag for volume
+<MENU>
+<LI>VLDB entry
+<A HREF="auarf261.htm#IDX5687">(5687)</A>, <A HREF="auarf265.htm#IDX5721">(5721)</A>
+<LI>volume header
+<A HREF="auarf261.htm#IDX5664">(5664)</A>, <A HREF="auarf266.htm#IDX5740">(5740)</A>
+</MENU>
+<LI>types of AFS server processes
+<A HREF="auarf016.htm#IDX3884">(3884)</A>
+</MENU>
+<STRONG><A NAME="IDX1_55" HREF="#IDX0_55">U</A></STRONG>
+<MENU>
+<LI>Ubik
+<MENU>
+<LI>tracing
+<A HREF="auarf237.htm#IDX5486">(5486)</A>
+</MENU>
+<LI>udebug command
+<A HREF="auarf237.htm#IDX5484">(5484)</A>
+<LI>UID
+<MENU>
+<LI>see entry: <I>AFS GID</I>
+<A HREF="auarf217.htm#IDX5324">(5324)</A>
+<LI>see entry: <I>AFS UID</I>
+<A HREF="auarf217.htm#IDX5323">(5323)</A>
+<LI>see entry: <I>UNIX UID</I>
+<A HREF="auarf217.htm#IDX5343">(5343)</A>
+</MENU>
+<LI>unauthenticating
+<MENU>
+<LI>while in kas interactive mode
+<A HREF="auarf191.htm#IDX5122">(5122)</A>
+<LI>with unlog command
+<A HREF="auarf238.htm#IDX5492">(5492)</A>
+</MENU>
+<LI>undef statement
+<MENU>
+<LI>package configuration file
+<A HREF="auarf053.htm#IDX4088">(4088)</A>
+</MENU>
+<LI>uninstalling
+<MENU>
+<LI>binary file
+<A HREF="auarf123.htm#IDX4672">(4672)</A>
+</MENU>
+<LI>UNIX commands
+<MENU>
+<LI>ftpd (AFS version)
+<A HREF="auarf178.htm#IDX5046">(5046)</A>
+<LI>inetd (AFS version)
+<A HREF="auarf179.htm#IDX5051">(5051)</A>
+<LI>rcp (AFS version)
+<A HREF="auarf228.htm#IDX5424">(5424)</A>
+<LI>rsh (AFS version)
+<A HREF="auarf229.htm#IDX5430">(5430)</A>
+</MENU>
+<LI>UNIX UID
+<MENU>
+<LI>functional difference from AFS UID
+<A HREF="auarf217.htm#IDX5342">(5342)</A>
+</MENU>
+<LI>unlocking
+<MENU>
+<LI>volume entries (multiple) in VLDB
+<A HREF="auarf279.htm#IDX5861">(5861)</A>
+<LI>volume entry in VLDB
+<A HREF="auarf278.htm#IDX5857">(5857)</A>
+</MENU>
+<LI>unlog command
+<A HREF="auarf238.htm#IDX5487">(5487)</A>
+<LI>UNMOUNT instruction in CFG_<I>device_name</I> file
+<A HREF="auarf018.htm#IDX3911">(3911)</A>
+<LI>unmounting volume
+<A HREF="auarf156.htm#IDX4921">(4921)</A>
+<LI>up command
+<A HREF="auarf239.htm#IDX5493">(5493)</A>
+<LI>upclient command
+<A HREF="auarf240.htm#IDX5496">(5496)</A>
+<LI>upclient process
+<A HREF="auarf240.htm#IDX5497">(5497)</A>
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4497">(4497)</A>
+</MENU>
+<LI>update date
+<MENU>
+<LI>recorded in volume header
+<A HREF="auarf261.htm#IDX5681">(5681)</A>, <A HREF="auarf266.htm#IDX5757">(5757)</A>
+</MENU>
+<LI>Update Server
+<MENU>
+<LI>starting client portion
+<A HREF="auarf240.htm#IDX5499">(5499)</A>
+<LI>starting server portion
+<A HREF="auarf241.htm#IDX5505">(5505)</A>
+</MENU>
+<LI>updating
+<MENU>
+<LI>Cache Manager mapping of volume names to IDs
+<A HREF="auarf134.htm#IDX4740">(4740)</A>
+</MENU>
+<LI>upserver command
+<A HREF="auarf241.htm#IDX5502">(5502)</A>
+<LI>upserver process
+<A HREF="auarf241.htm#IDX5503">(5503)</A>
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4499">(4499)</A>
+</MENU>
+<LI>user
+<MENU>
+<LI>account (see entry: <I>user account</I>)
+<A HREF="auarf243.htm#IDX5519">(5519)</A>
+<LI>adding to group
+<A HREF="auarf211.htm#IDX5239">(5239)</A>
+<LI>AFS UID, setting
+<A HREF="auarf215.htm#IDX5281">(5281)</A>, <A HREF="auarf215.htm#IDX5287">(5287)</A>
+<LI>group memberships, displaying number
+<A HREF="auarf217.htm#IDX5336">(5336)</A>
+<LI>group-creation quota, setting in Protection Database
+<A HREF="auarf225.htm#IDX5405">(5405)</A>
+<LI>groups belonged to, displaying
+<A HREF="auarf222.htm#IDX5379">(5379)</A>
+<LI>groups owned, displaying
+<A HREF="auarf221.htm#IDX5372">(5372)</A>
+<LI>mapping name to AFS UID
+<A HREF="auarf217.htm#IDX5327">(5327)</A>
+<LI>name, assigning
+<A HREF="auarf215.htm#IDX5283">(5283)</A>
+<LI>name, assigning in uss
+<A HREF="auarf243.htm#IDX5529">(5529)</A>
+<LI>name, changing in Protection Database
+<A HREF="auarf224.htm#IDX5394">(5394)</A>
+<LI>name, rules for format
+<A HREF="auarf215.htm#IDX5282">(5282)</A>
+<LI>privacy flags on Protection Database entry, displaying
+<A HREF="auarf217.htm#IDX5339">(5339)</A>
+<LI>privacy flags on Protection Database entry, setting
+<A HREF="auarf225.htm#IDX5406">(5406)</A>
+<LI>Protection Database entries, display all
+<A HREF="auarf219.htm#IDX5358">(5358)</A>
+<LI>Protection Database entry, creating
+<A HREF="auarf215.htm#IDX5280">(5280)</A>
+<LI>Protection Database entry, deleting
+<A HREF="auarf216.htm#IDX5297">(5297)</A>
+<LI>removing from group
+<A HREF="auarf223.htm#IDX5386">(5386)</A>
+</MENU>
+<LI>user account
+<MENU>
+<LI>creating multiple
+<A HREF="auarf245.htm#IDX5542">(5542)</A>
+<LI>creating with uss
+<A HREF="auarf243.htm#IDX5521">(5521)</A>
+<LI>deleting with uss
+<A HREF="auarf246.htm#IDX5547">(5547)</A>
+</MENU>
+<LI>UserList file
+<A HREF="auarf035.htm#IDX3985">(3985)</A>
+<MENU>
+<LI>adding user with bos adduser command
+<A HREF="auarf096.htm#IDX4469">(4469)</A>
+<LI>displaying users with bos listusers command
+<A HREF="auarf108.htm#IDX4572">(4572)</A>
+<LI>removing user with bos removeuser command
+<A HREF="auarf112.htm#IDX4600">(4600)</A>
+</MENU>
+<LI>usr/afs/bin directory
+<MENU>
+<LI>checking time stamps on files
+<A HREF="auarf101.htm#IDX4525">(4525)</A>
+<LI>removing .BAK files
+<A HREF="auarf109.htm#IDX4585">(4585)</A>
+<LI>removing .OLD files
+<A HREF="auarf109.htm#IDX4586">(4586)</A>
+</MENU>
+<LI>usr/afs/logs directory
+<MENU>
+<LI>displaying log files
+<A HREF="auarf102.htm#IDX4534">(4534)</A>
+<LI>removing core files
+<A HREF="auarf109.htm#IDX4587">(4587)</A>
+</MENU>
+<LI>uss
+<MENU>
+<LI>bulk input file (see entry: <I>uss bulk input file</I>)
+<A HREF="auarf054.htm#IDX4099">(4099)</A>
+<LI>creating directory
+<A HREF="auarf055.htm#IDX4122">(4122)</A>
+<LI>creating directory for even distribution
+<A HREF="auarf055.htm#IDX4144">(4144)</A>
+<LI>creating file by echoing
+<A HREF="auarf055.htm#IDX4132">(4132)</A>
+<LI>creating file from prototype
+<A HREF="auarf055.htm#IDX4138">(4138)</A>
+<LI>creating hard link
+<A HREF="auarf055.htm#IDX4151">(4151)</A>
+<LI>creating symbolic link
+<A HREF="auarf055.htm#IDX4157">(4157)</A>
+<LI>creating volume
+<A HREF="auarf055.htm#IDX4163">(4163)</A>
+<LI>improving password/login security
+<A HREF="auarf055.htm#IDX4114">(4114)</A>
+<LI>mounting volume
+<A HREF="auarf055.htm#IDX4164">(4164)</A>
+<LI>overwriting behavior
+<A HREF="auarf243.htm#IDX5530">(5530)</A>
+<LI>running command
+<A HREF="auarf055.htm#IDX4182">(4182)</A>
+<LI>setting ACL
+<A HREF="auarf055.htm#IDX4130">(4130)</A>, <A HREF="auarf055.htm#IDX4166">(4166)</A>
+<LI>setting volume quota
+<A HREF="auarf055.htm#IDX4165">(4165)</A>
+<LI>template file (see entry: <I>uss template file</I>)
+<A HREF="auarf055.htm#IDX4110">(4110)</A>
+</MENU>
+<LI>uss bulk input file
+<A HREF="auarf054.htm#IDX4101">(4101)</A>
+<MENU>
+<LI>add instruction
+<A HREF="auarf054.htm#IDX4102">(4102)</A>
+<LI>delete instruction
+<A HREF="auarf054.htm#IDX4104">(4104)</A>
+<LI>delvolume instruction
+<A HREF="auarf054.htm#IDX4106">(4106)</A>
+<LI>savevolume instruction
+<A HREF="auarf054.htm#IDX4108">(4108)</A>
+</MENU>
+<LI>uss commands
+<MENU>
+<LI>add
+<A HREF="auarf243.htm#IDX5517">(5517)</A>
+<LI>apropos
+<A HREF="auarf244.htm#IDX5536">(5536)</A>
+<LI>bulk
+<A HREF="auarf245.htm#IDX5539">(5539)</A>
+<LI>common options
+<A HREF="auarf242.htm#IDX5509">(5509)</A>
+<LI>delete
+<A HREF="auarf246.htm#IDX5545">(5545)</A>
+<LI>help
+<A HREF="auarf247.htm#IDX5554">(5554)</A>
+<LI>privilege requirements
+<A HREF="auarf242.htm#IDX5516">(5516)</A>
+</MENU>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4112">(4112)</A>
+<MENU>
+<LI>A instruction
+<A HREF="auarf055.htm#IDX4113">(4113)</A>, <A HREF="auarf055.htm#IDX4116">(4116)</A>
+<LI>creating directory
+<A HREF="auarf055.htm#IDX4123">(4123)</A>
+<LI>creating directory for even distribution
+<A HREF="auarf055.htm#IDX4148">(4148)</A>
+<LI>creating file
+<A HREF="auarf055.htm#IDX4136">(4136)</A>, <A HREF="auarf055.htm#IDX4142">(4142)</A>
+<LI>creating hard link
+<A HREF="auarf055.htm#IDX4155">(4155)</A>
+<LI>creating mount point
+<A HREF="auarf055.htm#IDX4174">(4174)</A>
+<LI>creating symbolic link
+<A HREF="auarf055.htm#IDX4161">(4161)</A>
+<LI>creating volume
+<A HREF="auarf055.htm#IDX4173">(4173)</A>
+<LI>D instruction
+<A HREF="auarf055.htm#IDX4124">(4124)</A>
+<LI>D line
+<A HREF="auarf055.htm#IDX4121">(4121)</A>
+<LI>E instruction
+<A HREF="auarf055.htm#IDX4135">(4135)</A>
+<LI>F instruction
+<A HREF="auarf055.htm#IDX4141">(4141)</A>
+<LI>G line
+<A HREF="auarf055.htm#IDX4147">(4147)</A>
+<LI>improving password/login security
+<A HREF="auarf055.htm#IDX4115">(4115)</A>
+<LI>L instruction
+<A HREF="auarf055.htm#IDX4154">(4154)</A>
+<LI>S instruction
+<A HREF="auarf055.htm#IDX4160">(4160)</A>
+<LI>setting ACL
+<A HREF="auarf055.htm#IDX4129">(4129)</A>, <A HREF="auarf055.htm#IDX4176">(4176)</A>
+<LI>setting volume quota
+<A HREF="auarf055.htm#IDX4175">(4175)</A>
+<LI>V instruction
+<A HREF="auarf055.htm#IDX4172">(4172)</A>
+<LI>X instruction
+<A HREF="auarf055.htm#IDX4183">(4183)</A>
+<LI>zero length
+<A HREF="auarf055.htm#IDX4178">(4178)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_56" HREF="#IDX0_56">V</A></STRONG>
+<MENU>
+<LI>V instruction
+<MENU>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4162">(4162)</A>
+</MENU>
+<LI>V<I>n</I> file
+<A HREF="auarf036.htm#IDX3987">(3987)</A>
+<LI>V<I>vol_ID</I>.vol file
+<A HREF="auarf037.htm#IDX3990">(3990)</A>
+<LI>variables
+<MENU>
+<LI>@sys in pathnames
+<A HREF="auarf165.htm#IDX5000">(5000)</A>, <A HREF="auarf234.htm#IDX5474">(5474)</A>
+</MENU>
+<LI>verbose flag
+<MENU>
+<LI>on vos commands
+<A HREF="auarf252.htm#IDX5584">(5584)</A>
+</MENU>
+<LI>VL Database
+<MENU>
+<LI>status, verifying
+<A HREF="auarf248.htm#IDX5559">(5559)</A>
+</MENU>
+<LI>VL Server
+<A HREF="auarf252.htm#IDX5571">(5571)</A>
+<MENU>
+<LI>displaying Cache Manager preference ranks
+<A HREF="auarf146.htm#IDX4849">(4849)</A>
+<LI>listed in client CellServDB file
+<A HREF="auarf019.htm#IDX3916">(3916)</A>
+<LI>listed in server CellServDB file
+<A HREF="auarf020.htm#IDX3924">(3924)</A>
+<LI>setting Cache Manager preference ranks
+<A HREF="auarf162.htm#IDX4975">(4975)</A>
+<LI>starting
+<A HREF="auarf249.htm#IDX5562">(5562)</A>
+</MENU>
+<LI>VLDB
+<MENU>
+<LI>deleting entry (but not volume header)
+<A HREF="auarf259.htm#IDX5640">(5640)</A>
+<LI>displaying file server machine interfaces
+<A HREF="auarf263.htm#IDX5702">(5702)</A>
+<LI>displaying volume entry and volume header
+<A HREF="auarf261.htm#IDX5657">(5657)</A>
+<LI>examining volume entry
+<A HREF="auarf265.htm#IDX5712">(5712)</A>
+<LI>files constituting
+<A HREF="auarf051.htm#IDX4034">(4034)</A>
+<LI>read-only site for volume, defining
+<A HREF="auarf253.htm#IDX5592">(5592)</A>
+<LI>read-only site for volume, removing mistakenly defined
+<A HREF="auarf272.htm#IDX5818">(5818)</A>
+<LI>release status flags in volume entry
+<A HREF="auarf261.htm#IDX5690">(5690)</A>, <A HREF="auarf265.htm#IDX5724">(5724)</A>
+<LI>server machine interfaces not registered
+<MENU>
+<LI>setting in NetRestrict file
+<A HREF="auarf027.htm#IDX3962">(3962)</A>
+</MENU>
+<LI>server machine interfaces registered
+<MENU>
+<LI>listed in sysid file
+<A HREF="auarf049.htm#IDX4026">(4026)</A>
+<LI>setting in NetInfo file
+<A HREF="auarf025.htm#IDX3951">(3951)</A>
+</MENU>
+<LI>site count for volume
+<A HREF="auarf261.htm#IDX5686">(5686)</A>, <A HREF="auarf265.htm#IDX5720">(5720)</A>
+<LI>synchronizing with volume headers
+<A HREF="auarf276.htm#IDX5844">(5844)</A>, <A HREF="auarf277.htm#IDX5853">(5853)</A>
+<LI>volume entry, creating
+<A HREF="auarf258.htm#IDX5631">(5631)</A>
+<LI>volume entry, locking
+<A HREF="auarf267.htm#IDX5764">(5764)</A>
+<LI>volume entry, unlocking
+<A HREF="auarf278.htm#IDX5858">(5858)</A>
+<LI>volume entry, unlocking multiple
+<A HREF="auarf279.htm#IDX5862">(5862)</A>
+<LI>volume type flags
+<A HREF="auarf261.htm#IDX5688">(5688)</A>, <A HREF="auarf265.htm#IDX5722">(5722)</A>
+</MENU>
+<LI>vldb.DB0 file
+<A HREF="auarf051.htm#IDX4030">(4030)</A>
+<LI>vldb.DBSYS1 file
+<A HREF="auarf051.htm#IDX4032">(4032)</A>
+<LI>vldb_check command
+<A HREF="auarf248.htm#IDX5557">(5557)</A>
+<LI>VLLog file
+<A HREF="auarf038.htm#IDX3994">(3994)</A>
+<LI>vlserver command
+<A HREF="auarf249.htm#IDX5560">(5560)</A>
+<LI>vlserver process
+<MENU>
+<LI>creating with bos create command
+<A HREF="auarf098.htm#IDX4501">(4501)</A>
+</MENU>
+<LI>volinfo command
+<A HREF="auarf250.htm#IDX5564">(5564)</A>
+<LI>VolserLog file
+<A HREF="auarf039.htm#IDX3997">(3997)</A>
+<LI>volserver command
+<A HREF="auarf251.htm#IDX5566">(5566)</A>
+<LI>volserver process
+<MENU>
+<LI>part of fs entry in BosConfig file
+<A HREF="auarf016.htm#IDX3889">(3889)</A>
+</MENU>
+<LI>volume
+<MENU>
+<LI>backup (see entry: backup volume)
+<A HREF="auarf255.htm#IDX5601">(5601)</A>
+<LI>Cache Manager
+<A HREF="auarf134.htm#IDX4738">(4738)</A>
+<LI>counter in header for number of accesses
+<A HREF="auarf261.htm#IDX5684">(5684)</A>, <A HREF="auarf266.htm#IDX5760">(5760)</A>
+<LI>creating
+<A HREF="auarf258.htm#IDX5619">(5619)</A>
+<LI>creating mount point
+<A HREF="auarf153.htm#IDX4895">(4895)</A>
+<LI>creating with uss
+<A HREF="auarf055.htm#IDX4169">(4169)</A>, <A HREF="auarf243.htm#IDX5525">(5525)</A>
+<LI>Creation date in volume header
+<A HREF="auarf261.htm#IDX5680">(5680)</A>, <A HREF="auarf266.htm#IDX5756">(5756)</A>
+<LI>deleting with uss
+<A HREF="auarf246.htm#IDX5553">(5553)</A>
+<LI>displaying mount point
+<A HREF="auarf151.htm#IDX4886">(4886)</A>
+<LI>dump history, displaying
+<A HREF="auarf090.htm#IDX4419">(4419)</A>
+<LI>dumping using Backup System
+<A HREF="auarf073.htm#IDX4305">(4305)</A>
+<LI>dumping with vos dump command
+<A HREF="auarf260.htm#IDX5645">(5645)</A>
+<LI>flushing from data cache
+<A HREF="auarf142.htm#IDX4822">(4822)</A>
+<LI>header, displaying
+<A HREF="auarf266.htm#IDX5732">(5732)</A>, <A HREF="auarf266.htm#IDX5733">(5733)</A>
+<LI>header, displaying with VLDB entry
+<A HREF="auarf261.htm#IDX5659">(5659)</A>
+<LI>header, synchronizing with VLDB entry
+<A HREF="auarf276.htm#IDX5840">(5840)</A>, <A HREF="auarf277.htm#IDX5849">(5849)</A>
+<LI>host partition size, listing
+<A HREF="auarf138.htm#IDX4772">(4772)</A>
+<LI>ID number (see entry: <I>volume ber</I>)
+<A HREF="auarf258.htm#IDX5633">(5633)</A>
+<LI>ID number from name, translating
+<A HREF="auarf261.htm#IDX5663">(5663)</A>
+<LI>ID number, allocating
+<A HREF="auarf258.htm#IDX5620">(5620)</A>
+<LI>ID number, learning from volume location
+<A HREF="auarf266.htm#IDX5739">(5739)</A>
+<LI>ID number, translating to location
+<A HREF="auarf265.htm#IDX5716">(5716)</A>
+<LI>Last Update date in volume header
+<A HREF="auarf261.htm#IDX5682">(5682)</A>, <A HREF="auarf266.htm#IDX5758">(5758)</A>
+<LI>location, translating from name/ID number
+<A HREF="auarf265.htm#IDX5717">(5717)</A>
+<LI>location, translating to volume ID number
+<A HREF="auarf266.htm#IDX5738">(5738)</A>
+<LI>message associated with, creating
+<A HREF="auarf163.htm#IDX4980">(4980)</A>
+<LI>messages associated with, examining
+<A HREF="auarf138.htm#IDX4791">(4791)</A>
+<LI>moving
+<A HREF="auarf268.htm#IDX5769">(5769)</A>
+<LI>name to ID number, translating
+<A HREF="auarf261.htm#IDX5662">(5662)</A>
+<LI>name, assigning
+<A HREF="auarf258.htm#IDX5618">(5618)</A>
+<LI>name, changing
+<A HREF="auarf273.htm#IDX5823">(5823)</A>
+<LI>name, learning given directory/file name
+<A HREF="auarf138.htm#IDX4785">(4785)</A>
+<LI>name, translating to location
+<A HREF="auarf265.htm#IDX5715">(5715)</A>
+<LI>partition percent use, listing
+<A HREF="auarf150.htm#IDX4871">(4871)</A>
+<LI>percent use, listing
+<A HREF="auarf150.htm#IDX4873">(4873)</A>
+<LI>quota (see entry: <I>volume quota</I>)
+<A HREF="auarf258.htm#IDX5622">(5622)</A>
+<LI>read-only (see entry: read-only volume)
+<A HREF="auarf270.htm#IDX5787">(5787)</A>
+<LI>read-only site, removing mistakenly defined
+<A HREF="auarf272.htm#IDX5816">(5816)</A>
+<LI>read/write (see entry: <I>read/write volume</I>)
+<A HREF="auarf258.htm#IDX5621">(5621)</A>
+<LI>removing
+<A HREF="auarf271.htm#IDX5807">(5807)</A>
+<LI>removing mount point for
+<A HREF="auarf156.htm#IDX4920">(4920)</A>
+<LI>removing without changing VLDB
+<A HREF="auarf280.htm#IDX5866">(5866)</A>
+<LI>renaming
+<A HREF="auarf273.htm#IDX5822">(5822)</A>
+<LI>replicating
+<A HREF="auarf270.htm#IDX5786">(5786)</A>
+<LI>restoring all in volume set with Backup System
+<A HREF="auarf092.htm#IDX4430">(4430)</A>
+<LI>restoring single with Backup System
+<A HREF="auarf091.htm#IDX4424">(4424)</A>
+<LI>restoring with vos command
+<A HREF="auarf274.htm#IDX5831">(5831)</A>
+<LI>salvaging
+<A HREF="auarf114.htm#IDX4609">(4609)</A>
+<LI>size, listing
+<A HREF="auarf138.htm#IDX4773">(4773)</A>, <A HREF="auarf150.htm#IDX4872">(4872)</A>
+<LI>VLDB entry, displaying
+<A HREF="auarf265.htm#IDX5718">(5718)</A>
+<LI>VLDB entry, displaying with header
+<A HREF="auarf261.htm#IDX5660">(5660)</A>
+<LI>VLDB entry, locking
+<A HREF="auarf267.htm#IDX5765">(5765)</A>
+<LI>VLDB entry, synchronizing with header
+<A HREF="auarf276.htm#IDX5841">(5841)</A>, <A HREF="auarf277.htm#IDX5850">(5850)</A>
+<LI>volume ID number (see entry: <I>volume ber</I>)
+<A HREF="auarf258.htm#IDX5634">(5634)</A>
+</MENU>
+<LI>volume entry (Backup System)
+<MENU>
+<LI>adding to volume set
+<A HREF="auarf063.htm#IDX4241">(4241)</A>, <A HREF="auarf063.htm#IDX4248">(4248)</A>
+<LI>displaying from volume set
+<A HREF="auarf082.htm#IDX4377">(4377)</A>
+<LI>removing from volume set
+<A HREF="auarf070.htm#IDX4287">(4287)</A>
+</MENU>
+<LI>volume header
+<MENU>
+<LI>see entry: <I>Vvol_ID.vol file</I>
+<A HREF="auarf037.htm#IDX3993">(3993)</A>
+</MENU>
+<LI>volume ID number
+<MENU>
+<LI>Cache Manager
+<A HREF="auarf134.htm#IDX4744">(4744)</A>
+<LI>defined
+<A HREF="auarf258.htm#IDX5632">(5632)</A>
+<LI>learning given directory/file name
+<A HREF="auarf138.htm#IDX4789">(4789)</A>
+</MENU>
+<LI>volume location
+<MENU>
+<LI>learning given directory/file name
+<A HREF="auarf166.htm#IDX5001">(5001)</A>
+</MENU>
+<LI>Volume Location Database
+<MENU>
+<LI>see entry: <I>VLDB</I>
+<A HREF="auarf051.htm#IDX4035">(4035)</A>
+</MENU>
+<LI>Volume Location Server
+<MENU>
+<LI>log file
+<A HREF="auarf038.htm#IDX3996">(3996)</A>
+<LI>see entry: <I>VL Server</I>
+<A HREF="auarf249.htm#IDX5563">(5563)</A>
+</MENU>
+<LI>volume name
+<MENU>
+<LI>Cache Manager
+<A HREF="auarf134.htm#IDX4742">(4742)</A>
+<LI>Cache Manager forced to see change to
+<A HREF="auarf134.htm#IDX4743">(4743)</A>
+<LI>learning given directory/file name
+<A HREF="auarf137.htm#IDX4768">(4768)</A>, <A HREF="auarf150.htm#IDX4881">(4881)</A>
+</MENU>
+<LI>volume quota
+<MENU>
+<LI>allowing users to exceed
+<A HREF="auarf129.htm#IDX4704">(4704)</A>
+<LI>displaying percent used
+<A HREF="auarf155.htm#IDX4915">(4915)</A>
+<LI>displaying with volume & partition info.
+<A HREF="auarf138.htm#IDX4790">(4790)</A>
+<LI>displaying with volume size
+<A HREF="auarf150.htm#IDX4883">(4883)</A>
+<LI>recorded in volume header
+<A HREF="auarf261.htm#IDX5677">(5677)</A>, <A HREF="auarf266.htm#IDX5753">(5753)</A>
+<LI>setting
+<A HREF="auarf161.htm#IDX4968">(4968)</A>, <A HREF="auarf163.htm#IDX4979">(4979)</A>
+<LI>setting default for new volume
+<A HREF="auarf258.htm#IDX5626">(5626)</A>
+<LI>setting with uss
+<A HREF="auarf055.htm#IDX4171">(4171)</A>
+</MENU>
+<LI>Volume Server
+<A HREF="auarf252.htm#IDX5570">(5570)</A>
+<MENU>
+<LI>log file
+<A HREF="auarf039.htm#IDX3999">(3999)</A>
+<LI>starting
+<A HREF="auarf251.htm#IDX5568">(5568)</A>
+<LI>status, displaying
+<A HREF="auarf275.htm#IDX5837">(5837)</A>
+</MENU>
+<LI>volume set (Backup System)
+<MENU>
+<LI>creating
+<A HREF="auarf064.htm#IDX4257">(4257)</A>
+<LI>deleting
+<A HREF="auarf071.htm#IDX4293">(4293)</A>
+<LI>displaying
+<A HREF="auarf082.htm#IDX4376">(4376)</A>
+<LI>restoring
+<A HREF="auarf092.htm#IDX4432">(4432)</A>
+<LI>volume entry, adding
+<A HREF="auarf063.htm#IDX4242">(4242)</A>, <A HREF="auarf063.htm#IDX4249">(4249)</A>
+<LI>volume entry, removing
+<A HREF="auarf070.htm#IDX4288">(4288)</A>
+</MENU>
+<LI>VolumeItems file
+<A HREF="auarf040.htm#IDX4000">(4000)</A>
+<LI>vos commands
+<MENU>
+<LI>addsite
+<A HREF="auarf253.htm#IDX5587">(5587)</A>
+<LI>apropos
+<A HREF="auarf254.htm#IDX5593">(5593)</A>
+<LI>backup
+<A HREF="auarf255.htm#IDX5596">(5596)</A>
+<LI>backupsys
+<A HREF="auarf256.htm#IDX5605">(5605)</A>
+<LI>changeaddr
+<A HREF="auarf257.htm#IDX5612">(5612)</A>
+<LI>common options
+<A HREF="auarf252.htm#IDX5577">(5577)</A>
+<LI>create
+<A HREF="auarf258.htm#IDX5614">(5614)</A>
+<LI>delentry
+<A HREF="auarf259.htm#IDX5638">(5638)</A>
+<LI>dump
+<A HREF="auarf260.htm#IDX5642">(5642)</A>
+<LI>examine
+<A HREF="auarf261.htm#IDX5653">(5653)</A>
+<LI>help
+<A HREF="auarf262.htm#IDX5695">(5695)</A>
+<LI>idempotency
+<A HREF="auarf252.htm#IDX5573">(5573)</A>
+<LI>listaddrs
+<A HREF="auarf263.htm#IDX5698">(5698)</A>
+<LI>listpart
+<A HREF="auarf264.htm#IDX5703">(5703)</A>
+<LI>listvldb
+<A HREF="auarf265.htm#IDX5708">(5708)</A>
+<LI>listvol
+<A HREF="auarf266.htm#IDX5729">(5729)</A>
+<LI>lock
+<A HREF="auarf267.htm#IDX5761">(5761)</A>
+<LI>move
+<A HREF="auarf268.htm#IDX5766">(5766)</A>
+<LI>partinfo
+<A HREF="auarf269.htm#IDX5775">(5775)</A>
+<LI>privilege requirements
+<A HREF="auarf252.htm#IDX5586">(5586)</A>
+<LI>release
+<A HREF="auarf270.htm#IDX5782">(5782)</A>
+<LI>remove
+<A HREF="auarf271.htm#IDX5805">(5805)</A>
+<LI>remsite
+<A HREF="auarf272.htm#IDX5813">(5813)</A>
+<LI>rename
+<A HREF="auarf273.htm#IDX5819">(5819)</A>
+<LI>restore
+<A HREF="auarf274.htm#IDX5829">(5829)</A>
+<LI>status
+<A HREF="auarf275.htm#IDX5833">(5833)</A>
+<LI>syncserv
+<A HREF="auarf276.htm#IDX5838">(5838)</A>
+<LI>syncvldb
+<A HREF="auarf277.htm#IDX5846">(5846)</A>
+<LI>unlock
+<A HREF="auarf278.htm#IDX5855">(5855)</A>
+<LI>unlockvldb
+<A HREF="auarf279.htm#IDX5859">(5859)</A>
+<LI>volinfo (see entry: <I>vos examine</I>)
+<A HREF="auarf261.htm#IDX5654">(5654)</A>
+<LI>zap
+<A HREF="auarf280.htm#IDX5863">(5863)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_57" HREF="#IDX0_57">W</A></STRONG>
+<MENU>
+<LI>weekly restart time for BOS Server
+<MENU>
+<LI>see entry: <I>restart times for BOS Server</I>
+<A HREF="auarf103.htm#IDX4539">(4539)</A>
+</MENU>
+<LI>wildcard
+<MENU>
+<LI>volume entry definition (Backup System)
+<A HREF="auarf063.htm#IDX4244">(4244)</A>, <A HREF="auarf063.htm#IDX4251">(4251)</A>
+</MENU>
+<LI>workstations statistic in scout
+<A HREF="auarf233.htm#IDX5464">(5464)</A>
+<LI>write shorthand notation for ACL permissions
+<A HREF="auarf157.htm#IDX4945">(4945)</A>
+</MENU>
+<STRONG><A NAME="IDX1_58" HREF="#IDX0_58">X</A></STRONG>
+<MENU>
+<LI>X instruction
+<MENU>
+<LI>uss template file
+<A HREF="auarf055.htm#IDX4181">(4181)</A>
+</MENU>
+<LI>xfs_size_check command
+<A HREF="auarf281.htm#IDX5867">(5867)</A>
+<LI>xstat as requirement for running afsmonitor
+<A HREF="auarf059.htm#IDX4199">(4199)</A>
+<LI>xstat_cm_test command
+<A HREF="auarf282.htm#IDX5869">(5869)</A>
+<LI>xstat_fs_test command
+<A HREF="auarf283.htm#IDX5871">(5871)</A>
+</MENU>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf283.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P><HR>
+AFS<BR>
+Quick Beginnings<BR>
+<P>Version 3.6
+<P>Document Number SC09-4560-00
+<P>CT6Q7NA
+<P>
+<BR>
+<P><B>First Edition (April 2000)</B>
+<P>This edition applies to:
+<DL COMPACT>
+<DD>IBM AFS for AIX, Version 3.6
+<DD>IBM AFS for Digital Unix, Version 3.6
+<DD>IBM AFS for HP-UX, Version 3.6
+<DD>IBM AFS for Linux, Version 3.6
+<DD>IBM AFS for SGI IRIX, Version 3.6
+<DD>IBM AFS for Solaris, Version 3.6
+</DL>
+<P>and to all subsequent releases and modifications until otherwise indicated
+in new editions.
+<P>This softcopy version is based on the printed edition of this book.
+Some formatting amendments have been made to make this information more
+suitable for softcopy.
+<P>Order publications through your IBM representative or through the IBM
+branch office serving your locality.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<H2><A NAME="ToC">Table of Contents</A></H2>
+<P><B><A NAME="ToC_1" HREF="auqbg003.htm#HDRWQ1">About This Guide</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_2" HREF="auqbg003.htm#HDRWQ2">Audience and Purpose</A>
+<LI><A NAME="ToC_3" HREF="auqbg003.htm#HDRWQ3">Organization of the Document</A>
+<LI><A NAME="ToC_4" HREF="auqbg003.htm#HDRWQ4">How to Use This Document</A>
+<LI><A NAME="ToC_5" HREF="auqbg003.htm#HDRWQ5">Related Documents</A>
+<LI><A NAME="ToC_6" HREF="auqbg003.htm#HDRTYPO_CONV">Typographical Conventions</A>
+</MENU>
+<P><B><A NAME="ToC_7" HREF="auqbg004.htm#HDRWQ6">Installation Overview</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_8" HREF="auqbg004.htm#HDRWQ7">The Procedures Described in this Guide</A>
+<MENU>
+<LI><A NAME="ToC_9" HREF="auqbg004.htm#Header_9">Required Initial Procedures</A>
+<LI><A NAME="ToC_12" HREF="auqbg004.htm#Header_12">As-needed Procedures</A>
+</MENU>
+<LI><A NAME="ToC_18" HREF="auqbg004.htm#HDRWQ8">Recommended Reading List</A>
+<LI><A NAME="ToC_19" HREF="auqbg004.htm#HDRWQ9">Requirements</A>
+<MENU>
+<LI><A NAME="ToC_20" HREF="auqbg004.htm#Header_20">Login Identity</A>
+<LI><A NAME="ToC_21" HREF="auqbg004.htm#HDRWQ10">General Requirements</A>
+<LI><A NAME="ToC_22" HREF="auqbg004.htm#HDRWQ11">File Server Machine Requirements</A>
+<LI><A NAME="ToC_23" HREF="auqbg004.htm#HDRWQ12">Client Machine Requirements</A>
+</MENU>
+<LI><A NAME="ToC_24" HREF="auqbg004.htm#HDRWQ13">Supported System Types</A>
+<LI><A NAME="ToC_25" HREF="auqbg004.htm#HDRWQ14">About Upgrading the Operating System</A>
+<LI><A NAME="ToC_26" HREF="auqbg004.htm#HDRWQ15">The AFS Binary Distribution</A>
+<LI><A NAME="ToC_27" HREF="auqbg004.htm#HDRWQ16">How to Continue</A>
+</MENU>
+<P><B><A NAME="ToC_28" HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_29" HREF="auqbg005.htm#Header_29">Requirements and Configuration Decisions</A>
+<LI><A NAME="ToC_30" HREF="auqbg005.htm#HDRWQ18">Overview: Installing Server Functionality</A>
+<LI><A NAME="ToC_31" HREF="auqbg005.htm#HDRWQ19">Choosing the First AFS Machine</A>
+<LI><A NAME="ToC_32" HREF="auqbg005.htm#Header_32">Creating AFS Directories</A>
+<LI><A NAME="ToC_33" HREF="auqbg005.htm#HDRWQ20">Performing Platform-Specific Procedures</A>
+<LI><A NAME="ToC_34" HREF="auqbg005.htm#HDRWQ21">Getting Started on AIX Systems</A>
+<MENU>
+<LI><A NAME="ToC_35" HREF="auqbg005.htm#HDRWQ22">Loading AFS into the AIX Kernel</A>
+<LI><A NAME="ToC_36" HREF="auqbg005.htm#HDRWQ23">Configuring Server Partitions on AIX Systems</A>
+<LI><A NAME="ToC_37" HREF="auqbg005.htm#HDRWQ24">Replacing the fsck Program Helper on AIX Systems</A>
+<LI><A NAME="ToC_38" HREF="auqbg005.htm#HDRWQ25">Enabling AFS Login on AIX Systems</A>
+</MENU>
+<LI><A NAME="ToC_39" HREF="auqbg005.htm#HDRWQ26">Getting Started on Digital UNIX Systems</A>
+<MENU>
+<LI><A NAME="ToC_40" HREF="auqbg005.htm#HDRWQ27">Building AFS into the Digital UNIX Kernel</A>
+<LI><A NAME="ToC_41" HREF="auqbg005.htm#HDRWQ28">Configuring Server Partitions on Digital UNIX Systems</A>
+<LI><A NAME="ToC_42" HREF="auqbg005.htm#HDRWQ29">Replacing the fsck Program on Digital UNIX Systems</A>
+<LI><A NAME="ToC_43" HREF="auqbg005.htm#HDRWQ30">Enabling AFS Login on Digital UNIX Systems</A>
+</MENU>
+<LI><A NAME="ToC_44" HREF="auqbg005.htm#HDRWQ31">Getting Started on HP-UX Systems</A>
+<MENU>
+<LI><A NAME="ToC_45" HREF="auqbg005.htm#HDRWQ32">Building AFS into the HP-UX Kernel</A>
+<LI><A NAME="ToC_46" HREF="auqbg005.htm#HDRWQ33">Configuring Server Partitions on HP-UX Systems</A>
+<LI><A NAME="ToC_47" HREF="auqbg005.htm#HDRWQ34">Configuring the AFS-modified fsck Program on HP-UX Systems</A>
+<LI><A NAME="ToC_48" HREF="auqbg005.htm#HDRWQ35">Enabling AFS Login on HP-UX Systems</A>
+</MENU>
+<LI><A NAME="ToC_49" HREF="auqbg005.htm#HDRWQ36">Getting Started on IRIX Systems</A>
+<MENU>
+<LI><A NAME="ToC_50" HREF="auqbg005.htm#HDRWQ37">Loading AFS into the IRIX Kernel</A>
+<LI><A NAME="ToC_51" HREF="auqbg005.htm#HDRWQ38">Building AFS into the IRIX Kernel</A>
+<LI><A NAME="ToC_52" HREF="auqbg005.htm#HDRWQ39">Configuring Server Partitions on IRIX Systems</A>
+<LI><A NAME="ToC_53" HREF="auqbg005.htm#HDRWQ40">Enabling AFS Login on IRIX Systems</A>
+</MENU>
+<LI><A NAME="ToC_54" HREF="auqbg005.htm#HDRWQ41">Getting Started on Linux Systems</A>
+<MENU>
+<LI><A NAME="ToC_55" HREF="auqbg005.htm#HDRWQ42">Loading AFS into the Linux Kernel</A>
+<LI><A NAME="ToC_56" HREF="auqbg005.htm#HDRWQ43">Configuring Server Partitions on Linux Systems</A>
+<LI><A NAME="ToC_57" HREF="auqbg005.htm#HDRWQ44">Enabling AFS Login on Linux Systems</A>
+</MENU>
+<LI><A NAME="ToC_58" HREF="auqbg005.htm#HDRWQ45">Getting Started on Solaris Systems</A>
+<MENU>
+<LI><A NAME="ToC_59" HREF="auqbg005.htm#HDRWQ46">Loading AFS into the Solaris Kernel</A>
+<LI><A NAME="ToC_60" HREF="auqbg005.htm#HDRWQ47">Configuring the AFS-modified fsck Program on Solaris Systems</A>
+<LI><A NAME="ToC_61" HREF="auqbg005.htm#HDRWQ48">Configuring Server Partitions on Solaris Systems</A>
+<LI><A NAME="ToC_62" HREF="auqbg005.htm#HDRWQ49">Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems</A>
+</MENU>
+<LI><A NAME="ToC_63" HREF="auqbg005.htm#HDRWQ50">Starting the BOS Server</A>
+<LI><A NAME="ToC_64" HREF="auqbg005.htm#HDRWQ51">Defining Cell Name and Membership for Server Processes</A>
+<LI><A NAME="ToC_65" HREF="auqbg005.htm#HDRWQ52">Starting the Database Server Processes</A>
+<LI><A NAME="ToC_66" HREF="auqbg005.htm#HDRWQ53">Initializing Cell Security</A>
+<LI><A NAME="ToC_67" HREF="auqbg005.htm#HDRWQ60">Starting the File Server, Volume Server, and Salvager</A>
+<LI><A NAME="ToC_68" HREF="auqbg005.htm#HDRWQ61">Starting the Server Portion of the Update Server</A>
+<LI><A NAME="ToC_69" HREF="auqbg005.htm#HDRWQ62">Starting the Controller for NTPD</A>
+<LI><A NAME="ToC_70" HREF="auqbg005.htm#HDRWQ63">Overview: Installing Client Functionality</A>
+<LI><A NAME="ToC_71" HREF="auqbg005.htm#HDRWQ64">Copying Client Files to the Local Disk</A>
+<LI><A NAME="ToC_72" HREF="auqbg005.htm#HDRWQ65">Defining Cell Membership for Client Processes</A>
+<LI><A NAME="ToC_73" HREF="auqbg005.htm#HDRWQ66">Creating the Client CellServDB File</A>
+<LI><A NAME="ToC_74" HREF="auqbg005.htm#HDRWQ67">Configuring the Cache</A>
+<MENU>
+<LI><A NAME="ToC_75" HREF="auqbg005.htm#HDRWQ68">Configuring a Disk Cache</A>
+<LI><A NAME="ToC_76" HREF="auqbg005.htm#HDRWQ69">Configuring a Memory Cache</A>
+</MENU>
+<LI><A NAME="ToC_77" HREF="auqbg005.htm#HDRWQ70">Configuring the Cache Manager</A>
+<LI><A NAME="ToC_78" HREF="auqbg005.htm#HDRWQ71">Overview: Completing the Installation of the First AFS Machine</A>
+<LI><A NAME="ToC_79" HREF="auqbg005.htm#HDRWQ72">Verifying the AFS Initialization Script</A>
+<LI><A NAME="ToC_80" HREF="auqbg005.htm#HDRWQ73">Activating the AFS Initialization Script</A>
+<MENU>
+<LI><A NAME="ToC_81" HREF="auqbg005.htm#HDRWQ74">Activating the Script on AIX Systems</A>
+<LI><A NAME="ToC_82" HREF="auqbg005.htm#HDRWQ75">Activating the Script on Digital UNIX Systems</A>
+<LI><A NAME="ToC_83" HREF="auqbg005.htm#HDRWQ76">Activating the Script on HP-UX Systems</A>
+<LI><A NAME="ToC_84" HREF="auqbg005.htm#HDRWQ77">Activating the Script on IRIX Systems</A>
+<LI><A NAME="ToC_85" HREF="auqbg005.htm#HDRWQ78">Activating the Script on Linux Systems</A>
+<LI><A NAME="ToC_86" HREF="auqbg005.htm#HDRWQ79">Activating the Script on Solaris Systems</A>
+</MENU>
+<LI><A NAME="ToC_87" HREF="auqbg005.htm#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>
+<LI><A NAME="ToC_88" HREF="auqbg005.htm#HDRWQ83">Storing AFS Binaries in AFS</A>
+<LI><A NAME="ToC_89" HREF="auqbg005.htm#HDRWQ87">Storing AFS Documents in AFS</A>
+<LI><A NAME="ToC_90" HREF="auqbg005.htm#HDRWQ88">Storing System Binaries in AFS</A>
+<LI><A NAME="ToC_91" HREF="auqbg005.htm#HDRWQ91">Enabling Access to Foreign Cells</A>
+<LI><A NAME="ToC_92" HREF="auqbg005.htm#HDRWQ93">Improving Cell Security</A>
+<MENU>
+<LI><A NAME="ToC_93" HREF="auqbg005.htm#HDRWQ94">Controlling root Access</A>
+<LI><A NAME="ToC_94" HREF="auqbg005.htm#HDRWQ95">Controlling System Administrator Access</A>
+<LI><A NAME="ToC_95" HREF="auqbg005.htm#HDRWQ96">Protecting Sensitive AFS Directories</A>
+</MENU>
+<LI><A NAME="ToC_96" HREF="auqbg005.htm#HDRWQ98">Removing Client Functionality</A>
+</MENU>
+<P><B><A NAME="ToC_97" HREF="auqbg006.htm#HDRWQ99">Installing Additional Server Machines</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_98" HREF="auqbg006.htm#HDRWQ100">Installing an Additional File Server Machine</A>
+<MENU>
+<LI><A NAME="ToC_99" HREF="auqbg006.htm#Header_99">Creating AFS Directories and Performing Platform-Specific Procedures</A>
+<LI><A NAME="ToC_106" HREF="auqbg006.htm#HDRWQ108">Starting Server Programs</A>
+<LI><A NAME="ToC_107" HREF="auqbg006.htm#HDRWQ111">Installing Client Functionality</A>
+<LI><A NAME="ToC_108" HREF="auqbg006.htm#HDRWQ112">Completing the Installation</A>
+</MENU>
+<LI><A NAME="ToC_109" HREF="auqbg006.htm#HDRWQ114">Installing Database Server Functionality</A>
+<MENU>
+<LI><A NAME="ToC_110" HREF="auqbg006.htm#Header_110">Summary of Procedures</A>
+<LI><A NAME="ToC_111" HREF="auqbg006.htm#Header_111">Instructions</A>
+</MENU>
+<LI><A NAME="ToC_112" HREF="auqbg006.htm#HDRWQ125">Removing Database Server Functionality</A>
+<MENU>
+<LI><A NAME="ToC_113" HREF="auqbg006.htm#Header_113">Summary of Procedures</A>
+<LI><A NAME="ToC_114" HREF="auqbg006.htm#Header_114">Instructions</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_115" HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_116" HREF="auqbg007.htm#Header_116">Summary of Procedures</A>
+<LI><A NAME="ToC_117" HREF="auqbg007.htm#HDRWQ134">Creating AFS Directories on the Local Disk</A>
+<LI><A NAME="ToC_118" HREF="auqbg007.htm#HDRWQ135">Performing Platform-Specific Procedures</A>
+<LI><A NAME="ToC_119" HREF="auqbg007.htm#HDRWQ136">Getting Started on AIX Systems</A>
+<MENU>
+<LI><A NAME="ToC_120" HREF="auqbg007.htm#Header_120">Loading AFS into the AIX Kernel</A>
+<LI><A NAME="ToC_121" HREF="auqbg007.htm#Header_121">Enabling AFS Login on AIX Systems</A>
+</MENU>
+<LI><A NAME="ToC_122" HREF="auqbg007.htm#HDRWQ137">Getting Started on Digital UNIX Systems</A>
+<MENU>
+<LI><A NAME="ToC_123" HREF="auqbg007.htm#Header_123">Building AFS into the Digital UNIX Kernel</A>
+<LI><A NAME="ToC_124" HREF="auqbg007.htm#Header_124">Enabling AFS Login on Digital UNIX Systems</A>
+</MENU>
+<LI><A NAME="ToC_125" HREF="auqbg007.htm#HDRWQ138">Getting Started on HP-UX Systems</A>
+<MENU>
+<LI><A NAME="ToC_126" HREF="auqbg007.htm#Header_126">Building AFS into the HP-UX Kernel</A>
+<LI><A NAME="ToC_127" HREF="auqbg007.htm#Header_127">Enabling AFS Login on HP-UX Systems</A>
+</MENU>
+<LI><A NAME="ToC_128" HREF="auqbg007.htm#HDRWQ139">Getting Started on IRIX Systems</A>
+<MENU>
+<LI><A NAME="ToC_129" HREF="auqbg007.htm#HDRWQ140">Loading AFS into the IRIX Kernel</A>
+<LI><A NAME="ToC_130" HREF="auqbg007.htm#HDRWQ141">Building AFS into the IRIX Kernel</A>
+<LI><A NAME="ToC_131" HREF="auqbg007.htm#HDRWQ142">Enabling AFS Login on IRIX Systems</A>
+</MENU>
+<LI><A NAME="ToC_132" HREF="auqbg007.htm#HDRWQ143">Getting Started on Linux Systems</A>
+<MENU>
+<LI><A NAME="ToC_133" HREF="auqbg007.htm#Header_133">Loading AFS into the Linux Kernel</A>
+<LI><A NAME="ToC_134" HREF="auqbg007.htm#Header_134">Enabling AFS Login on Linux Systems</A>
+</MENU>
+<LI><A NAME="ToC_135" HREF="auqbg007.htm#HDRWQ144">Getting Started on Solaris Systems</A>
+<MENU>
+<LI><A NAME="ToC_136" HREF="auqbg007.htm#Header_136">Loading AFS into the Solaris Kernel</A>
+<LI><A NAME="ToC_137" HREF="auqbg007.htm#Header_137">Enabling AFS Login on Solaris Systems</A>
+</MENU>
+<LI><A NAME="ToC_138" HREF="auqbg007.htm#HDRWQ145">Loading and Creating Client Files</A>
+<LI><A NAME="ToC_139" HREF="auqbg007.htm#HDRWQ146">Configuring the Cache</A>
+<MENU>
+<LI><A NAME="ToC_140" HREF="auqbg007.htm#HDRWQ147">Configuring a Disk Cache</A>
+<LI><A NAME="ToC_141" HREF="auqbg007.htm#HDRWQ148">Configuring a Memory Cache</A>
+</MENU>
+<LI><A NAME="ToC_142" HREF="auqbg007.htm#HDRWQ149">Configuring the Cache Manager</A>
+<LI><A NAME="ToC_143" HREF="auqbg007.htm#HDRWQ150">Starting the Cache Manager and Installing the AFS Initialization Script</A>
+<MENU>
+<LI><A NAME="ToC_144" HREF="auqbg007.htm#HDRWQ151">Running the Script on AIX Systems</A>
+<LI><A NAME="ToC_145" HREF="auqbg007.htm#HDRWQ152">Running the Script on Digital UNIX Systems</A>
+<LI><A NAME="ToC_146" HREF="auqbg007.htm#HDRWQ153">Running the Script on HP-UX Systems</A>
+<LI><A NAME="ToC_147" HREF="auqbg007.htm#HDRWQ154">Running the Script on IRIX Systems</A>
+<LI><A NAME="ToC_148" HREF="auqbg007.htm#HDRWQ155">Running the Script on Linux Systems</A>
+<LI><A NAME="ToC_149" HREF="auqbg007.htm#HDRWQ156">Running the Script on Solaris Systems</A>
+</MENU>
+<LI><A NAME="ToC_150" HREF="auqbg007.htm#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>
+<MENU>
+<LI><A NAME="ToC_151" HREF="auqbg007.htm#HDRWQ158">Linking /usr/afsws on an Existing System Type</A>
+<LI><A NAME="ToC_152" HREF="auqbg007.htm#HDRWQ159">Creating Binary Volumes for a New System Type</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_153" HREF="auqbg008.htm#HDRWQ163">Appendix A. Building AFS from Source Code</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_154" HREF="auqbg008.htm#HDRWQ164">Loading the Source Files</A>
+<LI><A NAME="ToC_155" HREF="auqbg008.htm#HDRWQ165">Compiling AFS Binaries Using the washtool Program</A>
+</MENU>
+<P><B><A NAME="ToC_156" HREF="auqbg009.htm#HDRINDEX">Index</A></B><BR>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRWQ1" HREF="auqbg002.htm#ToC_1">About This Guide</A></H1>
+<P>This section describes the purpose, organization, and conventions of this
+document.
+<HR><H2><A NAME="HDRWQ2" HREF="auqbg002.htm#ToC_2">Audience and Purpose</A></H2>
+<P>This guide explains how to install and configure
+AFS<SUP><SUP>(R)</SUP></SUP> server and client machines. It assumes that the
+reader is familiar with UNIX<SUP><SUP>(R)</SUP></SUP> system administration, but not
+AFS.
+<P>The instructions explain how to issue AFS commands in the context of
+specific tasks, but do not describe a command's function or arguments in
+detail. Refer to the <I>IBM AFS Administration Reference</I> as
+necessary.
+<HR><H2><A NAME="HDRWQ3" HREF="auqbg002.htm#ToC_3">Organization of the Document</A></H2>
+<P>See <A HREF="auqbg004.htm#HDRWQ7">The Procedures Described in this Guide</A>.
+<HR><H2><A NAME="HDRWQ4" HREF="auqbg002.htm#ToC_4">How to Use This Document</A></H2>
+<P>See <A HREF="auqbg004.htm#HDRWQ7">The Procedures Described in this Guide</A> and <A HREF="auqbg004.htm#HDRWQ16">How to Continue</A>.
+<HR><H2><A NAME="HDRWQ5" HREF="auqbg002.htm#ToC_5">Related Documents</A></H2>
+<P>The AFS documentation set also includes the following
+documents.
+<P><I>IBM AFS Administration Guide</I>
+<P>This guide describes the concepts and procedures that a system
+administrator must know to manage an AFS cell. It assumes familiarity
+with UNIX, but requires no previous knowledge of AFS.
+<P>The first chapters of the <I>IBM AFS Administration Guide</I> present
+basic concepts and guidelines. Understanding them is crucial to
+successful administration of an AFS cell. The remaining chapters in the
+guide provide step-by-step instructions for specific administrative tasks,
+along with discussions of the concepts important to that particular
+task.
+<P><I>IBM AFS Administration Reference</I>
+<P>This reference manual details the syntax and effect of each AFS
+command. It is intended for the experienced AFS administrator,
+programmer, or user.
+<P>The <I>IBM AFS Administration Reference</I> lists AFS files and
+commands in alphabetical order. The reference page for each command
+specifies its syntax, including the acceptable aliases and
+abbreviations. It then describes the command's function,
+arguments, and output if any. Examples and a list of related commands
+are provided, as are warnings where appropriate.
+<P>This manual complements the <I>IBM AFS Administration Guide</I>:
+it does not include procedural information, but describes commands in more
+detail than the <I>IBM AFS Administration Guide</I>.
+<P><I>IBM AFS User Guide</I>
+<P>This guide presents the basic concepts and procedures necessary for using
+AFS effectively. It assumes that the reader has some experience with
+UNIX, but does not require familiarity with networking or AFS.
+<P>The guide explains how to perform basic functions, including
+authenticating, changing a password, protecting AFS data, creating groups, and
+troubleshooting. It provides illustrative examples for each function
+and describes some of the differences between the UNIX file system and
+AFS.
+<P><I>IBM AFS Release Notes</I>
+<P>This document provides information specific to each release of AFS, such as
+a list of new features and commands, a list of requirements and limitations,
+and instructions for upgrading server and client machines.
+<HR><H2><A NAME="HDRTYPO_CONV" HREF="auqbg002.htm#ToC_6">Typographical Conventions</A></H2>
+<P>This document uses the following typographical
+conventions:
+<UL>
+<P><LI>Command and option names appear in <B>bold type</B> in syntax
+definitions, examples, and running text. Names of directories, files,
+machines, partitions, volumes, and users also appear in <B>bold
+type</B>.
+<P><LI>Variable information appears in <I>italic type</I>. This
+includes user-supplied information on command lines and the parts of prompts
+that differ depending on who issues the command. New terms also appear
+in <I>italic type</I>.
+<P><LI>Examples of screen output and file contents appear in <TT>monospace
+type</TT>.
+</UL>
+<P>In addition, the following symbols appear in command syntax definitions,
+both in the documentation and in AFS online help statements. When
+issuing a command, do not type these symbols.
+<UL>
+<P><LI>Square brackets <B>[ ]</B> surround optional items.
+<P><LI>Angle brackets <B>< ></B> surround user-supplied values in AFS
+commands.
+<P><LI>A superscripted plus sign <B>+</B> follows an argument that accepts
+more than one value.
+<P><LI>The percent sign <TT>%</TT> represents the regular command shell
+prompt. Some operating systems possibly use a different character for
+this prompt.
+<P><LI>The number sign <TT>#</TT> represents the command shell prompt for the
+local superuser <B>root</B>. Some operating systems possibly use a
+different character for this prompt.
+<P><LI>The pipe symbol <B> |</B> in a command syntax statement separates
+mutually exclusive values for an argument.
+</UL>
+<P>For additional information on AFS commands, including a description of
+command string components, acceptable abbreviations and aliases, and how to
+get online help for commands, see the appendix to the <I>IBM AFS
+Administration Guide</I>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ6" HREF="auqbg002.htm#ToC_7">Installation Overview</A></H1>
+<P>This chapter describes the type of instructions provided in
+this guide and the hardware and software requirements for installing
+AFS<SUP><SUP>(R)</SUP></SUP>.
+<P>Before beginning the installation of your cell's first machine, read
+this chapter and the material from the <I>IBM AFS Administration Guide</I>
+listed in <A HREF="#HDRWQ8">Recommended Reading List</A>. It is also best to read through <A HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A> before beginning the installation, so that
+you understand the overall scope of the installation procedure.
+Similarly, before installing additional server or client machines it is best
+to read through <A HREF="auqbg006.htm#HDRWQ99">Installing Additional Server Machines</A> and <A HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A>.
+<P>If you are already running a version of AFS, consult the upgrade
+instructions in the <I>IBM AFS Release Notes</I> or contact the AFS
+Product Support group before proceeding with the installation.
+<HR><H2><A NAME="HDRWQ7" HREF="auqbg002.htm#ToC_8">The Procedures Described in this Guide</A></H2>
+<P>This guide describes two types of installation
+procedures: initial procedures (such as installing the first AFS machine
+or incorporating AFS into the kernel) and as-needed procedures (such as
+installing additional server machines or client machines).
+<P><H3><A NAME="Header_9" HREF="auqbg002.htm#ToC_9">Required Initial Procedures</A></H3>
+<P>You must perform the following basic procedures to start using
+AFS.
+<P><H4><A NAME="Header_10">Incorporating AFS Into the Kernel</A></H4>
+<P>You must incorporate AFS modifications into the kernel of every AFS
+file server and client machine. Depending on the operating system, you
+either use a program for dynamic kernel loading, build a new static kernel, or
+can choose between the two. For your convenience, the instructions for
+incorporating AFS into the kernel appear in full in every chapter where you
+need to use them.
+<A NAME="IDX2197"></A>
+<A NAME="IDX2198"></A>
+<P><H4><A NAME="Header_11">Installing the First AFS Machine</A></H4>
+<P>You install the first AFS machine in your cell to function as both an
+AFS server and client machine. You can disable the client functionality
+after completing the installation, if you wish.
+<P>The first server machine in a cell performs several functions:
+<UL>
+<P><LI>It acts as the <I>system control machine</I> (if your AFS distribution
+includes the required encryption files), distributing certain configuration
+files to the other server machines in the cell
+<P><LI>It acts as the <I>binary distribution machine</I> for its system type,
+distributing AFS binaries to other server machines of its system type
+<P><LI>It acts as the first <I>database server machine</I>, running the
+server processes that maintain the AFS administrative databases
+</UL>
+<P>After you install server and client functionality, you complete other
+procedures specific to the first machine, including setting up the top levels
+of your cell's AFS filespace.
+<P><H3><A NAME="Header_12" HREF="auqbg002.htm#ToC_12">As-needed Procedures</A></H3>
+<P><H4><A NAME="Header_13">Upgrading the Operating System</A></H4>
+<P>Upgrading the operating system requires you to take several steps to
+protect data and AFS-modified binaries from being lost or overwritten.
+For guidelines, see <A HREF="#HDRWQ14">About Upgrading the Operating System</A>.
+<P><H4><A NAME="Header_14">Installing Additional File Server Machines</A></H4>
+<P>See <A HREF="auqbg006.htm#HDRWQ100">Installing an Additional File Server Machine</A>.
+<P><H4><A NAME="Header_15">Configuring or Decommissioning Database Server Machines</A></H4>
+<P>See <A HREF="auqbg006.htm#HDRWQ114">Installing Database Server Functionality</A> and <A HREF="auqbg006.htm#HDRWQ125">Removing Database Server Functionality</A>.
+<P><H4><A NAME="Header_16">Installing Additional AFS Client Machines</A></H4>
+<P>See <A HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A>.
+<P><H4><A NAME="Header_17">Building AFS from Source Code</A></H4>
+<P>See <A HREF="auqbg008.htm#HDRWQ163">Appendix A, Building AFS from Source Code</A>.
+<A NAME="IDX2199"></A>
+<A NAME="IDX2200"></A>
+<HR><H2><A NAME="HDRWQ8" HREF="auqbg002.htm#ToC_18">Recommended Reading List</A></H2>
+<P>To develop the best understanding of the overall scope of an
+installation procedure, read through the entire chapter or section that
+describes it before performing any actions.
+<P>In addition, familiarity with some basic AFS concepts can make the
+installation more efficient, because you understand better the purpose of the
+steps. The following is a prioritized list of material to read before
+installing the first AFS machine. At minimum, read the first chapter of
+the <I>IBM AFS Administration Guide</I>. Then continue your reading
+in the indicated order, as extensively as you can. It is more important
+at this point to read the conceptual material in each section than the
+instructions.
+<P><B>Selected Topics in the <I>IBM AFS Administration Guide</I></B>
+<UL>
+<P><LI>The chapter titled <I>An Overview of AFS Administration</I>
+<P><LI>Selected sections in the <I>Administering Server Machines</I>
+chapter: <I>Local Disk Files on a Server Machine</I>, <I>The Four
+Roles for a Server Machine</I>, <I>Maintaining the Server CellServDB
+File</I>
+<P><LI>Selected sections in the <I>Monitoring and Controlling Server
+Processes</I> chapter: <I>Controlling and Checking Process
+Status</I>
+<P><LI>Selected sections in the <I>Managing Server Encryption Keys</I>
+chapter: <I>About Server Encryption Keys</I>
+<P><LI>Selected sections in the <I>Managing Volumes</I> chapter:
+<I>About Volumes</I>, <I>Creating Read/write Volumes</I>, <I>Clones
+and Cloning</I>, <I>Mounting Volumes</I>
+<P><LI>Selected sections in the <I>Administering Client Machines and the Cache
+Manager</I> chapter: <I>Overview of Cache Manager
+Customization</I>, <I>Configuration and Cache-related Files on the Local
+Disk</I>, <I>Determining the Cache Type, Size, and Location</I>
+<P><LI>Selected sections in the <I>Managing Access Control Lists</I>
+chapter: <I>Protecting Data in AFS</I>
+</UL>
+<P><B>More Selected Topics in the <I>IBM AFS Administration
+Guide</I></B>
+<UL>
+<P><LI>Selected sections in the <I>Managing Volumes</I> chapter:
+<I>Creating and Releasing Read-only Volumes (Replication)</I>,
+<I>Creating Backup Volumes</I>
+<P><LI>Selected sections in the <I>Administering the Protection Database</I>
+chapter: <I>About the Protection Database</I>
+<P><LI>Selected sections in the <I>Administering User Accounts</I>
+chapter: <I>The Components of an AFS User Account</I>
+<P><LI>Selected sections in the <I>Managing Administrative Privilege</I>
+chapter: <I>An Overview of Administrative Privilege</I>
+</UL>
+<HR><H2><A NAME="HDRWQ9" HREF="auqbg002.htm#ToC_19">Requirements</A></H2>
+<P>You must comply with the following requirements to install AFS
+successfully.
+<A NAME="IDX2201"></A>
+<P><H3><A NAME="Header_20" HREF="auqbg002.htm#ToC_20">Login Identity</A></H3>
+<P>Log into the machine you are installing as the local superuser
+<B>root</B>. When instructed, also authenticate with AFS as the
+administrative user <B>admin</B>.
+<A NAME="IDX2202"></A>
+<A NAME="IDX2203"></A>
+<P><H3><A NAME="HDRWQ10" HREF="auqbg002.htm#ToC_21">General Requirements</A></H3>
+<UL>
+<P><LI>You must have the AFS Binary Distribution for each system type you are
+installing. Unless otherwise noted, the Binary Distribution includes
+software for both client and server machines. If you are using the
+CD-ROM version of the distribution, the machine you are installing must be
+able to access the CD-ROMs, either through a local CD drive or via an
+NFS<SUP><SUP>(R)</SUP></SUP> mount of a CD drive attached to a machine that is
+accessible by network.
+<P><LI>All AFS machines that belong to a cell must be able to access each other
+via the network.
+<P><LI>The machine must be running the standard, vendor-supplied version of the
+operating system supported by the current version of AFS. The operating
+system must already be installed on the machine's root partition.
+<P><LI>You must be familiar with the current operating system and disk
+configuration of the machine you are installing.
+<P><LI>All hardware and non-AFS software on the machine must be functioning
+normally.
+<P><LI>No critical processes can be running on the machine you are installing,
+because you must reboot it during the installation.
+</UL>
+<A NAME="IDX2204"></A>
+<A NAME="IDX2205"></A>
+<P><H3><A NAME="HDRWQ11" HREF="auqbg002.htm#ToC_22">File Server Machine Requirements</A></H3>
+<UL>
+<P><LI>Cell configuration is simplest if the first machine you install has the
+lowest IP address of any database server machine you currently plan to
+install. If you later configure a machine with a lower IP address as a
+database server machine, you must update the
+<B>/usr/vice/etc/CellServDB</B> file on all of your cell's client
+machines before the installation. For further discussion, see <A HREF="auqbg006.htm#HDRWQ114">Installing Database Server Functionality</A>.
+<P><LI>The partition mounted on the <B>/usr</B> directory must have at least
+18 MB of disk space available for storing the AFS server binaries (stored by
+convention in the <B>/usr/afs/bin</B> directory). If the machine is
+also a client, there must be additional local disk space available, as
+specified in <A HREF="#HDRWQ12">Client Machine Requirements</A>. The complete set of AFS binaries requires yet more
+space, but they are normally stored in an AFS volume rather than on a
+machine's local disk.
+<P>More significant amounts of space on the partition are required by the
+administrative databases stored in the <B>/usr/afs/db</B> directory and
+the server process log files stored in the <B>/usr/afs/logs</B>
+directory. The exact requirement depends on many factors, such as the
+size of your cell and how often you truncate the log files.
+<P><LI>There must be at least one partition (or logical volume, if the operating
+system and AFS support them) dedicated exclusively to storing AFS
+volumes. The total number and size of server partitions on all file
+server machines in the cell determines how much space is available for AFS
+files.
+</UL>
+<A NAME="IDX2206"></A>
+<A NAME="IDX2207"></A>
+<P><H3><A NAME="HDRWQ12" HREF="auqbg002.htm#ToC_23">Client Machine Requirements</A></H3>
+<UL>
+<P><LI>The partition mounted on the <B>/usr</B> directory must have at least
+4 MB of disk space available for storing the AFS client binaries and kernel
+library files (stored by convention in the <B>/usr/vice/etc</B>
+directory). The complete set of AFS binaries requires more space, but
+they are normally stored in an AFS volume rather than on a machine's
+local disk. For most system types, the instructions have you copy only
+the one kernel library file appropriate for the machine you are
+installing. If you choose to store all of the library files on the
+local disk, the space requirement can be significantly greater.
+<P><LI>On a client machine that uses a disk cache, there must be enough free
+space on the cache partition (by convention, mounted on the
+<B>/usr/vice/cache</B> directory) to accommodate the cache. The
+minimum recommended cache size is 10 MB, but larger caches generally perform
+better.
+<P><LI>On a client machine that uses a memory cache, there must be at least 5 MB
+of machine memory to devote to caching, but again more memory generally leads
+to better performance. For further discussion, see the sections in <A HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A> about configuring the cache.
+</UL>
+<A NAME="IDX2208"></A>
+<A NAME="IDX2209"></A>
+<HR><H2><A NAME="HDRWQ13" HREF="auqbg002.htm#ToC_24">Supported System Types</A></H2>
+<P>The <I>IBM AFS Release Notes</I> for each AFS release
+list the supported system types. Support for subsequent revisions of an
+operating system often becomes available between AFS releases. The AFS
+Product Support group can provide details.
+<P>It is the goal of the AFS Development and Product Support groups to support
+AFS on a wide range of popular system types. Furthermore, each time an
+operating system vendor releases a new general availability version of a
+supported operating system, it is a goal to certify and support AFS on it
+within a short time. Support can be delayed a bit longer if it is
+necessary to generate completely new binaries.
+<P>It is not always possible to support AFS on every intermediate version of
+an operating system or for certain processor types. In some cases,
+platform limitations make certain AFS functionality (such as file server or
+NFS/AFS translator functionality) unavailable on one or more platforms.
+For a list of limitations, see the <I>IBM AFS Release Notes</I> or ask the
+AFS Product Support group.
+<A NAME="IDX2210"></A>
+<A NAME="IDX2211"></A>
+<A NAME="IDX2212"></A>
+<A NAME="IDX2213"></A>
+<HR><H2><A NAME="HDRWQ14" HREF="auqbg002.htm#ToC_25">About Upgrading the Operating System</A></H2>
+<P>Whenever you upgrade an AFS machine to a different operating
+system, you must take several actions to maintain proper AFS
+functionality. These actions include, but are not necessarily limited
+to, the following.
+<UL>
+<P><LI>Unmount the AFS server partitions (mounted at <B>/vicep</B><VAR>xx</VAR>
+directories) on all file server machines, to prevent the vendor-supplied
+<B>fsck</B> program from running on them when you reboot the machine
+during installation of the new operating system. Before upgrading the
+operating system, it is prudent to comment out commands in the machine's
+initialization file that remount the server partitions, to prevent them from
+being remounted until you can replace the standard <B>fsck</B> program
+with the AFS-modified version. The instructions in this guide for
+installing AFS server machines explain how to replace the <B>fsck</B>
+program.
+<P><LI>Protect the AFS-modified versions of commands and configuration files from
+being overwritten by vendor-supplied versions. These include
+<B>vfsck</B> (the AFS version of <B>fsck</B>), binaries for the UNIX
+remote services such as <B>inetd</B>, and configuration files such as the
+one for the Pluggable Authentication Module (PAM). After you have
+successfully installed the operating system, remember to move the AFS-modified
+commands and files back to the locations where they are accessed during normal
+functioning.
+<P><LI>Reformat the server partitions to accommodate AFS-specific information, in
+certain cases. The upgrade instructions that accompany the new AFS
+binaries for an affected platform always detail the required procedure.
+</UL>
+<A NAME="IDX2214"></A>
+<A NAME="IDX2215"></A>
+<A NAME="IDX2216"></A>
+<A NAME="IDX2217"></A>
+<HR><H2><A NAME="HDRWQ15" HREF="auqbg002.htm#ToC_26">The AFS Binary Distribution</A></H2>
+<P>The AFS Binary Distribution includes a separate CD-ROM for
+each supported system type, containing all AFS binaries and files for both
+server and client machines. The instructions in this guide specify when
+to mount the CD-ROM and which files or directories to copy to the local disk
+or into an AFS volume.
+<HR><H2><A NAME="HDRWQ16" HREF="auqbg002.htm#ToC_27">How to Continue</A></H2>
+<P>If you are installing the first AFS machine in your cell,
+proceed to <A HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A>.
+<P>If you are installing an additional file server machine, or configuring or
+decommissioning a database server machine, proceed to <A HREF="auqbg006.htm#HDRWQ99">Installing Additional Server Machines</A>.
+<P>If you are installing an additional client machine, proceed to <A HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX2218"></A>
+<A NAME="IDX2219"></A>
+<A NAME="IDX2220"></A>
+<HR><H1><A NAME="HDRWQ17" HREF="auqbg002.htm#ToC_28">Installing the First AFS Machine</A></H1>
+<P>This chapter describes how to install the first AFS machine
+in your cell, configuring it as both a file server machine and a client
+machine. After completing all procedures in this chapter, you can
+remove the client functionality if you wish, as described in <A HREF="#HDRWQ98">Removing Client Functionality</A>.
+<P>To install additional file server machines after completing this chapter,
+see <A HREF="auqbg006.htm#HDRWQ99">Installing Additional Server Machines</A>.
+<P>To install additional client machines after completing this chapter, see <A HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A>.
+<A NAME="IDX2221"></A>
+<HR><H2><A NAME="Header_29" HREF="auqbg002.htm#ToC_29">Requirements and Configuration Decisions</A></H2>
+<P>The instructions in this chapter assume that you meet the following
+requirements.
+<UL>
+<P><LI>You are logged onto the machine's console as the local superuser
+<B>root</B>
+<P><LI>A standard version of one of the operating systems supported by the
+current version of AFS is running on the machine
+<P><LI>You can access the data on the AFS CD-ROMs, either through a local CD
+drive or via an NFS mount of a CD drive attached to a machine that is
+accessible by network
+</UL>
+<P>You must make the following configuration decisions while installing the
+first AFS machine. To speed the installation itself, it is best to make
+the decisions before beginning. See the chapter in the <I>IBM AFS
+Administration Guide</I> about issues in cell administration and
+configuration for detailed guidelines.
+<A NAME="IDX2222"></A>
+<A NAME="IDX2223"></A>
+<A NAME="IDX2224"></A>
+<UL>
+<P><LI>Select the first AFS machine
+<P><LI>Select the cell name
+<P><LI>Decide which partitions or logical volumes to configure as AFS server
+partitions, and choose the directory names on which to mount them
+<P><LI>Decide whether to use the standard AFS authentication and authorization
+software or Kerberos as obtained from another source. On several system
+types, the decision determines how you incorporate AFS into the machine's
+authentication system. If you wish to use Kerberos, contact the AFS
+Product Support group now to learn about how you must modify the installation
+procedure.
+<P><LI>Decide how big to make the client cache
+<P><LI>Decide how to configure the top levels of your cell's AFS filespace
+</UL>
+<P>This chapter is divided into three large sections corresponding to the
+three parts of installing the first AFS machine. Perform all of the
+steps in the order they appear. Each functional section begins with a
+summary of the procedures to perform. The sections are as
+follows:
+<UL>
+<P><LI>Installing server functionality (begins in <A HREF="#HDRWQ18">Overview: Installing Server Functionality</A>)
+<P><LI>Installing client functionality (begins in <A HREF="#HDRWQ63">Overview: Installing Client Functionality</A>)
+<P><LI>Configuring your cell's filespace, establishing further security
+mechanisms, and enabling access to foreign cells (begins in <A HREF="#HDRWQ71">Overview: Completing the Installation of the First AFS Machine</A>)
+</UL>
+<A NAME="IDX2225"></A>
+<A NAME="IDX2226"></A>
+<A NAME="IDX2227"></A>
+<HR><H2><A NAME="HDRWQ18" HREF="auqbg002.htm#ToC_30">Overview: Installing Server Functionality</A></H2>
+<P>In the first phase of installing your cell's first AFS
+machine, you install file server and database server functionality by
+performing the following procedures:
+<OL TYPE=1>
+<P><LI>Choose which machine to install as the first AFS machine
+<P><LI>Create AFS-related directories on the local disk
+<P><LI>Incorporate AFS modifications into the machine's kernel
+<P><LI>Configure partitions or logical volumes for storing AFS volumes
+<P><LI>On some system types, install and configure an AFS-modified version of the
+<B>fsck</B> program
+<P><LI>If the machine is to remain a client machine, incorporate AFS into its
+authentication system
+<P><LI>Start the Basic OverSeer (BOS) Server
+<P><LI>Define the cell name and the machine's cell membership
+<P><LI>Start the database server processes: Authentication Server, Backup
+Server, Protection Server, and Volume Location (VL) Server
+<P><LI>Configure initial security mechanisms
+<P><LI>Start the <B>fs</B> process, which incorporates three component
+processes: the File Server, Volume Server, and Salvager
+<P><LI>Start the server portion of the Update Server
+<P><LI>Start the controller process (called <B>runntp</B>) for the Network
+Time Protocol Daemon, which synchronizes machine clocks
+</OL>
+<HR><H2><A NAME="HDRWQ19" HREF="auqbg002.htm#ToC_31">Choosing the First AFS Machine</A></H2>
+<P>The first AFS machine you install must have sufficient disk
+space to store AFS volumes. To take best advantage of AFS's
+capabilities, store client-side binaries as well as user files in
+volumes. When you later install additional file server machines in your
+cell, you can distribute these volumes among the different machines as you see
+fit.
+<P>These instructions configure the first AFS machine as a <I>database
+server machine</I>, the <I>binary distribution machine</I> for its
+system type, and the cell's <I>system control machine</I>. For
+a description of these roles, see the <I>IBM AFS Administration
+Guide</I>.
+<P>Installation of additional machines is simplest if the first machine has
+the lowest IP address of any database server machine you currently plan to
+install. If you later install database server functionality on a
+machine with a lower IP address, you must first update the
+<B>/usr/vice/etc/CellServDB</B> file on all of your cell's client
+machines. For more details, see <A HREF="auqbg006.htm#HDRWQ114">Installing Database Server Functionality</A>.
+<HR><H2><A NAME="Header_32" HREF="auqbg002.htm#ToC_32">Creating AFS Directories</A></H2>
+<A NAME="IDX2228"></A>
+<A NAME="IDX2229"></A>
+<A NAME="IDX2230"></A>
+<A NAME="IDX2231"></A>
+<A NAME="IDX2232"></A>
+<A NAME="IDX2233"></A>
+<A NAME="IDX2234"></A>
+<A NAME="IDX2235"></A>
+<A NAME="IDX2236"></A>
+<A NAME="IDX2237"></A>
+<A NAME="IDX2238"></A>
+<P>Create the <B>/usr/afs</B> and <B>/usr/vice/etc</B> directories on
+the local disk, to house server and client files respectively.
+Subsequent instructions copy files from the AFS CD-ROM into them.
+Create the <B>/cdrom</B> directory as a mount point for CD-ROMs, if it
+does not already exist.
+<PRE>
+ # <B>mkdir /usr/afs</B>
+
+ # <B>mkdir /usr/vice</B>
+
+ # <B>mkdir /usr/vice/etc</B>
+
+ # <B>mkdir /cdrom</B>
+
+</PRE>
+<HR><H2><A NAME="HDRWQ20" HREF="auqbg002.htm#ToC_33">Performing Platform-Specific Procedures</A></H2>
+<P>Several of the initial procedures for installing a file
+server machine differ for each system type. For convenience, the
+following sections group them together for each system type:
+<UL>
+<A NAME="IDX2239"></A>
+<A NAME="IDX2240"></A>
+<A NAME="IDX2241"></A>
+<P><LI>Incorporate AFS modifications into the kernel.
+<P>The kernel on every AFS file server and client machine must incorporate AFS
+extensions. On machines that use a dynamic kernel module loader, it is
+conventional to alter the machine's initialization script to load the AFS
+extensions at each reboot.
+<A NAME="IDX2242"></A>
+<A NAME="IDX2243"></A>
+<A NAME="IDX2244"></A>
+<A NAME="IDX2245"></A>
+<A NAME="IDX2246"></A>
+<A NAME="IDX2247"></A>
+<A NAME="IDX2248"></A>
+<P><LI>Configure server partitions or logical volumes to house AFS
+volumes.
+<P>Every AFS file server machine must have at least one partition or logical
+volume dedicated to storing AFS volumes (for convenience, the documentation
+hereafter refers to partitions only). Each server partition is mounted
+at a directory named <B>/vicep</B><VAR>xx</VAR>, where <VAR>xx</VAR> is one or
+two lowercase letters. By convention, the first 26 partitions are
+mounted on the directories called <B>/vicepa</B> through
+<B>/vicepz</B>, the 27th one is mounted on the <B>/vicepaa</B>
+directory, and so on through <B>/vicepaz</B> and <B>/vicepba</B>,
+continuing up to the index corresponding to the maximum number of server
+partitions supported in the current version of AFS (which is specified in the
+<I>IBM AFS Release Notes</I>).
+<P>The <B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location).
+<P>You can also add or remove server partitions on an existing file server
+machine. For instructions, see the chapter in the <I>IBM AFS
+Administration Guide</I> about maintaining server machines.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Not all file system types supported by an operating system are necessarily
+supported as AFS server partitions. For possible restrictions, see the
+<I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P><LI>On some system types, install and configure a modified <B>fsck</B>
+program which recognizes the structures that the File Server uses to organize
+volume data on AFS server partitions. The <B>fsck</B> program
+provided with the operating system does not understand the AFS data
+structures, and so removes them to the <B>lost+found</B> directory.
+<P><LI>If the machine is to remain an AFS client machine, modify the
+machine's authentication system so that users obtain an AFS token as they
+log into the local file system. Using AFS is simpler and more
+convenient for your users if you make the modifications on all client
+machines. Otherwise, users must perform a two-step login procedure
+(login to the local file system and then issue the <B>klog</B>
+command). For further discussion of AFS authentication, see the chapter
+in the <I>IBM AFS Administration Guide</I> about cell configuration and
+administration issues.
+</UL>
+<P>To continue, proceed to the appropriate section:
+<UL>
+<P><LI><A HREF="#HDRWQ21">Getting Started on AIX Systems</A>
+<P><LI><A HREF="#HDRWQ26">Getting Started on Digital UNIX Systems</A>
+<P><LI><A HREF="#HDRWQ31">Getting Started on HP-UX Systems</A>
+<P><LI><A HREF="#HDRWQ36">Getting Started on IRIX Systems</A>
+<P><LI><A HREF="#HDRWQ41">Getting Started on Linux Systems</A>
+<P><LI><A HREF="#HDRWQ45">Getting Started on Solaris Systems</A>
+</UL>
+<HR><H2><A NAME="HDRWQ21" HREF="auqbg002.htm#ToC_34">Getting Started on AIX Systems</A></H2>
+<P>Begin by running the AFS initialization script to call the
+AIX kernel extension facility, which dynamically loads AFS modifications into
+the kernel. Then use the <B>SMIT</B> program to configure
+partitions for storing AFS volumes, and replace the AIX <B>fsck</B>
+program helper with a version that correctly handles AFS volumes. If
+the machine is to remain an AFS client machine, incorporate AFS into the AIX
+secondary authentication system.
+<A NAME="IDX2249"></A>
+<A NAME="IDX2250"></A>
+<A NAME="IDX2251"></A>
+<A NAME="IDX2252"></A>
+<P><H3><A NAME="HDRWQ22" HREF="auqbg002.htm#ToC_35">Loading AFS into the AIX Kernel</A></H3>
+<P>The AIX kernel extension facility is the dynamic kernel
+loader provided by IBM Corporation. AIX does not support incorporation
+of AFS modifications during a kernel build.
+<P>For AFS to function correctly, the kernel extension facility must run each
+time the machine reboots, so the AFS initialization script (included in the
+AFS distribution) invokes it automatically. In this section you copy
+the script to the conventional location and edit it to select the appropriate
+options depending on whether NFS is also to run.
+<P>After editing the script, you run it to incorporate AFS into the
+kernel. In later sections you verify that the script correctly
+initializes all AFS components, then configure the AIX <B>inittab</B> file
+so that the script runs automatically at reboot.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for AIX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your AIX documentation. Then change directory as
+indicated.
+<PRE>
+ # <B>cd /cdrom/rs_aix42/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/dkload</B> directory, and the AFS initialization script
+to the <B>/etc</B> directory.
+<PRE>
+ # <B>cp -rp dkload /usr/vice/etc</B>
+
+ # <B>cp -p rc.afs /etc/rc.afs</B>
+
+</PRE>
+<P><LI>Edit the <B>/etc/rc.afs</B> script, setting the <TT>NFS</TT>
+variable as indicated.
+<P>If the machine is not to function as an NFS/AFS Translator, set the
+<TT>NFS</TT> variable as follows.
+<PRE>
+ NFS=$NFS_NONE
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and is running AIX
+4.2.1 or higher, set the <TT>NFS</TT> variable as
+follows. Note that NFS must already be loaded into the kernel, which
+happens automatically on systems running AIX 4.1.1 and later, as
+long as the file <B>/etc/exports</B> exists.
+<PRE>
+ NFS=$NFS_IAUTH
+
+</PRE>
+<P><LI>Invoke the <B>/etc/rc.afs</B> script to load AFS modifications
+into the kernel. You can ignore any error messages about the inability
+to start the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/rc.afs</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2253"></A>
+<A NAME="IDX2254"></A>
+<A NAME="IDX2255"></A>
+<A NAME="IDX2256"></A>
+<P><H3><A NAME="HDRWQ23" HREF="auqbg002.htm#ToC_36">Configuring Server Partitions on AIX Systems</A></H3>
+<P>Every AFS file server machine must have at least one
+partition or logical volume dedicated to storing AFS volumes. Each
+server partition is mounted at a directory named <B>/vicep</B><VAR>xx</VAR>,
+where <VAR>xx</VAR> is one or two lowercase letters. The
+<B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location). For
+additional information, see <A HREF="#HDRWQ20">Performing Platform-Specific Procedures</A>.
+<P>To configure server partitions on an AIX system, perform the following
+procedures:
+<OL TYPE=1>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Use the <B>SMIT</B> program to create a journaling file system on each
+partition to be configured as an AFS server partition.
+<P><LI>Mount each partition at one of the <B>/vicep</B><VAR>xx</VAR>
+directories. Choose one of the following three methods:
+<UL>
+<P><LI>Use the <B>SMIT</B> program
+<P><LI>Use the <B>mount -a</B> command to mount all partitions at once
+<P><LI>Use the <B>mount</B> command on each partition in turn
+</UL>
+<P>Also configure the partitions so that they are mounted automatically at
+each reboot. For more information, refer to the AIX
+documentation.
+</OL>
+<A NAME="IDX2257"></A>
+<A NAME="IDX2258"></A>
+<A NAME="IDX2259"></A>
+<A NAME="IDX2260"></A>
+<P><H3><A NAME="HDRWQ24" HREF="auqbg002.htm#ToC_37">Replacing the fsck Program Helper on AIX Systems</A></H3>
+<P>In this section, you make modifications to guarantee that the
+appropriate <B>fsck</B> program runs on AFS server partitions. The
+<B>fsck</B> program provided with the operating system must never run on
+AFS server partitions. Because it does not recognize the structures
+that the File Server uses to organize volume data, it removes all of the
+data. To repeat:
+<P><B>Never run the standard fsck program on AFS server partitions.
+It discards AFS volumes.</B>
+<P>On AIX systems, you do not replace the <B>fsck</B> binary itself, but
+rather the <I>program helper</I> file included in the AIX distribution as
+<B>/sbin/helpers/v3fshelper</B>.
+<OL TYPE=1>
+<P><LI>Move the AIX <B>fsck</B> program helper to a safe location and install
+the version from the AFS distribution in its place. The AFS CD-ROM must
+still be mounted at the <B>/cdrom</B> directory.
+<PRE>
+ # <B>cd /sbin/helpers</B>
+
+ # <B>mv v3fshelper v3fshelper.noafs</B>
+
+ # <B>cp -p /cdrom/rs_aix42/root.server/etc/v3fshelper v3fshelper</B>
+
+
+</PRE>
+<P><LI>If you plan to retain client functionality on this machine after
+completing the installation, proceed to <A HREF="#HDRWQ25">Enabling AFS Login on AIX Systems</A>. Otherwise, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</OL>
+<A NAME="IDX2261"></A>
+<A NAME="IDX2262"></A>
+<A NAME="IDX2263"></A>
+<A NAME="IDX2264"></A>
+<A NAME="IDX2265"></A>
+<P><H3><A NAME="HDRWQ25" HREF="auqbg002.htm#ToC_38">Enabling AFS Login on AIX Systems</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you plan to remove client functionality from this machine
+after completing the installation, skip this section and proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</TD></TR></TABLE>
+<P>Follow the instructions in this section to incorporate AFS modifications
+into the AIX secondary authentication system.
+<OL TYPE=1>
+<P><LI>Issue the <B>ls</B> command to verify that the
+<B>afs_dynamic_auth</B> and <B>afs_dynamic_kerbauth</B> programs are
+installed in the local <B>/usr/vice/etc</B> directory.
+<PRE>
+ # <B>ls /usr/vice/etc</B>
+</PRE>
+<P>If the files do not exist, mount the AFS CD-ROM for AIX (if it is not
+already), change directory as indicated, and copy them.
+<PRE>
+ # <B>cd /cdrom/rs_aix42/root.client/usr/vice/etc</B>
+
+ # <B>cp -p afs_dynamic* /usr/vice/etc</B>
+
+</PRE>
+<P><LI>Edit the local <B> /etc/security/user</B> file, making changes to the
+indicated stanzas:
+<UL>
+<P><LI>In the default stanza, set the <TT>registry</TT> attribute to
+<B>DCE</B> (not to <B>AFS</B>), as follows:
+<PRE>
+ registry = DCE
+
+</PRE>
+<P><LI>In the default stanza, set the <TT>SYSTEM</TT> attribute as
+indicated.
+<P>If the machine is an AFS client only, set the following value:
+<PRE>
+ SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])"
+</PRE>
+<P>If the machine is both an AFS and a DCE client, set the following value (it
+must appear on a single line in the file):
+<PRE>
+ SYSTEM = "DCE OR DCE[UNAVAIL] OR AFS OR (AFS[UNAVAIL] \
+ AND compat[SUCCESS])"
+
+</PRE>
+<P><LI>In the <TT>root</TT> stanza, set the <TT>registry</TT> attribute as
+follows. It enables the local superuser <B>root</B> to log into the
+local file system only, based on the password listed in the local password
+file.
+<PRE>
+ root:
+ registry = files
+
+</PRE>
+</UL>
+<P><LI>Edit the local <B>/etc/security/login.cfg</B> file, creating or
+editing the indicated stanzas:
+<UL>
+<P><LI>In the <TT>DCE</TT> stanza, set the <TT>program</TT> attribute as
+follows.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ DCE:
+ program = /usr/vice/etc/afs_dynamic_auth
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ DCE:
+ program = /usr/vice/etc/afs_dynamic_kerbauth
+
+</PRE>
+<P><LI>In the <TT>AFS</TT> stanza, set the <TT>program</TT> attribute as
+follows.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ AFS:
+ program = /usr/vice/etc/afs_dynamic_auth
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ AFS:
+ program = /usr/vice/etc/afs_dynamic_kerbauth
+
+</PRE>
+</UL>
+<P><LI>Proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A> (or if referring to these instructions while installing an
+additional file server machine, return to <A HREF="auqbg006.htm#HDRWQ108">Starting Server Programs</A>).
+</OL>
+<HR><H2><A NAME="HDRWQ26" HREF="auqbg002.htm#ToC_39">Getting Started on Digital UNIX Systems</A></H2>
+<P>Begin by building AFS modifications into a new static
+kernel; Digital UNIX does not support dynamic loading. Then create
+partitions for storing AFS volumes, and replace the Digital UNIX
+<B>fsck</B> program with a version that correctly handles AFS
+volumes. If the machine is to remain an AFS client machine, incorporate
+AFS into the machine's Security Integration Architecture (SIA)
+matrix.
+<A NAME="IDX2266"></A>
+<A NAME="IDX2267"></A>
+<A NAME="IDX2268"></A>
+<A NAME="IDX2269"></A>
+<P><H3><A NAME="HDRWQ27" HREF="auqbg002.htm#ToC_40">Building AFS into the Digital UNIX Kernel</A></H3>
+<P>Use the following instructions to build AFS modifications
+into the kernel on a Digital UNIX system.
+<OL TYPE=1>
+<P><LI>Create a copy called <B>AFS</B> of the basic kernel configuration file
+included in the Digital UNIX distribution as
+<B>/usr/sys/conf/</B><VAR>machine_name</VAR>, where <VAR>machine_name</VAR> is
+the machine's hostname in all uppercase letters.
+<PRE>
+ # <B>cd /usr/sys/conf</B>
+
+ # <B>cp</B> <VAR>machine_name</VAR> <B>AFS</B>
+
+</PRE>
+<P><LI>Add AFS to the list of options in the configuration file you created in
+the previous step, so that the result looks like the following:
+<PRE> . .
+ . .
+ options UFS
+ options NFS
+ options AFS
+ . .
+ . .
+
+</PRE>
+<P><LI>Add an entry for AFS to two places in the file
+<B>/usr/sys/conf/files</B>.
+<UL>
+<P><LI>Add a line for AFS to the list of <TT>OPTIONS</TT>, so that the result
+looks like the following:
+<PRE> . . .
+ . . .
+ OPTIONS/nfs optional nfs
+ OPTIONS/afs optional afs
+ OPTIONS/nfs_server optional nfs_server
+ . . .
+ . . .
+
+</PRE>
+<P><LI>Add an entry for AFS to the list of <TT>MODULES</TT>, so that the result
+looks like the following:
+<PRE> . . . .
+ . . . .
+ #
+ MODULE/nfs_server optional nfs_server Binary
+ nfs/nfs_server.c module nfs_server optimize -g3
+ nfs/nfs3_server.c module nfs_server optimize -g3
+ #
+ MODULE/afs optional afs Binary
+ afs/libafs.c module afs
+ #
+
+</PRE>
+</UL>
+<P><LI>Add an entry for AFS to two places in the file
+<B>/usr/sys/vfs/vfs_conf.c</B>.
+<UL>
+<P><LI>Add AFS to the list of defined file systems, so that the result looks like
+the following:
+<PRE> . .
+ . .
+ #include <afs.h>
+ #if defined(AFS) && AFS
+ extern struct vfsops afs_vfsops;
+ #endif
+ . .
+ . .
+
+</PRE>
+<P><LI>Put a declaration for AFS in the <B>vfssw[]</B> table's
+MOUNT_ADDON slot, so that the result looks like the following:
+<PRE> . . .
+ . . .
+ &fdfs_vfsops, "fdfs", /* 12 = MOUNT_FDFS */
+ #if defined(AFS)
+ &afs_vfsops, "afs",
+ #else
+ (struct vfsops *)0, "", /* 13 = MOUNT_ADDON */
+ #endif
+ #if NFS && INFS_DYNAMIC
+ &nfs3_vfsops, "nfsv3", /* 14 = MOUNT_NFS3 */
+
+</PRE>
+</UL>
+<P><LI>Mount the AFS CD-ROM for Digital UNIX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Digital UNIX documentation. Then change
+directory as indicated.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/sbin/init.d</B> on Digital
+UNIX machines). Note the removal of the <B>.rc</B> extension
+as you copy the script.
+<PRE>
+ # <B>cp usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/sys/BINARY</B>
+directory.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp bin/libafs.o /usr/sys/BINARY/afs.mod</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod</B>
+
+</PRE>
+<P><LI>Configure and build the kernel. Respond to any prompts by pressing
+<<B>Return</B>>. The resulting kernel resides in the file
+<B>/sys/AFS/vmunix</B>.
+<PRE>
+ # <B>doconfig -c AFS</B>
+
+</PRE>
+<P><LI>Rename the existing kernel file and copy the new, AFS-modified file to the
+standard location.
+<PRE>
+ # <B>mv /vmunix /vmunix_noafs</B>
+
+ # <B>cp /sys/AFS/vmunix /vmunix</B>
+
+</PRE>
+<P><LI>Reboot the machine to start using the new kernel, and login again as the
+superuser <B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+<A NAME="IDX2270"></A>
+<A NAME="IDX2271"></A>
+<A NAME="IDX2272"></A>
+<A NAME="IDX2273"></A>
+<P><H3><A NAME="HDRWQ28" HREF="auqbg002.htm#ToC_41">Configuring Server Partitions on Digital UNIX Systems</A></H3>
+<P>Every AFS file server machine must have at least one
+partition or logical volume dedicated to storing AFS volumes. Each
+server partition is mounted at a directory named <B>/vicep</B><VAR>xx</VAR>,
+where <VAR>xx</VAR> is one or two lowercase letters. The
+<B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location). For
+additional information, see <A HREF="#HDRWQ20">Performing Platform-Specific Procedures</A>.
+<OL TYPE=1>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/fstab</B>, for each directory just created. The entry maps
+the directory name to the disk partition to be mounted on it.
+<PRE>
+ /dev/<VAR>disk</VAR> /vicep<VAR>xx</VAR> ufs rw 0 2
+</PRE>
+<P>The following is an example for the first partition being
+configured.
+<PRE>
+ /dev/rz3a /vicepa ufs rw 0 2
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted at a
+<B>/vicep</B><VAR>xx</VAR> directory. The following command is
+probably appropriate, but consult the Digital UNIX documentation for more
+information.
+<PRE>
+ #<B> newfs -v /dev/</B><VAR>disk</VAR>
+
+</PRE>
+<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
+mount all partitions at once or the <B>mount</B> command to mount each
+partition in turn.
+</OL>
+<A NAME="IDX2274"></A>
+<A NAME="IDX2275"></A>
+<A NAME="IDX2276"></A>
+<A NAME="IDX2277"></A>
+<P><H3><A NAME="HDRWQ29" HREF="auqbg002.htm#ToC_42">Replacing the fsck Program on Digital UNIX Systems</A></H3>
+<P>In this section, you make modifications to guarantee that the
+appropriate <B>fsck</B> program runs on AFS server partitions. The
+<B>fsck</B> program provided with the operating system must never run on
+AFS server partitions. Because it does not recognize the structures
+that the File Server uses to organize volume data, it removes all of the
+data. To repeat:
+<P><B>Never run the standard fsck program on AFS server partitions.
+It discards AFS volumes.</B>
+<P>On Digital UNIX systems, the files <B>/sbin/fsck</B> and
+<B>/usr/sbin/fsck</B> are driver programs. Rather than replacing
+either of them, you replace the actual binary included in the Digital UNIX
+distribution as <B>/sbin/ufs_fsck</B> and
+<B>/usr/sbin/ufs_fsck</B>.
+<OL TYPE=1>
+<P><LI>Install the <B>vfsck</B> binary to the <B>/sbin</B> and
+<B>/usr/sbin</B> directories. The AFS CD-ROM must still be mounted
+at the <B>/cdrom</B> directory.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/root.server/etc</B>
+
+ # <B>cp vfsck /sbin/vfsck</B>
+
+ # <B>cp vfsck /usr/sbin/vfsck</B>
+
+</PRE>
+<P><LI>Rename the Digital UNIX <B>fsck</B> binaries and create symbolic links
+to the <B>vfsck</B> program.
+<PRE>
+ # <B>cd /sbin</B>
+
+ # <B>mv ufs_fsck ufs_fsck.noafs</B>
+
+ # <B>ln -s vfsck ufs_fsck</B>
+
+ # <B>cd /usr/sbin</B>
+
+ # <B>mv ufs_fsck ufs_fsck.noafs</B>
+
+ # <B>ln -s vfsck ufs_fsck</B>
+
+</PRE>
+<P><LI>If you plan to retain client functionality on this machine after
+completing the installation, proceed to <A HREF="#HDRWQ30">Enabling AFS Login on Digital UNIX Systems</A>. Otherwise, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</OL>
+<A NAME="IDX2278"></A>
+<A NAME="IDX2279"></A>
+<A NAME="IDX2280"></A>
+<A NAME="IDX2281"></A>
+<A NAME="IDX2282"></A>
+<A NAME="IDX2283"></A>
+<P><H3><A NAME="HDRWQ30" HREF="auqbg002.htm#ToC_43">Enabling AFS Login on Digital UNIX Systems</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you plan to remove client functionality from this machine
+after completing the installation, skip this section and proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</TD></TR></TABLE>
+<P>On Digital UNIX systems, the AFS initialization script automatically
+incorporates the AFS authentication library file into the Security Integration
+Architecture (SIA) matrix on the machine, so that users with AFS accounts
+obtain a token at login. In this section you copy the library file to
+the appropriate location.
+<P>For more information on SIA, see the Digital UNIX reference page for
+<B>matrix.conf</B>, or consult the section on security in your
+Digital UNIX documentation.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the machine runs both the DCE and AFS client software, AFS must start
+after DCE. Consult the AFS initialization script for suggested symbolic
+links to create for correct ordering. Also, the system startup script
+order must initialize SIA before any long-running process that uses
+authentication.
+</TD></TR></TABLE>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Digital UNIX on the local <B>/cdrom</B>
+directory, if it is not already. Change directory as indicated.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/lib/afs</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS authentication library file to the local
+<B>/usr/shlib</B> directory.
+<P>If you use the AFS Authentication Server (<B>kaserver</B> process) in
+the cell:
+<PRE>
+ # <B>cp libafssiad.so /usr/shlib</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication, rename the
+library file as you copy it:
+<PRE>
+ # <B>cp libafssiad.krb.so /usr/shlib/libafssiad.so</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A> (or if referring to these instructions while installing an
+additional file server machine, return to <A HREF="auqbg006.htm#HDRWQ108">Starting Server Programs</A>).
+</OL>
+<HR><H2><A NAME="HDRWQ31" HREF="auqbg002.htm#ToC_44">Getting Started on HP-UX Systems</A></H2>
+<P>Begin by building AFS modifications into a new kernel;
+HP-UX does not support dynamic loading. Then create partitions for
+storing AFS volumes, and install and configure the AFS-modified
+<B>fsck</B> program to run on AFS server partitions. If the machine
+is to remain an AFS client machine, incorporate AFS into the machine's
+Pluggable Authentication Module (PAM) scheme.
+<A NAME="IDX2284"></A>
+<A NAME="IDX2285"></A>
+<A NAME="IDX2286"></A>
+<A NAME="IDX2287"></A>
+<P><H3><A NAME="HDRWQ32" HREF="auqbg002.htm#ToC_45">Building AFS into the HP-UX Kernel</A></H3>
+<P>Use the following instructions to build AFS modifications
+into the kernel on an HP-UX system.
+<OL TYPE=1>
+<P><LI>Move the existing kernel-related files to a safe location.
+<PRE>
+ # <B>cp /stand/vmunix /stand/vmunix.noafs</B>
+
+ # <B>cp /stand/system /stand/system.noafs</B>
+
+</PRE>
+<P><LI>Mount the AFS CD-ROM for HP-UX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your HP-UX documentation. Then change directory
+as indicated.
+<PRE>
+ # <B>cd /cdrom/hp_ux110/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization file to the local directory for initialization
+files (by convention, <B>/sbin/init.d</B> on HP-UX
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the file.
+<PRE>
+ # <B>cp usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the file <B>afs.driver</B> to the local
+<B>/usr/conf/master.d</B> directory, changing its name to
+<B>afs</B> as you do.
+<PRE>
+ # <B>cp usr/vice/etc/afs.driver /usr/conf/master.d/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/conf/lib</B>
+directory.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp bin/libafs.a /usr/conf/lib</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server functionality,
+change the file's name as you copy it:
+<PRE>
+ # <B>cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a</B>
+
+</PRE>
+<P><LI>Incorporate the AFS driver into the kernel, either using the
+<B>SAM</B> program or a series of individual commands.
+<UL>
+<P><LI>To use the <B>SAM</B> program:
+<OL TYPE=a>
+<P><LI>Invoke the <B>SAM</B> program, specifying the hostname of the local
+machine as <VAR>local_hostname</VAR>. The <B>SAM</B> graphical user
+interface pops up.
+<PRE>
+ # <B>sam -display</B> <VAR>local_hostname</VAR><B>:0</B>
+
+</PRE>
+<P><LI>Choose the <B>Kernel Configuration</B> icon, then the
+<B>Drivers</B> icon. From the list of drivers, select
+<B>afs</B>.
+<P><LI>Open the pull-down <B>Actions</B> menu and choose the <B>Add Driver
+to Kernel</B> option.
+<P><LI>Open the <B>Actions</B> menu again and choose the <B>Create a New
+Kernel</B> option.
+<P><LI>Confirm your choices by choosing <B>Yes</B> and <B>OK</B> when
+prompted by subsequent pop-up windows. The <B>SAM</B> program
+builds the kernel and reboots the system.
+<P><LI>Login again as the superuser <B>root</B>.
+<PRE>
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+<P><LI>To use individual commands:
+<OL TYPE=a>
+<P><LI>Edit the file <B>/stand/system</B>, adding an entry for <B>afs</B>
+to the <TT>Subsystems</TT> section.
+<P><LI>Change to the <B>/stand/build</B> directory and issue the
+<B>mk_kernel</B> command to build the kernel.
+<PRE>
+ # <B>cd /stand/build</B>
+
+ # <B>mk_kernel</B>
+
+</PRE>
+<P><LI>Move the new kernel to the standard location (<B>/stand/vmunix</B>),
+reboot the machine to start using it, and login again as the superuser
+<B>root</B>.
+<PRE>
+ # <B>mv /stand/build/vmunix_test /stand/vmunix</B>
+
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+</UL>
+</OL>
+<A NAME="IDX2288"></A>
+<A NAME="IDX2289"></A>
+<A NAME="IDX2290"></A>
+<A NAME="IDX2291"></A>
+<P><H3><A NAME="HDRWQ33" HREF="auqbg002.htm#ToC_46">Configuring Server Partitions on HP-UX Systems</A></H3>
+<P>Every AFS file server machine must have at least one
+partition or logical volume dedicated to storing AFS volumes. Each
+server partition is mounted at a directory named <B>/vicep</B><VAR>xx</VAR>,
+where <VAR>xx</VAR> is one or two lowercase letters. The
+<B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location). For
+additional information, see <A HREF="#HDRWQ20">Performing Platform-Specific Procedures</A>.
+<OL TYPE=1>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Use the <B>SAM</B> program to create a file system on each
+partition. For instructions, consult the HP-UX documentation.
+<P><LI>On some HP-UX systems that use logical volumes, the <B>SAM</B> program
+automatically mounts the partitions. If it has not, mount each
+partition by issuing either the <B>mount -a</B> command to mount all
+partitions at once or the <B>mount</B> command to mount each partition in
+turn.
+</OL>
+<A NAME="IDX2292"></A>
+<A NAME="IDX2293"></A>
+<A NAME="IDX2294"></A>
+<A NAME="IDX2295"></A>
+<P><H3><A NAME="HDRWQ34" HREF="auqbg002.htm#ToC_47">Configuring the AFS-modified fsck Program on HP-UX Systems</A></H3>
+<P>In this section, you make modifications to guarantee that the
+appropriate <B>fsck</B> program runs on AFS server partitions. The
+<B>fsck</B> program provided with the operating system must never run on
+AFS server partitions. Because it does not recognize the structures
+that the File Server uses to organize volume data, it removes all of the
+data. To repeat:
+<P><B>Never run the standard fsck program on AFS server partitions.
+It discards AFS volumes.</B>
+<P>On HP-UX systems, there are several configuration files to install in
+addition to the AFS-modified <B>fsck</B> program (the <B>vfsck</B>
+binary).
+<OL TYPE=1>
+<P><LI>Create the command configuration file
+<B>/sbin/lib/mfsconfig.d/afs</B>. Use a text editor to place
+the indicated two lines in it:
+<PRE>
+ format_revision 1
+ fsck 0 m,P,p,d,f,b:c:y,n,Y,N,q,
+
+</PRE>
+<P><LI>Create and change directory to an AFS-specific command directory called
+<B>/sbin/fs/afs</B>.
+<PRE>
+ # <B>mkdir /sbin/fs/afs</B>
+
+ # <B>cd /sbin/fs/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS-modified version of the <B>fsck</B> program (the
+<B>vfsck</B> binary) and related files from the distribution directory to
+the new AFS-specific command directory.
+<PRE>
+ # <B>cp -p /cdrom/hp_ux110/root.server/etc/* .</B>
+
+</PRE>
+<P><LI>Change the <B>vfsck</B> binary's name to <B>fsck</B> and set
+the mode bits appropriately on all of the files in the <B>/sbin/fs/afs</B>
+directory.
+<PRE>
+ # <B>mv vfsck fsck</B>
+
+ # <B>chmod 755 *</B>
+
+</PRE>
+<P><LI>Edit the <B>/etc/fstab</B> file, changing the file system type for
+each AFS server partition from <TT>hfs</TT> to <TT>afs</TT>. This
+ensures that the AFS-modified <B>fsck</B> program runs on the appropriate
+partitions.
+<P>The sixth line in the following example of an edited file shows an AFS
+server partition, <B>/vicepa</B>.
+<PRE>
+ /dev/vg00/lvol1 / hfs defaults 0 1
+ /dev/vg00/lvol4 /opt hfs defaults 0 2
+ /dev/vg00/lvol5 /tmp hfs defaults 0 2
+ /dev/vg00/lvol6 /usr hfs defaults 0 2
+ /dev/vg00/lvol8 /var hfs defaults 0 2
+ /dev/vg00/lvol9 /vicepa afs defaults 0 2
+ /dev/vg00/lvol7 /usr/vice/cache hfs defaults 0 2
+
+</PRE>
+<P><LI>If you plan to retain client functionality on this machine after
+completing the installation, proceed to <A HREF="#HDRWQ35">Enabling AFS Login on HP-UX Systems</A>. Otherwise, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</OL>
+<A NAME="IDX2296"></A>
+<A NAME="IDX2297"></A>
+<A NAME="IDX2298"></A>
+<A NAME="IDX2299"></A>
+<A NAME="IDX2300"></A>
+<A NAME="IDX2301"></A>
+<P><H3><A NAME="HDRWQ35" HREF="auqbg002.htm#ToC_48">Enabling AFS Login on HP-UX Systems</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you plan to remove client functionality from this machine
+after completing the installation, skip this section and proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</TD></TR></TABLE>
+<P>At this point you incorporate AFS into the operating system's
+Pluggable Authentication Module (PAM) scheme. PAM integrates all
+authentication mechanisms on the machine, including login, to provide the
+security infrastructure for authenticated access to and from the
+machine.
+<P>Explaining PAM is beyond the scope of this document. It is assumed
+that you understand the syntax and meanings of settings in the PAM
+configuration file (for example, how the <TT>other</TT> entry works, the
+effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
+<TT>sufficient</TT>, and so on).
+<P>The following instructions explain how to alter the entries in the PAM
+configuration file for each service for which you wish to use AFS
+authentication. Other configurations possibly also work, but the
+instructions specify the recommended and tested configuration.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The instructions specify that you mark each entry as
+<TT>optional</TT>. However, marking some modules as optional can mean
+that they grant access to the corresponding service even when the user does
+not meet all of the module's requirements. In some operating
+system revisions, for example, if you mark as optional the module that
+controls login via a dial-up connection, it allows users to login without
+providing a password. See the <I>IBM AFS Release Notes</I> for a
+discussion of any limitations that apply to this operating system.
+<P>Also, with some operating system versions you must install patches for PAM
+to interact correctly with certain authentication programs. For
+details, see the <I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P>The recommended AFS-related entries in the PAM configuration file make use
+of one or more of the following three attributes.
+<DL>
+<P><DT><B><TT>try_first_pass</TT>
+</B><DD>This is a standard PAM attribute that can be included on entries after the
+first one for a service; it directs the module to use the password that
+was provided to the first module. For the AFS module, it means that AFS
+authentication succeeds if the password provided to the module listed first is
+the user's correct AFS password. For further discussion of this
+attribute and its alternatives, see the operating system's PAM
+documentation.
+<P><DT><B><TT>ignore_root</TT>
+</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
+only the local superuser <B> root</B>, but also any user with UID 0
+(zero).
+<P><DT><B><TT>setenv_password_expires</TT>
+</B><DD>This attribute, specific to the AFS PAM module, sets the environment
+variable PASSWORD_EXPIRES to the expiration date of the user's AFS
+password, which is recorded in the Authentication Database.
+</DL>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for HP-UX on the <B>/cdrom</B> directory, if it
+is not already. Then change directory as indicated.
+<PRE>
+ # <B>cd /usr/lib/security</B>
+
+</PRE>
+<P><LI>Copy the AFS authentication library file to the
+<B>/usr/lib/security</B> directory. Then create a symbolic link to
+it whose name does not mention the version. Omitting the version
+eliminates the need to edit the PAM configuration file if you later update the
+library file.
+<P>If you use the AFS Authentication Server (<B>kaserver</B> process) in
+the cell:
+<PRE>
+ # <B>cp /cdrom/hp_ux110/lib/pam_afs.so.1 .</B>
+
+ # <B>ln -s pam_afs.so.1 pam_afs.so</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ #<B> cp /cdrom/hp_ux110/lib/pam_afs.krb.so.1 .</B>
+
+ # <B>ln -s pam_afs.krb.so.1 pam_afs.so</B>
+
+</PRE>
+<P><LI>Edit the <TT>Authentication management</TT> section of the HP-UX PAM
+configuration file, <B>/etc/pam.conf</B> by convention. The
+entries in this section have the value <TT>auth</TT> in their second
+field.
+<P>First edit the standard entries, which refer to the HP-UX PAM module
+(usually, the file <B>/usr/lib/security/libpam_unix.1</B>) in their
+fourth field. For each service for which you want to use AFS
+authentication, edit the third field of its entry to read
+<TT>optional</TT>. The <B>pam.conf</B> file in the HP-UX
+distribution usually includes standard entries for the <B>login</B> and
+<B>ftp</B> services, for instance.
+<P>If there are services for which you want to use AFS authentication, but for
+which the <B>pam.conf</B> file does not already include a standard
+entry, you must create that entry and place the value <TT>optional</TT> in
+its third field. For instance, the HP-UX <B>pam.conf</B>
+file does not usually include standard entries for the <B>remsh</B> or
+<B>telnet</B> services.
+<P>Then create an AFS-related entry for each service, placing it immediately
+below the standard entry. The following example shows what the
+<TT>Authentication Management</TT> section looks like after you have you
+edited or created entries for the services mentioned previously. Note
+that the example AFS entries appear on two lines only for legibility.
+<PRE>
+ login auth optional /usr/lib/security/libpam_unix.1
+ login auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+ ftp auth optional /usr/lib/security/libpam_unix.1
+ ftp auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ remsh auth optional /usr/lib/security/libpam_unix.1
+ remsh auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ telnet auth optional /usr/lib/security/libpam_unix.1
+ telnet auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+
+</PRE>
+<P><LI>If you use the Common Desktop Environment (CDE) on the machine and want
+users to obtain an AFS token as they log in, also add or edit the following
+four entries in the <TT>Authentication management</TT> section. Note
+that the AFS-related entries appear on two lines here only for
+legibility.
+<PRE>
+ dtlogin auth optional /usr/lib/security/libpam_unix.1
+ dtlogin auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ dtaction auth optional /usr/lib/security/libpam_unix.1
+ dtaction auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A> (or if referring to these instructions while installing an
+additional file server machine, return to <A HREF="auqbg006.htm#HDRWQ108">Starting Server Programs</A>).
+</OL>
+<HR><H2><A NAME="HDRWQ36" HREF="auqbg002.htm#ToC_49">Getting Started on IRIX Systems</A></H2>
+<A NAME="IDX2302"></A>
+<A NAME="IDX2303"></A>
+<A NAME="IDX2304"></A>
+<A NAME="IDX2305"></A>
+<A NAME="IDX2306"></A>
+<A NAME="IDX2307"></A>
+<A NAME="IDX2308"></A>
+<P>To incorporate AFS into the kernel on IRIX systems, choose one of two
+methods:
+<UL>
+<P><LI>Run the AFS initialization script to invoke the <B>ml</B> program
+distributed by Silicon Graphics, Incorporated (SGI), which dynamically loads
+AFS modifications into the kernel
+<P><LI>Build a new static kernel
+</UL>
+<P>Then create partitions for storing AFS volumes. You do not need to
+replace the IRIX <B>fsck</B> program because SGI has already modified it
+to handle AFS volumes properly. If the machine is to remain an AFS
+client machine, verify that the IRIX login utility installed on the machine
+grants an AFS token.
+<P>In preparation for either dynamic loading or kernel building, perform the
+following procedures:
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for IRIX on the <B>/cdrom</B> directory.
+For instructions on mounting CD-ROMs (either locally or remotely via NFS), see
+your IRIX documentation. Then change directory as indicated.
+<PRE>
+ # <B>cd /cdrom/sgi_65/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/init.d</B> on IRIX
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the script.
+<PRE>
+ # <B>cp -p usr/vice/etc/afs.rc /etc/init.d/afs</B>
+
+</PRE>
+<P><LI>Issue the <B>uname -m</B> command to determine the machine's CPU
+board type. The <B>IP</B><VAR>xx</VAR> value in the output must match
+one of the supported CPU board types listed in the <I>IBM AFS Release
+Notes</I> for the current version of AFS.
+<PRE>
+ # <B>uname -m</B>
+
+</PRE>
+<P><LI>Proceed to either <A HREF="#HDRWQ37">Loading AFS into the IRIX Kernel</A> or <A HREF="#HDRWQ38">Building AFS into the IRIX Kernel</A>.
+</OL>
+<A NAME="IDX2309"></A>
+<A NAME="IDX2310"></A>
+<A NAME="IDX2311"></A>
+<A NAME="IDX2312"></A>
+<A NAME="IDX2313"></A>
+<A NAME="IDX2314"></A>
+<A NAME="IDX2315"></A>
+<P><H3><A NAME="HDRWQ37" HREF="auqbg002.htm#ToC_50">Loading AFS into the IRIX Kernel</A></H3>
+<P>The <B>ml</B> program is the dynamic kernel loader
+provided by SGI for IRIX systems. If you use it rather than building
+AFS modifications into a static kernel, then for AFS to function correctly the
+<B>ml</B> program must run each time the machine reboots.
+Therefore, the AFS initialization script (included on the AFS CD-ROM) invokes
+it automatically when the <B>afsml</B> configuration variable is
+activated. In this section you activate the variable and run the
+script.
+<P>In later sections you verify that the script correctly initializes all AFS
+components, then create the links that incorporate AFS into the IRIX startup
+and shutdown sequence.
+<OL TYPE=1>
+<P><LI>Create the local <B>/usr/vice/etc/sgiload</B> directory to house the
+AFS kernel library file.
+<PRE>
+ # <B>mkdir /usr/vice/etc/sgiload</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the
+<B>/usr/vice/etc/sgiload</B> directory. The
+<B>IP</B><VAR>xx</VAR> portion of the library file name must match the value
+previously returned by the <B>uname -m</B> command. Also choose the
+file appropriate to whether the machine's kernel supports NFS server
+functionality (NFS must be supported for the machine to act as an NFS/AFS
+Translator). Single- and multiprocessor machines use the same library
+file.
+<P>(You can choose to copy all of the kernel library files into the <B>
+/usr/vice/etc/sgiload</B> directory, but they require a significant amount
+of space.)
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp -p usr/vice/etc/sgiload/libafs.IP</B><VAR>xx</VAR><B>.o /usr/vice/etc/sgiload</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp -p usr/vice/etc/sgiload/libafs.IP</B><VAR>xx</VAR><B>.nonfs.o</B> \
+ <B>/usr/vice/etc/sgiload</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afsml</B>
+configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsml on</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and the kernel
+supports NFS server functionality, activate the <B>afsxnfs</B>
+variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+
+</PRE>
+<P><LI>Run the <B>/etc/init.d/afs</B> script to load AFS extensions
+into the kernel. The script invokes the <B>ml</B> command,
+automatically determining which kernel library file to use based on this
+machine's CPU type and the activation state of the <B>afsxnfs</B>
+variable.
+<P>You can ignore any error messages about the inability to start the BOS
+Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ39">Configuring Server Partitions on IRIX Systems</A>.
+</OL>
+<A NAME="IDX2316"></A>
+<P><H3><A NAME="HDRWQ38" HREF="auqbg002.htm#ToC_51">Building AFS into the IRIX Kernel</A></H3>
+<P>Use the following instructions to build AFS modifications
+into the kernel on an IRIX system.
+<OL TYPE=1>
+<P><LI>Copy the kernel initialization file <B>afs.sm</B> to the local
+<B>/var/sysgen/system</B> directory, and the kernel master file
+<B>afs</B> to the local <B>/var/sysgen/master.d</B>
+directory.
+<PRE>
+ # <B>cp -p bin/afs.sm /var/sysgen/system</B>
+
+ # <B>cp -p bin/afs /var/sysgen/master.d</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/var/sysgen/boot/afs.a</B>; the <B>IP</B><VAR>xx</VAR>
+portion of the library file name must match the value previously returned by
+the <B>uname -m</B> command. Also choose the file appropriate to
+whether the machine's kernel supports NFS server functionality (NFS must
+be supported for the machine to act as an NFS/AFS Translator). Single-
+and multiprocessor machines use the same library file.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp -p bin/libafs.IP</B><VAR>xx</VAR><B>.a /var/sysgen/boot/afs.a</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp -p bin/libafs.IP</B><VAR>xx</VAR><B>.nonfs.a /var/sysgen/boot/afs.a</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to deactivate the <B>afsml</B>
+configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsml off</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and the kernel
+supports NFS server functionality, activate the <B>afsxnfs</B>
+variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+
+</PRE>
+<P><LI>Copy the existing kernel file, <B>/unix</B>, to a safe
+location. Compile the new kernel, which is created in the file
+<B>/unix.install</B>. It overwrites the existing
+<B>/unix</B> file when the machine reboots in the next step.
+<PRE>
+ # <B>cp /unix /unix_noafs</B>
+
+ # <B>autoconfig</B>
+
+</PRE>
+<P><LI>Reboot the machine to start using the new kernel, and login again as the
+superuser <B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+<A NAME="IDX2317"></A>
+<A NAME="IDX2318"></A>
+<A NAME="IDX2319"></A>
+<A NAME="IDX2320"></A>
+<P><H3><A NAME="HDRWQ39" HREF="auqbg002.htm#ToC_52">Configuring Server Partitions on IRIX Systems</A></H3>
+<P>Every AFS file server machine must have at least one
+partition or logical volume dedicated to storing AFS volumes. Each
+server partition is mounted at a directory named <B>/vicep</B><VAR>xx</VAR>,
+where <VAR>xx</VAR> is one or two lowercase letters. The
+<B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location). For
+additional information, see <A HREF="#HDRWQ20">Performing Platform-Specific Procedures</A>.
+<P>AFS supports use of both EFS and XFS partitions for housing AFS
+volumes. SGI encourages use of XFS partitions.
+<OL TYPE=1>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/fstab</B>, for each partition (or logical volume created with the
+XLV volume manager) to be mounted on one of the directories created in the
+previous step.
+<P>For an XFS partition or logical volume:
+<PRE>
+ /dev/dsk/<VAR>disk</VAR> /vicep<VAR>xx</VAR> xfs rw,raw=/dev/rdsk/<VAR>disk</VAR> 0 0
+</PRE>
+<P>For an EFS partition:
+<PRE>
+ /dev/dsk/<VAR>disk</VAR> /vicep<VAR>xx</VAR> efs rw,raw=/dev/rdsk/<VAR>disk</VAR> 0 0
+</PRE>
+<P>The following are examples of an entry for each file system type:
+<PRE>
+ /dev/dsk/dks0d2s6 /vicepa xfs rw,raw=/dev/rdsk/dks0d2s6 0 0
+ /dev/dsk/dks0d3s1 /vicepb efs rw,raw=/dev/rdsk/dks0d3s1 0 0
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted on a
+<B>/vicep</B><VAR>xx</VAR> directory. The following commands are
+probably appropriate, but consult the IRIX documentation for more
+information. In both cases, <VAR>raw_device</VAR> is a raw device name
+like <B>/dev/rdsk/dks0d0s0</B> for a single disk partition or
+<B>/dev/rxlv/xlv0</B> for a logical volume.
+<P>For XFS file systems, include the indicated options to configure the
+partition or logical volume with inodes large enough to accommodate
+AFS-specific information:
+<PRE>
+ # <B>mkfs -t xfs -i size=512 -l size=4000b</B> <VAR>raw_device</VAR>
+</PRE>
+<P>For EFS file systems:
+<PRE>
+ # <B>mkfs -t efs</B> <VAR>raw_device</VAR>
+
+</PRE>
+<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
+mount all partitions at once or the <B>mount</B> command to mount each
+partition in turn.
+<P><LI><B>(Optional)</B> If you have configured partitions or logical volumes
+to use XFS, issue the following command to verify that the inodes are
+configured properly (are large enough to accommodate AFS-specific
+information). If the configuration is correct, the command returns no
+output. Otherwise, it specifies the command to run in order to
+configure each partition or logical volume properly.
+<PRE>
+ # <B>/usr/afs/bin/xfs_size_check</B>
+
+</PRE>
+<P><LI>If you plan to retain client functionality on this machine after
+completing the installation, proceed to <A HREF="#HDRWQ40">Enabling AFS Login on IRIX Systems</A>. Otherwise, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</OL>
+<A NAME="IDX2321"></A>
+<A NAME="IDX2322"></A>
+<A NAME="IDX2323"></A>
+<A NAME="IDX2324"></A>
+<P><H3><A NAME="HDRWQ40" HREF="auqbg002.htm#ToC_53">Enabling AFS Login on IRIX Systems</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you plan to remove client functionality from this machine
+after completing the installation, skip this section and proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</TD></TR></TABLE>
+<P>The standard IRIX command-line <B>login</B> program and the graphical
+<B>xdm</B> login program both automatically grant an AFS token when AFS is
+incorporated into the machine's kernel. However, some IRIX
+distributions use another login utility by default, and it does not
+necessarily incorporate the required AFS modifications. If that is the
+case, you must disable the default utility if you want AFS users to obtain AFS
+tokens at login. For further discussion, see the <I>IBM AFS Release
+Notes</I>.
+<P>If you configure the machine to use an AFS-modified login utility, then the
+<B>afsauthlib.so</B> and <B>afskauthlib.so</B> files
+(included in the AFS distribution) must reside in the <B>/usr/vice/etc</B>
+directory. Issue the <B>ls</B> command to verify.
+<PRE>
+ # <B>ls /usr/vice/etc</B>
+</PRE>
+<P>If the files do not exist, mount the AFS CD-ROM for IRIX (if it is not
+already), change directory as indicated, and copy them.
+<PRE>
+ # <B>cd /cdrom/sgi_65/root.client/usr/vice/etc</B>
+
+ # <B>cp -p *authlib* /usr/vice/etc</B>
+</PRE>
+<P>After taking any necessary action, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+<HR><H2><A NAME="HDRWQ41" HREF="auqbg002.htm#ToC_54">Getting Started on Linux Systems</A></H2>
+<A NAME="IDX2325"></A>
+<A NAME="IDX2326"></A>
+<A NAME="IDX2327"></A>
+<A NAME="IDX2328"></A>
+<P>Begin by running the AFS initialization script to call the
+<B>insmod</B> program, which dynamically loads AFS modifications into the
+kernel. Then create partitions for storing AFS volumes. You do
+not need to replace the Linux <B>fsck</B> program. If the machine
+is to remain an AFS client machine, incorporate AFS into the machine's
+Pluggable Authentication Module (PAM) scheme.
+<A NAME="IDX2329"></A>
+<A NAME="IDX2330"></A>
+<A NAME="IDX2331"></A>
+<A NAME="IDX2332"></A>
+<P><H3><A NAME="HDRWQ42" HREF="auqbg002.htm#ToC_55">Loading AFS into the Linux Kernel</A></H3>
+<P>The <B>insmod</B> program is the dynamic kernel loader
+for Linux. Linux does not support incorporation of AFS modifications
+during a kernel build.
+<P>For AFS to function correctly, the <B>insmod</B> program must run each
+time the machine reboots, so the AFS initialization script (included on the
+AFS CD-ROM) invokes it automatically. The script also includes commands
+that select the appropriate AFS library file automatically. In this
+section you run the script.
+<P>In later sections you verify that the script correctly initializes all AFS
+components, then activate a configuration variable, which results in the
+script being incorporated into the Linux startup and shutdown sequence.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Linux on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Linux documentation. Then change directory
+as indicated.
+<PRE>
+ # <B>cd /cdrom/i386_linux22/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/modload</B> directory. The filenames for the
+libraries have the format
+<B>libafs-</B><VAR>version</VAR><B>.o</B>, where <VAR>version</VAR>
+indicates the kernel build level. The string <B>.mp</B> in
+the <VAR>version</VAR> indicates that the file is appropriate for machines
+running a multiprocessor kernel.
+<PRE>
+ # <B>cp -rp modload /usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/rc.d/init.d</B>
+on Linux machines). Note the removal of the <B>.rc</B>
+extension as you copy the script.
+<PRE>
+ # <B>cp -p afs.rc /etc/rc.d/init.d/afs</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script to load AFS extensions into the
+kernel. You can ignore any error messages about the inability to start
+the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/rc.d/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2333"></A>
+<A NAME="IDX2334"></A>
+<A NAME="IDX2335"></A>
+<A NAME="IDX2336"></A>
+<P><H3><A NAME="HDRWQ43" HREF="auqbg002.htm#ToC_56">Configuring Server Partitions on Linux Systems</A></H3>
+<P>Every AFS file server machine must have at least one
+partition or logical volume dedicated to storing AFS volumes. Each
+server partition is mounted at a directory named <B>/vicep</B><VAR>xx</VAR>,
+where <VAR>xx</VAR> is one or two lowercase letters. The
+<B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location). For
+additional information, see <A HREF="#HDRWQ20">Performing Platform-Specific Procedures</A>.
+<OL TYPE=1>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/fstab</B>, for each directory just created. The entry maps
+the directory name to the disk partition to be mounted on it.
+<PRE>
+ /dev/<VAR>disk</VAR> /vicep<VAR>xx</VAR> ext2 defaults 0 2
+</PRE>
+<P>The following is an example for the first partition being
+configured.
+<PRE>
+ /dev/sda8 /vicepa ext2 defaults 0 2
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted at a
+<B>/vicep</B><VAR>xx</VAR> directory. The following command is
+probably appropriate, but consult the Linux documentation for more
+information.
+<PRE>
+ #<B> mkfs -v /dev/</B><VAR>disk</VAR>
+
+</PRE>
+<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
+mount all partitions at once or the <B>mount</B> command to mount each
+partition in turn.
+<P><LI>If you plan to retain client functionality on this machine after
+completing the installation, proceed to <A HREF="#HDRWQ44">Enabling AFS Login on Linux Systems</A>. Otherwise, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</OL>
+<A NAME="IDX2337"></A>
+<A NAME="IDX2338"></A>
+<A NAME="IDX2339"></A>
+<A NAME="IDX2340"></A>
+<A NAME="IDX2341"></A>
+<P><H3><A NAME="HDRWQ44" HREF="auqbg002.htm#ToC_57">Enabling AFS Login on Linux Systems</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you plan to remove client functionality from this machine
+after completing the installation, skip this section and proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</TD></TR></TABLE>
+<P>At this point you incorporate AFS into the operating system's
+Pluggable Authentication Module (PAM) scheme. PAM integrates all
+authentication mechanisms on the machine, including login, to provide the
+security infrastructure for authenticated access to and from the
+machine.
+<P>Explaining PAM is beyond the scope of this document. It is assumed
+that you understand the syntax and meanings of settings in the PAM
+configuration file (for example, how the <TT>other</TT> entry works, the
+effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
+<TT>sufficient</TT>, and so on).
+<P>The following instructions explain how to alter the entries in the PAM
+configuration file for each service for which you wish to use AFS
+authentication. Other configurations possibly also work, but the
+instructions specify the recommended and tested configuration.
+<P>The recommended AFS-related entries in the PAM configuration file make use
+of one or more of the following three attributes.
+<DL>
+<P><DT><B><TT>try_first_pass</TT>
+</B><DD>This is a standard PAM attribute that can be included on entries after the
+first one for a service; it directs the module to use the password that
+was provided to the first module. For the AFS module, it means that AFS
+authentication succeeds if the password provided to the module listed first is
+the user's correct AFS password. For further discussion of this
+attribute and its alternatives, see the operating system's PAM
+documentation.
+<P><DT><B><TT>ignore_root</TT>
+</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
+only the local superuser <B> root</B>, but also any user with UID 0
+(zero).
+<P><DT><B><TT>setenv_password_expires</TT>
+</B><DD>This attribute, specific to the AFS PAM module, sets the environment
+variable PASSWORD_EXPIRES to the expiration date of the user's AFS
+password, which is recorded in the Authentication Database.
+</DL>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Linux on the <B>/cdrom</B> directory, if it
+is not already. Then change to the directory for PAM modules, which
+depends on which Linux distribution you are using.
+<P>If you are using a Linux distribution from Red Hat Software:
+<PRE>
+ # <B>cd /lib/security</B>
+</PRE>
+<P>If you are using another Linux distribution:
+<PRE>
+ # <B>cd /usr/lib/security</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS authentication library file to the directory to
+which you changed in the previous step. Create a symbolic link whose
+name does not mention the version. Omitting the version eliminates the
+need to edit the PAM configuration file if you later update the library
+file.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ # <B>cp /cdrom/i386_linux22/lib/pam_afs.so.1 .</B>
+
+ # <B>ln -s pam_afs.so.1 pam_afs.so</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ # <B>cp /cdrom/i386_linux22/lib/pam_afs.krb.so.1 .</B>
+
+ # <B>ln -s pam_afs.krb.so.1 pam_afs.so</B>
+
+</PRE>
+<P><LI>For each service with which you want to use AFS authentication, insert an
+entry for the AFS PAM module into the <TT>auth</TT> section of the
+service's PAM configuration file. (Linux uses a separate
+configuration file for each service, unlike some other operating systems which
+list all services in a single file.) Mark the entry as
+<TT>sufficient</TT> in the second field.
+<P>Place the AFS entry below any entries that impose conditions under which
+you want the service to fail for a user who does not meet the entry's
+requirements. Mark these entries <TT>required</TT>. Place the
+AFS entry above any entries that need to execute only if AFS authentication
+fails.
+<P>Insert the following AFS entry if using the Red Hat distribution:
+<PRE>
+ auth sufficient /lib/security/pam_afs.so try_first_pass ignore_root
+</PRE>
+<P>Insert the following AFS entry if using another distribution:
+<PRE>
+ auth sufficient /usr/lib/security/pam_afs.so try_first_pass ignore_root
+</PRE>
+<P>The following example illustrates the recommended configuration of the
+configuration file for the <B>login</B> service
+(<B>/etc/pam.d/login</B>) on a machine using the Red Hat
+distribution.
+<PRE>
+ #%PAM-1.0
+ auth required /lib/security/pam_securetty.so
+ auth required /lib/security/pam_nologin.so
+ auth sufficient /lib/security/pam_afs.so try_first_pass ignore_root
+ auth required /lib/security/pam_pwdb.so shadow nullok
+ account required /lib/security/pam_pwdb.so
+ password required /lib/security/pam_cracklib.so
+ password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+ session required /lib/security/pam_pwdb.so
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A> (or if referring to these instructions while installing an
+additional file server machine, return to <A HREF="auqbg006.htm#HDRWQ108">Starting Server Programs</A>).
+</OL>
+<HR><H2><A NAME="HDRWQ45" HREF="auqbg002.htm#ToC_58">Getting Started on Solaris Systems</A></H2>
+<P>Begin by running the AFS initialization script to call the
+<B>modload</B> program distributed by Sun Microsystems, which dynamically
+loads AFS modifications into the kernel. Then create partitions for
+storing AFS volumes, and install and configure the AFS-modified
+<B>fsck</B> program to run on AFS server partitions. If the machine
+is to remain an AFS client machine, incorporate AFS into the machine's
+Pluggable Authentication Module (PAM) scheme.
+<A NAME="IDX2342"></A>
+<A NAME="IDX2343"></A>
+<A NAME="IDX2344"></A>
+<A NAME="IDX2345"></A>
+<P><H3><A NAME="HDRWQ46" HREF="auqbg002.htm#ToC_59">Loading AFS into the Solaris Kernel</A></H3>
+<P>The <B>modload</B> program is the dynamic kernel loader
+provided by Sun Microsystems for Solaris systems. Solaris does not
+support incorporation of AFS modifications during a kernel build.
+<P>For AFS to function correctly, the <B>modload</B> program must run each
+time the machine reboots, so the AFS initialization script (included on the
+AFS CD-ROM) invokes it automatically. In this section you copy the
+appropriate AFS library file to the location where the <B>modload</B>
+program accesses it and then run the script.
+<P>In later sections you verify that the script correctly initializes all AFS
+components, then create the links that incorporate AFS into the Solaris
+startup and shutdown sequence.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Solaris on the <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Solaris documentation. Then change
+directory as indicated.
+<PRE>
+ # <B>cd /cdrom/sun4x_56/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/init.d</B> on Solaris
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the script.
+<PRE>
+ # <B>cp -p afs.rc /etc/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/kernel/fs/afs</B>.
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7, its kernel supports NFS server functionality, and the
+<B>nfsd</B> process is running:
+<PRE>
+ # <B>cp -p modload/libafs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7, and its kernel does not support NFS server functionality or the
+<B>nfsd</B> process is not running:
+<PRE>
+ # <B>cp -p modload/libafs.nonfs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7, its kernel
+supports NFS server functionality, and the <B>nfsd</B> process is
+running:
+<PRE>
+ # <B>cp -p modload/libafs64.o /kernel/fs/sparcv9/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7, and its
+kernel does not support NFS server functionality or the <B>nfsd</B>
+process is not running:
+<PRE>
+ # <B>cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script to load AFS modifications into the
+kernel. You can ignore any error messages about the inability to start
+the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+</PRE>
+<P>When an entry called <TT>afs</TT> does not already exist in the local
+<B>/etc/name_to_sysnum</B> file, the script automatically creates it and
+reboots the machine to start using the new version of the file. If this
+happens, log in again as the superuser <B>root</B> after the reboot and
+run the initialization script again. This time the required entry
+exists in the <B>/etc/name_to_sysnum</B> file, and the <B>modload</B>
+program runs.
+<PRE>
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2346"></A>
+<A NAME="IDX2347"></A>
+<A NAME="IDX2348"></A>
+<A NAME="IDX2349"></A>
+<P><H3><A NAME="HDRWQ47" HREF="auqbg002.htm#ToC_60">Configuring the AFS-modified fsck Program on Solaris Systems</A></H3>
+<P>In this section, you make modifications to guarantee that the
+appropriate <B>fsck</B> program runs on AFS server partitions. The
+<B>fsck</B> program provided with the operating system must never run on
+AFS server partitions. Because it does not recognize the structures
+that the File Server uses to organize volume data, it removes all of the
+data. To repeat:
+<P><B>Never run the standard fsck program on AFS server partitions.
+It discards AFS volumes.</B>
+<OL TYPE=1>
+<P><LI>Create the <B>/usr/lib/fs/afs</B> directory to house the AFS-modified
+<B>fsck</B> program and related files.
+<PRE>
+ # <B>mkdir /usr/lib/fs/afs</B>
+
+ # <B>cd /usr/lib/fs/afs</B>
+
+</PRE>
+<P><LI>Copy the <B>vfsck</B> binary to the newly created directory, changing
+the name as you do so.
+<PRE>
+ # <B>cp /cdrom/sun4x_56/root.server/etc/vfsck fsck</B>
+
+</PRE>
+<P><LI>Working in the <B>/usr/lib/fs/afs</B> directory, create the following
+links to Solaris libraries:
+<PRE>
+ # <B>ln -s /usr/lib/fs/ufs/clri</B>
+ # <B>ln -s /usr/lib/fs/ufs/df</B>
+ # <B>ln -s /usr/lib/fs/ufs/edquota</B>
+ # <B>ln -s /usr/lib/fs/ufs/ff</B>
+ # <B>ln -s /usr/lib/fs/ufs/fsdb</B>
+ # <B>ln -s /usr/lib/fs/ufs/fsirand</B>
+ # <B>ln -s /usr/lib/fs/ufs/fstyp</B>
+ # <B>ln -s /usr/lib/fs/ufs/labelit</B>
+ # <B>ln -s /usr/lib/fs/ufs/lockfs</B>
+ # <B>ln -s /usr/lib/fs/ufs/mkfs</B>
+ # <B>ln -s /usr/lib/fs/ufs/mount</B>
+ # <B>ln -s /usr/lib/fs/ufs/ncheck</B>
+ # <B>ln -s /usr/lib/fs/ufs/newfs</B>
+ # <B>ln -s /usr/lib/fs/ufs/quot</B>
+ # <B>ln -s /usr/lib/fs/ufs/quota</B>
+ # <B>ln -s /usr/lib/fs/ufs/quotaoff</B>
+ # <B>ln -s /usr/lib/fs/ufs/quotaon</B>
+ # <B>ln -s /usr/lib/fs/ufs/repquota</B>
+ # <B>ln -s /usr/lib/fs/ufs/tunefs</B>
+ # <B>ln -s /usr/lib/fs/ufs/ufsdump</B>
+ # <B>ln -s /usr/lib/fs/ufs/ufsrestore</B>
+ # <B>ln -s /usr/lib/fs/ufs/volcopy</B>
+
+</PRE>
+<P><LI>Append the following line to the end of the file
+<B>/etc/dfs/fstypes</B>.
+<PRE>
+ afs AFS Utilities
+
+</PRE>
+<P><LI>Edit the <B>/sbin/mountall</B> file, making two changes.
+<UL>
+<P><LI>Add an entry for AFS to the <TT>case</TT> statement for option 2, so
+that it reads as follows:
+<PRE>
+ case "$2" in
+ ufs) foptions="-o p"
+ ;;
+ afs) foptions="-o p"
+ ;;
+ s5) foptions="-y -t /var/tmp/tmp$$ -D"
+ ;;
+ *) foptions="-y"
+ ;;
+
+</PRE>
+<P><LI>Edit the file so that all AFS and UFS partitions are checked in
+parallel. Replace the following section of code:
+<PRE>
+ # For fsck purposes, we make a distinction between ufs and
+ # other file systems
+ #
+ if [ "$fstype" = "ufs" ]; then
+ ufs_fscklist="$ufs_fscklist $fsckdev"
+ saveentry $fstype "$OPTIONS" $special $mountp
+ continue
+ fi
+</PRE>
+<P>with the following section of code:
+<PRE>
+ # For fsck purposes, we make a distinction between ufs/afs
+ # and other file systems.
+ #
+ if [ "$fstype" = "ufs" -o "$fstype" = "afs" ]; then
+ ufs_fscklist="$ufs_fscklist $fsckdev"
+ saveentry $fstype "$OPTIONS" $special $mountp
+ continue
+ fi
+
+</PRE>
+</UL>
+</OL>
+<A NAME="IDX2350"></A>
+<A NAME="IDX2351"></A>
+<A NAME="IDX2352"></A>
+<A NAME="IDX2353"></A>
+<P><H3><A NAME="HDRWQ48" HREF="auqbg002.htm#ToC_61">Configuring Server Partitions on Solaris Systems</A></H3>
+<P>Every AFS file server machine must have at least one
+partition or logical volume dedicated to storing AFS volumes. Each
+server partition is mounted at a directory named <B>/vicep</B><VAR>xx</VAR>,
+where <VAR>xx</VAR> is one or two lowercase letters. The
+<B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
+machine's root directory, not in one of its subdirectories (for example,
+<B>/usr/vicepa</B> is not an acceptable directory location). For
+additional information, see <A HREF="#HDRWQ20">Performing Platform-Specific Procedures</A>.
+<OL TYPE=1>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/vfstab</B>, for each partition to be mounted on a directory
+created in the previous step. Note the value <TT>afs</TT> in the
+fourth field, which tells Solaris to use the AFS-modified <B>fsck</B>
+program on this partition.
+<PRE>
+ /dev/dsk/<VAR>disk</VAR> /dev/rdsk/<VAR>disk</VAR> /vicep<VAR>xx</VAR> afs <VAR>boot_order</VAR> yes
+</PRE>
+<P>The following is an example for the first partition being
+configured.
+<PRE>
+ /dev/dsk/c0t6d0s1 /dev/rdsk/c0t6d0s1 /vicepa afs 3 yes
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted at a
+<B>/vicep</B><VAR>xx</VAR> directory. The following command is
+probably appropriate, but consult the Solaris documentation for more
+information.
+<PRE>
+ # <B>newfs -v /dev/rdsk/</B><VAR>disk</VAR>
+
+</PRE>
+<P><LI>Issue the <B>mountall</B> command to mount all partitions at
+once.
+<P><LI>If you plan to retain client functionality on this machine after
+completing the installation, proceed to <A HREF="#HDRWQ49">Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems</A>. Otherwise, proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</OL>
+<A NAME="IDX2354"></A>
+<A NAME="IDX2355"></A>
+<A NAME="IDX2356"></A>
+<A NAME="IDX2357"></A>
+<A NAME="IDX2358"></A>
+<A NAME="IDX2359"></A>
+<A NAME="IDX2360"></A>
+<A NAME="IDX2361"></A>
+<P><H3><A NAME="HDRWQ49" HREF="auqbg002.htm#ToC_62">Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you plan to remove client functionality from this machine
+after completing the installation, skip this section and proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+</TD></TR></TABLE>
+<P>At this point you incorporate AFS into the operating system's
+Pluggable Authentication Module (PAM) scheme. PAM integrates all
+authentication mechanisms on the machine, including login, to provide the
+security infrastructure for authenticated access to and from the
+machine.
+<P>Explaining PAM is beyond the scope of this document. It is assumed
+that you understand the syntax and meanings of settings in the PAM
+configuration file (for example, how the <TT>other</TT> entry works, the
+effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
+<TT>sufficient</TT>, and so on).
+<P>The following instructions explain how to alter the entries in the PAM
+configuration file for each service for which you wish to use AFS
+authentication. Other configurations possibly also work, but the
+instructions specify the recommended and tested configuration.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The instructions specify that you mark each entry as
+<TT>optional</TT>. However, marking some modules as optional can mean
+that they grant access to the corresponding service even when the user does
+not meet all of the module's requirements. In some operating
+system revisions, for example, if you mark as optional the module that
+controls login via a dial-up connection, it allows users to login without
+providing a password. See the <I>IBM AFS Release Notes</I> for a
+discussion of any limitations that apply to this operating system.
+<P>Also, with some operating system versions you must install patches for PAM
+to interact correctly with certain authentication programs. For
+details, see the <I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P>The recommended AFS-related entries in the PAM configuration file make use
+of one or more of the following three attributes.
+<DL>
+<P><DT><B><TT>try_first_pass</TT>
+</B><DD>This is a standard PAM attribute that can be included on entries after the
+first one for a service; it directs the module to use the password that
+was provided to the first module. For the AFS module, it means that AFS
+authentication succeeds if the password provided to the module listed first is
+the user's correct AFS password. For further discussion of this
+attribute and its alternatives, see the operating system's PAM
+documentation.
+<P><DT><B><TT>ignore_root</TT>
+</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
+only the local superuser <B> root</B>, but also any user with UID 0
+(zero).
+<P><DT><B><TT>setenv_password_expires</TT>
+</B><DD>This attribute, specific to the AFS PAM module, sets the environment
+variable PASSWORD_EXPIRES to the expiration date of the user's AFS
+password, which is recorded in the Authentication Database.
+</DL>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Solaris on the <B>/cdrom</B> directory, if it
+is not already. Then change directory as indicated.
+<PRE>
+ # <B>cd /usr/lib/security</B>
+
+</PRE>
+<P><LI>Copy the AFS authentication library file to the
+<B>/usr/lib/security</B> directory. Then create a symbolic link to
+it whose name does not mention the version. Omitting the version
+eliminates the need to edit the PAM configuration file if you later update the
+library file.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ #<B> cp /cdrom/sun4x_56/lib/pam_afs.so.1 .</B>
+
+ # <B>ln -s pam_afs.so.1 pam_afs.so</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ # <B>cp /cdrom/sun4x_56/lib/pam_afs.krb.so.1 .</B>
+
+ # <B>ln -s pam_afs.krb.so.1 pam_afs.so</B>
+
+</PRE>
+<P><LI>Edit the <TT>Authentication management</TT> section of the Solaris PAM
+configuration file, <B>/etc/pam.conf</B> by convention. The
+entries in this section have the value <TT>auth</TT> in their second
+field.
+<P>First edit the standard entries, which refer to the Solaris PAM module
+(usually, the file <B>/usr/lib/security/pam_unix.so.1</B>)
+in their fourth field. For each service for which you want to use AFS
+authentication, edit the third field of its entry to read
+<TT>optional</TT>. The <B>pam.conf</B> file in the Solaris
+distribution usually includes standard entries for the <B>login</B>,
+<B>rlogin</B>, and <B>rsh</B> services, for instance.
+<P>If there are services for which you want to use AFS authentication, but for
+which the <B>pam.conf</B> file does not already include a standard
+entry, you must create that entry and place the value <TT>optional</TT> in
+its third field. For instance, the Solaris <B>pam.conf</B>
+file does not usually include standard entries for the <B>ftp</B> or
+<B>telnet</B> services.
+<P>Then create an AFS-related entry for each service, placing it immediately
+below the standard entry. The following example shows what the
+<TT>Authentication Management</TT> section looks like after you have you
+edited or created entries for the services mentioned previously. Note
+that the example AFS entries appear on two lines only for legibility.
+<PRE>
+ login auth optional /usr/lib/security/pam_unix.so.1
+ login auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+ rlogin auth optional /usr/lib/security/pam_unix.so.1
+ rlogin auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+ rsh auth optional /usr/lib/security/pam_unix.so.1
+ rsh auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ ftp auth optional /usr/lib/security/pam_unix.so.1
+ ftp auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ telnet auth optional /usr/lib/security/pam_unix.so.1
+ telnet auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+
+</PRE>
+<P><LI>If you use the Common Desktop Environment (CDE) on the machine and want
+users to obtain an AFS token as they log in, also add or edit the following
+four entries in the <TT>Authentication management</TT> section. Note
+that the AFS-related entries appear on two lines here only for
+legibility.
+<PRE>
+ dtlogin auth optional /usr/lib/security/pam_unix.so.1
+ dtlogin auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ dtsession auth optional /usr/lib/security/pam_unix.so.1
+ dtsession auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+
+</PRE>
+<P><LI>Some Solaris distributions include a script that locates and removes
+unneeded files from various file systems. Its conventional location is
+<B>/usr/lib/fs/nfs/nfsfind</B>. The script generally uses an
+argument to the <B>find</B> command to define which file systems to
+search. In this step you modify the command to exclude the
+<B>/afs</B> directory. Otherwise, the command traverses the AFS
+filespace of every cell that is accessible from the machine, which can take
+many hours. The following alterations are possibilities, but you must
+verify that they are appropriate for your cell.
+<P>The first possible alteration is to add the <B>-local</B> flag to the
+existing command, so that it looks like the following:
+<PRE>
+ find $dir -local -name .nfs\* -mtime +7 -mount -exec rm -f {} \;
+</PRE>
+<P>Another alternative is to exclude any directories whose names begin with
+the lowercase letter <B>a</B> or a non-alphabetic character.
+<PRE>
+ find /[A-Zb-z]* <VAR>remainder of existing command</VAR>
+</PRE>
+<P>Do not use the following command, which still searches under the
+<B>/afs</B> directory, looking for a subdirectory of type
+<B>4.2</B>.
+<PRE>
+ find / -fstype 4.2 /* <VAR>do not use</VAR> */
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ50">Starting the BOS Server</A> (or if referring to these instructions while installing an
+additional file server machine, return to <A HREF="auqbg006.htm#HDRWQ108">Starting Server Programs</A>).
+</OL>
+<A NAME="IDX2362"></A>
+<A NAME="IDX2363"></A>
+<A NAME="IDX2364"></A>
+<A NAME="IDX2365"></A>
+<A NAME="IDX2366"></A>
+<A NAME="IDX2367"></A>
+<A NAME="IDX2368"></A>
+<HR><H2><A NAME="HDRWQ50" HREF="auqbg002.htm#ToC_63">Starting the BOS Server</A></H2>
+<P>You are now ready to start the AFS server processes on this
+machine. Begin by copying the AFS server binaries from the CD-ROM to
+the conventional local disk location, the <B>/usr/afs/bin</B>
+directory. The following instructions also create files in other
+subdirectories of the <B>/usr/afs</B> directory.
+<P>Then issue the <B>bosserver</B> command to initialize the Basic
+OverSeer (BOS) Server, which monitors and controls other AFS server processes
+on its server machine. Include the <B>-noauth</B> flag to disable
+authorization checking. Because you have not yet configured your
+cell's AFS authentication and authorization mechanisms, the BOS Server
+cannot perform authorization checking as it does during normal
+operation. In no-authorization mode, it does not verify the identity or
+privilege of the issuer of a <B>bos</B> command, and so performs any
+operation for anyone.
+<P>Disabling authorization checking gravely compromises cell security.
+You must complete all subsequent steps in one uninterrupted pass and must not
+leave the machine unattended until you restart the BOS Server with
+authorization checking enabled, in <A HREF="#HDRWQ72">Verifying the AFS Initialization Script</A>.
+<P>As it initializes for the first time, the BOS Server creates the following
+directories and files, setting the owner to the local superuser
+<B>root</B> and the mode bits to limit the ability to write (and in some
+cases, read) them. For a description of the contents and function of
+these directories and files, see the chapter in the <I>IBM AFS
+Administration Guide</I> about administering server machines. For
+further discussion of the mode bit settings, see <A HREF="#HDRWQ96">Protecting Sensitive AFS Directories</A>.
+<A NAME="IDX2369"></A>
+<A NAME="IDX2370"></A>
+<A NAME="IDX2371"></A>
+<A NAME="IDX2372"></A>
+<A NAME="IDX2373"></A>
+<A NAME="IDX2374"></A>
+<A NAME="IDX2375"></A>
+<A NAME="IDX2376"></A>
+<A NAME="IDX2377"></A>
+<A NAME="IDX2378"></A>
+<A NAME="IDX2379"></A>
+<UL>
+<P><LI><B>/usr/afs/db</B>
+<P><LI><B>/usr/afs/etc/CellServDB</B>
+<P><LI><B>/usr/afs/etc/ThisCell</B>
+<P><LI><B>/usr/afs/local</B>
+<P><LI><B>/usr/afs/logs</B>
+</UL>
+<P>The BOS Server also creates symbolic links called
+<B>/usr/vice/etc/ThisCell</B> and <B>/usr/vice/etc/CellServDB</B> to
+the corresponding files in the <B>/usr/afs/etc</B> directory. The
+AFS command interpreters consult the <B>CellServDB</B> and
+<B>ThisCell</B> files in the <B>/usr/vice/etc</B> directory because
+they generally run on client machines. On machines that are AFS servers
+only (as this machine currently is), the files reside only in the
+<B>/usr/afs/etc</B> directory; the links enable the command
+interpreters to retrieve the information they need. Later instructions
+for installing the client functionality replace the links with actual
+files.
+<OL TYPE=1>
+<P><LI>On the local <B>/cdrom</B> directory, mount the AFS CD-ROM for this
+machine's system type, if it is not already. For instructions on
+mounting CD-ROMs (either locally or remotely via NFS), consult the operating
+system documentation.
+<P><LI>Copy files from the CD-ROM to the local <B>/usr/afs</B>
+directory.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.server/usr/afs</B>
+
+ # <B>cp -rp * /usr/afs</B>
+
+</PRE>
+<A NAME="IDX2380"></A>
+<A NAME="IDX2381"></A>
+<P><LI>Issue the <B>bosserver</B> command. Include the
+<B>-noauth</B> flag to disable authorization checking.
+<PRE>
+ # <B>/usr/afs/bin/bosserver -noauth &</B>
+
+</PRE>
+<P><LI>Verify that the BOS Server created <B>/usr/vice/etc/ThisCell</B> and
+<B>/usr/vice/etc/CellServDB</B> as symbolic links to the corresponding
+files in the <B>/usr/afs/etc</B> directory.
+<PRE>
+ # <B>ls -l /usr/vice/etc</B>
+</PRE>
+<P>If either or both of <B>/usr/vice/etc/ThisCell</B> and
+<B>/usr/vice/etc/CellServDB</B> do not exist, or are not links, issue the
+following commands.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>ln -s /usr/afs/etc/ThisCell</B>
+
+ # <B>ln -s /usr/afs/etc/CellServDB</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2382"></A>
+<A NAME="IDX2383"></A>
+<A NAME="IDX2384"></A>
+<A NAME="IDX2385"></A>
+<A NAME="IDX2386"></A>
+<A NAME="IDX2387"></A>
+<A NAME="IDX2388"></A>
+<A NAME="IDX2389"></A>
+<A NAME="IDX2390"></A>
+<A NAME="IDX2391"></A>
+<A NAME="IDX2392"></A>
+<A NAME="IDX2393"></A>
+<A NAME="IDX2394"></A>
+<A NAME="IDX2395"></A>
+<A NAME="IDX2396"></A>
+<A NAME="IDX2397"></A>
+<A NAME="IDX2398"></A>
+<HR><H2><A NAME="HDRWQ51" HREF="auqbg002.htm#ToC_64">Defining Cell Name and Membership for Server Processes</A></H2>
+<P>Now assign your cell's name. The chapter in the
+<I>IBM AFS Administration Guide</I> about cell configuration and
+administration issues discusses the important considerations, explains why
+changing the name is difficult, and outlines the restrictions on name
+format. Two of the most important restrictions are that the name cannot
+include uppercase letters or more than 64 characters.
+<P>Use the <B>bos setcellname</B> command to assign the cell name.
+It creates two files:
+<UL>
+<P><LI><B>/usr/afs/etc/ThisCell</B>, which defines this machine's cell
+membership
+<P><LI><B>/usr/afs/etc/CellServDB</B>, which lists the cell's database
+server machines; the machine named on the command line is placed on the
+list automatically
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">In the following and every instruction in this guide, for the
+<VAR>machine name</VAR> argument substitute the fully-qualified hostname
+(such as <B>fs1.abc.com</B>) of the machine you are
+installing. For the <VAR>cell name</VAR> argument substitute your
+cell's complete name (such as <B>abc.com</B>).
+</TD></TR></TABLE>
+<A NAME="IDX2399"></A>
+<A NAME="IDX2400"></A>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos setcellname</B> command to set the cell name.
+<PRE>
+ # <B>cd /usr/afs/bin</B>
+
+ # <B>./bos setcellname</B> <<VAR>machine name</VAR>> <<VAR>cell name</VAR>> <B>-noauth</B>
+</PRE>
+<P>Because you are not authenticated and authorization checking is disabled,
+the <B>bos</B> command interpreter possibly produces error messages about
+being unable to obtain tickets and running unauthenticated. You can
+safely ignore the messages.
+<A NAME="IDX2401"></A>
+<A NAME="IDX2402"></A>
+<A NAME="IDX2403"></A>
+<A NAME="IDX2404"></A>
+<P><LI>Issue the <B>bos listhosts</B> command to verify that the machine you
+are installing is now registered as the cell's first database server
+machine.
+<PRE>
+ # <B>./bos listhosts</B> <<VAR>machine name</VAR>> <B>-noauth</B>
+ Cell name is <VAR>cell_name</VAR>
+ Host 1 is <VAR>machine_name</VAR>
+
+</PRE>
+</OL>
+<A NAME="IDX2405"></A>
+<A NAME="IDX2406"></A>
+<A NAME="IDX2407"></A>
+<A NAME="IDX2408"></A>
+<A NAME="IDX2409"></A>
+<A NAME="IDX2410"></A>
+<A NAME="IDX2411"></A>
+<A NAME="IDX2412"></A>
+<A NAME="IDX2413"></A>
+<A NAME="IDX2414"></A>
+<A NAME="IDX2415"></A>
+<A NAME="IDX2416"></A>
+<A NAME="IDX2417"></A>
+<A NAME="IDX2418"></A>
+<A NAME="IDX2419"></A>
+<A NAME="IDX2420"></A>
+<A NAME="IDX2421"></A>
+<A NAME="IDX2422"></A>
+<A NAME="IDX2423"></A>
+<A NAME="IDX2424"></A>
+<A NAME="IDX2425"></A>
+<A NAME="IDX2426"></A>
+<A NAME="IDX2427"></A>
+<A NAME="IDX2428"></A>
+<A NAME="IDX2429"></A>
+<HR><H2><A NAME="HDRWQ52" HREF="auqbg002.htm#ToC_65">Starting the Database Server Processes</A></H2>
+<P>Next use the <B>bos create</B> command to create entries
+for the four database server processes in the
+<B>/usr/afs/local/BosConfig</B> file and start them running. The
+four processes run on database server machines only:
+<UL>
+<P><LI>The Authentication Server (the <B>kaserver</B> process) maintains the
+Authentication Database
+<P><LI>The Backup Server (the <B>buserver</B> process) maintains the Backup
+Database
+<P><LI>The Protection Server (the <B>ptserver</B> process) maintains the
+Protection Database
+<P><LI>The Volume Location (VL) Server (the <B>vlserver</B> process)
+maintains the Volume Location Database (VLDB)
+</UL>
+<A NAME="IDX2430"></A>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">AFS's authentication and authorization software is based on algorithms
+and other procedures known as <I>Kerberos</I>, as originally developed by
+Project Athena at the Massachusetts Institute of Technology. Some cells
+choose to replace the AFS Authentication Server and other security-related
+protocols with Kerberos as obtained directly from Project Athena or other
+sources. If you wish to do this, contact the AFS Product Support group
+now to learn about necessary modifications to the installation.
+</TD></TR></TABLE>
+<P>The remaining instructions in this chapter include the <B>-cell</B>
+argument on all applicable commands. Provide the cell name you assigned
+in <A HREF="#HDRWQ51">Defining Cell Name and Membership for Server Processes</A>. If a command appears on multiple lines, it is only
+for legibility.
+<A NAME="IDX2431"></A>
+<A NAME="IDX2432"></A>
+<OL TYPE=1>
+<P><LI>Issue the <B>bos create</B> command to start the Authentication
+Server. The current working directory is still
+<B>/usr/afs/bin</B>.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>kaserver simple /usr/afs/bin/kaserver</B> \
+<B> -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+</PRE>
+<P>You can safely ignore the messages that tell you to add Kerberos to the
+<B>/etc/services</B> file; AFS uses a default value that makes the
+addition unnecessary. You can also ignore messages about the failure of
+authentication.
+<P><LI>Issue the <B>bos create</B> command to start the Backup Server.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>buserver simple /usr/afs/bin/buserver</B> \
+<B> -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<P><LI>Issue the <B>bos create</B> command to start the Protection
+Server.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>ptserver simple /usr/afs/bin/ptserver</B> \
+<B> -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<P><LI>Issue the <B>bos create</B> command to start the VL Server.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>vlserver simple /usr/afs/bin/vlserver</B> \
+<B> -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2433"></A>
+<A NAME="IDX2434"></A>
+<A NAME="IDX2435"></A>
+<A NAME="IDX2436"></A>
+<A NAME="IDX2437"></A>
+<A NAME="IDX2438"></A>
+<A NAME="IDX2439"></A>
+<A NAME="IDX2440"></A>
+<A NAME="IDX2441"></A>
+<A NAME="IDX2442"></A>
+<A NAME="IDX2443"></A>
+<A NAME="IDX2444"></A>
+<A NAME="IDX2445"></A>
+<HR><H2><A NAME="HDRWQ53" HREF="auqbg002.htm#ToC_66">Initializing Cell Security</A></H2>
+<P>Now initialize the cell's security mechanisms.
+Begin by creating the following two initial entries in the Authentication
+Database:
+<UL>
+<P><LI>A generic administrative account, called <B>admin</B> by
+convention. If you choose to assign a different name, substitute it
+throughout the remainder of this document.
+<P>After you complete the installation of the first machine, you can continue
+to have all administrators use the <B>admin</B> account, or you can create
+a separate administrative account for each of them. The latter scheme
+implies somewhat more overhead, but provides a more informative audit trail
+for administrative operations.
+<P><LI>The entry for AFS server processes, called <B>afs</B>. No user
+logs in under this identity, but the Authentication Server's Ticket
+Granting Service (TGS) module uses the associated key to encrypt the server
+tickets that it grants to AFS clients for presentation to server processes
+during mutual authentication. (The chapter in the <I>IBM AFS
+Administration Guide</I> about cell configuration and administration
+describes the role of server encryption keys in mutual authentication.)
+<P>In Step <A HREF="#LIWQ58">7</A>, you also place the initial AFS server encryption key into
+the <B>/usr/afs/etc/KeyFile</B> file. The AFS server processes
+refer to this file to learn the server encryption key when they need to
+decrypt server tickets.
+</UL>
+<P>You also issue several commands that enable the new <B>admin</B> user
+to issue privileged commands in all of the AFS suites.
+<P>The following instructions do not configure all of the security mechanisms
+related to the AFS Backup System. See the chapter in the <I>IBM AFS
+Administration Guide</I> about configuring the Backup System.
+<OL TYPE=1>
+<A NAME="IDX2446"></A>
+<A NAME="IDX2447"></A>
+<A NAME="IDX2448"></A>
+<P><LI>Enter <B>kas</B> interactive mode. Because the machine is in
+no-authorization checking mode, include the <B>-noauth</B> flag to
+suppress the Authentication Server's usual prompt for a password.
+<PRE>
+ # <B>kas -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+ ka>
+
+</PRE>
+<A NAME="IDX2449"></A>
+<A NAME="IDX2450"></A>
+<A NAME="IDX2451"></A>
+<A NAME="IDX2452"></A>
+<P><LI><A NAME="LIWQ54"></A>Issue the <B>kas create</B> command to create Authentication
+Database entries called <B>admin</B> and <B>afs</B>.
+<P>Do not provide passwords on the command line. Instead provide them
+as <VAR>afs_passwd</VAR> and <VAR>admin_passwd</VAR> in response to the
+<B>kas</B> command interpreter's prompts as shown, so that they do
+not appear on the standard output stream.
+<P>You need to enter the <VAR>afs_passwd</VAR> string only in this step and in
+Step <A HREF="#LIWQ58">7</A>, so provide a value that is as long and complex as possible,
+preferably including numerals, punctuation characters, and both uppercase and
+lowercase letters. Also make the <VAR>admin_passwd</VAR> as long and
+complex as possible, but keep in mind that administrators need to enter it
+often. Both passwords must be at least six characters long.
+<PRE>
+ ka> <B>create afs</B>
+ initial_password: <VAR>afs_passwd</VAR>
+ Verifying, please re-enter initial_password: <VAR>afs_passwd</VAR>
+
+ ka> <B>create admin</B>
+ initial_password: <VAR>admin_passwd</VAR>
+ Verifying, please re-enter initial_password: <VAR>admin_passwd</VAR>
+
+</PRE>
+<A NAME="IDX2453"></A>
+<A NAME="IDX2454"></A>
+<A NAME="IDX2455"></A>
+<P><LI><A NAME="LIWQ55"></A>Issue the <B>kas examine</B> command to display the
+<B>afs</B> entry. The output includes a checksum generated by
+encrypting a constant with the server encryption key derived from the
+<VAR>afs_passwd</VAR> string. In Step <A HREF="#LIWQ59">8</A> you issue the <B>bos listkeys</B> command to verify
+that the checksum in its output matches the checksum in this output.
+<PRE>
+ ka> <B>examine afs</B>
+ User data for afs
+ key (0) cksum is <VAR>checksum</VAR> . . .
+
+</PRE>
+<A NAME="IDX2456"></A>
+<A NAME="IDX2457"></A>
+<A NAME="IDX2458"></A>
+<P><LI><A NAME="LIWQ56"></A>Issue the <B>kas setfields</B> command to turn on the
+<TT>ADMIN</TT> flag in the <B>admin</B> entry. This enables the
+<B>admin</B> user to issue privileged <B>kas</B> commands. Then
+issue the <B> kas examine</B> command to verify that the <TT>ADMIN</TT>
+flag appears in parentheses on the first line of the output, as shown in the
+example.
+<PRE>
+ ka> <B>setfields admin -flags admin</B>
+
+ ka> <B>examine admin </B>
+ User data for admin (ADMIN) . . .
+
+</PRE>
+<A NAME="IDX2459"></A>
+<A NAME="IDX2460"></A>
+<A NAME="IDX2461"></A>
+<P><LI>Issue the <B>kas quit</B> command to leave <B>kas</B> interactive
+mode.
+<PRE>
+ ka> <B>quit</B>
+
+</PRE>
+<A NAME="IDX2462"></A>
+<A NAME="IDX2463"></A>
+<A NAME="IDX2464"></A>
+<A NAME="IDX2465"></A>
+<A NAME="IDX2466"></A>
+<A NAME="IDX2467"></A>
+<A NAME="IDX2468"></A>
+<P><LI><A NAME="LIWQ57"></A>Issue the <B>bos adduser</B> command to add the
+<B>admin</B> user to the <B>/usr/afs/etc/UserList</B> file.
+This enables the <B>admin</B> user to issue privileged <B>bos</B> and
+<B>vos</B> commands.
+<PRE>
+ # <B>./bos adduser</B> <<VAR>machine name</VAR>> <B>admin -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<A NAME="IDX2469"></A>
+<A NAME="IDX2470"></A>
+<A NAME="IDX2471"></A>
+<A NAME="IDX2472"></A>
+<P><LI><A NAME="LIWQ58"></A>Issue the <B>bos addkey</B> command to define the AFS server
+encryption key in the <B>/usr/afs/etc/KeyFile</B> file.
+<P>Do not provide the password on the command line. Instead provide it
+as <VAR>afs_passwd</VAR> in response to the <B>bos</B> command
+interpreter's prompts, as shown. Provide the same string as in
+Step <A HREF="#LIWQ54">2</A>.
+<PRE>
+ # <B>./bos addkey</B> <<VAR>machine name</VAR>> <B>-kvno 0 -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+ Input key: <VAR>afs_passwd</VAR>
+ Retype input key: <VAR>afs_passwd</VAR>
+
+</PRE>
+<A NAME="IDX2473"></A>
+<A NAME="IDX2474"></A>
+<A NAME="IDX2475"></A>
+<P><LI><A NAME="LIWQ59"></A>Issue the <B>bos listkeys</B> command to verify that the
+checksum for the new key in the <B>KeyFile</B> file is the same as the
+checksum for the key in the Authentication Database's <B>afs</B>
+entry, which you displayed in Step <A HREF="#LIWQ55">3</A>.
+<PRE>
+ # <B>./bos listkeys</B> <<VAR>machine name</VAR>> <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+ key 0 has cksum <VAR>checksum</VAR>
+</PRE>
+<P>You can safely ignore any error messages indicating that <B>bos</B>
+failed to get tickets or that authentication failed.
+<P>If the keys are different, issue the following commands, making sure that
+the <VAR>afs_passwd</VAR> string is the same in each case. The
+<VAR>checksum</VAR> strings reported by the <B>kas examine</B> and <B>bos
+listkeys</B> commands must match; if they do not, repeat these
+instructions until they do, using the <B>-kvno</B> argument to increment
+the key version number each time.
+<PRE>
+ # <B>./kas -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+ ka> <B>setpassword afs -kvno 1</B>
+ new_password: <VAR>afs_passwd</VAR>
+ Verifying, please re-enter initial_password: <VAR>afs_passwd</VAR>
+
+ ka> <B>examine afs</B>
+ User data for afs
+ key (1) cksum is <VAR>checksum</VAR> . . .
+
+ ka> <B>quit</B>
+
+ # <B>./bos addkey</B> <<VAR>machine name</VAR>> <B>-kvno 1 -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+ Input key: <VAR>afs_passwd</VAR>
+ Retype input key: <VAR>afs_passwd</VAR>
+
+ # <B>./bos listkeys</B> <<VAR>machine name</VAR>> <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+ key 1 has cksum <VAR>checksum</VAR>
+
+</PRE>
+<A NAME="IDX2476"></A>
+<A NAME="IDX2477"></A>
+<A NAME="IDX2478"></A>
+<P><LI>Issue the <B>pts createuser</B> command to create a Protection
+Database entry for the <B>admin</B> user.
+<P>By default, the Protection Server assigns AFS UID 1 (one) to the
+<B>admin</B> user, because it is the first user entry you are
+creating. If the local password file (<B>/etc/passwd</B> or
+equivalent) already has an entry for <B>admin</B> that assigns it a UNIX
+UID other than 1, it is best to use the <B>-id</B> argument to the
+<B>pts createuser</B> command to make the new AFS UID match the existing
+UNIX UID. Otherwise, it is best to accept the default.
+<PRE>
+ # <B>./pts createuser -name admin -cell</B> <<VAR>cell name</VAR>> [<B>-id</B> <<VAR>AFS UID</VAR>>] <B>-noauth</B>
+ User admin has id <VAR>AFS UID</VAR>
+
+</PRE>
+<A NAME="IDX2479"></A>
+<A NAME="IDX2480"></A>
+<A NAME="IDX2481"></A>
+<A NAME="IDX2482"></A>
+<P><LI>Issue the <B>pts adduser</B> command to make the <B>admin</B> user
+a member of the <B>system:administrators</B> group, and the <B>pts
+membership</B> command to verify the new membership. Membership in
+the group enables the <B>admin</B> user to issue privileged <B>pts</B>
+commands and some privileged <B>fs</B> commands.
+<PRE>
+ # <B>./pts adduser admin system:administrators -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+ # <B>./pts membership admin -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+ Groups admin (id: 1) is a member of:
+ system:administrators
+
+</PRE>
+<A NAME="IDX2483"></A>
+<A NAME="IDX2484"></A>
+<A NAME="IDX2485"></A>
+<A NAME="IDX2486"></A>
+<P><LI>Issue the <B>bos restart</B> command with the <B>-all</B> flag to
+restart the database server processes, so that they start using the new server
+encryption key.
+<PRE>
+ # <B>./bos restart</B> <<VAR>machine name</VAR>> <B>-all -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2487"></A>
+<A NAME="IDX2488"></A>
+<A NAME="IDX2489"></A>
+<A NAME="IDX2490"></A>
+<A NAME="IDX2491"></A>
+<A NAME="IDX2492"></A>
+<A NAME="IDX2493"></A>
+<A NAME="IDX2494"></A>
+<A NAME="IDX2495"></A>
+<A NAME="IDX2496"></A>
+<A NAME="IDX2497"></A>
+<A NAME="IDX2498"></A>
+<HR><H2><A NAME="HDRWQ60" HREF="auqbg002.htm#ToC_67">Starting the File Server, Volume Server, and Salvager</A></H2>
+<P>Start the <B>fs</B> process, which consists of the File
+Server, Volume Server, and Salvager (<B>fileserver</B>,
+<B>volserver</B> and <B>salvager</B> processes).
+<OL TYPE=1>
+<P><LI>Issue the <B>bos create</B> command to start the <B>fs</B>
+process. The command appears here on multiple lines only for
+legibility.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>fs fs /usr/afs/bin/fileserver</B> \
+ <B>/usr/afs/bin/volserver /usr/afs/bin/salvager</B> \
+ <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+</PRE>
+<P>Sometimes a message about Volume Location Database (VLDB) initialization
+appears, along with one or more instances of an error message similar to the
+following:
+<PRE>
+ FSYNC_clientInit temporary failure (will retry)
+</PRE>
+<P>This message appears when the <B>volserver</B> process tries to start
+before the <B>fileserver</B> process has completed its
+initialization. Wait a few minutes after the last such message before
+continuing, to guarantee that both processes have started successfully.
+<A NAME="IDX2499"></A>
+<A NAME="IDX2500"></A>
+<P>You can verify that the <B>fs</B> process has started successfully by
+issuing the <B>bos status</B> command. Its output mentions two
+<TT>proc starts</TT>.
+<PRE>
+ # <B>./bos status</B> <<VAR>machine name</VAR>> <B>fs -long -noauth</B>
+
+</PRE>
+<P><LI>Your next action depends on whether you have ever run AFS file server
+machines in the cell:
+<UL>
+<A NAME="IDX2501"></A>
+<A NAME="IDX2502"></A>
+<A NAME="IDX2503"></A>
+<A NAME="IDX2504"></A>
+<A NAME="IDX2505"></A>
+<P><LI>If you are installing the first AFS server machine ever in the cell (that
+is, you are not upgrading the AFS software from a previous version), create
+the first AFS volume, <B>root.afs</B>.
+<P>For the <VAR>partition name</VAR> argument, substitute the name of one of
+the machine's AFS server partitions (such as <B>/vicepa</B>).
+<PRE>
+ # <B>./vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>root.afs</B> \
+ <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+</PRE>
+<P>The Volume Server produces a message confirming that it created the volume
+on the specified partition. You can ignore error messages indicating
+that tokens are missing, or that authentication failed.
+<A NAME="IDX2506"></A>
+<A NAME="IDX2507"></A>
+<A NAME="IDX2508"></A>
+<A NAME="IDX2509"></A>
+<P><LI>If there are existing AFS file server machines and volumes in the cell,
+issue the <B>vos syncvldb</B> and <B>vos syncserv</B> commands to
+synchronize the VLDB with the actual state of volumes on the local
+machine. To follow the progress of the synchronization operation, which
+can take several minutes, use the <B>-verbose</B> flag.
+<PRE>
+ # <B>./vos syncvldb</B> <<VAR>machine name</VAR>> <B>-cell</B> <<VAR>cell name</VAR>> <B>-verbose -noauth</B>
+
+ # <B>./vos syncserv</B> <<VAR>machine name</VAR>> <B>-cell</B> <<VAR>cell name</VAR>> <B>-verbose -noauth</B>
+</PRE>
+<P>You can ignore error messages indicating that tokens are missing, or that
+authentication failed.
+</UL>
+</OL>
+<A NAME="IDX2510"></A>
+<A NAME="IDX2511"></A>
+<A NAME="IDX2512"></A>
+<A NAME="IDX2513"></A>
+<A NAME="IDX2514"></A>
+<A NAME="IDX2515"></A>
+<A NAME="IDX2516"></A>
+<A NAME="IDX2517"></A>
+<HR><H2><A NAME="HDRWQ61" HREF="auqbg002.htm#ToC_68">Starting the Server Portion of the Update Server</A></H2>
+<P>Start the server portion of the Update Server (the
+<B>upserver</B> process), to distribute the contents of directories on
+this machine to other server machines in the cell. It becomes active
+when you configure the client portion of the Update Server on additional
+server machines.
+<P>Distributing the contents of its <B>/usr/afs/etc</B> directory makes
+this machine the cell's <I>system control machine</I>. The
+other server machines in the cell run the <B>upclientetc</B> process (an
+instance of the client portion of the Update Server) to retrieve the
+configuration files. Use the <B>-crypt</B> argument to the
+<B>upserver</B> initialization command to specify that the Update Server
+distributes the contents of the <B>/usr/afs/etc</B> directory only in
+encrypted form, as shown in the following instruction. Several of the
+files in the directory, particularly the <B>KeyFile</B> file, are crucial
+to cell security and so must never cross the network unencrypted.
+<P>(You can choose not to configure a system control machine, in which case
+you must update the configuration files in each server machine's
+<B>/usr/afs/etc</B> directory individually. The <B>bos</B>
+commands used for this purpose also encrypt data before sending it across the
+network.)
+<P>Distributing the contents of its <B>/usr/afs/bin</B> directory to other
+server machines of its system type makes this machine a <I>binary
+distribution machine</I>. The other server machines of its system
+type run the <B>upclientbin</B> process (an instance of the client portion
+of the Update Server) to retrieve the binaries.
+<P>The binaries in the <B>/usr/afs/bin</B> directory are not sensitive, so
+it is not necessary to encrypt them before transfer across the network.
+Include the <B>-clear</B> argument to the <B>upserver</B>
+initialization command to specify that the Update Server distributes the
+contents of the <B>/usr/afs/bin</B> directory in unencrypted form unless
+an <B>upclientbin</B> process requests encrypted transfer.
+<P>Note that the server and client portions of the Update Server always
+mutually authenticate with one another, regardless of whether you use the
+<B>-clear</B> or <B>-crypt</B> arguments. This protects their
+communications from eavesdropping to some degree.
+<P>For more information on the <B>upclient</B> and <B>upserver</B>
+processes, see their reference pages in the <I>IBM AFS Administration
+Reference</I>. The commands appear on multiple lines here only for
+legibility.
+<OL TYPE=1>
+<P><LI>Issue the <B>bos create</B> command to start the <B>upserver</B>
+process.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name></VAR> <B>upserver simple</B> \
+ <B>"/usr/afs/bin/upserver -crypt /usr/afs/etc </B> \
+ <B>-clear /usr/afs/bin" -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2518"></A>
+<A NAME="IDX2519"></A>
+<A NAME="IDX2520"></A>
+<A NAME="IDX2521"></A>
+<A NAME="IDX2522"></A>
+<A NAME="IDX2523"></A>
+<HR><H2><A NAME="HDRWQ62" HREF="auqbg002.htm#ToC_69">Starting the Controller for NTPD</A></H2>
+<P>Keeping the clocks on all server and client machines in your
+cell synchronized is crucial to several functions, and in particular to the
+correct operation of AFS's distributed database technology, Ubik.
+The chapter in the <I>IBM AFS Administration Guide</I> about administering
+server machines explains how time skew can disturb Ubik's performance and
+cause service outages in your cell.
+<P>The AFS distribution includes a version of the Network Time Protocol Daemon
+(NTPD) for synchronizing the clocks on server machines. If a time
+synchronization program is not already running on the machine, then in this
+section you start the <B>runntp</B> process to configure NTPD for use with
+AFS.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Do not run the <B>runntp</B> process if NTPD or another time
+synchronization protocol is already running on the machine. Some
+versions of some operating systems run a time synchronization program by
+default, as detailed in the <I>IBM AFS Release Notes</I>.
+<P>Attempting to run multiple instances of the NTPD causes an error.
+Running NTPD together with another time synchronization protocol is
+unnecessary and can cause instability in the clock setting.
+</TD></TR></TABLE>
+<P>If you run the <B>runntp</B> process and your cell has reliable network
+connectivity to machines outside your cell, then it is conventional to
+configure the first AFS machine to refer to a time source outside the
+cell. When you later install the <B>runntp</B> program on other
+server machines in the cell, it configures NTPD to choose a time source at
+random from among the database server machines listed in the
+<B>/usr/afs/etc/CellServDB</B> file. Time synchronization therefore
+works in a chained manner: this database server machine refers to a time
+source outside the cell, the database server machines refer to the machine
+among them that has access to the most accurate time (NTPD itself includes
+code for determining this), and each non-database server machine refers to a
+local database server machine chosen at random from the
+<B>/usr/afs/etc/CellServDB</B> file. If you ever decide to remove
+database server functionality from this machine, it is best to transfer
+responsibility for consulting an external time source to a remaining database
+server machine.
+<P>If your cell does not have network connectivity to external machines, or if
+the connectivity is not reliable, include the <B>-localclock</B> flag to
+the <B>runntp</B> command as indicated in the following
+instructions. The flag tells NTPD to rely on the machine's
+internal clock when all external time sources are inaccessible. The
+<B>runntp</B> command has other arguments that are possibly useful given
+your cell configuration; see the <I>IBM AFS Administration
+Reference</I>.
+<P>Choosing an appropriate external time source is important, but involves
+more considerations than can be discussed here. If you need help in
+selecting a source, contact the AFS Product Support group.
+<P>As the <B>runntp</B> process initializes NTPD, trace messages sometimes
+appear on the standard output stream. You can ignore them, but they can
+be informative if you understand how NTPD works.
+<OL TYPE=1>
+<P><LI>Issue the <B>bos create</B> command to start the <B>runntp</B>
+process. For the <VAR>host</VAR> argument, substitute the fully-qualified
+hostname or IP address of one or more machines outside the cell that are to
+serve as time sources. Separate each name with a space.
+<UL>
+<P><LI>If your cell usually has reliable network connectivity to an external time
+source, use the following command:
+<PRE>
+ # <B>./bos create </B> <<VAR>machine name</VAR>> <B>runntp simple</B> \
+ <B>"/usr/afs/bin/runntp</B> <<VAR>host</VAR>>+<B>" -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<P><LI>If your cell does not have network connectivity to an external time
+source, use the following command:
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>runntp simple</B> \
+ <B>"/usr/afs/bin/runntp -localclock"</B> <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<P><LI>If your cell has network connectivity to an external time source, but the
+network connection is frequently interrupted, use the following command:
+<P>
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>runntp simple</B> \
+ <B>"/usr/afs/bin/runntp -localclock</B> <<VAR>host</VAR>>+<B>"</B> \
+ <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+</UL>
+</OL>
+<A NAME="IDX2524"></A>
+<A NAME="IDX2525"></A>
+<A NAME="IDX2526"></A>
+<HR><H2><A NAME="HDRWQ63" HREF="auqbg002.htm#ToC_70">Overview: Installing Client Functionality</A></H2>
+<P>The machine you are installing is now an AFS file server
+machine, database server machine, system control machine, and binary
+distribution machine. Now make it a client machine by completing the
+following tasks:
+<OL TYPE=1>
+<P><LI>Define the machine's cell membership for client processes
+<P><LI>Create the client version of the <B>CellServDB</B> file
+<P><LI>Define cache location and size
+<P><LI>Create the <B>/afs</B> directory and start the Cache Manager
+</OL>
+<A NAME="IDX2527"></A>
+<A NAME="IDX2528"></A>
+<A NAME="IDX2529"></A>
+<HR><H2><A NAME="HDRWQ64" HREF="auqbg002.htm#ToC_71">Copying Client Files to the Local Disk</A></H2>
+<P>Before installing and configuring the AFS client, copy the
+necessary files from the AFS CD-ROM to the local <B>/usr/vice/etc</B>
+directory.
+<OL TYPE=1>
+<P><LI>On the local <B>/cdrom</B> directory, mount the AFS CD-ROM for this
+machine's system type, if it is not already. For instructions on
+mounting CD-ROMs (either locally or remotely via NFS), consult the operating
+system documentation.
+<P><LI>Copy files to the local <B>/usr/vice/etc</B> directory.
+<P>This step places a copy of the AFS initialization script (and related
+files, if applicable) into the <B>/usr/vice/etc</B> directory. In
+the preceding instructions for incorporating AFS into the kernel, you copied
+the script directly to the operating system's conventional location for
+initialization files. When you incorporate AFS into the machine's
+startup sequence in a later step, you can choose to link the two files.
+<P>On some system types that use a dynamic kernel loader program, you
+previously copied AFS library files into a subdirectory of the
+<B>/usr/vice/etc</B> directory. On other system types, you copied
+the appropriate AFS library file directly to the directory where the operating
+system accesses it. The following commands do not copy or recopy the
+AFS library files into the <B>/usr/vice/etc</B> directory, because on some
+system types the library files consume a large amount of space. If you
+want to copy them, add the <B>-r</B> flag to the first <B>cp</B>
+command and skip the second <B>cp</B> command.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client/usr/vice/etc</B>
+
+ # <B>cp -p * /usr/vice/etc</B>
+
+ # <B>cp -rp C /usr/vice/etc</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2530"></A>
+<A NAME="IDX2531"></A>
+<A NAME="IDX2532"></A>
+<A NAME="IDX2533"></A>
+<A NAME="IDX2534"></A>
+<A NAME="IDX2535"></A>
+<A NAME="IDX2536"></A>
+<HR><H2><A NAME="HDRWQ65" HREF="auqbg002.htm#ToC_72">Defining Cell Membership for Client Processes</A></H2>
+<P>Every AFS client machine has a copy of the
+<B>/usr/vice/etc/ThisCell</B> file on its local disk to define the
+machine's cell membership for the AFS client programs that run on
+it. The <B>ThisCell</B> file you created in the
+<B>/usr/afs/etc</B> directory (in <A HREF="#HDRWQ51">Defining Cell Name and Membership for Server Processes</A>) is used only by server processes.
+<P>Among other functions, the <B>ThisCell</B> file on a client machine
+determines the following:
+<UL>
+<P><LI>The cell in which users authenticate when they log onto the machine,
+assuming it is using an AFS-modified login utility
+<P><LI>The cell in which users authenticate by default when they issue the
+<B>klog</B> command
+<P><LI>The cell membership of the AFS server processes that the AFS command
+interpreters on this machine contact by default
+</UL>
+<OL TYPE=1>
+<P><LI>Change to the <B>/usr/vice/etc</B> directory and remove the symbolic
+link created in <A HREF="#HDRWQ50">Starting the BOS Server</A>.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm ThisCell</B>
+
+</PRE>
+<P><LI>Create the <B>ThisCell</B> file as a copy of the
+<B>/usr/afs/etc/ThisCell</B> file. Defining the same local cell for
+both server and client processes leads to the most consistent AFS
+performance.
+<PRE>
+ # <B>cp /usr/afs/etc/ThisCell ThisCell</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2537"></A>
+<A NAME="IDX2538"></A>
+<A NAME="IDX2539"></A>
+<A NAME="IDX2540"></A>
+<A NAME="IDX2541"></A>
+<A NAME="IDX2542"></A>
+<A NAME="IDX2543"></A>
+<A NAME="IDX2544"></A>
+<HR><H2><A NAME="HDRWQ66" HREF="auqbg002.htm#ToC_73">Creating the Client CellServDB File</A></H2>
+<P>The <B>/usr/vice/etc/CellServDB</B> file on a client
+machine's local disk lists the database server machines for each cell
+that the local Cache Manager can contact. If there is no entry in the
+file for a cell, or if the list of database server machines is wrong, then
+users working on this machine cannot access the cell. The chapter in
+the <I>IBM AFS Administration Guide</I> about administering client
+machines explains how to maintain the file after creating it.
+<P>As the <B>afsd</B> program initializes the Cache Manager, it copies the
+contents of the <B>CellServDB</B> file into kernel memory. The
+Cache Manager always consults the list in kernel memory rather than the
+<B>CellServDB</B> file itself. Between reboots of the machine, you
+can use the <B>fs newcell</B> command to update the list in kernel memory
+directly; see the chapter in the <I>IBM AFS Administration Guide</I>
+about administering client machines.
+<P>The AFS distribution includes the file <B>CellServDB.sample</B>,
+and you have already copied it to the <B>/usr/vice/etc</B>
+directory. It includes an entry for all AFS cells that agreed to share
+their database server machine information at the time your AFS CD-ROM was
+created. The AFS Product Support group also maintains a copy of the
+file, updating it as necessary. If you are interested in participating
+in the global AFS namespace, it is a good policy to consult the file
+occasionally for updates. Ask the AFS Product Support group for a
+pointer to its location.
+<P>The <B>CellServDB.sample</B> file can be a good basis for the
+client <B>CellServDB</B> file, because all of the entries in it use the
+correct format. You can add or remove cell entries as you see
+fit. Later (in <A HREF="#HDRWQ91">Enabling Access to Foreign Cells</A>) you perform additional steps that enable the Cache
+Manager actually to reach the cells.
+<P>In this section, you add an entry for the local cell to the local
+<B>CellServDB</B> file. The current working directory is still
+<B>/usr/vice/etc</B>.
+<OL TYPE=1>
+<P><LI>Remove the symbolic link created in <A HREF="#HDRWQ50">Starting the BOS Server</A> and rename the <B>CellServDB.sample</B> file to
+<B>CellServDB</B>.
+<PRE>
+ # <B>rm CellServDB</B>
+
+ # <B>mv CellServDB.sample CellServDB</B>
+
+</PRE>
+<P><LI>Add an entry for the local cell to the <B>CellServDB</B> file.
+One easy method is to use the <B>cat</B> command to append the contents of
+the server <B>/usr/afs/etc/CellServDB</B> file to the client
+version.
+<PRE>
+ # <B>cat /usr/afs/etc/CellServDB >> CellServDB</B>
+</PRE>
+<P>Then open the file in a text editor to verify that there are no blank
+lines, and that all entries have the required format, which is described just
+following. The ordering of cells is not significant, but it can be
+convenient to have the client machine's home cell at the top; move
+it there now if you wish.
+<UL>
+<P><LI>The first line of a cell's entry has the following format:
+<PRE>
+ ><VAR>cell_name</VAR> #<VAR>organization</VAR>
+</PRE>
+<P>where <VAR>cell_name</VAR> is the cell's complete Internet domain name
+(for example, <B>abc.com</B>) and <VAR>organization</VAR> is an
+optional field that follows any number of spaces and the number sign
+(<TT>#</TT>). By convention it names the organization to which the
+cell corresponds (for example, the ABC Corporation).
+<P><LI>After the first line comes a separate line for each database server
+machine. Each line has the following format:
+<PRE>
+ <VAR>IP_address</VAR> #<VAR>machine_name</VAR>
+</PRE>
+<P>where <VAR>IP_address</VAR> is the machine's IP address in dotted
+decimal format (for example, 192.12.105.3).
+Following any number of spaces and the number sign (<TT>#</TT>) is
+<VAR>machine_name</VAR>, the machine's fully-qualified hostname (for
+example, <B>db1.abc.com</B>). In this case, the
+number sign does not indicate a comment; <VAR>machine_name</VAR> is a
+required field.
+</UL>
+<P><LI>If the file includes cells that you do not wish users of this machine to
+access, remove their entries.
+</OL>
+<P>The following example shows entries for two cells, each of which has three
+database server machines:
+<P>
+<PRE>
+ >abc.com #ABC Corporation (home cell)
+ 192.12.105.3 #db1.abc.com
+ 192.12.105.4 #db2.abc.com
+ 192.12.105.55 #db3.abc.com
+ >stateu.edu #State University cell
+ 138.255.68.93 #serverA.stateu.edu
+ 138.255.68.72 #serverB.stateu.edu
+ 138.255.33.154 #serverC.stateu.edu
+
+</PRE>
+<A NAME="IDX2545"></A>
+<A NAME="IDX2546"></A>
+<A NAME="IDX2547"></A>
+<A NAME="IDX2548"></A>
+<HR><H2><A NAME="HDRWQ67" HREF="auqbg002.htm#ToC_74">Configuring the Cache</A></H2>
+<P>The Cache Manager uses a cache on the local disk or in
+machine memory to store local copies of files fetched from file server
+machines. As the <B>afsd</B> program initializes the Cache Manager,
+it sets basic cache configuration parameters according to definitions in the
+local <B>/usr/vice/etc/cacheinfo</B> file. The file has three
+fields:
+<OL TYPE=1>
+<P><LI>The first field names the local directory on which to mount the AFS
+filespace. The conventional location is the <B>/afs</B>
+directory.
+<P><LI>The second field defines the local disk directory to use for the disk
+cache. The conventional location is the <B>/usr/vice/cache</B>
+directory, but you can specify an alternate directory if another partition has
+more space available. There must always be a value in this field, but
+the Cache Manager ignores it if the machine uses a memory cache.
+<P><LI>The third field specifies the number of kilobyte (1024 byte) blocks to
+allocate for the cache.
+</OL>
+<P>The values you define must meet the following requirements.
+<UL>
+<P><LI>On a machine using a disk cache, the Cache Manager expects always to be
+able to use the amount of space specified in the third field. Failure
+to meet this requirement can cause serious problems, some of which can be
+repaired only by rebooting. You must prevent non-AFS processes from
+filling up the cache partition. The simplest way is to devote a
+partition to the cache exclusively.
+<P><LI>The amount of space available in memory or on the partition housing the
+disk cache directory imposes an absolute limit on cache size.
+<P><LI>The maximum supported cache size can vary in each AFS release; see
+the <I>IBM AFS Release Notes</I> for the current version.
+<P><LI>For a disk cache, you cannot specify a value in the third field that
+exceeds 95% of the space available on the partition mounted at the directory
+named in the second field. If you violate this restriction, the
+<B>afsd</B> program exits without starting the Cache Manager and prints an
+appropriate message on the standard output stream. A value of 90% is
+more appropriate on most machines. Some operating systems (such as AIX)
+do not automatically reserve some space to prevent the partition from filling
+completely; for them, a smaller value (say, 80% to 85% of the space
+available) is more appropriate.
+<P><LI>For a memory cache, you must leave enough memory for other processes and
+applications to run. If you try to allocate more memory than is
+actually available, the <B>afsd</B> program exits without initializing the
+Cache Manager and produces the following message on the standard output
+stream.
+<PRE>
+ afsd: memCache allocation failure at <VAR>number</VAR> KB
+</PRE>
+<P>The <VAR>number</VAR> value is how many kilobytes were allocated just before
+the failure, and so indicates the approximate amount of memory
+available.
+</UL>
+<P>Within these hard limits, the factors that determine appropriate cache size
+include the number of users working on the machine, the size of the files with
+which they work, and (for a memory cache) the number of processes that run on
+the machine. The higher the demand from these factors, the larger the
+cache needs to be to maintain good performance.
+<P>Disk caches smaller than 10 MB do not generally perform well.
+Machines serving multiple users usually perform better with a cache of at
+least 60 to 70 MB. The point at which enlarging the cache further does
+not really improve performance depends on the factors mentioned previously and
+is difficult to predict.
+<P>Memory caches smaller than 1 MB are nonfunctional, and the performance of
+caches smaller than 5 MB is usually unsatisfactory. Suitable upper
+limits are similar to those for disk caches but are probably determined more
+by the demands on memory from other sources on the machine (number of users
+and processes). Machines running only a few processes possibly can use
+a smaller memory cache.
+<P><H3><A NAME="HDRWQ68" HREF="auqbg002.htm#ToC_75">Configuring a Disk Cache</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Not all file system types that an operating system supports are
+necessarily supported for use as the cache partition. For possible
+restrictions, see the <I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P>To configure the disk cache, perform the following procedures:
+<OL TYPE=1>
+<P><LI>Create the local directory to use for caching. The following
+instruction shows the conventional location,
+<B>/usr/vice/cache</B>. If you are devoting a partition exclusively
+to caching, as recommended, you must also configure it, make a file system on
+it, and mount it at the directory created in this step.
+<PRE>
+ # <B>mkdir /usr/vice/cache</B>
+
+</PRE>
+<P><LI>Create the <B>cacheinfo</B> file to define the configuration
+parameters discussed previously. The following instruction shows the
+standard mount location, <B>/afs</B>, and the standard cache location,
+<B>/usr/vice/cache</B>.
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:</B><VAR>#blocks</VAR><B>" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+<P>The following example defines the disk cache size as 50,000 KB:
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:50000" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRWQ69" HREF="auqbg002.htm#ToC_76">Configuring a Memory Cache</A></H3>
+<P>To configure a memory cache, create the <B>cacheinfo</B>
+file to define the configuration parameters discussed previously. The
+following instruction shows the standard mount location, <B>/afs</B>, and
+the standard cache location, <B>/usr/vice/cache</B> (though the exact
+value of the latter is irrelevant for a memory cache).
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:</B><VAR>#blocks</VAR><B>" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+<P>The following example allocates 25,000 KB of memory for the cache.
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:25000" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+<A NAME="IDX2549"></A>
+<A NAME="IDX2550"></A>
+<A NAME="IDX2551"></A>
+<A NAME="IDX2552"></A>
+<A NAME="IDX2553"></A>
+<A NAME="IDX2554"></A>
+<HR><H2><A NAME="HDRWQ70" HREF="auqbg002.htm#ToC_77">Configuring the Cache Manager</A></H2>
+<P>By convention, the Cache Manager mounts the AFS filespace on
+the local <B>/afs</B> directory. In this section you create that
+directory.
+<P>The <B>afsd</B> program sets several cache configuration parameters as
+it initializes the Cache Manager, and starts daemons that improve
+performance. You can use the <B>afsd</B> command's arguments
+to override the parameters' default values and to change the number of
+some of the daemons. Depending on the machine's cache size, its
+amount of RAM, and how many people work on it, you can sometimes improve Cache
+Manager performance by overriding the default values. For a discussion
+of all of the <B>afsd</B> command's arguments, see its reference page
+in the <I>IBM AFS Administration Reference</I>.
+<P>The <B>afsd</B> command line in the AFS initialization script on each
+system type includes an <TT>OPTIONS</TT> variable. You can use it to
+set nondefault values for the command's arguments, in one of the
+following ways:
+<UL>
+<P><LI>You can create an <B>afsd</B> <I>options file</I> that sets values
+for arguments to the <B>afsd</B> command. If the file exists, its
+contents are automatically substituted for the <TT>OPTIONS</TT> variable in
+the AFS initialization script. The AFS distribution for some system
+types includes an options file; on other system types, you must create
+it.
+<P>You use two variables in the AFS initialization script to specify the path
+to the options file: <TT>CONFIG</TT> and <TT>AFSDOPT</TT>. On
+system types that define a conventional directory for configuration files, the
+<TT>CONFIG</TT> variable indicates it by default; otherwise, the
+variable indicates an appropriate location.
+<P>List the desired <B>afsd</B> options on a single line in the options
+file, separating each option with one or more spaces. The following
+example sets the <B>-stat</B> argument to 2500, the <B>-daemons</B>
+argument to 4, and the <B>-volumes</B> argument to 100.
+<PRE>
+ -stat 2500 -daemons 4 -volumes 100
+
+</PRE>
+<P><LI>On a machine that uses a disk cache, you can set the <TT>OPTIONS</TT>
+variable in the AFS initialization script to one of <TT>$SMALL</TT>,
+<TT>$MEDIUM</TT>, or <TT>$LARGE</TT>. The AFS initialization script
+uses one of these settings if the <B>afsd</B> options file named by the
+<TT>AFSDOPT</TT> variable does not exist. In the script as
+distributed, the <TT>OPTIONS</TT> variable is set to the value
+<TT>$MEDIUM</TT>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Do not set the <TT>OPTIONS</TT> variable to <TT>$SMALL</TT>,
+<TT>$MEDIUM</TT>, or <TT>$LARGE</TT> on a machine that uses a memory
+cache. The arguments it sets are appropriate only on a machine that
+uses a disk cache.
+</TD></TR></TABLE>
+<P>The script (or on some system types the <B>afsd</B> options file named
+by the <TT>AFSDOPT</TT> variable) defines a value for each of
+<TT>SMALL</TT>, <TT>MEDIUM</TT>, and <TT>LARGE</TT> that sets
+<B>afsd</B> command arguments appropriately for client machines of
+different sizes:
+<UL>
+<P><LI><TT>SMALL</TT> is suitable for a small machine that serves one or two
+users and has approximately 8 MB of RAM and a 20-MB cache
+<P><LI><TT>MEDIUM</TT> is suitable for a medium-sized machine that serves two
+to six users and has 16 MB of RAM and a 40-MB cache
+<P><LI><TT>LARGE</TT> is suitable for a large machine that serves five to ten
+users and has 32 MB of RAM and a 100-MB cache
+</UL>
+<P><LI>You can choose not to create an <B>afsd</B> options file and to set
+the <TT>OPTIONS</TT> variable in the initialization script to a null value
+rather than to the default <TT>$MEDIUM</TT> value. You can then
+either set arguments directly on the <B>afsd</B> command line in the
+script, or set no arguments (and so accept default values for all Cache
+Manager parameters).
+</UL>
+<OL TYPE=1>
+<P><LI>Create the local directory on which to mount the AFS filespace, by
+convention <B>/afs</B>. If the directory already exists, verify
+that it is empty.
+<PRE>
+ # <B>mkdir /afs</B>
+
+</PRE>
+<P><LI>On AIX systems, add the following line to the <B>/etc/vfs</B>
+file. It enables AIX to unmount AFS correctly during shutdown.
+<PRE>
+ afs 4 none none
+
+</PRE>
+<P><LI>On Linux systems, copy the <B>afsd</B> options file from the
+<B>/usr/vice/etc</B> directory to the <B>/etc/sysconfig</B> directory,
+removing the <B>.conf</B> extension as you do so.
+<PRE>
+ # <B>cp /usr/vice/etc/afs.conf /etc/sysconfig/afs</B>
+
+</PRE>
+<P><LI>Edit the machine's AFS initialization script or <B>afsd</B>
+options file to set appropriate values for <B>afsd</B> command
+parameters. The script resides in the indicated location on each system
+type:
+<UL>
+<P><LI>On AIX systems, <B>/etc/rc.afs</B>
+<P><LI>On Digital UNIX systems, <B>/sbin/init.d/afs</B>
+<P><LI>On HP-UX systems, <B>/sbin/init.d/afs</B>
+<P><LI>On IRIX systems, <B>/etc/init.d/afs</B>
+<P><LI>On Linux systems, <B>/etc/sysconfig/afs</B> (the <B>afsd</B>
+options file)
+<P><LI>On Solaris systems, <B>/etc/init.d/afs</B>
+</UL>
+<P>Use one of the methods described in the introduction to this section to add
+the following flags to the <B>afsd</B> command line. If you intend
+for the machine to remain an AFS client, also set any performance-related
+arguments you wish.
+<UL>
+<P><LI>Add the <B>-nosettime</B> flag, because this is a file server machine
+that is also a client. The flag prevents the machine from picking a
+file server machine in the cell as its source for the correct time, which
+client machines normally do. File server machines instead use NTPD (as
+controlled by the <B>runntp</B> process) or another protocol to
+synchronize their clocks.
+<P><LI>Add the <B>-memcache</B> flag if the machine is to use a memory
+cache.
+<P><LI>Add the <B>-verbose</B> flag to display a trace of the Cache
+Manager's initialization on the standard output stream.
+</UL>
+</OL>
+<A NAME="IDX2555"></A>
+<A NAME="IDX2556"></A>
+<HR><H2><A NAME="HDRWQ71" HREF="auqbg002.htm#ToC_78">Overview: Completing the Installation of the First AFS Machine</A></H2>
+<P>The machine is now configured as an AFS file server and
+client machine. In this final phase of the installation, you initialize
+the Cache Manager and then create the upper levels of your AFS filespace,
+among other procedures. The procedures are:
+<OL TYPE=1>
+<P><LI>Verify that the initialization script works correctly, and incorporate it
+into the operating system's startup and shutdown sequence
+<P><LI>Create and mount top-level volumes
+<P><LI>Create and mount volumes to store system binaries in AFS
+<P><LI>Enable access to foreign cells
+<P><LI>Institute additional security measures
+<P><LI>Remove client functionality if desired
+</OL>
+<A NAME="IDX2557"></A>
+<A NAME="IDX2558"></A>
+<A NAME="IDX2559"></A>
+<A NAME="IDX2560"></A>
+<A NAME="IDX2561"></A>
+<HR><H2><A NAME="HDRWQ72" HREF="auqbg002.htm#ToC_79">Verifying the AFS Initialization Script</A></H2>
+<P>At this point you run the AFS initialization script to verify
+that it correctly invokes all of the necessary programs and AFS processes, and
+that they start correctly. The following are the relevant
+commands:
+<UL>
+<P><LI>The command that dynamically loads AFS modifications into the kernel, on
+some system types (not applicable if the kernel has AFS modifications built
+in)
+<P><LI>The <B>bosserver</B> command, which starts the BOS Server; it in
+turn starts the server processes for which you created entries in the
+<B>/usr/afs/local/BosConfig</B> file
+<P><LI>The <B>afsd</B> command, which initializes the Cache Manager
+</UL>
+<P>On system types that use a dynamic loader program, you must reboot the
+machine before running the initialization script, so that it can freshly load
+AFS modifications into the kernel.
+<P>If there are problems during the initialization, attempt to resolve
+them. The AFS Product Support group can provide assistance if
+necessary.
+<OL TYPE=1>
+<A NAME="IDX2562"></A>
+<A NAME="IDX2563"></A>
+<P><LI>Issue the <B>bos shutdown</B> command to shut down the AFS server
+processes other than the BOS Server. Include the <B>-wait</B> flag
+to delay return of the command shell prompt until all processes shut down
+completely.
+<PRE>
+ # <B>/usr/afs/bin/bos shutdown</B> <<VAR>machine name</VAR>> <B>-wait</B>
+
+</PRE>
+<P><LI>Issue the <B>ps</B> command to learn the <B>bosserver</B>
+process's process ID number (PID), and then the <B>kill</B> command
+to stop it.
+<PRE>
+ # <B>ps</B> <VAR>appropriate_ps_options</VAR> <B>| grep bosserver</B>
+
+ # <B>kill</B> <VAR>bosserver_PID</VAR>
+
+</PRE>
+<P><LI>Issue the appropriate commands to run the AFS initialization script for
+this system type.
+<A NAME="IDX2564"></A>
+<P><B>On AIX systems:</B>
+<OL TYPE=a>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/rc.afs</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2565"></A>
+<P><B>On Digital UNIX systems:</B>
+<OL TYPE=a>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/sbin/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2566"></A>
+<P><B>On HP-UX systems:</B>
+<OL TYPE=a>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/sbin/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2567"></A>
+<A NAME="IDX2568"></A>
+<A NAME="IDX2569"></A>
+<A NAME="IDX2570"></A>
+<A NAME="IDX2571"></A>
+<A NAME="IDX2572"></A>
+<A NAME="IDX2573"></A>
+<P><B>On IRIX systems:</B>
+<OL TYPE=a>
+<P><LI>If you have configured the machine to use the <B>ml</B> dynamic loader
+program, reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the
+<B>afsserver</B> and <B>afsclient</B> configuration variables.
+<PRE>
+ # <B>/etc/chkconfig -f afsserver on</B>
+
+ # <B>/etc/chkconfig -f afsclient on</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2574"></A>
+<P><B>On Linux systems:</B>
+<OL TYPE=a>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/rc.d/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2575"></A>
+<P><B>On Solaris systems:</B>
+<OL TYPE=a>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2576"></A>
+<A NAME="IDX2577"></A>
+<P><LI>Wait for the message that confirms that Cache Manager initialization is
+complete.
+<P>On machines that use a disk cache, it can take a while to initialize the
+Cache Manager for the first time, because the <B>afsd</B> program must
+create all of the <B>V</B><VAR>n</VAR> files in the cache directory.
+Subsequent Cache Manager initializations do not take nearly as long, because
+the <B>V</B><VAR>n</VAR> files already exist.
+<P>As a basic test of correct AFS functioning, issue the <B>klog</B>
+command to authenticate as the <B>admin</B> user. Provide the
+password (<VAR>admin_passwd</VAR>) you defined in <A HREF="#HDRWQ53">Initializing Cell Security</A>.
+<PRE>
+ # <B>/usr/afs/bin/klog admin</B>
+ Password: <VAR>admin_passwd</VAR>
+
+</PRE>
+<A NAME="IDX2578"></A>
+<A NAME="IDX2579"></A>
+<P><LI>Issue the <B>tokens</B> command to verify that the <B>klog</B>
+command worked correctly. If it did, the output looks similar to the
+following example for the <B>abc.com</B> cell, where
+<B>admin</B>'s AFS UID is 1. If the output does not seem
+correct, resolve the problem. Changes to the AFS initialization script
+are possibly necessary. The AFS Product Support group can provide
+assistance as necessary.
+<PRE>
+ # <B>/usr/afs/bin/tokens</B>
+ Tokens held by the Cache Manager:
+
+ User's (AFS ID 1) tokens for afs@abc.com [Expires May 22 11:52]
+ --End of list--
+
+</PRE>
+<P><LI>Issue the <B>bos status</B> command to verify that the output for each
+process reads <TT>Currently running normally</TT>.
+<PRE>
+ # <B>/usr/afs/bin/bos status</B> <<VAR>machine name</VAR>>
+
+</PRE>
+<A NAME="IDX2580"></A>
+<A NAME="IDX2581"></A>
+<P><LI>Change directory to the local file system root (<B>/</B>) and issue
+the <B>fs checkvolumes</B> command.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>/usr/afs/bin/fs checkvolumes</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2582"></A>
+<A NAME="IDX2583"></A>
+<A NAME="IDX2584"></A>
+<A NAME="IDX2585"></A>
+<HR><H2><A NAME="HDRWQ73" HREF="auqbg002.htm#ToC_80">Activating the AFS Initialization Script</A></H2>
+<P>Now that you have confirmed that the AFS initialization
+script works correctly, take the action necessary to have it run automatically
+at each reboot. Proceed to the instructions for your system type:
+<UL>
+<P><LI><A HREF="#HDRWQ74">Activating the Script on AIX Systems</A>
+<P><LI><A HREF="#HDRWQ75">Activating the Script on Digital UNIX Systems</A>
+<P><LI><A HREF="#HDRWQ76">Activating the Script on HP-UX Systems</A>
+<P><LI><A HREF="#HDRWQ77">Activating the Script on IRIX Systems</A>
+<P><LI><A HREF="#HDRWQ78">Activating the Script on Linux Systems</A>
+<P><LI><A HREF="#HDRWQ79">Activating the Script on Solaris Systems</A>
+</UL>
+<A NAME="IDX2586"></A>
+<P><H3><A NAME="HDRWQ74" HREF="auqbg002.htm#ToC_81">Activating the Script on AIX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Edit the AIX initialization file, <B>/etc/inittab</B>, adding the
+following line to invoke the AFS initialization script. Place it just
+after the line that starts NFS daemons.
+<PRE>
+ rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS services
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc</B> directories.
+If you want to avoid potential confusion by guaranteeing that they are always
+the same, create a link between them. You can always retrieve the
+original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm rc.afs</B>
+
+ # <B>ln -s /etc/rc.afs</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
+</OL>
+<A NAME="IDX2587"></A>
+<P><H3><A NAME="HDRWQ75" HREF="auqbg002.htm#ToC_82">Activating the Script on Digital UNIX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the Digital UNIX startup and shutdown
+sequence.
+<PRE>
+ # <B>cd /sbin/init.d</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc3.d/S67afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc0.d/K66afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
+</OL>
+<A NAME="IDX2588"></A>
+<P><H3><A NAME="HDRWQ76" HREF="auqbg002.htm#ToC_83">Activating the Script on HP-UX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the HP-UX startup and shutdown sequence.
+<PRE>
+ # <B>cd /sbin/init.d</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/S460afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/K800afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
+</OL>
+<A NAME="IDX2589"></A>
+<P><H3><A NAME="HDRWQ77" HREF="auqbg002.htm#ToC_84">Activating the Script on IRIX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the IRIX startup and shutdown sequence.
+<PRE>
+ # <B>cd /etc/init.d</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc2.d/S35afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K35afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
+</OL>
+<A NAME="IDX2590"></A>
+<P><H3><A NAME="HDRWQ78" HREF="auqbg002.htm#ToC_85">Activating the Script on Linux Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afs</B>
+configuration variable. Based on the instruction in the AFS
+initialization file that begins with the string <TT>#chkconfig</TT>, the
+command automatically creates the symbolic links that incorporate the script
+into the Linux startup and shutdown sequence.
+<PRE>
+ # <B>/sbin/chkconfig --add afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and
+<B>/etc/rc.d/init.d</B> directories, and copies of the
+<B>afsd</B> options file in both the <B>/usr/vice/etc</B> and
+<B>/etc/sysconfig</B> directories. If you want to avoid potential
+confusion by guaranteeing that the two copies of each file are always the
+same, create a link between them. You can always retrieve the original
+script or options file from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc afs.conf</B>
+
+ # <B>ln -s /etc/rc.d/init.d/afs afs.rc</B>
+
+ # <B>ln -s /etc/sysconfig/afs afs.conf</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
+</OL>
+<A NAME="IDX2591"></A>
+<P><H3><A NAME="HDRWQ79" HREF="auqbg002.htm#ToC_86">Activating the Script on Solaris Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the Solaris startup and shutdown sequence.
+<PRE>
+ # <B>cd /etc/init.d</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc3.d/S99afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K66afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2592"></A>
+<A NAME="IDX2593"></A>
+<HR><H2><A NAME="HDRWQ80" HREF="auqbg002.htm#ToC_87">Configuring the Top Levels of the AFS Filespace</A></H2>
+<P>If you have not previously run AFS in your cell, you now
+configure the top levels of your cell's AFS filespace. If you have
+run a previous version of AFS, the filespace is already configured.
+Proceed to <A HREF="#HDRWQ83">Storing AFS Binaries in AFS</A>.
+<A NAME="IDX2594"></A>
+<A NAME="IDX2595"></A>
+<A NAME="IDX2596"></A>
+<P>You created the <B>root.afs</B> volume in <A HREF="#HDRWQ60">Starting the File Server, Volume Server, and Salvager</A>, and the Cache Manager mounted it automatically on the local
+<B>/afs</B> directory when you ran the AFS initialization script in <A HREF="#HDRWQ72">Verifying the AFS Initialization Script</A>. You now set the access control list (ACL) on the
+<B>/afs</B> directory; creating, mounting, and setting the ACL are
+the three steps required when creating any volume.
+<P>After setting the ACL on the <B>root.afs</B> volume, you create
+your cell's <B>root.cell</B> volume, mount it as a
+subdirectory of the <B>/afs</B> directory, and set the ACL. Create
+both a read/write and a regular mount point for the
+<B>root.cell</B> volume. The read/write mount point enables
+you to access the read/write version of replicated volumes when
+necessary. Creating both mount points essentially creates separate
+read-only and read-write copies of your filespace, and enables the Cache
+Manager to traverse the filespace on a read-only path or read/write path as
+appropriate. For further discussion of these concepts, see the chapter
+in the <I>IBM AFS Administration Guide</I> about administering
+volumes.
+<A NAME="IDX2597"></A>
+<A NAME="IDX2598"></A>
+<A NAME="IDX2599"></A>
+<P>Then replicate both the <B>root.afs</B> and
+<B>root.cell</B> volumes. This is required if you want to
+replicate any other volumes in your cell, because all volumes mounted above a
+replicated volume must themselves be replicated in order for the Cache Manager
+to access the replica.
+<P>When the <B>root.afs</B> volume is replicated, the Cache Manager
+is programmed to access its read-only version
+(<B>root.afs.readonly</B>) whenever possible. To make
+changes to the contents of the <B>root.afs</B> volume (when, for
+example, you mount another cell's <B>root.cell</B> volume at
+the second level in your filespace), you must mount the
+<B>root.afs</B> volume temporarily, make the changes, release the
+volume and remove the temporary mount point. For instructions, see <A HREF="#HDRWQ91">Enabling Access to Foreign Cells</A>.
+<A NAME="IDX2600"></A>
+<A NAME="IDX2601"></A>
+<A NAME="IDX2602"></A>
+<A NAME="IDX2603"></A>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs setacl</B> command to edit the ACL on the
+<B>/afs</B> directory. Add an entry that grants the <B>l</B>
+(<B>lookup</B>) and <B>r</B> (<B>read</B>) permissions to the
+<B>system:anyuser</B> group, to enable all AFS users who can reach
+your cell to traverse through the directory. If you prefer to enable
+access only to locally authenticated users, substitute the
+<B>system:authuser</B> group.
+<P>Note that there is already an ACL entry that grants all seven access rights
+to the <B>system:administrators</B> group. It is a default
+entry that AFS places on every new volume's root directory.
+<PRE>
+ # <B>/usr/afs/bin/fs setacl /afs system:anyuser rl</B>
+
+</PRE>
+<A NAME="IDX2604"></A>
+<A NAME="IDX2605"></A>
+<A NAME="IDX2606"></A>
+<A NAME="IDX2607"></A>
+<A NAME="IDX2608"></A>
+<A NAME="IDX2609"></A>
+<A NAME="IDX2610"></A>
+<P><LI><A NAME="LIWQ81"></A>Issue the <B>vos create</B> command to create the
+<B>root.cell</B> volume. Then issue the <B>fs
+mkmount</B> command to mount it as a subdirectory of the <B>/afs</B>
+directory, where it serves as the root of your cell's local AFS
+filespace. Finally, issue the <B>fs setacl</B> command to create an
+ACL entry for the <B>system:anyuser</B> group (or
+<B>system:authuser</B> group).
+<P>For the <VAR>partition name</VAR> argument, substitute the name of one of the
+machine's AFS server partitions (such as <B>/vicepa</B>). For
+the <VAR>cellname</VAR> argument, substitute your cell's fully-qualified
+Internet domain name (such as <B>abc.com</B>).
+<PRE>
+ # <B>/usr/afs/bin/vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>root.cell</B>
+
+ # <B>/usr/afs/bin/fs mkmount /afs/</B><VAR>cellname</VAR> <B>root.cell</B>
+
+ # <B>/usr/afs/bin/fs setacl /afs/</B><VAR>cellname</VAR> <B>system:anyuser rl</B>
+
+</PRE>
+<A NAME="IDX2611"></A>
+<A NAME="IDX2612"></A>
+<A NAME="IDX2613"></A>
+<P><LI><B>(Optional)</B> Create a symbolic link to a shortened cell name, to
+reduce the length of pathnames for users in the local cell. For
+example, in the <B>abc.com</B> cell, <B>/afs/abc</B> is a link
+to <B>/afs/abc.com</B>.
+<PRE>
+ # <B>cd /afs</B>
+
+ # <B>ln -s</B> <VAR>full_cellname</VAR> <VAR>short_cellname</VAR>
+
+</PRE>
+<A NAME="IDX2614"></A>
+<A NAME="IDX2615"></A>
+<A NAME="IDX2616"></A>
+<P><LI>Issue the <B>fs mkmount</B> command to create a read/write mount point
+for the <B>root.cell</B> volume (you created a regular mount point
+in Step <A HREF="#LIWQ81">2</A>).
+<P>By convention, the name of a read/write mount point begins with a period,
+both to distinguish it from the regular mount point and to make it visible
+only when the <B>-a</B> flag is used on the <B>ls</B> command.
+<P>Change directory to <B>/usr/afs/bin</B> to make it easier to access the
+command binaries.
+<PRE>
+ # <B>cd /usr/afs/bin</B>
+
+ # <B>./fs mkmount /afs/.</B><VAR>cellname</VAR> <B>root.cell -rw</B>
+
+</PRE>
+<A NAME="IDX2617"></A>
+<A NAME="IDX2618"></A>
+<A NAME="IDX2619"></A>
+<A NAME="IDX2620"></A>
+<P><LI><A NAME="LIWQ82"></A>Issue the <B>vos addsite</B> command to define a replication
+site for both the <B>root.afs</B> and <B>root.cell</B>
+volumes. In each case, substitute for the <VAR>partition name</VAR>
+argument the partition where the volume's read/write version
+resides. When you install additional file server machines, it is a good
+idea to create replication sites on them as well.
+<PRE>
+ # <B>./vos addsite</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>root.afs</B>
+
+ # <B>./vos addsite</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>root.cell</B>
+
+</PRE>
+<A NAME="IDX2621"></A>
+<A NAME="IDX2622"></A>
+<P><LI>Issue the <B>fs examine</B> command to verify that the Cache Manager
+can access both the <B>root.afs</B> and <B>root.cell</B>
+volumes, before you attempt to replicate them. The output lists each
+volume's name, volumeID number, quota, size, and the size of the
+partition that houses them. If you get an error message instead, do not
+continue before taking corrective action.
+<PRE>
+ # <B>./fs examine /afs</B>
+
+ # <B>./fs examine /afs/</B><VAR>cellname</VAR>
+
+</PRE>
+<A NAME="IDX2623"></A>
+<A NAME="IDX2624"></A>
+<A NAME="IDX2625"></A>
+<A NAME="IDX2626"></A>
+<P><LI>Issue the <B>vos release</B> command to release a replica of the
+<B>root.afs</B> and <B>root.cell</B> volumes to the
+sites you defined in Step <A HREF="#LIWQ82">5</A>.
+<PRE>
+ # <B>./vos release root.afs</B>
+
+ # <B>./vos release root.cell</B>
+
+</PRE>
+<A NAME="IDX2627"></A>
+<A NAME="IDX2628"></A>
+<P><LI>Issue the <B>fs checkvolumes</B> to force the Cache Manager to notice
+that you have released read-only versions of the volumes, then issue the
+<B>fs examine</B> command again. This time its output mentions the
+read-only version of the volumes (<B>root.afs.readonly</B>
+and <B>root.cell.readonly</B>) instead of the read/write
+versions, because of the Cache Manager's bias to access the read-only
+version of the <B>root.afs</B> volume if it exists.
+<PRE>
+ # <B>./fs checkvolumes</B>
+
+ # <B>./fs examine /afs</B>
+
+ # <B>./fs examine /afs/</B><VAR>cellname</VAR>
+
+</PRE>
+</OL>
+<A NAME="IDX2629"></A>
+<A NAME="IDX2630"></A>
+<A NAME="IDX2631"></A>
+<A NAME="IDX2632"></A>
+<A NAME="IDX2633"></A>
+<A NAME="IDX2634"></A>
+<HR><H2><A NAME="HDRWQ83" HREF="auqbg002.htm#ToC_88">Storing AFS Binaries in AFS</A></H2>
+<P>In the conventional configuration, you make AFS client
+binaries and configuration files available in the subdirectories of the
+<B>/usr/afsws</B> directory on client machines (<B>afsws</B> is an
+acronym for <B>AFS
+w</B><I>ork</I><B>s</B><I>tation</I>). You can conserve
+local disk space by creating <B>/usr/afsws</B> as a link to an AFS volume
+that houses the AFS client binaries and configuration files for this system
+type.
+<P>In this section you create the necessary volumes. The conventional
+location to which to link <B>/usr/afsws</B> is
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>,
+where <VAR>sysname</VAR> is the appropriate system type name as specified in the
+<I>IBM AFS Release Notes</I>. The instructions in <A HREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A> assume that you have followed the instructions in this
+section.
+<P>If you have previously run AFS in the cell, the volumes possibly already
+exist. If so, you need to perform Step <A HREF="#LIWQ86">8</A> only.
+<P>The current working directory is still <B>/usr/afs/bin</B>, which
+houses the <B>fs</B> and <B>vos</B> command suite binaries. In
+the following commands, it is possible you still need to specify the pathname
+to the commands, depending on how your PATH environment variable is
+set.
+<OL TYPE=1>
+<A NAME="IDX2635"></A>
+<A NAME="IDX2636"></A>
+<P><LI><A NAME="LIWQ84"></A>Issue the <B>vos create</B> command to create volumes for
+storing the AFS client binaries for this system type. The following
+example instruction creates volumes called <VAR>sysname</VAR>,
+<VAR>sysname</VAR>.<B>usr</B>, and
+<VAR>sysname</VAR>.<B>usr.afsws</B>. Refer to the
+<I>IBM AFS Release Notes</I> to learn the proper value of <VAR>sysname</VAR>
+for this system type.
+<PRE>
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR>
+
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR><B>.usr</B>
+
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR><B>.usr.afsws</B>
+
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command to mount the newly created
+volumes. Because the <B>root.cell</B> volume is replicated,
+you must precede the <I>cellname</I> part of the pathname with a period to
+specify the read/write mount point, as shown. Then issue the <B>vos
+release</B> command to release a new replica of the
+<B>root.cell</B> volume, and the <B>fs checkvolumes</B> command
+to force the local Cache Manager to access them.
+<PRE>
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR> <B>-vol</B> <VAR>sysname</VAR>
+
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr</B> <B>-vol</B> <VAR>sysname</VAR><B>.usr</B>
+
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B> <B>-vol</B> <VAR>sysname</VAR><B>.usr.afsws</B>
+
+ # <B>vos release root.cell</B>
+
+ # <B>fs checkvolumes</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command to grant the <B>l</B>
+(<B>lookup</B>) and <B>r</B> (<B>read</B>) permissions to the
+<B>system:anyuser</B> group on each new directory's ACL.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR>
+
+ # <B>fs setacl -dir . usr usr/afsws -acl system:anyuser rl</B>
+
+</PRE>
+<A NAME="IDX2637"></A>
+<A NAME="IDX2638"></A>
+<A NAME="IDX2639"></A>
+<A NAME="IDX2640"></A>
+<A NAME="IDX2641"></A>
+<P><LI><A NAME="LIWQ85"></A>Issue the <B>fs setquota</B> command to set an unlimited
+quota on the volume mounted at the
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+directory. This enables you to copy all of the appropriate files from
+the CD-ROM into the volume without exceeding the volume's quota.
+<P>If you wish, you can set the volume's quota to a finite value after
+you complete the copying operation. At that point, use the <B>vos
+examine</B> command to determine how much space the volume is
+occupying. Then issue the <B>fs setquota</B> command to set a quota
+that is slightly larger.
+<PRE>
+ # <B>fs setquota /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws 0</B>
+
+</PRE>
+<P><LI>Mount the AFS CD-ROM for this machine's system type on the local
+<B>/cdrom</B> directory, if it is not already. For instructions on
+mounting CD-ROMs (either locally or remotely via NFS), consult the operating
+system documentation.
+<A NAME="IDX2642"></A>
+<A NAME="IDX2643"></A>
+<A NAME="IDX2644"></A>
+<P><LI>Copy the contents of the indicated directories from the CD-ROM into the
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+directory.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/bin .</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/etc .</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/include .</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/lib .</B>
+
+</PRE>
+<A NAME="IDX2645"></A>
+<A NAME="IDX2646"></A>
+<P><LI>Issue the <B>fs setacl</B> command to set the ACL on each directory
+appropriately. To comply with the terms of your AFS License agreement,
+you must prevent unauthorized users from accessing AFS software. To
+enable access for locally authenticated users only, set the ACL on the
+<B>etc</B>, <B>include</B>, and <B>lib</B> subdirectories to grant
+the <B>l</B> and <B>r</B> permissions to the
+<B>system:authuser</B> group rather than the
+<B>system:anyuser</B> group. The
+<B>system:anyuser</B> group must retain the <B>l</B> and
+<B>r</B> permissions on the <B>bin</B> subdirectory to enable
+unauthenticated users to access the <B>klog</B> binary. To ensure
+that unauthorized users are not accessing AFS software, check periodically
+that the ACLs on these directories are set properly.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+
+ # <B>fs setacl -dir etc include lib -acl system:authuser rl</B> \
+ <B>system:anyuser none</B>
+
+</PRE>
+<A NAME="IDX2647"></A>
+<A NAME="IDX2648"></A>
+<P><LI><A NAME="LIWQ86"></A>Create <B>/usr/afsws</B> on the local disk as a symbolic
+link to the directory
+<B>/afs/</B><VAR>cellname</VAR><B>/@sys/usr/afsws</B>. You can
+specify the actual system name instead of <B>@sys</B> if you wish, but the
+advantage of using <B>@sys</B> is that it remains valid if you upgrade
+this machine to a different system type.
+<PRE>
+ # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/@sys/usr/afsws /usr/afsws</B>
+
+</PRE>
+<A NAME="IDX2649"></A>
+<A NAME="IDX2650"></A>
+<P><LI><B>(Optional)</B> To enable users to issue commands from the AFS
+suites (such as <B>fs</B>) without having to specify a pathname to their
+binaries, include the <B>/usr/afsws/bin</B> and <B>/usr/afsws/etc</B>
+directories in the PATH environment variable you define in each user's
+shell initialization file (such as <B>.cshrc</B>).
+</OL>
+<A NAME="IDX2651"></A>
+<A NAME="IDX2652"></A>
+<A NAME="IDX2653"></A>
+<A NAME="IDX2654"></A>
+<A NAME="IDX2655"></A>
+<A NAME="IDX2656"></A>
+<HR><H2><A NAME="HDRWQ87" HREF="auqbg002.htm#ToC_89">Storing AFS Documents in AFS</A></H2>
+<P>The AFS distribution includes the following documents:
+<UL>
+<P><LI><I>IBM AFS Release Notes</I>
+<P><LI><I>IBM AFS Quick Beginnings</I>
+<P><LI><I>IBM AFS User Guide</I>
+<P><LI><I>IBM AFS Administration Reference</I>
+<P><LI><I>IBM AFS Administration Guide</I>
+</UL>
+<P>The AFS CD-ROM for each system type has a top-level
+<B>Documentation</B> directory, with a subdirectory for each document
+format provided. The different formats are suitable for online viewing,
+printing, or both.
+<P>This section explains how to create and mount a volume to house the
+documents, making them available to your users. The recommended mount
+point for the volume is
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc</B>. If you wish, you
+can create a link to the mount point on each client machine's local disk,
+called <B>/usr/afsdoc</B>. Alternatively, you can create a link to
+the mount point in each user's home directory. You can also choose
+to permit users to access only certain documents (most probably, the <I>IBM
+AFS User Guide</I>) by creating different mount points or setting different
+ACLs on different document directories.
+<P>The current working directory is still <B>/usr/afs/bin</B>, which
+houses the <B>fs</B> and <B>vos</B> command suite binaries you use to
+create and mount volumes. In the following commands, it is possible you
+still need to specify the pathname to the commands, depending on how your PATH
+environment variable is set.
+<OL TYPE=1>
+<A NAME="IDX2657"></A>
+<A NAME="IDX2658"></A>
+<P><LI>Issue the <B>vos create</B> command to create a volume for storing the
+AFS documentation. Include the <B>-maxquota</B> argument to set an
+unlimited quota on the volume. This enables you to copy all of the
+appropriate files from the CD-ROM into the volume without exceeding the
+volume's quota.
+<P>If you wish, you can set the volume's quota to a finite value after
+you complete the copying operations. At that point, use the <B>vos
+examine</B> command to determine how much space the volume is
+occupying. Then issue the <B>fs setquota</B> command to set a quota
+that is slightly larger.
+<PRE>
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>afsdoc -maxquota 0</B>
+
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command to mount the new volume.
+Because the <B>root.cell</B> volume is replicated, you must precede
+the <I>cellname</I> with a period to specify the read/write mount point,
+as shown. Then issue the <B>vos release</B> command to release a
+new replica of the <B>root.cell</B> volume, and the <B>fs
+checkvolumes</B> command to force the local Cache Manager to access
+them.
+<PRE>
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/afsdoc</B> <B>-vol</B> <B>afsdoc</B>
+
+ # <B>vos release root.cell</B>
+
+ # <B>fs checkvolumes</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command to grant the <B>rl</B>
+permissions to the <B>system:anyuser</B> group on the new
+directory's ACL.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/afsdoc</B>
+
+ # <B>fs setacl . system:anyuser rl</B>
+
+</PRE>
+<P><LI>Mount the AFS CD-ROM for any system type on the local <B>/cdrom</B>
+directory, if one is not already. For instructions on mounting CD-ROMs
+(either locally or remotely via NFS), consult the operating system
+documentation.
+<A NAME="IDX2659"></A>
+<A NAME="IDX2660"></A>
+<A NAME="IDX2661"></A>
+<A NAME="IDX2662"></A>
+<A NAME="IDX2663"></A>
+<P><LI>Copy the AFS documents in one or more formats from the CD-ROM into
+subdirectories of the <B>/afs/</B><VAR>cellname</VAR><B>/afsdoc</B>
+directory. Repeat the commands for each format.
+<PRE>
+ # <B>mkdir</B> <VAR>format_name</VAR>
+
+ # <B>cd</B> <VAR>format_name</VAR>
+
+ # <B>cp -rp /cdrom/Documentation/</B><VAR>format</VAR> <B>.</B>
+</PRE>
+<P>If you choose to store the HTML version of the documents in AFS, note that
+in addition to a subdirectory for each document there are several files with a
+<B>.gif</B> extension, which enable readers to move easily between
+sections of a document. The file called <B>index.htm</B> is
+an introductory HTML page that contains a hyperlink to each of the
+documents. For online viewing to work properly, these files must remain
+in the top-level HTML directory (the one named, for example,
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/html</B>).
+<P><LI><B>(Optional)</B> If you believe it is helpful to your users to access
+the AFS documents in a certain format via a local disk directory, create
+<B>/usr/afsdoc</B> on the local disk as a symbolic link to the
+documentation directory in AFS
+(<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR>).
+<P>
+<PRE>
+ # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR> <B>/usr/afsdoc</B>
+</PRE>
+<P>An alternative is to create a link in each user's home directory to
+the <B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR>
+directory.
+</OL>
+<A NAME="IDX2664"></A>
+<A NAME="IDX2665"></A>
+<A NAME="IDX2666"></A>
+<A NAME="IDX2667"></A>
+<HR><H2><A NAME="HDRWQ88" HREF="auqbg002.htm#ToC_90">Storing System Binaries in AFS</A></H2>
+<P>You can also choose to store other system binaries in AFS
+volumes, such as the standard UNIX programs conventionally located in local
+disk directories such as <B>/etc</B>, <B>/bin</B>, and
+<B>/lib</B>. Storing such binaries in an AFS volume not only frees
+local disk space, but makes it easier to update binaries on all client
+machines.
+<P>The following is a suggested scheme for storing system binaries in
+AFS. It does not include instructions, but you can use the instructions
+in <A HREF="#HDRWQ83">Storing AFS Binaries in AFS</A> (which are for AFS-specific binaries) as a template.
+<P>Some files must remain on the local disk for use when AFS is inaccessible
+(during bootup and file server or network outages). The required
+binaries include the following:
+<UL>
+<P><LI>A text editor, network commands, and so on
+<P><LI>Files used during the boot sequence before the <B>afsd</B> program
+runs, such as initialization and configuration files, and binaries for
+commands that mount file systems
+<P><LI>Files used by dynamic kernel loader programs
+</UL>
+<P>In most cases, it is more secure to enable only locally authenticated users
+to access system binaries, by granting the <B>l</B> (<B>lookup</B>)
+and <B>r</B> (<B>read</B>) permissions to the
+<B>system:authuser</B> group on the ACLs of directories that contain
+the binaries. If users need to access a binary while unauthenticated,
+however, the ACL on its directory must grant those permissions to the
+<B>system:anyuser</B> group.
+<P>The following chart summarizes the suggested volume and mount point names
+for storing system binaries. It uses a separate volume for each
+directory. You already created a volume called <VAR>sysname</VAR> for
+this machine's system type when you followed the instructions in <A HREF="#HDRWQ83">Storing AFS Binaries in AFS</A>.
+<P>You can name volumes in any way you wish, and mount them at other locations
+than those suggested here. However, this scheme has several
+advantages:
+<UL>
+<P><LI>Volume names clearly identify volume contents
+<P><LI>Using the <VAR>sysname</VAR> prefix on every volume makes it is easy to back
+up all of the volumes together, because the AFS Backup System enables you to
+define sets of volumes based on a string included in all of their names
+<P><LI>It makes it easy to track related volumes, keeping them together on the
+same file server machine if desired
+<P><LI>There is a clear relationship between volume name and mount point name
+</UL>
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="30%"><B>Volume Name</B>
+</TH><TH ALIGN="LEFT" VALIGN="BOTTOM" WIDTH="70%"><B>Mount Point</B>
+</TH></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/bin</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/etc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.afsws</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/afsws</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/bin</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/etc</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.inc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/include</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.lib</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/lib</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.loc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/local</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.man</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/man</B>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="30%"><VAR>sysname</VAR>.<B>usr.sys</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="70%"><B>/afs/</B><VAR>cellname</VAR>/<VAR>sysname</VAR><B>/usr/sys</B>
+</TD></TR></TABLE>
+<P>
+<A NAME="IDX2668"></A>
+<A NAME="IDX2669"></A>
+<A NAME="IDX2670"></A>
+<A NAME="IDX2671"></A>
+<A NAME="IDX2672"></A>
+<A NAME="IDX2673"></A>
+<A NAME="IDX2674"></A>
+<HR><H2><A NAME="HDRWQ91" HREF="auqbg002.htm#ToC_91">Enabling Access to Foreign Cells</A></H2>
+<P>In this section you create a mount point in your AFS
+filespace for the <B>root.cell</B> volume of each foreign cell that
+you want to enable your users to access. For users working on a client
+machine to access the cell, there must in addition be an entry for it in the
+client machine's local <B>/usr/vice/etc/CellServDB</B> file.
+(The instructions in <A HREF="#HDRWQ66">Creating the Client CellServDB File</A> suggest that you use the <B>CellServDB.sample</B>
+file included in the AFS distribution as the basis for your cell's client
+<B>CellServDB</B> file. The sample file lists all of the cells that
+had agreed to participate in the AFS global namespace at the time your AFS
+CD-ROM was created. As mentioned in that section, the AFS Product
+Support group also maintains a copy of the file, updating it as
+necessary.)
+<P>The chapter in the <I>IBM AFS Administration Guide</I> about cell
+administration and configuration issues discusses the implications of
+participating in the global AFS namespace. The chapter about
+administering client machines explains how to maintain knowledge of foreign
+cells on client machines, and includes suggestions for maintaining a central
+version of the file in AFS.
+<OL TYPE=1>
+<P><LI>Issue the <B>fs mkmount</B> command to mount each foreign cell's
+<B>root.cell</B> volume on a directory called
+<B>/afs/</B><VAR>foreign_cell</VAR>. Because the
+<B>root.afs</B> volume is replicated, you must create a temporary
+mount point for its read/write version in a directory to which you have write
+access (such as your cell's <B>/afs/.</B><VAR>cellname</VAR>
+directory). Create the mount points, issue the <B>vos release</B>
+command to release new replicas to the read-only sites for the
+<B>root.afs</B> volume, and issue the <B>fs checkvolumes</B>
+command to force the local Cache Manager to access the new replica.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You need to issue the <B>fs mkmount</B> command only once for each
+foreign cell's <B>root.cell</B> volume. You do not need
+to repeat the command on each client machine.
+</TD></TR></TABLE>
+<P>Substitute your cell's name for <VAR>cellname</VAR>.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR>
+
+ # <B>/usr/afs/bin/fs mkmount temp root.afs</B>
+</PRE>
+<P>Repeat the <B>fs mkmount</B> command for each foreign cell you wish to
+mount at this time.
+<PRE>
+ # <B>/usr/afs/bin/fs mkmount temp/</B><VAR>foreign_cell</VAR> <B>root.cell -c</B> <VAR>foreign_cell</VAR>
+</PRE>
+<P>Issue the following commands only once.
+<PRE>
+ # <B>/usr/afs/bin/fs rmmount temp</B>
+
+ # <B>/usr/afs/bin/vos release root.afs</B>
+
+ # <B>/usr/afs/bin/fs checkvolumes</B>
+
+</PRE>
+<A NAME="IDX2675"></A>
+<A NAME="IDX2676"></A>
+<P><LI><A NAME="LIWQ92"></A>If this machine is going to remain an AFS client after you
+complete the installation, verify that the local
+<B>/usr/vice/etc/CellServDB</B> file includes an entry for each foreign
+cell.
+<P>For each cell that does not already have an entry, complete the following
+instructions:
+<OL TYPE=a>
+<P><LI>Create an entry in the <B>CellServDB</B> file. Be sure to
+comply with the formatting instructions in <A HREF="#HDRWQ66">Creating the Client CellServDB File</A>.
+<P><LI>Issue the <B>fs newcell</B> command to add an entry for the cell
+directly to the list that the Cache Manager maintains in kernel memory.
+Provide each database server machine's fully qualified hostname.
+<PRE>
+ # <B>/usr/afs/bin/fs newcell</B> <<VAR>foreign_cell</VAR>> <<VAR>dbserver1></VAR> \
+ [<<VAR>dbserver2></VAR>] [<<VAR>dbserver3></VAR>]
+
+</PRE>
+<P><LI>If you plan to maintain a central version of the <B>CellServDB</B>
+file (the conventional location is
+<B>/afs/</B><VAR>cellname</VAR><B>/common/etc/CellServDB</B>), create it
+now as a copy of the local <B>/usr/vice/etc/CellServDB</B> file.
+Verify that it includes an entry for each foreign cell you want your users to
+be able to access.
+<PRE>
+ # <B>mkdir common</B>
+
+ # <B>mkdir common/etc</B>
+
+ # <B>cp /usr/vice/etc/CellServDB common/etc</B>
+
+ # <B>/usr/afs/bin/vos release root.cell</B>
+
+</PRE>
+</OL>
+<P><LI>Issue the <B>ls</B> command to verify that the new cell's mount
+point is visible in your filespace. The output lists the directories at
+the top level of the new cell's AFS filespace.
+<PRE>
+ # <B>ls /afs/</B><VAR>foreign_cell</VAR>
+
+</PRE>
+<P><LI>Please register your cell with the AFS Product Support group at this
+time. If you do not want to participate in the global AFS namespace,
+they list your cell in a private <B>CellServDB</B> file that is not
+available to other AFS cells.
+</OL>
+<A NAME="IDX2677"></A>
+<A NAME="IDX2678"></A>
+<A NAME="IDX2679"></A>
+<A NAME="IDX2680"></A>
+<A NAME="IDX2681"></A>
+<A NAME="IDX2682"></A>
+<HR><H2><A NAME="HDRWQ93" HREF="auqbg002.htm#ToC_92">Improving Cell Security</A></H2>
+<P>This section discusses ways to improve the security of AFS
+data in your cell. Also see the chapter in the <I>IBM AFS
+Administration Guide</I> about configuration and administration
+issues.
+<P><H3><A NAME="HDRWQ94" HREF="auqbg002.htm#ToC_93">Controlling root Access</A></H3>
+<P>As on any machine, it is important to prevent unauthorized
+users from logging onto an AFS server or client machine as the local superuser
+<B>root</B>. Take care to keep the <B>root</B> password
+secret.
+<P>The local <B>root</B> superuser does not have special access to AFS
+data through the Cache Manager (as members of the
+<B>system:administrators</B> group do), but it does have the
+following privileges:
+<UL>
+<P><LI>On client machines, the ability to issue commands from the <B>fs</B>
+suite that affect AFS performance
+<P><LI>On server machines, the ability to disable authorization checking, or to
+install rogue process binaries
+</UL>
+<P><H3><A NAME="HDRWQ95" HREF="auqbg002.htm#ToC_94">Controlling System Administrator Access</A></H3>
+<P>Following are suggestions for managing AFS administrative
+privilege:
+<UL>
+<P><LI>Create an administrative account for each administrator named something
+like <VAR>username</VAR><B>.admin</B>. Administrators
+authenticate under these identities only when performing administrative tasks,
+and destroy the administrative tokens immediately after finishing the task
+(either by issuing the <B>unlog</B> command, or the <B>klog</B>
+command to adopt their regular identity).
+<P><LI>Set a short ticket lifetime for administrator accounts (for example, 20
+minutes) by using the <B>-lifetime</B> argument to the <B>kas
+setfields</B> command, which is described in the <I>IBM AFS Administration
+Reference</I>. Do not however, use a short lifetime for users who
+issue long-running <B>backup</B> commands.
+<P><LI>Limit the number of system administrators in your cell, especially those
+who belong to the <B>system:administrators</B> group. By
+default they have all ACL rights on all directories in the local AFS
+filespace, and therefore must be trusted not to examine private files.
+<P><LI>Limit the use of system administrator accounts on machines in public
+areas. It is especially important not to leave such machines unattended
+without first destroying the administrative tokens.
+<P><LI>Limit the use by administrators of standard UNIX commands that make
+connections to remote machines (such as the <B>telnet</B> utility).
+Many of these programs send passwords across the network without encrypting
+them.
+</UL>
+<A NAME="IDX2683"></A>
+<A NAME="IDX2684"></A>
+<A NAME="IDX2685"></A>
+<P><H3><A NAME="HDRWQ96" HREF="auqbg002.htm#ToC_95">Protecting Sensitive AFS Directories</A></H3>
+<P>Some subdirectories of the <B>/usr/afs</B> directory
+contain files crucial to cell security. Unauthorized users must not
+read or write to these files because of the potential for misuse of the
+information they contain.
+<P>As the BOS Server initializes for the first time on a server machine, it
+creates several files and directories (as mentioned in <A HREF="#HDRWQ50">Starting the BOS Server</A>). It sets their owner to the local superuser
+<B>root</B> and sets their mode bits to enable writing by the owner
+only; in some cases, it also restricts reading.
+<P>At each subsequent restart, the BOS Server checks that the owner and mode
+bits on these files are still set appropriately. If they are not, it
+write the following message to the <B>/usr/afs/logs/BosLog</B> file:
+<PRE>
+ Bosserver reports inappropriate access on server directories
+</PRE>
+<P>The BOS Server does not reset the mode bits, which enables you to set
+alternate values if you wish.
+<P>The following charts lists the expected mode bit settings. A
+question mark indicates that the BOS Server does not check that mode
+bit.
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/backup</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/bin</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/db</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/KeyFile</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>????<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/etc/UserList</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>-rw</TT>?????<TT>--</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/local</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwx</TT>???<TT>---</TT>
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><B>/usr/afs/logs</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="50%"><TT>drwxr</TT>?<TT>xr-x</TT>
+</TD></TR></TABLE>
+<P>
+<A NAME="IDX2686"></A>
+<A NAME="IDX2687"></A>
+<HR><H2><A NAME="HDRWQ98" HREF="auqbg002.htm#ToC_96">Removing Client Functionality</A></H2>
+<P>Follow the instructions in this section only if you do not
+wish this machine to remain an AFS client. Removing client
+functionality means that you cannot use this machine to access AFS
+files.
+<OL TYPE=1>
+<P><LI>Remove the files from the <B>/usr/vice/etc</B> directory. The
+command does not remove the directory for files used by the dynamic kernel
+loader program, if it exists on this system type. Those files are still
+needed on a server-only machine.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm * </B>
+
+ # <B>rm -rf C</B>
+
+</PRE>
+<P><LI>Create symbolic links to the <B>ThisCell</B> and <B>CellServDB</B>
+files in the <B>/usr/afs/etc</B> directory. This makes it possible
+to issue commands from the AFS command suites (such as <B>bos</B> and
+<B>fs</B>) on this machine.
+<PRE>
+ # <B>ln -s /usr/afs/etc/ThisCell ThisCell</B>
+
+ # <B>ln -s /usr/afs/etc/CellServDB CellServDB</B>
+
+</PRE>
+<P><LI>On IRIX systems, issue the <B>chkconfig</B> command to deactivate the
+<B>afsclient</B> configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsclient off</B>
+
+</PRE>
+<P><LI>Reboot the machine. Most system types use the <B>shutdown</B>
+command, but the appropriate options vary.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown</B> <VAR>appropriate_options</VAR>
+
+</PRE>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX2688"></A>
+<A NAME="IDX2689"></A>
+<A NAME="IDX2690"></A>
+<HR><H1><A NAME="HDRWQ99" HREF="auqbg002.htm#ToC_97">Installing Additional Server Machines</A></H1>
+<P>Instructions for the following procedures appear in the
+indicated section of this chapter.
+<UL>
+<P><LI><A HREF="#HDRWQ100">Installing an Additional File Server Machine</A>
+<P><LI><A HREF="#HDRWQ114">Installing Database Server Functionality</A>
+<P><LI><A HREF="#HDRWQ125">Removing Database Server Functionality</A>
+</UL>
+<P>The instructions make the following assumptions.
+<UL>
+<P><LI>You have already installed your cell's first file server machine by
+following the instructions in <A HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A>
+<P><LI>You are logged in as the local superuser <B>root</B>
+<P><LI>You are working at the console
+<P><LI>A standard version of one of the operating systems supported by the
+current version of AFS is running on the machine
+<P><LI>You can access the data on the AFS CD-ROMs, either through a local CD-ROM
+drive or via an NFS mount of a CD-ROM drive attached to a machine that is
+accessible by network
+</UL>
+<A NAME="IDX2691"></A>
+<HR><H2><A NAME="HDRWQ100" HREF="auqbg002.htm#ToC_98">Installing an Additional File Server Machine</A></H2>
+<P>The procedure for installing a new file server machine is
+similar to installing the first file server machine in your cell. There
+are a few parts of the installation that differ depending on whether the
+machine is the same AFS system type as an existing file server machine or is
+the first file server machine of its system type in your cell. The
+differences mostly concern the source for the needed binaries and files, and
+what portions of the Update Server you install:
+<UL>
+<P><LI>On a new system type, you must load files and binaries from the AFS
+CD-ROM. You install the server portion of the Update Server to make
+this machine the binary distribution machine for its system type.
+<P><LI>On an existing system type, you can copy files and binaries from a
+previously installed file server machine, rather than from the CD-ROM.
+You install the client portion of the Update Server to accept updates of
+binaries, because a previously installed machine of this type was installed as
+the binary distribution machine.
+</UL>
+<P>These instructions are brief; for more detailed information, refer to
+the corresponding steps in <A HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A>.
+<A NAME="IDX2692"></A>
+<P>To install a new file server machine, perform the following
+procedures:
+<OL TYPE=1>
+<P><LI>Copy needed binaries and files onto this machine's local disk
+<P><LI>Incorporate AFS modifications into the kernel
+<P><LI>Configure partitions for storing volumes
+<P><LI>Replace the standard <B>fsck</B> utility with the AFS-modified version
+on some system types
+<P><LI>Start the Basic OverSeer (BOS) Server
+<P><LI>Start the appropriate portion of the Update Server
+<P><LI>Start the <B>fs</B> process, which incorporates three component
+processes: the File Server, Volume Server, and Salvager
+<P><LI>Start the controller process (called <B>runntp</B>) for the Network
+Time Protocol Daemon, which synchronizes clocks
+</OL>
+<P>After completing the instructions in this section, you can install database
+server functionality on the machine according to the instructions in <A HREF="#HDRWQ114">Installing Database Server Functionality</A>.
+<A NAME="IDX2693"></A>
+<A NAME="IDX2694"></A>
+<A NAME="IDX2695"></A>
+<A NAME="IDX2696"></A>
+<A NAME="IDX2697"></A>
+<A NAME="IDX2698"></A>
+<A NAME="IDX2699"></A>
+<A NAME="IDX2700"></A>
+<A NAME="IDX2701"></A>
+<A NAME="IDX2702"></A>
+<A NAME="IDX2703"></A>
+<A NAME="IDX2704"></A>
+<A NAME="IDX2705"></A>
+<P><H3><A NAME="Header_99" HREF="auqbg002.htm#ToC_99">Creating AFS Directories and Performing Platform-Specific Procedures</A></H3>
+<P>Create the <B>/usr/afs</B> and <B>/usr/vice/etc</B> directories
+on the local disk. Subsequent instructions copy files from the AFS
+distribution CD-ROM into them, at the appropriate point for each system
+type.
+<PRE>
+ # <B>mkdir /usr/afs</B>
+
+ # <B>mkdir /usr/afs/bin</B>
+
+ # <B>mkdir /usr/vice</B>
+
+ # <B>mkdir /usr/vice/etc</B>
+
+ # <B>mkdir /cdrom</B>
+</PRE>
+<P>As on the first file server machine, the initial procedures in installing
+an additional file server machine vary a good deal from platform to
+platform. For convenience, the following sections group together all of
+the procedures for a system type. Most of the remaining procedures are
+the same on every system type, but differences are noted as
+appropriate. The initial procedures are the following.
+<UL>
+<P><LI>Incorporate AFS modifications into the kernel, either by using a dynamic
+kernel loader program or by building a new static kernel
+<P><LI>Configure server partitions to house AFS volumes
+<P><LI>Replace the operating system vendor's <B>fsck</B> program with a
+version that recognizes AFS data
+<A NAME="IDX2706"></A>
+<P><LI>If the machine is to remain an AFS client machine, modify the
+machine's authentication system so that users obtain an AFS token as they
+log into the local file system. (For this procedure only, the
+instructions direct you to the platform-specific section in <A HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A>.)
+</UL>
+<P>To continue, proceed to the section for this system type:
+<UL>
+<P><LI><A HREF="#HDRWQ101">Getting Started on AIX Systems</A>
+<P><LI><A HREF="#HDRWQ102">Getting Started on Digital UNIX Systems</A>
+<P><LI><A HREF="#HDRWQ103">Getting Started on HP-UX Systems</A>
+<P><LI><A HREF="#HDRWQ104">Getting Started on IRIX Systems</A>
+<P><LI><A HREF="#HDRWQ106">Getting Started on Linux Systems</A>
+<P><LI><A HREF="#HDRWQ107">Getting Started on Solaris Systems</A>
+</UL>
+<P><H4><A NAME="HDRWQ101">Getting Started on AIX Systems</A></H4>
+<P>Begin by running the AFS initialization script to call the
+AIX kernel extension facility, which dynamically loads AFS modifications into
+the kernel. Then configure partitions and replace the AIX
+<B>fsck</B> program with a version that correctly handles AFS
+volumes.
+<OL TYPE=1>
+<A NAME="IDX2707"></A>
+<A NAME="IDX2708"></A>
+<A NAME="IDX2709"></A>
+<A NAME="IDX2710"></A>
+<P><LI>Mount the AFS CD-ROM for AIX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your AIX documentation. Then change directory as
+indicated.
+<PRE>
+ # <B>cd /cdrom/rs_aix42/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/dkload</B> directory, and the AFS initialization script
+to the <B>/etc</B> directory.
+<PRE>
+ # <B>cp -rp dkload /usr/vice/etc</B>
+
+ # <B>cp -p rc.afs /etc/rc.afs</B>
+
+</PRE>
+<P><LI>Edit the <B>/etc/rc.afs</B> script, setting the <TT>NFS</TT>
+variable as indicated.
+<P>If the machine is not to function as an NFS/AFS Translator, set the
+<TT>NFS</TT> variable as follows.
+<PRE>
+ NFS=$NFS_NONE
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and is running AIX
+4.2.1 or higher, set the <TT>NFS</TT> variable as
+follows. Note that NFS must already be loaded into the kernel, which
+happens automatically on systems running AIX 4.1.1 and later, as
+long as the file <B>/etc/exports</B> exists.
+<PRE>
+ NFS=$NFS_IAUTH
+
+</PRE>
+<P><LI>Invoke the <B>/etc/rc.afs</B> script to load AFS modifications
+into the kernel. You can ignore any error messages about the inability
+to start the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/rc.afs</B>
+
+</PRE>
+<A NAME="IDX2711"></A>
+<A NAME="IDX2712"></A>
+<A NAME="IDX2713"></A>
+<A NAME="IDX2714"></A>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Use the <B>SMIT</B> program to create a journaling file system on each
+partition to be configured as an AFS server partition.
+<P><LI>Mount each partition at one of the <B>/vicep</B><VAR>xx</VAR>
+directories. Choose one of the following three methods:
+<UL>
+<P><LI>Use the <B>SMIT</B> program
+<P><LI>Use the <B>mount -a</B> command to mount all partitions at once
+<P><LI>Use the <B>mount</B> command on each partition in turn
+</UL>
+<P>Also configure the partitions so that they are mounted automatically at
+each reboot. For more information, refer to the AIX
+documentation.
+<A NAME="IDX2715"></A>
+<A NAME="IDX2716"></A>
+<A NAME="IDX2717"></A>
+<A NAME="IDX2718"></A>
+<P><LI>Move the AIX <B>fsck</B> program helper to a safe location and install
+the version from the AFS distribution in its place. The AFS CD-ROM must
+still be mounted at the <B>/cdrom</B> directory.
+<PRE>
+ # <B>cd /sbin/helpers</B>
+
+ # <B>mv v3fshelper v3fshelper.noafs</B>
+
+ # <B>cp -p /cdrom/rs_aix42/root.server/etc/v3fshelper v3fshelper</B>
+
+
+</PRE>
+<P><LI>If the machine is to remain an AFS client, incorporate AFS into its
+authentication system, following the instructions in <A HREF="auqbg005.htm#HDRWQ25">Enabling AFS Login on AIX Systems</A>.
+<P><LI>Proceed to <A HREF="#HDRWQ108">Starting Server Programs</A>.
+</OL>
+<P><H4><A NAME="HDRWQ102">Getting Started on Digital UNIX Systems</A></H4>
+<P>Begin by building AFS modifications into the kernel, then
+configure server partitions and replace the Digital UNIX <B>fsck</B>
+program with a version that correctly handles AFS volumes.
+<P>If the machine's hardware and software configuration exactly matches
+another Digital UNIX machine on which AFS is already built into the kernel,
+you can copy the kernel from that machine to this one. In general,
+however, it is better to build AFS modifications into the kernel on each
+machine according to the following instructions.
+<OL TYPE=1>
+<A NAME="IDX2719"></A>
+<A NAME="IDX2720"></A>
+<A NAME="IDX2721"></A>
+<A NAME="IDX2722"></A>
+<P><LI>Create a copy called <B>AFS</B> of the basic kernel configuration file
+included in the Digital UNIX distribution as
+<B>/usr/sys/conf/</B><VAR>machine_name</VAR>, where <VAR>machine_name</VAR> is
+the machine's hostname in all uppercase letters.
+<PRE>
+ # <B>cd /usr/sys/conf</B>
+
+ # <B>cp</B> <VAR>machine_name</VAR> <B>AFS</B>
+
+</PRE>
+<P><LI>Add AFS to the list of options in the configuration file you created in
+the previous step, so that the result looks like the following:
+<PRE> . .
+ . .
+ options UFS
+ options NFS
+ options AFS
+ . .
+ . .
+
+</PRE>
+<P><LI>Add an entry for AFS to two places in the file
+<B>/usr/sys/conf/files</B>.
+<UL>
+<P><LI>Add a line for AFS to the list of <TT>OPTIONS</TT>, so that the result
+looks like the following:
+<PRE> . . .
+ . . .
+ OPTIONS/nfs optional nfs
+ OPTIONS/afs optional afs
+ OPTIONS/nfs_server optional nfs_server
+ . . .
+ . . .
+
+</PRE>
+<P><LI>Add an entry for AFS to the list of <TT>MODULES</TT>, so that the result
+looks like the following:
+<PRE> . . . .
+ . . . .
+ #
+ MODULE/nfs_server optional nfs_server Binary
+ nfs/nfs_server.c module nfs_server optimize -g3
+ nfs/nfs3_server.c module nfs_server optimize -g3
+ #
+ MODULE/afs optional afs Binary
+ afs/libafs.c module afs
+ #
+
+</PRE>
+</UL>
+<P><LI>Add an entry for AFS to two places in the file
+<B>/usr/sys/vfs/vfs_conf.c</B>.
+<UL>
+<P><LI>Add AFS to the list of defined file systems, so that the result looks like
+the following:
+<PRE> . .
+ . .
+ #include <afs.h>
+ #if defined(AFS) && AFS
+ extern struct vfsops afs_vfsops;
+ #endif
+ . .
+ . .
+
+</PRE>
+<P><LI>Put a declaration for AFS in the <B>vfssw[]</B> table's
+MOUNT_ADDON slot, so that the result looks like the following:
+<PRE> . . .
+ . . .
+ &fdfs_vfsops, "fdfs", /* 12 = MOUNT_FDFS */
+ #if defined(AFS)
+ &afs_vfsops, "afs",
+ #else
+ (struct vfsops *)0, "", /* 13 = MOUNT_ADDON */
+ #endif
+ #if NFS && INFS_DYNAMIC
+ &nfs3_vfsops, "nfsv3", /* 14 = MOUNT_NFS3 */
+
+</PRE>
+</UL>
+<P><LI>Mount the AFS CD-ROM for Digital UNIX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Digital UNIX documentation. Then change
+directory as indicated.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/sbin/init.d</B> on Digital
+UNIX machines). Note the removal of the <B>.rc</B> extension
+as you copy the script.
+<PRE>
+ # <B>cp usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/sys/BINARY</B>
+directory.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp bin/libafs.o /usr/sys/BINARY/afs.mod</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod</B>
+
+</PRE>
+<P><LI>Configure and build the kernel. Respond to any prompts by pressing
+<<B>Return</B>>. The resulting kernel resides in the file
+<B>/sys/AFS/vmunix</B>.
+<PRE>
+ # <B>doconfig -c AFS</B>
+
+</PRE>
+<P><LI>Rename the existing kernel file and copy the new, AFS-modified file to the
+standard location.
+<PRE>
+ # <B>mv /vmunix /vmunix_noafs</B>
+
+ # <B>cp /sys/AFS/vmunix /vmunix</B>
+
+</PRE>
+<P><LI>Reboot the machine to start using the new kernel, and login again as the
+superuser <B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<A NAME="IDX2723"></A>
+<A NAME="IDX2724"></A>
+<A NAME="IDX2725"></A>
+<A NAME="IDX2726"></A>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/fstab</B>, for each directory just created. The entry maps
+the directory name to the disk partition to be mounted on it.
+<PRE>
+ /dev/<VAR>disk</VAR> /vicep<VAR>xx</VAR> ufs rw 0 2
+</PRE>
+<P>The following is an example for the first partition being
+configured.
+<PRE>
+ /dev/rz3a /vicepa ufs rw 0 2
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted at a
+<B>/vicep</B><VAR>xx</VAR> directory. The following command is
+probably appropriate, but consult the Digital UNIX documentation for more
+information.
+<PRE>
+ #<B> newfs -v /dev/</B><VAR>disk</VAR>
+
+</PRE>
+<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
+mount all partitions at once or the <B>mount</B> command to mount each
+partition in turn.
+<A NAME="IDX2727"></A>
+<A NAME="IDX2728"></A>
+<A NAME="IDX2729"></A>
+<A NAME="IDX2730"></A>
+<P><LI>Install the <B>vfsck</B> binary to the <B>/sbin</B> and
+<B>/usr/sbin</B> directories. The AFS CD-ROM must still be mounted
+at the <B>/cdrom</B> directory.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/root.server/etc</B>
+
+ # <B>cp vfsck /sbin/vfsck</B>
+
+ # <B>cp vfsck /usr/sbin/vfsck</B>
+
+</PRE>
+<P><LI>Rename the Digital UNIX <B>fsck</B> binaries and create symbolic links
+to the <B>vfsck</B> program.
+<PRE>
+ # <B>cd /sbin</B>
+
+ # <B>mv ufs_fsck ufs_fsck.noafs</B>
+
+ # <B>ln -s vfsck ufs_fsck</B>
+
+ # <B>cd /usr/sbin</B>
+
+ # <B>mv ufs_fsck ufs_fsck.noafs</B>
+
+ # <B>ln -s vfsck ufs_fsck</B>
+
+</PRE>
+<P><LI>If the machine is to remain an AFS client, incorporate AFS into its
+authentication system, following the instructions in <A HREF="auqbg005.htm#HDRWQ30">Enabling AFS Login on Digital UNIX Systems</A>.
+<P><LI>Proceed to <A HREF="#HDRWQ108">Starting Server Programs</A>.
+</OL>
+<P><H4><A NAME="HDRWQ103">Getting Started on HP-UX Systems</A></H4>
+<P>Begin by building AFS modifications into the kernel, then
+configure server partitions and replace the HP-UX <B>fsck</B> program with
+a version that correctly handles AFS volumes.
+<P>If the machine's hardware and software configuration exactly matches
+another HP-UX machine on which AFS is already built into the kernel, you can
+copy the kernel from that machine to this one. In general, however, it
+is better to build AFS modifications into the kernel on each machine according
+to the following instructions.
+<OL TYPE=1>
+<A NAME="IDX2731"></A>
+<A NAME="IDX2732"></A>
+<A NAME="IDX2733"></A>
+<A NAME="IDX2734"></A>
+<P><LI>Move the existing kernel-related files to a safe location.
+<PRE>
+ # <B>cp /stand/vmunix /stand/vmunix.noafs</B>
+
+ # <B>cp /stand/system /stand/system.noafs</B>
+
+</PRE>
+<P><LI>Mount the AFS CD-ROM for HP-UX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your HP-UX documentation. Then change directory
+as indicated.
+<PRE>
+ # <B>cd /cdrom/hp_ux110/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization file to the local directory for initialization
+files (by convention, <B>/sbin/init.d</B> on HP-UX
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the file.
+<PRE>
+ # <B>cp usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the file <B>afs.driver</B> to the local
+<B>/usr/conf/master.d</B> directory, changing its name to
+<B>afs</B> as you do.
+<PRE>
+ # <B>cp usr/vice/etc/afs.driver /usr/conf/master.d/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/conf/lib</B>
+directory.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp bin/libafs.a /usr/conf/lib</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server functionality,
+change the file's name as you copy it:
+<PRE>
+ # <B>cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a</B>
+
+</PRE>
+<P><LI>Incorporate the AFS driver into the kernel, either using the
+<B>SAM</B> program or a series of individual commands.
+<UL>
+<P><LI>To use the <B>SAM</B> program:
+<OL TYPE=a>
+<P><LI>Invoke the <B>SAM</B> program, specifying the hostname of the local
+machine as <VAR>local_hostname</VAR>. The <B>SAM</B> graphical user
+interface pops up.
+<PRE>
+ # <B>sam -display</B> <VAR>local_hostname</VAR><B>:0</B>
+
+</PRE>
+<P><LI>Choose the <B>Kernel Configuration</B> icon, then the
+<B>Drivers</B> icon. From the list of drivers, select
+<B>afs</B>.
+<P><LI>Open the pull-down <B>Actions</B> menu and choose the <B>Add Driver
+to Kernel</B> option.
+<P><LI>Open the <B>Actions</B> menu again and choose the <B>Create a New
+Kernel</B> option.
+<P><LI>Confirm your choices by choosing <B>Yes</B> and <B>OK</B> when
+prompted by subsequent pop-up windows. The <B>SAM</B> program
+builds the kernel and reboots the system.
+<P><LI>Login again as the superuser <B>root</B>.
+<PRE>
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+<P><LI>To use individual commands:
+<OL TYPE=a>
+<P><LI>Edit the file <B>/stand/system</B>, adding an entry for <B>afs</B>
+to the <TT>Subsystems</TT> section.
+<P><LI>Change to the <B>/stand/build</B> directory and issue the
+<B>mk_kernel</B> command to build the kernel.
+<PRE>
+ # <B>cd /stand/build</B>
+
+ # <B>mk_kernel</B>
+
+</PRE>
+<P><LI>Move the new kernel to the standard location (<B>/stand/vmunix</B>),
+reboot the machine to start using it, and login again as the superuser
+<B>root</B>.
+<PRE>
+ # <B>mv /stand/build/vmunix_test /stand/vmunix</B>
+
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+</UL>
+<A NAME="IDX2735"></A>
+<A NAME="IDX2736"></A>
+<A NAME="IDX2737"></A>
+<A NAME="IDX2738"></A>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Use the <B>SAM</B> program to create a file system on each
+partition. For instructions, consult the HP-UX documentation.
+<P><LI>On some HP-UX systems that use logical volumes, the <B>SAM</B> program
+automatically mounts the partitions. If it has not, mount each
+partition by issuing either the <B>mount -a</B> command to mount all
+partitions at once or the <B>mount</B> command to mount each partition in
+turn.
+<A NAME="IDX2739"></A>
+<A NAME="IDX2740"></A>
+<A NAME="IDX2741"></A>
+<A NAME="IDX2742"></A>
+<P><LI>Create the command configuration file
+<B>/sbin/lib/mfsconfig.d/afs</B>. Use a text editor to place
+the indicated two lines in it:
+<PRE>
+ format_revision 1
+ fsck 0 m,P,p,d,f,b:c:y,n,Y,N,q,
+
+</PRE>
+<P><LI>Create and change directory to an AFS-specific command directory called
+<B>/sbin/fs/afs</B>.
+<PRE>
+ # <B>mkdir /sbin/fs/afs</B>
+
+ # <B>cd /sbin/fs/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS-modified version of the <B>fsck</B> program (the
+<B>vfsck</B> binary) and related files from the distribution directory to
+the new AFS-specific command directory.
+<PRE>
+ # <B>cp -p /cdrom/hp_ux110/root.server/etc/* .</B>
+
+</PRE>
+<P><LI>Change the <B>vfsck</B> binary's name to <B>fsck</B> and set
+the mode bits appropriately on all of the files in the <B>/sbin/fs/afs</B>
+directory.
+<PRE>
+ # <B>mv vfsck fsck</B>
+
+ # <B>chmod 755 *</B>
+
+</PRE>
+<P><LI>Edit the <B>/etc/fstab</B> file, changing the file system type for
+each AFS server partition from <TT>hfs</TT> to <TT>afs</TT>. This
+ensures that the AFS-modified <B>fsck</B> program runs on the appropriate
+partitions.
+<P>The sixth line in the following example of an edited file shows an AFS
+server partition, <B>/vicepa</B>.
+<PRE>
+ /dev/vg00/lvol1 / hfs defaults 0 1
+ /dev/vg00/lvol4 /opt hfs defaults 0 2
+ /dev/vg00/lvol5 /tmp hfs defaults 0 2
+ /dev/vg00/lvol6 /usr hfs defaults 0 2
+ /dev/vg00/lvol8 /var hfs defaults 0 2
+ /dev/vg00/lvol9 /vicepa afs defaults 0 2
+ /dev/vg00/lvol7 /usr/vice/cache hfs defaults 0 2
+
+</PRE>
+<P><LI>If the machine is to remain an AFS client, incorporate AFS into its
+authentication system, following the instructions in <A HREF="auqbg005.htm#HDRWQ35">Enabling AFS Login on HP-UX Systems</A>.
+<P><LI>Proceed to <A HREF="#HDRWQ108">Starting Server Programs</A>.
+</OL>
+<P><H4><A NAME="HDRWQ104">Getting Started on IRIX Systems</A></H4>
+<P>Begin by incorporating AFS modifications into the
+kernel. Either use the <B>ml</B> dynamic loader program, or build a
+static kernel. Then configure partitions to house AFS volumes.
+AFS supports use of both EFS and XFS partitions for housing AFS
+volumes. SGI encourages use of XFS partitions.
+<A NAME="IDX2743"></A>
+<A NAME="IDX2744"></A>
+<P>You do not need to replace IRIX <B>fsck</B> program, because the
+version that SGI distributes handles AFS volumes properly.
+<OL TYPE=1>
+<A NAME="IDX2745"></A>
+<A NAME="IDX2746"></A>
+<A NAME="IDX2747"></A>
+<P><LI>Prepare for incorporating AFS into the kernel by performing the following
+procedures.
+<OL TYPE=a>
+<P><LI>Mount the AFS CD-ROM for IRIX on the <B>/cdrom</B> directory.
+For instructions on mounting CD-ROMs (either locally or remotely via NFS), see
+your IRIX documentation. Then change directory as indicated.
+<PRE>
+ # <B>cd /cdrom/sgi_65/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/init.d</B> on IRIX
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the script.
+<PRE>
+ # <B>cp -p usr/vice/etc/afs.rc /etc/init.d/afs</B>
+
+</PRE>
+<P><LI>Issue the <B>uname -m</B> command to determine the machine's CPU
+board type. The <B>IP</B><VAR>xx</VAR> value in the output must match
+one of the supported CPU board types listed in the <I>IBM AFS Release
+Notes</I> for the current version of AFS.
+<PRE>
+ # <B>uname -m</B>
+
+</PRE>
+</OL>
+<P><LI>Incorporate AFS into the kernel, either using the <B>ml</B> program or
+by building AFS modifications into a static kernel.
+<UL>
+<A NAME="IDX2748"></A>
+<P><LI>To use the <B>ml</B> program:
+<A NAME="IDX2749"></A>
+<A NAME="IDX2750"></A>
+<A NAME="IDX2751"></A>
+<A NAME="IDX2752"></A>
+<A NAME="IDX2753"></A>
+<A NAME="IDX2754"></A>
+<OL TYPE=a>
+<P><LI>Create the local <B>/usr/vice/etc/sgiload</B> directory to house the
+AFS kernel library file.
+<PRE>
+ # <B>mkdir /usr/vice/etc/sgiload</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the
+<B>/usr/vice/etc/sgiload</B> directory. The
+<B>IP</B><VAR>xx</VAR> portion of the library file name must match the value
+previously returned by the <B>uname -m</B> command. Also choose the
+file appropriate to whether the machine's kernel supports NFS server
+functionality (NFS must be supported for the machine to act as an NFS/AFS
+Translator). Single- and multiprocessor machines use the same library
+file.
+<P>(You can choose to copy all of the kernel library files into the <B>
+/usr/vice/etc/sgiload</B> directory, but they require a significant amount
+of space.)
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp -p usr/vice/etc/sgiload/libafs.IP</B><VAR>xx</VAR><B>.o /usr/vice/etc/sgiload</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp -p usr/vice/etc/sgiload/libafs.IP</B><VAR>xx</VAR><B>.nonfs.o</B> \
+ <B>/usr/vice/etc/sgiload</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afsml</B>
+configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsml on</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and the kernel
+supports NFS server functionality, activate the <B>afsxnfs</B>
+variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+
+</PRE>
+<P><LI>Run the <B>/etc/init.d/afs</B> script to load AFS extensions
+into the kernel. The script invokes the <B>ml</B> command,
+automatically determining which kernel library file to use based on this
+machine's CPU type and the activation state of the <B>afsxnfs</B>
+variable.
+<P>You can ignore any error messages about the inability to start the BOS
+Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Proceed to Step <A HREF="#LIWQ105">3</A>.
+</OL>
+<A NAME="IDX2755"></A>
+<P><LI>If you prefer to build a kernel, and the machine's hardware and
+software configuration exactly matches another IRIX machine on which AFS is
+already built into the kernel, you can copy the kernel from that machine to
+this one. In general, however, it is better to build AFS modifications
+into the kernel on each machine according to the following
+instructions.
+<OL TYPE=a>
+<P><LI>Copy the kernel initialization file <B>afs.sm</B> to the local
+<B>/var/sysgen/system</B> directory, and the kernel master file
+<B>afs</B> to the local <B>/var/sysgen/master.d</B>
+directory.
+<PRE>
+ # <B>cp -p bin/afs.sm /var/sysgen/system</B>
+
+ # <B>cp -p bin/afs /var/sysgen/master.d</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/var/sysgen/boot/afs.a</B>; the <B>IP</B><VAR>xx</VAR>
+portion of the library file name must match the value previously returned by
+the <B>uname -m</B> command. Also choose the file appropriate to
+whether the machine's kernel supports NFS server functionality (NFS must
+be supported for the machine to act as an NFS/AFS Translator). Single-
+and multiprocessor machines use the same library file.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp -p bin/libafs.IP</B><VAR>xx</VAR><B>.a /var/sysgen/boot/afs.a</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp -p bin/libafs.IP</B><VAR>xx</VAR><B>.nonfs.a /var/sysgen/boot/afs.a</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to deactivate the <B>afsml</B>
+configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsml off</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and the kernel
+supports NFS server functionality, activate the <B>afsxnfs</B>
+variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+
+</PRE>
+<P><LI>Copy the existing kernel file, <B>/unix</B>, to a safe
+location. Compile the new kernel, which is created in the file
+<B>/unix.install</B>. It overwrites the existing
+<B>/unix</B> file when the machine reboots in the next step.
+<PRE>
+ # <B>cp /unix /unix_noafs</B>
+
+ # <B>autoconfig</B>
+
+</PRE>
+<P><LI>Reboot the machine to start using the new kernel, and login again as the
+superuser <B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+</UL>
+<A NAME="IDX2756"></A>
+<A NAME="IDX2757"></A>
+<A NAME="IDX2758"></A>
+<A NAME="IDX2759"></A>
+<P><LI><A NAME="LIWQ105"></A>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each
+AFS server partition you are configuring (there must be at least one).
+Repeat the command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/fstab</B>, for each partition (or logical volume created with the
+XLV volume manager) to be mounted on one of the directories created in the
+previous step.
+<P>For an XFS partition or logical volume:
+<PRE>
+ /dev/dsk/<VAR>disk</VAR> /vicep<VAR>xx</VAR> xfs rw,raw=/dev/rdsk/<VAR>disk</VAR> 0 0
+</PRE>
+<P>For an EFS partition:
+<PRE>
+ /dev/dsk/<VAR>disk</VAR> /vicep<VAR>xx</VAR> efs rw,raw=/dev/rdsk/<VAR>disk</VAR> 0 0
+</PRE>
+<P>The following are examples of an entry for each file system type:
+<PRE>
+ /dev/dsk/dks0d2s6 /vicepa xfs rw,raw=/dev/rdsk/dks0d2s6 0 0
+ /dev/dsk/dks0d3s1 /vicepb efs rw,raw=/dev/rdsk/dks0d3s1 0 0
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted on a
+<B>/vicep</B><VAR>xx</VAR> directory. The following commands are
+probably appropriate, but consult the IRIX documentation for more
+information. In both cases, <VAR>raw_device</VAR> is a raw device name
+like <B>/dev/rdsk/dks0d0s0</B> for a single disk partition or
+<B>/dev/rxlv/xlv0</B> for a logical volume.
+<P>For XFS file systems, include the indicated options to configure the
+partition or logical volume with inodes large enough to accommodate
+AFS-specific information:
+<PRE>
+ # <B>mkfs -t xfs -i size=512 -l size=4000b</B> <VAR>raw_device</VAR>
+</PRE>
+<P>For EFS file systems:
+<PRE>
+ # <B>mkfs -t efs</B> <VAR>raw_device</VAR>
+
+</PRE>
+<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
+mount all partitions at once or the <B>mount</B> command to mount each
+partition in turn.
+<P><LI><B>(Optional)</B> If you have configured partitions or logical volumes
+to use XFS, issue the following command to verify that the inodes are
+configured properly (are large enough to accommodate AFS-specific
+information). If the configuration is correct, the command returns no
+output. Otherwise, it specifies the command to run in order to
+configure each partition or logical volume properly.
+<PRE>
+ # <B>/usr/afs/bin/xfs_size_check</B>
+
+</PRE>
+<P><LI>If the machine is to remain an AFS client, incorporate AFS into its
+authentication system, following the instructions in <A HREF="auqbg005.htm#HDRWQ40">Enabling AFS Login on IRIX Systems</A>.
+<P><LI>Proceed to <A HREF="#HDRWQ108">Starting Server Programs</A>.
+</OL>
+<P><H4><A NAME="HDRWQ106">Getting Started on Linux Systems</A></H4>
+<A NAME="IDX2760"></A>
+<A NAME="IDX2761"></A>
+<P>Begin by running the AFS initialization script to call the
+<B>insmod</B> program, which dynamically loads AFS modifications into the
+kernel. Then create partitions for storing AFS volumes. You do
+not need to replace the Linux <B>fsck</B> program.
+<OL TYPE=1>
+<A NAME="IDX2762"></A>
+<A NAME="IDX2763"></A>
+<A NAME="IDX2764"></A>
+<A NAME="IDX2765"></A>
+<P><LI>Mount the AFS CD-ROM for Linux on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Linux documentation. Then change directory
+as indicated.
+<PRE>
+ # <B>cd /cdrom/i386_linux22/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/modload</B> directory. The filenames for the
+libraries have the format
+<B>libafs-</B><VAR>version</VAR><B>.o</B>, where <VAR>version</VAR>
+indicates the kernel build level. The string <B>.mp</B> in
+the <VAR>version</VAR> indicates that the file is appropriate for machines
+running a multiprocessor kernel.
+<PRE>
+ # <B>cp -rp modload /usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/rc.d/init.d</B>
+on Linux machines). Note the removal of the <B>.rc</B>
+extension as you copy the script.
+<PRE>
+ # <B>cp -p afs.rc /etc/rc.d/init.d/afs</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script to load AFS extensions into the
+kernel. You can ignore any error messages about the inability to start
+the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/rc.d/init.d/afs start</B>
+
+</PRE>
+<A NAME="IDX2766"></A>
+<A NAME="IDX2767"></A>
+<A NAME="IDX2768"></A>
+<A NAME="IDX2769"></A>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/fstab</B>, for each directory just created. The entry maps
+the directory name to the disk partition to be mounted on it.
+<PRE>
+ /dev/<VAR>disk</VAR> /vicep<VAR>xx</VAR> ext2 defaults 0 2
+</PRE>
+<P>The following is an example for the first partition being
+configured.
+<PRE>
+ /dev/sda8 /vicepa ext2 defaults 0 2
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted at a
+<B>/vicep</B><VAR>xx</VAR> directory. The following command is
+probably appropriate, but consult the Linux documentation for more
+information.
+<PRE>
+ #<B> mkfs -v /dev/</B><VAR>disk</VAR>
+
+</PRE>
+<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
+mount all partitions at once or the <B>mount</B> command to mount each
+partition in turn.
+<P><LI>If the machine is to remain an AFS client, incorporate AFS into its
+authentication system, following the instructions in <A HREF="auqbg005.htm#HDRWQ44">Enabling AFS Login on Linux Systems</A>.
+<P><LI>Proceed to <A HREF="#HDRWQ108">Starting Server Programs</A>.
+</OL>
+<P><H4><A NAME="HDRWQ107">Getting Started on Solaris Systems</A></H4>
+<P>Begin by running the AFS initialization script to call the
+<B>modload</B> program, which dynamically loads AFS modifications into the
+kernel. Then configure partitions and replace the Solaris
+<B>fsck</B> program with a version that correctly handles AFS
+volumes.
+<OL TYPE=1>
+<A NAME="IDX2770"></A>
+<A NAME="IDX2771"></A>
+<A NAME="IDX2772"></A>
+<A NAME="IDX2773"></A>
+<P><LI>Mount the AFS CD-ROM for Solaris on the <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Solaris documentation. Then change
+directory as indicated.
+<PRE>
+ # <B>cd /cdrom/sun4x_56/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/init.d</B> on Solaris
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the script.
+<PRE>
+ # <B>cp -p afs.rc /etc/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/kernel/fs/afs</B>.
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7, its kernel supports NFS server functionality, and the
+<B>nfsd</B> process is running:
+<PRE>
+ # <B>cp -p modload/libafs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7, and its kernel does not support NFS server functionality or the
+<B>nfsd</B> process is not running:
+<PRE>
+ # <B>cp -p modload/libafs.nonfs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7, its kernel
+supports NFS server functionality, and the <B>nfsd</B> process is
+running:
+<PRE>
+ # <B>cp -p modload/libafs64.o /kernel/fs/sparcv9/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7, and its
+kernel does not support NFS server functionality or the <B>nfsd</B>
+process is not running:
+<PRE>
+ # <B>cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script to load AFS modifications into the
+kernel. You can ignore any error messages about the inability to start
+the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+</PRE>
+<P>When an entry called <TT>afs</TT> does not already exist in the local
+<B>/etc/name_to_sysnum</B> file, the script automatically creates it and
+reboots the machine to start using the new version of the file. If this
+happens, log in again as the superuser <B>root</B> after the reboot and
+run the initialization script again. This time the required entry
+exists in the <B>/etc/name_to_sysnum</B> file, and the <B>modload</B>
+program runs.
+<PRE>
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<A NAME="IDX2774"></A>
+<A NAME="IDX2775"></A>
+<A NAME="IDX2776"></A>
+<A NAME="IDX2777"></A>
+<P><LI>Create the <B>/usr/lib/fs/afs</B> directory to house the AFS-modified
+<B>fsck</B> program and related files.
+<PRE>
+ # <B>mkdir /usr/lib/fs/afs</B>
+
+ # <B>cd /usr/lib/fs/afs</B>
+
+</PRE>
+<P><LI>Copy the <B>vfsck</B> binary to the newly created directory, changing
+the name as you do so.
+<PRE>
+ # <B>cp /cdrom/sun4x_56/root.server/etc/vfsck fsck</B>
+
+</PRE>
+<P><LI>Working in the <B>/usr/lib/fs/afs</B> directory, create the following
+links to Solaris libraries:
+<PRE>
+ # <B>ln -s /usr/lib/fs/ufs/clri</B>
+ # <B>ln -s /usr/lib/fs/ufs/df</B>
+ # <B>ln -s /usr/lib/fs/ufs/edquota</B>
+ # <B>ln -s /usr/lib/fs/ufs/ff</B>
+ # <B>ln -s /usr/lib/fs/ufs/fsdb</B>
+ # <B>ln -s /usr/lib/fs/ufs/fsirand</B>
+ # <B>ln -s /usr/lib/fs/ufs/fstyp</B>
+ # <B>ln -s /usr/lib/fs/ufs/labelit</B>
+ # <B>ln -s /usr/lib/fs/ufs/lockfs</B>
+ # <B>ln -s /usr/lib/fs/ufs/mkfs</B>
+ # <B>ln -s /usr/lib/fs/ufs/mount</B>
+ # <B>ln -s /usr/lib/fs/ufs/ncheck</B>
+ # <B>ln -s /usr/lib/fs/ufs/newfs</B>
+ # <B>ln -s /usr/lib/fs/ufs/quot</B>
+ # <B>ln -s /usr/lib/fs/ufs/quota</B>
+ # <B>ln -s /usr/lib/fs/ufs/quotaoff</B>
+ # <B>ln -s /usr/lib/fs/ufs/quotaon</B>
+ # <B>ln -s /usr/lib/fs/ufs/repquota</B>
+ # <B>ln -s /usr/lib/fs/ufs/tunefs</B>
+ # <B>ln -s /usr/lib/fs/ufs/ufsdump</B>
+ # <B>ln -s /usr/lib/fs/ufs/ufsrestore</B>
+ # <B>ln -s /usr/lib/fs/ufs/volcopy</B>
+
+</PRE>
+<P><LI>Append the following line to the end of the file
+<B>/etc/dfs/fstypes</B>.
+<PRE>
+ afs AFS Utilities
+
+</PRE>
+<P><LI>Edit the <B>/sbin/mountall</B> file, making two changes.
+<UL>
+<P><LI>Add an entry for AFS to the <TT>case</TT> statement for option 2, so
+that it reads as follows:
+<PRE>
+ case "$2" in
+ ufs) foptions="-o p"
+ ;;
+ afs) foptions="-o p"
+ ;;
+ s5) foptions="-y -t /var/tmp/tmp$$ -D"
+ ;;
+ *) foptions="-y"
+ ;;
+
+</PRE>
+<P><LI>Edit the file so that all AFS and UFS partitions are checked in
+parallel. Replace the following section of code:
+<PRE>
+ # For fsck purposes, we make a distinction between ufs and
+ # other file systems
+ #
+ if [ "$fstype" = "ufs" ]; then
+ ufs_fscklist="$ufs_fscklist $fsckdev"
+ saveentry $fstype "$OPTIONS" $special $mountp
+ continue
+ fi
+</PRE>
+<P>with the following section of code:
+<PRE>
+ # For fsck purposes, we make a distinction between ufs/afs
+ # and other file systems.
+ #
+ if [ "$fstype" = "ufs" -o "$fstype" = "afs" ]; then
+ ufs_fscklist="$ufs_fscklist $fsckdev"
+ saveentry $fstype "$OPTIONS" $special $mountp
+ continue
+ fi
+
+</PRE>
+</UL>
+<A NAME="IDX2778"></A>
+<A NAME="IDX2779"></A>
+<A NAME="IDX2780"></A>
+<A NAME="IDX2781"></A>
+<P><LI>Create a directory called <B>/vicep</B><VAR>xx</VAR> for each AFS server
+partition you are configuring (there must be at least one). Repeat the
+command for each partition.
+<PRE>
+ # <B>mkdir /vicep</B><VAR>xx</VAR>
+
+</PRE>
+<P><LI>Add a line with the following format to the file systems registry file,
+<B>/etc/vfstab</B>, for each partition to be mounted on a directory
+created in the previous step. Note the value <TT>afs</TT> in the
+fourth field, which tells Solaris to use the AFS-modified <B>fsck</B>
+program on this partition.
+<PRE>
+ /dev/dsk/<VAR>disk</VAR> /dev/rdsk/<VAR>disk</VAR> /vicep<VAR>xx</VAR> afs <VAR>boot_order</VAR> yes
+</PRE>
+<P>The following is an example for the first partition being
+configured.
+<PRE>
+ /dev/dsk/c0t6d0s1 /dev/rdsk/c0t6d0s1 /vicepa afs 3 yes
+
+</PRE>
+<P><LI>Create a file system on each partition that is to be mounted at a
+<B>/vicep</B><VAR>xx</VAR> directory. The following command is
+probably appropriate, but consult the Solaris documentation for more
+information.
+<PRE>
+ # <B>newfs -v /dev/rdsk/</B><VAR>disk</VAR>
+
+</PRE>
+<P><LI>Issue the <B>mountall</B> command to mount all partitions at
+once.
+<P><LI>If the machine is to remain an AFS client, incorporate AFS into its
+authentication system, following the instructions in <A HREF="auqbg005.htm#HDRWQ49">Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems</A>.
+<P><LI>Proceed to <A HREF="#HDRWQ108">Starting Server Programs</A>.
+</OL>
+<A NAME="IDX2782"></A>
+<A NAME="IDX2783"></A>
+<P><H3><A NAME="HDRWQ108" HREF="auqbg002.htm#ToC_106">Starting Server Programs</A></H3>
+<P>In this section you initialize the BOS Server, the Update
+Server, the controller process for NTPD, and the <B>fs</B> process.
+You begin by copying the necessary server files to the local disk.
+<OL TYPE=1>
+<A NAME="IDX2784"></A>
+<A NAME="IDX2785"></A>
+<A NAME="IDX2786"></A>
+<P><LI>Copy file server binaries to the local <B>/usr/afs/bin</B>
+directory.
+<UL>
+<P><LI>On a machine of an existing system type, you can either load files from
+the AFS CD-ROM or use a remote file transfer protocol to copy files from an
+existing server machine of the same system type. To load from the
+CD-ROM, see the instructions just following for a machine of a new system
+type. If using a remote file transfer protocol, copy the complete
+contents of the existing server machine's <B>/usr/afs/bin</B>
+directory.
+<P><LI>On a machine of a new system type, you must use the following instructions
+to copy files from the AFS CD-ROM.
+<OL TYPE=a>
+<P><LI>On the local <B>/cdrom</B> directory, mount the AFS CD-ROM for this
+machine's system type, if it is not already. For instructions on
+mounting CD-ROMs (either locally or remotely via NFS), consult the operating
+system documentation.
+<P><LI>Copy files from the CD-ROM to the local <B>/usr/afs</B>
+directory.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.server/usr/afs</B>
+
+ # <B>cp -rp * /usr/afs</B>
+
+</PRE>
+</OL>
+</UL>
+<A NAME="IDX2787"></A>
+<A NAME="IDX2788"></A>
+<A NAME="IDX2789"></A>
+<A NAME="IDX2790"></A>
+<A NAME="IDX2791"></A>
+<A NAME="IDX2792"></A>
+<A NAME="IDX2793"></A>
+<A NAME="IDX2794"></A>
+<A NAME="IDX2795"></A>
+<A NAME="IDX2796"></A>
+<A NAME="IDX2797"></A>
+<A NAME="IDX2798"></A>
+<P><LI>Copy the contents of the <B>/usr/afs/etc</B> directory from an
+existing file server machine, using a remote file transfer protocol such as
+<B>ftp</B> or NFS. If you use a system control machine, it is best
+to copy the contents of its <B>/usr/afs/etc</B> directory. If you
+choose not to run a system control machine, copy the directory's contents
+from any existing file server machine.
+<A NAME="IDX2799"></A>
+<A NAME="IDX2800"></A>
+<A NAME="IDX2801"></A>
+<A NAME="IDX2802"></A>
+<A NAME="IDX2803"></A>
+<A NAME="IDX2804"></A>
+<P><LI>Change to the <B>/usr/afs/bin</B> directory and start the BOS Server
+(<B>bosserver</B> process). Include the <B>-noauth</B> flag to
+prevent the AFS processes from performing authorization checking. This
+is a grave compromise of security; finish the remaining instructions in
+this section in an uninterrupted pass.
+<PRE>
+ # <B>cd /usr/afs/bin</B>
+
+ # <B>./bosserver -noauth &</B>
+
+</PRE>
+<A NAME="IDX2805"></A>
+<A NAME="IDX2806"></A>
+<A NAME="IDX2807"></A>
+<A NAME="IDX2808"></A>
+<A NAME="IDX2809"></A>
+<A NAME="IDX2810"></A>
+<P><LI><A NAME="LIWQ109"></A>If you run a system control machine, create the
+<B>upclientetc</B> process as an instance of the client portion of the
+Update Server. It accepts updates of the common configuration files
+stored in the system control machine's <B>/usr/afs/etc</B> directory
+from the <B>upserver</B> process (server portion of the Update Server)
+running on that machine. The cell's first file server machine was
+installed as the system control machine in <A HREF="auqbg005.htm#HDRWQ61">Starting the Server Portion of the Update Server</A>. (If you do not run a system control machine, you
+must update the contents of the <B>/usr/afs/etc</B> directory on each file
+server machine, using the appropriate <B>bos</B> commands.)
+<P>By default, the Update Server performs updates every 300 seconds (five
+minutes). Use the <B>-t</B> argument to specify a different number
+of seconds. For the <VAR>machine name</VAR> argument, substitute the
+name of the machine you are installing. The command appears on multiple
+lines here only for legibility reasons.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>upclientetc simple</B> \
+ <B>"/usr/afs/bin/upclient</B> <<VAR>system control machine</VAR>> \
+ [<B>-t</B> <<VAR>time</VAR>>] <B>/usr/afs/etc" -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<A NAME="IDX2811"></A>
+<A NAME="IDX2812"></A>
+<A NAME="IDX2813"></A>
+<P><LI><A NAME="LIWQ110"></A>Create an instance of the Update Server to handle distribution
+of the file server binaries stored in the <B>/usr/afs/bin</B>
+directory.
+<UL>
+<P><LI>If this is the first file server machine of its AFS system type, create
+the <B>upserver</B> process as an instance of the server portion of the
+Update Server. It distributes its copy of the file server process
+binaries to the other file server machines of this system type that you
+install in future. Creating this process makes this machine the binary
+distribution machine for its type.
+<PRE>
+ # <B>./bos create </B> <<VAR>machine name</VAR>> <B>upserver simple</B> \
+ <B>"/usr/afs/bin/upserver -clear /usr/afs/bin" </B> \
+ <B>-cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+<P><LI>If this machine is an existing system type, create the
+<B>upclientbin</B> process as an instance of the client portion of the
+Update Server. It accepts updates of the AFS binaries from the
+<B>upserver</B> process running on the binary distribution machine for its
+system type. For distribution to work properly, the <B>upserver</B>
+process must already by running on that machine.
+<P>Use the <B>-clear</B> argument to specify that the
+<B>upclientbin</B> process requests unencrypted transfer of the binaries
+in the <B>/usr/afs/bin</B> directory. Binaries are not sensitive
+and encrypting them is time-consuming.
+<P>By default, the Update Server performs updates every 300 seconds (five
+minutes). Use the <B>-t</B> argument to specify an different number
+of seconds.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>upclientbin simple</B> \
+ <B>"/usr/afs/bin/upclient</B> <<VAR>binary distribution machine</VAR>> \
+ [<B>-t</B> <<VAR>time</VAR>>] <B>-clear /usr/afs/bin" -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+</UL>
+<A NAME="IDX2814"></A>
+<A NAME="IDX2815"></A>
+<A NAME="IDX2816"></A>
+<A NAME="IDX2817"></A>
+<P><LI>Start the <B>runntp</B> process, which configures the Network Time
+Protocol Daemon (NTPD) to choose a database server machine chosen randomly
+from the local <B>/usr/afs/etc/CellServDB</B> file as its time
+source. In the standard configuration, the first database server
+machine installed in your cell refers to a time source outside the cell, and
+serves as the basis for clock synchronization on all server machines.
+<PRE>
+ # <B>./bos create</B> <<VAR>machine name</VAR>> <B>runntp simple</B> \
+ <B>/usr/afs/bin/runntp -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Do not run the <B>runntp</B> process if NTPD or another time
+synchronization protocol is already running on the machine. Some
+versions of some operating systems run a time synchronization program by
+default, as detailed in the <I>IBM AFS Release Notes</I>.
+<P>Attempting to run multiple instances of the NTPD causes an error.
+Running NTPD together with another time synchronization protocol is
+unnecessary and can cause instability in the clock setting.
+</TD></TR></TABLE>
+<A NAME="IDX2818"></A>
+<A NAME="IDX2819"></A>
+<A NAME="IDX2820"></A>
+<A NAME="IDX2821"></A>
+<A NAME="IDX2822"></A>
+<A NAME="IDX2823"></A>
+<A NAME="IDX2824"></A>
+<A NAME="IDX2825"></A>
+<A NAME="IDX2826"></A>
+<A NAME="IDX2827"></A>
+<P><LI>Start the <B>fs</B> process, which binds together the File Server,
+Volume Server, and Salvager.
+<PRE>
+ # <B>./bos create </B> <<VAR>machine name</VAR>> <B>fs fs </B> \
+ <B>/usr/afs/bin/fileserver /usr/afs/bin/volserver</B> \
+ <B>/usr/afs/bin/salvager -cell</B> <<VAR>cell name</VAR>> <B>-noauth</B>
+
+</PRE>
+</OL>
+<A NAME="IDX2828"></A>
+<A NAME="IDX2829"></A>
+<P><H3><A NAME="HDRWQ111" HREF="auqbg002.htm#ToC_107">Installing Client Functionality</A></H3>
+<P>If you want this machine to be a client as well as a server,
+follow the instructions in this section. Otherwise, skip to <A HREF="#HDRWQ112">Completing the Installation</A>.
+<P>Begin by loading the necessary client files to the local disk. Then
+create the necessary configuration files and start the Cache Manager.
+For more detailed explanation of the procedures involved, see the
+corresponding instructions in <A HREF="auqbg005.htm#HDRWQ17">Installing the First AFS Machine</A> (in the sections following <A HREF="auqbg005.htm#HDRWQ63">Overview: Installing Client Functionality</A>).
+<P>If another AFS machine of this machine's system type exists, the AFS
+binaries are probably already accessible in your AFS filespace (the
+conventional location is
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>).
+If not, or if this is the first AFS machine of its type, copy the AFS binaries
+for this system type into an AFS volume by following the instructions in <A HREF="auqbg005.htm#HDRWQ83">Storing AFS Binaries in AFS</A>. Because this machine is not yet an AFS client, you
+must perform the procedure on an existing AFS machine. However,
+remember to perform the final step (linking the local directory
+<B>/usr/afsws</B> to the appropriate location in the AFS file tree) on
+this machine itself. If you also want to create AFS volumes to house
+UNIX system binaries for the new system type, see <A HREF="auqbg005.htm#HDRWQ88">Storing System Binaries in AFS</A>.
+<A NAME="IDX2830"></A>
+<A NAME="IDX2831"></A>
+<A NAME="IDX2832"></A>
+<OL TYPE=1>
+<P><LI>Copy client binaries and files to the local disk.
+<UL>
+<P><LI>On a machine of an existing system type, you can either load files from
+the AFS CD-ROM or use a remote file transfer protocol to copy files from an
+existing server machine of the same system type. To load from the
+CD-ROM, see the instructions just following for a machine of a new system
+type. If using a remote file transfer protocol, copy the complete
+contents of the existing client machine's <B>/usr/vice/etc</B>
+directory.
+<P><LI>On a machine of a new system type, you must use the following instructions
+to copy files from the AFS CD-ROM.
+<OL TYPE=a>
+<P><LI>On the local <B>/cdrom</B> directory, mount the AFS CD-ROM for this
+machine's system type, if it is not already. For instructions on
+mounting CD-ROMs (either locally or remotely via NFS), consult the operating
+system documentation.
+<P><LI>Copy files to the local <B>/usr/vice/etc</B> directory.
+<P>This step places a copy of the AFS initialization script (and related
+files, if applicable) into the <B>/usr/vice/etc</B> directory. In
+the preceding instructions for incorporating AFS into the kernel, you copied
+the script directly to the operating system's conventional location for
+initialization files. When you incorporate AFS into the machine's
+startup sequence in a later step, you can choose to link the two files.
+<P>On some system types that use a dynamic kernel loader program, you
+previously copied AFS library files into a subdirectory of the
+<B>/usr/vice/etc</B> directory. On other system types, you copied
+the appropriate AFS library file directly to the directory where the operating
+system accesses it. The following commands do not copy or recopy the
+AFS library files into the <B>/usr/vice/etc</B> directory, because on some
+system types the library files consume a large amount of space. If you
+want to copy them, add the <B>-r</B> flag to the first <B>cp</B>
+command and skip the second <B>cp</B> command.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client/usr/vice/etc</B>
+
+ # <B>cp -p * /usr/vice/etc</B>
+
+ # <B>cp -rp C /usr/vice/etc</B>
+
+</PRE>
+</OL>
+</UL>
+<A NAME="IDX2833"></A>
+<A NAME="IDX2834"></A>
+<A NAME="IDX2835"></A>
+<A NAME="IDX2836"></A>
+<A NAME="IDX2837"></A>
+<A NAME="IDX2838"></A>
+<P><LI>Change to the <B>/usr/vice/etc</B> directory and create the
+<B>ThisCell</B> file as a copy of the <B>/usr/afs/etc/ThisCell</B>
+file. You must first remove the symbolic link to the
+<B>/usr/afs/etc/ThisCell</B> file that the BOS Server created
+automatically in <A HREF="#HDRWQ108">Starting Server Programs</A>.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm ThisCell</B>
+
+ # <B>cp /usr/afs/etc/ThisCell ThisCell</B>
+
+</PRE>
+<P><LI>Remove the symbolic link to the <B>/usr/afs/etc/CellServDB</B>
+file.
+<PRE>
+ # <B>rm CellServDB</B>
+
+</PRE>
+<A NAME="IDX2839"></A>
+<A NAME="IDX2840"></A>
+<A NAME="IDX2841"></A>
+<P><LI>Create the <B>/usr/vice/etc/CellServDB</B> file. Use a network
+file transfer program such as <B>ftp</B> or NFS to copy it from one of the
+following sources, which are listed in decreasing order of preference:
+<UL>
+<P><LI>Your cell's central <B>CellServDB</B> source file (the
+conventional location is
+<B>/afs/</B><VAR>cellname</VAR><B>/common/etc/CellServDB</B>)
+<P><LI>The global <B>CellServDB</B> file maintained by the AFS Product
+Support group
+<P><LI>An existing client machine in your cell
+<P><LI>The <B>CellServDB.sample</B> file included in the
+<VAR>sysname</VAR><B>/root.client/usr/vice/etc</B> directory of each
+AFS CD-ROM; add an entry for the local cell by following the instructions
+in <A HREF="auqbg005.htm#HDRWQ66">Creating the Client CellServDB File</A>
+</UL>
+<A NAME="IDX2842"></A>
+<A NAME="IDX2843"></A>
+<A NAME="IDX2844"></A>
+<A NAME="IDX2845"></A>
+<P><LI>Create the <B>cacheinfo</B> file for either a disk cache or a memory
+cache. For a discussion of the appropriate values to record in the
+file, see <A HREF="auqbg005.htm#HDRWQ67">Configuring the Cache</A>.
+<P>To configure a disk cache, issue the following commands. If you are
+devoting a partition exclusively to caching, as recommended, you must also
+configure it, make a file system on it, and mount it at the directory created
+in this step.
+<PRE>
+ # <B>mkdir /usr/vice/cache</B>
+
+ # <B>echo "/afs:/usr/vice/cache:</B><VAR>#blocks</VAR><B>" > cacheinfo</B>
+</PRE>
+<P>To configure a memory cache:
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:</B><VAR>#blocks</VAR><B>" > cacheinfo</B>
+
+</PRE>
+<A NAME="IDX2846"></A>
+<A NAME="IDX2847"></A>
+<A NAME="IDX2848"></A>
+<A NAME="IDX2849"></A>
+<A NAME="IDX2850"></A>
+<A NAME="IDX2851"></A>
+<P><LI>Create the local directory on which to mount the AFS filespace, by
+convention <B>/afs</B>. If the directory already exists, verify
+that it is empty.
+<PRE>
+ # <B>mkdir /afs</B>
+
+</PRE>
+<P><LI>On AIX systems, add the following line to the <B>/etc/vfs</B>
+file. It enables AIX to unmount AFS correctly during shutdown.
+<PRE>
+ afs 4 none none
+
+</PRE>
+<P><LI>On Linux systems, copy the <B>afsd</B> options file from the
+<B>/usr/vice/etc</B> directory to the <B>/etc/sysconfig</B> directory,
+removing the <B>.conf</B> extension as you do so.
+<PRE>
+ # <B>cp /usr/vice/etc/afs.conf /etc/sysconfig/afs</B>
+
+</PRE>
+<P><LI>Edit the machine's AFS initialization script or <B>afsd</B>
+options file to set appropriate values for <B>afsd</B> command
+parameters. The script resides in the indicated location on each system
+type:
+<UL>
+<P><LI>On AIX systems, <B>/etc/rc.afs</B>
+<P><LI>On Digital UNIX systems, <B>/sbin/init.d/afs</B>
+<P><LI>On HP-UX systems, <B>/sbin/init.d/afs</B>
+<P><LI>On IRIX systems, <B>/etc/init.d/afs</B>
+<P><LI>On Linux systems, <B>/etc/sysconfig/afs</B> (the <B>afsd</B>
+options file)
+<P><LI>On Solaris systems, <B>/etc/init.d/afs</B>
+</UL>
+<P>Use one of the methods described in <A HREF="auqbg005.htm#HDRWQ70">Configuring the Cache Manager</A> to add the following flags to the <B>afsd</B> command
+line. If you intend for the machine to remain an AFS client, also set
+any performance-related arguments you wish.
+<UL>
+<P><LI>Add the <B>-nosettime</B> flag, because this is a file server machine
+that is also a client.
+<P><LI>Add the <B>-memcache</B> flag if the machine is to use a memory
+cache.
+<P><LI>Add the <B>-verbose</B> flag to display a trace of the Cache
+Manager's initialization on the standard output stream.
+</UL>
+<P><LI>If appropriate, follow the instructions in <A HREF="auqbg005.htm#HDRWQ83">Storing AFS Binaries in AFS</A> to copy the AFS binaries for this system type into an AFS
+volume. See the introduction to this section for further
+discussion.
+</OL>
+<P><H3><A NAME="HDRWQ112" HREF="auqbg002.htm#ToC_108">Completing the Installation</A></H3>
+<P>At this point you run the machine's AFS initialization
+script to verify that it correctly loads AFS modifications into the kernel and
+starts the BOS Server, which starts the other server processes. If you
+have installed client files, the script also starts the Cache Manager.
+If the script works correctly, perform the steps that incorporate it into the
+machine's startup and shutdown sequence. If there are problems
+during the initialization, attempt to resolve them. The AFS Product
+Support group can provide assistance if necessary.
+<P>If the machine is configured as a client using a disk cache, it can take a
+while for the <B>afsd</B> program to create all of the
+<B>V</B><VAR>n</VAR> files in the cache directory. Messages on the
+console trace the initialization process.
+<OL TYPE=1>
+<P><LI>Issue the <B>bos shutdown</B> command to shut down the AFS server
+processes other than the BOS Server. Include the <B>-wait</B> flag
+to delay return of the command shell prompt until all processes shut down
+completely.
+<PRE>
+ # <B>/usr/afs/bin/bos shutdown</B> <<VAR>machine name</VAR>> <B>-wait</B>
+
+</PRE>
+<P><LI>Issue the <B>ps</B> command to learn the BOS Server's process ID
+number (PID), and then the <B>kill</B> command to stop the
+<B>bosserver</B> process.
+<PRE>
+ # <B>ps</B> <VAR>appropriate_ps_options</VAR> <B>| grep bosserver</B>
+
+ # <B>kill</B> <VAR>bosserver_PID</VAR>
+
+</PRE>
+<A NAME="IDX2852"></A>
+<A NAME="IDX2853"></A>
+<A NAME="IDX2854"></A>
+<A NAME="IDX2855"></A>
+<A NAME="IDX2856"></A>
+<A NAME="IDX2857"></A>
+<P><LI>Run the AFS initialization script by issuing the appropriate commands for
+this system type.
+<P><B>On AIX systems:</B>
+<OL TYPE=a>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/rc.afs</B>
+
+</PRE>
+<P><LI>Edit the AIX initialization file, <B>/etc/inittab</B>, adding the
+following line to invoke the AFS initialization script. Place it just
+after the line that starts NFS daemons.
+<PRE>
+ rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS services
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc</B> directories.
+If you want to avoid potential confusion by guaranteeing that they are always
+the same, create a link between them. You can always retrieve the
+original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm rc.afs</B>
+
+ # <B>ln -s /etc/rc.afs</B>
+
+</PRE>
+<P><LI>Proceed to Step <A HREF="#LIWQ113">4</A>.
+</OL>
+<A NAME="IDX2858"></A>
+<P><B>On Digital UNIX systems:</B>
+<OL TYPE=a>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/sbin/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the Digital UNIX startup and shutdown
+sequence.
+<PRE>
+ # <B>cd /sbin/init.d</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc3.d/S67afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc0.d/K66afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>Proceed to Step <A HREF="#LIWQ113">4</A>.
+</OL>
+<A NAME="IDX2859"></A>
+<P><B>On HP-UX systems:</B>
+<OL TYPE=a>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/sbin/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the HP-UX startup and shutdown sequence.
+<PRE>
+ # <B>cd /sbin/init.d</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/S460afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/K800afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>Proceed to Step <A HREF="#LIWQ113">4</A>.
+</OL>
+<A NAME="IDX2860"></A>
+<A NAME="IDX2861"></A>
+<A NAME="IDX2862"></A>
+<A NAME="IDX2863"></A>
+<A NAME="IDX2864"></A>
+<A NAME="IDX2865"></A>
+<A NAME="IDX2866"></A>
+<P><B>On IRIX systems:</B>
+<OL TYPE=a>
+<P><LI>If you have configured the machine to use the <B>ml</B> dynamic loader
+program, reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the
+<B>afsserver</B> configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsserver on</B>
+</PRE>
+<P>If you have configured this machine as an AFS client and want to it remain
+one, also issue the <B>chkconfig</B> command to activate the
+<B>afsclient</B> configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsclient on</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the IRIX startup and shutdown sequence.
+<PRE>
+ # <B>cd /etc/init.d</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc2.d/S35afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K35afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>Proceed to Step <A HREF="#LIWQ113">4</A>.
+</OL>
+<A NAME="IDX2867"></A>
+<P><B>On Linux systems:</B>
+<OL TYPE=a>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/rc.d/init.d/afs start</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afs</B>
+configuration variable. Based on the instruction in the AFS
+initialization file that begins with the string <TT>#chkconfig</TT>, the
+command automatically creates the symbolic links that incorporate the script
+into the Linux startup and shutdown sequence.
+<PRE>
+ # <B>/sbin/chkconfig --add afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and
+<B>/etc/rc.d/init.d</B> directories, and copies of the
+<B>afsd</B> options file in both the <B>/usr/vice/etc</B> and
+<B>/etc/sysconfig</B> directories. If you want to avoid potential
+confusion by guaranteeing that the two copies of each file are always the
+same, create a link between them. You can always retrieve the original
+script or options file from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc afs.conf</B>
+
+ # <B>ln -s /etc/rc.d/init.d/afs afs.rc</B>
+
+ # <B>ln -s /etc/sysconfig/afs afs.conf</B>
+
+</PRE>
+<P><LI>Proceed to Step <A HREF="#LIWQ113">4</A>.
+</OL>
+<A NAME="IDX2868"></A>
+<P><B>On Solaris systems:</B>
+<OL TYPE=a>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the Solaris startup and shutdown sequence.
+<PRE>
+ # <B>cd /etc/init.d</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc3.d/S99afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K66afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+
+</PRE>
+</OL>
+<P><LI><A NAME="LIWQ113"></A>Verify that <B>/usr/afs</B> and its subdirectories on the
+new file server machine meet the ownership and mode bit requirements outlined
+in <A HREF="auqbg005.htm#HDRWQ96">Protecting Sensitive AFS Directories</A>. If necessary, use the <B>chmod</B> command to
+correct the mode bits.
+<P><LI>To configure this machine as a database server machine, proceed to <A HREF="#HDRWQ114">Installing Database Server Functionality</A>.
+</OL>
+<A NAME="IDX2869"></A>
+<A NAME="IDX2870"></A>
+<HR><H2><A NAME="HDRWQ114" HREF="auqbg002.htm#ToC_109">Installing Database Server Functionality</A></H2>
+<P>This section explains how to install database server
+functionality. Database server machines have two defining
+characteristics. First, they run the Authentication Server, Protection
+Server, and Volume Location (VL) Server processes. They also run the
+Backup Server if the cell uses the AFS Backup System, as is assumed in these
+instructions. Second, they appear in the <B>CellServDB</B> file of
+every machine in the cell (and of client machines in foreign cells, if they
+are to access files in this cell).
+<P>Note the following requirements for database server machines.
+<UL>
+<P><LI>In the conventional configuration, database server machines also serve as
+file server machines (run the File Server, Volume Server and Salvager
+processes). If you choose not to run file server functionality on a
+database server machine, then the kernel does not have to incorporate AFS
+modifications, but the local <B>/usr/afs</B> directory must house most of
+the standard files and subdirectories. In particular, the
+<B>/usr/afs/etc/KeyFile</B> file must contain the same keys as all other
+server machines in the cell. If you run a system control machine, run
+the <B>upclientetc</B> process on every database server machine other than
+the system control machine; if you do not run a system control machine,
+use the <B>bos addkey</B> command as instructed in the chapter in the
+<I>IBM AFS Administration Guide</I> about maintaining server encryption
+keys.
+<P>The instructions in this section assume that the machine on which you are
+installing database server functionality is already a file server
+machine. Contact the AFS Product Support group to learn how to install
+database server functionality on a non-file server machine.
+<P><LI>During the installation of database server functionality, you must restart
+all of the database server machines to force the election of a new Ubik
+coordinator (synchronization site) for each database server process.
+This can cause a system outage, which usually lasts less than 5
+minutes.
+<P><LI>Updating the kernel memory list of database server machines on each client
+machine is generally the most time-consuming part of installing a new database
+server machine. It is, however, crucial for correct functioning in your
+cell. Incorrect knowledge of your cell's database server machines
+can prevent your users from authenticating, accessing files, and issuing AFS
+commands.
+<P>You update a client's kernel memory list by changing the
+<B>/usr/vice/etc/CellServDB</B> file and then either rebooting or issuing
+the <B>fs newcell</B> command. For instructions, see the chapter in
+the <I>IBM AFS Administration Guide</I> about administering client
+machines.
+<P>The point at which you update your clients' knowledge of database
+server machines depends on which of the database server machines has the
+lowest IP address. The following instructions indicate the appropriate
+place to update your client machines in either case.
+<UL>
+<P><LI>If the new database server machine has a lower IP address than any
+existing database server machine, update the <B>CellServDB</B> file on
+every client machine before restarting the database server processes.
+If you do not, users can become unable to update (write to) any of the AFS
+databases. This is because the machine with the lowest IP address is
+usually elected as the Ubik coordinator, and only the Coordinator accepts
+database writes. On client machines that do not have the new list of
+database server machines, the Cache Manager cannot locate the new
+coordinator. (Be aware that if clients contact the new coordinator
+before it is actually in service, they experience a timeout before contacting
+another database server machine. This is a minor, and temporary,
+problem compared to being unable to write to the database.)
+<P><LI>If the new database server machine does not have the lowest IP address of
+any database server machine, then it is better to update clients after
+restarting the database server processes. Client machines do not start
+using the new database server machine until you update their kernel memory
+list, but that does not usually cause timeouts or update problems (because the
+new machine is not likely to become the coordinator).
+</UL>
+</UL>
+<A NAME="IDX2871"></A>
+<P><H3><A NAME="Header_110" HREF="auqbg002.htm#ToC_110">Summary of Procedures</A></H3>
+<P>To install a database server machine, perform the following
+procedures.
+<OL TYPE=1>
+<P><LI>Install the <B>bos</B> suite of commands locally, as a precaution
+<P><LI>Add the new machine to the <B>/usr/afs/etc/CellServDB</B> file on
+existing file server machines
+<P><LI>Update your cell's central <B>CellServDB</B> source file and the
+file you make available to foreign cells
+<P><LI>Update every client machine's <B>/usr/vice/etc/CellServDB</B>
+file and kernel memory list of database server machines
+<P><LI>Start the database server processes (Authentication Server, Backup Server,
+Protection Server, and Volume Location Server)
+<P><LI>Restart the database server processes on every database server machine
+<P><LI>Notify the AFS Product Support group that you have installed a new
+database server machine
+</OL>
+<A NAME="IDX2872"></A>
+<A NAME="IDX2873"></A>
+<A NAME="IDX2874"></A>
+<P><H3><A NAME="Header_111" HREF="auqbg002.htm#ToC_111">Instructions</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">It is assumed that your PATH environment variable includes the directory
+that houses the AFS command binaries. If not, you possibly need to
+precede the command names with the appropriate pathname.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>You can perform the following instructions on either a server or client
+machine. Login as an AFS administrator who is listed in the
+<B>/usr/afs/etc/UserList</B> file on all server machines.
+<PRE>
+ % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+
+</PRE>
+<P><LI>If you are working on a client machine configured in the conventional
+manner, the <B>bos</B> command suite resides in the
+<B>/usr/afsws/bin</B> directory, a symbolic link to an AFS
+directory. An error during installation can potentially block access to
+AFS, in which case it is helpful to have a copy of the <B>bos</B> binary
+on the local disk. This step is not necessary if you are working on a
+server machine, where the binary resides in the local <B>/usr/afs/bin</B>
+directory.
+<PRE>
+ % <B>cp /usr/afsws/bin/bos /tmp</B>
+
+</PRE>
+<A NAME="IDX2875"></A>
+<A NAME="IDX2876"></A>
+<A NAME="IDX2877"></A>
+<A NAME="IDX2878"></A>
+<A NAME="IDX2879"></A>
+<P><LI><A NAME="LIWQ115"></A>Issue the <B>bos addhost</B> command to add the new
+database server machine to the <B>/usr/afs/etc/CellServDB</B> file on
+existing server machines (as well as the new database server machine
+itself).
+<P>Substitute the new database server machine's fully-qualified hostname
+for the <VAR>host name</VAR> argument. If you run a system control
+machine, substitute its fully-qualified hostname for the
+<VAR>machine name</VAR> argument. If you do not run a system control
+machine, repeat the <B>bos addhost</B> command once for each server
+machine in your cell (including the new database server machine itself), by
+substituting each one's fully-qualified hostname for the
+<VAR>machine name</VAR> argument in turn.
+<PRE>
+ % <B>bos addhost</B> <<VAR>machine name</VAR>> <<VAR>host name</VAR>>
+</PRE>
+<P>If you run a system control machine, wait for the Update Server to
+distribute the new <B>CellServDB</B> file, which takes up to five minutes
+by default. If you are issuing individual <B>bos addhost</B>
+commands, attempt to issue all of them within five minutes.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">It is best to maintain a one-to-one mapping between hostnames and IP
+addresses on a multihomed database server machine (the conventional
+configuration for any AFS machine). The BOS Server uses the
+<B>gethostbyname( )</B> routine to obtain the IP address
+associated with the <VAR>host name</VAR> argument. If there is more than
+one address, the BOS Server records in the <B>CellServDB</B> entry the one
+that appears first in the list of addresses returned by the routine.
+The routine possibly returns addresses in a different order on different
+machines, which can create inconsistency.
+</TD></TR></TABLE>
+<P><LI><B>(Optional)</B> Issue the <B>bos listhosts</B> command on each
+server machine to verify that the new database server machine appears in its
+<B>CellServDB</B> file.
+<PRE>
+ % <B>bos listhosts</B> <<VAR>machine name</VAR>>
+
+</PRE>
+<P><LI><A NAME="LIWQ116"></A>Add the new database server machine to your cell's central
+<B>CellServDB</B> source file, if you use one. The standard
+location is
+<B>/afs/</B><VAR>cellname</VAR><B>/common/etc/CellServDB</B>.
+<P>If you are willing to make your cell accessible to users in foreign cells,
+add the new database server machine to the file that lists your cell's
+database server machines. The conventional location is
+<B>/afs/</B><VAR>cellname</VAR><B>/service/etc/CellServDB.local</B>.
+<A NAME="IDX2880"></A>
+<A NAME="IDX2881"></A>
+<A NAME="IDX2882"></A>
+<P><LI><A NAME="LIWQ117"></A>If this machine's IP address is lower than any existing
+database server machine's, update every client machine's
+<B>/usr/vice/etc/CellServDB</B> file and kernel memory list to include
+this machine. (If this machine's IP address is not the lowest, it
+is acceptable to wait until Step <A HREF="#LIWQ123">12</A>.)
+<P>There are several ways to update the <B>CellServDB</B> file on client
+machines, as detailed in the chapter of the <I>IBM AFS Administration
+Guide</I> about administering client machines. One option is to copy
+over the central update source (which you updated in Step <A HREF="#LIWQ116">5</A>), with or without using the <B>package</B>
+program. To update the machine's kernel memory list, you can
+either reboot after changing the <B>CellServDB</B> file or issue the
+<B>fs newcell</B> command.
+<A NAME="IDX2883"></A>
+<A NAME="IDX2884"></A>
+<A NAME="IDX2885"></A>
+<A NAME="IDX2886"></A>
+<A NAME="IDX2887"></A>
+<P><LI><A NAME="LIWQ118"></A>Start the Authentication Server (the <B>kaserver</B>
+process).
+<PRE>
+ % <B>bos create</B> <<VAR>machine name</VAR>> <B>kaserver simple /usr/afs/bin/kaserver</B>
+
+</PRE>
+<A NAME="IDX2888"></A>
+<A NAME="IDX2889"></A>
+<P><LI><A NAME="LIWQ119"></A>Start the Backup Server (the <B>buserver</B>
+process). You must perform other configuration procedures before
+actually using the AFS Backup System, as detailed in the <I>IBM AFS
+Administration Guide</I>.
+<PRE>
+ % <B>bos create</B> <<VAR>machine name</VAR>> <B>buserver simple /usr/afs/bin/buserver</B>
+
+</PRE>
+<A NAME="IDX2890"></A>
+<A NAME="IDX2891"></A>
+<P><LI><A NAME="LIWQ120"></A>Start the Protection Server (the <B>ptserver</B>
+process).
+<PRE>
+ % <B>bos create</B> <<VAR>machine name</VAR>> <B>ptserver simple /usr/afs/bin/ptserver</B>
+
+</PRE>
+<A NAME="IDX2892"></A>
+<A NAME="IDX2893"></A>
+<P><LI><A NAME="LIWQ121"></A>Start the Volume Location (VL) Server (the <B>vlserver</B>
+process).
+<PRE>
+ % <B>bos create</B> <<VAR>machine name</VAR>> <B>vlserver simple /usr/afs/bin/vlserver</B>
+
+</PRE>
+<A NAME="IDX2894"></A>
+<A NAME="IDX2895"></A>
+<A NAME="IDX2896"></A>
+<A NAME="IDX2897"></A>
+<P><LI><A NAME="LIWQ122"></A>Issue the <B>bos restart</B> command on every database
+server machine in the cell, including the new machine. The command
+restarts the Authentication, Backup, Protection, and VL Servers, which forces
+an election of a new Ubik coordinator for each process. The new machine
+votes in the election and is considered as a potential new coordinator.
+<P>
+<P>A cell-wide service outage is possible during the election of a new
+coordinator for the VL Server, but it normally lasts less than five
+minutes. Such an outage is particularly likely if you are installing
+your cell's second database server machine. Messages tracing the
+progress of the election appear on the console.
+<P>Repeat this command on each of your cell's database server machines in
+quick succession. Begin with the machine with the lowest IP
+address.
+<PRE>
+ % <B>bos restart</B> <<VAR>machine name</VAR>> <B>kaserver buserver ptserver vlserver</B>
+</PRE>
+<P>If an error occurs, restart all server processes on the database server
+machines again by using one of the following methods:
+<UL>
+<P><LI>Issue the <B>bos restart</B> command with the <B>-bosserver</B>
+flag for each database server machine
+<P><LI>Reboot each database server machine, either using the <B>bos exec</B>
+command or at its console
+</UL>
+<P><LI><A NAME="LIWQ123"></A>If you did not update the <B>CellServDB</B> file on client
+machines in Step <A HREF="#LIWQ117">6</A>, do so now.
+<P><LI><A NAME="LIWQ124"></A>Send the new database server machine's name and IP address
+to the AFS Product Support group.
+<P>If you wish to participate in the AFS global name space, your cell's
+entry appear in a <B>CellServDB</B> file that the AFS Product Support
+group makes available to all AFS sites. Otherwise, they list your cell
+in a private file that they do not share with other AFS sites.
+</OL>
+<A NAME="IDX2898"></A>
+<A NAME="IDX2899"></A>
+<A NAME="IDX2900"></A>
+<A NAME="IDX2901"></A>
+<HR><H2><A NAME="HDRWQ125" HREF="auqbg002.htm#ToC_112">Removing Database Server Functionality</A></H2>
+<P>Removing database server machine functionality is nearly the
+reverse of installing it.
+<P><H3><A NAME="Header_113" HREF="auqbg002.htm#ToC_113">Summary of Procedures</A></H3>
+<P>To decommission a database server machine, perform the following
+procedures.
+<OL TYPE=1>
+<P><LI>Install the <B>bos</B> suite of commands locally, as a precaution
+<P><LI>Notify the AFS Product Support group that you are decommissioning a
+database server machine
+<P><LI>Update your cell's central <B>CellServDB</B> source file and the
+file you make available to foreign cells
+<P><LI>Update every client machine's <B>/usr/vice/etc/CellServDB</B>
+file and kernel memory list of database server machines
+<P><LI>Remove the machine from the <B>/usr/afs/etc/CellServDB</B> file on
+file server machines
+<P><LI>Stop the database server processes and remove them from the
+<B>/usr/afs/local/BosConfig</B> file if desired
+<P><LI>Restart the database server processes on the remaining database server
+machines
+</OL>
+<P><H3><A NAME="Header_114" HREF="auqbg002.htm#ToC_114">Instructions</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">It is assumed that your PATH environment variable includes the directory
+that houses the AFS command binaries. If not, you possibly need to
+precede the command names with the appropriate pathname.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>You can perform the following instructions on either a server or client
+machine. Login as an AFS administrator who is listed in the
+<B>/usr/afs/etc/UserList</B> file on all server machines.
+<PRE>
+ % <B>klog</B> <VAR>admin_user</VAR>
+ Password: <VAR>admin_password</VAR>
+
+</PRE>
+<P><LI>If you are working on a client machine configured in the conventional
+manner, the <B>bos</B> command suite resides in the
+<B>/usr/afsws/bin</B> directory, a symbolic link to an AFS
+directory. An error during installation can potentially block access to
+AFS, in which case it is helpful to have a copy of the <B>bos</B> binary
+on the local disk. This step is not necessary if you are working on a
+server machine, where the binary resides in the local <B>/usr/afs/bin</B>
+directory.
+<PRE>
+ % <B>cp /usr/afsws/bin/bos /tmp</B>
+
+</PRE>
+<P><LI><A NAME="LIWQ126"></A>Send the revised list of your cell's database server
+machines to the AFS Product Support group.
+<P>This step is particularly important if your cell is included in the global
+<B>CellServDB</B> file. If the administrators in foreign cells do
+not learn about the change in your cell, they cannot update the
+<B>CellServDB</B> file on their client machines. Users in foreign
+cells continue to send database requests to the decommissioned machine, which
+creates needless network traffic and activity on the machine. Also, the
+users experience time-out delays while their request is forwarded to a valid
+database server machine.
+<P><LI><A NAME="LIWQ127"></A>Remove the decommissioned machine from your cell's central
+<B>CellServDB</B> source file, if you use one. The conventional
+location is
+<B>/afs/</B><VAR>cellname</VAR><B>/common/etc/CellServDB</B>.
+<P>If you maintain a file that users in foreign cells can access to learn
+about your cell's database server machines, update it also. The
+conventional location is
+<B>/afs/</B><VAR>cellname</VAR><B>/service/etc/CellServDB.local</B>.
+<A NAME="IDX2902"></A>
+<A NAME="IDX2903"></A>
+<A NAME="IDX2904"></A>
+<A NAME="IDX2905"></A>
+<P><LI><A NAME="LIWQ128"></A>Update every client machine's
+<B>/usr/vice/etc/CellServDB</B> file and kernel memory list to exclude
+this machine. Altering the <B>CellServDB</B> file and kernel memory
+list before stopping the actual database server processes avoids possible
+time-out delays that result when users send requests to a decommissioned
+database server machine that is still listed in the file.
+<P>There are several ways to update the <B>CellServDB</B> file on client
+machines, as detailed in the chapter of the <I>IBM AFS Administration
+Guide</I> about administering client machines. One option is to copy
+over the central update source (which you updated in Step <A HREF="#LIWQ116">5</A>), with or without using the <B>package</B>
+program. To update the machine's kernel memory list, you can
+either reboot after changing the <B>CellServDB</B> file or issue the
+<B>fs newcell</B> command.
+<A NAME="IDX2906"></A>
+<A NAME="IDX2907"></A>
+<A NAME="IDX2908"></A>
+<A NAME="IDX2909"></A>
+<P><LI><A NAME="LIWQ129"></A>Issue the <B>bos removehost</B> command to remove the
+decommissioned database server machine from the
+<B>/usr/afs/etc/CellServDB</B> file on server machines.
+<P>Substitute the decommissioned database server machine's
+fully-qualified hostname for the <VAR>host name</VAR> argument. If you
+run a system control machine, substitute its fully-qualified hostname for the
+<VAR>machine name</VAR> argument. If you do not run a system control
+machine, repeat the <B>bos removehost</B> command once for each server
+machine in your cell (including the decommissioned database server machine
+itself), by substituting each one's fully-qualified hostname for the
+<VAR>machine name</VAR> argument in turn.
+<PRE>
+ % <B>bos removehost</B> <<VAR>machine name</VAR>> <<VAR>host name</VAR>>
+</PRE>
+<P>If you run a system control machine, wait for the Update Server to
+distribute the new <B>CellServDB</B> file, which takes up to five minutes
+by default. If issuing individual <B>bos removehost</B> commands,
+attempt to issue all of them within five minutes.
+<P><LI><B>(Optional)</B> Issue the <B>bos listhosts</B> command on each
+server machine to verify that the decommissioned database server machine no
+longer appears in its <B>CellServDB</B> file.
+<PRE>
+ % <B>bos listhosts</B> <<VAR>machine name</VAR>>
+
+</PRE>
+<A NAME="IDX2910"></A>
+<A NAME="IDX2911"></A>
+<A NAME="IDX2912"></A>
+<A NAME="IDX2913"></A>
+<A NAME="IDX2914"></A>
+<A NAME="IDX2915"></A>
+<A NAME="IDX2916"></A>
+<P><LI><A NAME="LIWQ130"></A>Issue the <B>bos stop</B> command to stop the database
+server processes on the machine, by substituting its fully-qualified hostname
+for the <VAR>machine name</VAR> argument. The command changes each
+process's status in the <B>/usr/afs/local/BosConfig</B> file to
+<TT>NotRun</TT>, but does not remove its entry from the file.
+<PRE>
+ % <B>bos stop</B> <<VAR>machine name</VAR>> <B>kaserver buserver ptserver vlserver</B>
+
+</PRE>
+<A NAME="IDX2917"></A>
+<A NAME="IDX2918"></A>
+<A NAME="IDX2919"></A>
+<A NAME="IDX2920"></A>
+<A NAME="IDX2921"></A>
+<P><LI><A NAME="LIWQ131"></A><B>(Optional)</B> Issue the <B>bos delete</B> command
+to remove the entries for database server processes from the
+<B>BosConfig</B> file. This step is unnecessary if you plan to
+restart the database server functionality on this machine in future.
+<PRE>
+ % <B>bos delete</B> <<VAR>machine name</VAR>> <B>kaserver buserver ptserver vlserver</B>
+
+</PRE>
+<A NAME="IDX2922"></A>
+<A NAME="IDX2923"></A>
+<A NAME="IDX2924"></A>
+<A NAME="IDX2925"></A>
+<P><LI><A NAME="LIWQ132"></A>Issue the <B>bos restart</B> command on every database
+server machine in the cell, to restart the Authentication, Backup, Protection,
+and VL Servers. This forces the election of a Ubik coordinator for each
+process, ensuring that the remaining database server processes recognize that
+the machine is no longer a database server.
+<P>A cell-wide service outage is possible during the election of a new
+coordinator for the VL Server, but it normally lasts less than five
+minutes. Messages tracing the progress of the election appear on the
+console.
+<P>Repeat this command on each of your cell's database server machines in
+quick succession. Begin with the machine with the lowest IP
+address.
+<PRE>
+ % <B>bos restart</B> <<VAR>machine name</VAR>> <B>kaserver buserver ptserver vlserver</B>
+</PRE>
+<P>If an error occurs, restart all server processes on the database server
+machines again by using one of the following methods:
+<UL>
+<P><LI>Issue the <B>bos restart</B> command with the <B>-bosserver</B>
+flag for each database server machine
+<P><LI>Reboot each database server machine, either using the <B>bos exec</B>
+command or at its console
+</UL>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<A NAME="IDX2926"></A>
+<A NAME="IDX2927"></A>
+<HR><H1><A NAME="HDRWQ133" HREF="auqbg002.htm#ToC_115">Installing Additional Client Machines</A></H1>
+<P>This chapter describes how to install AFS client machines
+after you have installed the first AFS machine. Some parts of the
+installation differ depending on whether or not the new client is of the same
+AFS system type (uses the same AFS binaries) as a previously installed client
+machine.
+<A NAME="IDX2928"></A>
+<HR><H2><A NAME="Header_116" HREF="auqbg002.htm#ToC_116">Summary of Procedures</A></H2>
+<OL TYPE=1>
+<P><LI>Incorporate AFS into the machine's kernel
+<P><LI>Define the machine's cell membership
+<P><LI>Define cache location and size
+<P><LI>Create the <B>/usr/vice/etc/CellServDB</B> file, which determines
+which foreign cells the client can access in addition to the local cell
+<P><LI>Create the <B>/afs</B> directory and start the Cache Manager
+<P><LI>Create and mount volumes for housing AFS client binaries (necessary only
+for clients of a new system type)
+<P><LI>Create a link from the local <B>/usr/afsws</B> directory to the AFS
+directory housing the AFS client binaries
+<P><LI>Modify the machine's authentication system to enable AFS users to
+obtain tokens at login
+</OL>
+<A NAME="IDX2929"></A>
+<A NAME="IDX2930"></A>
+<A NAME="IDX2931"></A>
+<A NAME="IDX2932"></A>
+<A NAME="IDX2933"></A>
+<A NAME="IDX2934"></A>
+<A NAME="IDX2935"></A>
+<HR><H2><A NAME="HDRWQ134" HREF="auqbg002.htm#ToC_117">Creating AFS Directories on the Local Disk</A></H2>
+<P>Create the <B>/usr/vice/etc</B> directory on the local
+disk, to house client binaries and configuration files. Subsequent
+instructions copy files from the AFS CD-ROM into them. Create the
+<B>/cdrom</B> directory as a mount point for the CD-ROM, if it does not
+already exist.
+<PRE>
+ # <B>mkdir /usr/vice</B>
+
+ # <B>mkdir /usr/vice/etc</B>
+
+ # <B>mkdir /cdrom</B>
+
+</PRE>
+<HR><H2><A NAME="HDRWQ135" HREF="auqbg002.htm#ToC_118">Performing Platform-Specific Procedures</A></H2>
+<P>Every AFS client machine's kernel must incorporate AFS
+modifications. Some system types use a dynamic kernel loader program,
+whereas on other system types you build AFS modifications into a static
+kernel. Some system types support both methods.
+<P>Also modify the machine's authentication system so that users obtain
+an AFS token as they log into the local file system. Using AFS is
+simpler and more convenient for your users if you make the modifications on
+all client machines. Otherwise, users must perform a two-step login
+procedure (login to the local file system and then issue the <B>klog</B>
+command). For further discussion of AFS authentication, see the chapter
+in the <I>IBM AFS Administration Guide</I> about cell configuration and
+administration issues.
+<P>For convenience, the following sections group the two procedures by system
+type. Proceed to the appropriate section.
+<UL>
+<P><LI><A HREF="#HDRWQ136">Getting Started on AIX Systems</A>
+<P><LI><A HREF="#HDRWQ137">Getting Started on Digital UNIX Systems</A>
+<P><LI><A HREF="#HDRWQ138">Getting Started on HP-UX Systems</A>
+<P><LI><A HREF="#HDRWQ139">Getting Started on IRIX Systems</A>
+<P><LI><A HREF="#HDRWQ143">Getting Started on Linux Systems</A>
+<P><LI><A HREF="#HDRWQ144">Getting Started on Solaris Systems</A>
+</UL>
+<A NAME="IDX2936"></A>
+<A NAME="IDX2937"></A>
+<A NAME="IDX2938"></A>
+<A NAME="IDX2939"></A>
+<A NAME="IDX2940"></A>
+<A NAME="IDX2941"></A>
+<A NAME="IDX2942"></A>
+<A NAME="IDX2943"></A>
+<A NAME="IDX2944"></A>
+<HR><H2><A NAME="HDRWQ136" HREF="auqbg002.htm#ToC_119">Getting Started on AIX Systems</A></H2>
+<P>In this section you load AFS into the AIX kernel.
+Then incorporate AFS modifications into the machine's secondary
+authentication system, if you wish to enable AFS login.
+<P><H3><A NAME="Header_120" HREF="auqbg002.htm#ToC_120">Loading AFS into the AIX Kernel</A></H3>
+<P>The AIX kernel extension facility is the dynamic kernel loader provided
+by IBM Corporation. AIX does not support incorporation of AFS
+modifications during a kernel build.
+<P>For AFS to function correctly, the kernel extension facility must run each
+time the machine reboots, so the AFS initialization script (included in the
+AFS distribution) invokes it automatically. In this section you copy
+the script to the conventional location and edit it to select the appropriate
+options depending on whether NFS is also to run.
+<P>After editing the script, you run it to incorporate AFS into the
+kernel. In a later section you verify that the script correctly
+initializes the Cache Manager, then configure the AIX <B>inittab</B> file
+so that the script runs automatically at reboot.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for AIX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your AIX documentation. Then change directory as
+indicated.
+<PRE>
+ # <B>cd /cdrom/rs_aix42/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/dkload</B> directory, and the AFS initialization script
+to the <B>/etc</B> directory.
+<PRE>
+ # <B>cp -rp dkload /usr/vice/etc</B>
+
+ # <B>cp -p rc.afs /etc/rc.afs</B>
+
+</PRE>
+<P><LI>Edit the <B>/etc/rc.afs</B> script, setting the <TT>NFS</TT>
+variable as indicated.
+<P>If the machine is not to function as an NFS/AFS Translator, set the
+<TT>NFS</TT> variable as follows.
+<PRE>
+ NFS=$NFS_NONE
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and is running AIX
+4.2.1 or higher, set the <TT>NFS</TT> variable as
+follows. Note that NFS must already be loaded into the kernel, which
+happens automatically on systems running AIX 4.1.1 and later, as
+long as the file <B>/etc/exports</B> exists.
+<PRE>
+ NFS=$NFS_IAUTH
+
+</PRE>
+<P><LI>Invoke the <B>/etc/rc.afs</B> script to load AFS modifications
+into the kernel. You can ignore any error messages about the inability
+to start the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/rc.afs</B>
+
+</PRE>
+</OL>
+<P><H3><A NAME="Header_121" HREF="auqbg002.htm#ToC_121">Enabling AFS Login on AIX Systems</A></H3>
+<P>Now incorporate AFS into the AIX secondary authentication
+system.
+<OL TYPE=1>
+<P><LI>Issue the <B>ls</B> command to verify that the
+<B>afs_dynamic_auth</B> and <B>afs_dynamic_kerbauth</B> programs are
+installed in the local <B>/usr/vice/etc</B> directory.
+<PRE>
+ # <B>ls /usr/vice/etc</B>
+</PRE>
+<P>If the files do not exist, mount the AFS CD-ROM for AIX (if it is not
+already), change directory as indicated, and copy them.
+<PRE>
+ # <B>cd /cdrom/rs_aix42/root.client/usr/vice/etc</B>
+
+ # <B>cp -p afs_dynamic* /usr/vice/etc</B>
+
+</PRE>
+<P><LI>Edit the local <B> /etc/security/user</B> file, making changes to the
+indicated stanzas:
+<UL>
+<P><LI>In the default stanza, set the <TT>registry</TT> attribute to
+<B>DCE</B> (not to <B>AFS</B>), as follows:
+<PRE>
+ registry = DCE
+
+</PRE>
+<P><LI>In the default stanza, set the <TT>SYSTEM</TT> attribute as
+indicated.
+<P>If the machine is an AFS client only, set the following value:
+<PRE>
+ SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])"
+</PRE>
+<P>If the machine is both an AFS and a DCE client, set the following value (it
+must appear on a single line in the file):
+<PRE>
+ SYSTEM = "DCE OR DCE[UNAVAIL] OR AFS OR (AFS[UNAVAIL] \
+ AND compat[SUCCESS])"
+
+</PRE>
+<P><LI>In the <TT>root</TT> stanza, set the <TT>registry</TT> attribute as
+follows. It enables the local superuser <B>root</B> to log into the
+local file system only, based on the password listed in the local password
+file.
+<PRE>
+ root:
+ registry = files
+
+</PRE>
+</UL>
+<P><LI>Edit the local <B>/etc/security/login.cfg</B> file, creating or
+editing the indicated stanzas:
+<UL>
+<P><LI>In the <TT>DCE</TT> stanza, set the <TT>program</TT> attribute as
+follows.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ DCE:
+ program = /usr/vice/etc/afs_dynamic_auth
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ DCE:
+ program = /usr/vice/etc/afs_dynamic_kerbauth
+
+</PRE>
+<P><LI>In the <TT>AFS</TT> stanza, set the <TT>program</TT> attribute as
+follows.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ AFS:
+ program = /usr/vice/etc/afs_dynamic_auth
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ AFS:
+ program = /usr/vice/etc/afs_dynamic_kerbauth
+
+</PRE>
+</UL>
+<P><LI>Proceed to <A HREF="#HDRWQ145">Loading and Creating Client Files</A>.
+</OL>
+<A NAME="IDX2945"></A>
+<A NAME="IDX2946"></A>
+<A NAME="IDX2947"></A>
+<A NAME="IDX2948"></A>
+<A NAME="IDX2949"></A>
+<A NAME="IDX2950"></A>
+<A NAME="IDX2951"></A>
+<A NAME="IDX2952"></A>
+<A NAME="IDX2953"></A>
+<HR><H2><A NAME="HDRWQ137" HREF="auqbg002.htm#ToC_122">Getting Started on Digital UNIX Systems</A></H2>
+<P>In this section you build AFS into the Digital UNIX
+kernel. Then incorporate AFS modifications into the machine's
+Security Integration Architecture (SIA) matrix, if you wish to enable AFS
+login.
+<P><H3><A NAME="Header_123" HREF="auqbg002.htm#ToC_123">Building AFS into the Digital UNIX Kernel</A></H3>
+<P>On Digital UNIX systems, you must build AFS modifications into a new
+static kernel; Digital UNIX does not support dynamic loading. If
+the machine's hardware and software configuration exactly matches another
+Digital UNIX machine on which AFS is already built into the kernel, you can
+choose to copy the kernel from that machine to this one. In general,
+however, it is better to build AFS modifications into the kernel on each
+machine according to the following instructions.
+<OL TYPE=1>
+<P><LI>Create a copy called <B>AFS</B> of the basic kernel configuration file
+included in the Digital UNIX distribution as
+<B>/usr/sys/conf/</B><VAR>machine_name</VAR>, where <VAR>machine_name</VAR> is
+the machine's hostname in all uppercase letters.
+<PRE>
+ # <B>cd /usr/sys/conf</B>
+
+ # <B>cp</B> <VAR>machine_name</VAR> <B>AFS</B>
+
+</PRE>
+<P><LI>Add AFS to the list of options in the configuration file you created in
+the previous step, so that the result looks like the following:
+<PRE> . .
+ . .
+ options UFS
+ options NFS
+ options AFS
+ . .
+ . .
+
+</PRE>
+<P><LI>Add an entry for AFS to two places in the file
+<B>/usr/sys/conf/files</B>.
+<UL>
+<P><LI>Add a line for AFS to the list of <TT>OPTIONS</TT>, so that the result
+looks like the following:
+<PRE> . . .
+ . . .
+ OPTIONS/nfs optional nfs
+ OPTIONS/afs optional afs
+ OPTIONS/nfs_server optional nfs_server
+ . . .
+ . . .
+
+</PRE>
+<P><LI>Add an entry for AFS to the list of <TT>MODULES</TT>, so that the result
+looks like the following:
+<PRE> . . . .
+ . . . .
+ #
+ MODULE/nfs_server optional nfs_server Binary
+ nfs/nfs_server.c module nfs_server optimize -g3
+ nfs/nfs3_server.c module nfs_server optimize -g3
+ #
+ MODULE/afs optional afs Binary
+ afs/libafs.c module afs
+ #
+
+</PRE>
+</UL>
+<P><LI>Add an entry for AFS to two places in the file
+<B>/usr/sys/vfs/vfs_conf.c</B>.
+<UL>
+<P><LI>Add AFS to the list of defined file systems, so that the result looks like
+the following:
+<PRE> . .
+ . .
+ #include <afs.h>
+ #if defined(AFS) && AFS
+ extern struct vfsops afs_vfsops;
+ #endif
+ . .
+ . .
+
+</PRE>
+<P><LI>Put a declaration for AFS in the <B>vfssw[]</B> table's
+MOUNT_ADDON slot, so that the result looks like the following:
+<PRE> . . .
+ . . .
+ &fdfs_vfsops, "fdfs", /* 12 = MOUNT_FDFS */
+ #if defined(AFS)
+ &afs_vfsops, "afs",
+ #else
+ (struct vfsops *)0, "", /* 13 = MOUNT_ADDON */
+ #endif
+ #if NFS && INFS_DYNAMIC
+ &nfs3_vfsops, "nfsv3", /* 14 = MOUNT_NFS3 */
+
+</PRE>
+</UL>
+<P><LI>Mount the AFS CD-ROM for Digital UNIX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Digital UNIX documentation. Then change
+directory as indicated.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/sbin/init.d</B> on Digital
+UNIX machines). Note the removal of the <B>.rc</B> extension
+as you copy the script.
+<PRE>
+ # <B>cp usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/sys/BINARY</B>
+directory.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp bin/libafs.o /usr/sys/BINARY/afs.mod</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod</B>
+
+</PRE>
+<P><LI>Configure and build the kernel. Respond to any prompts by pressing
+<<B>Return</B>>. The resulting kernel resides in the file
+<B>/sys/AFS/vmunix</B>.
+<PRE>
+ # <B>doconfig -c AFS</B>
+
+</PRE>
+<P><LI>Rename the existing kernel file and copy the new, AFS-modified file to the
+standard location.
+<PRE>
+ # <B>mv /vmunix /vmunix_noafs</B>
+
+ # <B>cp /sys/AFS/vmunix /vmunix</B>
+
+</PRE>
+<P><LI>Reboot the machine to start using the new kernel, and login again as the
+superuser <B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+<P><H3><A NAME="Header_124" HREF="auqbg002.htm#ToC_124">Enabling AFS Login on Digital UNIX Systems</A></H3>
+<P>On Digital UNIX systems, the AFS initialization script automatically
+incorporates the AFS authentication library file into the Security Integration
+Architecture (SIA) matrix on the machine, so that users with AFS accounts
+obtain a token at login. In this section you copy the library file to
+the appropriate location.
+<P>For more information on SIA, see the Digital UNIX reference page for
+<B>matrix.conf</B>, or consult the section on security in your
+Digital UNIX documentation.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the machine runs both the DCE and AFS client software, AFS must start
+after DCE. Consult the AFS initialization script for suggested symbolic
+links to create for correct ordering. Also, the system startup script
+order must initialize SIA before any long-running process that uses
+authentication.
+</TD></TR></TABLE>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Digital UNIX on the local <B>/cdrom</B>
+directory, if it is not already. Change directory as indicated.
+<PRE>
+ # <B>cd /cdrom/alpha_dux40/lib/afs</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS authentication library file to the local
+<B>/usr/shlib</B> directory.
+<P>If you use the AFS Authentication Server (<B>kaserver</B> process) in
+the cell:
+<PRE>
+ # <B>cp libafssiad.so /usr/shlib</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication, rename the
+library file as you copy it:
+<PRE>
+ # <B>cp libafssiad.krb.so /usr/shlib/libafssiad.so</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ145">Loading and Creating Client Files</A>.
+</OL>
+<A NAME="IDX2954"></A>
+<A NAME="IDX2955"></A>
+<A NAME="IDX2956"></A>
+<A NAME="IDX2957"></A>
+<A NAME="IDX2958"></A>
+<A NAME="IDX2959"></A>
+<A NAME="IDX2960"></A>
+<A NAME="IDX2961"></A>
+<A NAME="IDX2962"></A>
+<HR><H2><A NAME="HDRWQ138" HREF="auqbg002.htm#ToC_125">Getting Started on HP-UX Systems</A></H2>
+<P>In this section you build AFS into the HP-UX kernel.
+Then incorporate AFS modifications into the machine's Pluggable
+Authentication Module (PAM) system, if you wish to enable AFS login.
+<P><H3><A NAME="Header_126" HREF="auqbg002.htm#ToC_126">Building AFS into the HP-UX Kernel</A></H3>
+<P>On HP-UX systems, you must build AFS modifications into a new static
+kernel; HP-UX does not support dynamic loading. If the
+machine's hardware and software configuration exactly matches another
+HP-UX machine on which AFS is already built into the kernel, you can choose to
+copy the kernel from that machine to this one. In general, however, it
+is better to build AFS modifications into the kernel on each machine according
+to the following instructions.
+<OL TYPE=1>
+<P><LI>Move the existing kernel-related files to a safe location.
+<PRE>
+ # <B>cp /stand/vmunix /stand/vmunix.noafs</B>
+
+ # <B>cp /stand/system /stand/system.noafs</B>
+
+</PRE>
+<P><LI>Mount the AFS CD-ROM for HP-UX on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your HP-UX documentation. Then change directory
+as indicated.
+<PRE>
+ # <B>cd /cdrom/hp_ux110/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization file to the local directory for initialization
+files (by convention, <B>/sbin/init.d</B> on HP-UX
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the file.
+<PRE>
+ # <B>cp usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the file <B>afs.driver</B> to the local
+<B>/usr/conf/master.d</B> directory, changing its name to
+<B>afs</B> as you do.
+<PRE>
+ # <B>cp usr/vice/etc/afs.driver /usr/conf/master.d/afs</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/conf/lib</B>
+directory.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp bin/libafs.a /usr/conf/lib</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server functionality,
+change the file's name as you copy it:
+<PRE>
+ # <B>cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a</B>
+
+</PRE>
+<P><LI>Incorporate the AFS driver into the kernel, either using the
+<B>SAM</B> program or a series of individual commands.
+<UL>
+<P><LI>To use the <B>SAM</B> program:
+<OL TYPE=a>
+<P><LI>Invoke the <B>SAM</B> program, specifying the hostname of the local
+machine as <VAR>local_hostname</VAR>. The <B>SAM</B> graphical user
+interface pops up.
+<PRE>
+ # <B>sam -display</B> <VAR>local_hostname</VAR><B>:0</B>
+
+</PRE>
+<P><LI>Choose the <B>Kernel Configuration</B> icon, then the
+<B>Drivers</B> icon. From the list of drivers, select
+<B>afs</B>.
+<P><LI>Open the pull-down <B>Actions</B> menu and choose the <B>Add Driver
+to Kernel</B> option.
+<P><LI>Open the <B>Actions</B> menu again and choose the <B>Create a New
+Kernel</B> option.
+<P><LI>Confirm your choices by choosing <B>Yes</B> and <B>OK</B> when
+prompted by subsequent pop-up windows. The <B>SAM</B> program
+builds the kernel and reboots the system.
+<P><LI>Login again as the superuser <B>root</B>.
+<PRE>
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+<P><LI>To use individual commands:
+<OL TYPE=a>
+<P><LI>Edit the file <B>/stand/system</B>, adding an entry for <B>afs</B>
+to the <TT>Subsystems</TT> section.
+<P><LI>Change to the <B>/stand/build</B> directory and issue the
+<B>mk_kernel</B> command to build the kernel.
+<PRE>
+ # <B>cd /stand/build</B>
+
+ # <B>mk_kernel</B>
+
+</PRE>
+<P><LI>Move the new kernel to the standard location (<B>/stand/vmunix</B>),
+reboot the machine to start using it, and login again as the superuser
+<B>root</B>.
+<PRE>
+ # <B>mv /stand/build/vmunix_test /stand/vmunix</B>
+
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+</OL>
+</UL>
+</OL>
+<P><H3><A NAME="Header_127" HREF="auqbg002.htm#ToC_127">Enabling AFS Login on HP-UX Systems</A></H3>
+<P>At this point you incorporate AFS into the operating system's
+Pluggable Authentication Module (PAM) scheme. PAM integrates all
+authentication mechanisms on the machine, including login, to provide the
+security infrastructure for authenticated access to and from the
+machine.
+<P>Explaining PAM is beyond the scope of this document. It is assumed
+that you understand the syntax and meanings of settings in the PAM
+configuration file (for example, how the <TT>other</TT> entry works, the
+effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
+<TT>sufficient</TT>, and so on).
+<P>The following instructions explain how to alter the entries in the PAM
+configuration file for each service for which you wish to use AFS
+authentication. Other configurations possibly also work, but the
+instructions specify the recommended and tested configuration.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The instructions specify that you mark each entry as
+<TT>optional</TT>. However, marking some modules as optional can mean
+that they grant access to the corresponding service even when the user does
+not meet all of the module's requirements. In some operating
+system revisions, for example, if you mark as optional the module that
+controls login via a dial-up connection, it allows users to login without
+providing a password. See the <I>IBM AFS Release Notes</I> for a
+discussion of any limitations that apply to this operating system.
+<P>Also, with some operating system versions you must install patches for PAM
+to interact correctly with certain authentication programs. For
+details, see the <I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P>The recommended AFS-related entries in the PAM configuration file make use
+of one or more of the following three attributes.
+<DL>
+<P><DT><B><TT>try_first_pass</TT>
+</B><DD>This is a standard PAM attribute that can be included on entries after the
+first one for a service; it directs the module to use the password that
+was provided to the first module. For the AFS module, it means that AFS
+authentication succeeds if the password provided to the module listed first is
+the user's correct AFS password. For further discussion of this
+attribute and its alternatives, see the operating system's PAM
+documentation.
+<P><DT><B><TT>ignore_root</TT>
+</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
+only the local superuser <B> root</B>, but also any user with UID 0
+(zero).
+<P><DT><B><TT>setenv_password_expires</TT>
+</B><DD>This attribute, specific to the AFS PAM module, sets the environment
+variable PASSWORD_EXPIRES to the expiration date of the user's AFS
+password, which is recorded in the Authentication Database.
+</DL>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for HP-UX on the <B>/cdrom</B> directory, if it
+is not already. Then change directory as indicated.
+<PRE>
+ # <B>cd /usr/lib/security</B>
+
+</PRE>
+<P><LI>Copy the AFS authentication library file to the
+<B>/usr/lib/security</B> directory. Then create a symbolic link to
+it whose name does not mention the version. Omitting the version
+eliminates the need to edit the PAM configuration file if you later update the
+library file.
+<P>If you use the AFS Authentication Server (<B>kaserver</B> process) in
+the cell:
+<PRE>
+ # <B>cp /cdrom/hp_ux110/lib/pam_afs.so.1 .</B>
+
+ # <B>ln -s pam_afs.so.1 pam_afs.so</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ #<B> cp /cdrom/hp_ux110/lib/pam_afs.krb.so.1 .</B>
+
+ # <B>ln -s pam_afs.krb.so.1 pam_afs.so</B>
+
+</PRE>
+<P><LI>Edit the <TT>Authentication management</TT> section of the HP-UX PAM
+configuration file, <B>/etc/pam.conf</B> by convention. The
+entries in this section have the value <TT>auth</TT> in their second
+field.
+<P>First edit the standard entries, which refer to the HP-UX PAM module
+(usually, the file <B>/usr/lib/security/libpam_unix.1</B>) in their
+fourth field. For each service for which you want to use AFS
+authentication, edit the third field of its entry to read
+<TT>optional</TT>. The <B>pam.conf</B> file in the HP-UX
+distribution usually includes standard entries for the <B>login</B> and
+<B>ftp</B> services, for instance.
+<P>If there are services for which you want to use AFS authentication, but for
+which the <B>pam.conf</B> file does not already include a standard
+entry, you must create that entry and place the value <TT>optional</TT> in
+its third field. For instance, the HP-UX <B>pam.conf</B>
+file does not usually include standard entries for the <B>remsh</B> or
+<B>telnet</B> services.
+<P>Then create an AFS-related entry for each service, placing it immediately
+below the standard entry. The following example shows what the
+<TT>Authentication Management</TT> section looks like after you have you
+edited or created entries for the services mentioned previously. Note
+that the example AFS entries appear on two lines only for legibility.
+<PRE>
+ login auth optional /usr/lib/security/libpam_unix.1
+ login auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+ ftp auth optional /usr/lib/security/libpam_unix.1
+ ftp auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ remsh auth optional /usr/lib/security/libpam_unix.1
+ remsh auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ telnet auth optional /usr/lib/security/libpam_unix.1
+ telnet auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+
+</PRE>
+<P><LI>If you use the Common Desktop Environment (CDE) on the machine and want
+users to obtain an AFS token as they log in, also add or edit the following
+four entries in the <TT>Authentication management</TT> section. Note
+that the AFS-related entries appear on two lines here only for
+legibility.
+<PRE>
+ dtlogin auth optional /usr/lib/security/libpam_unix.1
+ dtlogin auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ dtaction auth optional /usr/lib/security/libpam_unix.1
+ dtaction auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ145">Loading and Creating Client Files</A>.
+</OL>
+<A NAME="IDX2963"></A>
+<A NAME="IDX2964"></A>
+<A NAME="IDX2965"></A>
+<HR><H2><A NAME="HDRWQ139" HREF="auqbg002.htm#ToC_128">Getting Started on IRIX Systems</A></H2>
+<P>In this section you incorporate AFS into the IRIX kernel,
+choosing one of two methods:
+<UL>
+<P><LI>Dynamic loading using the <B>ml</B> program distributed by Silicon
+Graphics, Incorporated (SGI).
+<P><LI>Building a new static kernel.
+</UL>
+<P>Then see <A HREF="#HDRWQ142">Enabling AFS Login on IRIX Systems</A> to read about integrated AFS login on IRIX systems.
+<P>In preparation for either dynamic loading or kernel building, perform the
+following procedures:
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for IRIX on the <B>/cdrom</B> directory.
+For instructions on mounting CD-ROMs (either locally or remotely via NFS), see
+your IRIX documentation. Then change directory as indicated.
+<PRE>
+ # <B>cd /cdrom/sgi_65/root.client</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/init.d</B> on IRIX
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the script.
+<PRE>
+ # <B>cp -p usr/vice/etc/afs.rc /etc/init.d/afs</B>
+
+</PRE>
+<P><LI>Issue the <B>uname -m</B> command to determine the machine's CPU
+board type. The <B>IP</B><VAR>xx</VAR> value in the output must match
+one of the supported CPU board types listed in the <I>IBM AFS Release
+Notes</I> for the current version of AFS.
+<PRE>
+ # <B>uname -m</B>
+
+</PRE>
+<P><LI>Proceed to either <A HREF="#HDRWQ140">Loading AFS into the IRIX Kernel</A> or <A HREF="#HDRWQ141">Building AFS into the IRIX Kernel</A>.
+</OL>
+<A NAME="IDX2966"></A>
+<A NAME="IDX2967"></A>
+<A NAME="IDX2968"></A>
+<A NAME="IDX2969"></A>
+<A NAME="IDX2970"></A>
+<A NAME="IDX2971"></A>
+<A NAME="IDX2972"></A>
+<P><H3><A NAME="HDRWQ140" HREF="auqbg002.htm#ToC_129">Loading AFS into the IRIX Kernel</A></H3>
+<P>The <B>ml</B> program is the dynamic kernel loader
+provided by SGI for IRIX systems. If you use it rather than building
+AFS modifications into a static kernel, then for AFS to function correctly the
+<B>ml</B> program must run each time the machine reboots.
+Therefore, the AFS initialization script (included on the AFS CD-ROM) invokes
+it automatically when the <B>afsml</B> configuration variable is
+activated. In this section you activate the variable and run the
+script.
+<P>In a later section you verify that the script correctly initializes the
+Cache Manager, then create the links that incorporate AFS into the IRIX
+startup and shutdown sequence.
+<OL TYPE=1>
+<P><LI>Create the local <B>/usr/vice/etc/sgiload</B> directory to house the
+AFS kernel library file.
+<PRE>
+ # <B>mkdir /usr/vice/etc/sgiload</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the
+<B>/usr/vice/etc/sgiload</B> directory. The
+<B>IP</B><VAR>xx</VAR> portion of the library file name must match the value
+previously returned by the <B>uname -m</B> command. Also choose the
+file appropriate to whether the machine's kernel supports NFS server
+functionality (NFS must be supported for the machine to act as an NFS/AFS
+Translator). Single- and multiprocessor machines use the same library
+file.
+<P>(You can choose to copy all of the kernel library files into the <B>
+/usr/vice/etc/sgiload</B> directory, but they require a significant amount
+of space.)
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp -p usr/vice/etc/sgiload/libafs.IP</B><VAR>xx</VAR><B>.o /usr/vice/etc/sgiload</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp -p usr/vice/etc/sgiload/libafs.IP</B><VAR>xx</VAR><B>.nonfs.o</B> \
+ <B>/usr/vice/etc/sgiload</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afsml</B>
+configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsml on</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and the kernel
+supports NFS server functionality, activate the <B>afsxnfs</B>
+variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+
+</PRE>
+<P><LI>Run the <B>/etc/init.d/afs</B> script to load AFS extensions
+into the kernel. The script invokes the <B>ml</B> command,
+automatically determining which kernel library file to use based on this
+machine's CPU type and the activation state of the <B>afsxnfs</B>
+variable.
+<P>You can ignore any error messages about the inability to start the BOS
+Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ142">Enabling AFS Login on IRIX Systems</A>.
+</OL>
+<A NAME="IDX2973"></A>
+<P><H3><A NAME="HDRWQ141" HREF="auqbg002.htm#ToC_130">Building AFS into the IRIX Kernel</A></H3>
+<P>If you prefer to build a kernel, and the machine's
+hardware and software configuration exactly matches another IRIX machine on
+which AFS is already built into the kernel, you can choose to copy the kernel
+from that machine to this one. In general, however, it is better to
+build AFS modifications into the kernel on each machine according to the
+following instructions.
+<OL TYPE=1>
+<P><LI>Copy the kernel initialization file <B>afs.sm</B> to the local
+<B>/var/sysgen/system</B> directory, and the kernel master file
+<B>afs</B> to the local <B>/var/sysgen/master.d</B>
+directory.
+<PRE>
+ # <B>cp -p bin/afs.sm /var/sysgen/system</B>
+
+ # <B>cp -p bin/afs /var/sysgen/master.d</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/var/sysgen/boot/afs.a</B>; the <B>IP</B><VAR>xx</VAR>
+portion of the library file name must match the value previously returned by
+the <B>uname -m</B> command. Also choose the file appropriate to
+whether the machine's kernel supports NFS server functionality (NFS must
+be supported for the machine to act as an NFS/AFS Translator). Single-
+and multiprocessor machines use the same library file.
+<P>If the machine's kernel supports NFS server functionality:
+<PRE>
+ # <B>cp -p bin/libafs.IP</B><VAR>xx</VAR><B>.a /var/sysgen/boot/afs.a</B>
+</PRE>
+<P>If the machine's kernel does not support NFS server
+functionality:
+<PRE>
+ # <B>cp -p bin/libafs.IP</B><VAR>xx</VAR><B>.nonfs.a /var/sysgen/boot/afs.a</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to deactivate the <B>afsml</B>
+configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsml off</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator and the kernel
+supports NFS server functionality, activate the <B>afsxnfs</B>
+variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsxnfs on</B>
+
+</PRE>
+<P><LI>Copy the existing kernel file, <B>/unix</B>, to a safe
+location. Compile the new kernel, which is created in the file
+<B>/unix.install</B>. It overwrites the existing
+<B>/unix</B> file when the machine reboots in the next step.
+<PRE>
+ # <B>cp /unix /unix_noafs</B>
+
+ # <B>autoconfig</B>
+
+</PRE>
+<P><LI>Reboot the machine to start using the new kernel, and login again as the
+superuser <B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ142">Enabling AFS Login on IRIX Systems</A>.
+</OL>
+<A NAME="IDX2974"></A>
+<A NAME="IDX2975"></A>
+<A NAME="IDX2976"></A>
+<P><H3><A NAME="HDRWQ142" HREF="auqbg002.htm#ToC_131">Enabling AFS Login on IRIX Systems</A></H3>
+<P>The standard IRIX command-line <B>login</B> program and
+the graphical <B>xdm</B> login program both automatically grant an AFS
+token when AFS is incorporated into the machine's kernel. However,
+some IRIX distributions use another login utility by default, and it does not
+necessarily incorporate the required AFS modifications. If that is the
+case, you must disable the default utility if you want AFS users to obtain AFS
+tokens at login. For further discussion, see the <I>IBM AFS Release
+Notes</I>.
+<P>If you configure the machine to use an AFS-modified login utility, then the
+<B>afsauthlib.so</B> and <B>afskauthlib.so</B> files
+(included in the AFS distribution) must reside in the <B>/usr/vice/etc</B>
+directory. Issue the <B>ls</B> command to verify.
+<PRE>
+ # <B>ls /usr/vice/etc</B>
+</PRE>
+<P>If the files do not exist, mount the AFS CD-ROM for IRIX (if it is not
+already), change directory as indicated, and copy them.
+<PRE>
+ # <B>cd /cdrom/sgi_65/root.client/usr/vice/etc</B>
+
+ # <B>cp -p *authlib* /usr/vice/etc</B>
+</PRE>
+<P>After taking any necessary action, proceed to <A HREF="#HDRWQ145">Loading and Creating Client Files</A>.
+<A NAME="IDX2977"></A>
+<A NAME="IDX2978"></A>
+<A NAME="IDX2979"></A>
+<A NAME="IDX2980"></A>
+<A NAME="IDX2981"></A>
+<A NAME="IDX2982"></A>
+<A NAME="IDX2983"></A>
+<A NAME="IDX2984"></A>
+<A NAME="IDX2985"></A>
+<HR><H2><A NAME="HDRWQ143" HREF="auqbg002.htm#ToC_132">Getting Started on Linux Systems</A></H2>
+<P>In this section you load AFS into the Linux kernel.
+Then incorporate AFS modifications into the machine's Pluggable
+Authentication Module (PAM) system, if you wish to enable AFS login.
+<P><H3><A NAME="Header_133" HREF="auqbg002.htm#ToC_133">Loading AFS into the Linux Kernel</A></H3>
+<P>The <B>insmod</B> program is the dynamic kernel loader for
+Linux. Linux does not support incorporation of AFS modifications during
+a kernel build.
+<P>For AFS to function correctly, the <B>insmod</B> program must run each
+time the machine reboots, so the AFS initialization script (included on the
+AFS CD-ROM) invokes it automatically. The script also includes commands
+that select the appropriate AFS library file automatically. In this
+section you run the script.
+<P>In a later section you also verify that the script correctly initializes
+the Cache Manager, then activate a configuration variable, which results in
+the script being incorporated into the Linux startup and shutdown
+sequence.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Linux on the local <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Linux documentation. Then change directory
+as indicated.
+<PRE>
+ # <B>cd /cdrom/i386_linux22/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/modload</B> directory. The filenames for the
+libraries have the format
+<B>libafs-</B><VAR>version</VAR><B>.o</B>, where <VAR>version</VAR>
+indicates the kernel build level. The string <B>.mp</B> in
+the <VAR>version</VAR> indicates that the file is appropriate for machines
+running a multiprocessor kernel.
+<PRE>
+ # <B>cp -rp modload /usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/rc.d/init.d</B>
+on Linux machines). Note the removal of the <B>.rc</B>
+extension as you copy the script.
+<PRE>
+ # <B>cp -p afs.rc /etc/rc.d/init.d/afs</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script to load AFS extensions into the
+kernel. You can ignore any error messages about the inability to start
+the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/rc.d/init.d/afs start</B>
+
+</PRE>
+</OL>
+<P><H3><A NAME="Header_134" HREF="auqbg002.htm#ToC_134">Enabling AFS Login on Linux Systems</A></H3>
+<P>At this point you incorporate AFS into the operating system's
+Pluggable Authentication Module (PAM) scheme. PAM integrates all
+authentication mechanisms on the machine, including login, to provide the
+security infrastructure for authenticated access to and from the
+machine.
+<P>Explaining PAM is beyond the scope of this document. It is assumed
+that you understand the syntax and meanings of settings in the PAM
+configuration file (for example, how the <TT>other</TT> entry works, the
+effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
+<TT>sufficient</TT>, and so on).
+<P>The following instructions explain how to alter the entries in the PAM
+configuration file for each service for which you wish to use AFS
+authentication. Other configurations possibly also work, but the
+instructions specify the recommended and tested configuration.
+<P>The recommended AFS-related entries in the PAM configuration file make use
+of one or more of the following three attributes.
+<DL>
+<P><DT><B><TT>try_first_pass</TT>
+</B><DD>This is a standard PAM attribute that can be included on entries after the
+first one for a service; it directs the module to use the password that
+was provided to the first module. For the AFS module, it means that AFS
+authentication succeeds if the password provided to the module listed first is
+the user's correct AFS password. For further discussion of this
+attribute and its alternatives, see the operating system's PAM
+documentation.
+<P><DT><B><TT>ignore_root</TT>
+</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
+only the local superuser <B> root</B>, but also any user with UID 0
+(zero).
+<P><DT><B><TT>setenv_password_expires</TT>
+</B><DD>This attribute, specific to the AFS PAM module, sets the environment
+variable PASSWORD_EXPIRES to the expiration date of the user's AFS
+password, which is recorded in the Authentication Database.
+</DL>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Linux on the <B>/cdrom</B> directory, if it
+is not already. Then change to the directory for PAM modules, which
+depends on which Linux distribution you are using.
+<P>If you are using a Linux distribution from Red Hat Software:
+<PRE>
+ # <B>cd /lib/security</B>
+</PRE>
+<P>If you are using another Linux distribution:
+<PRE>
+ # <B>cd /usr/lib/security</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS authentication library file to the directory to
+which you changed in the previous step. Create a symbolic link whose
+name does not mention the version. Omitting the version eliminates the
+need to edit the PAM configuration file if you later update the library
+file.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ # <B>cp /cdrom/i386_linux22/lib/pam_afs.so.1 .</B>
+
+ # <B>ln -s pam_afs.so.1 pam_afs.so</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ # <B>cp /cdrom/i386_linux22/lib/pam_afs.krb.so.1 .</B>
+
+ # <B>ln -s pam_afs.krb.so.1 pam_afs.so</B>
+
+</PRE>
+<P><LI>For each service with which you want to use AFS authentication, insert an
+entry for the AFS PAM module into the <TT>auth</TT> section of the
+service's PAM configuration file. (Linux uses a separate
+configuration file for each service, unlike some other operating systems which
+list all services in a single file.) Mark the entry as
+<TT>sufficient</TT> in the second field.
+<P>Place the AFS entry below any entries that impose conditions under which
+you want the service to fail for a user who does not meet the entry's
+requirements. Mark these entries <TT>required</TT>. Place the
+AFS entry above any entries that need to execute only if AFS authentication
+fails.
+<P>Insert the following AFS entry if using the Red Hat distribution:
+<PRE>
+ auth sufficient /lib/security/pam_afs.so try_first_pass ignore_root
+</PRE>
+<P>Insert the following AFS entry if using another distribution:
+<PRE>
+ auth sufficient /usr/lib/security/pam_afs.so try_first_pass ignore_root
+</PRE>
+<P>The following example illustrates the recommended configuration of the
+configuration file for the <B>login</B> service
+(<B>/etc/pam.d/login</B>) on a machine using the Red Hat
+distribution.
+<PRE>
+ #%PAM-1.0
+ auth required /lib/security/pam_securetty.so
+ auth required /lib/security/pam_nologin.so
+ auth sufficient /lib/security/pam_afs.so try_first_pass ignore_root
+ auth required /lib/security/pam_pwdb.so shadow nullok
+ account required /lib/security/pam_pwdb.so
+ password required /lib/security/pam_cracklib.so
+ password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+ session required /lib/security/pam_pwdb.so
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ145">Loading and Creating Client Files</A>.
+</OL>
+<A NAME="IDX2986"></A>
+<A NAME="IDX2987"></A>
+<A NAME="IDX2988"></A>
+<A NAME="IDX2989"></A>
+<A NAME="IDX2990"></A>
+<A NAME="IDX2991"></A>
+<A NAME="IDX2992"></A>
+<A NAME="IDX2993"></A>
+<A NAME="IDX2994"></A>
+<A NAME="IDX2995"></A>
+<A NAME="IDX2996"></A>
+<A NAME="IDX2997"></A>
+<HR><H2><A NAME="HDRWQ144" HREF="auqbg002.htm#ToC_135">Getting Started on Solaris Systems</A></H2>
+<P>In this section you load AFS into the Solaris kernel.
+Then incorporate AFS modifications into the machine's Pluggable
+Authentication Module (PAM) system, if you wish to enable AFS login.
+<P><H3><A NAME="Header_136" HREF="auqbg002.htm#ToC_136">Loading AFS into the Solaris Kernel</A></H3>
+<P>The <B>modload</B> program is the dynamic kernel loader provided by
+Sun Microsystems for Solaris systems. Solaris does not support
+incorporation of AFS modifications during a kernel build.
+<P>For AFS to function correctly, the <B>modload</B> program must run each
+time the machine reboots, so the AFS initialization script (included on the
+AFS CD-ROM) invokes it automatically. In this section you copy the
+appropriate AFS library file to the location where the <B>modload</B>
+program accesses it and then run the script.
+<P>In a later section you verify that the script correctly initializes the
+Cache Manager, then create the links that incorporate AFS into the Solaris
+startup and shutdown sequence.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Solaris on the <B>/cdrom</B>
+directory. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), see your Solaris documentation. Then change
+directory as indicated.
+<PRE>
+ # <B>cd /cdrom/sun4x_56/root.client/usr/vice/etc</B>
+
+</PRE>
+<P><LI>Copy the AFS initialization script to the local directory for
+initialization files (by convention, <B>/etc/init.d</B> on Solaris
+machines). Note the removal of the <B>.rc</B> extension as
+you copy the script.
+<PRE>
+ # <B>cp -p afs.rc /etc/init.d/afs</B>
+
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/kernel/fs/afs</B>.
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7, its kernel supports NFS server functionality, and the
+<B>nfsd</B> process is running:
+<PRE>
+ # <B>cp -p modload/libafs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7, and its kernel does not support NFS server functionality or the
+<B>nfsd</B> process is not running:
+<PRE>
+ # <B>cp -p modload/libafs.nonfs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7, its kernel
+supports NFS server functionality, and the <B>nfsd</B> process is
+running:
+<PRE>
+ # <B>cp -p modload/libafs64.o /kernel/fs/sparcv9/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7, and its
+kernel does not support NFS server functionality or the <B>nfsd</B>
+process is not running:
+<PRE>
+ # <B>cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script to load AFS modifications into the
+kernel. You can ignore any error messages about the inability to start
+the BOS Server or the Cache Manager or AFS client.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+</PRE>
+<P>When an entry called <TT>afs</TT> does not already exist in the local
+<B>/etc/name_to_sysnum</B> file, the script automatically creates it and
+reboots the machine to start using the new version of the file. If this
+happens, log in again as the superuser <B>root</B> after the reboot and
+run the initialization script again. This time the required entry
+exists in the <B>/etc/name_to_sysnum</B> file, and the <B>modload</B>
+program runs.
+<PRE>
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+</OL>
+<P><H3><A NAME="Header_137" HREF="auqbg002.htm#ToC_137">Enabling AFS Login on Solaris Systems</A></H3>
+<P>At this point you incorporate AFS into the operating system's
+Pluggable Authentication Module (PAM) scheme. PAM integrates all
+authentication mechanisms on the machine, including login, to provide the
+security infrastructure for authenticated access to and from the
+machine.
+<P>Explaining PAM is beyond the scope of this document. It is assumed
+that you understand the syntax and meanings of settings in the PAM
+configuration file (for example, how the <TT>other</TT> entry works, the
+effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
+<TT>sufficient</TT>, and so on).
+<P>The following instructions explain how to alter the entries in the PAM
+configuration file for each service for which you wish to use AFS
+authentication. Other configurations possibly also work, but the
+instructions specify the recommended and tested configuration.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The instructions specify that you mark each entry as
+<TT>optional</TT>. However, marking some modules as optional can mean
+that they grant access to the corresponding service even when the user does
+not meet all of the module's requirements. In some operating
+system revisions, for example, if you mark as optional the module that
+controls login via a dial-up connection, it allows users to login without
+providing a password. See the <I>IBM AFS Release Notes</I> for a
+discussion of any limitations that apply to this operating system.
+<P>Also, with some operating system versions you must install patches for PAM
+to interact correctly with certain authentication programs. For
+details, see the <I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P>The recommended AFS-related entries in the PAM configuration file make use
+of one or more of the following three attributes.
+<DL>
+<P><DT><B><TT>try_first_pass</TT>
+</B><DD>This is a standard PAM attribute that can be included on entries after the
+first one for a service; it directs the module to use the password that
+was provided to the first module. For the AFS module, it means that AFS
+authentication succeeds if the password provided to the module listed first is
+the user's correct AFS password. For further discussion of this
+attribute and its alternatives, see the operating system's PAM
+documentation.
+<P><DT><B><TT>ignore_root</TT>
+</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
+only the local superuser <B> root</B>, but also any user with UID 0
+(zero).
+<P><DT><B><TT>setenv_password_expires</TT>
+</B><DD>This attribute, specific to the AFS PAM module, sets the environment
+variable PASSWORD_EXPIRES to the expiration date of the user's AFS
+password, which is recorded in the Authentication Database.
+</DL>
+<P>Perform the following steps to enable AFS login.
+<OL TYPE=1>
+<P><LI>Mount the AFS CD-ROM for Solaris on the <B>/cdrom</B> directory, if it
+is not already. Then change directory as indicated.
+<PRE>
+ # <B>cd /usr/lib/security</B>
+
+</PRE>
+<P><LI>Copy the AFS authentication library file to the
+<B>/usr/lib/security</B> directory. Then create a symbolic link to
+it whose name does not mention the version. Omitting the version
+eliminates the need to edit the PAM configuration file if you later update the
+library file.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE>
+ #<B> cp /cdrom/sun4x_56/lib/pam_afs.so.1 .</B>
+
+ # <B>ln -s pam_afs.so.1 pam_afs.so</B>
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE>
+ # <B>cp /cdrom/sun4x_56/lib/pam_afs.krb.so.1 .</B>
+
+ # <B>ln -s pam_afs.krb.so.1 pam_afs.so</B>
+
+</PRE>
+<P><LI>Edit the <TT>Authentication management</TT> section of the Solaris PAM
+configuration file, <B>/etc/pam.conf</B> by convention. The
+entries in this section have the value <TT>auth</TT> in their second
+field.
+<P>First edit the standard entries, which refer to the Solaris PAM module
+(usually, the file <B>/usr/lib/security/pam_unix.so.1</B>)
+in their fourth field. For each service for which you want to use AFS
+authentication, edit the third field of its entry to read
+<TT>optional</TT>. The <B>pam.conf</B> file in the Solaris
+distribution usually includes standard entries for the <B>login</B>,
+<B>rlogin</B>, and <B>rsh</B> services, for instance.
+<P>If there are services for which you want to use AFS authentication, but for
+which the <B>pam.conf</B> file does not already include a standard
+entry, you must create that entry and place the value <TT>optional</TT> in
+its third field. For instance, the Solaris <B>pam.conf</B>
+file does not usually include standard entries for the <B>ftp</B> or
+<B>telnet</B> services.
+<P>Then create an AFS-related entry for each service, placing it immediately
+below the standard entry. The following example shows what the
+<TT>Authentication Management</TT> section looks like after you have you
+edited or created entries for the services mentioned previously. Note
+that the example AFS entries appear on two lines only for legibility.
+<PRE>
+ login auth optional /usr/lib/security/pam_unix.so.1
+ login auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+ rlogin auth optional /usr/lib/security/pam_unix.so.1
+ rlogin auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+ rsh auth optional /usr/lib/security/pam_unix.so.1
+ rsh auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ ftp auth optional /usr/lib/security/pam_unix.so.1
+ ftp auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ telnet auth optional /usr/lib/security/pam_unix.so.1
+ telnet auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root setenv_password_expires
+
+</PRE>
+<P><LI>If you use the Common Desktop Environment (CDE) on the machine and want
+users to obtain an AFS token as they log in, also add or edit the following
+four entries in the <TT>Authentication management</TT> section. Note
+that the AFS-related entries appear on two lines here only for
+legibility.
+<PRE>
+ dtlogin auth optional /usr/lib/security/pam_unix.so.1
+ dtlogin auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+ dtsession auth optional /usr/lib/security/pam_unix.so.1
+ dtsession auth optional /usr/lib/security/pam_afs.so \
+ try_first_pass ignore_root
+
+</PRE>
+<P><LI>Some Solaris distributions include a script that locates and removes
+unneeded files from various file systems. Its conventional location is
+<B>/usr/lib/fs/nfs/nfsfind</B>. The script generally uses an
+argument to the <B>find</B> command to define which file systems to
+search. In this step you modify the command to exclude the
+<B>/afs</B> directory. Otherwise, the command traverses the AFS
+filespace of every cell that is accessible from the machine, which can take
+many hours. The following alterations are possibilities, but you must
+verify that they are appropriate for your cell.
+<P>The first possible alteration is to add the <B>-local</B> flag to the
+existing command, so that it looks like the following:
+<PRE>
+ find $dir -local -name .nfs\* -mtime +7 -mount -exec rm -f {} \;
+</PRE>
+<P>Another alternative is to exclude any directories whose names begin with
+the lowercase letter <B>a</B> or a non-alphabetic character.
+<PRE>
+ find /[A-Zb-z]* <VAR>remainder of existing command</VAR>
+</PRE>
+<P>Do not use the following command, which still searches under the
+<B>/afs</B> directory, looking for a subdirectory of type
+<B>4.2</B>.
+<PRE>
+ find / -fstype 4.2 /* <VAR>do not use</VAR> */
+
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRWQ145">Loading and Creating Client Files</A>.
+</OL>
+<A NAME="IDX2998"></A>
+<A NAME="IDX2999"></A>
+<A NAME="IDX3000"></A>
+<A NAME="IDX3001"></A>
+<A NAME="IDX3002"></A>
+<A NAME="IDX3003"></A>
+<A NAME="IDX3004"></A>
+<A NAME="IDX3005"></A>
+<A NAME="IDX3006"></A>
+<A NAME="IDX3007"></A>
+<A NAME="IDX3008"></A>
+<A NAME="IDX3009"></A>
+<HR><H2><A NAME="HDRWQ145" HREF="auqbg002.htm#ToC_138">Loading and Creating Client Files</A></H2>
+<P>Now copy files from the AFS CD-ROM to the
+<B>/usr/vice/etc</B> directory. On some platforms that use a
+dynamic loader program to incorporate AFS modifications into the kernel, you
+have already copied over some the files. Copying them again does no
+harm.
+<P>Every AFS client machine has a copy of the
+<B>/usr/vice/etc/ThisCell</B> file on its local disk to define the
+machine's cell membership for the AFS client programs that run on
+it. Among other functions, this file determines the following:
+<UL>
+<P><LI>The cell in which users authenticate when they log onto the machine,
+assuming it is using an AFS-modified login utility
+<P><LI>The cell in which users authenticate by default when they issue the
+<B>klog</B> command
+<P><LI>The cell membership of the AFS server processes that the AFS command
+interpreters on this machine contact by default
+</UL>
+<P>Similarly, the <B>/usr/vice/etc/CellServDB</B> file on a client
+machine's local disk lists the database server machines in each cell that
+the local Cache Manager can contact. If there is no entry in the file
+for a cell, or the list of database server machines is wrong, then users
+working on this machine cannot access the cell. The chapter in the
+<I>IBM AFS Administration Guide</I> about administering client machines
+explains how to maintain the file after creating it. A version of the
+client <B>CellServDB</B> file was created during the installation of your
+cell's first machine (in <A HREF="auqbg005.htm#HDRWQ66">Creating the Client CellServDB File</A>). It is probably also appropriate for use on this
+machine.
+<P>Remember that the Cache Manager consults the
+<B>/usr/vice/etc/CellServDB</B> file only at reboot, when it copies the
+information into the kernel. For the Cache Manager to perform properly,
+the <B>CellServDB</B> file must be accurate at all times. Refer to
+the chapter in the <I>IBM AFS Administration Guide</I> about administering
+client machines for instructions on updating this file, with or without
+rebooting.
+<OL TYPE=1>
+<P><LI>On the local <B>/cdrom</B> directory, mount the AFS CD-ROM for this
+machine's system type, if it is not already. For instructions on
+mounting CD-ROMs (either locally or remotely via NFS), consult the operating
+system documentation.
+<P><LI>Copy files to the local <B>/usr/vice/etc</B> directory.
+<P>This step places a copy of the AFS initialization script (and related
+files, if applicable) into the <B>/usr/vice/etc</B> directory. In
+the preceding instructions for incorporating AFS into the kernel, you copied
+the script directly to the operating system's conventional location for
+initialization files. When you incorporate AFS into the machine's
+startup sequence in a later step, you can choose to link the two files.
+<P>On some system types that use a dynamic kernel loader program, you
+previously copied AFS library files into a subdirectory of the
+<B>/usr/vice/etc</B> directory. On other system types, you copied
+the appropriate AFS library file directly to the directory where the operating
+system accesses it. The following commands do not copy or recopy the
+AFS library files into the <B>/usr/vice/etc</B> directory, because on some
+system types the library files consume a large amount of space. If you
+want to copy them, add the <B>-r</B> flag to the first <B>cp</B>
+command and skip the second <B>cp</B> command.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client/usr/vice/etc</B>
+
+ # <B>cp -p * /usr/vice/etc</B>
+
+ # <B>cp -rp C /usr/vice/etc</B>
+
+</PRE>
+<P><LI>Create the <B>/usr/vice/etc/ThisCell</B> file.
+<PRE>
+ # <B>echo "</B><VAR>cellname</VAR><B>" > /usr/vice/etc/ThisCell</B>
+
+</PRE>
+<P><LI>Create the <B>/usr/vice/etc/CellServDB</B> file. Use a network
+file transfer program such as <B>ftp</B> or NFS to copy it from one of the
+following sources, which are listed in decreasing order of preference:
+<UL>
+<P><LI>Your cell's central <B>CellServDB</B> source file (the
+conventional location is
+<B>/afs/</B><VAR>cellname</VAR><B>/common/etc/CellServDB</B>)
+<P><LI>The global <B>CellServDB</B> file maintained by the AFS Product
+Support group
+<P><LI>An existing client machine in your cell
+<P><LI>The <B>CellServDB.sample</B> file included in the
+<VAR>sysname</VAR><B>/root.client/usr/vice/etc</B> directory of each
+AFS CD-ROM; add an entry for the local cell by following the instructions
+in <A HREF="auqbg005.htm#HDRWQ66">Creating the Client CellServDB File</A>
+</UL>
+</OL>
+<A NAME="IDX3010"></A>
+<A NAME="IDX3011"></A>
+<A NAME="IDX3012"></A>
+<A NAME="IDX3013"></A>
+<A NAME="IDX3014"></A>
+<A NAME="IDX3015"></A>
+<A NAME="IDX3016"></A>
+<A NAME="IDX3017"></A>
+<A NAME="IDX3018"></A>
+<A NAME="IDX3019"></A>
+<A NAME="IDX3020"></A>
+<A NAME="IDX3021"></A>
+<A NAME="IDX3022"></A>
+<A NAME="IDX3023"></A>
+<A NAME="IDX3024"></A>
+<A NAME="IDX3025"></A>
+<HR><H2><A NAME="HDRWQ146" HREF="auqbg002.htm#ToC_139">Configuring the Cache</A></H2>
+<P>The Cache Manager uses a cache on the local disk or in
+machine memory to store local copies of files fetched from file server
+machines. As the <B>afsd</B> program initializes the Cache Manager,
+it sets basic cache configuration parameters according to definitions in the
+local <B>/usr/vice/etc/cacheinfo</B> file. The file has three
+fields:
+<OL TYPE=1>
+<P><LI>The first field names the local directory on which to mount the AFS
+filespace. The conventional location is the <B>/afs</B>
+directory.
+<P><LI>The second field defines the local disk directory to use for the disk
+cache. The conventional location is the <B>/usr/vice/cache</B>
+directory, but you can specify an alternate directory if another partition has
+more space available. There must always be a value in this field, but
+the Cache Manager ignores it if the machine uses a memory cache.
+<P><LI>The third field specifies the number of kilobyte (1024 byte) blocks to
+allocate for the cache.
+</OL>
+<P>The values you define must meet the following requirements.
+<UL>
+<P><LI>On a machine using a disk cache, the Cache Manager expects always to be
+able to use the amount of space specified in the third field. Failure
+to meet this requirement can cause serious problems, some of which can be
+repaired only by rebooting. You must prevent non-AFS processes from
+filling up the cache partition. The simplest way is to devote a
+partition to the cache exclusively.
+<P><LI>The amount of space available in memory or on the partition housing the
+disk cache directory imposes an absolute limit on cache size.
+<P><LI>The maximum supported cache size can vary in each AFS release; see
+the <I>IBM AFS Release Notes</I> for the current version.
+<P><LI>For a disk cache, you cannot specify a value in the third field that
+exceeds 95% of the space available on the partition mounted at the directory
+named in the second field. If you violate this restriction, the
+<B>afsd</B> program exits without starting the Cache Manager and prints an
+appropriate message on the standard output stream. A value of 90% is
+more appropriate on most machines. Some operating systems (such as AIX)
+do not automatically reserve some space to prevent the partition from filling
+completely; for them, a smaller value (say, 80% to 85% of the space
+available) is more appropriate.
+<P><LI>For a memory cache, you must leave enough memory for other processes and
+applications to run. If you try to allocate more memory than is
+actually available, the <B>afsd</B> program exits without initializing the
+Cache Manager and produces the following message on the standard output
+stream.
+<PRE>
+ afsd: memCache allocation failure at <VAR>number</VAR> KB
+</PRE>
+<P>The <VAR>number</VAR> value is how many kilobytes were allocated just before
+the failure, and so indicates the approximate amount of memory
+available.
+</UL>
+<P>Within these hard limits, the factors that determine appropriate cache size
+include the number of users working on the machine, the size of the files with
+which they work, and (for a memory cache) the number of processes that run on
+the machine. The higher the demand from these factors, the larger the
+cache needs to be to maintain good performance.
+<P>Disk caches smaller than 10 MB do not generally perform well.
+Machines serving multiple users usually perform better with a cache of at
+least 60 to 70 MB. The point at which enlarging the cache further does
+not really improve performance depends on the factors mentioned previously and
+is difficult to predict.
+<P>Memory caches smaller than 1 MB are nonfunctional, and the performance of
+caches smaller than 5 MB is usually unsatisfactory. Suitable upper
+limits are similar to those for disk caches but are probably determined more
+by the demands on memory from other sources on the machine (number of users
+and processes). Machines running only a few processes possibly can use
+a smaller memory cache.
+<P><H3><A NAME="HDRWQ147" HREF="auqbg002.htm#ToC_140">Configuring a Disk Cache</A></H3>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Not all file system types that an operating system supports
+are necessarily supported for use as the cache partition. For possible
+restrictions, see the <I>IBM AFS Release Notes</I>.
+</TD></TR></TABLE>
+<P>To configure the disk cache, perform the following procedures:
+<OL TYPE=1>
+<P><LI>Create the local directory to use for caching. The following
+instruction shows the conventional location,
+<B>/usr/vice/cache</B>. If you are devoting a partition exclusively
+to caching, as recommended, you must also configure it, make a file system on
+it, and mount it at the directory created in this step.
+<PRE>
+ # <B>mkdir /usr/vice/cache</B>
+
+</PRE>
+<P><LI>Create the <B>cacheinfo</B> file to define the configuration
+parameters discussed previously. The following instruction shows the
+standard mount location, <B>/afs</B>, and the standard cache location,
+<B>/usr/vice/cache</B>.
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:</B><VAR>#blocks</VAR><B>" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+<P>The following example defines the disk cache size as 50,000 KB:
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:50000" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRWQ148" HREF="auqbg002.htm#ToC_141">Configuring a Memory Cache</A></H3>
+<P>To configure a memory cache, create the <B>cacheinfo</B>
+file to define the configuration parameters discussed previously. The
+following instruction shows the standard mount location, <B>/afs</B>, and
+the standard cache location, <B>/usr/vice/cache</B> (though the exact
+value of the latter is irrelevant for a memory cache).
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:</B><VAR>#blocks</VAR><B>" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+<P>The following example allocates 25,000 KB of memory for the cache.
+<PRE>
+ # <B>echo "/afs:/usr/vice/cache:25000" > /usr/vice/etc/cacheinfo</B>
+</PRE>
+<A NAME="IDX3026"></A>
+<A NAME="IDX3027"></A>
+<A NAME="IDX3028"></A>
+<A NAME="IDX3029"></A>
+<A NAME="IDX3030"></A>
+<A NAME="IDX3031"></A>
+<A NAME="IDX3032"></A>
+<A NAME="IDX3033"></A>
+<A NAME="IDX3034"></A>
+<A NAME="IDX3035"></A>
+<A NAME="IDX3036"></A>
+<A NAME="IDX3037"></A>
+<A NAME="IDX3038"></A>
+<A NAME="IDX3039"></A>
+<A NAME="IDX3040"></A>
+<A NAME="IDX3041"></A>
+<A NAME="IDX3042"></A>
+<A NAME="IDX3043"></A>
+<A NAME="IDX3044"></A>
+<A NAME="IDX3045"></A>
+<A NAME="IDX3046"></A>
+<A NAME="IDX3047"></A>
+<A NAME="IDX3048"></A>
+<A NAME="IDX3049"></A>
+<A NAME="IDX3050"></A>
+<A NAME="IDX3051"></A>
+<A NAME="IDX3052"></A>
+<A NAME="IDX3053"></A>
+<HR><H2><A NAME="HDRWQ149" HREF="auqbg002.htm#ToC_142">Configuring the Cache Manager</A></H2>
+<P>By convention, the Cache Manager mounts the AFS filespace on
+the local <B>/afs</B> directory. In this section you create that
+directory.
+<P>The <B>afsd</B> program sets several cache configuration parameters as
+it initializes the Cache Manager, and starts daemons that improve
+performance. You can use the <B>afsd</B> command's arguments
+to override the parameters' default values and to change the number of
+some of the daemons. Depending on the machine's cache size, its
+amount of RAM, and how many people work on it, you can sometimes improve Cache
+Manager performance by overriding the default values. For a discussion
+of all of the <B>afsd</B> command's arguments, see its reference page
+in the <I>IBM AFS Administration Reference</I>.
+<P>The <B>afsd</B> command line in the AFS initialization script on each
+system type includes an <TT>OPTIONS</TT> variable. You can use it to
+set nondefault values for the command's arguments, in one of the
+following ways:
+<UL>
+<P><LI>You can create an <B>afsd</B> <I>options file</I> that sets values
+for arguments to the <B>afsd</B> command. If the file exists, its
+contents are automatically substituted for the <TT>OPTIONS</TT> variable in
+the AFS initialization script. The AFS distribution for some system
+types includes an options file; on other system types, you must create
+it.
+<P>You use two variables in the AFS initialization script to specify the path
+to the options file: <TT>CONFIG</TT> and <TT>AFSDOPT</TT>. On
+system types that define a conventional directory for configuration files, the
+<TT>CONFIG</TT> variable indicates it by default; otherwise, the
+variable indicates an appropriate location.
+<P>List the desired <B>afsd</B> options on a single line in the options
+file, separating each option with one or more spaces. The following
+example sets the <B>-stat</B> argument to 2500, the <B>-daemons</B>
+argument to 4, and the <B>-volumes</B> argument to 100.
+<PRE>
+ -stat 2500 -daemons 4 -volumes 100
+
+</PRE>
+<P><LI>On a machine that uses a disk cache, you can set the <TT>OPTIONS</TT>
+variable in the AFS initialization script to one of <TT>$SMALL</TT>,
+<TT>$MEDIUM</TT>, or <TT>$LARGE</TT>. The AFS initialization script
+uses one of these settings if the <B>afsd</B> options file named by the
+<TT>AFSDOPT</TT> variable does not exist. In the script as
+distributed, the <TT>OPTIONS</TT> variable is set to the value
+<TT>$MEDIUM</TT>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Do not set the <TT>OPTIONS</TT> variable to <TT>$SMALL</TT>,
+<TT>$MEDIUM</TT>, or <TT>$LARGE</TT> on a machine that uses a memory
+cache. The arguments it sets are appropriate only on a machine that
+uses a disk cache.
+</TD></TR></TABLE>
+<P>The script (or on some system types the <B>afsd</B> options file named
+by the <TT>AFSDOPT</TT> variable) defines a value for each of
+<TT>SMALL</TT>, <TT>MEDIUM</TT>, and <TT>LARGE</TT> that sets
+<B>afsd</B> command arguments appropriately for client machines of
+different sizes:
+<UL>
+<P><LI><TT>SMALL</TT> is suitable for a small machine that serves one or two
+users and has approximately 8 MB of RAM and a 20-MB cache
+<P><LI><TT>MEDIUM</TT> is suitable for a medium-sized machine that serves two
+to six users and has 16 MB of RAM and a 40-MB cache
+<P><LI><TT>LARGE</TT> is suitable for a large machine that serves five to ten
+users and has 32 MB of RAM and a 100-MB cache
+</UL>
+<P><LI>You can choose not to create an <B>afsd</B> options file and to set
+the <TT>OPTIONS</TT> variable in the initialization script to a null value
+rather than to the default <TT>$MEDIUM</TT> value. You can then
+either set arguments directly on the <B>afsd</B> command line in the
+script, or set no arguments (and so accept default values for all Cache
+Manager parameters).
+</UL>
+<OL TYPE=1>
+<P><LI>Create the local directory on which to mount the AFS filespace, by
+convention <B>/afs</B>. If the directory already exists, verify
+that it is empty.
+<PRE>
+ # <B>mkdir /afs</B>
+
+</PRE>
+<P><LI>On AIX systems, add the following line to the <B>/etc/vfs</B>
+file. It enables AIX to unmount AFS correctly during shutdown.
+<PRE>
+ afs 4 none none
+
+</PRE>
+<P><LI>On Linux systems, copy the <B>afsd</B> options file from the
+<B>/usr/vice/etc</B> directory to the <B>/etc/sysconfig</B> directory,
+removing the <B>.conf</B> extension as you do so.
+<PRE>
+ # <B>cp /usr/vice/etc/afs.conf /etc/sysconfig/afs</B>
+
+</PRE>
+<P><LI>Edit the machine's AFS initialization script or <B>afsd</B>
+options file to set appropriate values for <B>afsd</B> command
+parameters. The appropriate file for each system type is as
+follows:
+<UL>
+<P><LI>On AIX systems, <B>/etc/rc.afs</B>
+<P><LI>On Digital UNIX systems, <B>/sbin/init.d/afs</B>
+<P><LI>On HP-UX systems, <B>/sbin/init.d/afs</B>
+<P><LI>On IRIX systems, <B>/etc/init.d/afs</B>
+<P><LI>On Linux systems, <B>/etc/sysconfig/afs</B> (the <B>afsd</B>
+options file)
+<P><LI>On Solaris systems, <B>/etc/init.d/afs</B>
+</UL>
+<P>Use one of the methods described in the introduction to this section to add
+the following flags to the <B>afsd</B> command line. Also set any
+performance-related arguments you wish.
+<UL>
+<P><LI>Add the <B>-memcache</B> flag if the machine is to use a memory
+cache.
+<P><LI>Add the <B>-verbose</B> flag to display a trace of the Cache
+Manager's initialization on the standard output stream.
+</UL>
+</OL>
+<A NAME="IDX3054"></A>
+<A NAME="IDX3055"></A>
+<A NAME="IDX3056"></A>
+<A NAME="IDX3057"></A>
+<A NAME="IDX3058"></A>
+<HR><H2><A NAME="HDRWQ150" HREF="auqbg002.htm#ToC_143">Starting the Cache Manager and Installing the AFS Initialization Script</A></H2>
+<P>In this section you run the AFS initialization script to
+start the Cache Manager. If the script works correctly, perform the
+steps that incorporate it into the machine's startup and shutdown
+sequence. If there are problems during the initialization, attempt to
+resolve them. The AFS Product Support group can provide assistance if
+necessary.
+<P>On machines that use a disk cache, it can take a while for the
+<B>afsd</B> program to run the first time on a machine, because it must
+create all of the <B>V</B><VAR>n</VAR> files in the cache directory.
+Subsequent Cache Manager initializations do not take nearly as long, because
+the <B>V</B><VAR>n</VAR> files already exist.
+<P>On system types that use a dynamic loader program, you must reboot the
+machine before running the initialization script, so that it can freshly load
+AFS modifications into the kernel.
+<P>Proceed to the instructions for your system type:
+<UL>
+<P><LI><A HREF="#HDRWQ151">Running the Script on AIX Systems</A>
+<P><LI><A HREF="#HDRWQ152">Running the Script on Digital UNIX Systems</A>
+<P><LI><A HREF="#HDRWQ153">Running the Script on HP-UX Systems</A>
+<P><LI><A HREF="#HDRWQ154">Running the Script on IRIX Systems</A>
+<P><LI><A HREF="#HDRWQ155">Running the Script on Linux Systems</A>
+<P><LI><A HREF="#HDRWQ156">Running the Script on Solaris Systems</A>
+</UL>
+<A NAME="IDX3059"></A>
+<A NAME="IDX3060"></A>
+<A NAME="IDX3061"></A>
+<A NAME="IDX3062"></A>
+<P><H3><A NAME="HDRWQ151" HREF="auqbg002.htm#ToC_144">Running the Script on AIX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/rc.afs</B>
+
+</PRE>
+<P><LI>Edit the AIX initialization file, <B>/etc/inittab</B>, adding the
+following line to invoke the AFS initialization script. Place it just
+after the line that starts NFS daemons.
+<PRE>
+ rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS services
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc</B> directories.
+If you want to avoid potential confusion by guaranteeing that they are always
+the same, create a link between them. You can always retrieve the
+original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm rc.afs</B>
+
+ # <B>ln -s /etc/rc.afs</B>
+
+</PRE>
+<P><LI>If a volume for housing AFS binaries for this machine's system type
+does not already exist, proceed to <A HREF="#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>. Otherwise, the installation is complete.
+</OL>
+<A NAME="IDX3063"></A>
+<A NAME="IDX3064"></A>
+<A NAME="IDX3065"></A>
+<A NAME="IDX3066"></A>
+<P><H3><A NAME="HDRWQ152" HREF="auqbg002.htm#ToC_145">Running the Script on Digital UNIX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/sbin/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the Digital UNIX startup and shutdown
+sequence.
+<PRE>
+ # <B>cd /sbin/init.d</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc3.d/S67afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc0.d/K66afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>If a volume for housing AFS binaries for this machine's system type
+does not already exist, proceed to <A HREF="#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>. Otherwise, the installation is complete.
+</OL>
+<A NAME="IDX3067"></A>
+<A NAME="IDX3068"></A>
+<A NAME="IDX3069"></A>
+<P><H3><A NAME="HDRWQ153" HREF="auqbg002.htm#ToC_146">Running the Script on HP-UX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/sbin/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the HP-UX startup and shutdown sequence.
+<PRE>
+ # <B>cd /sbin/init.d</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/S460afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/K800afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>If a volume for housing AFS binaries for this machine's system type
+does not already exist, proceed to <A HREF="#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>. Otherwise, the installation is complete.
+</OL>
+<A NAME="IDX3070"></A>
+<A NAME="IDX3071"></A>
+<A NAME="IDX3072"></A>
+<A NAME="IDX3073"></A>
+<A NAME="IDX3074"></A>
+<A NAME="IDX3075"></A>
+<A NAME="IDX3076"></A>
+<P><H3><A NAME="HDRWQ154" HREF="auqbg002.htm#ToC_147">Running the Script on IRIX Systems</A></H3>
+<OL TYPE=1>
+<P><LI>If you have configured the machine to use the <B>ml</B> dynamic loader
+program, reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the
+<B>afsclient</B> configuration variable.
+<PRE>
+ # <B>/etc/chkconfig -f afsclient on</B>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the IRIX startup and shutdown sequence.
+<PRE>
+ # <B>cd /etc/init.d</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc2.d/S35afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K35afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>If a volume for housing AFS binaries for this machine's system type
+does not already exist, proceed to <A HREF="#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>. Otherwise, the installation is complete.
+</OL>
+<A NAME="IDX3077"></A>
+<A NAME="IDX3078"></A>
+<A NAME="IDX3079"></A>
+<A NAME="IDX3080"></A>
+<P><H3><A NAME="HDRWQ155" HREF="auqbg002.htm#ToC_148">Running the Script on Linux Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/rc.d/init.d/afs start</B>
+
+</PRE>
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afs</B>
+configuration variable. Based on the instruction in the AFS
+initialization file that begins with the string <TT>#chkconfig</TT>, the
+command automatically creates the symbolic links that incorporate the script
+into the Linux startup and shutdown sequence.
+<PRE>
+ # <B>/sbin/chkconfig --add afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and
+<B>/etc/rc.d/init.d</B> directories, and copies of the
+<B>afsd</B> options file in both the <B>/usr/vice/etc</B> and
+<B>/etc/sysconfig</B> directories. If you want to avoid potential
+confusion by guaranteeing that the two copies of each file are always the
+same, create a link between them. You can always retrieve the original
+script or options file from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc afs.conf</B>
+
+ # <B>ln -s /etc/rc.d/init.d/afs afs.rc</B>
+
+ # <B>ln -s /etc/sysconfig/afs afs.conf</B>
+
+</PRE>
+<P><LI>If a volume for housing AFS binaries for this machine's system type
+does not already exist, proceed to <A HREF="#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>. Otherwise, the installation is complete.
+</OL>
+<A NAME="IDX3081"></A>
+<A NAME="IDX3082"></A>
+<A NAME="IDX3083"></A>
+<P><H3><A NAME="HDRWQ156" HREF="auqbg002.htm#ToC_149">Running the Script on Solaris Systems</A></H3>
+<OL TYPE=1>
+<P><LI>Reboot the machine and log in again as the local superuser
+<B>root</B>.
+<PRE>
+ # <B>cd /</B>
+
+ # <B>shutdown -i6 -g0 -y</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+
+</PRE>
+<P><LI>Run the AFS initialization script.
+<PRE>
+ # <B>/etc/init.d/afs start</B>
+
+</PRE>
+<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
+<B>ln -s</B> command to create symbolic links that incorporate the AFS
+initialization script into the Solaris startup and shutdown sequence.
+<PRE>
+ # <B>cd /etc/init.d</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc3.d/S99afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K66afs</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
+directories. If you want to avoid potential confusion by guaranteeing
+that they are always the same, create a link between them. You can
+always retrieve the original script from the AFS CD-ROM if necessary.
+<PRE>
+ # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+
+</PRE>
+<P><LI>If a volume for housing AFS binaries for this machine's system type
+does not already exist, proceed to <A HREF="#HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</A>. Otherwise, the installation is complete.
+</OL>
+<A NAME="IDX3084"></A>
+<A NAME="IDX3085"></A>
+<A NAME="IDX3086"></A>
+<A NAME="IDX3087"></A>
+<A NAME="IDX3088"></A>
+<A NAME="IDX3089"></A>
+<HR><H2><A NAME="HDRWQ157" HREF="auqbg002.htm#ToC_150">Setting Up Volumes and Loading Binaries into AFS</A></H2>
+<P>In this section, you link <B>/usr/afsws</B> on the local
+disk to the directory in AFS that houses AFS binaries for this system
+type. The conventional name for the AFS directory is
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>.
+<P>If this machine is an existing system type, the AFS directory presumably
+already exists. You can simply create a link from the local
+<B>/usr/afsws</B> directory to it. Follow the instructions in <A HREF="#HDRWQ158">Linking /usr/afsws on an Existing System Type</A>.
+<P>If this machine is a new system type (there are no AFS machines of this
+type in your cell), you must first create and mount volumes to store its AFS
+binaries, and then create the link from <B>/usr/afsws</B> to the new
+directory. See <A HREF="#HDRWQ159">Creating Binary Volumes for a New System Type</A>.
+<P>You can also store UNIX system binaries (the files normally stored in local
+disk directories such as <B>/bin</B>, <B>/etc</B>, and
+<B>/lib</B>) in volumes mounted under
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR>. See <A HREF="auqbg005.htm#HDRWQ88">Storing System Binaries in AFS</A> .
+<P><H3><A NAME="HDRWQ158" HREF="auqbg002.htm#ToC_151">Linking /usr/afsws on an Existing System Type</A></H3>
+<P>If this client machine is an existing system type, there is
+already a volume mounted in the AFS filespace that houses AFS client binaries
+for it.
+<OL TYPE=1>
+<P><LI>Create <B>/usr/afsws</B> on the local disk as a symbolic link to the
+directory <B>/afs/</B><VAR>cellname</VAR><B>/@sys/usr/afsws</B>.
+You can specify the actual system name instead of <B>@sys</B> if you wish,
+but the advantage of using <B>@sys</B> is that it remains valid if you
+upgrade this machine to a different system type.
+<PRE>
+ # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/@sys/usr/afsws /usr/afsws</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> If you believe it is helpful to your users to access
+the AFS documents in a certain format via a local disk directory, create
+<B>/usr/afsdoc</B> on the local disk as a symbolic link to the
+documentation directory in AFS
+(<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR>).
+<P>
+<PRE>
+ # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR> <B>/usr/afsdoc</B>
+</PRE>
+<P>An alternative is to create a link in each user's home directory to
+the <B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR>
+directory.
+</OL>
+<P><H3><A NAME="HDRWQ159" HREF="auqbg002.htm#ToC_152">Creating Binary Volumes for a New System Type</A></H3>
+<P>If this client machine is a new system type, you must create
+and mount volumes for its binaries before you can link the local
+<B>/usr/afsws</B> directory to an AFS directory.
+<P>To create and mount the volumes, you use the <B>klog</B> command to
+authenticate as an administrator and then issue commands from the
+<B>vos</B> and <B>fs</B> command suites. However, the command
+binaries are not yet available on this machine (by convention, they are
+accessible via the <B>/usr/afsws</B> link that you are about to
+create). You have two choices:
+<UL>
+<P><LI>Perform all steps except the last one (Step <A HREF="#LIWQ162">10</A>) on an existing AFS machine. On a file server
+machine, the <B>klog</B>, <B>fs</B> and <B>vos</B> binaries reside
+in the <B>/usr/afs/bin</B> directory. On client machines, the
+<B>klog</B> and <B>fs</B> binaries reside in the
+<B>/usr/afsws/bin</B> directory and the <B>vos</B> binary in the
+<B>/usr/afsws/etc</B> directory. Depending on how your PATH
+environment variable is set, you possibly need to precede the command names
+with a pathname.
+<P>If you work on another AFS machine, be sure to substitute the new system
+type name for the <VAR>sysname</VAR> argument in the following commands, not the
+system type of the machine on which you are issuing the commands.
+<P><LI>Copy the necessary command binaries to a temporary location on the local
+disk, which enables you to perform the steps on the local machine. The
+following procedure installs them in the <B>/tmp</B> directory and removes
+them at the end. Depending on how your PATH environment variable is
+set, you possibly need to precede the command names with a pathname.
+</UL>
+<P>Perform the following steps to create a volume for housing AFS
+binaries.
+<OL TYPE=1>
+<P><LI>Working either on the local machine or another AFS machine, mount the AFS
+CD-ROM for the new system type on the <B>/cdrom</B> directory, if it is
+not already. For instructions on mounting CD-ROMs (either locally or
+remotely via NFS), consult the operating system documentation.
+<P><LI>If working on the local machine, copy the necessary binaries to a
+temporary location on the local disk. Substitute a different directory
+name for <B>/tmp</B> if you wish.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>new_sysname</VAR><B>/root.server/usr/afs/bin</B>
+
+ # <B>cp -p klog /tmp</B>
+
+ # <B>cp -p fs /tmp</B>
+
+ # <B>cp -p vos /tmp</B>
+
+</PRE>
+<P><LI>Authenticate as the user <B>admin</B>.
+<PRE>
+ # <B>klog admin</B>
+ Password: <VAR>admin_password</VAR>
+
+</PRE>
+<P><LI><A NAME="LIWQ160"></A>Issue the <B>vos create</B> command to create volumes for
+storing the AFS client binaries for this system type. The following
+example instruction creates volumes called <VAR>sysname</VAR>,
+<VAR>sysname</VAR>.<B>usr</B>, and
+<VAR>sysname</VAR>.<B>usr.afsws</B>. Refer to the
+<I>IBM AFS Release Notes</I> to learn the proper value of <VAR>sysname</VAR>
+for this system type.
+<PRE>
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR>
+
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR><B>.usr</B>
+
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR><B>.usr.afsws</B>
+
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command to mount the newly created
+volumes. Because the <B>root.cell</B> volume is replicated,
+you must precede the <I>cellname</I> part of the pathname with a period to
+specify the read/write mount point, as shown. Then issue the <B>vos
+release</B> command to release a new replica of the
+<B>root.cell</B> volume, and the <B>fs checkvolumes</B> command
+to force the local Cache Manager to access them.
+<PRE>
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR> <B>-vol</B> <VAR>sysname</VAR>
+
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr</B> <B>-vol</B> <VAR>sysname</VAR><B>.usr</B>
+
+ # <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B> <B>-vol</B> <VAR>sysname</VAR><B>.usr.afsws</B>
+
+ # <B>vos release root.cell</B>
+
+ # <B>fs checkvolumes</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command to grant the <B>l</B>
+(<B>lookup</B>) and <B>r</B> (<B>read</B>) permissions to the
+<B>system:anyuser</B> group on each new directory's ACL.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR>
+
+ # <B>fs setacl -dir . usr usr/afsws -acl system:anyuser rl</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setquota</B> command to set an unlimited quota on the
+volume mounted at the
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+directory. This enables you to copy all of the appropriate files from
+the CD-ROM into the volume without exceeding the volume's quota.
+<P>If you wish, you can set the volume's quota to a finite value after
+you complete the copying operation. At that point, use the <B>vos
+examine</B> command to determine how much space the volume is
+occupying. Then issue the <B>fs setquota</B> command to set a quota
+that is slightly larger.
+<PRE>
+ # <B>fs setquota /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws 0</B>
+
+</PRE>
+<P><LI><A NAME="LIWQ161"></A>Copy the contents of the indicated directories from the CD-ROM
+into the
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+directory.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/bin .</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/etc .</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/include .</B>
+
+ # <B>cp -rp /cdrom/</B><VAR>sysname</VAR><B>/lib .</B>
+
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command to set the ACL on each directory
+appropriately. To comply with the terms of your AFS License agreement,
+you must prevent unauthorized users from accessing AFS software. To
+enable access for locally authenticated users only, set the ACL on the
+<B>etc</B>, <B>include</B>, and <B>lib</B> subdirectories to grant
+the <B>l</B> and <B>r</B> permissions to the
+<B>system:authuser</B> group rather than the
+<B>system:anyuser</B> group. The
+<B>system:anyuser</B> group must retain the <B>l</B> and
+<B>r</B> permissions on the <B>bin</B> subdirectory to enable
+unauthenticated users to access the <B>klog</B> binary. To ensure
+that unauthorized users are not accessing AFS software, check periodically
+that the ACLs on these directories are set properly.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>
+
+ # <B>fs setacl -dir etc include lib -acl system:authuser rl</B> \
+ <B>system:anyuser none</B>
+
+</PRE>
+<P><LI><A NAME="LIWQ162"></A>Perform this step on the new client machine even if you have
+performed the previous steps on another machine. Create
+<B>/usr/afsws</B> on the local disk as a symbolic link to the directory
+<B>/afs/</B><VAR>cellname</VAR><B>/@sys/usr/afsws</B>. You can
+specify the actual system name instead of <B>@sys</B> if you wish, but the
+advantage of using <B>@sys</B> is that it remains valid if you upgrade
+this machine to a different system type.
+<PRE>
+ # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/@sys/usr/afsws /usr/afsws</B>
+
+</PRE>
+<P><LI><B>(Optional)</B> To enable users to issue commands from the AFS
+suites (such as <B>fs</B>) without having to specify a pathname to their
+binaries, include the <B>/usr/afsws/bin</B> and <B>/usr/afsws/etc</B>
+directories in the PATH environment variable you define in each user's
+shell initialization file (such as <B>.cshrc</B>).
+<P><LI><B>(Optional)</B> If you believe it is helpful to your users to access
+the AFS documents in a certain format via a local disk directory, create
+<B>/usr/afsdoc</B> on the local disk as a symbolic link to the
+documentation directory in AFS
+(<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR>).
+<P>
+<PRE>
+ # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR> <B>/usr/afsdoc</B>
+</PRE>
+<P>An alternative is to create a link in each user's home directory to
+the <B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR>
+directory.
+<P><LI><B>(Optional)</B> If working on the local machine, remove the AFS
+binaries from the temporary location. They are now accessible in the
+<B>/usr/afsws</B> directory.
+<PRE>
+ # <B>cd /tmp</B>
+
+ # <B>rm klog fs vos</B>
+
+</PRE>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auqbg009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRWQ163" HREF="auqbg002.htm#ToC_153">Appendix A. Building AFS from Source Code</A></H1>
+<P>This chapter describes how to build AFS from source
+code.
+<A NAME="IDX3090"></A>
+<A NAME="IDX3091"></A>
+<A NAME="IDX3092"></A>
+<A NAME="IDX3093"></A>
+<A NAME="IDX3094"></A>
+<HR><H2><A NAME="HDRWQ164" HREF="auqbg002.htm#ToC_154">Loading the Source Files</A></H2>
+<P>Working on an AFS client machine, perform these steps to
+load the AFS source tree from the AFS Source Distribution.
+<OL TYPE=1>
+<A NAME="IDX3095"></A>
+<A NAME="IDX3096"></A>
+<A NAME="IDX3097"></A>
+<A NAME="IDX3098"></A>
+<A NAME="IDX3099"></A>
+<P><LI>Create and mount a volume for housing the AFS source tree. These
+instructions name the volume <B>src.afs</B> and mount it at the
+<B>/afs/</B><VAR>cellname</VAR><B>/afs/src</B> directory.
+<P>Setting the <B>-maxquota</B> argument to <B>0</B> (zero) sets an
+unlimited quota on the volume, which enables you to copy all of the files into
+the volume without exceeding its quota. If you wish, you can set the
+volume's quota to a finite value after you complete the copying
+operation. At that point, use the <B>vos examine</B> command to
+determine how much space the volume is occupying. Then issue the
+<B>fs setquota</B> command to set a quota that is slightly larger.
+<PRE>
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>src.afs -maxquota 0</B>
+
+ # <B>cd /afs/.</B><VAR>cellname</VAR>
+
+ # <B>mkdir afs</B>
+
+ # <B>fs mkmount afs/src src.afs</B>
+
+ # <B>vos release root.cell</B>
+
+ # <B>fs checkvolumes</B>
+
+</PRE>
+<P><LI>On the local <B>/cdrom</B> directory, mount the CD-ROM that contains
+the AFS source files. For instructions on mounting CD-ROMs (either
+locally or remotely via NFS), consult the operating system
+documentation.
+<A NAME="IDX3100"></A>
+<A NAME="IDX3101"></A>
+<P><LI>Copy the source files from the CD-ROM into the newly created
+volume.
+<PRE>
+ # <B>cd /cdrom/src</B>
+
+ # <B>cp -rp * /afs/.</B><VAR>cellname</VAR>/<B>afs/src</B>
+
+</PRE>
+</OL>
+<A NAME="IDX3102"></A>
+<A NAME="IDX3103"></A>
+<A NAME="IDX3104"></A>
+<HR><H2><A NAME="HDRWQ165" HREF="auqbg002.htm#ToC_155">Compiling AFS Binaries Using the washtool Program</A></H2>
+<P>The AFS distribution includes the <B>washtool</B>
+program for managing a hierarchy of software development projects. The
+program builds project trees for program editing, compilation, and
+installation.
+<OL TYPE=1>
+<P><LI>Create a subdirectory under the
+<B>/afs/.</B><VAR>cellname</VAR><B>/afs</B> directory for each
+system type for which you will build AFS binaries. Creating and
+mounting a volume for each system type is recommended, but you can also simply
+use the <B>mkdir</B> command. If you create a new volume, grant it
+an unlimited quota to avoid running out of space during the build
+process.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/afs</B>
+</PRE>
+<P>If creating a new volume:
+<PRE>
+ # <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR> <B>-maxquota 0</B>
+
+ # <B>fs mkmount</B> <VAR>sysname</VAR> <VAR>sysname</VAR>
+</PRE>
+<P>If not creating a new volume:
+<PRE>
+ # <B>mkdir</B> <VAR>sysname</VAR>
+
+</PRE>
+<P><LI>In the directory for each system type, create subdirectories called
+<B>dest</B>, <B>dest/bin</B>, and <B>obj</B>. If you plan
+to use the <I>@sys</I> variable in pathnames that refer to these
+directories, then you must use the conventional system names listed in the
+<I>IBM AFS Release Notes</I>.
+<PRE>
+ # <B>cd</B> <VAR>sysname</VAR>
+
+ # <B>mkdir dest</B>
+
+ # <B>mkdir dest/bin</B>
+
+ # <B>mkdir obj</B>
+
+</PRE>
+<P><LI>Create the indicated directories and symbolic links in the
+<B>/afs/.</B><VAR>cellname</VAR><B>/afs</B> directory.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/afs</B>
+
+ # <B>ln -s @sys/dest dest</B>
+
+ # <B>ln -s @sys/obj obj</B>
+
+ # <B>ln -s . PARENT</B>
+
+ # <B>ln -s src/Makefile Makefile</B>
+</PRE>
+<P>The following is an example directory listing for the
+<B>/afs/.</B><VAR>cellname</VAR><B>/afs</B> directory after
+completing the preceding steps. It includes two example system
+types.
+<PRE>
+ lrwxr-xr-x admin 12 Jun 18 11:26 Makefile->src/Makefile
+ lrwxr-xr-x admin 1 Jun 18 11:26 PARENT -> .
+ lrwxr-xr-x admin 9 Jun 18 11:25 dest -> @sys/dest
+ lrwxr-xr-x admin 8 Jun 18 11:25 obj -> @sys/obj
+ drwxrwxrwx admin 4096 Jun 18 11:24 rcs
+ drwxrwxrwx admin 2048 Jun 18 11:27 rs_aix42
+ drwxrwxrwx admin 2048 Jun 18 11:10 src
+ drwxrwxrwx admin 2048 Jun 18 11:27 sun4x_56
+
+</PRE>
+<P><LI><B>(Optional)</B> By default, the build procedure writes its results
+into a destination directory for each system type called
+<B>/afs/.</B><VAR>cellname</VAR><B>/afs/</B><VAR>sysname</VAR><B>/dest</B>.
+To write the results to a different destination directory, create a link from
+the <B>dest</B> directory to it.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/afs/</B><VAR>sysname</VAR>
+
+ # <B>ln -s</B> <VAR>full_path_of_alternate_directory</VAR> <B>dest</B>
+
+</PRE>
+<A NAME="IDX3105"></A>
+<A NAME="IDX3106"></A>
+<P><LI>For each system type you plan to build, copy the binary for the
+<B>washtool</B> program to the directory specified in the AFS
+<B>Makefile</B>, which is
+<B>/afs/</B><VAR>cellname</VAR><B>/afs/</B><VAR>sysname</VAR><B>/dest/bin</B>.
+If you prefer to store the program in a different directory, you can use the
+WASHTOOL variable on the <B>make</B> command line as described in Step <A HREF="#LIWQ166">6</A>.
+<P>If there is a volume that houses the AFS binaries for each system type (as
+recommended), the conventional location for the <B>washtool</B> binary is
+the
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/bin</B>
+directory. Use the following instruction to copy it.
+<PRE>
+ # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/bin</B>
+
+ # <B>cp washtool</B> <B>/afs/.</B><VAR>cellname</VAR><B>/afs/</B><VAR>sysname</VAR><B>/dest/bin</B>
+</PRE>
+<P>Otherwise, mount the (binary) AFS CD-ROM for this system type on the local
+<B>/cdrom</B> directory, and copy the <B>washtool</B> binary directly
+from it.
+<PRE>
+ # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/bin</B>
+
+ # <B>cp washtool</B> <B>/afs/.</B><VAR>cellname</VAR><B>/afs/</B><VAR>sysname</VAR><B>/dest/bin</B>
+
+</PRE>
+<A NAME="IDX3107"></A>
+<A NAME="IDX3108"></A>
+<A NAME="IDX3109"></A>
+<A NAME="IDX3110"></A>
+<A NAME="IDX3111"></A>
+<A NAME="IDX3112"></A>
+<P><LI><A NAME="LIWQ166"></A>Working in the
+<B>/afs/.</B><VAR>cellname</VAR><B>/afs</B> directory on a
+machine of the system type for which you are building AFS, issue the <B>make
+install</B> command. Set the SYS_NAME variable to the appropriate
+system type name.
+<P>If the <B>washtool</B> binary is not in the conventional directory
+(<B>/afs/</B><VAR>cellname</VAR><B>/afs/</B><VAR>sysname</VAR><B>/dest/bin</B>),
+set the WASHTOOL variable to the alternate full pathname of the binary.
+<PRE>
+ # <B>cd /afs/.</B><VAR>cellname</VAR><B>/afs</B>
+
+ # <B>make SYS_NAME=</B><VAR>sysname</VAR> [<B>WASHTOOL=</B><VAR>alternate_washtool_directory</VAR>] <B>install</B>
+
+</PRE>
+</OL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auqbg009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auqbg009.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:25:35">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:25:35">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:25:35">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRINDEX" HREF="auqbg002.htm#ToC_156">Index</A></H1>
+<A NAME="IDX0_00" HREF="#IDX1_00">Special Characters</A><BR>
+<A NAME="IDX0_41" HREF="#IDX1_41">A</A>
+<A NAME="IDX0_42" HREF="#IDX1_42">B</A>
+<A NAME="IDX0_43" HREF="#IDX1_43">C</A>
+<A NAME="IDX0_44" HREF="#IDX1_44">D</A>
+<A NAME="IDX0_45" HREF="#IDX1_45">E</A>
+<A NAME="IDX0_46" HREF="#IDX1_46">F</A>
+<A NAME="IDX0_48" HREF="#IDX1_48">H</A>
+<A NAME="IDX0_49" HREF="#IDX1_49">I</A>
+<A NAME="IDX0_4B" HREF="#IDX1_4B">K</A>
+<A NAME="IDX0_4C" HREF="#IDX1_4C">L</A>
+<A NAME="IDX0_4D" HREF="#IDX1_4D">M</A>
+<A NAME="IDX0_4E" HREF="#IDX1_4E">N</A>
+<A NAME="IDX0_4F" HREF="#IDX1_4F">O</A>
+<A NAME="IDX0_50" HREF="#IDX1_50">P</A>
+<A NAME="IDX0_51" HREF="#IDX1_51">Q</A>
+<A NAME="IDX0_52" HREF="#IDX1_52">R</A>
+<A NAME="IDX0_53" HREF="#IDX1_53">S</A>
+<A NAME="IDX0_54" HREF="#IDX1_54">T</A>
+<A NAME="IDX0_55" HREF="#IDX1_55">U</A>
+<A NAME="IDX0_56" HREF="#IDX1_56">V</A>
+<A NAME="IDX0_57" HREF="#IDX1_57">W</A>
+<HR>
+<STRONG><A NAME="IDX1_00" HREF="#IDX0_00">Special Characters</A></STRONG>
+<MENU>
+<LI>/ as start to file and directory names
+<MENU>
+<LI>see alphabetized entries without initial slash
+<A HREF="auqbg005.htm#IDX2238">(2238)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_41" HREF="#IDX0_41">A</A></STRONG>
+<MENU>
+<LI>access
+<MENU>
+<LI>to local and foreign cells
+<A HREF="auqbg005.htm#IDX2670">(2670)</A>
+<LI>to root and admin accounts
+<A HREF="auqbg005.htm#IDX2680">(2680)</A>
+</MENU>
+<LI>access control list (ACL), setting
+<A HREF="auqbg005.htm#IDX2602">(2602)</A>
+<LI>activating AFS init. script (see entry <I>installing</I>)
+<A HREF="auqbg005.htm#IDX2585">(2585)</A>
+<LI>adding
+<MENU>
+<LI>entries to BosConfig file
+<MENU>
+<LI>database server machine
+<A HREF="auqbg006.htm#IDX2887">(2887)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2426">(2426)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2806">(2806)</A>
+</MENU>
+<LI>new db-server machine to CellServDB files
+<A HREF="auqbg006.htm#IDX2879">(2879)</A>
+</MENU>
+<LI>admin account
+<MENU>
+<LI>adding
+<MENU>
+<LI>to system:administrators group
+<A HREF="auqbg005.htm#IDX2482">(2482)</A>
+<LI>to UserList file
+<A HREF="auqbg005.htm#IDX2468">(2468)</A>
+</MENU>
+<LI>controlling access to
+<A HREF="auqbg005.htm#IDX2681">(2681)</A>
+<LI>creating
+<A HREF="auqbg005.htm#IDX2433">(2433)</A>
+<LI>setting ADMIN flag on Auth. DB entry
+<A HREF="auqbg005.htm#IDX2458">(2458)</A>
+</MENU>
+<LI>afs (/afs) directory
+<MENU>
+<LI>as root of AFS filespace
+<A HREF="auqbg007.htm#IDX3027">(3027)</A>
+<LI>creating
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3026">(3026)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2552">(2552)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2849">(2849)</A>
+</MENU>
+</MENU>
+<LI>AFS Binary Distribution
+<A HREF="auqbg004.htm#IDX2214">(2214)</A>
+<LI>AFS cache (see entry: <I>cache</I>)
+<A HREF="auqbg007.htm#IDX3011">(3011)</A>
+<LI>afs entry in Authentication Database
+<A HREF="auqbg005.htm#IDX2434">(2434)</A>
+<LI>afs file
+<MENU>
+<LI>AFS initialization file
+<A HREF="auqbg007.htm#IDX3064">(3064)</A>, <A HREF="auqbg007.htm#IDX3067">(3067)</A>, <A HREF="auqbg007.htm#IDX3070">(3070)</A>, <A HREF="auqbg007.htm#IDX3077">(3077)</A>, <A HREF="auqbg007.htm#IDX3081">(3081)</A>
+<LI>afsd options file (Linux)
+<A HREF="auqbg007.htm#IDX3033">(3033)</A>
+</MENU>
+<LI>AFS filespace
+<MENU>
+<LI>configuring top levels
+<A HREF="auqbg005.htm#IDX2592">(2592)</A>
+<LI>controlling access by root superuser
+<A HREF="auqbg005.htm#IDX2682">(2682)</A>
+<LI>deciding how to configure
+<A HREF="auqbg005.htm#IDX2223">(2223)</A>
+<LI>enabling access to foreign cells
+<A HREF="auqbg005.htm#IDX2671">(2671)</A>
+<LI>root at /afs directory
+<A HREF="auqbg007.htm#IDX3028">(3028)</A>
+</MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>adding to machine startup sequence
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3058">(3058)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2582">(2582)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2852">(2852)</A>
+</MENU>
+<LI>running
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3054">(3054)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2558">(2558)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2853">(2853)</A>
+</MENU>
+<LI>setting afsd parameters
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3042">(3042)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2553">(2553)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2850">(2850)</A>
+</MENU>
+<LI>verifying on first AFS machine
+<A HREF="auqbg005.htm#IDX2557">(2557)</A>
+</MENU>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on client machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg007.htm#IDX2937">(2937)</A>
+<LI>Digital UNIX
+<A HREF="auqbg007.htm#IDX2946">(2946)</A>
+<LI>HP-UX
+<A HREF="auqbg007.htm#IDX2955">(2955)</A>
+<LI>IRIX
+<A HREF="auqbg007.htm#IDX2964">(2964)</A>
+<LI>Linux
+<A HREF="auqbg007.htm#IDX2978">(2978)</A>
+<LI>Solaris
+<A HREF="auqbg007.htm#IDX2987">(2987)</A>
+</MENU>
+<LI>on first AFS machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2250">(2250)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2267">(2267)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2285">(2285)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2303">(2303)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2330">(2330)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2343">(2343)</A>
+</MENU>
+<LI>on server machine after first
+<MENU>
+<LI>AIX
+<A HREF="auqbg006.htm#IDX2708">(2708)</A>
+<LI>Digital UNIX
+<A HREF="auqbg006.htm#IDX2720">(2720)</A>
+<LI>HP-UX
+<A HREF="auqbg006.htm#IDX2732">(2732)</A>
+<LI>IRIX
+<A HREF="auqbg006.htm#IDX2746">(2746)</A>
+<LI>Linux
+<A HREF="auqbg006.htm#IDX2763">(2763)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2771">(2771)</A>
+</MENU>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on client machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg007.htm#IDX2941">(2941)</A>
+<LI>Digital UNIX
+<A HREF="auqbg007.htm#IDX2950">(2950)</A>
+<LI>HP-UX
+<A HREF="auqbg007.htm#IDX2959">(2959)</A>
+<LI>IRIX
+<A HREF="auqbg007.htm#IDX2975">(2975)</A>
+<LI>Linux
+<A HREF="auqbg007.htm#IDX2982">(2982)</A>
+<LI>Solaris
+<A HREF="auqbg007.htm#IDX2991">(2991)</A>
+</MENU>
+<LI>on file server machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2262">(2262)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2279">(2279)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2297">(2297)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2322">(2322)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2338">(2338)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2355">(2355)</A>
+</MENU>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>configuring on first AFS machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2254">(2254)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2271">(2271)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2289">(2289)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2318">(2318)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2334">(2334)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2351">(2351)</A>
+</MENU>
+<LI>configuring on server machine after first
+<MENU>
+<LI>AIX
+<A HREF="auqbg006.htm#IDX2712">(2712)</A>
+<LI>Digital UNIX
+<A HREF="auqbg006.htm#IDX2724">(2724)</A>
+<LI>HP-UX
+<A HREF="auqbg006.htm#IDX2736">(2736)</A>
+<LI>IRIX
+<A HREF="auqbg006.htm#IDX2757">(2757)</A>
+<LI>Linux
+<A HREF="auqbg006.htm#IDX2767">(2767)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2779">(2779)</A>
+</MENU>
+<LI>mounted on /vicep directory
+<A HREF="auqbg005.htm#IDX2242">(2242)</A>
+<LI>protecting during operating system upgrade
+<A HREF="auqbg004.htm#IDX2212">(2212)</A>
+</MENU>
+<LI>afsclient variable (IRIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3074">(3074)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2568">(2568)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2861">(2861)</A>
+</MENU>
+<LI>afsd
+<MENU>
+<LI>command in AFS init. script
+<A HREF="auqbg007.htm#IDX3037">(3037)</A>
+<LI>options file (Linux)
+<A HREF="auqbg007.htm#IDX3030">(3030)</A>
+</MENU>
+<LI>afsml variable (IRIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2967">(2967)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2310">(2310)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2749">(2749)</A>
+</MENU>
+<LI>afsserver variable (IRIX)
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2571">(2571)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2864">(2864)</A>
+</MENU>
+<LI>afsxnfs variable (IRIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2970">(2970)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2313">(2313)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2752">(2752)</A>
+</MENU>
+<LI>AIX
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2857">(2857)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3059">(3059)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2564">(2564)</A>, <A HREF="auqbg005.htm#IDX2586">(2586)</A>
+</MENU>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2710">(2710)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2939">(2939)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2252">(2252)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2943">(2943)</A>
+<LI>on file server machine
+<A HREF="auqbg005.htm#IDX2264">(2264)</A>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2714">(2714)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2256">(2256)</A>
+</MENU>
+<LI>editing /etc/vfs file
+<A HREF="auqbg007.htm#IDX3052">(3052)</A>
+<LI>fsck program
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2718">(2718)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2260">(2260)</A>
+</MENU>
+</MENU>
+<LI>Authentication Database
+<A HREF="auqbg005.htm#IDX2435">(2435)</A>
+<LI>Authentication Server
+<MENU>
+<LI>starting
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2408">(2408)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2883">(2883)</A>
+</MENU>
+</MENU>
+<LI>authorization checking (disabling)
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2366">(2366)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2802">(2802)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_42" HREF="#IDX0_42">B</A></STRONG>
+<MENU>
+<LI>background reading list
+<A HREF="auqbg004.htm#IDX2199">(2199)</A>
+<LI>Backup Server
+<MENU>
+<LI>starting
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2412">(2412)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2888">(2888)</A>
+</MENU>
+<LI>stopping
+<A HREF="auqbg006.htm#IDX2914">(2914)</A>
+</MENU>
+<LI>Basic OverSeer Server (see entry <I>BOS Server</I>)
+<A HREF="auqbg005.htm#IDX2362">(2362)</A>
+<LI>binaries
+<MENU>
+<LI>storing AFS in volume
+<A HREF="auqbg005.htm#IDX2632">(2632)</A>, <A HREF="auqbg007.htm#IDX3087">(3087)</A>
+<LI>storing system in volumes
+<A HREF="auqbg005.htm#IDX2667">(2667)</A>
+</MENU>
+<LI>Binary Distribution (AFS)
+<A HREF="auqbg004.htm#IDX2215">(2215)</A>
+<LI>binary distribution machine
+<A HREF="auqbg005.htm#IDX2517">(2517)</A>
+<LI>bos commands
+<MENU>
+<LI>addhost
+<A HREF="auqbg006.htm#IDX2875">(2875)</A>
+<LI>addkey
+<A HREF="auqbg005.htm#IDX2470">(2470)</A>
+<LI>adduser
+<A HREF="auqbg005.htm#IDX2463">(2463)</A>
+<LI>create
+<A HREF="auqbg005.htm#IDX2432">(2432)</A>
+<LI>delete
+<A HREF="auqbg006.htm#IDX2918">(2918)</A>
+<LI>listhosts
+<A HREF="auqbg005.htm#IDX2402">(2402)</A>
+<LI>listkeys
+<A HREF="auqbg005.htm#IDX2474">(2474)</A>
+<LI>removehost
+<A HREF="auqbg006.htm#IDX2906">(2906)</A>
+<LI>restart
+<MENU>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2484">(2484)</A>
+<LI>on new db-server machine
+<A HREF="auqbg006.htm#IDX2895">(2895)</A>
+<LI>on removed db-server machine
+<A HREF="auqbg006.htm#IDX2923">(2923)</A>
+</MENU>
+<LI>setcellname
+<A HREF="auqbg005.htm#IDX2400">(2400)</A>
+<LI>shutdown
+<A HREF="auqbg005.htm#IDX2563">(2563)</A>
+<LI>status
+<A HREF="auqbg005.htm#IDX2500">(2500)</A>
+<LI>stop
+<A HREF="auqbg006.htm#IDX2911">(2911)</A>
+</MENU>
+<LI>BOS Server
+<MENU>
+<LI>checking mode bits on AFS directories
+<A HREF="auqbg005.htm#IDX2683">(2683)</A>
+<LI>starting
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2363">(2363)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2799">(2799)</A>
+</MENU>
+</MENU>
+<LI>BosConfig file
+<MENU>
+<LI>adding entries
+<MENU>
+<LI>database server machine
+<A HREF="auqbg006.htm#IDX2886">(2886)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2425">(2425)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2805">(2805)</A>
+</MENU>
+<LI>removing entries
+<A HREF="auqbg006.htm#IDX2919">(2919)</A>
+</MENU>
+<LI>bosserver command
+<A HREF="auqbg005.htm#IDX2381">(2381)</A>
+<LI>building
+<MENU>
+<LI>AFS extensions into kernel (see entry <I>incorporating AFS kernel extensions</I>)
+<A HREF="auqbg005.htm#IDX2241">(2241)</A>
+<LI>AFS from source
+<A HREF="auqbg008.htm#IDX3104">(3104)</A>
+</MENU>
+<LI>buserver process (see entry <I>Backup Server</I>)
+<A HREF="auqbg005.htm#IDX2413">(2413)</A>
+</MENU>
+<STRONG><A NAME="IDX1_43" HREF="#IDX0_43">C</A></STRONG>
+<MENU>
+<LI>cache
+<MENU>
+<LI>choosing size
+<A HREF="auqbg007.htm#IDX3015">(3015)</A>
+<LI>configuring
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3022">(3022)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2545">(2545)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2842">(2842)</A>
+</MENU>
+<LI>requirements
+<A HREF="auqbg007.htm#IDX3014">(3014)</A>
+</MENU>
+<LI>Cache Manager
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3046">(3046)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2549">(2549)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2846">(2846)</A>
+</MENU>
+<LI>cacheinfo file
+<A HREF="auqbg007.htm#IDX3018">(3018)</A>
+<LI>CD-ROM
+<MENU>
+<LI>copying AFS binaries into volume
+<A HREF="auqbg005.htm#IDX2643">(2643)</A>
+<LI>copying AFS documentation from
+<A HREF="auqbg005.htm#IDX2660">(2660)</A>
+<LI>copying client files from
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2998">(2998)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2527">(2527)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2830">(2830)</A>
+</MENU>
+<LI>copying server files from
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2369">(2369)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2785">(2785)</A>
+</MENU>
+<LI>copying source files from
+<A HREF="auqbg008.htm#IDX3101">(3101)</A>
+<LI>creating /cdrom directory
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2929">(2929)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2228">(2228)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2693">(2693)</A>
+</MENU>
+<LI>packaging of AFS Binary Distribution
+<A HREF="auqbg004.htm#IDX2216">(2216)</A>
+</MENU>
+<LI>cdrom directory
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2930">(2930)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2229">(2229)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2694">(2694)</A>
+</MENU>
+<LI>cell
+<MENU>
+<LI>enabling access to foreign
+<A HREF="auqbg005.htm#IDX2669">(2669)</A>
+<LI>improving security
+<A HREF="auqbg005.htm#IDX2677">(2677)</A>
+<LI>initializing security mechanisms
+<A HREF="auqbg005.htm#IDX2439">(2439)</A>
+</MENU>
+<LI>cell name
+<MENU>
+<LI>choosing
+<A HREF="auqbg005.htm#IDX2222">(2222)</A>
+<LI>defining during installation of first machine
+<A HREF="auqbg005.htm#IDX2382">(2382)</A>
+<LI>setting in client ThisCell file
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3001">(3001)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2530">(2530)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2833">(2833)</A>
+</MENU>
+<LI>setting in server ThisCell file
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2384">(2384)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2834">(2834)</A>
+</MENU>
+<LI>symbolic link for abbreviated
+<A HREF="auqbg005.htm#IDX2613">(2613)</A>
+</MENU>
+<LI>CellServDB file (client)
+<MENU>
+<LI>adding entry
+<MENU>
+<LI>for foreign cell
+<A HREF="auqbg005.htm#IDX2674">(2674)</A>
+<LI>for new db-server machine
+<A HREF="auqbg006.htm#IDX2881">(2881)</A>
+</MENU>
+<LI>creating
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3006">(3006)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2539">(2539)</A>
+<LI>on server machine after first
+<A HREF="auqbg006.htm#IDX2840">(2840)</A>
+</MENU>
+<LI>removing entry
+<A HREF="auqbg006.htm#IDX2903">(2903)</A>
+<LI>required format
+<A HREF="auqbg005.htm#IDX2541">(2541)</A>
+</MENU>
+<LI>CellServDB file (server)
+<MENU>
+<LI>adding entry for new db-server machine
+<A HREF="auqbg006.htm#IDX2878">(2878)</A>
+<LI>creating
+<MENU>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2393">(2393)</A>
+<LI>on server machine after first
+<A HREF="auqbg006.htm#IDX2793">(2793)</A>
+</MENU>
+<LI>displaying entries
+<A HREF="auqbg005.htm#IDX2403">(2403)</A>
+<LI>removing entry
+<A HREF="auqbg006.htm#IDX2908">(2908)</A>
+</MENU>
+<LI>client cache (see entry: <I>cache</I>)
+<A HREF="auqbg007.htm#IDX3010">(3010)</A>
+<LI>client machine
+<MENU>
+<LI>/cdrom directory
+<A HREF="auqbg007.htm#IDX2931">(2931)</A>
+<LI>/usr/vice/etc directory
+<A HREF="auqbg007.htm#IDX2934">(2934)</A>
+<LI>AFS initialization script
+<A HREF="auqbg007.htm#IDX3055">(3055)</A>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on AIX
+<A HREF="auqbg007.htm#IDX2938">(2938)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg007.htm#IDX2947">(2947)</A>
+<LI>on HP-UX
+<A HREF="auqbg007.htm#IDX2956">(2956)</A>
+<LI>on IRIX
+<A HREF="auqbg007.htm#IDX2965">(2965)</A>
+<LI>on Linux
+<A HREF="auqbg007.htm#IDX2979">(2979)</A>
+<LI>on Solaris
+<A HREF="auqbg007.htm#IDX2988">(2988)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on AIX
+<A HREF="auqbg007.htm#IDX2942">(2942)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg007.htm#IDX2951">(2951)</A>
+<LI>on HP-UX
+<A HREF="auqbg007.htm#IDX2960">(2960)</A>
+<LI>on IRIX
+<A HREF="auqbg007.htm#IDX2976">(2976)</A>
+<LI>on Linux
+<A HREF="auqbg007.htm#IDX2983">(2983)</A>
+<LI>on Solaris
+<A HREF="auqbg007.htm#IDX2992">(2992)</A>
+</MENU>
+<LI>afsd command parameters
+<A HREF="auqbg007.htm#IDX3043">(3043)</A>
+<LI>afsd options file (Linux)
+<A HREF="auqbg007.htm#IDX3036">(3036)</A>
+<LI>Cache Manager
+<A HREF="auqbg007.htm#IDX3048">(3048)</A>
+<LI>cache size and location
+<A HREF="auqbg007.htm#IDX3025">(3025)</A>
+<LI>cell membership
+<A HREF="auqbg007.htm#IDX3003">(3003)</A>
+<LI>CellServDB file
+<MENU>
+<LI>adding entry
+<A HREF="auqbg006.htm#IDX2882">(2882)</A>
+<LI>creating during initial installation
+<A HREF="auqbg007.htm#IDX3009">(3009)</A>
+<LI>removing entry
+<A HREF="auqbg006.htm#IDX2904">(2904)</A>
+</MENU>
+<LI>copying client files to local disk
+<A HREF="auqbg007.htm#IDX2999">(2999)</A>
+<LI>requirements for installation
+<A HREF="auqbg004.htm#IDX2206">(2206)</A>
+<LI>ThisCell file
+<A HREF="auqbg007.htm#IDX3004">(3004)</A>
+<LI>vfs file (AIX)
+<A HREF="auqbg007.htm#IDX3053">(3053)</A>
+</MENU>
+<LI>clock synchronization
+<A HREF="auqbg005.htm#IDX2523">(2523)</A>
+<LI>commands
+<MENU>
+<LI>afsd
+<A HREF="auqbg007.htm#IDX3038">(3038)</A>
+<LI>bos addhost
+<A HREF="auqbg006.htm#IDX2876">(2876)</A>
+<LI>bos addkey
+<A HREF="auqbg005.htm#IDX2469">(2469)</A>
+<LI>bos adduser
+<A HREF="auqbg005.htm#IDX2462">(2462)</A>
+<LI>bos create
+<A HREF="auqbg005.htm#IDX2431">(2431)</A>
+<LI>bos delete
+<A HREF="auqbg006.htm#IDX2917">(2917)</A>
+<LI>bos listhosts
+<A HREF="auqbg005.htm#IDX2401">(2401)</A>
+<LI>bos listkeys
+<A HREF="auqbg005.htm#IDX2473">(2473)</A>
+<LI>bos removehost
+<A HREF="auqbg006.htm#IDX2907">(2907)</A>
+<LI>bos restart
+<MENU>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2483">(2483)</A>
+<LI>on new db-server machine
+<A HREF="auqbg006.htm#IDX2894">(2894)</A>
+<LI>on removed db-server machine
+<A HREF="auqbg006.htm#IDX2922">(2922)</A>
+</MENU>
+<LI>bos setcellname
+<A HREF="auqbg005.htm#IDX2399">(2399)</A>
+<LI>bos shutdown
+<A HREF="auqbg005.htm#IDX2562">(2562)</A>
+<LI>bos status
+<A HREF="auqbg005.htm#IDX2499">(2499)</A>
+<LI>bos stop
+<A HREF="auqbg006.htm#IDX2910">(2910)</A>
+<LI>bosserver
+<A HREF="auqbg005.htm#IDX2380">(2380)</A>
+<LI>fs checkvolumes
+<A HREF="auqbg005.htm#IDX2581">(2581)</A>, <A HREF="auqbg005.htm#IDX2628">(2628)</A>
+<LI>fs examine
+<A HREF="auqbg005.htm#IDX2622">(2622)</A>
+<LI>fs mkmount
+<A HREF="auqbg005.htm#IDX2607">(2607)</A>
+<LI>fs newcell
+<A HREF="auqbg005.htm#IDX2676">(2676)</A>
+<LI>fs setacl
+<A HREF="auqbg005.htm#IDX2601">(2601)</A>
+<LI>fs setquota
+<A HREF="auqbg005.htm#IDX2637">(2637)</A>
+<LI>kas (interactive)
+<A HREF="auqbg005.htm#IDX2446">(2446)</A>
+<LI>kas create
+<A HREF="auqbg005.htm#IDX2449">(2449)</A>
+<LI>kas examine
+<A HREF="auqbg005.htm#IDX2453">(2453)</A>
+<LI>kas quit
+<A HREF="auqbg005.htm#IDX2459">(2459)</A>
+<LI>kas setfields
+<A HREF="auqbg005.htm#IDX2456">(2456)</A>
+<LI>klog
+<A HREF="auqbg005.htm#IDX2576">(2576)</A>
+<LI>make
+<A HREF="auqbg008.htm#IDX3107">(3107)</A>
+<LI>pts adduser
+<A HREF="auqbg005.htm#IDX2479">(2479)</A>
+<LI>pts createuser
+<A HREF="auqbg005.htm#IDX2476">(2476)</A>
+<LI>tokens
+<A HREF="auqbg005.htm#IDX2578">(2578)</A>
+<LI>vos addsite
+<A HREF="auqbg005.htm#IDX2617">(2617)</A>
+<LI>vos create
+<MENU>
+<LI>root.afs volume
+<A HREF="auqbg005.htm#IDX2501">(2501)</A>
+<LI>root.cell volume
+<A HREF="auqbg005.htm#IDX2604">(2604)</A>
+<LI>src.afs volume
+<A HREF="auqbg008.htm#IDX3095">(3095)</A>
+<LI>volume for AFS binaries
+<A HREF="auqbg005.htm#IDX2635">(2635)</A>
+<LI>volume for AFS documentation
+<A HREF="auqbg005.htm#IDX2657">(2657)</A>
+</MENU>
+<LI>vos release
+<A HREF="auqbg005.htm#IDX2623">(2623)</A>
+<LI>vos syncserv
+<A HREF="auqbg005.htm#IDX2508">(2508)</A>
+<LI>vos syncvldb
+<A HREF="auqbg005.htm#IDX2506">(2506)</A>
+<LI>washtool
+<A HREF="auqbg008.htm#IDX3105">(3105)</A>
+</MENU>
+<LI>compiling AFS from source
+<A HREF="auqbg008.htm#IDX3103">(3103)</A>
+<LI>configuring
+<MENU>
+<LI>AFS filespace (top levels)
+<A HREF="auqbg005.htm#IDX2593">(2593)</A>
+<LI>AFS server partition on first AFS machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2253">(2253)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2270">(2270)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2288">(2288)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2317">(2317)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2333">(2333)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2350">(2350)</A>
+</MENU>
+<LI>AFS server partition on server machine after first
+<MENU>
+<LI>AIX
+<A HREF="auqbg006.htm#IDX2711">(2711)</A>
+<LI>Digital UNIX
+<A HREF="auqbg006.htm#IDX2723">(2723)</A>
+<LI>HP-UX
+<A HREF="auqbg006.htm#IDX2735">(2735)</A>
+<LI>IRIX
+<A HREF="auqbg006.htm#IDX2756">(2756)</A>
+<LI>Linux
+<A HREF="auqbg006.htm#IDX2766">(2766)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2778">(2778)</A>
+</MENU>
+<LI>cache
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3023">(3023)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2546">(2546)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2843">(2843)</A>
+</MENU>
+<LI>Cache Manager
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3047">(3047)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2550">(2550)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2847">(2847)</A>
+</MENU>
+</MENU>
+<LI>copying
+<MENU>
+<LI>AFS binaries into volume
+<A HREF="auqbg005.htm#IDX2642">(2642)</A>
+<LI>AFS documentation from CD-ROM
+<A HREF="auqbg005.htm#IDX2659">(2659)</A>
+<LI>client files to local disk
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3000">(3000)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2529">(2529)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2832">(2832)</A>
+</MENU>
+<LI>server files to local disk
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2373">(2373)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2784">(2784)</A>
+</MENU>
+<LI>source files from CD-ROM
+<A HREF="auqbg008.htm#IDX3100">(3100)</A>
+</MENU>
+<LI>creating
+<MENU>
+<LI>/cdrom directory
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2932">(2932)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2231">(2231)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2696">(2696)</A>
+</MENU>
+<LI>/usr/afs directory
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2234">(2234)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2699">(2699)</A>
+</MENU>
+<LI>/usr/afs/bin directory
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2371">(2371)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2702">(2702)</A>
+</MENU>
+<LI>/usr/afs/etc directory
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2372">(2372)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2789">(2789)</A>
+</MENU>
+<LI>/usr/vice/etc directory
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2935">(2935)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2237">(2237)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2705">(2705)</A>
+</MENU>
+<LI>admin account in Authentication Database
+<A HREF="auqbg005.htm#IDX2437">(2437)</A>
+<LI>afs entry in Authentication Database
+<A HREF="auqbg005.htm#IDX2436">(2436)</A>
+<LI>CellServDB file (client)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3008">(3008)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2540">(2540)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2841">(2841)</A>
+</MENU>
+<LI>CellServDB file (server)
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2394">(2394)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2790">(2790)</A>
+</MENU>
+<LI>mount point
+<A HREF="auqbg005.htm#IDX2609">(2609)</A>
+<LI>read/write mount point
+<A HREF="auqbg005.htm#IDX2616">(2616)</A>
+<LI>root.afs volume
+<A HREF="auqbg005.htm#IDX2505">(2505)</A>
+<LI>root.cell volume
+<A HREF="auqbg005.htm#IDX2596">(2596)</A>
+<LI>server encryption key
+<MENU>
+<LI>Authentication Database
+<A HREF="auqbg005.htm#IDX2452">(2452)</A>
+<LI>KeyFile file
+<A HREF="auqbg005.htm#IDX2471">(2471)</A>
+</MENU>
+<LI>src.afs volume
+<A HREF="auqbg008.htm#IDX3099">(3099)</A>
+<LI>symbolic link
+<MENU>
+<LI>for abbreviated cell name
+<A HREF="auqbg005.htm#IDX2611">(2611)</A>
+<LI>to AFS binaries
+<A HREF="auqbg005.htm#IDX2647">(2647)</A>
+</MENU>
+<LI>UserList file entry
+<A HREF="auqbg005.htm#IDX2467">(2467)</A>
+<LI>volume
+<MENU>
+<LI> for AFS source
+<A HREF="auqbg008.htm#IDX3091">(3091)</A>
+<LI>for AFS binaries
+<A HREF="auqbg005.htm#IDX2630">(2630)</A>, <A HREF="auqbg007.htm#IDX3085">(3085)</A>
+<LI>for AFS documentation
+<A HREF="auqbg005.htm#IDX2652">(2652)</A>
+<LI>for system binaries
+<A HREF="auqbg005.htm#IDX2665">(2665)</A>
+</MENU>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_44" HREF="#IDX0_44">D</A></STRONG>
+<MENU>
+<LI>database server machine
+<MENU>
+<LI>entry in client CellServDB file
+<MENU>
+<LI>for foreign cell
+<A HREF="auqbg005.htm#IDX2673">(2673)</A>
+<LI>for new db-server machine
+<A HREF="auqbg006.htm#IDX2880">(2880)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3007">(3007)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2537">(2537)</A>
+<LI>on server machine after first
+<A HREF="auqbg006.htm#IDX2839">(2839)</A>
+<LI>removing
+<A HREF="auqbg006.htm#IDX2902">(2902)</A>
+</MENU>
+<LI>entry in server CellServDB file
+<MENU>
+<LI>for new db-server machine
+<A HREF="auqbg006.htm#IDX2877">(2877)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2390">(2390)</A>
+<LI>on server machine after first
+<A HREF="auqbg006.htm#IDX2794">(2794)</A>
+<LI>removing
+<A HREF="auqbg006.htm#IDX2909">(2909)</A>
+</MENU>
+<LI>installing
+<MENU>
+<LI>additional
+<A HREF="auqbg006.htm#IDX2872">(2872)</A>
+<LI>first
+<A HREF="auqbg005.htm#IDX2405">(2405)</A>
+</MENU>
+<LI>removing db-server processes from BosConfig file
+<A HREF="auqbg006.htm#IDX2921">(2921)</A>
+<LI>removing from service
+<A HREF="auqbg006.htm#IDX2898">(2898)</A>
+<LI>requirements for installation
+<A HREF="auqbg006.htm#IDX2869">(2869)</A>
+<LI>starting database server processes
+<A HREF="auqbg006.htm#IDX2885">(2885)</A>
+<LI>stopping database server processes
+<A HREF="auqbg006.htm#IDX2912">(2912)</A>
+</MENU>
+<LI>defining
+<MENU>
+<LI>cell name during installation of first machine
+<A HREF="auqbg005.htm#IDX2383">(2383)</A>
+<LI>first AFS machine as database server
+<A HREF="auqbg005.htm#IDX2398">(2398)</A>
+<LI>replication site for volume
+<A HREF="auqbg005.htm#IDX2620">(2620)</A>
+</MENU>
+<LI>Digital UNIX
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2858">(2858)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3063">(3063)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2565">(2565)</A>, <A HREF="auqbg005.htm#IDX2587">(2587)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2952">(2952)</A>
+<LI>on file server machine
+<A HREF="auqbg005.htm#IDX2281">(2281)</A>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2726">(2726)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2273">(2273)</A>
+</MENU>
+<LI>AFS-modified kernel
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2722">(2722)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2948">(2948)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2269">(2269)</A>
+</MENU>
+<LI>fsck program
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2730">(2730)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2277">(2277)</A>
+</MENU>
+</MENU>
+<LI>directories
+<MENU>
+<LI>/afs
+<A HREF="auqbg007.htm#IDX3029">(3029)</A>
+<LI>/usr/afsdoc
+<A HREF="auqbg005.htm#IDX2656">(2656)</A>
+<LI>/usr/afsws
+<A HREF="auqbg005.htm#IDX2634">(2634)</A>, <A HREF="auqbg007.htm#IDX3089">(3089)</A>
+<LI>/usr/vice/cache
+<A HREF="auqbg007.htm#IDX3021">(3021)</A>
+<LI>/vicep<I>xx</I> (see entry <I>AFS server partition</I>)
+<A HREF="auqbg005.htm#IDX2248">(2248)</A>
+</MENU>
+<LI>disabling authorization checking
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2367">(2367)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2803">(2803)</A>
+</MENU>
+<LI>disk cache (see entry: <I>cache</I>)
+<A HREF="auqbg007.htm#IDX3012">(3012)</A>
+<LI>displaying
+<MENU>
+<LI>CellServDB file (server) entries
+<A HREF="auqbg005.htm#IDX2404">(2404)</A>
+<LI>server encryption key
+<MENU>
+<LI>Authentication Database
+<A HREF="auqbg005.htm#IDX2455">(2455)</A>
+<LI>KeyFile file
+<A HREF="auqbg005.htm#IDX2475">(2475)</A>
+</MENU>
+</MENU>
+<LI>documentation, creating volume for AFS
+<A HREF="auqbg005.htm#IDX2654">(2654)</A>
+</MENU>
+<STRONG><A NAME="IDX1_45" HREF="#IDX0_45">E</A></STRONG>
+<MENU>
+<LI>enabling AFS login
+<MENU>
+<LI>client machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg007.htm#IDX2940">(2940)</A>
+<LI>Digital UNIX
+<A HREF="auqbg007.htm#IDX2949">(2949)</A>
+<LI>HP-UX
+<A HREF="auqbg007.htm#IDX2958">(2958)</A>
+<LI>IRIX
+<A HREF="auqbg007.htm#IDX2974">(2974)</A>
+<LI>Linux
+<A HREF="auqbg007.htm#IDX2981">(2981)</A>
+<LI>Solaris
+<A HREF="auqbg007.htm#IDX2990">(2990)</A>
+</MENU>
+<LI>file server machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2261">(2261)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2278">(2278)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2296">(2296)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2321">(2321)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2337">(2337)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2354">(2354)</A>
+</MENU>
+</MENU>
+<LI>encryption files
+<MENU>
+<LI>in AFS Binary Distribution
+<A HREF="auqbg004.htm#IDX2217">(2217)</A>
+</MENU>
+<LI>encryption key (see entry <I>server encryption key</I>)
+<A HREF="auqbg005.htm#IDX2445">(2445)</A>
+<LI>environment variables (see entry: <I>variables</I>)
+<A HREF="auqbg007.htm#IDX3045">(3045)</A>
+<LI>etc/init.d/afs (see entry: <I>afs file</I>)
+<A HREF="auqbg007.htm#IDX3073">(3073)</A>
+<LI>etc/rc.afs (see entry: <I>rc.afs file</I>)
+<A HREF="auqbg007.htm#IDX3062">(3062)</A>
+<LI>etc/rc.d/init.d/afs (see entry: <I>afs file</I>)
+<A HREF="auqbg007.htm#IDX3079">(3079)</A>
+<LI>etc/sysconfig/afs (see entry: <I>afs file</I>)
+<A HREF="auqbg007.htm#IDX3034">(3034)</A>
+<LI>etc/vfs file
+<A HREF="auqbg007.htm#IDX3051">(3051)</A>
+</MENU>
+<STRONG><A NAME="IDX1_46" HREF="#IDX0_46">F</A></STRONG>
+<MENU>
+<LI>File Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2487">(2487)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2818">(2818)</A>
+</MENU>
+<LI>file server machine
+<MENU>
+<LI>requirements for installation
+<A HREF="auqbg004.htm#IDX2204">(2204)</A>
+<LI>see entries <I>first AFS machine</I>; <I>file server machine, additional</I>
+<A HREF="auqbg005.htm#IDX2218">(2218)</A>
+</MENU>
+<LI>file server machine, additional
+<MENU>
+<LI>/cdrom directory
+<A HREF="auqbg006.htm#IDX2695">(2695)</A>
+<LI>/usr/afs directory
+<A HREF="auqbg006.htm#IDX2698">(2698)</A>
+<LI>/usr/afs/bin directory
+<A HREF="auqbg006.htm#IDX2701">(2701)</A>
+<LI>/usr/afs/etc directory
+<A HREF="auqbg006.htm#IDX2788">(2788)</A>
+<LI>/usr/vice/etc directory
+<A HREF="auqbg006.htm#IDX2704">(2704)</A>
+<LI>AFS initialization script
+<A HREF="auqbg006.htm#IDX2854">(2854)</A>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on AIX
+<A HREF="auqbg006.htm#IDX2709">(2709)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg006.htm#IDX2721">(2721)</A>
+<LI>on HP-UX
+<A HREF="auqbg006.htm#IDX2733">(2733)</A>
+<LI>on IRIX
+<A HREF="auqbg006.htm#IDX2747">(2747)</A>
+<LI>on Linux
+<A HREF="auqbg006.htm#IDX2764">(2764)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2772">(2772)</A>
+</MENU>
+<LI>AFS login (see entry for <I>first AFS machine</I>)
+<A HREF="auqbg006.htm#IDX2706">(2706)</A>
+<LI>AFS server partition
+<MENU>
+<LI>on AIX
+<A HREF="auqbg006.htm#IDX2713">(2713)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg006.htm#IDX2725">(2725)</A>
+<LI>on HP-UX
+<A HREF="auqbg006.htm#IDX2737">(2737)</A>
+<LI>on IRIX
+<A HREF="auqbg006.htm#IDX2758">(2758)</A>
+<LI>on Linux
+<A HREF="auqbg006.htm#IDX2768">(2768)</A>
+<LI>on Solaris
+<A HREF="auqbg006.htm#IDX2780">(2780)</A>
+</MENU>
+<LI>afsd command parameters
+<A HREF="auqbg006.htm#IDX2851">(2851)</A>
+<LI>authorization checking (disabling)
+<A HREF="auqbg006.htm#IDX2804">(2804)</A>
+<LI>BOS Server
+<A HREF="auqbg006.htm#IDX2801">(2801)</A>
+<LI>Cache Manager
+<A HREF="auqbg006.htm#IDX2848">(2848)</A>
+<LI>cache size and location
+<A HREF="auqbg006.htm#IDX2845">(2845)</A>
+<LI>cell membership, defining
+<MENU>
+<LI>for client processes
+<A HREF="auqbg006.htm#IDX2837">(2837)</A>
+<LI>for server processes
+<A HREF="auqbg006.htm#IDX2796">(2796)</A>
+</MENU>
+<LI>client functionality
+<A HREF="auqbg006.htm#IDX2829">(2829)</A>
+<LI>copying
+<MENU>
+<LI>client files to local disk
+<A HREF="auqbg006.htm#IDX2831">(2831)</A>
+<LI>server files to local disk
+<A HREF="auqbg006.htm#IDX2786">(2786)</A>
+</MENU>
+<LI>File Server
+<A HREF="auqbg006.htm#IDX2820">(2820)</A>
+<LI>fs process
+<A HREF="auqbg006.htm#IDX2827">(2827)</A>
+<LI>fsck program
+<MENU>
+<LI>on AIX
+<A HREF="auqbg006.htm#IDX2717">(2717)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg006.htm#IDX2729">(2729)</A>
+<LI>on HP-UX
+<A HREF="auqbg006.htm#IDX2741">(2741)</A>
+<LI>on IRIX
+<A HREF="auqbg006.htm#IDX2743">(2743)</A>
+<LI>on Linux
+<A HREF="auqbg006.htm#IDX2760">(2760)</A>
+<LI>on Solaris
+<A HREF="auqbg006.htm#IDX2776">(2776)</A>
+</MENU>
+<LI>runntp process
+<A HREF="auqbg006.htm#IDX2816">(2816)</A>
+<LI>server functionality
+<A HREF="auqbg006.htm#IDX2782">(2782)</A>
+<LI>ThisCell file (client)
+<A HREF="auqbg006.htm#IDX2836">(2836)</A>
+<LI>ThisCell file (server)
+<A HREF="auqbg006.htm#IDX2798">(2798)</A>
+<LI>Update Server client portion
+<A HREF="auqbg006.htm#IDX2810">(2810)</A>
+<LI>Update Server server portion
+<A HREF="auqbg006.htm#IDX2813">(2813)</A>
+<LI>Volume Server
+<A HREF="auqbg006.htm#IDX2823">(2823)</A>
+</MENU>
+<LI>file systems clean-up script (Solaris)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2996">(2996)</A>
+<LI>file server machine
+<A HREF="auqbg005.htm#IDX2360">(2360)</A>
+</MENU>
+<LI>files
+<MENU>
+<LI>afs
+<MENU>
+<LI>AFS initialization file
+<A HREF="auqbg007.htm#IDX3065">(3065)</A>, <A HREF="auqbg007.htm#IDX3068">(3068)</A>, <A HREF="auqbg007.htm#IDX3071">(3071)</A>, <A HREF="auqbg007.htm#IDX3078">(3078)</A>, <A HREF="auqbg007.htm#IDX3082">(3082)</A>
+<LI>afsd options file (Linux)
+<A HREF="auqbg007.htm#IDX3032">(3032)</A>
+</MENU>
+<LI>AFS initialization (see entry: <I>AFS initialization script</I>)
+<A HREF="auqbg007.htm#IDX3040">(3040)</A>
+<LI>AFS source
+<A HREF="auqbg008.htm#IDX3094">(3094)</A>
+<LI>afsd options file (Linux)
+<A HREF="auqbg007.htm#IDX3031">(3031)</A>
+<LI>BosConfig
+<A HREF="auqbg005.htm#IDX2427">(2427)</A>
+<LI>cacheinfo
+<A HREF="auqbg007.htm#IDX3019">(3019)</A>
+<LI>CellServDB (client)
+<A HREF="auqbg005.htm#IDX2543">(2543)</A>
+<LI>CellServDB (server)
+<A HREF="auqbg005.htm#IDX2395">(2395)</A>
+<LI>index.htm
+<A HREF="auqbg005.htm#IDX2663">(2663)</A>
+<LI>KeyFile
+<A HREF="auqbg005.htm#IDX2443">(2443)</A>
+<LI>protecting during operating system upgrade
+<A HREF="auqbg004.htm#IDX2213">(2213)</A>
+<LI>rc.afs
+<A HREF="auqbg007.htm#IDX3061">(3061)</A>
+<LI>ThisCell (client)
+<A HREF="auqbg005.htm#IDX2536">(2536)</A>
+<LI>ThisCell (server)
+<A HREF="auqbg005.htm#IDX2389">(2389)</A>
+<LI>UserList
+<A HREF="auqbg005.htm#IDX2466">(2466)</A>
+<LI>vfs (AIX)
+<A HREF="auqbg007.htm#IDX3049">(3049)</A>
+</MENU>
+<LI>fileserver process (see entry <I>File Server</I>)
+<A HREF="auqbg005.htm#IDX2488">(2488)</A>
+<LI>filespace (see entry <I>AFS filespace</I>)
+<A HREF="auqbg005.htm#IDX2224">(2224)</A>
+<LI>first AFS machine
+<MENU>
+<LI> fsck program
+<MENU>
+<LI>on AIX
+<A HREF="auqbg005.htm#IDX2259">(2259)</A>
+</MENU>
+<LI>/cdrom directory
+<A HREF="auqbg005.htm#IDX2230">(2230)</A>
+<LI>/usr/afs directory
+<A HREF="auqbg005.htm#IDX2233">(2233)</A>
+<LI>/usr/vice/etc directory
+<A HREF="auqbg005.htm#IDX2236">(2236)</A>
+<LI>AFS initialization script
+<MENU>
+<LI>activating
+<A HREF="auqbg005.htm#IDX2584">(2584)</A>
+<LI>running/verifying
+<A HREF="auqbg005.htm#IDX2559">(2559)</A>
+</MENU>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on AIX
+<A HREF="auqbg005.htm#IDX2251">(2251)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg005.htm#IDX2268">(2268)</A>
+<LI>on HP-UX
+<A HREF="auqbg005.htm#IDX2286">(2286)</A>
+<LI>on IRIX
+<A HREF="auqbg005.htm#IDX2304">(2304)</A>
+<LI>on Linux
+<A HREF="auqbg005.htm#IDX2331">(2331)</A>
+<LI>on Solaris
+<A HREF="auqbg005.htm#IDX2344">(2344)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on AIX
+<A HREF="auqbg005.htm#IDX2263">(2263)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg005.htm#IDX2280">(2280)</A>
+<LI>on HP-UX
+<A HREF="auqbg005.htm#IDX2298">(2298)</A>
+<LI>on IRIX
+<A HREF="auqbg005.htm#IDX2323">(2323)</A>
+<LI>on Linux
+<A HREF="auqbg005.htm#IDX2339">(2339)</A>
+<LI>on Solaris
+<A HREF="auqbg005.htm#IDX2356">(2356)</A>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>on AIX
+<A HREF="auqbg005.htm#IDX2255">(2255)</A>
+<LI>on Digital UNIX
+<A HREF="auqbg005.htm#IDX2272">(2272)</A>
+<LI>on HP-UX
+<A HREF="auqbg005.htm#IDX2290">(2290)</A>
+<LI>on IRIX
+<A HREF="auqbg005.htm#IDX2319">(2319)</A>
+<LI>on Linux
+<A HREF="auqbg005.htm#IDX2335">(2335)</A>
+<LI>on Solaris
+<A HREF="auqbg005.htm#IDX2352">(2352)</A>
+</MENU>
+<LI>afsd command parameters
+<A HREF="auqbg005.htm#IDX2554">(2554)</A>
+<LI>Authentication Server
+<A HREF="auqbg005.htm#IDX2409">(2409)</A>
+<LI>authorization checking (disabling)
+<A HREF="auqbg005.htm#IDX2368">(2368)</A>
+<LI>Backup Server
+<A HREF="auqbg005.htm#IDX2415">(2415)</A>
+<LI>BOS Server
+<A HREF="auqbg005.htm#IDX2365">(2365)</A>
+<LI>Cache Manager
+<A HREF="auqbg005.htm#IDX2551">(2551)</A>
+<LI>cache size and location
+<A HREF="auqbg005.htm#IDX2548">(2548)</A>
+<LI>cell membership, defining
+<MENU>
+<LI>for client processes
+<A HREF="auqbg005.htm#IDX2533">(2533)</A>
+<LI>for server processes
+<A HREF="auqbg005.htm#IDX2391">(2391)</A>
+</MENU>
+<LI>CellServDB file (client)
+<A HREF="auqbg005.htm#IDX2544">(2544)</A>
+<LI>CellServDB file (server)
+<A HREF="auqbg005.htm#IDX2396">(2396)</A>
+<LI>client functionality
+<MENU>
+<LI>installing
+<A HREF="auqbg005.htm#IDX2525">(2525)</A>
+<LI>removing
+<A HREF="auqbg005.htm#IDX2686">(2686)</A>
+</MENU>
+<LI>completion of installation
+<A HREF="auqbg005.htm#IDX2556">(2556)</A>
+<LI>copying
+<MENU>
+<LI>AFS binaries into volume
+<A HREF="auqbg005.htm#IDX2644">(2644)</A>
+<LI>AFS documentation from CD-ROM
+<A HREF="auqbg005.htm#IDX2661">(2661)</A>
+<LI>client files to local disk
+<A HREF="auqbg005.htm#IDX2528">(2528)</A>
+<LI>server files to local disk
+<A HREF="auqbg005.htm#IDX2374">(2374)</A>
+</MENU>
+<LI>defining
+<MENU>
+<LI>as binary distribution machine
+<A HREF="auqbg005.htm#IDX2514">(2514)</A>
+<LI>as database server
+<A HREF="auqbg005.htm#IDX2397">(2397)</A>
+<LI>as system control machine
+<A HREF="auqbg005.htm#IDX2515">(2515)</A>
+</MENU>
+<LI>File Server, fs process
+<A HREF="auqbg005.htm#IDX2490">(2490)</A>
+<LI>fsck program
+<MENU>
+<LI>on Digital UNIX
+<A HREF="auqbg005.htm#IDX2276">(2276)</A>
+<LI>on HP-UX
+<A HREF="auqbg005.htm#IDX2294">(2294)</A>
+<LI>on IRIX
+<A HREF="auqbg005.htm#IDX2307">(2307)</A>
+<LI>on Linux
+<A HREF="auqbg005.htm#IDX2327">(2327)</A>
+<LI>on Solaris
+<A HREF="auqbg005.htm#IDX2348">(2348)</A>
+</MENU>
+<LI>Protection Server
+<A HREF="auqbg005.htm#IDX2419">(2419)</A>
+<LI>roles
+<A HREF="auqbg004.htm#IDX2198">(2198)</A>
+<LI>runntp process
+<A HREF="auqbg005.htm#IDX2520">(2520)</A>
+<LI>Salvager
+<A HREF="auqbg005.htm#IDX2498">(2498)</A>
+<LI>server functionality
+<A HREF="auqbg005.htm#IDX2226">(2226)</A>
+<LI>subdirectories of /usr/afs
+<A HREF="auqbg005.htm#IDX2370">(2370)</A>
+<LI>ThisCell file (client)
+<A HREF="auqbg005.htm#IDX2532">(2532)</A>
+<LI>ThisCell file (server)
+<A HREF="auqbg005.htm#IDX2386">(2386)</A>
+<LI>Update Server server portion
+<A HREF="auqbg005.htm#IDX2513">(2513)</A>
+<LI>VL Server
+<A HREF="auqbg005.htm#IDX2423">(2423)</A>
+<LI>Volume Server
+<A HREF="auqbg005.htm#IDX2494">(2494)</A>
+</MENU>
+<LI>foreign cell, enabling access
+<A HREF="auqbg005.htm#IDX2668">(2668)</A>
+<LI>fs commands
+<MENU>
+<LI>checkvolumes
+<A HREF="auqbg005.htm#IDX2580">(2580)</A>, <A HREF="auqbg005.htm#IDX2627">(2627)</A>
+<LI>examine
+<A HREF="auqbg005.htm#IDX2621">(2621)</A>
+<LI>mkmount
+<A HREF="auqbg005.htm#IDX2606">(2606)</A>
+<LI>newcell
+<A HREF="auqbg005.htm#IDX2675">(2675)</A>
+<LI>setacl
+<A HREF="auqbg005.htm#IDX2600">(2600)</A>
+<LI>setquota
+<A HREF="auqbg005.htm#IDX2638">(2638)</A>
+</MENU>
+<LI>fs process
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2496">(2496)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2825">(2825)</A>
+</MENU>
+<LI>fsck program
+<MENU>
+<LI>on first AFS machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2258">(2258)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2275">(2275)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2293">(2293)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2306">(2306)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2326">(2326)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2347">(2347)</A>
+</MENU>
+<LI>on server machine after first
+<MENU>
+<LI>AIX
+<A HREF="auqbg006.htm#IDX2716">(2716)</A>
+<LI>Digital UNIX
+<A HREF="auqbg006.htm#IDX2728">(2728)</A>
+<LI>HP-UX
+<A HREF="auqbg006.htm#IDX2740">(2740)</A>
+<LI>IRIX
+<A HREF="auqbg006.htm#IDX2744">(2744)</A>
+<LI>Linux
+<A HREF="auqbg006.htm#IDX2761">(2761)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2775">(2775)</A>
+</MENU>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_48" HREF="#IDX0_48">H</A></STRONG>
+<MENU>
+<LI>HP-UX
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2859">(2859)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3069">(3069)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2566">(2566)</A>, <A HREF="auqbg005.htm#IDX2588">(2588)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2961">(2961)</A>
+<LI>on file server machine
+<A HREF="auqbg005.htm#IDX2299">(2299)</A>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2738">(2738)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2291">(2291)</A>
+</MENU>
+<LI>AFS-modified kernel
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2734">(2734)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2957">(2957)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2287">(2287)</A>
+</MENU>
+<LI>fsck program
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2742">(2742)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2295">(2295)</A>
+</MENU>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_49" HREF="#IDX0_49">I</A></STRONG>
+<MENU>
+<LI>incorporating AFS kernel extensions
+<MENU>
+<LI>client machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg007.htm#IDX2936">(2936)</A>
+<LI>Digital UNIX
+<A HREF="auqbg007.htm#IDX2945">(2945)</A>
+<LI>HP-UX
+<A HREF="auqbg007.htm#IDX2954">(2954)</A>
+<LI>IRIX
+<A HREF="auqbg007.htm#IDX2963">(2963)</A>
+<LI>Linux
+<A HREF="auqbg007.htm#IDX2977">(2977)</A>
+<LI>Solaris
+<A HREF="auqbg007.htm#IDX2986">(2986)</A>
+</MENU>
+<LI>first AFS machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2249">(2249)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2266">(2266)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2284">(2284)</A>
+<LI>IRIX
+<A HREF="auqbg005.htm#IDX2302">(2302)</A>
+<LI>Linux
+<A HREF="auqbg005.htm#IDX2329">(2329)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2342">(2342)</A>
+</MENU>
+<LI>server machine after first
+<MENU>
+<LI>AIX
+<A HREF="auqbg006.htm#IDX2707">(2707)</A>
+<LI>Digital UNIX
+<A HREF="auqbg006.htm#IDX2719">(2719)</A>
+<LI>HP-UX
+<A HREF="auqbg006.htm#IDX2731">(2731)</A>
+<LI>IRIX
+<A HREF="auqbg006.htm#IDX2745">(2745)</A>
+<LI>Linux
+<A HREF="auqbg006.htm#IDX2762">(2762)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2770">(2770)</A>
+</MENU>
+</MENU>
+<LI>index.htm file
+<A HREF="auqbg005.htm#IDX2662">(2662)</A>
+<LI>initializing
+<MENU>
+<LI>cell security mechanisms
+<A HREF="auqbg005.htm#IDX2440">(2440)</A>
+<LI>server process (see entry <I>starting</I> or server's name)
+<A HREF="auqbg005.htm#IDX2428">(2428)</A>
+</MENU>
+<LI>installing
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3057">(3057)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2583">(2583)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2856">(2856)</A>
+</MENU>
+<LI>client functionality
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2927">(2927)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2526">(2526)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2828">(2828)</A>
+</MENU>
+<LI>database server machine
+<MENU>
+<LI>additional
+<A HREF="auqbg006.htm#IDX2874">(2874)</A>
+<LI>first
+<A HREF="auqbg005.htm#IDX2407">(2407)</A>
+</MENU>
+<LI>file server machine after first
+<A HREF="auqbg006.htm#IDX2689">(2689)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2220">(2220)</A>
+<LI>server functionality
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2227">(2227)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2783">(2783)</A>
+</MENU>
+</MENU>
+<LI>instructions
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2926">(2926)</A>
+<LI>database server machine, installing additional
+<A HREF="auqbg006.htm#IDX2873">(2873)</A>
+<LI>database server machine, installing first
+<A HREF="auqbg005.htm#IDX2406">(2406)</A>
+<LI>database server machine, removing
+<A HREF="auqbg006.htm#IDX2899">(2899)</A>
+<LI>file server machine after first
+<A HREF="auqbg006.htm#IDX2688">(2688)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2219">(2219)</A>
+</MENU>
+<LI>interactive mode for kas
+<MENU>
+<LI>entering
+<A HREF="auqbg005.htm#IDX2448">(2448)</A>
+<LI>quitting
+<A HREF="auqbg005.htm#IDX2461">(2461)</A>
+</MENU>
+<LI>invoking AFS init. script (see entry <I>running</I>)
+<A HREF="auqbg005.htm#IDX2561">(2561)</A>
+<LI>IRIX
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2860">(2860)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3072">(3072)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2567">(2567)</A>, <A HREF="auqbg005.htm#IDX2589">(2589)</A>
+</MENU>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2966">(2966)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2309">(2309)</A>
+<LI>on server machine after first
+<A HREF="auqbg006.htm#IDX2748">(2748)</A>
+</MENU>
+<LI>AFS login
+<A HREF="auqbg005.htm#IDX2324">(2324)</A>
+<LI>AFS server partition
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2759">(2759)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2320">(2320)</A>
+</MENU>
+<LI>AFS-modified kernel
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2755">(2755)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2973">(2973)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2316">(2316)</A>
+</MENU>
+<LI>afsclient variable
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3076">(3076)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2570">(2570)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2863">(2863)</A>
+</MENU>
+<LI>afsml variable
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2969">(2969)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2312">(2312)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2751">(2751)</A>
+</MENU>
+<LI>afsserver variable
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2573">(2573)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2866">(2866)</A>
+</MENU>
+<LI>afsxnfs variable
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2972">(2972)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2315">(2315)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2754">(2754)</A>
+</MENU>
+<LI>fsck program replacement not necessary
+<A HREF="auqbg005.htm#IDX2308">(2308)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4B" HREF="#IDX0_4B">K</A></STRONG>
+<MENU>
+<LI>kas commands
+<MENU>
+<LI>create
+<A HREF="auqbg005.htm#IDX2450">(2450)</A>
+<LI>examine
+<A HREF="auqbg005.htm#IDX2454">(2454)</A>
+<LI>interactive mode, entering
+<A HREF="auqbg005.htm#IDX2447">(2447)</A>
+<LI>quit
+<A HREF="auqbg005.htm#IDX2460">(2460)</A>
+<LI>setfields
+<A HREF="auqbg005.htm#IDX2457">(2457)</A>
+</MENU>
+<LI>kaserver process (see entry <I>Authentication Server</I>)
+<A HREF="auqbg005.htm#IDX2410">(2410)</A>
+<LI>Kerberos
+<A HREF="auqbg005.htm#IDX2430">(2430)</A>
+<LI>kernel extensions (see entry <I>AFS kernel extensions</I>)
+<A HREF="auqbg005.htm#IDX2239">(2239)</A>
+<LI>key (see entry <I>server encryption key</I>)
+<A HREF="auqbg005.htm#IDX2444">(2444)</A>
+<LI>KeyFile file
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2442">(2442)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2792">(2792)</A>
+</MENU>
+<LI>klog command
+<A HREF="auqbg005.htm#IDX2577">(2577)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4C" HREF="#IDX0_4C">L</A></STRONG>
+<MENU>
+<LI>licensing requirements
+<A HREF="auqbg005.htm#IDX2646">(2646)</A>
+<LI>Linux
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2867">(2867)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3080">(3080)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2574">(2574)</A>, <A HREF="auqbg005.htm#IDX2590">(2590)</A>
+</MENU>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2765">(2765)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2980">(2980)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2332">(2332)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2984">(2984)</A>
+<LI>on file server machine
+<A HREF="auqbg005.htm#IDX2340">(2340)</A>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2769">(2769)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2336">(2336)</A>
+</MENU>
+<LI>afsd options file
+<A HREF="auqbg007.htm#IDX3035">(3035)</A>
+<LI>fsck program replacement not necessary
+<A HREF="auqbg005.htm#IDX2328">(2328)</A>
+</MENU>
+<LI>loading AFS kernel extensions (see entry <I>incorporating</I>)
+<A HREF="auqbg005.htm#IDX2240">(2240)</A>
+<LI>logical volume (see entry <I>AFS server partition</I>)
+<A HREF="auqbg005.htm#IDX2244">(2244)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4D" HREF="#IDX0_4D">M</A></STRONG>
+<MENU>
+<LI>make command
+<A HREF="auqbg008.htm#IDX3108">(3108)</A>
+<LI>memory cache (see entry: <I>cache</I>)
+<A HREF="auqbg007.htm#IDX3013">(3013)</A>
+<LI>mode bits on local AFS directories
+<A HREF="auqbg005.htm#IDX2684">(2684)</A>
+<LI>mount point
+<A HREF="auqbg005.htm#IDX2608">(2608)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4E" HREF="#IDX0_4E">N</A></STRONG>
+<MENU>
+<LI>naming conventions for AFS server partition
+<A HREF="auqbg005.htm#IDX2246">(2246)</A>
+<LI>NTPD
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2521">(2521)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2817">(2817)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4F" HREF="#IDX0_4F">O</A></STRONG>
+<MENU>
+<LI>operating system upgrades
+<A HREF="auqbg004.htm#IDX2210">(2210)</A>
+<LI>OPTIONS variable in AFS initialization file
+<A HREF="auqbg007.htm#IDX3039">(3039)</A>
+<LI>overview
+<MENU>
+<LI>completing installation of first machine
+<A HREF="auqbg005.htm#IDX2555">(2555)</A>
+<LI>general installation requirements
+<A HREF="auqbg004.htm#IDX2202">(2202)</A>
+<LI>installing additional database server machine
+<A HREF="auqbg006.htm#IDX2871">(2871)</A>
+<LI>installing client functionality on first machine
+<A HREF="auqbg005.htm#IDX2524">(2524)</A>
+<LI>installing client machine
+<A HREF="auqbg007.htm#IDX2928">(2928)</A>
+<LI>installing server functionality on first AFS machine
+<A HREF="auqbg005.htm#IDX2225">(2225)</A>
+<LI>installing server machine after first
+<A HREF="auqbg006.htm#IDX2692">(2692)</A>
+<LI>removing database server machine
+<A HREF="auqbg006.htm#IDX2901">(2901)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_50" HREF="#IDX0_50">P</A></STRONG>
+<MENU>
+<LI>PAM
+<MENU>
+<LI>on HP-UX
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2962">(2962)</A>
+<LI>file server machine
+<A HREF="auqbg005.htm#IDX2300">(2300)</A>
+</MENU>
+<LI>on Linux
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2985">(2985)</A>
+<LI>file server machine
+<A HREF="auqbg005.htm#IDX2341">(2341)</A>
+</MENU>
+<LI>on Solaris
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2994">(2994)</A>
+<LI>file server machine
+<A HREF="auqbg005.htm#IDX2358">(2358)</A>
+</MENU>
+</MENU>
+<LI>partition (see entry <I>AFS server partition</I>)
+<A HREF="auqbg005.htm#IDX2243">(2243)</A>
+<LI>PATH environment variable for users
+<A HREF="auqbg005.htm#IDX2649">(2649)</A>
+<LI>Pluggable Authentication Module (see entry <I>PAM</I>)
+<A HREF="auqbg005.htm#IDX2301">(2301)</A>
+<LI>Protection Database
+<A HREF="auqbg005.htm#IDX2478">(2478)</A>
+<LI>Protection Server
+<MENU>
+<LI>starting
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2416">(2416)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2890">(2890)</A>
+</MENU>
+<LI>stopping
+<A HREF="auqbg006.htm#IDX2915">(2915)</A>
+</MENU>
+<LI>pts commands
+<MENU>
+<LI>adduser
+<A HREF="auqbg005.htm#IDX2480">(2480)</A>
+<LI>createuser
+<A HREF="auqbg005.htm#IDX2477">(2477)</A>
+</MENU>
+<LI>ptserver process (see entry <I>Protection Server</I>)
+<A HREF="auqbg005.htm#IDX2417">(2417)</A>
+</MENU>
+<STRONG><A NAME="IDX1_51" HREF="#IDX0_51">Q</A></STRONG>
+<MENU>
+<LI>quota for volume
+<A HREF="auqbg005.htm#IDX2639">(2639)</A>
+</MENU>
+<STRONG><A NAME="IDX1_52" HREF="#IDX0_52">R</A></STRONG>
+<MENU>
+<LI>rc.afs file (AFS init. file for AIX)
+<A HREF="auqbg007.htm#IDX3060">(3060)</A>
+<LI>read/write mount point for root.afs volume
+<A HREF="auqbg005.htm#IDX2614">(2614)</A>
+<LI>reading list for background information
+<A HREF="auqbg004.htm#IDX2200">(2200)</A>
+<LI>releasing replicated volume
+<A HREF="auqbg005.htm#IDX2626">(2626)</A>
+<LI>removing
+<MENU>
+<LI>client functionality from first AFS machine
+<A HREF="auqbg005.htm#IDX2687">(2687)</A>
+<LI>database server machine from service
+<A HREF="auqbg006.htm#IDX2900">(2900)</A>
+<LI>entries from BosConfig File
+<A HREF="auqbg006.htm#IDX2920">(2920)</A>
+<LI>entry from CellServDB file
+<A HREF="auqbg006.htm#IDX2905">(2905)</A>
+</MENU>
+<LI>replacing fsck program
+<MENU>
+<LI>first AFS machine
+<MENU>
+<LI>AIX
+<A HREF="auqbg005.htm#IDX2257">(2257)</A>
+<LI>Digital UNIX
+<A HREF="auqbg005.htm#IDX2274">(2274)</A>
+<LI>HP-UX
+<A HREF="auqbg005.htm#IDX2292">(2292)</A>
+<LI>Solaris
+<A HREF="auqbg005.htm#IDX2346">(2346)</A>
+</MENU>
+<LI>not necessary on IRIX
+<A HREF="auqbg005.htm#IDX2305">(2305)</A>
+<LI>not necessary on Linux
+<A HREF="auqbg005.htm#IDX2325">(2325)</A>
+<LI>server machine after first
+<MENU>
+<LI>AIX
+<A HREF="auqbg006.htm#IDX2715">(2715)</A>
+<LI>Digital UNIX
+<A HREF="auqbg006.htm#IDX2727">(2727)</A>
+<LI>HP-UX
+<A HREF="auqbg006.htm#IDX2739">(2739)</A>
+<LI>Solaris
+<A HREF="auqbg006.htm#IDX2774">(2774)</A>
+</MENU>
+</MENU>
+<LI>replicating volumes
+<A HREF="auqbg005.htm#IDX2599">(2599)</A>
+<LI>requirements
+<MENU>
+<LI>AFS server partition name and location
+<A HREF="auqbg005.htm#IDX2245">(2245)</A>
+<LI>cache
+<A HREF="auqbg007.htm#IDX3016">(3016)</A>
+<LI>CellServDB file format (client version)
+<A HREF="auqbg005.htm#IDX2542">(2542)</A>
+<LI>client machine
+<A HREF="auqbg004.htm#IDX2207">(2207)</A>
+<LI>database server machine
+<A HREF="auqbg006.htm#IDX2870">(2870)</A>
+<LI>file server machine (additional)
+<A HREF="auqbg006.htm#IDX2691">(2691)</A>
+<LI>file server machine (general)
+<A HREF="auqbg004.htm#IDX2205">(2205)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2221">(2221)</A>
+<LI>general
+<A HREF="auqbg004.htm#IDX2203">(2203)</A>
+<LI>protecting binaries per AFS license
+<A HREF="auqbg005.htm#IDX2645">(2645)</A>
+</MENU>
+<LI>restarting server process
+<MENU>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2485">(2485)</A>
+<LI>on new db-server machine
+<A HREF="auqbg006.htm#IDX2896">(2896)</A>
+<LI>on removed db-server machine
+<A HREF="auqbg006.htm#IDX2924">(2924)</A>
+</MENU>
+<LI>roles for first AFS machine
+<A HREF="auqbg004.htm#IDX2197">(2197)</A>
+<LI>root superuser
+<MENU>
+<LI>as installer's login identity
+<A HREF="auqbg004.htm#IDX2201">(2201)</A>
+<LI>controlling access
+<A HREF="auqbg005.htm#IDX2679">(2679)</A>
+</MENU>
+<LI>root.afs volume
+<MENU>
+<LI>creating
+<A HREF="auqbg005.htm#IDX2503">(2503)</A>
+<LI>read/write mount point
+<A HREF="auqbg005.htm#IDX2615">(2615)</A>
+<LI>replicating
+<A HREF="auqbg005.htm#IDX2597">(2597)</A>
+</MENU>
+<LI>root.cell volume
+<MENU>
+<LI>creating and replicating
+<A HREF="auqbg005.htm#IDX2594">(2594)</A>
+<LI>mounting for foreign cells in local filespace
+<A HREF="auqbg005.htm#IDX2672">(2672)</A>
+</MENU>
+<LI>running AFS init. script
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3056">(3056)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2560">(2560)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2855">(2855)</A>
+</MENU>
+<LI>runntp process
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2518">(2518)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2814">(2814)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_53" HREF="#IDX0_53">S</A></STRONG>
+<MENU>
+<LI>Salvager (salvager process)
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2495">(2495)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2824">(2824)</A>
+</MENU>
+<LI>sbin/init.d/afs (see entry: <I>afs file</I>)
+<A HREF="auqbg007.htm#IDX3066">(3066)</A>
+<LI>scripts
+<MENU>
+<LI>AFS initialization (see entry: <I>AFS initialization script</I>)
+<A HREF="auqbg007.htm#IDX3041">(3041)</A>
+<LI>file systems clean-up (Solaris)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2997">(2997)</A>
+<LI>file server machine
+<A HREF="auqbg005.htm#IDX2361">(2361)</A>
+</MENU>
+</MENU>
+<LI>secondary authentication system (AIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2944">(2944)</A>
+<LI>server machine
+<A HREF="auqbg005.htm#IDX2265">(2265)</A>
+</MENU>
+<LI>security
+<MENU>
+<LI>improving
+<A HREF="auqbg005.htm#IDX2678">(2678)</A>
+<LI>initializing cell-wide
+<A HREF="auqbg005.htm#IDX2438">(2438)</A>
+</MENU>
+<LI>Security Integration Architecture (see entry <I>SIA</I>)
+<A HREF="auqbg005.htm#IDX2283">(2283)</A>
+<LI>server encryption key
+<MENU>
+<LI>in Authentication Database
+<A HREF="auqbg005.htm#IDX2451">(2451)</A>
+<LI>in KeyFile file
+<A HREF="auqbg005.htm#IDX2472">(2472)</A>
+</MENU>
+<LI>server machine after first (see entry: <I>file server machine, additional</I>)
+<A HREF="auqbg006.htm#IDX2690">(2690)</A>
+<LI>server process
+<MENU>
+<LI>restarting
+<MENU>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2486">(2486)</A>
+<LI>on new db-server machine
+<A HREF="auqbg006.htm#IDX2897">(2897)</A>
+<LI>on removed db-server machine
+<A HREF="auqbg006.htm#IDX2925">(2925)</A>
+</MENU>
+<LI>see also entry for each server's name
+<A HREF="auqbg005.htm#IDX2429">(2429)</A>
+</MENU>
+<LI>setting
+<MENU>
+<LI>ACL
+<A HREF="auqbg005.htm#IDX2603">(2603)</A>
+<LI>cache size and location
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3024">(3024)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2547">(2547)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2844">(2844)</A>
+</MENU>
+<LI>cell name in client ThisCell file
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3002">(3002)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2531">(2531)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2835">(2835)</A>
+</MENU>
+<LI>cell name in server ThisCell file
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2385">(2385)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2797">(2797)</A>
+</MENU>
+<LI>volume quota
+<A HREF="auqbg005.htm#IDX2641">(2641)</A>
+</MENU>
+<LI>SIA (Digital UNIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2953">(2953)</A>
+<LI>file server machine
+<A HREF="auqbg005.htm#IDX2282">(2282)</A>
+</MENU>
+<LI>Solaris
+<MENU>
+<LI>AFS initialization script
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2868">(2868)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX3083">(3083)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2575">(2575)</A>, <A HREF="auqbg005.htm#IDX2591">(2591)</A>
+</MENU>
+<LI>AFS kernel extensions
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2773">(2773)</A>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2989">(2989)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2345">(2345)</A>
+</MENU>
+<LI>AFS login
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2993">(2993)</A>
+<LI>on file server machine
+<A HREF="auqbg005.htm#IDX2357">(2357)</A>
+</MENU>
+<LI>AFS server partition
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2781">(2781)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2353">(2353)</A>
+</MENU>
+<LI>file systems clean-up script
+<MENU>
+<LI>on client machine
+<A HREF="auqbg007.htm#IDX2995">(2995)</A>
+<LI>on file server machine
+<A HREF="auqbg005.htm#IDX2359">(2359)</A>
+</MENU>
+<LI>fsck program
+<MENU>
+<LI>on add'l server machine
+<A HREF="auqbg006.htm#IDX2777">(2777)</A>
+<LI>on first AFS machine
+<A HREF="auqbg005.htm#IDX2349">(2349)</A>
+</MENU>
+</MENU>
+<LI>source (AFS)
+<MENU>
+<LI>compiling
+<A HREF="auqbg008.htm#IDX3102">(3102)</A>
+<LI>storing in AFS volume
+<A HREF="auqbg008.htm#IDX3093">(3093)</A>
+</MENU>
+<LI>src.afs volume
+<A HREF="auqbg008.htm#IDX3097">(3097)</A>
+<LI>starting
+<MENU>
+<LI>Authentication Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2411">(2411)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2884">(2884)</A>
+</MENU>
+<LI>Backup Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2414">(2414)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2889">(2889)</A>
+</MENU>
+<LI>BOS Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2364">(2364)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2800">(2800)</A>
+</MENU>
+<LI>File Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2489">(2489)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2819">(2819)</A>
+</MENU>
+<LI>fs process
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2497">(2497)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2826">(2826)</A>
+</MENU>
+<LI>Protection Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2418">(2418)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2891">(2891)</A>
+</MENU>
+<LI>runntp process
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2519">(2519)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2815">(2815)</A>
+</MENU>
+<LI>Update Server client portion
+<A HREF="auqbg006.htm#IDX2809">(2809)</A>
+<LI>Update Server server portion
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2512">(2512)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2812">(2812)</A>
+</MENU>
+<LI>VL Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2422">(2422)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2893">(2893)</A>
+</MENU>
+<LI>Volume Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2493">(2493)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2822">(2822)</A>
+</MENU>
+</MENU>
+<LI>stopping
+<MENU>
+<LI>database server processes
+<A HREF="auqbg006.htm#IDX2913">(2913)</A>
+</MENU>
+<LI>storing
+<MENU>
+<LI>AFS binaries in volumes
+<A HREF="auqbg005.htm#IDX2629">(2629)</A>, <A HREF="auqbg007.htm#IDX3084">(3084)</A>
+<LI>AFS documentation in volumes
+<A HREF="auqbg005.htm#IDX2651">(2651)</A>
+<LI>AFS source in volume
+<A HREF="auqbg008.htm#IDX3090">(3090)</A>
+<LI>system binaries in volumes
+<A HREF="auqbg005.htm#IDX2664">(2664)</A>
+</MENU>
+<LI>supported system types
+<A HREF="auqbg004.htm#IDX2209">(2209)</A>
+<LI>symbolic link
+<MENU>
+<LI>for abbreviated cell name
+<A HREF="auqbg005.htm#IDX2612">(2612)</A>
+<LI>to AFS binaries from local disk
+<A HREF="auqbg005.htm#IDX2648">(2648)</A>
+</MENU>
+<LI>system control machine
+<A HREF="auqbg005.htm#IDX2516">(2516)</A>
+<LI>system types supported
+<A HREF="auqbg004.htm#IDX2208">(2208)</A>
+<LI>system:administrators group
+<A HREF="auqbg005.htm#IDX2481">(2481)</A>
+<LI>SYS_NAME variable for washtool command
+<A HREF="auqbg008.htm#IDX3111">(3111)</A>
+</MENU>
+<STRONG><A NAME="IDX1_54" HREF="#IDX0_54">T</A></STRONG>
+<MENU>
+<LI>ThisCell file (client)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3005">(3005)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2535">(2535)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2838">(2838)</A>
+</MENU>
+<LI>ThisCell file (server)
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2388">(2388)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2795">(2795)</A>
+</MENU>
+<LI>time synchronization
+<A HREF="auqbg005.htm#IDX2522">(2522)</A>
+<LI>tokens command
+<A HREF="auqbg005.htm#IDX2579">(2579)</A>
+</MENU>
+<STRONG><A NAME="IDX1_55" HREF="#IDX0_55">U</A></STRONG>
+<MENU>
+<LI>UNIX mode bits on local AFS directories
+<A HREF="auqbg005.htm#IDX2685">(2685)</A>
+<LI>upclient process
+<A HREF="auqbg006.htm#IDX2808">(2808)</A>
+<LI>Update Server
+<MENU>
+<LI>starting client portion
+<A HREF="auqbg006.htm#IDX2807">(2807)</A>
+<LI>starting server portion
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2510">(2510)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2811">(2811)</A>
+</MENU>
+</MENU>
+<LI>upgrading the operating system
+<A HREF="auqbg004.htm#IDX2211">(2211)</A>
+<LI>upserver process (see entry <I>Update Server</I>)
+<A HREF="auqbg005.htm#IDX2511">(2511)</A>
+<LI>UserList file
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2465">(2465)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2791">(2791)</A>
+</MENU>
+<LI>usr/afs directory
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2232">(2232)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2697">(2697)</A>
+</MENU>
+<LI>usr/afs/bin directory
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2375">(2375)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2700">(2700)</A>
+</MENU>
+<LI>usr/afs/db directory
+<A HREF="auqbg005.htm#IDX2377">(2377)</A>
+<LI>usr/afs/etc directory
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2376">(2376)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2787">(2787)</A>
+</MENU>
+<LI>usr/afs/etc/CellServDB file (see entry <I>CellServDB file (server)</I>)
+<A HREF="auqbg005.htm#IDX2392">(2392)</A>
+<LI>usr/afs/etc/KeyFile (see entry <I>KeyFile file</I>)
+<A HREF="auqbg005.htm#IDX2441">(2441)</A>
+<LI>usr/afs/etc/ThisCell (see entry <I>ThisCell file (server)</I>)
+<A HREF="auqbg005.htm#IDX2387">(2387)</A>
+<LI>usr/afs/etc/UserList (see entry <I>UserList file</I>)
+<A HREF="auqbg005.htm#IDX2464">(2464)</A>
+<LI>usr/afs/local directory
+<A HREF="auqbg005.htm#IDX2378">(2378)</A>
+<LI>usr/afs/local/BosConfig (see entry <I>BosConfig file</I>)
+<A HREF="auqbg005.htm#IDX2424">(2424)</A>
+<LI>usr/afs/logs directory
+<A HREF="auqbg005.htm#IDX2379">(2379)</A>
+<LI>usr/afsdoc directory
+<A HREF="auqbg005.htm#IDX2655">(2655)</A>
+<LI>usr/afsws directory
+<A HREF="auqbg005.htm#IDX2633">(2633)</A>, <A HREF="auqbg007.htm#IDX3088">(3088)</A>
+<LI>usr/vice/cache directory
+<A HREF="auqbg007.htm#IDX3020">(3020)</A>
+<LI>usr/vice/etc directory
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2933">(2933)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2235">(2235)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2703">(2703)</A>
+</MENU>
+<LI>usr/vice/etc/cacheinfo (see entry: <I>cacheinfo file</I>)
+<A HREF="auqbg007.htm#IDX3017">(3017)</A>
+<LI>usr/vice/etc/CellServDB (see entry <I>CellServDB file (client)</I>)
+<A HREF="auqbg005.htm#IDX2538">(2538)</A>
+<LI>usr/vice/etc/ThisCell (see entry <I>ThisCell file (client)</I>)
+<A HREF="auqbg005.htm#IDX2534">(2534)</A>
+</MENU>
+<STRONG><A NAME="IDX1_56" HREF="#IDX0_56">V</A></STRONG>
+<MENU>
+<LI>variables
+<MENU>
+<LI>afsclient (IRIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX3075">(3075)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2569">(2569)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2862">(2862)</A>
+</MENU>
+<LI>afsml (IRIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2968">(2968)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2311">(2311)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2750">(2750)</A>
+</MENU>
+<LI>afsserver (IRIX)
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2572">(2572)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2865">(2865)</A>
+</MENU>
+<LI>afsxnfs (IRIX)
+<MENU>
+<LI>client machine
+<A HREF="auqbg007.htm#IDX2971">(2971)</A>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2314">(2314)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2753">(2753)</A>
+</MENU>
+<LI>OPTIONS (in AFS initialization file)
+<A HREF="auqbg007.htm#IDX3044">(3044)</A>
+<LI>PATH, setting for users
+<A HREF="auqbg005.htm#IDX2650">(2650)</A>
+<LI>SYS_NAME for washtool command
+<A HREF="auqbg008.htm#IDX3110">(3110)</A>
+<LI>WASHTOOL
+<A HREF="auqbg008.htm#IDX3109">(3109)</A>
+</MENU>
+<LI>vfs file
+<A HREF="auqbg007.htm#IDX3050">(3050)</A>
+<LI>vicep<I>xx</I> directory (see entry <I>AFS server partition</I>)
+<A HREF="auqbg005.htm#IDX2247">(2247)</A>
+<LI>VL Server (vlserver process)
+<MENU>
+<LI>starting
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2420">(2420)</A>
+<LI>new db-server machine
+<A HREF="auqbg006.htm#IDX2892">(2892)</A>
+</MENU>
+<LI>stopping
+<A HREF="auqbg006.htm#IDX2916">(2916)</A>
+</MENU>
+<LI>volserver process (see entry <I>Volume Server</I>)
+<A HREF="auqbg005.htm#IDX2492">(2492)</A>
+<LI>volume
+<MENU>
+<LI>creating
+<MENU>
+<LI>root.afs
+<A HREF="auqbg005.htm#IDX2504">(2504)</A>
+<LI>root.cell
+<A HREF="auqbg005.htm#IDX2595">(2595)</A>
+<LI>src.afs
+<A HREF="auqbg008.htm#IDX3098">(3098)</A>
+</MENU>
+<LI>defining replication site
+<A HREF="auqbg005.htm#IDX2619">(2619)</A>
+<LI>for AFS binaries
+<A HREF="auqbg005.htm#IDX2631">(2631)</A>, <A HREF="auqbg007.htm#IDX3086">(3086)</A>
+<LI>for AFS documentation
+<A HREF="auqbg005.htm#IDX2653">(2653)</A>
+<LI>for AFS source
+<A HREF="auqbg008.htm#IDX3092">(3092)</A>
+<LI>for system binaries
+<A HREF="auqbg005.htm#IDX2666">(2666)</A>
+<LI>mounting
+<A HREF="auqbg005.htm#IDX2610">(2610)</A>
+<LI>releasing replicated
+<A HREF="auqbg005.htm#IDX2625">(2625)</A>
+<LI>replicating root.afs and root.cell
+<A HREF="auqbg005.htm#IDX2598">(2598)</A>
+<LI>setting quota
+<A HREF="auqbg005.htm#IDX2640">(2640)</A>
+</MENU>
+<LI>Volume Location Server (see entry <I>VL Server</I>)
+<A HREF="auqbg005.htm#IDX2421">(2421)</A>
+<LI>Volume Server
+<MENU>
+<LI>first AFS machine
+<A HREF="auqbg005.htm#IDX2491">(2491)</A>
+<LI>server machine after first
+<A HREF="auqbg006.htm#IDX2821">(2821)</A>
+</MENU>
+<LI>vos commands
+<MENU>
+<LI>addsite
+<A HREF="auqbg005.htm#IDX2618">(2618)</A>
+<LI>create
+<MENU>
+<LI>root.afs volume
+<A HREF="auqbg005.htm#IDX2502">(2502)</A>
+<LI>root.cell volume
+<A HREF="auqbg005.htm#IDX2605">(2605)</A>
+<LI>src.afs volume
+<A HREF="auqbg008.htm#IDX3096">(3096)</A>
+<LI>volume for AFS binaries
+<A HREF="auqbg005.htm#IDX2636">(2636)</A>
+<LI>volume for AFS documentation
+<A HREF="auqbg005.htm#IDX2658">(2658)</A>
+</MENU>
+<LI>release
+<A HREF="auqbg005.htm#IDX2624">(2624)</A>
+<LI>syncserv
+<A HREF="auqbg005.htm#IDX2509">(2509)</A>
+<LI>syncvldb
+<A HREF="auqbg005.htm#IDX2507">(2507)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_57" HREF="#IDX0_57">W</A></STRONG>
+<MENU>
+<LI>washtool command
+<A HREF="auqbg008.htm#IDX3106">(3106)</A>
+<LI>WASHTOOL variable
+<A HREF="auqbg008.htm#IDX3112">(3112)</A>
+</MENU>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auqbg008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3639/awqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 6 Dec 1999 at 11:23:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 06 Dec 1999 11:23:34">
+<META HTTP-EQUIV="review" CONTENT="Wed, 06 Dec 2000 11:23:34">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 06 Dec 2001 11:23:34">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="awqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="awqbg002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="awqbg004.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P><HR>
+AFS for Windows<BR>
+Quick Beginnings<BR>
+<P>Version 3.6
+<P>Document Number SC09-4564-00
+<P>CT6Q8NA
+<P><B>First Edition (April 2000)</B>
+<P>This edition applies to:
+<DL COMPACT>
+<DD>IBM AFS for Windows, Version 3.6
+</DL>
+<P>and to all subsequent releases and modifications until otherwise indicated
+in new editions.
+<P>This softcopy version is based on the printed edition of this book.
+Some formatting amendments have been made to make this information more
+suitable for softcopy.
+<P>Order publications through your IBM representative or through the IBM
+branch office serving your locality.
+<P><B>© Copyright International Business Machines Corporation 1999. All rights reserved. </B>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="awqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="awqbg002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="awqbg004.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3639/awqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 6 Dec 1999 at 11:23:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 06 Dec 1999 11:23:34">
+<META HTTP-EQUIV="review" CONTENT="Wed, 06 Dec 2000 11:23:34">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 06 Dec 2001 11:23:34">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="awqbg000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="awqbg003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="awqbg004.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<H2><A NAME="ToC">Table of Contents</A></H2>
+<P><B><A NAME="ToC_1" HREF="awqbg003.htm#Header_1">IBM AFS for Windows Quick Beginnings</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_2" HREF="awqbg003.htm#Header_2">Introduction</A>
+<LI><A NAME="ToC_3" HREF="awqbg003.htm#Header_3">Document Overview</A>
+<MENU>
+<LI><A NAME="ToC_4" HREF="awqbg003.htm#Header_4">Audience</A>
+<LI><A NAME="ToC_5" HREF="awqbg003.htm#Header_5">Organization</A>
+</MENU>
+<LI><A NAME="ToC_6" HREF="awqbg003.htm#HDRINSTALLATION">Installing AFS for Windows</A>
+<MENU>
+<LI><A NAME="ToC_7" HREF="awqbg003.htm#Header_7">AFS for Windows Components</A>
+<LI><A NAME="ToC_8" HREF="awqbg003.htm#HDROPTIONS">Installation Options</A>
+<LI><A NAME="ToC_9" HREF="awqbg003.htm#Header_9">Upgrading From an Earlier Version</A>
+<LI><A NAME="ToC_10" HREF="awqbg003.htm#HDRHOWTOINSTALL">To Install AFS for Windows</A>
+<LI><A NAME="ToC_11" HREF="awqbg003.htm#Header_11">Changes Made to Your System</A>
+</MENU>
+<LI><A NAME="ToC_17" HREF="awqbg003.htm#HDRDOCUMENT">AFS for Windows Documentation</A>
+<MENU>
+<LI><A NAME="ToC_18" HREF="awqbg003.htm#Header_18">The Online Documentation Directory</A>
+<LI><A NAME="ToC_20" HREF="awqbg003.htm#Header_20">The CD-ROM Documentation Directory</A>
+<LI><A NAME="ToC_22" HREF="awqbg003.htm#Header_22">Online Help</A>
+</MENU>
+<LI><A NAME="ToC_23" HREF="awqbg003.htm#HDRCONFIGURE">Configuring AFS for Windows</A>
+<MENU>
+<LI><A NAME="ToC_24" HREF="awqbg003.htm#HDRCLIENT_CONFIG">To Configure the AFS Client</A>
+<LI><A NAME="ToC_25" HREF="awqbg003.htm#HDRGATEWAY">To Configure the AFS Client as an AFS Light Gateway</A>
+<LI><A NAME="ToC_26" HREF="awqbg003.htm#Header_26">To Configure AFS Light</A>
+<LI><A NAME="ToC_27" HREF="awqbg003.htm#Header_27">To Configure the AFS Server</A>
+<LI><A NAME="ToC_28" HREF="awqbg003.htm#Header_28">To Configure the AFS Control Center</A>
+</MENU>
+<LI><A NAME="ToC_29" HREF="awqbg003.htm#HDRUNINSTALL">Uninstalling AFS for Windows</A>
+<MENU>
+<LI><A NAME="ToC_30" HREF="awqbg003.htm#Header_30">Reinstalling and Upgrading</A>
+<LI><A NAME="ToC_31" HREF="awqbg003.htm#Header_31">Uninstallation Prerequisites</A>
+<LI><A NAME="ToC_32" HREF="awqbg003.htm#HDRTOUNINSTALL">To Uninstall AFS for Windows</A>
+<LI><A NAME="ToC_33" HREF="awqbg003.htm#Header_33">Changes Made to Your System</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_39" HREF="awqbg004.htm#HDRINDEX">Index</A></B><BR>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="awqbg000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="awqbg003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="awqbg004.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3639/awqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 6 Dec 1999 at 11:23:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 06 Dec 1999 11:23:34">
+<META HTTP-EQUIV="review" CONTENT="Wed, 06 Dec 2000 11:23:34">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 06 Dec 2001 11:23:34">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="awqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="awqbg002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="awqbg004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="awqbg004.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="Header_1" HREF="awqbg002.htm#ToC_1">IBM AFS for Windows Quick Beginnings</A></H1>
+<HR><H2><A NAME="Header_2" HREF="awqbg002.htm#ToC_2">Introduction</A></H2>
+<A NAME="IDX178"></A>
+<A NAME="IDX179"></A>
+<P>AFS<SUP>(R)</SUP> is an enterprise file system that provides consistent
+file access by way of a shared filespace. By joining the local file
+systems of several File Server machines, AFS presents a single filespace
+independent of machine boundaries. Files are stored on different
+machines in the computer network but are accessible from all machines across
+the enterprise.
+<P>IBM AFS for Windows<SUP>(R)</SUP>, version 3.6 extends the full
+capabilities of AFS to Microsoft<SUP>(R)</SUP> Windows operating
+systems.
+<HR><H2><A NAME="Header_3" HREF="awqbg002.htm#ToC_3">Document Overview</A></H2>
+<P>
+<A NAME="IDX180"></A>
+This document summarizes installation prerequisites, provides detailed
+instructions on how to install, configure, and uninstall AFS for Windows, and
+outlines the changes made to your system during the installation and
+uninstallation processes. This document also describes the
+documentation provided with AFS for Windows.
+<P><H3><A NAME="Header_4" HREF="awqbg002.htm#ToC_4">Audience</A></H3>
+<P>
+<A NAME="IDX181"></A>
+This document provides information for system administrators and users
+responsible for the installation and configuration of the products included in
+AFS for Windows. This document assumes that system administrators are
+familiar with system administration in general and that users are familiar
+with the basic terms and concepts of the Microsoft Windows operating
+systems.
+<P><H3><A NAME="Header_5" HREF="awqbg002.htm#ToC_5">Organization</A></H3>
+<P>This document has the following organization:
+<UL>
+<P><LI><A HREF="#HDRINSTALLATION">Installing AFS for Windows</A> outlines installable combinations of AFS components,
+describes the procedure for installing the products that are included in AFS
+for Windows, and lists the changes that the installation process makes to your
+system.
+<P><LI><A HREF="#HDRDOCUMENT">AFS for Windows Documentation</A> presents the various types of documentation that are
+provided with AFS for Windows and discusses procedures for accessing this
+documentation.
+<P><LI><A HREF="#HDRCONFIGURE">Configuring AFS for Windows</A> describes the procedures for configuring the products that
+are included in AFS for Windows.
+<P><LI><A HREF="#HDRUNINSTALL">Uninstalling AFS for Windows</A> outlines uninstallation prerequisites, describes the
+procedure for uninstalling the products that are included in AFS for Windows,
+and lists the changes that the uninstallation process makes to your
+system.
+</UL>
+<HR><H2><A NAME="HDRINSTALLATION" HREF="awqbg002.htm#ToC_6">Installing AFS for Windows</A></H2>
+<P>This section outlines installable combinations of AFS components,
+describes the procedure for installing AFS for Windows, and lists the changes
+that the installation process makes to your system.
+<P><H3><A NAME="Header_7" HREF="awqbg002.htm#ToC_7">AFS for Windows Components</A></H3>
+<P>
+<A NAME="IDX182"></A>
+AFS for Windows, version 3.6 includes the following components:
+<UL>
+<P><LI>
+<A NAME="IDX183"></A>
+<A NAME="IDX184"></A>
+<A NAME="IDX185"></A>
+<B>AFS Server</B>
+<P>The AFS Server runs AFS server processes and includes the AFS Server
+Configuration Wizard to facilitate setup.
+<P><LI>
+<A NAME="IDX186"></A>
+<A NAME="IDX187"></A>
+<A NAME="IDX188"></A>
+<B>AFS Control Center</B>
+<P>The AFS Control Center includes two powerful graphical user interface (GUI)
+tools to assist AFS system administrators in AFS cell administration:
+the AFS Server Manager and the AFS Account Manager.
+<P><LI>
+<A NAME="IDX189"></A>
+<A NAME="IDX190"></A>
+<A NAME="IDX191"></A>
+<B>AFS Client</B>
+<P>The AFS Client provides direct access to the AFS filespace, enabling users
+to manage files and directories in AFS. The AFS Client includes the AFS
+Light Gateway.
+<P><LI>
+<A NAME="IDX192"></A>
+<A NAME="IDX193"></A>
+<A NAME="IDX194"></A>
+<B>AFS Light</B>
+<P>AFS Light provides access to the AFS filespace via an AFS Light Gateway
+machine, enabling users to manage files and directories in AFS.
+<P><LI>
+<A NAME="IDX195"></A>
+<B>AFS Supplemental Documentation</B>
+<P>AFS Supplemental Documentation provides additional AFS system
+administration information and includes the following documents:
+<I>IBM AFS Administration Guide</I> and <I>IBM AFS Administration
+Reference</I>.
+</UL>
+<P><H3><A NAME="HDROPTIONS" HREF="awqbg002.htm#ToC_8">Installation Options</A></H3>
+<P>
+<A NAME="IDX196"></A>
+<A NAME="IDX197"></A>
+<A NAME="IDX198"></A>
+You can install the components of AFS for Windows in various combinations,
+based on your Windows operating system. Refer to the <I>IBM AFS for
+Windows Release Notes</I> for details on the specific software requirements
+for each AFS for Windows component. Note that if you are installing the
+AFS Server, you must also install the AFS Client, unless the AFS Client,
+version 3.6 is already installed on the machine. Follow the
+installation procedure described in <A HREF="#HDRHOWTOINSTALL">To Install AFS for Windows</A> regardless of the components you are installing.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">
+<A NAME="IDX199"></A>
+<A NAME="IDX200"></A>
+<A NAME="IDX201"></A>
+<A NAME="IDX202"></A>
+<A NAME="IDX203"></A>
+You have the option of altering the AFS for Windows setup program to disable
+all but the client component. Such a client-only setup program renders
+users unable to install any components other than the AFS Client. To
+perform a client-only installation, create the file <B>setup.co</B>
+in the same directory as the other installation files; the setup program
+then only allows the AFS Client to be installed. Note that the contents
+of the <B>setup.co</B> file are irrelevent. Follow the
+installation procedure described in <A HREF="#HDRHOWTOINSTALL">To Install AFS for Windows</A> regardless of the type of installation you are
+performing.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_9" HREF="awqbg002.htm#ToC_9">Upgrading From an Earlier Version</A></H3>
+<P>
+<A NAME="IDX204"></A>
+<A NAME="IDX205"></A>
+<A NAME="IDX206"></A>
+On a Windows NT machine, it is <I>not</I> necessary to uninstall the
+components of AFS for Windows for the purpose of upgrading the software;
+you can install this release of AFS for Windows on your system
+<I>without</I> removing or unconfiguring your existing software. To
+upgrade AFS for Windows, follow the installation procedure described in <A HREF="#HDRHOWTOINSTALL">To Install AFS for Windows</A>. During the installation process, the
+previous-version AFS component is upgraded and the AFS configuration
+information is preserved.
+<P>On a Windows 95 or Windows 98 machine, you must uninstall the
+previously-installed AFS Light component, as described in <A HREF="#HDRTOUNINSTALL">To Uninstall AFS for Windows</A>, before upgrading AFS Light.
+<P>Note that the AFS for Windows installation tool does <I>not</I> allow a
+user to install AFS components that have different version numbers. If
+you have more than one AFS for Windows component installed on your machine,
+you cannot update one component without updating all of the other components
+as well.
+<P><H3><A NAME="HDRHOWTOINSTALL" HREF="awqbg002.htm#ToC_10">To Install AFS for Windows</A></H3>
+<A NAME="IDX207"></A>
+<A NAME="IDX208"></A>
+<A NAME="IDX209"></A>
+<A NAME="IDX210"></A>
+<A NAME="IDX211"></A>
+<A NAME="IDX212"></A>
+<A NAME="IDX213"></A>
+<P>Before installing AFS for Windows, refer to your <I>IBM AFS for Windows
+Release Notes</I> for a detailed description of the installation
+prerequisites. If you are running any other Windows applications, it is
+recommended that you exit from them before installing AFS for Windows.
+<OL TYPE=1>
+<P><LI>Insert the AFS for Windows installation disk into your CD-ROM
+drive.
+<P><LI>Run the AFS for Windows <B>setup</B> program by using one of the
+following methods:
+<UL>
+<P><LI>From the <B>Start</B> menu, select <B>Run</B>. Type
+<TT><I>drive</I><B>:\setup</B></TT> where <I>drive</I> is
+the drive letter of your CD-ROM drive. Click <B>OK</B>.
+<P><LI>In the <B>Windows Explorer</B>, select your CD-ROM drive, and
+double-click the <B>setup.exe</B> program.
+</UL>
+<P><LI>The Welcome dialog box appears. Select the <B>Next</B> button
+to continue with the installation process.
+<P><LI>The Select Components dialog box appears.
+<UL>
+<P><LI>In the <B>Components</B> box, select the AFS for Windows components
+that you want to install or upgrade. See <A HREF="#HDROPTIONS">Installation Options</A> for information on the various combinations of components
+that can be installed on a Windows machine. Note that if you are
+installing the AFS Server, you must also select to install (or upgrade) the
+AFS Client, unless the AFS Client, version 3.6 is already installed on
+your system.
+<P><LI>The <B>Destination Folder</B> box indicates the default drive and
+directory in which the selected components will be installed. The
+default drive is the drive where Windows is installed. The default
+directory on that drive is <B>\Program Files\Ibm\Afs</B>. To select
+another drive, directory, or both, select the <B>Browse</B> button.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you are upgrading from a previous-version of AFS for Windows or
+reinstalling AFS for Windows, the installation directory that you choose must
+be the same as the installation directory that was used by the
+previously-installed version.
+</TD></TR></TABLE>
+</UL>
+<P>Select the <B>Next</B> button to continue with the installation
+process.
+<P><LI>The application files for the selected AFS for Windows components are
+installed on your system. When the installation process finishes, the
+Setup Complete dialog box appears, indicating that you must restart your
+system before you can use the installed AFS products. Select <B>Yes,
+I want to restart my computer now</B>, and then select the <B>Finish</B>
+button. Your system is shut down and then restarted.
+<P>Installation of AFS for Windows is complete.
+</OL>
+<P><H3><A NAME="Header_11" HREF="awqbg002.htm#ToC_11">Changes Made to Your System</A></H3>
+<P>
+<A NAME="IDX214"></A>
+This section describes the changes that are made to your system by installing
+each AFS for Windows component. The information in this section is
+based upon the default installation settings.
+<P><H4><A NAME="HDRCLIENTCHANGE">Changes made to your system by installing the AFS Client</A></H4>
+<P>Installing the AFS Client for Windows NT makes the following changes to
+your system:
+<UL>
+<P><LI>Creates a <B>Start</B> menu program group named <B>IBM AFS</B>
+with the following program applications:
+<DL>
+<DD><P>The <B>Documentation</B> program entry allows access to the AFS online
+documentation set that is provided with AFS for Windows.
+<DD><P>The <B>Client</B> program subgroup enables users to access the AFS
+Client property box and the AFS Client Online Help.
+</DL>
+<P><LI>Adds the AFS Menu to the Windows NT Explorer's context menu.
+<P><LI>Creates a documentation directory and places the <I>IBM AFS for Windows
+Quick Beginnings</I> and the <I>IBM AFS for Windows Release Notes</I>
+online documents in the directory, which is located at <B>\Program
+Files\Ibm\Afs\Documentation</B>.
+<P><LI>Adds <B>AFS Credentials</B> to the <B>Startup</B> program
+group. The <B>AFS Client</B> icon is displayed in the taskbar at
+startup.
+<P><LI>Creates the installation directories in which the setup program installs
+AFS binaries, icons, and help files. The default directories are
+<B>\Program Files\Ibm\Afs\Client\Program</B> and <B>\Program
+Files\Ibm\Afs\Common</B>.
+<P><LI>Registers the AFS Client as a service.
+<P><LI>Installs the AFS Client Configuration utility and adds the <B>AFS Client
+Configuration</B> icon to the Control Panel by placing the
+<B>afs_cpa.cpl</B> file in the
+<B>\</B><I>WindowsDefault</I><B>\system32</B> directory, where
+<I>WindowsDefault</I> is your Windows directory.
+<P><LI>Places the <B>afsdcell.ini</B> file in your Windows directory
+and in the <B>\Program Files\Ibm\Afs\Common</B> directory. If you
+have upgraded from a previous-version AFS Client, the AFS Client cell database
+(<B>afsdcell.ini</B>) in the Windows directory is not
+replaced.
+<P><LI>Modifies the Windows NT Registry by adding entries relevant to the AFS
+Client.
+</UL>
+<P><H4><A NAME="Header_13">Changes made to your system by installing AFS Light</A></H4>
+<P>Installing AFS Light for Windows 95 and Windows 98 makes the following
+changes to your system:
+<UL>
+<P><LI>Creates a program group named <B>IBM AFS</B> with the following
+program applications:
+<DL>
+<DD><P>The <B>Documentation</B> program entry allows access to the AFS online
+documentation set that is provided with AFS for Windows.
+<DD><P>The <B>Light</B> program subgroup enables users to access the AFS
+Light property box and the AFS Light Online Help.
+</DL>
+<P><LI>Adds the AFS Menu to the Windows Explorer's context menu.
+<P><LI>Creates a documentation directory and places the <I>IBM AFS for Windows
+Quick Beginnings</I> and the <I>IBM AFS for Windows Release Notes</I>
+online documents in the directory, which is located at <B>\Program
+Files\Ibm\Afs\Documentation</B>.
+<P><LI>Creates the installation directories in which the setup program installs
+AFS binaries, icons, and help files. The default directories are
+<B>\Program Files\Ibm\Afs\Client\Program</B> and <B>\Program
+Files\Ibm\Afs\Common</B>.
+<P><LI>Installs the AFS Light Configuration utility and adds the <B>AFS Light
+Configuration</B> icon to the Control Panel by placing the
+<B>afs_cpa.cpl</B> file in the
+<B>\</B><I>WindowsDefault</I><B>\system</B> directory, where
+<I>WindowsDefault</I> is your Windows directory.
+<P><LI>Places the <B>afsdcell.ini</B> file in your Windows directory
+and in the <B>\Program Files\Ibm\Afs\Common</B> directory.
+<P><LI>Modifies the Windows Registry by adding entries relevant to AFS
+Light.
+</UL>
+<P><H4><A NAME="Header_14">Changes made to your system by installing the AFS Server</A></H4>
+<P>Installing the AFS Server for Windows NT makes the following changes to
+your system:
+<UL>
+<P><LI>Creates a <B>Start</B> menu program group named <B>IBM AFS</B>
+with the following program applications:
+<DL>
+<DD><P>The <B>Documentation</B> program entry allows access to the AFS online
+documentation set that is provided with AFS for Windows.
+<DD><P>The <B>Server</B> program subgroup enables users to access the AFS
+Server Quick-Start Wizard.
+</DL>
+<P><LI>Creates a documentation directory and places the <I>IBM AFS for Windows
+Quick Beginnings</I> and the <I>IBM AFS for Windows Release Notes</I>
+online documents in the directory, which is located at <B>\Program
+Files\Ibm\Afs\Documentation</B>.
+<P><LI>Creates the installation directories in which the setup program installs
+AFS binaries, icons, and help files. The default directories are
+<B>\Program Files\Ibm\Afs\Server\usr\afs\bin</B> and <B>\Program
+Files\Ibm\Afs\Common</B>.
+<P><LI>Registers the AFS Server as a service.
+<P><LI>Installs the AFS Server Configuration application and adds the <B>AFS
+Server Configuration</B> icon to the Control Panel by placing the
+<B>afsserver.cpl</B> file in the
+<B>\</B><I>WindowsDefault</I><B>\system32</B> directory, where
+<I>WindowsDefault</I> is your Windows directory.
+<P><LI>Modifies the Windows NT Registry by adding entries relevant to the AFS
+Server.
+</UL>
+<P><H4><A NAME="Header_15">Changes made to your system by installing the AFS Control Center</A></H4>
+<P>Installing the AFS Control Center for Windows NT makes the following
+changes to your system:
+<UL>
+<P><LI>Creates a <B>Start</B> menu program group named <B>IBM AFS</B>
+with the following program applications:
+<DL>
+<DD><P>The <B>Documentation</B> program entry allows access to the AFS online
+documentation set that is provided with AFS for Windows.
+<DD><P>The <B>Control Center</B> program subgroup enables users to access the
+Account Manager and the Server Manager.
+</DL>
+<P><LI>Creates a documentation directory and places the <I>IBM AFS for Windows
+Quick Beginnings</I> and the <I>IBM AFS for Windows Release Notes</I>
+online documents in the directory, which is located at <B>\Program
+Files\Ibm\Afs\Documentation</B>.
+<P><LI>Creates the installation directories in which the setup program installs
+AFS binaries, icons, and help files. The default directories are
+<B>\Program Files\Ibm\Afs\Control Center</B> and <B>\Program
+Files\Ibm\Afs\Common</B>.
+<P><LI>Installs the AFS Control Center Properties utility and adds the <B>AFS
+Control Center</B> icon to the Control Panel by placing the
+<B>afs_cpa.cpl</B> file in the
+<B>\</B><I>WindowsDefault</I><B>\system32</B> directory, where
+<I>WindowsDefault</I> is your Windows directory. This icon is added
+to the Control Panel if only the AFS Control Center is installed on your
+system.
+<P><LI>Places the <B>afsdcell.ini</B> file in your Windows directory
+and in the <B>\Program Files\Ibm\Afs\Common</B> directory.
+<P><LI>Modifies the Windows NT Registry by adding entries relevant to the AFS
+Control Center.
+</UL>
+<P><H4><A NAME="Header_16">Changes made to your system by installing the AFS Supplemental Documentation</A></H4>
+<P>Installing the AFS Supplemental Documentation makes the following
+changes to your system:
+<UL>
+<P><LI>Creates a <B>Start</B> menu program group named <B>IBM AFS</B>
+with a program entry named <B>Documentation</B>.
+<P><LI>The following system administration documents are installed on the
+machine: <I>IBM AFS Administration Guide</I> and <I>IBM AFS
+Administration Reference</I>. These documents are added to the online
+documentation directory, which is located at <B>\Program
+Files\Ibm\Afs\Documentation</B>. The <I>IBM AFS for Windows Quick
+Beginnings</I> and the <I>IBM AFS for Windows Release Notes</I> online
+documents are also installed in the documentation directory.
+<P><LI>Modifies the Windows NT Registry by adding entries relevant to the AFS
+Supplemental Documentation.
+</UL>
+<HR><H2><A NAME="HDRDOCUMENT" HREF="awqbg002.htm#ToC_17">AFS for Windows Documentation</A></H2>
+<P>This section describes the documentation that is provided with AFS for
+Windows and details the procedures for accessing this documentation.
+<P><H3><A NAME="Header_18" HREF="awqbg002.htm#ToC_18">The Online Documentation Directory</A></H3>
+<A NAME="IDX215"></A>
+<A NAME="IDX216"></A>
+<P>Regardless of the components you install on your system, a documentation
+directory is created. The default location is <B>\Program
+Files\Ibm\Afs\Documentation</B>. This directory includes the <I>IBM
+AFS for Windows Quick Beginnings</I> and <I>IBM AFS for Windows Release
+Notes</I>. These same documents are available from the Documentation
+index accessed from the <B>Documentation</B> entry in the <B>Start</B>
+menu.
+<P>If you install the AFS Supplemental Documentation, then the documentation
+directory also includes the following documents: <I>IBM AFS
+Administration Guide</I> and <I>IBM AFS Administration
+Reference</I>. These same documents are available from the
+Documentation index accessed from the <B>Documentation</B> entry in the
+<B>Start</B> menu.
+<P><H4><A NAME="Header_19">To access the online documentation directory:</A></H4>
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Programs</B>, then choose
+<B>IBM AFS</B>, then choose <B>Documentation</B>.
+<P><LI>Select the document that you want to view.
+</OL>
+<P><H3><A NAME="Header_20" HREF="awqbg002.htm#ToC_20">The CD-ROM Documentation Directory</A></H3>
+<A NAME="IDX217"></A>
+<A NAME="IDX218"></A>
+<P>The AFS for Windows CD-ROM contains a documentation directory. This
+directory includes the following documentation: <I>IBM AFS for Windows
+Quick Beginnings</I>, <I>IBM AFS for Windows Release Notes</I>, <I>IBM
+AFS Administration Guide</I>, and <I>IBM AFS Administration
+Reference</I>. The documentation is provided in HTML and PDF
+formats.
+<P><H4><A NAME="Header_21">To access the CD-ROM documentation directory:</A></H4>
+<OL TYPE=1>
+<P><LI>Insert the AFS for Windows CD-ROM into your machine's CD-ROM
+drive.
+<P><LI>Follow one of the paths listed below. Note that <I>CD</I> is
+the drive letter of your CD-ROM drive.
+<UL>
+<P><LI>For HTML documentation, follow the path
+<I>CD</I><B>:\Documentation\Html</B>.
+<P><LI>For PDF documentation, follow the path
+<I>CD</I><B>:\Documentation\Pdf</B>.
+</UL>
+</OL>
+<P><H3><A NAME="Header_22" HREF="awqbg002.htm#ToC_22">Online Help</A></H3>
+<A NAME="IDX219"></A>
+<A NAME="IDX220"></A>
+<P>Online help is installed along with each AFS for Windows component.
+The online help documentation describes the features available from each
+component. Use the <B>Help</B> menus and <B>Help</B> buttons
+located on most dialog boxes to access the online help. You can get
+help on topics by browsing the contents page, using the index to locate
+topics, and using <B>Find</B>, the online help search engine.
+<HR><H2><A NAME="HDRCONFIGURE" HREF="awqbg002.htm#ToC_23">Configuring AFS for Windows</A></H2>
+<P>
+<A NAME="IDX221"></A>
+<A NAME="IDX222"></A>
+This section details the configuration procedure for each of the components of
+AFS for Windows. You must configure the components on your system
+before you can use AFS.
+<P><H3><A NAME="HDRCLIENT_CONFIG" HREF="awqbg002.htm#ToC_24">To Configure the AFS Client</A></H3>
+<A NAME="IDX223"></A>
+<A NAME="IDX224"></A>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you intend to configure the AFS Server on your Windows NT system, you do
+not need to configure the AFS Client. The AFS Client is configured
+automatically when the AFS Server is configured. In addition, if you
+upgraded to this version of AFS for Windows from a previous-version AFS
+Client, configuration information is preserved. You do not need to
+reconfigure the AFS Client.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Settings</B>, then choose
+<B>Control Panel</B>.
+<P><LI>Double-click the <B>AFS Client Configuration</B> icon. The AFS
+Client Configuration utility opens, displaying the <B>General</B>
+tab.
+<P><LI>In the <B>Cell Name</B> box, enter the name of the AFS cell in which
+the machine is to be a client.
+<P><LI>Select the <B>AFS Cells</B> tab. If the cell in which the
+machine is to be a client is not listed in the list of AFS cells, choose the
+<B>Add</B> button. The New Cell dialog box opens. Enter the
+cell name in the <B>AFS Cell</B> box and a short description in the
+<B>Description</B> box.
+<P>Choose the <B>Add</B> button. The Add Server dialog box
+opens. In the <B>Server Name</B> box, enter the name of a Volume
+Location Server in the selected cell. Choose <B>OK</B> to close the
+Add Server dialog box. Repeat this process, adding information for all
+Volume Location Servers in the cell. (If you do not know the names of
+the Volume Location Servers in the AFS cell, consult your AFS system
+administrator.) After all server information has been entered, choose
+<B>OK</B> to close the New Cell dialog box.
+<P><LI>Select the <B>General</B> tab and choose the <B>Start Service</B>
+button to start the AFS Client service.
+<P><LI>Select the <B>Drive Letters</B> tab. To map a drive letter on
+the Windows NT machine to the AFS filespace, choose the <B>Add</B>
+button. The Map Drive Letter dialog box opens.
+<P><LI>In the <B>Drive Letter</B> box, select the drive to be mapped to the
+AFS filespace or accept the default. In the <B>AFS</B>
+<B>Path</B> box, indicate the AFS location to which you want to map the
+selected drive, for example,<B> /afs</B>. If desired, enter a
+description of the AFS drive mapping in the <B>Description</B> box.
+Choose <B>OK</B> to connect the drive to the specified place in the AFS
+filespace.
+<P><LI>Choose <B>OK</B> to close the AFS Client Configuration utility.
+<P>The AFS Client is now configured in the selected AFS cell and the AFS
+filespace can be accessed via the selected drive mapping in the Windows NT
+Explorer.
+</OL>
+<P><H3><A NAME="HDRGATEWAY" HREF="awqbg002.htm#ToC_25">To Configure the AFS Client as an AFS Light Gateway</A></H3>
+<A NAME="IDX225"></A>
+<A NAME="IDX226"></A>
+<A NAME="IDX227"></A>
+<P>You can configure the AFS Client on your Windows NT machine to serve as an
+AFS Light Gateway. Your AFS Client, configured as an AFS Light Gateway,
+makes it possible for AFS Light users to access the AFS filespace.
+<OL TYPE=1>
+<P><LI>Configure the AFS Client as detailed in <A HREF="#HDRCLIENT_CONFIG">To Configure the AFS Client</A>.
+<P><LI>From the <B>Start</B> menu, choose <B>Settings</B>, then choose
+<B>Control Panel</B>.
+<P><LI>Double-click the <B>AFS Client Configuration</B> icon. The AFS
+Client Configuration utility opens, displaying the <B>General</B>
+tab.
+<P><LI>Select the <B>Provide an AFS Light Gateway</B> option.
+<P><LI>Choose <B>OK</B>.
+<UL>
+<P><LI>If the AFS Client service is running, a message box appears, informing you
+that the service must be restarted. Choose <B>Yes</B> to restart
+the AFS Client service and enable the AFS Light Gateway.
+<P><LI>If the AFS Client service is stopped, a message box appears, informing you
+that you must start the AFS Client service. Choose <B>Yes</B> to
+start the AFS Client service and enable the AFS Light Gateway.
+</UL>
+<P><LI>
+<A NAME="IDX228"></A>
+Add cell entries to your AFS Light Gateway's cell database. Note
+that in order for an AFS Light user to access a cell, an entry for the cell
+must exist in both the AFS Light cell database and the AFS Light Gateway cell
+database. Incorrect or missing information about a cell in the gateway
+machine's cell database renders light client machines unable to access
+files.
+<P><B>To add an entry to the cell database:</B>
+<P>Access the <B>AFS Cells</B> tab from the AFS Light Configuration
+utility and choose the <B>Add</B> button. The New Cell dialog box
+opens. Enter the cell name in the <B>AFS Cell</B> box and a short
+description in the <B>Description</B> box.
+<P>Choose the <B>Add</B> button. The Add Server dialog box
+opens. In the <B>Server Name</B> box, enter the name of a Volume
+Location Server in the selected cell. Choose <B>OK</B> to close the
+Add Server dialog box. Repeat this process, adding information for all
+Volume Location Servers in the cell. (If you do not know the names of
+the Volume Location Servers in the AFS cell, consult your AFS system
+administrator.) After all server information has been entered, choose
+<B>OK</B> to close the New Cell dialog box.
+</OL>
+<P>
+<A NAME="IDX229"></A>
+<A NAME="IDX230"></A>
+<A NAME="IDX231"></A>
+The Windows NT machine is now configured as an AFS Light Gateway. Once
+configured as an AFS Light Gateway, your AFS Client machine must be able to
+authenticate AFS Light users in a Windows context. This authentication
+can be achieved via a <I>domain</I> user account or via synchronized
+<I>machine</I> user accounts. A domain user account is a user
+account in a Windows domain. A machine user account is a user account
+that is valid only on a particular host machine.
+<P>When the AFS Light Gateway is configured into a Windows domain, the AFS
+Light user must log onto either a domain user account in the domain to which
+the gateway belongs or a machine user account with the same username and
+password as that of a domain user account in the gateway domain.
+<P>If machine user accounts are employed, then these accounts must be
+synchronized on the AFS Light Gateway and AFS Light machines. A user
+must log onto an AFS Light machine with the same username and password as that
+of a machine user account that is defined on the AFS Light Gateway
+machine.
+<P><H3><A NAME="Header_26" HREF="awqbg002.htm#ToC_26">To Configure AFS Light</A></H3>
+<A NAME="IDX232"></A>
+<A NAME="IDX233"></A>
+<P>AFS Light accesses the AFS filespace via an AFS Light Gateway.
+Before configuring AFS Light, you must have a Windows NT machine running the
+AFS Client and configured as an AFS Light Gateway. See <A HREF="#HDRGATEWAY">To Configure the AFS Client as an AFS Light Gateway</A> for more information.
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Settings</B>, then choose
+<B>Control Panel</B>.
+<P><LI>Double-click the <B>AFS Light Configuration</B> icon. The AFS
+Light Configuration utility opens, displaying the <B>General</B>
+tab.
+<A NAME="IDX234"></A>
+<A NAME="IDX235"></A>
+<P><LI>In the <B>Gateway</B> box, enter the name of a Windows NT machine that
+is configured as an AFS Light Gateway and click <B>Connect Now</B>.
+The name of the gateway machine is the gateway's NetBIOS service name, in
+the form <I>mach</I><B>-afs</B>, where <I>mach</I> is the
+host computer name up to a maximum of 11 characters. AFS Light must be
+able to resolve this service name in order to communicate with the gateway
+machine. Name resolution can be achieved by adding the gateway's
+NetBIOS service name to the client's LMHOSTS file or to the appropriate
+DNS or WINS servers. If the AFS Light machine and its AFS Light Gateway
+machine reside on the same subnet, then no additional configuration is
+required.
+<P>AFS Light automatically becomes a member of the same cell as its AFS Light
+Gateway. The name of the cell is displayed in the <B>Cell Name</B>
+box.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the AFS Light Gateway machine is in the same domain as the AFS Light
+machine and the hostname of the gateway machine in this domain is
+<B>xyz-pc</B>, you can specify the computer name in the <B>Gateway</B>
+box as either <B>xyz-pc</B> or
+<B>xyz-pc.xcompany.com</B>.
+</TD></TR></TABLE>
+<P><LI>Select the <B>AFS Cells</B> tab. If the cell to which the
+machine belongs is not listed in the list of AFS cells, choose the
+<B>Add</B> button. The New Cell dialog box opens. Enter the
+cell name in the <B>AFS Cell</B> box and a short description in the
+<B>Description</B> box.
+<P>Choose the <B>Add</B> button. The Add Server dialog box
+opens. In the <B>Server Name</B> box, enter the name of a Volume
+Location Server in the selected cell. Choose <B>OK</B> to close the
+Add Server dialog box. Repeat this process, adding information for all
+Volume Location Servers in the cell. (If you do not know the names of
+the Volume Location Servers in the AFS cell, consult your AFS system
+administrator.) After all server information has been entered, choose
+<B>OK</B> to close the New Cell dialog box.
+<P>Note that an identical entry must exist in the AFS Light Gateway's
+cell database (<B>afsdcell.ini</B> file) in order for the AFS Light
+user to authenticate to the cell. See <A HREF="#HDRGATEWAY">To Configure the AFS Client as an AFS Light Gateway</A> for more information on synchronizing the gateway
+machine's cell database with your light client's cell
+database.
+<P><LI>Select the <B>Drive Letters</B> tab. To map a drive letter on
+the Windows machine to the AFS filespace, choose the <B>Add</B>
+button. The Map Drive Letter dialog box opens.
+<P><LI>In the <B>Drive Letter</B> box, select the drive to be mapped to the
+AFS filespace or accept the default. In the <B>AFS</B>
+<B>Path</B> box, indicate the AFS location to which you want to map the
+selected drive, for example,<B> /afs</B>. If desired, enter a
+description of the AFS drive mapping in the <B>Description</B> box.
+Choose <B>OK</B> to connect the drive to the specified place in the AFS
+filespace.
+<P><LI>Choose <B>OK</B> to close the AFS Light Configuration utility.
+<P>AFS Light is now configured in the specified AFS cell and the AFS filespace
+can be accessed via the drive mapping in the Windows Explorer.
+</OL>
+<P><H3><A NAME="Header_27" HREF="awqbg002.htm#ToC_27">To Configure the AFS Server</A></H3>
+<A NAME="IDX236"></A>
+<A NAME="IDX237"></A>
+<P>The configuration process starts the services needed to run the AFS Server
+and sets up AFS partitions on your Windows NT machine. Using the AFS
+Configuration Wizard, you can quickly configure the AFS Server as either the
+first server in a new AFS cell or as a server in an existing AFS cell.
+Note that if you have upgraded to this version of the AFS Server,
+previous-version configuration information is preserved; you do not need
+to reconfigure the server.
+<P><B>
+<A NAME="IDX238"></A>
+To configure the AFS Server as the first AFS Server in a cell:</B>
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Programs</B>, then choose
+<B>IBM AFS</B>, then choose <B>Server</B>, and then choose
+<B>Configuration Wizard</B>. The AFS Server Quick-Start
+Wizard opens.
+<P><LI>Choose the <B>Next</B> button. The Cell and Server Information
+dialog box appears.
+<P><LI>Choose the <B>This will be the first server in a new AFS cell</B>
+option.
+<P><LI>In the <B>Cell Name</B> box, enter a name for the new AFS cell.
+<P>The following constraints apply to the form of an internet domain name that
+can be used as the name of an AFS cell:
+<UL>
+<P><LI>The cell name must be unique in order to distinguish your AFS cell from
+all others in the AFS global namespace.
+<P><LI>The cell name can contain as many as 64 characters; however, shorter
+names are recommended.
+<P><LI>The cell name must include only lowercase characters, numbers,
+underscores, dashes, and periods to ensure portability between different
+operating system types.
+<P><LI>The cell name can include any numbers or letters, which are conventionally
+separated by periods.
+<P><LI>The cell name must end in a suffix that indicates the type of institution
+to which it belongs. Some of the standard suffixes are
+<B>.com</B>, for business and other commercial organizations,
+<B>.edu</B>, for educational institutions such as universities,
+<B>.gov</B>, for government institutions, and
+<B>.mil</B>, for military institutions.
+</UL>
+<P><LI>In the <B>Password</B> box, enter the character string to serve as the
+password for the AFS Server principal account in the cell
+(<B>afs</B>). All AFS Servers obtain AFS tokens as this principal,
+and the Authentication Server's Ticket Granting Service (TGS) module uses
+this password to encrypt the server tickets that AFS Clients present to
+servers during mutual authentication.
+<P><LI>In the <B>Verify password</B> box, retype the initial AFS password for
+the AFS Server principal account for this cell to confirm the password
+selection.
+<P><LI>Choose the <B>Next</B> button. The Administrative Information
+dialog box appears.
+<P><LI>In the <B>Name</B> box, enter a username to serve as a generic AFS
+administrative account for this cell (generally, <B>admin</B>.)
+<P>
+<A NAME="IDX239"></A>
+Use of a generic administrative account means that you do not need to grant
+privileges to each system administrator. Instead, each administrator
+knows the name and password of this generic administrative account and uses
+this identity to authenticate to AFS when performing tasks that require
+administrative privileges.
+<P><LI>In the <B>Password</B> box, enter a character string to serve as the
+password for the AFS administrative account.
+<P><LI>In the <B>Verify password</B> box, retype the password for the AFS
+administrative account to confirm the password selection.
+<P><LI>Specify the AFS User ID (UID) to assign to the AFS administrative
+account:
+<UL>
+<P><LI>(Recommended) To automatically assign the next available UID to the AFS
+administrative account, choose the <B>Use the next available AFS UID</B>
+option.
+<P><LI>To assign a specific UID to the AFS administrative account, choose the
+<B>Use this AFS ID</B> option and enter the desired UID in the entry
+box.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">It is not generally recommended that you assign a specific UID to a new AFS
+account, unless you need to make the AFS UID match an existing UNIX
+UID.
+</TD></TR></TABLE>
+</UL>
+<P><LI>Choose the <B>Next</B> button. The File Service dialog box
+appears.
+<P>
+<A NAME="IDX240"></A>
+AFS File Servers deliver requested files and data from the server to AFS
+Clients. File Servers store files and data, handle requests for
+copying, moving, creating, and deleting files and directories, and keep track
+of status information about each file and directory on the server.
+<P>Because you are configuring the first AFS Server in a new cell, the File
+Service must be configured on the server, and will be configured
+automatically.
+<P><LI>Choose the <B>Next</B> button. The Database Service dialog box
+appears.
+<P>
+<A NAME="IDX241"></A>
+Every AFS cell must contain at least one Database Server. Each Database
+Server runs the Database processes that maintain the AFS databases: the
+Authentication Database, the Protection Database, the Volume Location
+Database, and optionally the Backup Database.
+<P>Because you are configuring the first AFS Server in a new cell, the
+Database Service must be configured on the server, and will be configured
+automatically.
+<P><LI>Choose the <B>Next</B> button. The Backup Server dialog box
+appears.
+<P>
+<A NAME="IDX242"></A>
+A Backup Server maintains the Backup Database where information related to the
+Backup system is stored. The Backup Server enables the AFS system
+administrator to back up data in the AFS filespace from volumes to
+tape. The data can then be restored from tape in the event that it is
+lost from the file system (for example, if a system or disk failure causes
+data to be lost).
+<P><LI>Choose the <B>Yes, configure as a Backup Server</B> option if you want
+to configure this AFS Server as a Backup Server. If you do not want to
+configure this AFS Server as a Backup Server, choose the <B>No, do not
+configure as a Backup Server</B> option.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the Backup Server is configured on any Database Server in the cell, it
+must be configured on <I>all</I> Database Servers in the cell.
+</TD></TR></TABLE>
+<P><LI>Choose the <B>Next</B> button. The AFS Partition dialog box
+appears.
+<P>
+<A NAME="IDX243"></A>
+Every AFS File Server must have at least one partition designated exclusively
+to storing AFS volumes, and all AFS volumes must reside on partitions that
+have been designated as AFS partitions. On a Windows NT machine, only
+NTFS volumes can be designated as AFS partitions. In addition, AFS
+partitions can be created only on NTFS volumes that are empty (or contain only
+the Windows NT Recycle Bin).
+<P>Because you are configuring the first AFS Server in a new cell, you must
+designate an AFS partition on the server.
+<P><LI>In the list of NTFS volumes, choose the volume you want to designate as an
+AFS partition. In the <B>AFS Partition Name</B> box, enter the last
+part of the partition name.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">There can exist up to 256 AFS partitions on an AFS Server. By
+convention, each partition is named <B>/vicep</B><I>x</I>, where
+<I>x</I> is one or two lowercase letters of the English alphabet.
+AFS partitions can be named <B>/vicepa</B>, <B>/vicepb</B>, and so on
+up to <B>/vicepz</B>. Additional partitions can be named
+<B>/vicepaa</B> through <B>vicepaz</B> and so on up to
+<B>/vicepiv</B>.
+</TD></TR></TABLE>
+<P>It is strongly recommended that you use the NTFS volume drive letter as the
+last letter of the partition name.
+<P><LI>Choose the <B>Next</B> button. The Root AFS Volumes dialog box
+appears.
+<P>
+<A NAME="IDX244"></A>
+<A NAME="IDX245"></A>
+<A NAME="IDX246"></A>
+The root AFS volumes are two volumes that every AFS cell must include in its
+file system. They are named:
+<UL>
+<P><LI><B>root.afs</B>, for the volume corresponding to the top
+(<B>/afs</B>) level of the AFS filespace
+<P><LI><B>root.cell</B>, for the volume mounted just below
+<B>/afs</B> at the cell's name (for example,
+<B>/afs/yourcompany.com</B> in the
+<B>yourcompany.com</B> cell)
+</UL>
+<P>Because you are configuring the first AFS Server in a new cell, the
+cell's root volumes must be created on the server, and will be created
+automatically during the configuration of the server.
+<P><LI>Choose the <B>Next</B> button. The Replication dialog box
+appears.
+<P>
+<A NAME="IDX247"></A>
+If you want to be able to take advantage of the replication capabilities of
+AFS, the AFS root volumes must be replicated. The replication process
+creates one or more read-only copies of an AFS volume, and distributes these
+copies to one or more other sites (AFS partitions and servers).
+Replication increases system efficiency and improves data availability by
+making the contents of an AFS volume accessible on one or more AFS File Server
+machines.
+<P>Because you are configuring the first AFS Server in a new cell, the
+cell's root volumes must be replicated on the server, and will be
+replicated automatically during the configuration of the server.
+<P><LI>Choose the <B>Next</B> button. The System Control Service
+dialog box appears.
+<P>
+<A NAME="IDX248"></A>
+In cells running the domestic version of AFS for Windows, the System Control
+Server distributes new versions of AFS Server configuration information to all
+AFS servers. It is generally recommended that you designate the first
+server in an AFS cell as the System Control Server. (Cells running the
+international version of AFS for Windows do not use the System Control Server
+to distribute system configuration files.)
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The role of System Control Server can later be assigned to a different server
+machine if desired. However, depending on the number of AFS servers in
+the cell, the process of assigning the role to another machine can be very
+time-consuming.
+</TD></TR></TABLE>
+<P><LI>To configure this AFS Server as the System Control Server for the AFS
+cell, choose the <B>Configure as the System Control Server</B>
+option. If you do not want to configure this AFS Server as the System
+Control Server for the AFS cell, choose the <B>Do not configure as the
+System Control Server</B> option.
+<P><LI>Choose the <B>Next</B> button. The Configure the System dialog
+box appears.
+<P>A list of the steps that will be taken to configure this AFS Server is
+displayed, enabling you to review the steps before starting the actual
+configuration process.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To return to a previous step to review or modify your selections, choose the
+<B>Back</B> button.
+</TD></TR></TABLE>
+<P><LI>To begin configuration of the AFS Server on this machine, choose the
+<B>Configure</B> button. The AFS Server is configured according to
+your specifications. The progress bar at the bottom of the dialog box
+indicates the steps in progress. A message box appears indicating that
+configuration is complete.
+</OL>
+<P>
+<A NAME="IDX249"></A>
+<B>To configure the AFS Server into an existing AFS cell:</B>
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Programs</B>, then choose
+<B>IBM AFS</B>, then choose <B>Server</B>, and then choose
+<B>Configuration Wizard</B>. The AFS Server Quick-Start
+Wizard opens.
+<P><LI>Choose the <B>Next</B> button. The Cell and Server Information
+dialog box appears.
+<P><LI>Choose the <B>Make this host a server in an existing AFS cell</B>
+option.
+<P><LI>In the <B>Cell Name</B> box, enter the name of the AFS cell to which
+you want to add the new AFS Server.
+<P><LI>Choose the <B>Next</B> button. The Administrative Information
+dialog box appears.
+<P><LI>In the <B>Name</B> box, enter the username of the AFS administrative
+account, for example <B>admin</B>, or the username of an AFS user account
+with administrative privileges.
+<P><LI>In the <B>Password</B> box, enter the password for the AFS
+administrative account or the AFS user account with administrative privileges
+entered in the <B>Name</B> box.
+<P><LI>In the <B>AFS Server</B> box, enter the hostname of a running AFS
+Server in this AFS cell. AFS configuration information will be
+retrieved from the server for use in configuring this new AFS Server.
+<P><LI>Choose the <B>Next</B> button. The File Service dialog box
+appears.
+<P>
+<A NAME="IDX250"></A>
+AFS File Servers deliver requested files and data from the server to AFS
+Clients. File Servers store files and data, handle requests for
+copying, moving, creating, and deleting files and directories, and keep track
+of status information about each file and directory on the server.
+<P>To configure this AFS Server as a File Server, choose the <B>Yes,
+configure as a File Server</B> option. If you do not want to
+configure this AFS Server as a File Server, choose the <B>No, do not
+configure as a File Server</B> option.
+<P><LI>Choose the <B>Next</B> button. The Database Service dialog box
+appears.
+<P>
+<A NAME="IDX251"></A>
+Every AFS cell must contain at least one Database Server. Each Database
+Server runs the Database processes that maintain the AFS databases: the
+Authentication Database, the Protection Database, the Volume Location
+Database, and optionally the Backup Database.
+<P>To configure this AFS Server as a Database Server, choose the <B>Yes,
+configure as a Database Server</B> option. If there is a System
+Control Server in the AFS cell to which you are adding the server, enter its
+hostname in the System Control Server box. AFS configuration
+information (for example, the list of AFS Database Servers maintained in the
+<B>CellServDB</B> file on each AFS Server machine) will be updated by this
+server. If you do not want to configure this AFS Server as a Database
+Server, choose the <B>No, do not configure as a Database Server</B>
+option.
+<P><LI>Choose the <B>Next</B> button. The Backup Server dialog box
+appears.
+<P>
+<A NAME="IDX252"></A>
+A Backup Server maintains the Backup Database where information related to the
+Backup system is stored. The Backup Server enables the AFS system
+administrator to back up data in the AFS filespace from volumes to
+tape. The data can then be restored from tape in the event that it is
+lost from the file system (for example, if a system or disk failure causes
+data to be lost).
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The Backup Server can only be configured on a machine that is configured as a
+Database Server. Also, if the Backup Server is configured on any
+Database Server in the cell, it must be configured on <I>all</I> Database
+Servers in the cell.
+</TD></TR></TABLE>
+<P><LI>Choose the <B>Yes, configure as a Backup Server</B> option if you want
+to configure this AFS Server as a Backup Server. If you do not want to
+configure this AFS Server as a Backup Server, choose the <B>No, do not
+configure as a Backup Server</B> option.
+<P><LI>Choose the <B>Next</B> button. The AFS Partition dialog box
+appears.
+<P>If you are configuring this AFS Server as a File Server, you must specify
+an NTFS volume to designate as an AFS partition. Every AFS File Server
+must have at least one partition designated exclusively to storing AFS
+volumes, and all AFS volumes must reside on partitions that have been
+designated as AFS partitions. On a Windows NT machine, only NTFS
+volumes can be designated as AFS partitions. In addition, AFS
+partitions can be created only on NTFS volumes that are empty (or contain only
+the Windows NT Recycle Bin).
+<P>To designate a volume as an AFS partition, choose the <B>Yes, create a
+partition</B> option. In the list of NTFS volumes, choose the volume
+that you want to designate as an AFS partition. In the <B>AFS
+Partition Name</B> box, enter the last part of the partition name.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">There can exist up to 256 AFS partitions on an AFS Server. By
+convention, each partition is named <B>/vicep</B><I>x</I>, where
+<I>x</I> is one or two lowercase letters of the English alphabet.
+AFS partitions can be named <B>/vicepa</B>, <B>/vicepb</B>, and so on
+up to <B>/vicepz</B>. Additional partitions can be named
+<B>/vicepaa</B> through <B>vicepaz</B> and so on up to
+<B>/vicepiv</B>.
+</TD></TR></TABLE>
+<P>It is strongly recommended that you use the NTFS volume drive letter as the
+last letter of the partition name.
+<P>If you do not want to designate a volume as an AFS partition, choose the
+<B>No, do not create a partition</B> option.
+<P><LI>Choose the <B>Next</B> button. The Root AFS Volumes dialog box
+appears.
+<P>The root AFS volumes are two volumes that every AFS cell must include in
+its file system. They are named:
+<UL>
+<P><LI><B>root.afs</B>, for the volume corresponding to the top
+(<B>/afs</B>) level of the AFS filespace
+<P><LI><B>root.cell</B>, for the volume mounted just below
+<B>/afs</B> at the cell's name (for example,
+<B>/afs/yourcompany.com</B> in the
+<B>yourcompany.com</B> cell)
+</UL>
+<A NAME="IDX253"></A>
+Because you are adding this AFS Server to an existing AFS cell, the root AFS
+volumes already exist in the cell, and the AFS Configuration Wizard indicates
+that you do not need to create the root volumes.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If for some reason the root AFS volumes do not yet exist in this AFS cell,
+you can choose the <B>Yes, create the root volumes</B> option to create
+the root volumes on this AFS Server.
+</TD></TR></TABLE>
+<P><LI>Choose the <B>Next</B> button. The Replication dialog box
+appears.
+<P>If you want to be able to take advantage of the replication capabilities of
+AFS, the AFS root volumes must be replicated. The replication process
+creates one or more read-only copies of an AFS volume, and distributes these
+copies to one or more other sites (AFS partitions and servers).
+Replication increases system efficiency and improves data availability by
+making the contents of an AFS volume accessible on one or more AFS File Server
+machines.
+<P>Because you are adding this AFS Server to an existing AFS cell, the root
+AFS volumes are probably already replicated, and the AFS Server Configuration
+Wizard indicates that you do not need to replicate the root AFS
+volumes.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If for some reason the root AFS volumes are not yet replicated in this AFS
+cell, you can choose the <B>Yes, replicate the root volumes</B> option to
+replicate the AFS cell's root volumes on this AFS Server.
+</TD></TR></TABLE>
+<P><LI>Choose the <B>Next</B> button. The System Control Service
+dialog box appears.
+<P>In cells running the domestic version of AFS for Windows, the System
+Control Server distributes new versions of AFS Server configuration
+information to all AFS servers and the System Control Client machines obtain
+common AFS configuration files from the System Control machine. (Cells
+running the international version of AFS for Windows do not use the System
+Control Server to distribute system configuration files or the System Control
+Client to obtain these files.)
+<P><LI>To configure this AFS Server as the System Control Server for the AFS
+cell, choose the <B>Configure as the System Control Server</B>
+option. To configure this AFS Server as a System Control Client, choose
+the <B>Configure as a System Control Client</B> option and enter the
+hostname of the System Control Server in this AFS cell. The AFS Server
+will obtain new versions of AFS Server configuration information from the
+server specified. If you do not want to configure this AFS Server as
+the System Control Server for the AFS cell or as a System Control Client,
+choose the <B>Do not configure as the System Control Client or Server</B>
+option.
+<P><LI>Choose the <B>Next</B> button. The Configure the System dialog
+box appears.
+<P>A list of the steps that will be taken to configure this AFS Server is
+displayed, enabling you to review the steps before starting the actual
+configuration process.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To return to a previous step to review or modify your selections, choose the
+<B>Back</B> button.
+</TD></TR></TABLE>
+<P><LI>To begin configuration of the AFS Server on this machine, choose the
+<B>Configure</B> button. If you are configuring the AFS Server into
+an AFS cell in which there are Database Servers running a version of AFS older
+than version 3.5, a dialog box appears prompting you to enter the AFS
+principal password.
+<P>The AFS Server is configured according to your specifications. The
+progress bar at the bottom of the dialog box indicates the steps in
+progress. A message box appears indicating that configuration is
+complete.
+</OL>
+<P><H3><A NAME="Header_28" HREF="awqbg002.htm#ToC_28">To Configure the AFS Control Center</A></H3>
+<A NAME="IDX254"></A>
+<A NAME="IDX255"></A>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you have installed the AFS Control Center in combination with the AFS
+Server, or the AFS Client, or both, then you do not need to configure the AFS
+Control Center. The AFS Control Center is automatically configured when
+the AFS Server or AFS Client is configured. If you have installed the
+AFS Control Center only, then the Control Center must be configured on your
+system before it can be used.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Settings</B>, then choose
+<B>Control Panel</B>.
+<P><LI>Double-click the <B>AFS Control Center</B> icon. The AFS
+Control Center Properties dialog box appears.
+<P><LI>In the <B>Default Cell</B> box, enter the full name of the AFS cell to
+be administered by default.
+<P><LI>If the cell to be administered by the AFS Control Center is not listed in
+the list of AFS cells, choose the <B>Add</B> button. The New Cell
+dialog box opens. Enter the cell name in the <B>AFS Cell</B> box
+and a short description in the <B>Description</B> box.
+<P>Choose the <B>Add</B> button. The Add Server dialog box
+opens. In the <B>Server Name</B> box, enter the name of a Volume
+Location Server in the selected cell. Choose <B>OK</B> to close the
+Add Server dialog box. Repeat this process, adding information for all
+Volume Location Servers in the cell. After all server information has
+been entered, choose <B>OK</B> to close the New Cell dialog box.
+<P><LI>Choose <B>OK</B> to close the AFS Control Center Properties dialog
+box.
+</OL>
+<P>The AFS Control Center is now configured.
+<A NAME="IDX256"></A>
+<HR><H2><A NAME="HDRUNINSTALL" HREF="awqbg002.htm#ToC_29">Uninstalling AFS for Windows</A></H2>
+<P>This section outlines uninstallation prerequisites, provides
+instructions for uninstalling AFS for Windows, and lists the changes that the
+uninstallation process makes to your system.
+<A NAME="IDX257"></A>
+<A NAME="IDX258"></A>
+<P><H3><A NAME="Header_30" HREF="awqbg002.htm#ToC_30">Reinstalling and Upgrading</A></H3>
+<P>On a Windows NT machine, it is <I>not</I> necessary to uninstall
+the components of AFS for Windows for the purpose of reinstalling or upgrading
+the software. To reinstall or upgrade AFS for Windows, follow the
+installation procedure described in <A HREF="#HDRHOWTOINSTALL">To Install AFS for Windows</A>. During the installation process, the
+previously-installed AFS components are replaced. AFS configuration
+information is preserved.
+<P>On a Windows 95 or Windows 98 machine, you must uninstall the
+previously-installed AFS Light component, as described in <A HREF="#HDRTOUNINSTALL">To Uninstall AFS for Windows</A>, before reinstalling or upgrading AFS Light.
+<A NAME="IDX259"></A>
+<A NAME="IDX260"></A>
+<A NAME="IDX261"></A>
+<P><H3><A NAME="Header_31" HREF="awqbg002.htm#ToC_31">Uninstallation Prerequisites</A></H3>
+<P>Uninstalling AFS results in the deletion of all AFS application
+files. These files cannot be deleted if other applications are using
+them. For this reason, you must close all AFS dialog boxes before
+uninstalling AFS for Windows.
+<P>If you are uninstalling the AFS Server for the purpose of decommissioning
+the machine, the following prerequisites are necessary to avoid loss of
+data:
+<OL TYPE=1>
+<P><LI>If the AFS Server is functioning as a File Server, move all read/write
+volumes to another AFS File Server, and remove all read-only volumes.
+<P><LI>Unconfigure the AFS Server. Open the AFS Server Configuration
+utility and choose the <B>Server</B> tab. Clear all check boxes and
+choose <B>OK</B>.
+</OL>
+<A NAME="IDX262"></A>
+<A NAME="IDX263"></A>
+<A NAME="IDX264"></A>
+<A NAME="IDX265"></A>
+<A NAME="IDX266"></A>
+<A NAME="IDX267"></A>
+<A NAME="IDX268"></A>
+<P><H3><A NAME="HDRTOUNINSTALL" HREF="awqbg002.htm#ToC_32">To Uninstall AFS for Windows</A></H3>
+<OL TYPE=1>
+<P><LI>From the <B>Start</B> menu, choose <B>Settings</B>, then choose
+<B>Control Panel</B>.
+<P><LI>Double-click the <B>Add/Remove Programs</B> icon. The
+Add/Remove Programs Properties dialog box appears, displaying the
+<B>Install/Uninstall</B> tab.
+<P><LI>Close the Control Panel.
+<P><LI>Select the AFS component to be uninstalled, and select the
+<B>Add/Remove</B> button. The Confirm File Deletion dialog box
+appears, verifying that you want to remove the selected AFS for Windows
+component. Click <B>Yes</B> to continue with the uninstallation
+procedure.
+<P><LI>An AFS message box appears asking if you want to preserve configuration
+information. Select <B>Yes</B> to preserve configuration
+information or <B>No</B> to delete all configuration information.
+(No configuration information is associated with the AFS Supplemental
+Documentation component. If you are removing this component from your
+system, the AFS message box does not appear.)
+<P><LI>The Remove Programs from your Computer dialog box opens, displaying the
+components being removed from your system.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A message box can possibly appear asking if you want to remove shared AFS
+files that are no longer needed by other components. Click <B>Yes To
+All</B> to completely remove the selected AFS component.
+</TD></TR></TABLE>
+</OL>
+<P>The selected AFS for Windows component is now uninstalled. If you
+installed a combination of AFS for Windows components, you must repeat Steps
+4-6 to remove each component separately.
+<P><H3><A NAME="Header_33" HREF="awqbg002.htm#ToC_33">Changes Made to Your System</A></H3>
+<A NAME="IDX269"></A>
+<P><H4><A NAME="Header_34">Changes made to your system by uninstalling the AFS Client</A></H4>
+<P>Uninstalling the AFS Client makes the following changes to your
+system:
+<UL>
+<P><LI>Removes all AFS Client files from the <B>\Program
+Files\Ibm\Afs\Client\Program</B> directory, removes the <B>Client</B>
+directory, and, if no other AFS components remain installed, removes the
+<B>Ibm</B> directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The directories are <I>not</I> removed if they contain any files other
+than those installed by the AFS for Windows <B>setup</B> program.
+</TD></TR></TABLE>
+<P><LI>Removes the <B>IBM AFS</B> program group from the <B>Start</B>
+menu if no other AFS components remain installed.
+<P><LI>Removes the <B>AFS Client Configuration</B> icon from the Control
+Panel.
+<P><LI>Removes the AFS Menu from the Windows NT Explorer's context
+menu.
+<P><LI>Deletes the <B>IBM AFS Client</B> service.
+<P><LI>Removes AFS Client related registry entries from your system. Note
+that if you chose to preserve configuration information, some information
+remains in the registry after the uninstallation process.
+</UL>
+<P><H4><A NAME="Header_35">Changes made to your system by uninstalling AFS Light</A></H4>
+<P>Uninstalling AFS Light makes the following changes to your
+system:
+<UL>
+<P><LI>Removes all AFS files from the <B>\Program
+Files\Ibm\Afs\Client\Program</B> directory and removes the <B>Ibm</B>
+directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The directories are <I>not</I> removed if they contain any files other
+than those installed by the AFS for Windows <B>setup</B> program.
+</TD></TR></TABLE>
+<P><LI>Removes the <B>IBM AFS</B> program group from the <B>Start</B>
+menu.
+<P><LI>Removes the <B>AFS Light Configuration</B> icon from the Control
+Panel.
+<P><LI>Removes the AFS Menu from the Windows Explorer's context menu.
+<P><LI>Removes AFS Light related registry entries from your system. Note
+that if you chose to preserve configuration information, some information
+remains in the registry after the uninstallation process.
+</UL>
+<P><H4><A NAME="Header_36">Changes made to your system by uninstalling the AFS Server</A></H4>
+<P>Uninstalling the AFS Server makes the following changes to your
+system:
+<UL>
+<P><LI>Removes all AFS Server files from the <B>\Program
+Files\Ibm\Afs\Server</B> directory, removes the <B>Server</B> directory,
+and, if no other AFS components remain installed, removes the <B>Ibm</B>
+directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">These directories are <I>not</I> removed if they contain any files other
+than those installed by the AFS for Windows <B>setup</B> program.
+Also, if you chose to preserve configuration information, some files in the
+<B>\Program Files\Ibm\Afs\Server</B> directory are <I>not</I>
+removed.
+</TD></TR></TABLE>
+<P><LI>Removes the <B>IBM AFS</B> program group from the <B>Start</B>
+menu if no other AFS components remain installed.
+<P><LI>Removes the <B>AFS Server Configuration</B> icon from the Control
+Panel.
+<P><LI>Deletes the <B>IBM AFS Server</B> service.
+<P><LI>Removes AFS Server related registry entries from your system. Note
+that if you chose to preserve configuration information, some information
+remains in the registry after the uninstallation process.
+</UL>
+<P><H4><A NAME="Header_37">Changes made to your system by uninstalling the AFS Control Center</A></H4>
+<P>Uninstalling the AFS Control Center makes the following changes to your
+system:
+<UL>
+<P><LI>Removes all AFS Control Center files from the <B>\Program
+Files\Ibm\Afs\Control Center</B> directory, removes the <B>Control
+Center</B> directory, and, if no other AFS components remain installed,
+removes the <B>Ibm</B> directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">These directories are <I>not</I> removed if they contain any files other
+than those installed by the AFS for Windows <B>setup</B> program.
+</TD></TR></TABLE>
+<P><LI>Removes the <B>IBM AFS</B> program group from the <B>Start</B>
+menu if no other AFS components remain installed.
+<P><LI>Removes the <B>AFS Control Center</B> icon from the Control
+Panel. Note that this icon appears in the Control Panel only if no
+other AFS for Windows components are installed on your system.
+<P><LI>Removes AFS Control Center related registry entries from your
+system. Note that if you chose to preserve configuration information,
+some information remains in the registry after the uninstallation
+process.
+</UL>
+<P><H4><A NAME="Header_38">Changes made to your system by uninstalling the AFS supplemental documentation</A></H4>
+<P>Uninstalling the AFS supplemental documentation makes the following
+changes to your system:
+<UL>
+<P><LI>Removes the <B>SysAdminGd</B> directory and the <B>CmdRef</B>
+directory from the <B>\Program Files\Ibm\Afs\Documentation\Html</B>
+directory, and, if no other AFS components remain installed, removes the
+<B>Ibm</B> directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">These directories are <I>not</I> removed if they contain any files other
+than those installed by the AFS for Windows <B>setup</B> program.
+</TD></TR></TABLE>
+<P><LI>Removes the <B>IBM AFS</B> program group from the <B>Start</B>
+menu if no other AFS components remain installed.
+<P><LI>Removes AFS supplemental documentation related registry entries from your
+system.
+</UL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="awqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="awqbg002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="awqbg004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="awqbg004.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
+<HTML><HEAD>
+<TITLE>Quick Beginnings</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3639/awqbg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 6 Dec 1999 at 11:23:35 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 06 Dec 1999 11:23:34">
+<META HTTP-EQUIV="review" CONTENT="Wed, 06 Dec 2000 11:23:34">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 06 Dec 2001 11:23:34">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Quick Beginnings</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="awqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="awqbg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRINDEX" HREF="awqbg002.htm#ToC_39">Index</A></H1>
+<A NAME="IDX0_41" HREF="#IDX1_41">A</A>
+<A NAME="IDX0_42" HREF="#IDX1_42">B</A>
+<A NAME="IDX0_43" HREF="#IDX1_43">C</A>
+<A NAME="IDX0_44" HREF="#IDX1_44">D</A>
+<A NAME="IDX0_46" HREF="#IDX1_46">F</A>
+<A NAME="IDX0_47" HREF="#IDX1_47">G</A>
+<A NAME="IDX0_49" HREF="#IDX1_49">I</A>
+<A NAME="IDX0_4C" HREF="#IDX1_4C">L</A>
+<A NAME="IDX0_4D" HREF="#IDX1_4D">M</A>
+<A NAME="IDX0_4F" HREF="#IDX1_4F">O</A>
+<A NAME="IDX0_52" HREF="#IDX1_52">R</A>
+<A NAME="IDX0_53" HREF="#IDX1_53">S</A>
+<A NAME="IDX0_55" HREF="#IDX1_55">U</A>
+<HR>
+<STRONG><A NAME="IDX1_41" HREF="#IDX0_41">A</A></STRONG>
+<MENU>
+<LI>AFS
+<MENU>
+<LI>client
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX191">(1)</A>
+</MENU>
+<LI>components
+<A HREF="awqbg003.htm#IDX182">(1)</A>
+<LI>configuration
+<MENU>
+<LI>AFS Client
+<A HREF="awqbg003.htm#IDX224">(1)</A>
+<LI>AFS Control Center
+<A HREF="awqbg003.htm#IDX255">(1)</A>
+<LI>AFS Light
+<A HREF="awqbg003.htm#IDX233">(1)</A>
+<LI>AFS Light Gateway
+<A HREF="awqbg003.htm#IDX227">(1)</A>
+<LI>AFS Server
+<A HREF="awqbg003.htm#IDX237">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX221">(1)</A>
+</MENU>
+<LI>control center
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX188">(1)</A>
+</MENU>
+<LI>installation options
+<A HREF="awqbg003.htm#IDX197">(1)</A>
+<LI>installation procedure
+<A HREF="awqbg003.htm#IDX208">(1)</A>
+<LI>light
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX194">(1)</A>
+</MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX178">(1)</A>
+<LI>reinstalling
+<A HREF="awqbg003.htm#IDX257">(1)</A>
+<LI>server
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX185">(1)</A>
+</MENU>
+<LI>supplemental documentation component
+<A HREF="awqbg003.htm#IDX195">(1)</A>
+<LI>uninstallation prerequisites
+<A HREF="awqbg003.htm#IDX259">(1)</A>
+<LI>uninstallation procedure
+<A HREF="awqbg003.htm#IDX263">(1)</A>
+<LI>upgrading
+<A HREF="awqbg003.htm#IDX205">(1)</A>
+</MENU>
+<LI>AFS Client
+<A HREF="awqbg003.htm#IDX201">(1)</A>
+<MENU>
+<LI><B>setup.co</B> file
+<LI>client-only installation
+<A HREF="awqbg003.htm#IDX200">(1)</A>
+<LI>configuration
+<A HREF="awqbg003.htm#IDX223">(1)</A>
+<LI>configure as AFS Light Gateway
+<A HREF="awqbg003.htm#IDX225">(1)</A>
+<LI>installation
+<A HREF="awqbg003.htm#IDX210">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX189">(1)</A>
+<LI>uninstallation
+<A HREF="awqbg003.htm#IDX265">(1)</A>
+</MENU>
+<LI>AFS Control Center
+<MENU>
+<LI>configuration
+<A HREF="awqbg003.htm#IDX254">(1)</A>
+<LI>installation
+<A HREF="awqbg003.htm#IDX213">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX186">(1)</A>
+<LI>uninstallation
+<A HREF="awqbg003.htm#IDX268">(1)</A>
+</MENU>
+<LI>AFS Light
+<MENU>
+<LI>configuration
+<A HREF="awqbg003.htm#IDX232">(1)</A>
+<LI>gateway machine
+<A HREF="awqbg003.htm#IDX234">(1)</A>
+<LI>installation
+<A HREF="awqbg003.htm#IDX211">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX192">(1)</A>
+<LI>uninstallation
+<A HREF="awqbg003.htm#IDX266">(1)</A>
+</MENU>
+<LI>AFS Light Gateway
+<MENU>
+<LI>authenticating AFS Light users
+<A HREF="awqbg003.htm#IDX229">(1)</A>
+<LI>configuration
+<A HREF="awqbg003.htm#IDX226">(1)</A>
+<LI>synchronizing the cell database
+<A HREF="awqbg003.htm#IDX228">(1)</A>
+</MENU>
+<LI>AFS partitions
+<A HREF="awqbg003.htm#IDX243">(1)</A>
+<LI>AFS Server
+<MENU>
+<LI>configuration
+<MENU>
+<LI>as first server in a cell
+<A HREF="awqbg003.htm#IDX238">(1)</A>
+<LI>as server in an existing cell
+<A HREF="awqbg003.htm#IDX249">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX236">(1)</A>
+</MENU>
+<LI>installation
+<A HREF="awqbg003.htm#IDX212">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX183">(1)</A>
+<LI>uninstallation
+<A HREF="awqbg003.htm#IDX267">(1)</A>
+</MENU>
+<LI>audience
+<A HREF="awqbg003.htm#IDX181">(1)</A>
+</MENU>
+<STRONG><A NAME="IDX1_42" HREF="#IDX0_42">B</A></STRONG>
+<MENU>
+<LI>Backup Server
+<MENU>
+<LI>configuring in a new cell
+<A HREF="awqbg003.htm#IDX242">(1)</A>
+<LI>configuring in an existing cell
+<A HREF="awqbg003.htm#IDX252">(1)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_43" HREF="#IDX0_43">C</A></STRONG>
+<MENU>
+<LI>CD-ROM documentation
+<A HREF="awqbg003.htm#IDX218">(1)</A>
+<LI>client
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX190">(1)</A>
+</MENU>
+<LI>client-only installation
+<A HREF="awqbg003.htm#IDX203">(1)</A>
+<LI>configuration
+<A HREF="awqbg003.htm#IDX222">(1)</A>
+<LI>control center
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX187">(1)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_44" HREF="#IDX0_44">D</A></STRONG>
+<MENU>
+<LI>Database Server
+<MENU>
+<LI>configuring in a new cell
+<A HREF="awqbg003.htm#IDX241">(1)</A>
+<LI>configuring in an existing cell
+<A HREF="awqbg003.htm#IDX251">(1)</A>
+</MENU>
+<LI>documentation
+<MENU>
+<LI>CD-ROM
+<A HREF="awqbg003.htm#IDX217">(1)</A>
+<LI>online
+<A HREF="awqbg003.htm#IDX215">(1)</A>
+<LI>online help
+<A HREF="awqbg003.htm#IDX219">(1)</A>
+</MENU>
+<LI>domain user accounts
+<A HREF="awqbg003.htm#IDX230">(1)</A>
+</MENU>
+<STRONG><A NAME="IDX1_46" HREF="#IDX0_46">F</A></STRONG>
+<MENU>
+<LI>File Server
+<MENU>
+<LI>configuring in a new cell
+<A HREF="awqbg003.htm#IDX240">(1)</A>
+<LI>configuring in an existing cell
+<A HREF="awqbg003.htm#IDX250">(1)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_47" HREF="#IDX0_47">G</A></STRONG>
+<MENU>
+<LI>gateway machine name
+<A HREF="awqbg003.htm#IDX235">(1)</A>
+<LI>generic administrative account
+<A HREF="awqbg003.htm#IDX239">(1)</A>
+</MENU>
+<STRONG><A NAME="IDX1_49" HREF="#IDX0_49">I</A></STRONG>
+<MENU>
+<LI>installation
+<MENU>
+<LI>changes made to your system
+<A HREF="awqbg003.htm#IDX214">(1)</A>
+<LI>client-only installation
+<A HREF="awqbg003.htm#IDX199">(1)</A>
+<LI>possible component combinations
+<A HREF="awqbg003.htm#IDX198">(1)</A>
+<LI>procedure
+<A HREF="awqbg003.htm#IDX209">(1)</A>
+<LI>upgrading from an earlier version
+<A HREF="awqbg003.htm#IDX206">(1)</A>
+</MENU>
+<LI>installation options
+<A HREF="awqbg003.htm#IDX196">(1)</A>
+<LI>installation procedure
+<A HREF="awqbg003.htm#IDX207">(1)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4C" HREF="#IDX0_4C">L</A></STRONG>
+<MENU>
+<LI>light
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX193">(1)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4D" HREF="#IDX0_4D">M</A></STRONG>
+<MENU>
+<LI>machine user accounts
+<A HREF="awqbg003.htm#IDX231">(1)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4F" HREF="#IDX0_4F">O</A></STRONG>
+<MENU>
+<LI>online documentation
+<A HREF="awqbg003.htm#IDX216">(1)</A>
+<LI>online help
+<A HREF="awqbg003.htm#IDX220">(1)</A>
+<LI>overview
+<MENU>
+<LI>AFS
+<A HREF="awqbg003.htm#IDX179">(1)</A>
+<LI>document
+<A HREF="awqbg003.htm#IDX180">(1)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_52" HREF="#IDX0_52">R</A></STRONG>
+<MENU>
+<LI>reinstalling
+<A HREF="awqbg003.htm#IDX258">(1)</A>
+<LI>replication
+<MENU>
+<LI>when configuring a new cell
+<A HREF="awqbg003.htm#IDX247">(1)</A>
+</MENU>
+<LI>root AFS volumes
+<MENU>
+<LI>when configuring a new cell
+<A HREF="awqbg003.htm#IDX244">(1)</A>
+<LI>when configuring a server in an existing cell
+<A HREF="awqbg003.htm#IDX253">(1)</A>
+</MENU>
+<LI>root.afs
+<A HREF="awqbg003.htm#IDX245">(1)</A>
+<LI>root.cell
+<A HREF="awqbg003.htm#IDX246">(1)</A>
+</MENU>
+<STRONG><A NAME="IDX1_53" HREF="#IDX0_53">S</A></STRONG>
+<MENU>
+<LI>server
+<MENU>
+<LI>overview
+<A HREF="awqbg003.htm#IDX184">(1)</A>
+</MENU>
+<LI>setup.co file
+<A HREF="awqbg003.htm#IDX202">(1)</A>
+<LI>System Control Server
+<MENU>
+<LI>in a new AFS cell
+<A HREF="awqbg003.htm#IDX248">(1)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_55" HREF="#IDX0_55">U</A></STRONG>
+<MENU>
+<LI>uninstallation
+<MENU>
+<LI>changes made to your system
+<A HREF="awqbg003.htm#IDX269">(1)</A>
+<LI>overview
+<A HREF="awqbg003.htm#IDX256">(1)</A>
+<LI>prerequisites
+<A HREF="awqbg003.htm#IDX260">(1)</A>
+<LI>procedure
+<A HREF="awqbg003.htm#IDX264">(1)</A>
+</MENU>
+<LI>uninstallation prerequisites
+<A HREF="awqbg003.htm#IDX261">(1)</A>
+<LI>uninstallation procedure
+<A HREF="awqbg003.htm#IDX262">(1)</A>
+<LI>upgrading
+<A HREF="awqbg003.htm#IDX204">(1)</A>
+</MENU>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="awqbg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="awqbg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Release Notes</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3575/aurns000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:27:59 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:27:58">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:27:58">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:27:58">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Release Notes</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="aurns002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="aurns002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="#INDEX_START"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P><HR>
+AFS<BR>
+Release Notes<BR>
+<P>Version 3.6
+<P>Document Number GC09-4558-00
+<P>0000000
+<P>
+<BR>
+<P><B>First Edition (April 2000)</B>
+<P>This edition applies to:
+<DL COMPACT>
+<DD>IBM AFS for AIX, Version 3.6
+<DD>IBM AFS for Digital Unix, Version 3.6
+<DD>IBM AFS for HP-UX, Version 3.6
+<DD>IBM AFS for Linux, Version 3.6
+<DD>IBM AFS for SGI IRIX, Version 3.6
+<DD>IBM AFS for Solaris, Version 3.6
+</DL>
+<P>and to all subsequent releases and modifications until otherwise indicated
+in new editions.
+<P>This softcopy version is based on the printed edition of this book.
+Some formatting amendments have been made to make this information more
+suitable for softcopy.
+<P>Order publications through your IBM representative or through the IBM
+branch office serving your locality.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="aurns002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="aurns002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="#INDEX_START"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Release Notes</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3575/aurns000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:27:59 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:27:58">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:27:58">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:27:58">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Release Notes</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="aurns000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="aurns003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="#INDEX_START"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<H2><A NAME="ToC">Table of Contents</A></H2>
+<P><B><A NAME="ToC_1" HREF="aurns003.htm#Header_1">About These Release Notes</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_2" HREF="aurns003.htm#HDRWQ1">Audience and Purpose</A>
+<LI><A NAME="ToC_3" HREF="aurns003.htm#HDRWQ2">Organization of the Document</A>
+<LI><A NAME="ToC_4" HREF="aurns003.htm#HDRWQ3">Related Documents</A>
+<LI><A NAME="ToC_5" HREF="aurns003.htm#HDRTYPO_CONV">Typographical Conventions</A>
+</MENU>
+<P><B><A NAME="ToC_6" HREF="aurns004.htm#Header_6">AFS 3.6 Release Notes</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_7" HREF="aurns004.htm#HDRSUMMARY">Summary of New Features</A>
+<LI><A NAME="ToC_8" HREF="aurns004.htm#HDRSYSTYPES">Supported System Types</A>
+<LI><A NAME="ToC_9" HREF="aurns004.htm#HDRHWARE_REQS">Hardware and Software Requirements</A>
+<LI><A NAME="ToC_10" HREF="aurns004.htm#HDRDOC">Accessing the AFS Binary Distribution and Documentation</A>
+<LI><A NAME="ToC_11" HREF="aurns004.htm#HDRLIMITS">Product Notes</A>
+<MENU>
+<LI><A NAME="ToC_12" HREF="aurns004.htm#HDRREQ_ALL">Product Notes for All System Types</A>
+<LI><A NAME="ToC_13" HREF="aurns004.htm#HDRREQ_AIX">Product Notes for AIX Systems</A>
+<LI><A NAME="ToC_14" HREF="aurns004.htm#HDRREQ_DUX">Product Notes for Digital UNIX Systems</A>
+<LI><A NAME="ToC_15" HREF="aurns004.htm#HDRREQ_HP">Product Notes for HP-UX Systems</A>
+<LI><A NAME="ToC_16" HREF="aurns004.htm#HDRREQ_IRIX">Product Notes for IRIX Systems</A>
+<LI><A NAME="ToC_17" HREF="aurns004.htm#HDRREQ_LNX">Product Notes for Linux Systems</A>
+<LI><A NAME="ToC_18" HREF="aurns004.htm#HDRREQ_SOL">Product Notes for Solaris Systems</A>
+<LI><A NAME="ToC_19" HREF="aurns004.htm#HDRDOC_NOTES">Documentation Notes</A>
+</MENU>
+<LI><A NAME="ToC_20" HREF="aurns004.htm#HDRCMD-CHANGES">Changes to AFS Commands, Files, and Functionality</A>
+<MENU>
+<LI><A NAME="ToC_21" HREF="aurns004.htm#Header_21">A New Command</A>
+<LI><A NAME="ToC_22" HREF="aurns004.htm#HDRNEW_CMDS">New File or Command Functionality</A>
+</MENU>
+<LI><A NAME="ToC_23" HREF="aurns004.htm#HDRTSM">Support for Backup to TSM</A>
+<MENU>
+<LI><A NAME="ToC_24" HREF="aurns004.htm#HDRTSM_NEW">New Command and File Features that Support TSM</A>
+<LI><A NAME="ToC_25" HREF="aurns004.htm#HDRTSM_REQ">Product Notes for Use of TSM</A>
+<LI><A NAME="ToC_26" HREF="aurns004.htm#HDRTSM_CONFIG">Configuring the Backup System and TSM</A>
+</MENU>
+<LI><A NAME="ToC_27" HREF="aurns004.htm#HDRINSTALL">Upgrading Server and Client Machines to AFS 3.6</A>
+<MENU>
+<LI><A NAME="ToC_28" HREF="aurns004.htm#Header_28">Prerequisites for Upgrading</A>
+<LI><A NAME="ToC_29" HREF="aurns004.htm#HDRGETBIN">Obtaining the Binary Distribution</A>
+<LI><A NAME="ToC_30" HREF="aurns004.htm#HDRSTOREBIN">Storing Binaries in AFS</A>
+<LI><A NAME="ToC_31" HREF="aurns004.htm#HDROS-UP">Upgrading the Operating System</A>
+<LI><A NAME="ToC_32" HREF="aurns004.htm#HDRSV-BIN">Distributing Binaries to Server Machines</A>
+<LI><A NAME="ToC_33" HREF="aurns004.htm#HDRSV-UP">Upgrading Server Machines</A>
+<LI><A NAME="ToC_34" HREF="aurns004.htm#HDRCLI-UP">Upgrading Client Machines</A>
+<LI><A NAME="ToC_35" HREF="aurns004.htm#HDRKERNEL">Incorporating AFS into the Kernel and Enabling the AFS Initialization Script</A>
+<LI><A NAME="ToC_36" HREF="aurns004.htm#HDRKERN_AIX">Loading AFS into the AIX Kernel</A>
+<LI><A NAME="ToC_37" HREF="aurns004.htm#HDRKERN_DUX">Building AFS into the Digital UNIX Kernel</A>
+<LI><A NAME="ToC_38" HREF="aurns004.htm#HDRKERN_HP">Building AFS into the HP-UX Kernel</A>
+<LI><A NAME="ToC_39" HREF="aurns004.htm#HDRKERN_IRIX">Incorporating AFS into the IRIX Kernel</A>
+<LI><A NAME="ToC_43" HREF="aurns004.htm#HDRKERN_LNX">Loading AFS into the Linux Kernel</A>
+<LI><A NAME="ToC_44" HREF="aurns004.htm#HDRKERN_SOL">Loading AFS into the Solaris Kernel</A>
+</MENU>
+<LI><A NAME="ToC_45" HREF="aurns004.htm#HDRDOC_VOL">Storing AFS Documents in AFS</A>
+<LI><A NAME="ToC_46" HREF="aurns004.htm#HDRREFPAGES">Reference Pages</A>
+<MENU>
+<LI><A NAME="ToC_47" HREF="aurns004.htm#HDRCFG">CFG_<I>tcid</I></A>
+<LI><A NAME="ToC_48" HREF="aurns004.htm#HDRCLI_NETRESTRICT">NetRestrict (client version)</A>
+<LI><A NAME="ToC_49" HREF="aurns004.htm#HDRSV_NETRESTRICT">NetRestrict (server version)</A>
+<LI><A NAME="ToC_50" HREF="aurns004.htm#HDRBK_DELETEDUMP">backup deletedump</A>
+<LI><A NAME="ToC_51" HREF="aurns004.htm#HDRBK_DUMPINFO">backup dumpinfo</A>
+<LI><A NAME="ToC_52" HREF="aurns004.htm#HDRBK_STATUS">backup status</A>
+<LI><A NAME="ToC_53" HREF="aurns004.htm#HDRVOS_DELENTRY">vos delentry</A>
+</MENU></MENU><P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="aurns000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="aurns003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="#INDEX_START"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Release Notes</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3575/aurns000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:27:59 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:27:58">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:27:58">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:27:58">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Release Notes</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="aurns002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="aurns002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="aurns004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="#INDEX_START"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="Header_1" HREF="aurns002.htm#ToC_1">About These Release Notes</A></H1>
+<P>This section describes the purpose, organization, and conventions used in
+this document.
+<HR><H2><A NAME="HDRWQ1" HREF="aurns002.htm#ToC_2">Audience and Purpose</A></H2>
+<P>This document describes new features, limitations and
+requirements of the AFS<SUP><SUP>(R)</SUP></SUP> 3.6 General Availability (GA)
+release. It assumes that the reader is familiar with administration of
+AFS 3.5 and of the supported operating systems.
+<HR><H2><A NAME="HDRWQ2" HREF="aurns002.htm#ToC_3">Organization of the Document</A></H2>
+<P>This document has the following sections:
+<UL>
+<P><LI><A HREF="aurns004.htm#HDRSUMMARY">Summary of New Features</A>
+<P><LI><A HREF="aurns004.htm#HDRSYSTYPES">Supported System Types</A>
+<P><LI><A HREF="aurns004.htm#HDRHWARE_REQS">Hardware and Software Requirements</A>
+<P><LI><A HREF="aurns004.htm#HDRDOC">Accessing the AFS Binary Distribution and Documentation</A>
+<P><LI><A HREF="aurns004.htm#HDRLIMITS">Product Notes</A>
+<P><LI><A HREF="aurns004.htm#HDRCMD-CHANGES">Changes to AFS Commands, Files, and Functionality</A>
+<P><LI><A HREF="aurns004.htm#HDRTSM">Support for Backup to TSM</A>
+<P><LI><A HREF="aurns004.htm#HDRINSTALL">Upgrading Server and Client Machines to AFS 3.6</A>
+<P><LI><A HREF="aurns004.htm#HDRDOC_VOL">Storing AFS Documents in AFS</A>
+<P><LI><A HREF="aurns004.htm#HDRREFPAGES">Reference Pages</A>
+</UL>
+<HR><H2><A NAME="HDRWQ3" HREF="aurns002.htm#ToC_4">Related Documents</A></H2>
+<P>The following documents are also included in the AFS
+documentation set.
+<P><I>IBM AFS Administration Guide</I>
+<P>This guide describes the concepts and procedures that a system
+administrator must know to manage an AFS cell. It assumes familiarity
+with UNIX, but requires no previous knowledge of AFS.
+<P>The first chapters of the <I>IBM AFS Administration Guide</I> present
+basic concepts and guidelines. Understanding them is crucial to
+successful administration of an AFS cell. The remaining chapters in the
+guide provide step-by-step instructions for specific administrative tasks,
+along with discussions of the concepts important to that particular
+task.
+<P><I>IBM AFS Administration Reference</I>
+<P>This reference manual details the syntax and effect of each AFS
+command. It is intended for the experienced AFS administrator,
+programmer, or user.
+<P>The <I>IBM AFS Administration Reference</I> lists AFS files and
+commands in alphabetical order. The reference page for each command
+specifies its syntax, including the acceptable aliases and
+abbreviations. It then describes the command's function,
+arguments, and output if any. Examples and a list of related commands
+are provided, as are warnings where appropriate.
+<P>This manual complements the <I>IBM AFS Administration Guide</I>:
+it does not include procedural information, but describes commands in more
+detail than the <I>IBM AFS Administration Guide</I>.
+<P><I>IBM AFS Quick Beginnings</I>
+<P>This guide provides instructions for installing AFS server and client
+machines. It is assumed that the installer is an experienced UNIX<SUP>
+<SUP>(R)</SUP></SUP> system administrator.
+<P>For predictable performance, machines must be installed and configured in
+accordance with the instructions in this guide.
+<P><I>IBM AFS User Guide</I>
+<P>This guide presents the basic concepts and procedures necessary for using
+AFS effectively. It assumes that the reader has some experience with
+UNIX, but does not require familiarity with networking or AFS.
+<P>The guide explains how to perform basic functions, including
+authenticating, changing a password, protecting AFS data, creating groups, and
+troubleshooting. It provides illustrative examples for each function
+and describes some of the differences between the UNIX file system and
+AFS.
+<HR><H2><A NAME="HDRTYPO_CONV" HREF="aurns002.htm#ToC_5">Typographical Conventions</A></H2>
+<P>This document uses the following typographical
+conventions:
+<UL>
+<P><LI>Command and option names appear in <B>bold type</B> in syntax
+definitions, examples, and running text. Names of directories, files,
+machines, partitions, volumes, and users also appear in <B>bold
+type</B>.
+<P><LI>Variable information appears in <I>italic type</I>. This
+includes user-supplied information on command lines and the parts of prompts
+that differ depending on who issues the command. New terms also appear
+in <I>italic type</I>.
+<P><LI>Examples of screen output and file contents appear in <TT>monospace
+type</TT>.
+</UL>
+<P>In addition, the following symbols appear in command syntax definitions,
+both in the documentation and in AFS online help statements. When
+issuing a command, do not type these symbols.
+<UL>
+<P><LI>Square brackets <B>[ ]</B> surround optional items.
+<P><LI>Angle brackets <B>< ></B> surround user-supplied values in AFS
+commands.
+<P><LI>A superscripted plus sign <B>+</B> follows an argument that accepts
+more than one value.
+<P><LI>The percent sign <TT>%</TT> represents the regular command shell
+prompt. Some operating systems possibly use a different character for
+this prompt.
+<P><LI>The number sign <TT>#</TT> represents the command shell prompt for the
+local superuser <B>root</B>. Some operating systems possibly use a
+different character for this prompt.
+<P><LI>The pipe symbol <B> |</B> in a command syntax statement separates
+mutually exclusive values for an argument.
+</UL>
+<P>For further information on the syntax and input rules for AFS commands, see
+the appendix to the <I>IBM AFS Administration Guide</I> or the
+<B>afs_intro</B> reference page in the <I>IBM AFS Administration
+Reference</I>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="aurns002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="aurns002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="aurns004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="#INDEX_START"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Release Notes</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3575/aurns000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:27:59 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 12:27:58">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 12:27:58">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 12:27:58">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Release Notes</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="aurns002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="aurns003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <P>
+<HR><H1><A NAME="Header_6" HREF="aurns002.htm#ToC_6">AFS 3.6 Release Notes</A></H1>
+<P>This file documents new features, upgrade procedures, and remaining
+limitations associated with the initial General Availability (GA) release of
+AFS<SUP><SUP>(R)</SUP></SUP> 3.6 (build level <B>afs3.6
+2.0</B>).
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This document includes all product information available at the time the
+document was produced. For additional information that became available
+later, see the <B>README.txt</B> file included on the AFS
+CD-ROM.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRSUMMARY" HREF="aurns002.htm#ToC_7">Summary of New Features</A></H2>
+<P>AFS 3.6 includes the following new features.
+<UL>
+<P><LI>Support for the 64-bit version of Solaris 7.
+<P><LI>Support for the 64-bit version of HP-UX 11.0.
+<P><LI>The HP-UX 11.0 File Server uses the POSIX-compliant threading
+package provided with HP-UX. (Other supported operating systems started
+using native threads in AFS 3.5.) See <A HREF="#HDRREQ_HP">Product Notes for HP-UX Systems</A>.
+<P><LI>There is a single edition of AFS 3.6, instead of separate United
+States and international editions as in previous releases. The United
+States government now permits export outside North America of the encryption
+software that the Update Server uses to protect user-level data. With
+AFS 3.6, cells outside North America can run a system control machine
+to distribute the contents of the <B>/usr/afs/etc</B> directory among
+server machines.
+<P>The AFS 3.6 distribution includes a single CD-ROM for each system
+type, which contains all AFS software. There is no CD-ROM labeled
+<B>Encryption Files</B> or <B>Domestic Edition</B> in the AFS
+3.6 distribution.
+<P>Because they were produced before the change in export restrictions, the
+<I>IBM AFS Administration Guide</I> and <I>IBM AFS Administration
+Reference</I> still distinguish between United States and international
+editions of AFS. However, AFS customers in any country can ignore the
+distinction and use the United States instructions if they choose.
+<P><LI>Support for volumes up to 8 GB in size. In previous versions of
+AFS, the limit was 2 GB.
+<P>Note that smaller volumes are still more practical than large ones in
+general. The larger a volume, the longer it takes to move or clone it,
+which introduces greater potential for an outage to halt the operation before
+it completes.
+<P><LI>Support for backing up AFS data to the Tivoli Storage Manager (TSM),
+formerly called the ADSTAR Distributed Storage Manager (ADSM). TSM
+implements the Open Group's Backup Service application programming
+interface (API), also called XBSA. Support for additional
+XBSA-compliant programs in future releases of AFS is possible. See <A HREF="#HDRTSM">Support for Backup to TSM</A>.
+<P><LI>A new command and new options to existing commands. See <A HREF="#HDRCMD-CHANGES">Changes to AFS Commands, Files, and Functionality</A>.
+</UL>
+<HR><H2><A NAME="HDRSYSTYPES" HREF="aurns002.htm#ToC_8">Supported System Types</A></H2>
+<P>AFS supports the following system types.
+<BR>
+<TABLE WIDTH="100%">
+<TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>alpha_dux40</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">DEC AXP system with one or more processors running Digital UNIX
+4.0d, 4.0e, or 4.0f
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>hp_ux110</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Hewlett-Packard system with one or more processors running the 32-bit or
+64-bit version of HP-UX 11.0
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>i386_linux22</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">IBM-compatible PC with one or more processors running Linux kernel
+version 2.2.5-15 (the version in Red Hat Linux 6.0),
+2.2.10, 2.2.12, 2.2.12-20 (the
+version in Red Hat Linux 6.1), 2.2.13, or
+2.2.14
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>rs_aix42</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">IBM RS/6000 with one or more 32-bit or 64-bit processors running AIX
+4.2, 4.2.1, 4.3, 4.3.1,
+4.3.2, or 4.3.3
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>sgi_65</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Silicon Graphics system with one or more processors running IRIX
+6.5 or 6.5.4. Support is provided for the
+following CPU board types, as reported by the IRIX <B>uname -m</B>
+command: IP19, IP20, IP21, IP22, IP25, IP26, IP27, IP28, IP30, IP32
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>sun4x_56</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Sun SPARCstation with one or more processors running Solaris 2.6
+</TD></TR><TR>
+<TD ALIGN="LEFT" VALIGN="TOP" WIDTH="20%"><B>sun4x_57</B>
+</TD><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="80%">Sun SPARCstation with one or more processors running the 32-bit or 64-bit
+version of Solaris 7
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRHWARE_REQS" HREF="aurns002.htm#ToC_9">Hardware and Software Requirements</A></H2>
+<P>For a list of requirements for both server and client
+machines, see the chapter titled <I>Installation Overview</I> in the
+<I>IBM AFS Quick Beginnings</I> document.
+<HR><H2><A NAME="HDRDOC" HREF="aurns002.htm#ToC_10">Accessing the AFS Binary Distribution and Documentation</A></H2>
+<P>The AFS Binary Distribution includes a separate CD-ROM for
+each supported operating system, containing all AFS binaries and files for
+both server and client machines, plus the documentation set in multiple
+formats. At the top level of the CD-ROM is a directory called
+<B>Documentation</B> plus a directory containing the system-specific AFS
+binaries, named using the values listed in <A HREF="#HDRSYSTYPES">Supported System Types</A>. The CD-ROM for some operating systems has more than
+one system-specific directory; for example, the Solaris CD-ROM has
+<B>sun4x_56</B> and <B>sun4x_57</B>.
+<P>The instructions in <A HREF="#HDRINSTALL">Upgrading Server and Client Machines to AFS 3.6</A> specify when to mount the CD-ROM and which files or
+directories to copy to the local disk or into an AFS volume.
+<P>The documents are also available online at <A
+HREF="http://www.transarc.com/Library/documentation/afs_doc.html"><B>http://www.transarc.com/Library/documentation/afs_doc.html</B></A>.
+The documentation set includes the following documents:
+<UL>
+<P><LI><I>IBM AFS Release Notes</I> (this document)
+<P><LI><I>IBM AFS Administration Guide</I> (called <I>AFS System
+Administrator's Guide</I> in previous releases)
+<P><LI><I>IBM AFS Administration Reference</I> (called <I>AFS Command
+Reference Manual</I> in previous releases)
+<P><LI><I>IBM AFS Quick Beginnings</I> (called <I>AFS Installation
+Guide</I> in previous releases)
+<P><LI><I>IBM AFS User Guide</I> (called <I>AFS User's Guide</I> in
+previous releases)
+</UL>
+<P>Documents are provided in the following formats:
+<UL>
+<P><LI>HTML, suitable for online viewing in a Web browser or other HTML viewer
+<P><LI>PDF, suitable for online viewing or for printing using the Acrobat Reader
+program from Adobe
+</UL>
+<P>If you do not already have the Acrobat Reader program, you can download it
+for free at <A
+HREF="http://www.adobe.com/products/acrobat/readstep.html"><B>http://www.adobe.com/products/acrobat/readstep.html</B></A>.
+<P>Adobe provides only an English-language version of Acrobat Reader for UNIX
+platforms. The program can display PDF files written in any
+language. It is the program interface (menus, messages, and so on) that
+is available in English only.
+<P>To make Reader's interface display properly in non-English language
+locales, use one of two methods to set the program's language environment
+to English:
+<UL>
+<P><LI>Set the LANG environment variable in the Reader initialization
+script. The advantage of this method is that it ensures proper behavior
+even when Reader is launched by other applications, such as a browser or an
+application's Help menu. Editing the script usually requires local
+superuser <B>root</B> privilege, however.
+<P>If your Reader distribution includes the script, it is installed by
+convention as <VAR>AcroRead_Dir</VAR><B>/bin/acroread</B>, where
+<VAR>AcroRead_Dir</VAR> is the installation directory for Reader files.
+<P>Add the following line to the script, directly after the
+<TT>#!/bin/sh</TT> statement:
+<PRE> LANG=C; export LANG
+</PRE>
+<P><LI>Set the LANG environment variable to the value <B>C</B> in the command
+shell before starting the Reader program. The following is the
+appropriate command for some shells.
+<PRE> % <B>setenv LANG C</B>
+</PRE>
+<P>Note that this setting affects all programs started in the command shell,
+with possibly undesirable results if they also use the LANG variable.
+The preceding method affects Reader only.
+</UL>
+<HR><H2><A NAME="HDRLIMITS" HREF="aurns002.htm#ToC_11">Product Notes</A></H2>
+<P>The following sections summarize limitations and
+requirements that pertain to all system types and to individual system types,
+and describe revisions to the AFS documents:
+<UL>
+<P><LI><A HREF="#HDRREQ_ALL">Product Notes for All System Types</A>
+<P><LI><A HREF="#HDRREQ_AIX">Product Notes for AIX Systems</A>
+<P><LI><A HREF="#HDRREQ_DUX">Product Notes for Digital UNIX Systems</A>
+<P><LI><A HREF="#HDRREQ_HP">Product Notes for HP-UX Systems</A>
+<P><LI><A HREF="#HDRREQ_IRIX">Product Notes for IRIX Systems</A>
+<P><LI><A HREF="#HDRREQ_LNX">Product Notes for Linux Systems</A>
+<P><LI><A HREF="#HDRREQ_SOL">Product Notes for Solaris Systems</A>
+<P><LI><A HREF="#HDRDOC_NOTES">Documentation Notes</A>
+</UL>
+<P><H3><A NAME="HDRREQ_ALL" HREF="aurns002.htm#ToC_12">Product Notes for All System Types</A></H3>
+<UL>
+<P><LI><B>Limit on number of file server machine interfaces</B>
+<P>AFS supports up to 15 addresses on a multihomed file server machine.
+If more interfaces are configured with the operating system, AFS uses only the
+first 15.
+<P><LI><B>Limit on number of client machine interfaces</B>
+<P>AFS supports up to 32 addresses on a multihomed client machine. Do
+not configure more interfaces.
+<P><LI><B>Limit on number of AFS server partitions</B>
+<P>AFS supports up to 256 server (<B>/vicep</B>) partitions on a file
+server machine. This corresponds to directory names <B>/vicepa</B>
+through <B>/vicepz</B> and <B>/vicepaa</B> through
+<B>/vicepiv</B>.
+<P><LI><B>Limit on number of file server machines</B>
+<P>The VLDB can store up to 255 server entries, each representing one file
+server machine (single- or multihomed). This effectively determines the
+maximum number of file server machines in the cell. To make room in the
+VLDB for new server entries, use the <B>vos changeaddr</B> command's
+<B>-remove</B> argument to remove the entries for decommissioned file
+server machines.
+<P><LI><B>Limit on file size</B>
+<P>AFS supports a maximum file size of 2 GB.
+<P><LI><B>Limit on volume and partition size</B>
+<P>AFS supports a maximum volume size of 8 GB. In AFS version
+3.5 and earlier, the limit is 2 GB. There is no limit on
+partition size other than the one imposed by the operating system.
+<P><LI><B>Limit on cache size</B>
+<P>AFS supports a maximum disk cache size of 1 GB. In AFS version
+3.1 and earlier, the limit is 700 MB.
+<P><LI><B>Limit on number of File Server threads</B>
+<P>The File Server (<B>fileserver</B> process) can use up to 128 threads,
+unless the operating system imposes a lower limit. Testing for the AFS
+3.6 GA release indicates that HP-UX sometimes imposes a lower limit,
+depending on the resources available on a machine. See <A HREF="#HDRREQ_HP">Product Notes for HP-UX Systems</A>.
+<P>The File Server always reserves seven threads for special uses, so the
+maximum effective value for the <B>fileserver</B> command's
+<B>-p</B> argument is seven less than the actual limit. On most
+systems, the effective maximum is therefore <B>121</B>.
+<P><LI><B>Limit on number of volume site definitions</B>
+<P>The VLDB entry for a volume can accommodate a maximum of 13 site
+definitions. The site housing the read/write and backup versions of the
+volume counts as one site, and each read-only site counts as an additional
+site (even the read-only site defined on the same partition as the read/write
+site counts as a separate site).
+<P><LI><B>No support for VxFS as server or cache partition</B>
+<P>AFS does not support use of the VxFS file system as either a client cache
+partition or server (<B>/vicep</B>) partition. It is acceptable to
+use both VxFS and AFS on the same machine, but the cache partition and all AFS
+server partitions must use a supported file system type such as UFS.
+See the following sections of this document for similar restrictions affecting
+particular operating systems.
+<P><LI><B>Run same version of a server process on all server machines</B>
+<P>For predictable performance, run the same version of an AFS server process
+on all server machines in a cell. For example, if you upgrade the
+Volume Location Server process on a database server machine to AFS 3.6,
+you must upgrade it on all of them. The upgrade instructions in <A HREF="#HDRINSTALL">Upgrading Server and Client Machines to AFS 3.6</A> have you upgrade the binaries for all server processes on
+all machines to the same version, and in general that is the best
+policy. Unless otherwise noted, it is acceptable to run different build
+levels of a major version on different machines (for example, AFS 3.5
+build 3.0 on one machine and AFS 3.5 build 3.11 on
+another).
+<P><LI><B>Single edition of AFS for all countries</B>
+<P>There is a single edition of AFS 3.6 for both North American and
+international customers. For details, see <A HREF="#HDRSUMMARY">Summary of New Features</A>.
+<P><LI><B>TSM is the supported XBSA server</B>
+<P>The AFS 3.6 Backup System can communicate with one XBSA server, the
+Tivoli Storage Manager (TSM). There are several requirements and
+limitations associated with its use, as detailed in <A HREF="#HDRTSM_REQ">Product Notes for Use of TSM</A>.
+<P><LI><B>Use Netscape 4.0 or higher</B>
+<P>If using a Netscape browser to read the HTML version of an AFS document,
+use version 4.0 or higher. Some fonts used in the documents
+possibly do not display properly in earlier versions.
+<P><LI><B>Set the Acrobat Reader environment to English</B>
+<P>The user interface to the Adobe Acrobat Reader program for displaying PDF
+files works correctly only when the program's language environment is set
+to English. Users in non-English language locales probably need to
+adjust the language setting. See <A HREF="#HDRDOC">Accessing the AFS Binary Distribution and Documentation</A>.
+<P><LI><B>No support for IPv6</B>
+<P>AFS does not support version 6 of the Internet Protocol (IPv6). You
+must continue to specify the IPv4 protocol names <TT>udp</TT> and
+<TT>tcp</TT> in the entries for AFS-modified services in the
+<B>inetd</B> configuration file, rather than the IPv6 names
+<TT>upd6</TT> and <TT>tcp6</TT>. If you use the IPv6 version, the
+AFS-modified <B>inetd</B> daemon cannot locate the service and does not
+open the service's port.
+<P>The <B>inetd</B> configuration file included with some operating system
+revisions possibly specifies IPv6 protocols by default. You must modify
+or replace the file in order to use the AFS-modified version of remote
+services.
+<P><LI><B>Limit on directory size when element names are long</B>
+<P>If the name of every file system element (file, link, or subdirectory) in a
+directory is 16 characters or more, then when there are about 31,700 elements
+it becomes impossible to create any more elements with long names. It
+is still possible to create elements with names shorter than 16
+characters. This limitation is due to the way AFS implements
+directories. For a more detailed explanation, contact your AFS product
+support representative.
+<P><LI><B>Setting setuid or setgid bit on file fails silently</B>
+<P>Only members of the <B>system:administrators</B> group can turn
+on the setuid or setgid mode bit on an AFS file or directory. However,
+AFS generates an error message only when a regular user attempts to set the
+bit on a directory. Attempts on a file fail silently.
+<P><LI><B>The add instruction in the uss bulk input file does not work as
+documented</B>
+<P>The documentation specifies the following syntax for creating an
+authentication-only account (entries in the Authentication and Protection
+Databases only) by using an <B>add</B> instruction in the <B>uss</B>
+bulk template file:
+<PRE> add <VAR>username</VAR>[:]
+</PRE>
+<P>However, you must in fact follow the <VAR>username</VAR> value with two
+colons for the <B>uss bulk</B> command to create the account:
+<PRE> add <VAR>username</VAR>::
+</PRE>
+<P><LI><B>Running the backup savedb command blocks other Backup System
+operations</B>
+<P>The Backup Server locks the Backup Database as it performs the <B>backup
+savedb</B> command, which can take a long time. Because other backup
+operations cannot access the database during this time, they appear to
+hang. Avoid running other backup operations after issuing the
+<B>backup savedb</B> command.
+<P>Actually, this limitation applies to any operation that locks the Backup
+Database for a significant amount of time, but most other operations do
+not. In any case, running the <B>backup savedb</B> command is
+appropriate only in the rare case when the Backup Database is corrupted, so
+this limitation usually does not have a significant impact.
+<P><LI><B>NFS/AFS Translator sometimes performs poorly under heavy load</B>
+<P>The NFS/AFS Translator does not always perform well under heavy
+load. Sometimes the translator machine hangs, and sometimes NFS client
+machines display the following error message.
+<PRE> NFS Stale File Handle
+</PRE>
+<P><LI><B>Sample files for package program not included</B>
+<P>The AFS distribution does not include the sample files referred to in the
+chapter of the <I>IBM AFS Administration Guide</I> about the
+<B>package</B> program (the files formerly installed by convention in the
+<B>etc</B>, <B>lib</B>, and <B>src</B> subdirectories of the
+<B>/afs/</B><VAR>cellname</VAR><B>/wsadmin</B> directory).
+<I>IBM AFS Quick Beginnings</I> therefore does not include instructions
+for installing the sample files. If you wish to use the
+<B>package</B> program and the discussion in the <I>IBM AFS
+Administration Guide</I> is not sufficient to guide you, contact your AFS
+product support representative for assistance.
+</UL>
+<P><H3><A NAME="HDRREQ_AIX" HREF="aurns002.htm#ToC_13">Product Notes for AIX Systems</A></H3>
+<UL>
+<P><LI><B>The klog command's -setpag flag is supported on AIX
+4.2.1 and 4.3.3 only</B>
+<P>To use the <B>klog</B> command's <B>-setpag</B> flag, you must
+install the indicated AIX APAR (Authorized Program Analysis Report), available
+from IBM, on a machine running the indicated AIX version:
+<UL>
+<P><LI>APAR IY07834 on AIX 4.2.1 machines
+<P><LI>APAR IY07835 on AIX 4.3.3 machines
+</UL>
+<P>To determine if the APAR is installed, issue the following command:
+<PRE> % <B>instfix -i -k</B> <VAR>APAR_identifier</VAR>
+</PRE>
+<P>IBM provides an APAR for the indicated (latest) AIX versions only.
+Therefore, the <B>-setpag</B> flag does not work correctly on machines
+running the base level of AIX 4.2 or 4.3, or AIX
+4.3.1 or 4.3.2.
+<P><LI><B>Change to AFS installation procedure for AIX
+4.3.3</B>
+<P>If version 4.3.3.0 or higher of the AIX
+<B>bos.rte.security</B> fileset is installed (usually true
+on a machine using the AIX 4.3.3 kernel), you must modify the
+procedure documented in <I>IBM AFS Quick Beginnings</I> for enabling
+integrated AFS login. Instead of editing the
+<B>/etc/security/login.cfg</B> file, you edit the
+<B>/usr/lib/security/methods.cfg</B> file.
+<P>To determine which version of the <B>bos.rte.security</B>
+fileset is installed, issue the following command:
+<PRE> # <B>lslpp -L bos.rte.security</B>
+</PRE>
+<P>The change affects Step 3 in the section titled <I>Enabling AFS Login on
+AIX Systems</I> in each of two chapters in <I>IBM AFS Quick
+Beginnings</I>: <I>Installing the First AFS Machine</I> and
+<I>Installing Additional Client Machines</I>. For the complete text
+of the modified step, see <A HREF="#HDRDOC_NOTES">Documentation Notes</A>.
+<P><LI><B>No support for the NFS/AFS Translator with base level of AIX
+4.2</B>
+<P>AFS does not support the use of machines running the base level of AIX
+4.2 as NFS/AFS Translator machines. The AFS distribution does
+not include the required kernel extensions file, formerly installed by
+convention as
+<B>/usr/vice/etc/dkload/afs.ext.trans</B>. Do not set
+the NFS variable to the value <B>$NFS_NFS</B> in the AFS initialization
+script (by convention, <B>/etc/rc.afs</B>).
+<P>Machines running AIX 4.2.1 and higher are supported as
+NFS/AFS Translator machines. They use the
+<B>afs.ext.iauth</B> kernel extensions file instead.
+<P><LI><B>NFS/AFS Translator cannot coexist with NFS/DFS Gateway</B>
+<P>A machine running AIX 4.2.1 or higher cannot act as both an
+NFS/AFS Translator and a NFS/DFS Gateway Server at the same time, because both
+translation protocols must have exclusive access to the AIX <B>iauth</B>
+interface. An attempt by either file system to access the
+<B>iauth</B> interface when the other file system is already using it
+fails with an error message.
+<P><LI><B>No support for NFS Version 3 software on NFS clients</B>
+<P>Do not run NFS Version 3 software on NFS client machines that use an
+NFS/AFS Translator machine running AIX. The NFS3 client software uses
+the <B>readdir+</B> NFS command on directories, which can cause excessive
+volume lookups on the translator machine. This can lead to timeouts,
+especially when used in the <B>/afs</B> directory or other directories
+with many volume mount points. Use NFS Version 2 instead.
+<P><LI><B>No support for Large File Enabled Journalled File System as AFS
+server partition</B>
+<P>AFS does not support use of AIX's Large File Enabled Journalled File
+System as an AFS server (<B>/vicep</B>) partition. If you configure
+a partition that uses that file system as an AFS server partition, the File
+Server ignores it and writes the following message to the
+<B>/usr/afs/logs/FileLog</B> file:
+<PRE> /vicep<VAR>xx</VAR> is a big files filesystem, ignoring it
+</PRE>
+<P>AFS supports use of the Large File Enabled Journalled File System as the
+cache partition on a client machine.
+<P><LI><B>PASSWORD_EXPIRES variable not set on AIX</B>
+<P>The AIX secondary authentication system does not support setting the
+PASSWORD_EXPIRES environment variable during login.
+<P><LI><B>The chuser, chfn and chsh commands are inoperative</B>
+<P>The <B>chuser</B>, <B>chfn</B>, and <B>chsh</B> commands are
+inoperative on AFS machines running AIX. AFS authentication uses the
+AIX secondary authentication system, and sets the <TT>registry</TT> variable
+in the <B>/etc/security/user</B> file to <TT>DCE</TT> for the default
+user. That is, the setting is
+<PRE> registry = DCE
+</PRE>
+<P>as described in the sections of <I>IBM AFS Quick Beginnings</I> that
+discuss enabling AFS login on AIX systems. However, when the
+<TT>registry</TT> variable has any value other than <TT>registry =
+files</TT>, AIX does not allow edits to <B>/etc/passwd</B> and related
+files, and so disallows the <B>chuser</B>, <B>chfn</B> and
+<B>chsh</B> commands. Attempts to edit entries by running these
+commands on the command line result in error messages like the
+following.
+<UL>
+<P><LI>From the <B>chuser</B> command:
+<PRE> You can only change the HOME directory on the name server.
+</PRE>
+<P><LI>From the <B>chfn</B> command:
+<PRE> You can only change the User INFORMATION on the name server.
+</PRE>
+<P><LI>From the <B>chsh</B> command:
+<PRE> You can only change the Initial PROGRAM on the name server.
+</PRE>
+</UL>
+<P>From within SMIT, using the <B>chuser</B> function results in an error
+message like the following:
+<P>
+<PRE> 3004-716: You can only change the HOME directory on the name server
+</PRE>
+<P>It is not possible for AFS Development to alter this behavior, because AIX
+imposes the restriction. Sites that wish to run these commands must
+develop a solution appropriate for their needs.
+</UL>
+<P><H3><A NAME="HDRREQ_DUX" HREF="aurns002.htm#ToC_14">Product Notes for Digital UNIX Systems</A></H3>
+<UL>
+<P><LI><B>No support for the NFS/AFS Translator</B>
+<P>AFS does not support use of Digital UNIX machines as NFS/AFS Translator
+machines.
+<P><LI><B>No support for AdvFS as server or cache partition</B>
+<P>AFS does not support use of Digital UNIX's Advanced File System
+(AdvFS) as either a client cache partition or a server (<B>/vicep</B>)
+partition. It is acceptable to use both AdvFS and AFS on the same
+machine, but the cache partition and all AFS server partitions must be UFS
+partitions.
+<P><LI><B>No support for real-time kernel preemption or related lock
+modes</B>
+<P>AFS does not function correctly on a Digital UNIX machine when real-time
+preemption of system calls is enabled in the kernel. Do not enable this
+feature in any manner, including the following:
+<UL>
+<P><LI>By including the following statement in the <B>/usr/sys/conf/AFS</B>
+file:
+<PRE> options RT_PREEMPT_OPT
+</PRE>
+<P><LI>By including either of the following instructions in the
+<B>/etc/sysconfigtab</B> file:
+<PRE> rt_preempt_opt=1
+ rt-preempt-opt=1
+</PRE>
+</UL>
+<P>Also, AFS does not function correctly when the value of the kernel
+<B>lockmode</B> option is other than <B>0</B> (zero, the default) or
+<B>2</B>. Lock mode values <B>1</B>, <B>3</B>, and
+<B>4</B> are unsupported because they imply that real-time preemption is
+enabled (indeed, enabling real-time preemption sets the lock mode to
+<B>1</B> automatically).
+<P><LI><B>Building AFS from source requires /usr/sys/AFS directory</B>
+<P>Building AFS from source for Digital UNIX requires that certain header
+files (such as <B>cpus.h</B>) reside in the local
+<B>/usr/sys/AFS</B> directory. This directory exists only if you
+have previously incorporated AFS modifications into the kernel of the machine
+on which you are performing the compilation. Otherwise, the required
+header files reside only in the local directory called
+<B>/usr/sys/</B><VAR>machine_name</VAR>.
+<P>If the <B>/usr/sys/AFS</B> directory does not exist, issue the
+following command to create it as a link:
+<PRE> # <B>ln -s /usr/sys/</B><VAR>machine_name</VAR> <B>/usr/sys/AFS</B>
+</PRE>
+<P>When the compilation is complete, remove the link.
+</UL>
+<P><H3><A NAME="HDRREQ_HP" HREF="aurns002.htm#ToC_15">Product Notes for HP-UX Systems</A></H3>
+<UL>
+<P><LI><B>No support for the NFS/AFS Translator</B>
+<P>AFS does not support use of HP-UX 11.0 machines as NFS/AFS
+Translator machines.
+<P><LI><B>Upgrade kernel extensions when upgrading the File Server</B>
+<P>The AFS 3.6 version of the File Server uses the native HP-UX
+threading package. When upgrading to the new File Server on a machine
+that previously ran File Server version 3.5 or earlier, you must also
+upgrade the AFS kernel extensions to the AFS 3.6 version.
+<P>For instructions on upgrading server and client machines, see <A HREF="#HDRINSTALL">Upgrading Server and Client Machines to AFS 3.6</A>.
+<P><LI><B>Possible lower limit on number of File Server threads</B>
+<P>On some machines, HP-UX reduces the number of threads available to the File
+Server to fewer than the AFS default of 128. To determine the maximum
+number of threads available to the File Server (or any single process) on an
+HP-UX machine, issue the following command:
+<PRE> % <B>getconf _SC_THREAD_THREADS_MAX</B>
+</PRE>
+<P>As on other system types, the HP-UX File Server reserves seven threads for
+special uses, so the maximum effective value for the <B>fileserver</B>
+command's <B>-p</B> argument is seven less than the number reported
+by the <B>getconf</B> command.
+<P><LI><B>PAM can succeed inappropriately when pam_dial_auth module is
+optional</B>
+<P>For AFS authentication to work correctly for a service, all entries for the
+service in the HP-UX PAM configuration file (<B>/etc/pam.conf</B>
+by convention) must have the value <TT>optional</TT> in the third field, as
+specified in <I>IBM AFS Quick Beginnings</I>. However, when you
+make the <B>login</B> entry that invokes the <B>pam_dial_auth</B>
+module optional in this way, it can mean that PAM succeeds (the user can
+login) even when the user does not meet all of the <B>pam_dial_auth</B>
+module's requirements. This is not usually considered
+desirable.
+<P>If you do not use dial-up authentication, comment out or remove the entry
+for the <B>login</B> service that invokes the <B>pam_dial_auth</B>
+module. If you do use dial-up authentication, you must develop a
+configuration that meets your needs; consult the HP-UX documentation for
+PAM and the <B>pam_dial_auth</B> module.
+<P><LI><B>HP patch PHCO_18572 enables PAM to change to home directory</B>
+<P>You must install Hewlett-Packard patch PHCO_18572 to enable HP-UX's
+standard PAM to change to a user's home directory during login.
+The patch is accessible for download via the UNIX File Transfer Protocol
+(<B>ftp</B>) at the following address:
+<DL>
+<DD><P><B>ftp://hpatlse.atl.hp.com/hp-ux_patches/s700_800/11.X/PHCO_18572</B>
+</DL>
+<P>The patch is also available from HP Electronic Support Centers at the
+following URLs.
+<UL>
+<P><LI>In the Americas and Asia Pacific: <A
+HREF="http://us-support.external.hp.com"><B>http://us-support.external.hp.com</B></A>
+<P><LI>In Europe: <A
+HREF="http://europe-support.external.hp.com"><B>http://europe-support.external.hp.com</B></A>
+</UL>
+</UL>
+<P><H3><A NAME="HDRREQ_IRIX" HREF="aurns002.htm#ToC_16">Product Notes for IRIX Systems</A></H3>
+<UL>
+<P><LI><B>kdump program does not work with dynamically loaded kernels</B>
+<P>The AFS kernel dump program, <B>kdump</B>, cannot retrieve kernel
+information from an IRIX system on which the dynamic kernel loader,
+<B>ml</B>, was used to load AFS extensions. The <B>kdump</B>
+program can read only static kernels into which AFS is built.
+<P><LI><B>No AFS-modified remote commands</B>
+<P>The AFS distribution for IRIX machines does not include AFS-modified
+versions of any of the remote (<B>r*</B>) commands except
+<B>inetd.afs</B>. Silicon Graphics has already modified the
+IRIX versions of the remote commands to be compatible with AFS.
+<P><LI><B>Do not run the fsr program</B>
+<P>Do not run the IRIX File System Reorganizer (<B>fsr</B> program) on a
+client cache partition (<B>/usr/vice/cache</B> directory or equivalent) or
+AFS server partition (<B>/vicep</B> directory). The program can
+corrupt or remove AFS data.
+<P><LI><B>The timed daemon runs by default</B>
+<P>The IRIX 6.5 distribution includes and starts the <B>timed</B>
+time-synchronization daemon by default. If you want to use the
+<B>runntp</B> program and the Network Time Protocol Daemon (NTPD) on AFS
+server machines, as documented in <I>IBM AFS Quick Beginnings</I>, issue
+the following commands. They disable the <B>timed</B> daemon and
+remove it from the machine's startup sequence.
+<PRE> # <B>/etc/chkconfig -f timed off</B>
+
+ # <B>/sbin/killall timed</B>
+</PRE>
+<P><LI><B>Default login program does not grant AFS tokens</B>
+<P>The IRIX 6.5 distribution includes the <B>clogin</B> program as
+the default login utility. This graphical utility does not grant AFS
+tokens. If you want your users to obtain tokens during login, you must
+disable the <B>clogin</B> program and substitute either the standard
+command-line <B>login</B> program or the <B>xdm</B> graphical login
+utility, both of which grant AFS tokens if AFS modifications have been
+incorporated into the kernel. Issue the following command to disable
+the <B>clogin</B> program.
+<PRE> # <B>/etc/chkconfig -f visuallogin off</B>
+</PRE>
+</UL>
+<P><H3><A NAME="HDRREQ_LNX" HREF="aurns002.htm#ToC_17">Product Notes for Linux Systems</A></H3>
+<UL>
+<P><LI><B>Supported kernel versions</B>
+<P>The General Availability release of AFS 3.6 supports Red Hat
+Software's Linux 6.0 (which incorporates kernel version
+2.2.5-15) and Linux 6.1 (which incorporates kernel
+version 2.2.12-20). The distribution also includes
+AFS kernel extensions for kernel versions 2.2.10,
+2.2.12, 2.2.13, and 2.2.14.
+The AFS initialization script included in the AFS 3.6 distribution
+automatically selects the appropriate kernel extensions for the kernel version
+in use on the local machine.
+<P>Red Hat Linux 6.0 and 6.1 include a compiled kernel, but for
+the other supported kernel versions you must obtain kernel source and compile
+the kernel yourself. In this case, you must use version
+2.7.2.3 or higher of the <B>gcc</B> program, which is
+part of the Linux distribution. Do not use other compilers.
+<P>The Linux kernel-building tools by default create a symmetric
+multiprocessor (SMP) kernel, which can run on both uniprocessor and
+multiprocessor machines. However, a uniprocessor machine generally
+performs best with a uniprocessor kernel.
+<P>You can obtain Linux kernel source via the UNIX File Transfer Protocol
+(<B>ftp</B>) at <B>ftp.kernel.org</B> or one of its
+mirror sites. There is also kernel upgrade information at <A
+HREF="http://www.kernel.org"><B>http://www.kernel.org</B></A>.
+<P><LI><B>AFS requires libc6</B>
+<P>For correct AFS performance, the operating system must use the C library
+called <B>libc6</B> (or <B>glibc2</B>), rather than <B>libc5</B>
+(<B>glibc1</B>).
+<P><LI><B>Modified insmod program required with some kernels</B>
+<P>If using an SMP kernel or a uniprocessor kernel configured to use more than
+1 GB of memory, you must use a modified version of the <B>insmod</B>
+program. You do not need the modified program if using a standard
+uniprocessor kernel.
+<P>You can download the modified <B>insmod</B> program at the following
+URLs:
+<UL>
+<P><LI><A
+HREF="http://www.transarc.com/Support/afs/index.html"><B>http://www.transarc.com/Support/afs/index.html</B></A>.
+See the <B>Downloads</B> section of the page. To comply with the
+GNU Public License (GPL), the download site also makes available the complete
+modified <B>insmod.c</B> source file and a source-code patch
+against the original <B>insmod.c</B> file.
+<P><LI><A
+HREF="http://www.pi.se/blox/modutils/index.html"><B>http://www.pi.se/blox/modutils/index.html</B></A>.
+Select the file listed at the top of the index. This is a site for
+Linux <B>modutils</B> source code.
+</UL>
+<P><LI><B>No support for the NFS/AFS Translator</B>
+<P>AFS does not support the use of Linux machines as NFS/AFS Translator
+machines.
+<P><LI><B>No AuthLog database</B>
+<P>The Authentication Server running on a Linux machine creates and writes
+messages to the <B>/usr/afs/logs/AuthLog</B> file, just as on other system
+types. However, it does not create or use the two files which
+constitute the auxiliary AuthLog database on other system types
+(<B>AuthLog.dir</B> and <B>AuthLog.pag</B>). The
+<B>kdb</B> command is therefore inoperative on Linux machines. The
+auxiliary database is useful mostly for debugging and is not required for
+normal operations.
+<P><LI><B>Curses utility required for monitoring programs</B>
+<P>For the <B>afsmonitor</B>, <B>scout</B> and <B>fms</B> programs
+to work properly, the dynamic library <B>/usr/lib/libncurses.so</B>
+must be installed on the machine. It is available in most Linux
+distributions.
+</UL>
+<P><H3><A NAME="HDRREQ_SOL" HREF="aurns002.htm#ToC_18">Product Notes for Solaris Systems</A></H3>
+<UL>
+<P><LI><B>Different location for 64-bit Solaris 7 kernel extensions</B>
+<P>
+<P>As noted in <A HREF="#HDRINSTALL">Upgrading Server and Client Machines to AFS 3.6</A>, the 64-bit version of Solaris 7 uses a different
+location for kernel extension library files than previous versions of
+Solaris: <B>/kernel/fs/sparcv9/afs</B>. The 32-bit
+version of Solaris 7 uses the same location as Solaris 2.6,
+<B>/kernel/fs/afs</B>.
+<P><LI><B>SunSoft Patch 106541 for Solaris 7 replaces the /sbin/mountall
+script</B>
+<P>As part of replacing the standard <B>fsck</B> program on an AFS file
+server machine that runs Solaris, you make two changes in the
+<B>/sbin/mountall</B> script. If you use Solaris 7 and apply
+SunSoft Patch 10654, it replaces the <B>/sbin/mountall</B> script.
+This has two implications:
+<OL TYPE=1>
+<P><LI>If you apply the patch on an existing file server machine, the changes you
+already made in the <B>/sbin/mountall</B> script are overwritten.
+You must make the changes again in the new (replacement) script.
+<P><LI>In the replacement script, the appearance of one of the sections of code
+that you must alter is different than in the original script and as specified
+in <I>IBM AFS Quick Beginnings</I>.
+</OL>
+<P>For more details, see <A HREF="#HDRDOC_NOTES">Documentation Notes</A>.
+<P><LI><B>PAM can succeed inappropriately when pam_dial_auth module is
+optional</B>
+<P>For AFS authentication to work correctly for a service, all entries for the
+service in the Solaris PAM configuration file (<B>/etc/pam.conf</B>
+by convention) must have the value <TT>optional</TT> in the third field, as
+specified in <I>IBM AFS Quick Beginnings</I>. However, when you
+make the <B>login</B> entry that invokes the <B>pam_dial_auth</B>
+module optional in this way, it can mean that PAM succeeds (the user can
+login) even when the user does not meet all of the <B>pam_dial_auth</B>
+module's required conditions. This is not usually considered
+desirable.
+<P>If you do not use dial-up authentication, comment out or remove the entry
+for the <B>login</B> service that invokes the <B>pam_dial_auth</B>
+module. If you do use dial-up authentication, you must develop a
+configuration that meets your needs; consult the Solaris documentation
+for PAM and the <B>pam_dial_auth</B> module.
+<P>The AFS Development group has filed a Request for Enhancement (RFE
+#4122186) with SunSoft for a design change that eliminates this problem with
+the <B>pam_dial_auth</B> module. There is no projected solution
+date. For further information, contact your AFS product support
+representative.
+<P><LI><B>Solaris 2.6 patches are required for CDE</B>
+<P>There were several defects in the initial release of the Solaris 2.6
+implementation of the Common Desktop Environment (CDE). They prevented
+integrated AFS login from working consistently under CDE. SunSoft now
+provides patches that correct the problems. You must install them in
+order to obtain support for use of CDE from your AFS product support
+representative.
+<UL>
+<P><LI>If using version 1.2 of the Solaris CDE, install SunSoft patches
+105703-03 and 106027-01 (or later revisions).
+<P><LI>If using version 1.3 of the Solaris CDE, which is included on the
+SDE CD-ROM, install SunSoft patch 106661-04 (or a later
+revision).
+</UL>
+<P>Use the following command to determine which version of CDE you are
+running:
+<PRE> % <B>pkginfo -l SUNWdtdte</B>
+</PRE>
+</UL>
+<P><H3><A NAME="HDRDOC_NOTES" HREF="aurns002.htm#ToC_19">Documentation Notes</A></H3>
+<UL>
+<P><LI><B>Instructions for international edition of AFS are obsolete</B>
+<P>As noted in <A HREF="#HDRSUMMARY">Summary of New Features</A>, the <I>IBM AFS Administration Guide</I> and <I>IBM
+AFS Administration Reference</I> distinguish between United States and
+international editions of AFS, because the documents were produced before a
+relaxation of United States government export restrictions. AFS
+3.6 includes just one edition. AFS customers in any country can
+ignore the documented distinction between editions and use the United States
+instructions if they choose.
+<P><LI><B>Clarification on obtaining technical support</B>
+<P>The AFS documents refer you to the <I>AFS Product Support group</I> for
+technical assistance with AFS problems and questions. This is intended
+to be a generic term. To learn how to obtain technical support, consult
+your AFS license agreement or other materials from your AFS vendor.
+<P><LI><B>Change to</B> <I>IBM AFS Quick Beginnings</I> <B>instructions
+for enabling AFS login on AIX machines</B>
+<P>If version 4.3.3.0 or higher of the AIX
+<B>bos.rte.security</B> fileset is installed (usually true
+on a machine using the AIX 4.3.3 kernel), edit the
+<B>/usr/lib/security/methods.cfg</B> file instead of the
+<B>/etc/security/login.cfg</B> file as documented in <I>IBM AFS
+Quick Beginnings</I>.
+<P>The change affects Step 3 in the section titled <I>Enabling AFS Login on
+AIX Systems</I> in each of two chapters in <I>IBM AFS Quick
+Beginnings</I>: <I>Installing the First AFS Machine</I> and
+<I>Installing Additional Client Machines</I>. The corrected text
+follows.
+<P>
+<P>Create or edit the <TT>DCE</TT> and <TT>AFS</TT> stanzas in one of two
+files on the local disk:
+<UL>
+<P><LI>The <B>/usr/lib/security/methods.cfg</B> file, if version
+4.3.3.0 or higher of the AIX
+<B>bos.rte.security</B> fileset is installed on the machine
+(usually true on a machine using the AIX 4.3.3 kernel)
+<P><LI>The <B>/etc/security/login.cfg</B> file, if an earlier version
+of the fileset is installed
+</UL>
+<P>Edit the stanzas as follows:
+<UL>
+<P><LI>In the <TT>DCE</TT> stanza, set the <TT>program</TT> attribute as
+indicated.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE> DCE:
+ program = /usr/vice/etc/afs_dynamic_auth
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE> DCE:
+ program = /usr/vice/etc/afs_dynamic_kerbauth
+</PRE>
+<P><LI>In the <TT>AFS</TT> stanza, set the <TT>program</TT> attribute as
+indicated.
+<P>If you use the AFS Authentication Server (<B>kaserver</B>
+process):
+<PRE> AFS:
+ program = /usr/vice/etc/afs_dynamic_auth
+</PRE>
+<P>If you use a Kerberos implementation of AFS authentication:
+<PRE> AFS:
+ program = /usr/vice/etc/afs_dynamic_kerbauth
+</PRE>
+</UL>
+<P><LI><B>Change to</B> <I>IBM AFS Quick Beginnings</I> <B>instructions
+for replacing Solaris fsck program</B>
+<P>In two sections of <I>IBM AFS Quick Beginnings</I>, there are
+instructions for editing the <B>/sbin/mountall</B> script on Solaris
+machines as part of replacing the standard <B>fsck</B> program. The
+two sections are <I>Configuring the AFS-modified fsck Program on Solaris
+Systems</I> in the chapter about the first AFS machine and <I>Getting
+Started on Solaris Systems</I> in the chapter about additional server
+machines.
+<P>If you use Solaris 7 and apply SunSoft Patch 10654, it replaces the
+<B>/sbin/mountall</B> script. In the replacement script, the
+appearance of one of the sections of code that you must alter is different
+than in the original script and as specified in <I>IBM AFS Quick
+Beginnings</I>, which is as follows:
+<PRE> # For fsck purposes, we make a distinction between ufs and
+ # other file systems
+ #
+ if [ "$fstype" = "ufs" ]; then
+ ufs_fscklist="$ufs_fscklist $fsckdev"
+ saveentry $fstype "$OPTIONS" $special $mountp
+ continue
+ fi
+</PRE>
+<P>In the replacement script, the code is instead similar to the
+following:
+<PRE> # For fsck purposes, we make a distinction between ufs and
+ # other file systems. Here we check that the file system is
+ # not mounted using fsck -m before adding it to the list to
+ # be checked
+ #
+ if [ "$fstype" = "ufs" ]; then
+ /usr/sbin/fsck -m -F $fstype $fsckdev >/dev/null 2>&1
+ if [ $? != 33 ]; then
+ ufs_fscklist="$ufs_fscklist $fsckdev"
+ saveentry $fstype "$OPTIONS" $special $mountp
+ continue
+ else
+ echo "$fsckdev already mounted"
+ continue
+ fi
+ fi
+
+</PRE>
+<P>You still need to change the first <TT>if</TT> statement (the one
+directly after the comment) to check for both the UFS and AFS file system
+types, as specified in <I>IBM AFS Quick Beginnings</I>:
+<PRE> if [ "$fstype" = "ufs" -o "$fstype" = "afs" ]; then
+</PRE>
+<P><LI><B>Correction to</B> <I>IBM AFS Quick Beginnings</I>
+<B>instructions for accessing AFS documents</B>
+<P>The section of <I>IBM AFS Quick Beginnings</I> titled <I>Storing AFS
+Documents in AFS</I> (in the chapter about the first AFS machine)
+incorrectly describes the organization of the top-level
+<B>Documentation</B> directory on the AFS CD-ROM. It states that
+there is a subdirectory for each document format. Instead, there is a
+subdirectory for each language in which the documents are available, named
+using the following codes:
+<DL>
+<DD><P><B>de_DE</B> for German
+<DD><P><B>en_US</B> for United States English
+<DD><P><B>es_ES</B> for Spanish
+<DD><P><B>ko_KR</B> for Korean
+<DD><P><B>pt_BR</B> for Brazilian Portuguese
+<DD><P><B>zh_CN</B> for Simplified Chinese
+<DD><P><B>zh_TW</B> for Traditional Chinese
+</DL>
+<P>In each language directory is a subdirectory for each available document
+format. In each format directory is a subdirectory for each
+document. For example, the path on the CD-ROM to the English-language
+HTML version of the <I>IBM AFS Quick Beginnings</I> is
+<B>Documentation/en_US/HTML/QkBegin</B>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Not all documents are available in every language, as determined by the IBM
+translation center responsible for each language. All documents are
+available in English.
+</TD></TR></TABLE>
+<P>Assuming that you want to install the documentation for one language only,
+substitute the following text for Step 5 in the instructions in <I>Storing
+AFS Documents in AFS</I>:
+<P>
+<P>Copy the AFS documents in one or more formats from the CD-ROM into
+subdirectories of the <B>/afs/</B><VAR>cellname</VAR><B>/afsdoc</B>
+directory. Repeat the commands for each format.
+<PRE> # <B>mkdir</B> <VAR>format_name</VAR>
+
+ # <B>cd</B> <VAR>format_name</VAR>
+
+ # <B>cp -rp /cdrom/Documentation/</B><VAR>language_code</VAR><B>/</B><VAR>format</VAR> <B>.</B>
+</PRE>
+<P>If you choose to store the HTML version of the documents in AFS, note that
+in addition to a subdirectory for each document there are several files with a
+<B>.gif</B> extension, which enable readers to move easily between
+sections of a document. The file called <B>index.htm</B> is
+an introductory HTML page that contains a hyperlink to each of the
+documents. For online viewing to work properly, these files must remain
+in the top-level HTML directory (the one named, for example,
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/HTML</B>).
+<P><LI><B>Revised reference page for NetRestrict files</B>
+<P>The <I>IBM AFS Administration Guide</I> and <I>IBM AFS Administration
+Reference</I> incorrectly state that the value <B>255</B> acts as a
+wildcard in IP addresses that appear in the <B>NetRestrict</B> file
+(client or server version). Wildcarding does not work and is not
+supported. For corrected documentation, see <A HREF="#HDRCLI_NETRESTRICT">NetRestrict (client version)</A> and <A HREF="#HDRSV_NETRESTRICT">NetRestrict (server version)</A>.
+<P><LI><B>Revised reference pages for backup commands and configuration
+file</B>
+<P>The <I>IBM AFS Administration Guide</I> and <I>IBM AFS Administration
+Reference</I> do not document the interoperation of the AFS Backup System
+and the Tivoli Storage Manager (TSM), because support for TSM was added after
+the documents were produced.
+<P>For a complete description of the new TSM-related features and
+configuration procedures, see <A HREF="#HDRTSM">Support for Backup to TSM</A> and the indicated reference pages:
+<DL>
+<DD><P><A HREF="#HDRBK_DELETEDUMP">backup deletedump</A>
+<DD><P><A HREF="#HDRBK_DUMPINFO">backup dumpinfo</A>
+<DD><P><A HREF="#HDRBK_STATUS">backup status</A>
+<DD><P><A HREF="#HDRCFG">CFG_<I>tcid</I></A>
+</DL>
+<P><LI><B>Revised reference page for vos delentry command</B>
+<P>The <I>IBM AFS Administration Guide</I> and <I>IBM AFS Administration
+Reference</I> incorrectly state that the <B>vos delentry</B> command
+accepts the name or volume ID number of any type of volume (read/write,
+read-only, or backup). In fact, it accepts only a read/write
+volume's name or ID. Because a single VLDB entry represents all
+versions of a volume (read/write, readonly, and backup), the command removes
+the entire entry even though only the read/write volume is specified.
+For complete documentation, see <A HREF="#HDRVOS_DELENTRY">vos delentry</A>.
+</UL>
+<HR><H2><A NAME="HDRCMD-CHANGES" HREF="aurns002.htm#ToC_20">Changes to AFS Commands, Files, and Functionality</A></H2>
+<P>This section briefly describes commands, command
+options, and functionality that are new or changed in AFS 3.6.
+Unless otherwise noted, the <I>IBM AFS Administration Guide</I> and
+<I>IBM AFS Administration Reference</I> include complete documentation of
+these items.
+<P><H3><A NAME="Header_21" HREF="aurns002.htm#ToC_21">A New Command</A></H3>
+<P>AFS 3.6 includes the new <B>fs flushmount</B>
+command. The command's intended use is to discard information
+about mount points that has become corrupted in the cache. The next
+time an application accesses the mount point, the Cache Manager must fetch the
+most current version of it from a File Server. Data cached from files
+or directories in the volume is not affected. The only other way to
+discard the information is to reinitialize the Cache Manager by rebooting the
+machine.
+<P>Symptoms of a corrupted mount point included garbled output from the
+<B>fs lsmount</B> command, and failed attempts to change directory to or
+list the contents of the volume root directory represented by the mount
+point.
+<P><H3><A NAME="HDRNEW_CMDS" HREF="aurns002.htm#ToC_22">New File or Command Functionality</A></H3>
+<P>AFS 3.6 adds the following new options and
+functionality to existing commands and files.
+<UL>
+<P><LI><B>Changes that support XBSA servers</B>
+<P>Several <B>backup</B> commands and configuration files include new
+features that support backup to XBSA servers such as TSM. See <A HREF="#HDRTSM_NEW">New Command and File Features that Support TSM</A>.
+<P><LI><B>New instructions in the CFG_</B><VAR>tcid</VAR> <B>file</B>
+<P>There are new instructions in the <B>CFG_</B><VAR>tcid</VAR> file that
+apply to all types of backup media: <B>CENTRALLOG</B>,
+<B>GROUPID</B>, <B>LASTLOG</B>, <B>MAXPASS</B>, and
+<B>STATUS</B>. (There are also new instructions that apply only to
+XBSA servers, as documented in <A HREF="#HDRTSM_NEW">New Command and File Features that Support TSM</A>.)
+<P>The new instructions are not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRCFG">CFG_<I>tcid</I></A>. (Note that this is a new way of referring to this
+file, called <B>CFG_</B><VAR>device_name</VAR> in the <I>IBM AFS
+Administration Guide</I> and <I>IBM AFS Administration
+Reference</I>. For a Tape Coordinator that communicates with an XBSA
+server, the variable part of the filename is a port offset number rather than
+a device name, so the more generic <VAR>tcid</VAR> is a better description of
+possible values in this part of the filename.)
+<P><LI><B>New -temporary flag to backup addvolset command</B>
+<P>The <B>backup addvolset</B> command has a new <B>-temporary</B>
+flag. A temporary volume set is not recorded in the Backup Database and
+exists only during the lifetime of the interactive session in which it is
+created.
+<P><LI><B>New options to the backup deletedump command</B>
+<P>There are new options to the <B>backup deletedump</B> command:
+the <B>-groupid</B> argument specifies the group ID number associated with
+the dump records to delete, and the <B>-noexecute</B> flag displays a list
+of the records to be deleted rather than actually deleting them. (There
+are also new options that apply only to records for data dumped to an XBSA
+server, as documented in <A HREF="#HDRTSM_NEW">New Command and File Features that Support TSM</A>.)
+<P>The new options are not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRBK_DELETEDUMP">backup deletedump</A>.
+<P><LI><B>New output from the backup dumpinfo command</B>
+<P>When both the <B>-id</B> and <B>-verbose</B> options to the
+<B>backup dumpinfo</B> command are provided, the output is divided into
+several sections. In the first section, headed by the label
+<TT>Dump</TT>, the new <TT>Group id</TT> field replaces the <TT>id</TT>
+field that previously appeared about halfway down the list of fields (the
+first field in the section is still labeled <TT>id</TT>). The
+<TT>Group id</TT> field reports the dump's group ID number, which is
+recorded in the Backup Database if the <B>GROUPID</B> instruction appears
+in the Tape Coordinator's <B> /usr/afs/backup/CFG_</B><VAR>tcid</VAR>
+file when the dump is created.
+<P>(The command's output also includes a new message that reports whether
+the dump data is stored on an XBSA server, as detailed in <A HREF="#HDRTSM_NEW">New Command and File Features that Support TSM</A>.)
+<P>The new output is not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRBK_DUMPINFO">backup dumpinfo</A>.
+<P><LI><B>BOS Server sends additional field to notifier programs</B>
+<P>The AFS 3.6 BOS Server sends additional information to notifier
+programs when an AFS server process exits. The <B>bnode_proc</B>
+structure now includes the <B>lastExit</B> field, which reports the exit
+code associated with the process's most recent exit. Previously,
+the only information about exit codes available to the notifier program was in
+the <B>bnode</B> structure's <B>errorCode</B> field, which
+records the exit code generated when the process last exited due to an
+error. The BOS Server does not clear the <B>errorCode</B> field, so
+the value set at the last exit due to error is reported even for exits that
+are not due to error.
+<P>If your notifier program currently checks the <B>errorCode</B> field
+but you really want a notification only when the most recent exit is due to an
+error, change the program to check the <B>lastExit</B> field in the
+<B>bnode_proc</B> structure instead. An error code appears in the
+<B>lastExit</B> field only if the most recent exit really was due to an
+error (in which case the same code also appears in the <B>errorCode</B>
+field).
+<P>The <B>bos create</B> command's reference page in the <I>IBM AFS
+Administration Reference</I> describes all of the fields that the BOS Server
+can include in the <B>bnode_proc</B> and <B>bnode</B>
+structures. As noted there, the BOS Server does not necessarily include
+every field in the structures it sends to a notifier program, because some of
+them are for internal use. For best results, the notifier program must
+correctly handle the absence of a field that it expects to find.
+<P><LI><B>Only administrators can use kas examine command's -showkey
+flag</B>
+<P>As in AFS 3.5, the AFS 3.6 Authentication Server does not
+require that you disable authorization checking on its database server machine
+before it returns the octal digits that constitute the encrypted password or
+key stored in an Authentication Database entry, which was the requirement with
+earlier versions of AFS. Instead, it always returns the octal digits,
+as long as the connection between the <B>kas</B> command interpreter and
+Authentication Server is encrypted. AFS 3.5 introduced the
+<B>-showkey</B> flag to make the <B>kas examine</B> command display
+the octal digits.
+<P>This change in requirements creates a potential security exposure, however,
+in that earlier versions of the <B>kas examine</B> command always display
+the octal digits (instead of a checksum) when directed to an AFS 3.5 or
+3.6 Authentication Server. To eliminate this exposure, in AFS
+3.6 the Authentication Server returns octal digits only for a principal
+that has the <TT>ADMIN</TT> flag in its Authentication Database
+entry.
+<P>The main effect of the new requirement is that only administrators can
+include the <B>-showkey</B> flag on the AFS 3.6 <B>kas
+examine</B> command. It does not effectively change the privilege
+required to display the octal digits when using versions of the <B>kas
+examine</B> command before AFS 3.5 Patch 2 (build level
+<B>afs3.5 3.17</B>), because it was assumed with earlier
+versions that only administrators were able to disable authorization
+checking. It also does not affect the automated installation and
+configuration tool provided for AFS for Windows, which still can be used only
+by administrators.
+<P><LI><B>The vos delentry command accepts only read/write volume names</B>
+<P>The AFS 3.6 version of the <B>vos delentry</B> command accepts
+only read/write volume names or volume ID numbers as values for its
+<B>-id</B> or <B>-prefix</B> arguments. The new restriction is
+not documented in the <I>IBM AFS Administration Guide</I> or <I>IBM AFS
+Administration Reference</I>. See <A HREF="#HDRVOS_DELENTRY">vos delentry</A>.
+</UL>
+<HR><H2><A NAME="HDRTSM" HREF="aurns002.htm#ToC_23">Support for Backup to TSM</A></H2>
+<P>AFS 3.6 introduces support for backing up AFS data to
+media managed by the Tivoli Storage Manager (TSM), a third-party backup
+program which implements the Open Group's Backup Service application
+programming interface (API), also called <I>XBSA</I>. TSM was
+formerly called the ADSTAR Distributed Storage Manager, or ADSM. It is
+assumed that the administrator is familiar with TSM; explaining TSM or
+XBSA concepts or terminology is beyond the scope of this document.
+<P>See the following subsections:
+<UL>
+<P><LI><A HREF="#HDRTSM_NEW">New Command and File Features that Support TSM</A>
+<P><LI><A HREF="#HDRTSM_REQ">Product Notes for Use of TSM</A>
+<P><LI><A HREF="#HDRTSM_CONFIG">Configuring the Backup System and TSM</A>
+</UL>
+<P><H3><A NAME="HDRTSM_NEW" HREF="aurns002.htm#ToC_24">New Command and File Features that Support TSM</A></H3>
+<P>The AFS 3.6 version of the following commands and
+configuration files include new options or instructions to support backup to
+TSM.
+<UL>
+<P><LI><B>New XBSA-related instructions in the CFG_</B><VAR>tcid</VAR>
+<B>file</B>
+<P>Several new or modified instructions in the <B>CFG_</B><VAR>tcid</VAR>
+file support backup of AFS data to XBSA servers such as TSM:
+<B>MGMTCLASS</B>, <B>NODE</B>, <B>PASSFILE</B>,
+<B>PASSWORD</B>, <B>SERVER</B>, and <B>TYPE</B>. (There are
+also new instructions that apply to automated tape devices and backup data
+files as well as XBSA servers, as detailed in <A HREF="#HDRNEW_CMDS">New File or Command Functionality</A>.)
+<P>The new instructions are not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRCFG">CFG_<I>tcid</I></A>. (Note that this is a new way of referring to this
+file, called <B>CFG_</B><VAR>device_name</VAR> in the <I>IBM AFS
+Administration Guide</I> and <I>IBM AFS Administration
+Reference</I>. For a Tape Coordinator that communicates with XBSA
+server such as TSM, the variable part of the filename is a port offset number
+rather than a device name, so the more generic <VAR>tcid</VAR> is a better
+description of possible values in this part of the filename.)
+<P><LI><B>New options to the backup deletedump command</B>
+<P>The <B>backup deletedump</B> command has new options that enable you to
+delete dump records stored on an XBSA server such as TSM, as well as the
+corresponding Backup Database records:
+<UL>
+<P><LI>The <B>-dbonly</B> flag deletes Backup Database records without
+attempting to delete the corresponding records stored on the XBSA
+server.
+<P><LI>The <B>-force</B> flag deletes Backup Database records even if it is
+not possible to delete the corresponding records stored on the XBSA
+server.
+<P><LI>The <B>-port</B> argument identifies the Tape Coordinator that
+communicates with the XBSA server on which to delete records.
+</UL>
+<P>There are also two new options that apply to automated tape devices and
+backup data files as well as XBSA servers, as detailed in <A HREF="#HDRNEW_CMDS">New File or Command Functionality</A>.
+<P>The new options are not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRBK_DELETEDUMP">backup deletedump</A>.
+<P><LI><B>New output from the backup dumpinfo command</B>
+<P>When the <B>-id</B> option is provided to the <B>backup
+dumpinfo</B> command, the following line appears in the output if a TSM
+server was the backup medium for the dump:
+<PRE> Backup Service: TSM: Server: <VAR>hostname</VAR>
+</PRE>
+<P>where <VAR>hostname</VAR> is the name of the TSM server machine.
+(There is also new output for dumps to all types of backup media, as detailed
+in <A HREF="#HDRNEW_CMDS">New File or Command Functionality</A>.)
+<P>The new output is not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRBK_DUMPINFO">backup dumpinfo</A>.
+<P><LI><B>New output from the backup status command</B>
+<P>If the Tape Coordinator is communicating with a TSM server, the following
+message appears last in the output from the <B>backup status</B>
+command:
+<PRE> TSM Tape coordinator
+</PRE>
+<P>The new output is not documented in the <I>IBM AFS Administration
+Guide</I> or <I>IBM AFS Administration Reference</I>. See <A HREF="#HDRBK_STATUS">backup status</A>.
+</UL>
+<P><H3><A NAME="HDRTSM_REQ" HREF="aurns002.htm#ToC_25">Product Notes for Use of TSM</A></H3>
+<UL>
+<P><LI><B>Supported Tape Coordinator machine types</B>
+<P>To communicate with a TSM server, the Tape Coordinator must run on a
+machine that uses one of the following operating systems: AIX 4.3
+or higher, Solaris 2.6, Solaris 7.
+<P><LI><B>Supported version of TSM API</B>
+<P>The AFS 3.6 Tape Coordinator uses version 3.7.1
+(Version 3, Release 7) of the TSM client API. Use of other versions of
+the API is not supported or tested. For instructions on obtaining the
+API, see <A HREF="#HDRTSM_CONFIG">Configuring the Backup System and TSM</A>.
+<P><LI><B>CFG_</B><VAR>tcid</VAR> <B>file is required for TSM servers</B>
+<P>To communicate with a TSM server, a Tape Coordinator must have a
+<B>CFG_</B><VAR>tcid</VAR> file that includes the following fields:
+<B>SERVER</B>, <B>TYPE</B>, and <B>PASSWORD</B> or
+<B>PASSFILE</B>. For instructions on creating the file, see <A HREF="#HDRTSM_CONFIG">Configuring the Backup System and TSM</A>.
+<P><LI><B>No entry in tapeconfig file for TSM servers</B>
+<P>Do not create an entry in the <B>/usr/afs/backup/tapeconfig</B> file
+for a Tape Coordinator that communicates with an XBSA server such as
+TSM. Creating the <B>CFG_</B><VAR>tcid</VAR> file is
+sufficient.
+<P><LI><B>Acceptable value for the TYPE instruction</B>
+<P>In AFS 3.6, there is one acceptable value for the <B>TYPE</B>
+instruction in the <B>CFG_</B><VAR>tcid</VAR> file:
+<B>tsm</B>.
+<P><LI><B>TSM node name must be defined</B>
+<P>If the <B>NODE</B> instruction is not included in the
+<B>/usr/afs/backup/CFG_</B><VAR>tcid</VAR> file, the TSM
+<B>dsm.sys</B> file must define a value for the NODENAME
+variable.
+<P><LI><B>Unsupported backup commands and options</B>
+<P>The following commands are not supported for XBSA servers such as
+TSM. In other words, the commands fail with an error message when their
+<B>-port</B> argument specifies a Tape Coordinator that communicates with
+an XBSA server:
+<UL>
+<P><LI><B>backup labeltape</B>
+<P><LI><B>backup readlabel</B>
+<P><LI><B>backup restoredb</B>
+<P><LI><B>backup savedb</B>
+<P><LI><B>backup scantape</B>
+</UL>
+<P>In addition, the <B>-append</B> flag to the <B>backup dump</B>
+command is ignored when the <B>-port</B> argument specifies a Tape
+Coordinator that communicates with an XBSA server (the notion of appended
+dumps does not apply to XBSA servers).
+</UL>
+<P><H3><A NAME="HDRTSM_CONFIG" HREF="aurns002.htm#ToC_26">Configuring the Backup System and TSM</A></H3>
+<P>Perform the following steps to configure TSM and the
+AFS Backup System for interoperation.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You possibly need to perform additional TSM configuration procedures
+unrelated to AFS. See the TSM documentation.
+</TD></TR></TABLE>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B>, if you are not already.
+<P>
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Install version 3.7.1 of the TSM client API on the local
+disk of the Tape Coordinator machine. If you do not already have the
+API, you can use the following instructions to download it using the UNIX File
+Transfer Protocol (<B>ftp</B>).
+<OL TYPE=a>
+<P><LI>Verify that there is enough free space on the local disk to accommodate
+the API package:
+<UL>
+<P><LI>On AIX systems, 4 MB on the disk that houses the <B>/usr/tivoli</B>
+directory
+<P><LI>On Solaris systems, 13 MB on the disk that houses the
+<B>/opt/tivoli</B> directory
+</UL>
+<P><LI>Connect to the <B>ftp</B> server called
+<B>ftp.software.ibm.com</B>, logging in as
+<B>anonymous</B> and providing your electronic mail address as the
+password.
+<P><LI>Switch to binary mode.
+<PRE> ftp> <B>bin</B>
+</PRE>
+<P><LI>Change directory as indicated:
+<PRE> ftp> <B>cd storage/tivoli-storage-management-maintenance/client/v3r7</B>
+</PRE>
+<P><LI>Change to the appropriate directory and retrieve the API file.
+<UL>
+<P><LI>On an AIX 4.3 system:
+<PRE> ftp> <B>cd AIX/v371</B>
+ ftp> <B>get tivoli.tsm.client.api.aix43.32bit</B>
+</PRE>
+<P><LI>On a Solaris 2.6 or 7 system:
+<PRE> ftp> <B>cd Solaris/v371</B>
+ ftp> <B>get IP21804.tar.Z</B>
+</PRE>
+</UL>
+<P><LI>Use the appropriate tool to install the TSM API package locally:
+<UL>
+<P><LI>On AIX machines, use <B>smit</B>, which installs the files in the
+<B>/usr/tivoli/tsm/client/api/bin</B> directory
+<P><LI>On Solaris machines, use the following command, which installs the files
+in the <B>/opt/tivoli/tsm/client/api/bin</B> directory:
+<PRE> # <B>uncompress IP21804.tar.Z | tar xvf -</B>
+</PRE>
+</UL>
+</OL>
+<P><LI>Set the following TSM environment variables as indicated. If you do
+not set them, you must use the default values specified in the TSM
+documentation.
+<DL>
+<P><DT><B>DSMI_DIR
+</B><DD>Specifies the pathname of the directory that contains the TSM client
+system options file, <B>dsm.sys</B>. The directory must have
+a subdirectory (which can be a symbolic link) called <B>en_US</B> that
+contains the <B>dsmclientV3.cat</B> catalog file.
+<P>Do not put a final slash ( <B>/</B> ) on the directory name.
+Examples of appropriate values are <B>/opt/tivoli/tsm/client/api/bin</B>
+on Solaris machines and <B>/usr/tivoli/tsm/client/api/bin</B> on AIX
+machines.
+<P><DT><B>DSMI_CONFIG
+</B><DD>Specifies the pathname of the directory that contains the TSM client user
+options file, <B>dsm.opt</B>. The value can be the same as
+for the <B>DSMI_DIR</B> variable. Do not put a final slash (
+<B>/</B> ) on the directory name.
+<P><DT><B> DSMI_LOG
+</B><DD>Specifies the full pathname (including the filename) of the log file for
+error messages from the API. An appropriate value is
+<B>/usr/afs/backup/butc.TSMAPI.log</B>.
+</DL>
+<P><LI><A NAME="LIWQ5"></A>Verify that the <B>dsm.sys</B> file includes the
+following instructions. For a description of the fields, see the TSM
+documentation.
+<PRE> ServerName <VAR>machine_name</VAR>
+ CommMethod tcpip
+ TCPPort <VAR>TSM_port</VAR>
+ TCPServerAddress <VAR>full_machine_name</VAR>
+ PasswordAccess prompt
+ Compression yes
+</PRE>
+<P>The following is an example of appropriate values:
+<PRE> ServerName tsm3
+ CommMethod tcpip
+ TCPPort 1500
+ TCPServerAddress tsm3.abc.com
+ PasswordAccess prompt
+ Compression yes
+</PRE>
+<P><LI>Verify that the <B>dsm.opt</B> file includes the following
+instructions. For a description of the fields, see the TSM
+documentation.
+<PRE> ServerName <VAR>machine_name</VAR>
+ tapeprompt no
+ compressalways yes
+</PRE>
+<P><LI><A NAME="LITSM_BK_ADDHOST"></A>Create a Backup Database entry for each Tape
+Coordinator that is to communicate with the TSM server. Multiple Tape
+Coordinators can interact with the same TSM server if the server has
+sufficient capacity.
+<PRE> # <B>backup addhost</B> <<VAR>tape machine name</VAR>> <<VAR>TC port offset</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>tape machine name</VAR>
+</B><DD>Specifies the fully qualified hostname of the Tape Coordinator
+machine.
+<P><DT><B><VAR>TC port offset</VAR>
+</B><DD>Specifies the Tape Coordinator's port offset number.
+Acceptable values are integers in the range from <B>0</B> (zero) through
+<B>58510</B>.
+</DL>
+<P><LI>Create a device configuration file for the Tape Coordinator called
+<B>/usr/afs/backup/CFG_</B><VAR>tcid</VAR>, where <VAR>tcid</VAR> is the Tape
+Coordinator's port offset number as defined in Step <A HREF="#LITSM_BK_ADDHOST">6</A>. The file must include the following
+instructions:
+<UL>
+<P><LI><B>SERVER</B>, which takes as its argument the fully qualified
+hostname of the TSM server machine. It matches the value in the
+<VAR>full_machine_name</VAR> field of the <B>dsm.sys</B> file, as
+defined in Step <A HREF="#LIWQ5">4</A>.
+<P><LI><B>TYPE</B>, which takes as its argument the string <B>tsm</B>
+(the only acceptable value in AFS 3.6).
+<P><LI>One of <B>PASSWORD</B> or <B>PASSFILE</B>, to define the password
+which the Tape Coordinator uses when communicating with the TSM server.
+<B>PASSWORD</B> takes as its argument the actual password character
+string. <B>PASSFILE</B> takes as its argument the complete pathname
+of the file that contains the string on its first line.
+</UL>
+<P>For more detailed descriptions of the instructions, and of other
+instructions you can include in the configuration file, see <A HREF="#HDRCFG">CFG_<I>tcid</I></A>.
+</OL>
+<HR><H2><A NAME="HDRINSTALL" HREF="aurns002.htm#ToC_27">Upgrading Server and Client Machines to AFS 3.6</A></H2>
+<P>This section explains how to upgrade server and client
+machines from AFS 3.5 or AFS 3.6 Beta to AFS 3.6.
+Before performing an upgrade, please read all of the introductory material in
+this section.
+<P>If you are installing AFS for the first time, skip this chapter and refer
+to the <I>IBM AFS Quick Beginnings</I> document for AFS 3.6.
+<P>AFS provides backward compatibility to the previous release only: AFS
+3.6 is certified to be compatible with AFS 3.5 but not
+necessarily with earlier versions.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">This document does not provide instructions for upgrading from AFS
+3.4a or earlier directly to AFS 3.6. A file system
+conversion is required on some system types. See the <I>AFS Release
+Notes</I> for AFS 3.5 and contact your AFS product support
+representative for assistance.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_28" HREF="aurns002.htm#ToC_28">Prerequisites for Upgrading</A></H3>
+<P>You must meet the following requirements to upgrade successfully to AFS
+3.6:
+<UL>
+<P><LI>You can access the AFS 3.6 binaries by network, or have the CD-ROM
+labeled <B>AFS Version 3.6</B> for each system type you need to
+upgrade. See <A HREF="#HDRGETBIN">Obtaining the Binary Distribution</A>.
+<P><LI>You have access to the <I>IBM AFS Quick Beginnings</I> document for
+AFS 3.6, either in hardcopy (for English, IBM document number
+SC09-4560-00, part number CT6Q7NA) or at <A
+HREF="http://www.transarc.com/Library/documentation/afs_doc.html"><B>http://www.transarc.com/Library/documentation/afs_doc.html</B></A>.
+See also <A HREF="#HDRDOC">Accessing the AFS Binary Distribution and Documentation</A>.
+<P><LI>The partition that houses the <B>/usr/afs/bin</B> directory on each
+server machine has at least 18 MB of disk space for storing the AFS server
+binaries.
+<P><LI>The partition that houses the <B>/usr</B> directory on each client
+machine has at least 4 MB of disk space for storing the AFS client binaries
+and kernel library files (stored by convention in the <B>/usr/vice/etc</B>
+directory).
+<P><LI>You can log into all server and client machines as the local superuser
+<B>root</B>.
+<P><LI>You are listed in the cell's <B>/usr/afs/etc/UserList</B> file
+and can authenticate as a member of the <B>system:administrators</B>
+group.
+</UL>
+<P><H3><A NAME="HDRGETBIN" HREF="aurns002.htm#ToC_29">Obtaining the Binary Distribution</A></H3>
+<P>Use one of the following methods to obtain the AFS
+distribution of each system type for which you are licensed.
+<UL>
+<P><LI>Working with your AFS Sales Representative, obtain the AFS 3.6
+CD-ROM for each system type.
+<P><LI>Access the distribution by network in IBM's Electronic Software
+Distribution system.
+</UL>
+<P><H3><A NAME="HDRSTOREBIN" HREF="aurns002.htm#ToC_30">Storing Binaries in AFS</A></H3>
+<P>It is conventional to store many of the programs and
+files from the AFS binary distribution in a separate volume for each system
+type, mounted in your AFS filespace at
+<B>/afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws</B>.
+These instructions rename the volume currently mounted at this location and
+create a new volume for AFS 3.6 binaries.
+<P>Repeat the instructions for each system type.
+<OL TYPE=1>
+<P><LI>Authenticate as an administrator listed in the
+<B>/usr/afs/etc/UserList</B> file.
+<P><LI>Issue the <B>vos create</B> command to create a new volume for AFS
+3.6 binaries called
+<VAR>sysname</VAR><B>.3.6</B>. Set an unlimited quota
+on the volume to avoid running out of space as you copy files from the
+distribution.
+<PRE> % <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <VAR>sysname</VAR><B>.3.6 -maxquota 0</B>
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command to mount the volume at a temporary
+location.
+<PRE> % <B>fs mkmount /afs/.</B><VAR>cellname</VAR><B>/temp</B> <VAR>sysname</VAR><B>.3.6</B>
+</PRE>
+<P><LI>Prepare to access the files using the method you have selected:
+<UL>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> % <B>cd /cdrom/</B><VAR>sysname</VAR>
+</PRE>
+<P><LI>If accessing the distribution electronically, download the necessary file
+or files. If necessary, use commands such as <B>gunzip</B> and
+<B>tar xvf</B> to uncompress and unpack the distribution. Place the
+contents in a temporary location (<VAR>temp_afs36_dir</VAR>) and change
+directory to that location.
+<PRE> % <B>cd</B> <VAR>temp_afs36_dir</VAR>
+</PRE>
+</UL>
+<P><LI>Copy files from the distribution into the
+<VAR>sysname</VAR><B>.3.6</B> volume.
+<PRE> % <B>cp -rp bin /afs/.</B><VAR>cellname</VAR><B>/temp</B>
+
+ % <B>cp -rp etc /afs/.</B><VAR>cellname</VAR><B>/temp</B>
+
+ % <B>cp -rp include /afs/.</B><VAR>cellname</VAR><B>/temp</B>
+
+ % <B>cp -rp lib /afs/.</B><VAR>cellname</VAR><B>/temp</B>
+</PRE>
+<P><LI><A NAME="LISTOREBIN-CLIENT"></A><B>(Optional)</B> By convention, the contents of
+the distribution's <B>root.client</B> directory are not stored
+in AFS. However, if you are upgrading client functionality on many
+machines, it can be simpler to copy the client files from your local AFS space
+than from the CD-ROM or from IBM's Electronic Software Distribution
+system. If you wish to store the contents of the
+<B>root.client</B> directory in AFS temporarily, copy them
+now.
+<PRE> % <B>cp -rp root.client /afs/.</B><VAR>cellname</VAR><B>/temp</B>
+</PRE>
+<P><LI>Issue the <B>vos rename</B> command to change the name of the volume
+currently mounted at the
+<B>/afs/</B><I>cellname</I><B>/</B><I>sysname</I><B>/usr/afsws</B>
+directory. A possible value for the <VAR>extension</VAR> reflects the AFS
+version and build level (for example:
+<B>3.5-bld3.32</B>).
+<P>If you do not plan to retain the old volume, you can substitute the
+<B>vos remove</B> command in this step.
+<PRE> % <B>vos rename</B> <VAR>sysname</VAR><B>.usr.afsws</B> <VAR>sysname</VAR><B>.usr.afsws.</B><VAR>extension</VAR>
+</PRE>
+<P><LI>Issue the <B>vos rename</B> command to change the name of the
+<VAR>sysname</VAR><B>.3.6</B> volume to
+<VAR>sysname</VAR><B>.usr.afsws</B>.
+<PRE> % <B>vos rename</B> <VAR>sysname</VAR><B>.3.6</B> <VAR>sysname</VAR><B>.usr.afsws</B>
+</PRE>
+<P><LI>Issue the <B>fs rmmount</B> command to remove the temporary mount
+point for the <VAR>sysname</VAR><B>.3.6</B> volume.
+<PRE> % <B>fs rmmount /afs/.</B><VAR>cellname</VAR><B>/temp</B>
+</PRE>
+</OL>
+<P><H3><A NAME="HDROS-UP" HREF="aurns002.htm#ToC_31">Upgrading the Operating System</A></H3>
+<P>AFS 3.6 supports the 64-bit version of HP-UX
+11.0 and Solaris 7. To upgrade from the 32-bit version,
+you possibly need to reinstall the operating system completely before
+installing AFS 3.6. When performing any operating system
+upgrade, you must take several actions to preserve AFS functionality,
+including the following:
+<UL>
+<P><LI>Unmount the AFS server partitions (those mounted on <B>/vicep</B>
+directories) on all file server machines, to prevent the standard vendor
+version of the <B>fsck</B> program from running on them when you reboot
+the machine during installation of the new operating system. On several
+operating systems, the standard <B>fsck</B> program does not recognize AFS
+volume data and discards it. Also, disable automatic mounting of the
+partitions during reboot until you have substituted the AFS <B>vfsck</B>
+program for the vendor <B>fsck</B> program.
+<P><LI>Create copies of the AFS-modified versions of binaries or files so that
+they are not overwritten by the standard versions during the operating system
+upgrade, particularly if you are not performing an immediate AFS
+upgrade. Examples include the remote commands (<B>ftpd</B>,
+<B>inetd</B>, <B>rcp</B>, <B>rsh</B>, and so on) and the
+<B>vfsck</B> binary. After you have successfully installed the new
+version of the operating system, move the AFS-modified files and commands back
+to the directories from which they are accessed during normal use.
+</UL>
+<P><H3><A NAME="HDRSV-BIN" HREF="aurns002.htm#ToC_32">Distributing Binaries to Server Machines</A></H3>
+<P>The instructions in this section explain how to use the
+Update Server to distribute server binaries from a binary distribution machine
+of each system type.
+<P>Repeat the steps on each binary distribution machine in your cell.
+If you do not use the Update Server, repeat the steps on every server machine
+in your cell. If you are copying files from the AFS product tree, the
+server machine must also be configured as an AFS client machine.
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B>, if you are not already.
+<P>
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Create a temporary subdirectory of the <B>/usr/afs/bin</B> directory
+to store the AFS 3.6 server binaries.
+<PRE> # <B>mkdir /usr/afs/bin.36</B>
+</PRE>
+<P><LI>Prepare to access server files using the method you have selected from
+those listed in <A HREF="#HDRGETBIN">Obtaining the Binary Distribution</A>:
+<UL>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.server/usr/afs/bin</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.server/usr/afs/bin</B>
+</PRE>
+</UL>
+<P><LI>Copy the server binaries from the distribution into the
+<B>/usr/afs/bin.36</B> directory.
+<PRE> # <B>cp -p * /usr/afs/bin.36</B>
+</PRE>
+<P><LI><A NAME="LISV-BIN-NEWDIRS"></A>Rename the current <B>/usr/afs/bin</B> directory
+to <B>/usr/afs/bin.old</B> and the
+<B>/usr/afs/bin.36</B> directory to the standard location.
+<PRE> # <B>cd /usr/afs</B>
+
+ # <B>mv bin bin.old</B>
+
+ # <B>mv bin.36 bin</B>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRSV-UP" HREF="aurns002.htm#ToC_33">Upgrading Server Machines</A></H3>
+<P>Repeat the following instructions on each server
+machine. Perform them first on the database server machine with the
+lowest IP address, next on the other database server machines, and finally on
+other server machines.
+<P>The AFS data stored on a server machine is inaccessible to client machines
+during the upgrade process, so it is best to perform it at the time and in the
+manner that disturbs your users least.
+<OL TYPE=1>
+<P><LI><A NAME="LISVUP-UPCLIENTBIN"></A>If you have just followed the steps in <A HREF="#HDRSV-BIN">Distributing Binaries to Server Machines</A> to install the server binaries on binary distribution
+machines, wait the required interval (by default, five minutes) for the local
+<B>upclientbin</B> process to retrieve the binaries.
+<P>If you do not use binary distribution machines, perform the instructions in
+<A HREF="#HDRSV-BIN">Distributing Binaries to Server Machines</A> on this machine.
+<P><LI>Become the local superuser <B>root</B>, if you are not already, by
+issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>If the machine also functions as a client machine, prepare to access
+client files using the method you have selected from those listed in <A HREF="#HDRGETBIN">Obtaining the Binary Distribution</A>:
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>If the machine also functions as a client machine, copy the AFS 3.6
+version of the <B>afsd</B> binary and other files to the
+<B>/usr/vice/etc</B> directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Some files in the <B>/usr/vice/etc</B> directory, such as the AFS
+initialization file (called <B>afs.rc</B> on many system types), do
+not necessarily need to change for a new release. It is a good policy
+to compare the contents of the distribution directory and the
+<B>/usr/vice/etc</B> directory before performing the copying
+operation. If there are files in the <B>/usr/vice/etc</B> directory
+that you created for AFS 3.5 or 3.6 Beta and that you want to
+retain, either move them to a safe location before performing the following
+instructions, or alter the following instructions to copy over only the
+appropriate files.
+</TD></TR></TABLE>
+<PRE> # <B>cp -p usr/vice/etc/* /usr/vice/etc</B>
+
+ # <B>cp -rp usr/vice/etc/C /usr/vice/etc</B>
+</PRE>
+<P>If you have not yet incorporated AFS into the machine's authentication
+system, perform the instructions in the section titled <I>Enabling AFS
+Login</I> for this system type in the <I>IBM AFS Quick Beginnings</I>
+chapter about configuring client machines. If this machine was running
+the same operating system revision with AFS 3.5 or AFS 3.6 Beta,
+you presumably already incorporated AFS into its authentication system.
+<P><LI>AFS performance is most dependable if the AFS release version of the
+kernel extensions and server processes is the same. Therefore, it is
+best to incorporate the AFS 3.6 kernel extensions into the kernel at
+this point.
+<P>First issue the following command to shut down the server processes,
+preventing them from restarting accidently before you incorporate the AFS
+3.6 extensions into the kernel.
+<PRE> # <B>bos shutdown</B> <<VAR>machine name</VAR>> <B>-localauth -wait</B>
+</PRE>
+<P>Then perform the instructions in <A HREF="#HDRKERNEL">Incorporating AFS into the Kernel and Enabling the AFS Initialization Script</A>, which have you reboot the machine. Assuming that the
+machine's AFS initialization script is configured to invoke the
+<B>bosserver</B> command as specified in <I>IBM AFS Quick
+Beginnings</I>, the BOS Server starts itself and then the other AFS server
+processes listed in its local <B>/usr/afs/local/BosConfig</B> file.
+<P>There are two circumstances in which you must incorporate the kernel
+extensions and reboot now rather than later:
+<UL>
+<P><LI>You are upgrading the File Server on an HP-UX machine
+<P><LI>The machine also serves as a client, you upgraded the client files in the
+previous step, and you want the new Cache Manager to become operative right
+away
+</UL>
+<P>In any other circumstances, you can choose to upgrade the kernel extensions
+later. Choose one of the following options:
+<UL>
+<P><LI>Restart all server processes by issuing the <B>bos restart</B> command
+with the <B>-bosserver</B> flag.
+<PRE> # <B>bos restart</B> <<VAR>machine name</VAR>> <B>-localauth -bosserver</B>
+</PRE>
+<P><LI>Wait to start using the new binaries until the processes restart
+automatically at the binary restart time specified in the
+<B>/usr/afs/local/BosConfig</B> file.
+</UL>
+<P><LI><A NAME="LISV-UP-PRUNE"></A>Once you are satisfied that the machine is functioning
+correctly at AFS 3.6, there is no need to retain previous versions of
+the server binaries in the <B>/usr/afs/bin</B> directory. (You can
+always use the <B>bos install</B> command to reinstall them if it becomes
+necessary to downgrade). If you use the Update Server, the
+<B>upclientbin</B> process renamed them with a <B>.old</B>
+extension in Step <A HREF="#LISVUP-UPCLIENTBIN">1</A>. To reclaim the disk space occupied in the
+<B>/usr/afs/bin</B> directory by <B>.bak</B> and
+<B>.old</B> files, you can use the following command:
+<PRE> # <B>bos prune</B> <<VAR>machine name</VAR>> <B>-bak -old -localauth</B>
+</PRE>
+<P>Step <A HREF="#LISV-BIN-NEWDIRS">5</A> of <A HREF="#HDRSV-BIN">Distributing Binaries to Server Machines</A> had you move the previous version of the
+binaries to the <B>/usr/afs/bin.old</B> directory. You can
+also remove that directory on any machine where you created it.
+<PRE> # <B>rm -rf /usr/afs/bin.old</B>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRCLI-UP" HREF="aurns002.htm#ToC_34">Upgrading Client Machines</A></H3>
+<OL TYPE=1>
+<P><LI>Become the local superuser <B>root</B>, if you are not already, by
+issuing the <B>su</B> command.
+<PRE> % <B>su root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+<P><LI>Prepare to access client files using the method you have selected from
+those listed in <A HREF="#HDRGETBIN">Obtaining the Binary Distribution</A>:
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Copy the AFS 3.6 version of the <B>afsd</B> binary and other
+files to the <B>/usr/vice/etc</B> directory.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Some files in the <B>/usr/vice/etc</B> directory, such as the AFS
+initialization file (called <B>afs.rc</B> on many system types), do
+not necessarily need to change for a new release. It is a good policy
+to compare the contents of the distribution directory and the
+<B>/usr/vice/etc</B> directory before performing the copying
+operation. If there are files in the <B>/usr/vice/etc</B> directory
+that you created for AFS 3.5 or 3.6 Beta and that you want to
+retain, either move them to a safe location before performing the following
+instructions, or alter the following instructions to copy over only the
+appropriate files.
+</TD></TR></TABLE>
+<PRE> # <B>cp -p usr/vice/etc/* /usr/vice/etc</B>
+
+ # <B>cp -rp usr/vice/etc/C /usr/vice/etc</B>
+</PRE>
+<P>If you have not yet incorporated AFS into the machine's authentication
+system, perform the instructions in the section titled <I>Enabling AFS
+Login</I> for this system type in the <I>IBM AFS Quick Beginnings</I>
+chapter about configuring client machines. If this machine was running
+the same operating system revision with AFS 3.5 or AFS 3.6 Beta,
+you presumably already incorporated AFS into its authentication system.
+<P><LI>Perform the instructions in <A HREF="#HDRKERNEL">Incorporating AFS into the Kernel and Enabling the AFS Initialization Script</A> to incorporate AFS extensions into the kernel. The
+instructions conclude with a reboot of the machine, which starts the new Cache
+Manager.
+</OL>
+<P><H3><A NAME="HDRKERNEL" HREF="aurns002.htm#ToC_35">Incorporating AFS into the Kernel and Enabling the AFS Initialization Script</A></H3>
+<P>As part of upgrading a machine to AFS 3.6, you must
+incorporate AFS 3.6 extensions into its kernel and verify that the AFS
+initialization script is included in the machine's startup
+sequence. Proceed to the instructions for your system type:
+<UL>
+<P><LI><A HREF="#HDRKERN_AIX">Loading AFS into the AIX Kernel</A>
+<P><LI><A HREF="#HDRKERN_DUX">Building AFS into the Digital UNIX Kernel</A>
+<P><LI><A HREF="#HDRKERN_HP">Building AFS into the HP-UX Kernel</A>
+<P><LI><A HREF="#HDRKERN_IRIX">Incorporating AFS into the IRIX Kernel</A>
+<P><LI><A HREF="#HDRKERN_LNX">Loading AFS into the Linux Kernel</A>
+<P><LI><A HREF="#HDRKERN_SOL">Loading AFS into the Solaris Kernel</A>
+</UL>
+<P><H3><A NAME="HDRKERN_AIX" HREF="aurns002.htm#ToC_36">Loading AFS into the AIX Kernel</A></H3>
+<P>The AIX kernel extension facility is the dynamic kernel
+loader provided by IBM Corporation. AIX does not support incorporation
+of AFS modifications during a kernel build.
+<P>For AFS to function correctly, the kernel extension facility must run each
+time the machine reboots, so the AFS initialization script (included in the
+AFS distribution) invokes it automatically. In this section you copy
+the script to the conventional location and edit it to select the appropriate
+options depending on whether NFS is also to run.
+<P>After editing the script, you verify that there is an entry in the AIX
+<B>inittab</B> file that invokes it, then reboot the machine to
+incorporate the new AFS extensions into the kernel and restart the Cache
+Manager.
+<OL TYPE=1>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>rs_aix42</B> for the <VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/dkload</B> directory.
+<PRE> # <B>cd usr/vice/etc</B>
+
+ # <B>cp -rp dkload /usr/vice/etc</B>
+</PRE>
+<P><LI>Because you ran AFS 3.5 on this machine, the appropriate AFS
+initialization file possibly already exists as
+<B>/etc/rc.afs</B>. Compare it to the version in the
+<B>root.client/usr/vice/etc</B> directory of the AFS 3.6
+distribution to see if any changes are needed.
+<P>If the initialization file is not already in place, copy it now.
+<PRE> # <B>cp -p rc.afs /etc/rc.afs</B>
+</PRE>
+<P><LI>Edit the <B>/etc/rc.afs</B> script, setting the <TT>NFS</TT>
+variable if it is not already.
+<UL>
+<P><LI>If the machine is not to function as an NFS/AFS Translator, set the NFS
+variable as follows:
+<PRE> NFS=$NFS_NONE
+</PRE>
+<P><LI>If the machine is to function as an NFS/AFS Translator and is running AIX
+4.2.1 or higher, set the NFS variable as follows. Only
+sites that have a license for the NFS/AFS Translator are allowed to run
+translator machines. Machines running the base level of AIX 4.2
+cannot be translator machines.
+<P>NFS must already be loaded into the kernel. It is loaded
+automatically on machines running AIX 4.1.1 and later, as long
+as the file <B>/etc/exports</B> exists.
+<PRE> NFS=$NFS_IAUTH
+</PRE>
+</UL>
+<P><LI>Place the following line in the AIX initialization file,
+<B>/etc/inittab</B>, if it is not already. It invokes the AFS
+initialization script and needs to appear just after the line that starts NFS
+daemons.
+<PRE> rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS services
+</PRE>
+<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
+in both the <B>/usr/vice/etc</B> and <B>/etc</B> directories.
+If you want to avoid potential confusion by guaranteeing that they are always
+the same, create a link between them. You can always retrieve the
+original script from the AFS distribution if necessary.
+<PRE> # <B>cd /usr/vice/etc</B>
+
+ # <B>rm rc.afs</B>
+
+ # <B>ln -s /etc/rc.afs</B>
+</PRE>
+<P><LI>Reboot the machine.
+<PRE> # <B>shutdown -r now</B>
+</PRE>
+<P><LI>If you are upgrading a server machine, login again as the local superuser
+<B>root</B>, then return to Step <A HREF="#LISV-UP-PRUNE">6</A> in <A HREF="#HDRSV-UP">Upgrading Server Machines</A>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRKERN_DUX" HREF="aurns002.htm#ToC_37">Building AFS into the Digital UNIX Kernel</A></H3>
+<P>On Digital UNIX machines, you must build AFS
+modifications into a new static kernel; Digital UNIX does not support
+dynamic loading. If the machine's hardware and software
+configuration exactly matches another Digital UNIX machine on which AFS
+3.6 is already built into the kernel, you can choose to copy the kernel
+from that machine to this one. In general, however, it is better to
+build AFS modifications into the kernel on each machine according to the
+following instructions.
+<P>If the machine was running a version of Digital UNIX 4.0 with a
+previous version of AFS, the configuration changes specified in Step <A HREF="#LIDUX-CONFAFS">1</A> through Step <A HREF="#LIDUX-VFSCONF">4</A> are presumably already in place.
+<OL TYPE=1>
+<P><LI><A NAME="LIDUX-CONFAFS"></A>Create a copy called <B>AFS</B> of the basic kernel
+configuration file included in the Digital UNIX distribution as
+<B>/usr/sys/conf/</B><VAR>machine_name</VAR>, where <VAR>machine_name</VAR> is
+the machine's hostname in all uppercase letters.
+<PRE> # <B>cd /usr/sys/conf</B>
+
+ # <B>cp</B> <VAR>machine_name</VAR> <B>AFS</B>
+</PRE>
+<P><LI>Add AFS to the list of options in the configuration file you created in
+the previous step, so that the result looks like the following:
+<PRE> . .
+ . .
+ options UFS
+ options NFS
+ options AFS
+ . .
+ . .
+</PRE>
+<P><LI>Add an entry for AFS to two places in the <B>/usr/sys/conf/files</B>
+file.
+<UL>
+<P><LI>Add a line for AFS to the list of <TT>OPTIONS</TT>, so that the result
+looks like the following:
+<PRE> . . .
+ . . .
+ OPTIONS/nfs optional nfs define_dynamic
+ OPTIONS/afs optional afs define_dynamic
+ OPTIONS/cdfs optional cdfs define_dynamic
+ . . .
+ . . .
+</PRE>
+<P><LI>Add an entry for AFS to the list of <TT>MODULES</TT>, so that the result
+looks like the following:
+<PRE> . . . .
+ . . . .
+ #
+ MODULE/nfs_server optional nfs_server Binary
+ nfs/nfs_server.c module nfs_server optimize -g3
+ nfs/nfs3_server.c module nfs_server optimize -g3
+ #
+ MODULE/afs optional afs Binary
+ afs/libafs.c module afs
+ #
+</PRE>
+</UL>
+<P><LI><A NAME="LIDUX-VFSCONF"></A>Add an entry for AFS to two places in the
+<B>/usr/sys/vfs/vfs_conf.c</B> file.
+<UL>
+<P><LI>Add AFS to the list of defined file systems, so that the result looks like
+the following:
+<PRE> . .
+ . .
+ #include <afs.h>
+ #if defined(AFS) && AFS
+ extern struct vfsops afs_vfsops;
+ #endif
+ . .
+ . .
+</PRE>
+<P><LI>Put a declaration for AFS in the <B>vfssw[]</B> table's
+MOUNT_ADDON slot, so that the result looks like the following:
+<PRE> . . .
+ . . .
+ &fdfs_vfsops, "fdfs", /* 12 = MOUNT_FDFS */
+ #if defined(AFS)
+ &afs_vfsops, "afs",
+ #else
+ (struct vfsops *)0, "", /* 13 = MOUNT_ADDON */
+ #endif
+ #if NFS && INFS_DYNAMIC
+ &nfs3_vfsops, "nfsv3", /* 14 = MOUNT_NFS3 */
+</PRE>
+</UL>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>alpha_dux40</B> for the <VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Because you ran AFS 3.5 on this machine, the appropriate AFS
+initialization file possibly already exists as
+<B>/sbin/init.d/afs</B>. Compare it to the version in the
+<B>root.client/usr/vice/etc</B> directory of the AFS 3.6
+distribution to see if any changes are needed.
+<P>If the initialization file is not already in place, copy it now.
+Note the removal of the <B>.rc</B> extension as you copy.
+<PRE> # <B>cp -p usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/sys/BINARY</B>
+directory.
+<P>The AFS 3.6 distribution includes only the
+<B>libafs.nonfs.o</B> version of the library, because
+Digital UNIX machines are not supported as NFS/AFS Translator machines.
+<PRE> # <B>cp -p bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod</B>
+</PRE>
+<P><LI>Configure and build the kernel. Respond to any prompts by pressing
+<<B>Return</B>>. The resulting kernel is in the file
+<B>/sys/AFS/vmunix</B>.
+<PRE> # <B>doconfig -c AFS</B>
+</PRE>
+<P><LI>Rename the existing kernel file and copy the new, AFS-modified file to the
+standard location.
+<PRE> # <B>mv /vmunix /vmunix_orig</B>
+
+ # <B>cp -p /sys/AFS/vmunix /vmunix</B>
+</PRE>
+<P><LI>Verify the existence of the symbolic links specified in the following
+commands, which incorporate the AFS initialization script into the Digital
+UNIX startup and shutdown sequence. If necessary, issue the commands to
+create the links.
+<PRE> # <B>ln -s ../init.d/afs /sbin/rc3.d/S67afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc0.d/K66afs</B>
+</PRE>
+<P><LI><B>(Optional)</B> If the machine is configured as a client, there are
+now copies of the AFS initialization file in both the <B>/usr/vice/etc</B>
+and <B>/sbin/init.d</B> directories. If you want to avoid
+potential confusion by guaranteeing that they are always the same, create a
+link between them. You can always retrieve the original script from the
+AFS distribution if necessary.
+<PRE> # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+</PRE>
+<P><LI>Reboot the machine.
+<PRE> # <B>shutdown -r now</B>
+</PRE>
+<P><LI>If you are upgrading a server machine, login again as the local superuser
+<B>root</B>, then return to Step <A HREF="#LISV-UP-PRUNE">6</A> in <A HREF="#HDRSV-UP">Upgrading Server Machines</A>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRKERN_HP" HREF="aurns002.htm#ToC_38">Building AFS into the HP-UX Kernel</A></H3>
+<P>On HP-UX machines, you must build AFS modifications into a
+new kernel; HP-UX does not support dynamic loading. If the
+machine's hardware and software configuration exactly matches another
+HP-UX machine on which AFS 3.6 is already built into the kernel, you
+can choose to copy the kernel from that machine to this one. In
+general, however, it is better to build AFS modifications into the kernel on
+each machine according to the following instructions.
+<OL TYPE=1>
+<P><LI>Move the existing kernel-related files to a safe location.
+<PRE> # <B>cp -p /stand/vmunix /stand/vmunix.noafs</B>
+
+ # <B>cp -p /stand/system /stand/system.noafs</B>
+</PRE>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>hp_ux110</B> for the <VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Because you ran AFS 3.5 on this machine, the appropriate AFS
+initialization file possibly already exists as
+<B>/sbin/init.d/afs</B>. Compare it to the version in the
+<B>root.client/usr/vice/etc</B> directory of the AFS 3.6
+distribution to see if any changes are needed.
+<P>If the initialization file is not already in place, copy it now.
+Note the removal of the <B>.rc</B> extension as you copy.
+<PRE> # <B>cp -p usr/vice/etc/afs.rc /sbin/init.d/afs</B>
+</PRE>
+<P><LI>Copy the file <B>afs.driver</B> to the local
+<B>/usr/conf/master.d</B> directory, changing its name to
+<B>afs</B> as you do so.
+<PRE> # <B>cp -p usr/vice/etc/afs.driver /usr/conf/master.d/afs</B>
+</PRE>
+<P><LI>Copy the AFS kernel module to the local <B>/usr/conf/lib</B>
+directory.
+<P>HP-UX machines are not supported as NFS/AFS Translator machines, so AFS
+3.6 includes only libraries called
+<B>libafs.nonfs.a</B> (for the 32-bit version of
+HP-UX) and <B>libafs64.nonfs.a</B> (for the 64-bit
+version of HP-UX). Change the library's name to
+<B>libafs.a</B> as you copy it.
+<P>For the 32-bit version of HP-UX:
+<PRE> # <B>cp -p bin/libafs.nonfs.a /usr/conf/lib/libafs.a</B>
+</PRE>
+<P>For the 64-bit version of HP-UX:
+<PRE> # <B>cp -p bin/libafs64.nonfs.a /usr/conf/lib/libafs.a</B>
+</PRE>
+<P><LI>Verify the existence of the symbolic links specified in the following
+commands, which incorporate the AFS initialization script into the HP-UX
+startup and shutdown sequence. If necessary, issue the commands to
+create the links.
+<PRE> # <B>ln -s ../init.d/afs /sbin/rc2.d/S460afs</B>
+
+ # <B>ln -s ../init.d/afs /sbin/rc2.d/K800afs</B>
+</PRE>
+<P><LI><B>(Optional)</B> If the machine is configured as a client, there are
+now copies of the AFS initialization file in both the <B>/usr/vice/etc</B>
+and <B>/sbin/init.d</B> directories. If you want to avoid
+potential confusion by guaranteeing that they are always the same, create a
+link between them. You can always retrieve the original script from the
+AFS distribution if necessary.
+<PRE> # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /sbin/init.d/afs afs.rc</B>
+</PRE>
+<P><LI>Incorporate the AFS driver into the kernel, either using the
+<B>SAM</B> program or a series of individual commands. Both methods
+reboot the machine, which loads the new kernel and starts the Cache
+Manager.
+<UL>
+<P><LI>To use the <B>SAM</B> program:
+<OL TYPE=a>
+<P><LI>Invoke the <B>SAM</B> program, specifying the hostname of the local
+machine as <VAR>local_hostname</VAR>. The <B>SAM</B> graphical user
+interface pops up.
+<PRE> # <B>sam -display</B> <VAR>local_hostname</VAR><B>:0</B>
+</PRE>
+<P><LI>Choose the <B>Kernel Configuration</B> icon, then the
+<B>Drivers</B> icon. From the list of drivers, select
+<B>afs</B>.
+<P><LI>Open the pull-down <B>Actions</B> menu and choose the <B>Add Driver
+to Kernel</B> option.
+<P><LI>Open the <B>Actions</B> menu again and choose the <B>Create a New
+Kernel</B> option.
+<P><LI>Confirm your choices by choosing <B>Yes</B> and <B>OK</B> when
+prompted by subsequent pop-up windows. The <B>SAM</B> program
+builds the kernel and reboots the system.
+<P><LI>Login again as the superuser <B>root</B>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<P><LI>To use individual commands:
+<OL TYPE=a>
+<P><LI>Edit the file <B>/stand/system</B>, adding an entry for <B>afs</B>
+to the <TT>Subsystems</TT> section.
+<P><LI>Change to the <B>/stand/build</B> directory and issue the
+<B>mk_kernel</B> command to build the kernel.
+<PRE> # <B>cd /stand/build</B>
+
+ # <B>mk_kernel</B>
+</PRE>
+<P><LI>Move the new kernel to the standard location (<B>/stand/vmunix</B>),
+reboot the machine to start using it, and login again as the superuser
+<B>root</B>.
+<PRE> # <B>mv /stand/build/vmunix_test /stand/vmunix</B>
+
+ # <B>cd /</B>
+
+ # <B>shutdown -r now</B>
+
+ login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+</UL>
+<P><LI>If you are upgrading a server machine, login again as the local superuser
+<B>root</B>, then return to Step <A HREF="#LISV-UP-PRUNE">6</A> in <A HREF="#HDRSV-UP">Upgrading Server Machines</A>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRKERN_IRIX" HREF="aurns002.htm#ToC_39">Incorporating AFS into the IRIX Kernel</A></H3>
+<P>To incorporate AFS into the kernel on IRIX machines,
+choose one of two methods:
+<UL>
+<P><LI>Dynamic loading using the <B>ml</B> program distributed by Silicon
+Graphics, Incorporated (SGI).
+<P><LI>Building a new static kernel. Proceed to <A HREF="#HDRBUILD-IRIX">Building AFS into the IRIX Kernel</A>.
+</UL>
+<P><H4><A NAME="Header_40">Loading AFS into the IRIX Kernel</A></H4>
+<P>The <B>ml</B> program is the dynamic kernel loader provided by SGI
+for IRIX systems. If you use it rather than building AFS modifications
+into a static kernel, then for AFS to function correctly the <B>ml</B>
+program must run each time the machine reboots. Therefore, the AFS
+initialization script (included on the AFS CD-ROM) invokes it automatically
+when the <B>afsml</B> configuration variable is activated. In this
+section you activate the variable and run the script.
+<OL TYPE=1>
+<P><LI>Issue the <B>uname -m</B> command to determine the machine's CPU
+type. The <B>IP</B><VAR>xx</VAR> value in the output must match one
+of the supported CPU types listed in <A HREF="#HDRSYSTYPES">Supported System Types</A>.
+<PRE> # <B>uname -m</B>
+</PRE>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>sgi_65</B> for the <VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Copy the appropriate AFS kernel library file to the local
+<B>/usr/vice/etc/sgiload</B> directory; the <B>IP</B><VAR>xx</VAR>
+portion of the library file name must match the value returned by the
+<B>uname -m</B> command. Also choose the file appropriate to
+whether the machine's kernel supports NFS server functionality (NFS must
+be supported for the machine to act as an NFS/AFS Translator). Single-
+and multiprocessor machines use the same library file.
+<P>You can choose to copy all of the kernel library files into the
+<B>/usr/vice/etc/sgiload</B> directory, but they require a significant
+amount of space.
+<PRE> # <B>cd usr/vice/etc/sgiload</B>
+</PRE>
+<P>If the machine is not to act as an NFS/AFS translator:
+<PRE> # <B>cp -p libafs.IP<VAR>xx</VAR>.nonfs.o /usr/vice/etc/sgiload</B>
+</PRE>
+<P>If the machine is to act as an NFS/AFS translator, in which case its kernel
+must support NFS server functionality:
+<PRE> # <B>cp -p libafs.IP<VAR>xx</VAR>.o /usr/vice/etc/sgiload</B>
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRIRIX-SCRIPT">Enabling the AFS Initialization Script on IRIX Systems</A>.
+</OL>
+<P><H4><A NAME="HDRBUILD-IRIX">Building AFS into the IRIX Kernel</A></H4>
+<P>If you prefer to build a kernel, and the machine's
+hardware and software configuration exactly matches another IRIX machine on
+which AFS 3.6 is already built into the kernel, you can choose to copy
+the kernel from that machine to this one. In general, however, it is
+better to build AFS modifications into the kernel on each machine according to
+the following instructions.
+<OL TYPE=1>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>sgi_65</B> for the <VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Issue the <B>uname -m</B> command to determine the machine's CPU
+type. The <B>IP</B><VAR>xx</VAR> value in the output must match one
+of the supported CPU types listed in the <I>IBM AFS Release Notes</I> for
+the current version of AFS.
+<PRE> # <B>uname -m</B>
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the local file
+<B>/var/sysgen/boot/afs.a</B>; the <B>IP</B><VAR>xx</VAR>
+portion of the library file name must match the value returned by the
+<B>uname -m</B> command. Also choose the file appropriate to
+whether the machine's kernel supports NFS server functionality (NFS must
+be supported for the machine to act as an NFS/AFS Translator). Single-
+and multiprocessor machines use the same library file.
+<PRE> # <B>cd bin</B>
+</PRE>
+<P>If the machine is not to act as an NFS/AFS translator:
+<PRE> # <B>cp -p libafs.IP<VAR>xx</VAR>.nonfs.a /var/sysgen/boot/afs.a</B>
+</PRE>
+<P>If the machine is to act as an NFS/AFS translator, in which case its kernel
+must support NFS server functionality:
+<PRE> # <B>cp -p libafs.IP<VAR>xx</VAR>.a /var/sysgen/boot/afs.a</B>
+</PRE>
+<P><LI>Copy the kernel initialization file <B>afs.sm</B> to the local
+<B>/var/sysgen/system</B> directory, and the kernel master file
+<B>afs</B> to the local <B>/var/sysgen/master.d</B>
+directory.
+<PRE> # <B>cp -p afs.sm /var/sysgen/system</B>
+
+ # <B>cp -p afs /var/sysgen/master.d</B>
+</PRE>
+<P><LI>Copy the existing kernel file, <B>/unix</B>, to a safe location and
+compile the new kernel. It is created as
+<B>/unix.install</B>, and overwrites the existing <B>/unix</B>
+file when the machine reboots.
+<PRE> # <B>cp -p /unix /unix_orig</B>
+
+ # <B>autoconfig</B>
+</PRE>
+<P><LI>Proceed to <A HREF="#HDRIRIX-SCRIPT">Enabling the AFS Initialization Script on IRIX Systems</A>.
+</OL>
+<P><H4><A NAME="HDRIRIX-SCRIPT">Enabling the AFS Initialization Script on IRIX Systems</A></H4>
+<OL TYPE=1>
+<P><LI>Because you ran AFS 3.5 on this machine, the appropriate AFS
+initialization file possibly already exists as
+<B>/etc/init.d/afs</B>. Compare it to the version in the
+<B>root.client/usr/vice/etc</B> directory of the AFS 3.6
+distribution to see if any changes are needed.
+<P>If the initialization file is not already in place, copy it now. If
+the machine is configured as a client machine, you already copied the script
+to the local <B>/usr/vice/etc</B> directory. Otherwise, change
+directory as indicated, substituting <B>sgi_65</B> for the
+<VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P>Now copy the script. Note the removal of the <B>.rc</B>
+extension as you copy.
+<PRE> # <B>cp -p</B> <VAR>script_location</VAR><B>/afs.rc /etc/init.d/afs</B>
+</PRE>
+<P><LI>If the <B>afsml</B> configuration variable is not already set
+appropriately, issue the <B>chkconfig</B> command.
+<P>If you are using the <B>ml</B> program:
+<PRE> # <B>/etc/chkconfig -f afsml on</B>
+</PRE>
+<P>If you built AFS into a static kernel:
+<PRE> # <B>/etc/chkconfig -f afsml off</B>
+</PRE>
+<P>If the machine is to function as an NFS/AFS Translator, the kernel supports
+NFS server functionality, and the <B>afsxnfs</B> variable is not already
+set appropriately, set it now.
+<PRE> # <B>/etc/chkconfig -f afsxnfs on</B>
+</PRE>
+<P><LI>Verify the existence of the symbolic links specified in the following
+commands, which incorporate the AFS initialization script into the IRIX
+startup and shutdown sequence. If necessary, issue the commands to
+create the links.
+<PRE> # <B>ln -s ../init.d/afs /etc/rc2.d/S35afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K35afs</B>
+</PRE>
+<P><LI><B>(Optional)</B> If the machine is configured as a client, there are
+now copies of the AFS initialization file in both the <B>/usr/vice/etc</B>
+and <B>/etc/init.d</B> directories. If you want to avoid
+potential confusion by guaranteeing that they are always the same, create a
+link between them. You can always retrieve the original script from the
+AFS distribution if necessary.
+<PRE> # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+</PRE>
+<P><LI>Reboot the machine.
+<P>
+<PRE> # <B>shutdown -i6 -g0 -y</B>
+</PRE>
+<P><LI>If you are upgrading a server machine, login again as the local superuser
+<B>root</B>, then return to Step <A HREF="#LISV-UP-PRUNE">6</A> in <A HREF="#HDRSV-UP">Upgrading Server Machines</A>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRKERN_LNX" HREF="aurns002.htm#ToC_43">Loading AFS into the Linux Kernel</A></H3>
+<P>The <B>insmod</B> program is the dynamic kernel
+loader for Linux. Linux does not support incorporation of AFS
+modifications during a kernel build.
+<P>For AFS to function correctly, the <B>insmod</B> program must run each
+time the machine reboots, so the AFS initialization script (included on the
+AFS CD-ROM) invokes it automatically. The script also includes commands
+that select the appropriate AFS library file automatically. In this
+section you run the script.
+<OL TYPE=1>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>i386_linux22</B> for the <VAR>sysname</VAR> variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>Copy the AFS kernel library files to the local
+<B>/usr/vice/etc/modload</B> directory. The filenames for the
+libraries have the format
+<B>libafs-</B><VAR>version</VAR><B>.o</B>, where <VAR>version</VAR>
+indicates the kernel build level. The string <B>.mp</B> in
+the <VAR>version</VAR> indicates that the file is appropriate for use with
+symmetric multiprocessor (SMP) kernels.
+<PRE> # <B>cd usr/vice/etc</B>
+
+ # <B>cp -rp modload /usr/vice/etc</B>
+</PRE>
+<P><LI>The AFS 3.6 distribution includes a new AFS initialization file
+that can select automatically from the kernel extensions included in AFS
+3.6. Copy it to the <B>/etc/rc.d/init.d</B>
+directory, removing the <B>.rc</B> extension as you do.
+<PRE> # <B>cp -p afs.rc /etc/rc.d/init.d/afs</B>
+</PRE>
+<P>The <B>afsd</B> options file possibly already exists as
+<B>/etc/sysconfig/afs</B> from running a previous version of AFS on this
+machine. Compare it to the version in the
+<B>root.client/usr/vice/etc</B> directory of the AFS 3.6
+distribution to see if any changes are needed.
+<P>If the options file is not already in place, copy it now. Note the
+removal of the <B>.conf</B> extension as you copy.
+<PRE> # <B>cp -p afs.conf /etc/sysconfig/afs</B>
+</PRE>
+<P>If necessary, edit the options file to invoke the desired arguments on the
+<B>afsd</B> command in the initialization script. For further
+information, see the section titled <I>Configuring the Cache Manager</I>
+in the <I>IBM AFS Quick Beginnings</I> chapter about configuring client
+machines.
+<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afs</B>
+configuration variable, if it is not already. Based on the instruction
+in the AFS initialization file that begins with the string
+<TT>#chkconfig</TT>, the command automatically creates the symbolic links
+that incorporate the script into the Linux startup and shutdown
+sequence.
+<PRE> # <B>/sbin/chkconfig --add afs</B>
+</PRE>
+<P><LI><B>(Optional)</B> If the machine is configured as a client, there are
+now copies of the AFS initialization file in both the <B>/usr/vice/etc</B>
+and <B>/etc/init.d</B> directories, and copies of the
+<B>afsd</B> options file in both the <B>/usr/vice/etc</B> and
+<B>/etc/sysconfig</B> directories. If you want to avoid potential
+confusion by guaranteeing that the two copies of each file are always the
+same, create a link between them. You can always retrieve the original
+script or options file from the AFS distribution if necessary.
+<PRE> # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc afs.conf</B>
+
+ # <B>ln -s /etc/rc.d/init.d/afs afs.rc</B>
+
+ # <B>ln -s /etc/sysconfig/afs afs.conf</B>
+</PRE>
+<P><LI>Reboot the machine.
+<PRE> # <B>shutdown -r now</B>
+</PRE>
+<P><LI>If you are upgrading a server machine, login again as the local superuser
+<B>root</B>, then return to Step <A HREF="#LISV-UP-PRUNE">6</A> in <A HREF="#HDRSV-UP">Upgrading Server Machines</A>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRKERN_SOL" HREF="aurns002.htm#ToC_44">Loading AFS into the Solaris Kernel</A></H3>
+<P>The <B>modload</B> program is the dynamic kernel
+loader provided by Sun Microsystems for Solaris systems. Solaris does
+not support incorporation of AFS modifications during a kernel build.
+<P>For AFS to function correctly, the <B>modload</B> program must run each
+time the machine reboots, so the AFS initialization script (included on the
+AFS CD-ROM) invokes it automatically. In this section you copy the
+appropriate AFS library file to the location where the <B>modload</B>
+program accesses it and then run the script.
+<OL TYPE=1>
+<P><LI>Access the AFS distribution by changing directory as indicated.
+Substitute <B>sun4x_56</B> or <B>sun4x_57</B> for the <VAR>sysname</VAR>
+variable.
+<UL>
+<P><LI>If you copied the contents of the <B>root.client</B> directory
+into AFS (in Step <A HREF="#LISTOREBIN-CLIENT">6</A> of <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>), change directory as indicated.
+<PRE> # <B>cd /afs/</B><VAR>cellname</VAR><B>/</B><VAR>sysname</VAR><B>/usr/afsws/root.client</B>
+</PRE>
+<P><LI>If copying files from the CD-ROM, mount the CD-ROM for this machine's
+system type on the local <B>/cdrom</B> directory. For instructions
+on mounting CD-ROMs (either locally or remotely via NFS), consult the
+operating system documentation. Then change directory as
+indicated.
+<PRE> # <B>cd /cdrom/</B><VAR>sysname</VAR><B>/root.client</B>
+</PRE>
+<P><LI>If accessing the distribution electronically, you possibly already
+downloaded it in <A HREF="#HDRSTOREBIN">Storing Binaries in AFS</A>. If so, it is still in the <VAR>temp_afs36_dir</VAR>
+directory. If not, download it and run any commands necessary to
+uncompress or unpack the distribution. Place it in a temporary location
+(<VAR>temp_afs36_dir</VAR>), and change directory to the indicated
+subdirectory.
+<PRE> # <B>cd</B> <VAR>temp_afs36_dir</VAR><B>/root.client</B>
+</PRE>
+</UL>
+<P><LI>If this machine is running Solaris 2.6 or the 32-bit version
+of Solaris 7, and ran that operating system with AFS 3.5, the
+appropriate AFS initialization file possibly already exists as
+<B>/etc/init.d/afs</B>. Compare it to the version in the
+<B>root.client/usr/vice/etc</B> directory of the AFS 3.6
+distribution to see if any changes are needed.
+<P>If this machine is running the 64-bit version of Solaris 7, the AFS
+initialization file differs from the AFS 3.5 version. Copy it
+from the AFS 3.6 distribution.
+<P>Note the removal of the <B>.rc</B> extension as you copy.
+<PRE> # <B>cd usr/vice/etc</B>
+
+ # <B>cp -p afs.rc /etc/init.d/afs</B>
+</PRE>
+<P><LI>Copy the appropriate AFS kernel library file to the appropriate file in a
+subdirectory of the local <B>/kernel/fs</B> directory.
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7 and is not to act as an NFS/AFS translator:
+<PRE> # <B>cp -p modload/libafs.nonfs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running Solaris 2.6 or the 32-bit version of
+Solaris 7 and is to act as an NFS/AFS translator, in which case its kernel
+must support NFS server functionality and the <B>nfsd</B> process must be
+running:
+<PRE> # <B>cp -p modload/libafs.o /kernel/fs/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7 and is not
+to act as an NFS/AFS translator:
+<PRE> # <B>cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs</B>
+</PRE>
+<P>If the machine is running the 64-bit version of Solaris 7 and is to
+act as an NFS/AFS translator, in which case its kernel must support NFS server
+functionality and the <B>nfsd</B> process must be running:
+<PRE> # <B>cp -p modload/libafs64.o /kernel/fs/sparcv9/afs</B>
+</PRE>
+<P><LI>Verify the existence of the symbolic links specified in the following
+commands, which incorporate the AFS initialization script into the Solaris
+startup and shutdown sequence. If necessary, issue the commands to
+create the links.
+<PRE> # <B>ln -s ../init.d/afs /etc/rc3.d/S99afs</B>
+
+ # <B>ln -s ../init.d/afs /etc/rc0.d/K66afs</B>
+</PRE>
+<P><LI><B>(Optional)</B> If the machine is configured as a client, there are
+now copies of the AFS initialization file in both the <B>/usr/vice/etc</B>
+and <B>/etc/init.d</B> directories. If you want to avoid
+potential confusion by guaranteeing that they are always the same, create a
+link between them. You can always retrieve the original script from the
+AFS distribution if necessary.
+<PRE> # <B>cd /usr/vice/etc</B>
+
+ # <B>rm afs.rc</B>
+
+ # <B>ln -s /etc/init.d/afs afs.rc</B>
+</PRE>
+<P><LI>Reboot the machine.
+<PRE> # <B>shutdown -i6 -g0 -y</B>
+</PRE>
+<P><LI>If you are upgrading a server machine, login again as the local superuser
+<B>root</B>, then return to Step <A HREF="#LISV-UP-PRUNE">6</A> in <A HREF="#HDRSV-UP">Upgrading Server Machines</A>.
+<PRE> login: <B>root</B>
+ Password: <VAR>root_password</VAR>
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRDOC_VOL" HREF="aurns002.htm#ToC_45">Storing AFS Documents in AFS</A></H2>
+<P>This section explains how to create and mount a volume to
+house AFS documents. The recommended mount point for the volume is
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc</B>. If you ran AFS
+3.5, the volume possibly already exists. You can choose to
+overwrite its contents with the AFS 3.6 version of documents, or can
+create a new volume for the AFS 3.6 documents and mount it at
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc</B> instead of the volume of
+AFS 3.5 documents. Alter the following instructions as
+necessary.
+<P>If you wish, you can create a link to the mount point on each client
+machine's local disk, called <B>/usr/afsdoc</B>.
+Alternatively, you can create a link to the mount point in each user's
+home directory. You can also choose to permit users to access only
+certain documents (most probably, the <I>IBM AFS User Guide</I>) by
+creating different mount points or setting different ACLs on different
+document directories.
+<P>To create a new volume for storing AFS documents:
+<OL TYPE=1>
+<P><LI>Issue the <B>vos create</B> command to create a volume for storing the
+AFS documentation. Include the <B>-maxquota</B> argument to set an
+unlimited quota on the volume.
+<P>If you wish, you can set the volume's quota to a finite value after
+you complete the copying operations. At that point, use the <B>vos
+examine</B> command to determine how much space the volume is
+occupying. Then issue the <B>fs setquota</B> command to set a quota
+value that is slightly larger.
+<PRE> % <B>vos create</B> <<VAR>machine name</VAR>> <<VAR>partition name</VAR>> <B>afsdoc -maxquota 0</B>
+</PRE>
+<P><LI>Issue the <B>fs mkmount</B> command to mount the new volume. If
+your <B>root.cell</B> volume is replicated, you must precede the
+<I>cellname</I> with a period to specify the read/write mount point, as
+shown. Then issue the <B>vos release</B> command to release a new
+replica of the <B>root.cell</B> volume, and the <B>fs
+checkvolumes</B> command to force the local Cache Manager to access
+them.
+<PRE> % <B>fs mkmount -dir /afs/.</B><VAR>cellname</VAR><B>/afsdoc</B> <B>-vol</B> <B>afsdoc</B>
+
+ % <B>vos release root.cell</B>
+
+ % <B>fs checkvolumes</B>
+</PRE>
+<P><LI>Issue the <B>fs setacl</B> command to grant the <B>rl</B>
+permissions to the <B>system:anyuser</B> group on the new
+directory's ACL.
+<PRE> % <B>cd /afs/.</B><VAR>cellname</VAR><B>/afsdoc</B>
+
+ % <B>fs setacl . system:anyuser rl</B>
+</PRE>
+<P><LI>Access the documents via one of the sources listed in <A HREF="#HDRDOC">Accessing the AFS Binary Distribution and Documentation</A>. Copy the documents in one more formats from a
+<VAR>source_format</VAR> directory into subdirectories of the
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc</B> directory. Repeat
+the commands for each format. Suggested substitutions for the
+<VAR>format_name</VAR> variable are <B>HTML</B> and <B>PDF</B>.
+<PRE> # <B>mkdir</B> <VAR>format_name</VAR>
+
+ # <B>cd</B> <VAR>format_name</VAR>
+
+ # <B>cp -rp /cdrom/Documentation/</B><VAR>language_code</VAR><B>/</B><VAR>source_format</VAR> <B>.</B>
+</PRE>
+<P>If you copy the HTML version of the documents, note that in addition to a
+subdirectory for each document there are several files with a
+<B>.gif</B> extension, which enable readers to move easily between
+sections of a document. The file called <B>index.htm</B> is
+an introductory HTML page that has a hyperlink to the documents. For
+HTML viewing to work properly, these files must remain in the top-level HTML
+directory (the one named, for example,
+<B>/afs/</B><VAR>cellname</VAR><B>/afsdoc/Html</B>).
+<P><LI><B>(Optional)</B> If you believe it is helpful to your users to access
+AFS documents via a local disk directory, create <B>/usr/afsdoc</B> on the
+local disk as a symbolic link to the directory housing the desired format
+(probably HTML or PDF).
+<PRE> # <B>ln -s /afs/</B><VAR>cellname</VAR><B>/afsdoc/</B><VAR>format_name</VAR> <B>/usr/afsdoc</B>
+</PRE>
+<P>An alternative is to create a link in each user's home directory to
+the documentation directory in AFS.
+</OL>
+<HR><H2><A NAME="HDRREFPAGES" HREF="aurns002.htm#ToC_46">Reference Pages</A></H2>
+<P>Following are reference pages that include new
+information not included in <I>IBM AFS Administration
+Reference</I>.
+<P>
+<H3><A NAME="HDRCFG" HREF="aurns002.htm#ToC_47">CFG_<I>tcid</I></A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Defines Tape Coordinator configuration instructions for automated tape
+devices, backup data files, or XBSA server programs
+<P><STRONG>Description</STRONG>
+<P>A <B>CFG_</B><VAR>tcid</VAR> file includes instructions that configure a
+Tape Coordinator for more automated operation and for transferring AFS data to
+and from a certain type of backup media:
+<UL>
+<P><LI>An automated tape device, such as a stacker or jukebox. The file is
+optional for a Tape Coordinator that writes to such a device, and unnecessary
+if the default value for all types of instruction are appropriate for the
+device.
+<P><LI>A <I>backup data file</I> on a local disk device. The
+configuration file is mandatory and must include the <B>FILE</B>
+instruction at least.
+<P><LI>A third-party backup utility that implements the Open Group's Backup
+Service API (XBSA), hereafter referred to as an <I>XBSA server</I>.
+The file is mandatory and must include the <B>SERVER</B>, <B>TYPE</B>,
+and <B>PASSFILE</B> or <B>PASSWORD</B> instructions. The
+General Availability release of AFS 3.6 can communicate with one XBSA
+server, the Tivoli Storage Manager (TSM).
+</UL>
+<P>The configuration file is in ASCII-format and must reside in the
+<B>/usr/afs/backup</B> directory on the Tape Coordinator machine.
+Each Tape Coordinator has its own configuration file (multiple Tape
+Coordinators cannot use the same file), and only a single Tape Coordinator in
+a cell can write to a given tape device or backup data file. Multiple
+Tape Coordinators can interact with the same XBSA server if the server has
+sufficient capacity, and in this case the configuration file for each Tape
+Coordinator refers to the same XBSA server.
+<P>The Tape Coordinator for a tape device or backup data file must also have
+an entry in the Backup Database and in the
+<B>/usr/afs/backup/tapeconfig</B> file on the Tape Coordinator
+machine. The Tape Coordinator for an XBSA server has only an entry in
+the Backup Database, not in the <B>tapeconfig</B> file.
+<P><B>Naming the Configuration File</B>
+<P>For a Tape Coordinator that communicates with an XBSA server, the
+<VAR>tcid</VAR> portion of the configuration file's name is the Tape
+Coordinator's port offset number as defined in the Backup
+Database. An example filename is <B>CFG_22</B>.
+<P>For the Tape Coordinator for a tape device or backup data file, there are
+two possible types of values for the <VAR>tcid</VAR> portion of the
+filename. The Tape Coordinator first attempts to open a file with a
+<VAR>tcid</VAR> portion that is the Tape Coordinator's port offset number
+as defined in the Backup Database and <B>tapeconfig</B> file. If
+there is no such file, the Tape Coordinator attempts to access a file with a
+<VAR>tcid</VAR> portion that is based on the tape device's device name the
+backup data file's filename. To enable the Tape Coordinator to
+locate the file, construct the <VAR>tcid</VAR> portion of the filename as
+follows:
+<UL>
+<P><LI>For a tape device, strip off the initial <B>/dev/</B> string from the
+device name, and replace any other slashes in the name with
+underscores. For example, <B>CFG_rmt_4m</B> is the appropriate
+filename for a device called <B>/dev/rmt/4m</B>.
+<P><LI>For a backup data file, strip off the initial slash (/) and replace any
+other slashes in the name with underscores. For example,
+<B>CFG_var_tmp_FILE</B> is the appropriate filename for a backup data file
+called <B>/var/tmp/FILE</B>.
+</UL>
+<P><B>Summary of Instructions</B>
+<P>The following list briefly describes the instructions that can appear in a
+configuration file. Each instruction appears on its own line, in any
+order. Unless otherwise noted, the instructions apply to all backup
+media (automated tape device, backup data file, and XBSA server). A
+more detailed description of each instruction follows the list.
+<DL>
+<P><DT><B>ASK
+</B><DD>Controls whether the Tape Coordinator prompts for guidance when it
+encounters error conditions.
+<P><DT><B>AUTOQUERY
+</B><DD>Controls whether the Tape Coordinator prompts for the first tape.
+Does not apply to XBSA servers.
+<P><DT><B>BUFFERSIZE
+</B><DD>Sets the size of the memory buffer the Tape Coordinator uses when dumping
+data to or restoring data from a backup medium.
+<P><DT><B>CENTRALLOG
+</B><DD>Names a log file in which to record a status message as each dump or
+restore operation completes. The Tape Coordinator also writes to its
+standard log and error files.
+<P><DT><B>FILE
+</B><DD>Determines whether the Tape Coordinator uses a backup data file as the
+backup medium.
+<P><DT><B>GROUPID
+</B><DD>Sets an identification number recorded in the Backup Database for all
+dumps performed by the Tape Coordinator.
+<P><DT><B>LASTLOG
+</B><DD>Controls whether the Tape Coordinator creates and writes to a separate log
+file during its final pass through the set of volumes to be included in a
+dump.
+<P><DT><B>MAXPASS
+</B><DD>Specifies how many times the Tape Coordinator attempts to access a volume
+during a dump operation if the volume is inaccessible on the first attempt
+(which is included in the count).
+<P><DT><B>MGMTCLASS
+</B><DD>Specifies which of an XBSA server's management classes to use, which
+often indicates the type of backup medium the XBSA server uses. Applies
+only to XBSA servers.
+<P><DT><B>MOUNT
+</B><DD>Identifies the file that contains routines for inserting tapes into a tape
+device or controlling how the Tape Coordinator handles a backup data
+file. Does not apply to XBSA servers.
+<P><DT><B>NAME_CHECK
+</B><DD>Controls whether the Tape Coordinator verifies that a tape or backup data
+file has the expected name. Does not apply to XBSA servers.
+<P><DT><B>NODE
+</B><DD>Names which node associated with an XBSA server to use. Applies
+only to XBSA servers.
+<P><DT><B>PASSFILE
+</B><DD>Names the file that contains the password or security code for the Tape
+Coordinator to pass to an XBSA server. Applies only to XBSA
+servers.
+<P><DT><B>PASSWORD
+</B><DD>Specifies the password or security code for the Tape Coordinator to pass
+to an XBSA server. Applies only to XBSA servers.
+<P><DT><B>SERVER
+</B><DD>Names the XBSA server machine with which the Tape Coordinator
+communicates. Applies only to XBSA servers.
+<P><DT><B>STATUS
+</B><DD>Controls how often the Tape Coordinator writes a status message in its
+window during an operation.
+<P><DT><B>TYPE
+</B><DD>Defines which XBSA-compliant program (third-party backup utility) is
+running on the XBSA server. Applies only to XBSA servers.
+<P><DT><B>UNMOUNT
+</B><DD>Identifies the file that contains routines for removing tapes from a tape
+device or controlling how the Tape Coordinator handles a backup data
+file. Does not apply to XBSA servers.
+</DL>
+<P><B>The ASK Instruction</B>
+<P>The <B>ASK</B> instruction takes a boolean value as its argument, in
+the following format:
+<PRE> ASK {<B>YES</B> | <B>NO</B>}
+</PRE>
+<P>When the value is <B>YES</B>, the Tape Coordinator generates a prompt
+in its window, requesting a response to the error cases described in the
+following list. This is the default behavior if the <B>ASK</B>
+instruction does not appear in the <B>CFG_</B><VAR>tcid</VAR> file.
+<P>When the value is <B>NO</B>, the Tape Coordinator does not prompt in
+error cases, but instead uses the automatic default responses described in the
+following list. The Tape Coordinator also logs the error in its
+<B>/usr/afs/backup/TE_</B><VAR>tcid</VAR> file. Suppressing the
+prompts enables the Tape Coordinator to run unattended, though it still
+prompts for insertion of tapes unless the <B>MOUNT</B> instruction is
+used.
+<P>The error cases controlled by this instruction are the following:
+<UL>
+<P><LI>The Backup System is unable to dump a volume while running the <B>backup
+dump</B> command. With a <B>YES</B> value, the Tape Coordinator
+prompts to offer three choices: try to dump the volume again
+immediately, omit the volume from the dump but continue the operation, or
+terminate the operation. With a <B>NO</B> value, the Tape
+Coordinator omits the volume from the dump and continues the operation.
+<P><LI>The Backup System is unable to restore a volume while running the
+<B>backup diskrestore</B>, <B>backup volrestore</B>, or <B>backup
+volsetrestore</B> command. With a <B>YES</B> value, the Tape
+Coordinator prompts to offer two choices: omit the volume and continue
+restoring the other volumes, or terminate the operation. With a
+<B>NO</B> value, it continues the operation without prompting, omitting
+the problematic volume but restoring the remaining ones.
+<P><LI>The Backup System cannot determine if the dump set includes any more
+tapes, while running the <B>backup scantape</B> command (the reference
+page for that command discusses possible reasons for this problem).
+With a <B>YES</B> value, the Tape Coordinator prompts to ask if there are
+more tapes to scan. With a <B>NO</B> value, it proceeds as though
+there are more tapes and invokes the routine named by the <B>MOUNT</B>
+instruction in the configuration file, or prompts the operator to insert the
+next tape.
+<P><LI>The Backup System determines that the tape contains an unexpired dump
+while running the <B>backup labeltape</B> command. With a
+<B>YES</B> value, the Tape Coordinator prompts to offer two choices:
+continue or terminate the labeling operation. With a <B>NO</B>
+value, it terminates the operation without relabeling the tape.
+</UL>
+<P><B>The AUTOQUERY Instruction</B>
+<P>The <B>AUTOQUERY</B> instruction takes a boolean value as its argument,
+in the following format:
+<PRE> AUTOQUERY {<B>YES</B> | <B>NO</B>}
+</PRE>
+<P>When the value is <B>YES</B>, the Tape Coordinator checks for the
+<B>MOUNT</B> instruction in the configuration file when it needs to read
+the first tape involved in an operation. As described for that
+instruction, it then either prompts for the tape or invokes the specified
+routine to mount the tape. This is the default behavior if the
+<B>AUTOQUERY</B> instruction does not appear in the configuration
+file.
+<P>When the value is <B>NO</B>, the Tape Coordinator assumes that the
+first tape required for an operation is already in the drive. It does
+not prompt the operator or invoke the <B>MOUNT</B> routine unless there is
+an error in accessing the first tape. This setting is equivalent in
+effect to including the <B>-noautoquery</B> flag to the <B>butc</B>
+command.
+<P>Note that the setting of the <B>AUTOQUERY</B> instruction controls the
+Tape Coordinator's behavior only with respect to the first tape required
+for an operation. For subsequent tapes, the Tape Coordinator always
+checks for the <B>MOUNT</B> instruction. It also refers to the
+<B>MOUNT</B> instruction if it encounters an error while attempting to
+access the first tape. The instruction does not apply to XBSA
+servers.
+<P><B>The BUFFERSIZE Instruction</B>
+<P>The <B>BUFFERSIZE</B> instruction takes an integer or decimal value,
+and optionally units, in the following format:
+<PRE> BUFFERSIZE <VAR>size</VAR>[{<B>k</B> | <B>K</B> | <B>m</B> | <B>M</B> | <B>g</B> | <B>G</B> | <B>t</B> | <B>T</B>}]
+</PRE>
+<P>where <VAR>size</VAR> specifies the amount of memory the Tape Coordinator
+allocates to use as a buffer during both dump and restore operations.
+If <VAR>size</VAR> is a decimal number, the number of digits after the decimal
+point must not translate to fractions of bytes. The default unit is
+bytes, but use <B>k</B> or <B>K</B> to specify kilobytes, <B>m</B>
+or <B>M</B> for megabytes, <B>g</B> or <B>G</B> for gigabytes, and
+<B>t</B> or <B>T</B> for terabytes. There is no space between
+the <VAR>size</VAR> value and the units letter.
+<P>As the Tape Coordinator receives volume data from the Volume Server during
+a dump operation, it gathers the specified amount of data in the buffer before
+transferring the entire amount to the backup medium. Similarly, during
+a restore operation the Tape Coordinator by default buffers data from the
+backup medium before transferring the entire amount to the Volume Server for
+restoration into the file system.
+<P>The default buffer size is 16 KB, which is usually large enough to promote
+tape streaming in a normal network configuration. If the network
+connection between the Tape Coordinator machine and file server machines is
+slow, it can help to increase the buffer size.
+<P>For XBSA servers, the range of acceptable values is <B>1K</B> through
+<B>64K</B>. For tape devices and backup data files, the minimum
+acceptable value is <B>16K</B>, and if the specified value is not a
+multiple of 16 KB, the Tape Coordinator automatically rounds it up to the next
+such multiple.
+<P><B>The CENTRALLOG Instruction</B>
+<P>The <B>CENTRALLOG</B> instruction takes a pathname as its argument, in
+the following format:
+<PRE> CENTRALLOG <VAR>filename</VAR>
+</PRE>
+<P>where <VAR>filename</VAR> is the full pathname of a local disk file in which
+to record a status message as each dump or restore operation completes.
+It is acceptable to have multiple Tape Coordinators write to the same log
+file. Each Tape Coordinator also writes to its own standard error and
+log files (the <B>TE_</B><VAR>tcid</VAR> and <B>TL_</B><VAR>tcid</VAR>
+files in the <B>/usr/afs/backup</B> directory). This instruction is
+always optional.
+<P>The line for each dump operation has the following format:
+<PRE> <VAR>task_ID</VAR> <VAR>start_time</VAR> <VAR>complete_time</VAR> <VAR>duration</VAR> <VAR>volume_set</VAR> \
+ <VAR>success</VAR> of <VAR>total</VAR> volumes dumped (<VAR>data_dumped</VAR> KB)
+</PRE>
+<P>The line for each restore operation has the following format:
+<PRE> <VAR>task_ID</VAR> <VAR>start_time</VAR> <VAR>complete_time</VAR> <VAR>duration</VAR> <VAR>success</VAR> of <VAR>total</VAR> volumes restored
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>task_ID</VAR>
+</B><DD>Is the task identification number assigned to the operation by the Tape
+Coordinator. The first digits in the number are the Tape
+Coordinator's port offset number.
+<P><DT><B><VAR>start_time</VAR>
+</B><DD>The time at which the operation started, in the format
+<VAR>month</VAR>/<VAR>day</VAR>/<VAR>year</VAR>
+<VAR>hours</VAR>:<VAR>minutes</VAR>:<VAR>seconds</VAR>.
+<P><DT><B><VAR>complete_time</VAR>
+</B><DD>Is the time at which the operation completed, in the same format as the
+<VAR>start_time</VAR> field.
+<P><DT><B><VAR>duration</VAR>
+</B><DD>Is the amount of time it took to complete the operation, in the format
+<VAR>hours</VAR>:<VAR>minutes</VAR>:<VAR>seconds</VAR>.
+<P><DT><B><VAR>volume_set</VAR>
+</B><DD>Is the name of the volume set being dumped during this operation (for dump
+operations only).
+<P><DT><B><VAR>success</VAR>
+</B><DD>Is the number of volumes successfully dumped or restored.
+<P><DT><B><VAR>total</VAR>
+</B><DD>Is the total number of volumes the Tape Coordinator attempted to dump or
+restore.
+<P><DT><B><VAR>data_dumped</VAR>
+</B><DD>Is the number of kilobytes of data transferred to the backup medium (for
+dump operations only).
+</DL>
+<P><B>The FILE Instruction</B>
+<P>The <B>FILE</B> instruction takes a boolean value as its argument, in
+the following format:
+<PRE> FILE {<B>NO</B> | <B>YES</B>}
+</PRE>
+<P>When the value is <B>NO</B> and the <B>SERVER</B> instruction does
+not appear in the configuration file, the Tape Coordinator uses a tape device
+as the backup medium. If the <B>SERVER</B> instruction does appear,
+the Tape Coordinator communicates with the XBSA server that it names.
+This is the default behavior if the <B>FILE</B> instruction does not
+appear in the file.
+<P>When the value is <B>YES</B>, the Tape Coordinator uses a backup data
+file on the local disk as the backup medium. If the file does not exist
+when the Tape Coordinator attempts to write a dump, the Tape Coordinator
+creates it. For a restore operation to succeed, the file must exist and
+contain volume data previously written to it by a <B>backup dump</B>
+operation.
+<P>When the value is <B>YES</B>, the backup data file's complete
+pathname must appear (instead of a tape drive device name) in the third field
+of the corresponding port offset entry in the local
+<B>/usr/afs/backup/tapeconfig</B> file. If the field instead refers
+to a tape device, dump operations appear to succeed but are
+inoperative. It is not possible to restore data that is accidently
+dumped to a tape device while the <B>FILE</B> instruction is set to
+<B>YES</B>. (In the same way, if the <B>FILE</B> instruction is
+set to <B>NO</B> and there is no <B>SERVER</B> instruction, the
+<B>tapeconfig</B> entry must refer to an actual tape device.)
+<P>Rather than put an actual file pathname in the third field of the
+<B>tapeconfig</B> file, however, the recommended configuration is to
+create a symbolic link in the <B>/dev</B> directory that points to the
+actual file pathname, and record the symbolic link's name in this
+field. This configuration has a couple of advantages:
+<UL>
+<P><LI>It makes the <VAR>tcid</VAR> portion of the <B>CFG_</B><VAR>tcid</VAR>,
+<B>TE_</B><VAR>tcid</VAR>, and <B>TL_</B><VAR>tcid</VAR> names as short as
+possible. Because the symbolic link is in the <B>/dev</B> directory
+as though it were a tape device, the device configuration file's name is
+constructed by stripping off the entire <B>/dev/</B> prefix, instead of
+just the initial slash. If, for example, the symbolic link is called
+<B>/dev/FILE</B>, the device configuration file name is
+<B>CFG_FILE</B>, whereas if the actual pathname <B>/var/tmp/FILE</B>
+appears in the <B>tapeconfig</B> file, the file's name must be
+<B>CFG_var_tmp_FILE</B>.
+<P><LI>It provides for a more graceful, and potentially automated, recovery if
+the Tape Coordinator cannot write a complete dump into the backup data file
+(because the partition housing the backup data file becomes full, for
+example). The Tape Coordinator's reaction to this problem is to
+invoke the <B>MOUNT</B> script, or to prompt the operator if the
+<B>MOUNT</B> instruction does not appear in the configuration file.
+<UL>
+<P><LI>If there is a <B>MOUNT</B> routine, the operator can prepare for this
+situation by adding a subroutine that changes the symbolic link to point to
+another backup data file on a partition where there is space available.
+<P><LI>If there is no <B>MOUNT</B> instruction, the prompt enables the
+operator manually to change the symbolic link to point to another backup data
+file, then press <<B>Return</B>> to signal that the Tape Coordinator
+can continue the operation.
+</UL>
+</UL>
+<P>If the third field in the <B>tapeconfig</B> file names the actual file,
+there is no way to recover from exhausting the space on the partition that
+houses the backup data file. It is not possible to change the
+<B>tapeconfig</B> file in the middle of an operation.
+<P>When writing to a backup data file, the Tape Coordinator writes data at 16
+KB offsets. If a given block of data (such as the marker that signals
+the beginning or end of a volume) does not fill the entire 16 KB, the Tape
+Coordinator still skips to the next offset before writing the next
+block. In the output of a <B>backup dumpinfo</B> command issued
+with the <B>-id</B> option, the value in the <TT>Pos</TT> column is the
+ordinal of the 16-KB offset at which the volume data begins, and so is not
+generally only one higher than the position number on the previous line, as it
+is for dumps to tape.
+<P><B>The GROUPID Instruction</B>
+<P>The <B>GROUPID</B> instruction takes an integer as its argument, in the
+following format:
+<PRE> GROUPID <VAR>integer</VAR>
+</PRE>
+<P>where <VAR>integer</VAR> is in the range from <B>1</B> through
+<B>2147483647</B> (one less than 2 GB). The value is recorded in
+the Backup Database record for each dump created by this Tape
+Coordinator. It appears in the <TT>Group id</TT> field in the output
+from the <B>backup dumpinfo</B> command when the command's
+<B>-verbose</B> and <B>-id</B> options are provided. It can be
+specified as the value of the <B>-groupid</B> argument to the <B>backup
+deletedump</B> command to delete only records marked with the group
+ID. This instruction is always optional.
+<P><B>The LASTLOG Instruction</B>
+<P>The <B>LASTLOG</B> instruction takes a boolean value as its argument,
+in the following format:
+<PRE> LASTLOG {<B>YES</B> | <B>NO</B>}
+</PRE>
+<P>When the value is <B>YES</B>, the Tape Coordinator creates and writes
+to a separate log file during the final pass through the volumes to be
+included in a dump operation. The log file name is
+<B>/usr/afs/backup/TL_</B><VAR>tcid</VAR><B>.lp</B>, where
+<VAR>tcid</VAR> is either the Tape Coordinator's port offset number or a
+value derived from the device name or backup data filename.
+<P>When the value is <B>NO</B>, the Tape Coordinator writes to its
+standard log files (the <B>TE_</B><VAR>tcid</VAR> and
+<B>TL_</B><VAR>tcid</VAR> files in the <B>/usr/afs/backup</B> directory)
+for all passes. This is the behavior if the instruction does not appear
+in the file.
+<P><B>The MAXPASS Instruction</B>
+<P>The <B>MAXPASS</B> instruction takes an integer as its argument, in the
+following format:
+<PRE> MAXPASS <VAR>integer</VAR>
+</PRE>
+<P>where <VAR>integer</VAR> specifies how many times the Tape Coordinator
+attempts to access a volume during a dump operation if the volume is
+inaccessible on the first attempt (which is included in the count).
+Acceptable values are in the range from <B>1</B> through
+<B>10</B>. The default value is <B>2</B> if this instruction
+does not appear in the file.
+<P><B>The MGMTCLASS Instruction</B>
+<P>The <B>MGMTCLASS</B> instruction takes a character string as its
+argument, in the following format:
+<PRE> MGMTCLASS <VAR>class_name</VAR>
+</PRE>
+<P>where <VAR>class_name</VAR> is the XBSA server's management class, which
+often indicates the type of backup medium it is using. For a list of
+the possible management classes, see the XBSA server documentation.
+This instruction applies only to XBSA servers and is always optional;
+there is no default value if it is omitted.
+<P><B>The MOUNT Instruction</B>
+<P>The <B>MOUNT</B> instruction takes a pathname as its argument, in the
+following format:
+<PRE> MOUNT <VAR>filename</VAR>
+</PRE>
+<P>where <VAR>filename</VAR> is the full pathname of an executable file on the
+local disk that contains a shell script or program (for clarity, the following
+discussion refers to scripts only). If the configuration file is for an
+automated tape device, the script invokes the routine or command provided by
+the device's manufacturer for mounting a tape (inserting it into the tape
+reader). If the configuration file is for a backup data file, it can
+instruct the Tape Coordinator to switch automatically to another backup data
+file when the current one becomes full; for further discussion, see the
+preceding description of the <B>FILE</B> instruction. This
+instruction does not apply to XBSA servers.
+<P>The administrator must write the script, including the appropriate routines
+and logic. The AFS distribution does not include any scripts, although
+an example appears in the following <B>Examples</B> section. The
+command or routines invoked by the script inherit the local identity (UNIX
+UID) and AFS tokens of the <B>butc</B> command's issuer.
+<P>When the Tape Coordinator needs to mount a tape or access another backup
+data file, it checks the configuration file for a <B>MOUNT</B>
+instruction. If there is no instruction, the Tape Coordinator prompts
+the operator to insert a tape before it attempts to open the tape
+device. If there is a <B>MOUNT</B> instruction, the Tape
+Coordinator executes the routine in the referenced script.
+<P>There is an exception to this sequence: if the <B>AUTOQUERY
+NO</B> instruction appears in the configuration file, or the
+<B>-noautoquery</B> flag was included on the <B>butc</B> command, then
+the Tape Coordinator assumes that the operator has already inserted the first
+tape needed for a given operation. It attempts to read the tape
+immediately, and only checks for the <B>MOUNT</B> instruction or prompts
+the operator if the tape is missing or is not the required one.
+<P>The Tape Coordinator passes the following parameters to the script
+indicated by the <B>MOUNT</B> instruction, in the indicated order:
+<OL TYPE=1>
+<P><LI>The tape device or backup data file's pathname, as recorded in the
+<B>/usr/afs/backup/tapeconfig</B> file.
+<P><LI>The tape operation, which generally matches the <B>backup</B> command
+operation code used to initiate the operation (the following list notes the
+exceptional cases) :
+<UL>
+<P><LI><B>appenddump</B> (when a <B>backup dump</B> command includes the
+<B>-append</B> flag)
+<P><LI><B>dump</B> (when a <B>backup dump</B> command does not include
+the <B>-append</B> flag)
+<P><LI><B>labeltape</B>
+<P><LI><B>readlabel</B>
+<P><LI><B>restore</B> (for a <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> command)
+<P><LI><B>restoredb</B>
+<P><LI><B>savedb</B>
+<P><LI><B>scantape</B>
+</UL>
+<P><LI>The number of times the Tape Coordinator has attempted to open the tape
+device or backup data file. If the open attempt returns an error, the
+Tape Coordinator increments this value by one and again invokes the
+<B>MOUNT</B> instruction.
+<P><LI>The tape name. For some operations, the Tape Coordinator passes the
+string <TT>none</TT>, because it does not know the tape name (when running
+the <B>backup scantape</B> or <B>backup readlabel</B>, for example),
+or because the tape does not necessarily have a name (when running the
+<B>backup labeltape</B> command, for example).
+<P><LI>The tape ID recorded in the Backup Database. As with the tape name,
+the Backup System passes the string <TT>none</TT> for operations where it
+does not know the tape ID or the tape does not necessarily have an ID.
+</OL>
+<P>The routine invoked by the <B>MOUNT</B> instruction must return an exit
+code to the Tape Coordinator:
+<UL>
+<P><LI>Code <B>0</B> (zero) indicates that the routine successfully mounted
+the tape or opened the backup data file. The Tape Coordinator continues
+the backup operation. If the routine invoked by the <B>MOUNT</B>
+instruction does not return this exit code, the Tape Coordinator never calls
+the <B>UNMOUNT</B> instruction.
+<P><LI>Code <B>1</B> (one) indicates that the routine failed to mount the
+tape or open the backup data file. The Tape Coordinator terminates the
+operation.
+<P><LI>Any other code indicates that the routine was not able to access the
+correct tape or backup data file. The Tape Coordinator prompts the
+operator to insert the correct tape.
+</UL>
+<P>If the <B>backup</B> command was issued in interactive mode and the
+operator issues the <B>(backup) kill</B> command while the
+<B>MOUNT</B> routine is running, the Tape Coordinator passes the
+termination signal to the routine; the entire operation
+terminates.
+<P><B>The NAME_CHECK Instruction</B>
+<P>The <B>NAME_CHECK</B> instruction takes a boolean value as its
+argument, in the following format:
+<PRE> NAME_CHECK {<B>YES</B> | <B>NO</B>}
+</PRE>
+<P>When the value is <B>YES</B> and there is no permanent name on the
+label of the tape or backup data file, the Tape Coordinator checks the AFS
+tape name on the label when dumping a volume in response to the <B>backup
+dump</B> command. The AFS tape name must be <TT><NULL></TT> or
+match the name that the <B>backup dump</B> operation constructs based on
+the volume set and dump level names. This is the default behavior if
+the <B>NAME_CHECK</B> instruction does not appear in the configuration
+file.
+<P>When the value is <B>NO</B>, the Tape Coordinator does not check the
+AFS tape name before writing to the tape.
+<P>The Tape Coordinator always checks that all dumps on the tape are expired,
+and refuses to write to a tape that contains unexpired dumps. This
+instruction does not apply to XBSA servers.
+<P><B>The NODE Instruction</B>
+<P>The <B>NODE</B> instruction takes a character string as its argument,
+in the following format:
+<PRE> NODE <VAR>node_name</VAR>
+</PRE>
+<P>where <VAR>node_name</VAR> names the node associated with the XBSA server
+named by the <B>SERVER</B> instruction. To determine if the XBSA
+server uses nodes, see its documentation. This instruction applies only
+to XBSA servers, and there is no default if it is omitted. However, TSM
+requires that a NODENAME instruction appear in its <B>dsm.sys</B>
+configuration file in that case.
+<P><B>The PASSFILE Instruction</B>
+<P>The <B>PASSFILE</B> instruction takes a pathname as its argument, in
+the following format:
+<PRE> PASSFILE <VAR>filename</VAR>
+</PRE>
+<P>where <VAR>filename</VAR> is the full pathname of a file on the local disk
+that records the password for the Tape Coordinator to use when communicating
+with the XBSA server. The password string must appear on the first line
+in the file, and have a newline character only at the end. The mode
+bits on the file must enable the Tape Coordinator to read it.
+<P>This instruction applies only to XBSA servers, and either it or the
+<B>PASSWORD</B> instruction must be provided along with the
+<B>SERVER</B> instruction. (If both this instruction and the
+<B>PASSWORD</B> instruction are included, the Tape Coordinator uses only
+the one that appears first in the file.)
+<P><B>The PASSWORD Instruction</B>
+<P>The <B>PASSWORD</B> instruction takes a character string as its
+argument, in the following format:
+<PRE> PASSWORD <VAR>string</VAR>
+</PRE>
+<P>where <VAR>string</VAR> is the password for the Tape Coordinator to use when
+communicating with the XBSA server. It must appear on the first line in
+the file, and have a newline character only at the end.
+<P>This instruction applies only to XBSA servers, and either it or the
+<B>PASSFILE</B> instruction must be provided along with the
+<B>SERVER</B> instruction. (If both this instruction and the
+<B>PASSFILE</B> instruction are included, the Tape Coordinator uses only
+the one that appears first in the file.)
+<P><B>The SERVER Instruction</B>
+<P>The <B>SERVER</B> instruction takes a character string as its argument,
+in the following format:
+<PRE> SERVER <VAR>machine_name</VAR>
+</PRE>
+<P>where <VAR>machine_name</VAR> is the fully qualified hostname of the machine
+where an XBSA server is running. This instruction is required for XBSA
+servers, and applies only to them.
+<P><B>The STATUS Instruction</B>
+<P>The <B>STATUS</B> instruction takes an integer as its argument, in the
+following format:
+<PRE> STATUS <VAR>integer</VAR>
+</PRE>
+<P>where <VAR>integer</VAR> expresses how often the Tape Coordinator writes a
+status message to its window during an operation, in terms of the number of
+buffers of data that have been dumped or restored. Acceptable values
+range from <B>1</B> through <B>8192</B>. The size of the
+buffers is determined by the <B>BUFFERSIZE</B> instruction if it is
+included.
+<P>As an example, the value <B>512</B> means that the Tape Coordinator
+writes a status message after each 512 buffers of data. It also writes
+a status message as it completes the dump of each volume.
+<P>The message has the following format:
+<PRE> <VAR>time_stamp</VAR>: Task <VAR>task_ID</VAR>: <VAR>total</VAR> KB: <VAR>volume</VAR>: <VAR>volume_total</VAR> B
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>time_stamp</VAR>
+</B><DD>Records the time at which the message is printed, in the format
+<VAR>hours</VAR>:<VAR>minutes</VAR>:<VAR>seconds</VAR>.
+<P><DT><B><VAR>task_ID</VAR>
+</B><DD>Is the task identification number assigned to the operation by the Tape
+Coordinator. The first digits in the number are the Tape
+Coordinator's port offset number.
+<P><DT><B><VAR>total</VAR>
+</B><DD>Is the total number of kilobytes transferred to the backup medium during
+the current dump operation.
+<P><DT><B><VAR>volume</VAR>
+</B><DD>Names the volume being dumped as the message is written.
+<P><DT><B><VAR>volume_total</VAR>
+</B><DD>Is the total number of bytes dumped so far from the volume named in the
+<VAR>volume</VAR> field.
+</DL>
+<P>This instruction is intended for use with XBSA servers. For tape
+devices and backup data files, the value in the <VAR>volume_total</VAR> field is
+not necessarily as expected. It does not include certain kinds of
+Backup System metadata (markers at the beginning and end of each volume, for
+example), so summing together the final <VAR>volume_total</VAR> value for each
+volume does not necessarily equal the running total in the <VAR>total</VAR>
+field. Also, the Tape Coordinator does not write a message at all if it
+is dumping metadata rather than actual volume data as it reaches the end of
+the last buffer in each set of <VAR>integer</VAR> buffers.
+<P><B>The TYPE Instruction</B>
+<P>The <B>TYPE</B> instruction takes a character string as its argument,
+in the following format:
+<PRE> TYPE <VAR>program_name</VAR>
+</PRE>
+<P>where <VAR>program_name</VAR> names the XBSA server program that is running
+on the machine named by the <B>SERVER</B> instruction. This
+instruction is mandatory when the <B>SERVER</B> instruction appears in the
+file. The acceptable values depend on which XBSA servers are supported
+in the current AFS release. In the General Availability release of AFS
+3.6, the only acceptable value is <B>tsm</B>.
+<P><B>The UNMOUNT Instruction</B>
+<P>The <B>UNMOUNT</B> instruction takes a pathname as its argument, in the
+following format:
+<PRE> UNMOUNT <VAR>filename</VAR>
+</PRE>
+<P>where <VAR>filename</VAR> is the full pathname of an executable file on the
+local disk that contains a shell script or program (for clarity, the following
+discussion refers to scripts only). If the configuration file is for an
+automated tape device, the script invokes the routine or command provided by
+the device's manufacturer for unmounting a tape (removing it from the
+tape reader). If the configuration file is for a backup data file, it
+can instruct the Tape Coordinator to perform additional actions after closing
+the backup data file. This instruction does not apply to XBSA
+servers.
+<P>The administrator must write the script, including the appropriate routines
+and logic. The AFS distribution does not include any scripts, although
+an example appears in the following <B>Examples</B> section. The
+command or routines invoked by the script inherit the local identity (UNIX
+UID) and AFS tokens of the <B>butc</B> command's issuer.
+<P>After closing a tape device or backup data file, the Tape Coordinator
+checks the configuration file for an <B>UNMOUNT</B> instruction, whether
+or not the <B>close</B> operation succeeds. If there is no
+<B>UNMOUNT</B> instruction, the Tape Coordinator takes no action, in which
+case the operator must take the action necessary to remove the current tape
+from the drive before another can be inserted. If there is an
+<B>UNMOUNT</B> instruction, the Tape Coordinator executes the referenced
+file. It invokes the routine only once, passing in the following
+parameters:
+<UL>
+<P><LI>The tape device pathname (as specified in the
+<B>/usr/afs/backup/tapeconfig</B> file)
+<P><LI>The tape operation (always <B>unmount</B>)
+</UL>
+<P><STRONG>Privilege Required</STRONG>
+<P>The file is protected by UNIX mode bits. Creating the file requires
+the <B>w</B> (<B>write</B>) and <B>x</B> (<B>execute</B>)
+permissions on the <B>/usr/afs/backup</B> directory. Editing the
+file requires the <B>w</B> (<B>write</B>) permission on the
+file.
+<P><STRONG>Examples</STRONG>
+<P>The following example configuration files demonstrate one way to structure
+a configuration file for a stacker or backup dump file. The examples
+are not necessarily appropriate for a specific cell; if using them as
+models, be sure to adapt them to the cell's needs and equipment.
+<P><B>Example</B> <B>CFG_</B><VAR>tcid</VAR> <B>File for
+Stackers</B>
+<P>In this example, the administrator creates the following entry for a tape
+stacker called <B>stacker0.1</B> in the
+<B>/usr/afs/backup/tapeconfig</B> file. It has port offset
+0.
+<PRE> 2G 5K /dev/stacker0.1 0
+</PRE>
+<P>The administrator includes the following five lines in the
+<B>/usr/afs/backup/CFG_stacker0.1</B> file. To review the
+meaning of each instruction, see the preceding <B>Description</B>
+section.
+<PRE> MOUNT /usr/afs/backup/stacker0.1
+ UNMOUNT /usr/afs/backup/stacker0.1
+ AUTOQUERY NO
+ ASK NO
+ NAME_CHECK NO
+</PRE>
+<P>Finally, the administrator writes the following executable routine in the
+<B>/usr/afs/backup/stacker0.1</B> file referenced by the
+<B>MOUNT</B> and <B>UNMOUNT</B> instructions in the
+<B>CFG_stacker0.1</B> file.
+<PRE> #! /bin/csh -f
+
+ set devicefile = $1
+ set operation = $2
+ set tries = $3
+ set tapename = $4
+ set tapeid = $5
+
+ set exit_continue = 0
+ set exit_abort = 1
+ set exit_interactive = 2
+
+ #--------------------------------------------
+
+ if (${tries} > 1) then
+ echo "Too many tries"
+ exit ${exit_interactive}
+ endif
+
+ if (${operation} == "unmount") then
+ echo "UnMount: Will leave tape in drive"
+ exit ${exit_continue}
+ endif
+
+ if ((${operation} == "dump") |\
+ (${operation} == "appenddump") |\
+ (${operation} == "savedb")) then
+
+ stackerCmd_NextTape ${devicefile}
+ if (${status} != 0)exit${exit_interactive}
+ echo "Will continue"
+ exit ${exit_continue}
+ endif
+
+ if ((${operation} == "labeltape") |\
+ (${operation} == "readlabel")) then
+ echo "Will continue"
+ exit ${exit_continue}
+ endif
+
+ echo "Prompt for tape"
+ exit ${exit_interactive}
+</PRE>
+<P>This routine uses two of the parameters passed to it by the Backup
+System: <TT>tries</TT> and <TT>operation</TT>. It follows the
+recommended practice of prompting for a tape if the value of the
+<TT>tries</TT> parameter exceeds one, because that implies that the stacker
+is out of tapes.
+<P>For a <B>backup dump</B> or <B>backup savedb</B> operation, the
+routine calls the example <B>stackerCmd_NextTape</B> function provided by
+the stacker's manufacturer. Note that the final lines in the file
+return the exit code that prompts the operator to insert a tape; these
+lines are invoked when either the stacker cannot load a tape or the operation
+being performed is not one of those explicitly mentioned in the file (such as
+a restore operation).
+<P><B>Example CFG_</B><VAR>tcid</VAR> <B>File for Dumping to a Backup Data
+File</B>
+<P>In this example, the administrator creates the following entry for a backup
+data file called <B>HSM_device</B> in the
+<B>/usr/afs/backup/tapeconfig</B> file. It has port offset
+20.
+<PRE> 1G 0K /dev/HSM_device 20
+</PRE>
+<P>The administrator chooses to name the configuration file
+<B>/usr/afs/backup/CFG_20</B>, using the port offset number rather than
+deriving the <VAR>tcid</VAR> portion of the name from the backup data
+file's name. She includes the following lines in the file.
+To review the meaning of each instruction, see the preceding
+<B>Description</B> section.
+<PRE> MOUNT /usr/afs/backup/file
+ FILE YES
+ ASK NO
+</PRE>
+<P>Finally, the administrator writes the following executable routine in the
+<B>/usr/afs/backup/file</B> file referenced by the <B>MOUNT</B>
+instruction in the <B>CFG_HSM_device</B> file, to control how the Tape
+Coordinator handles the file.
+<PRE> #! /bin/csh -f
+ set devicefile = $1
+ set operation = $2
+ set tries = $3
+ set tapename = $4
+ set tapeid = $5
+
+ set exit_continue = 0
+ set exit_abort = 1
+ set exit_interactive = 2
+
+ #--------------------------------------------
+
+ if (${tries} > 1) then
+ echo "Too many tries"
+ exit ${exit_interactive}
+ endif
+
+ if (${operation} == "labeltape") then
+ echo "Won't label a tape/file"
+ exit ${exit_abort}
+ endif
+
+ if ((${operation} == "dump") |\
+ (${operation} == "appenddump") |\
+ (${operation} == "restore") |\
+ (${operation} == "savedb") |\
+ (${operation} == "restoredb")) then
+
+ /bin/rm -f ${devicefile}
+ /bin/ln -s /hsm/${tapename}_${tapeid} ${devicefile}
+ if (${status} != 0) exit ${exit_abort}
+ endif
+
+ exit ${exit_continue}
+</PRE>
+<P>Like the example routine for a tape stacker, this routine uses the
+<TT>tries</TT> and <TT>operation</TT> parameters passed to it by the
+Backup System. The <TT>tries</TT> parameter tracks how many times the
+Tape Coordinator has attempted to access the file. A value greater than
+one indicates that the Tape Coordinator cannot access it, and the routine
+returns exit code 2 (<TT>exit_interactive</TT>), which results in a prompt
+for the operator to load a tape. The operator can use this opportunity
+to change the name of the backup data file specified in the
+<B>tapeconfig</B> file.
+<P>The primary function of this routine is to establish a link between the
+device file and the file to be dumped or restored. When the Tape
+Coordinator is executing a <B>backup dump</B>, <B>backup restore</B>,
+<B>backup savedb</B>, or <B>backup restoredb</B> operation, the
+routine invokes the UNIX <B>ln -s</B> command to create a symbolic link
+from the backup data file named in the <B>tapeconfig</B> file to the
+actual file to use (this is the recommended method). It uses the value
+of the <TT>tapename</TT> and <TT>tapeid</TT> parameters to construct the
+file name.
+<P><B>Example</B> <B>CFG_</B><VAR>tcid</VAR> <B>File for an XBSA
+Server</B>
+<P>The following is an example of a configuration file called
+<B>/usr/afs/backup/CFG_22</B>, for a Tape Coordinator with port offset 22
+that communicates with an Tivoli Storage Management (TSM) server. The
+combination of <B>BUFFERSIZE</B> and <B>STATUS</B> instructions
+results in a status message after each 16 MB of data are dumped. To
+review the meaning of the other instructions, see the preceding
+<B>Description</B> section.
+<PRE> SERVER tsmserver1.abc.com
+ TYPE tsm
+ PASSWORD TESTPASS
+ NODE testnode
+ MGMTCLASS standard
+ MAXPASS 1
+ GROUPID 1000
+ CENTRALLOG /usr/afs/backup/centrallog
+ BUFFERSIZE 16K
+ STATUS 1024
+</PRE>
+<P><STRONG>Related Information</STRONG>
+<P><B>tapeconfig</B>
+<P><B>backup deletedump</B>
+<P><B>backup diskrestore</B>
+<P><B>backup dump</B>
+<P><B>backup dumpinfo</B>
+<P><B>backup restoredb</B>
+<P><B>backup savedb</B>
+<P><B>backup volrestore</B>
+<P><B>backup volsetrestore</B>
+<P>
+<H3><A NAME="HDRCLI_NETRESTRICT" HREF="aurns002.htm#ToC_48">NetRestrict (client version)</A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Defines client interfaces not to register with the File Server
+<P><STRONG>Description</STRONG>
+<P>The <B>NetRestrict</B> file, if present in a client machine's
+<B>/usr/vice/etc</B> directory, defines the IP addresses of the interfaces
+that the local Cache Manager does not register with a File Server when first
+establishing a connection to it. For an explanation of how the File
+Server uses the registered interfaces, see the reference page for the client
+version of the <B>NetInfo</B> file.
+<P>As it initializes, the Cache Manager constructs a list of interfaces to
+register, from the <B>/usr/vice/etc/NetInfo</B> file if it exists, or from
+the list of interfaces configured with the operating system otherwise.
+The Cache Manager then removes from the list any addresses that appear in the
+<B>NetRestrict</B> file, if it exists. The Cache Manager records
+the resulting list in kernel memory.
+<P>The <B>NetRestrict</B> file is in ASCII format. One IP address
+appears on each line, in dotted decimal format. The order of the
+addresses is not significant.
+<P>To display the addresses the Cache Manager is currently registering with
+File Servers, use the <B>fs getclientaddrs</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><B>NetInfo</B> (client version)
+<P><B>fs getclientaddrs</B>
+<P>
+<H3><A NAME="HDRSV_NETRESTRICT" HREF="aurns002.htm#ToC_49">NetRestrict (server version)</A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Defines interfaces that File Server does not register in VLDB and Ubik does
+not use for database server machines
+<P><STRONG>Description</STRONG>
+<P>The <B>NetRestrict</B> file, if present in the
+<B>/usr/afs/local</B> directory, defines the following:
+<UL>
+<P><LI>On a file server machine, the local interfaces that the File Server
+(<B>fileserver</B> process) does not register in the Volume Location
+Database (VLDB) at initialization time
+<P><LI>On a database server machine, the local interfaces that the Ubik
+synchronization library does not use when communicating with the database
+server processes running on other database server machines
+</UL>
+<P>As it initializes, the File Server constructs a list of interfaces to
+register, from the <B>/usr/afs/local/NetInfo</B> file if it exists, or
+from the list of interfaces configured with the operating system
+otherwise. The File Server then removes from the list any addresses
+that appear in the <B>NetRestrict</B> file, if it exists. The File
+Server records the resulting list in the <B>/usr/afs/local/sysid</B> file
+and registers the interfaces in the VLDB. The database server processes
+use a similar procedure when initializing, to determine which interfaces to
+use for communication with the peer processes on other database machines in
+the cell.
+<P>The <B>NetRestrict</B> file is in ASCII format. One IP address
+appears on each line, in dotted decimal format. The order of the
+addresses is not significant.
+<P>To display the File Server interface addresses registered in the VLDB, use
+the <B>vos listaddrs</B> command.
+<P><STRONG>Related Information</STRONG>
+<P><B>NetInfo</B> (server version)
+<P><B>sysid</B>
+<P><B>vldb.DB0</B> and <B>vldb.DBSYS1</B>
+<P><B>fileserver</B>
+<P><B>vos listaddrs</B>
+<P>
+<H3><A NAME="HDRBK_DELETEDUMP" HREF="aurns002.htm#ToC_50">backup deletedump</A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Deletes one or more dump records from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup deletedump</B> [<B>-dumpid</B> <<VAR>dump id</VAR>><SUP>+</SUP>] [<B>-from</B> <<VAR>date time</VAR>><SUP>+</SUP>] [<B>-to</B> <<VAR>date time</VAR>><SUP>+</SUP>]
+ [<B>-port</B> <<VAR>TC port offset</VAR>>] [<B>-groupid</B> <<VAR>group ID</VAR>>]
+ [<B>-dbonly</B>] [<B>-force</B>] [<B>-noexecute</B>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup dele</B> [<B>-du</B> <<VAR>dump id</VAR>><SUP>+</SUP>] [<B>-fr</B> <<VAR>date time</VAR>><SUP>+</SUP>] [<B>-t</B> <<VAR>date time</VAR>><SUP>+</SUP>]
+ [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-g</B> <<VAR>group ID</VAR>>] [<B>-db</B>] [<B>-fo</B>] [<B>-n</B>]
+ [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup deletedump</B> command deletes one or more dump records
+from the Backup Database. Using this command is appropriate when dump
+records are incorrect (possibly because a dump operation was interrupted or
+failed), or when they represent dumps that are expired or otherwise no longer
+needed.
+<P>To specify the records to delete, use one of the following arguments or
+combinations of arguments:
+<UL>
+<P><LI>The <B>-dumpid</B> argument deletes the record for each specified dump
+ID number.
+<P><LI>The <B>-groupid</B> argument deletes each record with the specified
+group ID number. A group ID number is associated with a record if the
+<B>GROUPID</B> instruction appears in the Tape Coordinator's <B>
+/usr/afs/backup/CFG_</B><VAR>tcid</VAR> file when the dump is created.
+To display a dump set's group ID, include the <B>-verbose</B> and
+<B>-id</B> options to the <B>backup dumpinfo</B> command; the
+group ID appears in the output's <TT>Group id</TT> field.
+<P><LI>The <B>-from</B> and <B>-to</B> arguments delete the records for
+all regular dumps created during the time period bracketed by the specified
+values. The <B>-from</B> argument can be omitted, in which case the
+command deletes records created before the time specified by the
+<B>-to</B> argument.
+<P><LI>The combination of the <B>-groupid</B>, <B>-to</B> and optionally
+<B>-from</B> arguments deletes the records for all regular dumps created
+during the specified time period that are also marked with the specified group
+ID number.
+</UL>
+<P>The command can also delete dump records maintained by an XBSA server at
+the same time as the corresponding Backup Database records. (An
+<I>XBSA server</I> is a third-party backup utility that implements the
+Open Group's Backup Service API [XBSA].) Include the
+<B>-port</B> argument to identify the Tape Coordinator that communicates
+with the XBSA server. To delete the Backup Database records without
+attempting to delete the records at the XBSA server, include the
+<B>-dbonly</B> flag. To delete the Backup Database records even if
+an attempt to delete the records at the XBSA server fails, include the
+<B>-force</B> flag.
+<P><STRONG>Cautions</STRONG>
+<P>The only way to remove the dump record for an appended dump is to remove
+the record for its initial dump, and doing so removes the records for all
+dumps appended to the initial dump.
+<P>The only way to remove the record for a Backup Database dump (created with
+the <B>backup savedb</B> command) is to specify its dump ID number with
+the <B>-dumpid</B> argument. Using the <B>-from</B> and
+<B>-to</B> arguments never removes database dump records.
+<P>Removing a dump's record makes it impossible to restore data from it
+or from any dump that refers to the deleted dump as its parent, directly or
+indirectly. That is, restore operations must begin with a full dump and
+continue with each incremental dump in order. If the records for a
+specific dump are removed, it is not possible to restore data from later
+incremental dumps. If necessary, use the <B>-dbadd</B> flag to the
+<B>backup scantape</B> command to regenerate a dump record so that the
+dump can act as a parent again.
+<P>If a dump set contains any dumps that were created outside the time range
+specified by the <B>-from</B> and <B>-to</B> arguments, the command
+does not delete any of the records associated with the dump set, even if some
+of them represent dumps created during the time range.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-dumpid
+</B><DD>Specifies the dump ID of each dump record to delete. The
+corresponding dumps must be initial dumps; it is not possible to delete
+appended dump records directly, but only by deleting the record of their
+associated initial dump. Using this argument is the only way to delete
+records of Backup Database dumps (created with the <B>backup savedb</B>
+command).
+<P>Provide either this argument, the <B>-to</B> (and optionally
+<B>-from</B>) argument, or the <B>-groupid</B> argument.
+<P><DT><B>-from
+</B><DD>Specifies the beginning of a range of dates; the record for any dump
+created during the indicated period of time is deleted.
+<P>Omit this argument to indicate the default of midnight (00:00 hours)
+on 1 January 1970 (UNIX time zero), or provide a date value in the format
+<VAR>mm/dd/yyyy</VAR> [<VAR>hh:MM</VAR>]. The month (<VAR>mm</VAR>),
+day (<VAR>dd</VAR>), and year (<VAR>yyyy</VAR>) are required. The hour and
+minutes (<VAR>hh</VAR>:<VAR>MM</VAR>) are optional, but if provided must be
+in 24-hour format (for example, the value <B>14:36</B> represents
+2:36 p.m.). If omitted, the time defaults to
+midnight (00:00 hours).
+<P>The <B>-to</B> argument must be provided along with this one.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-to
+</B><DD>Specifies the end of a range of dates; the record of any regular dump
+created during the range is deleted from the Backup Database.
+<P>Provide either the value <B>NOW</B> to indicate the current date and
+time, or a date value in the same format as for the <B>-from</B>
+argument. Valid values for the year (<VAR>yyyy</VAR>) range from
+<B>1970</B> to <B>2037</B>; higher values are not valid because
+the latest possible date in the standard UNIX representation is in February
+2038. The command interpreter automatically reduces any later date to
+the maximum value.
+<P>If the time portion (<VAR>hh:MM</VAR>) is omitted, it defaults to 59
+seconds after midnight (00:00:59 hours). Similarly, the
+<B>backup</B> command interpreter automatically adds 59 seconds to any
+time value provided. In both cases, adding 59 seconds compensates for
+how the Backup Database and <B>backup dumpinfo</B> command represent dump
+creation times in hours and minutes only. For example, the Database
+records a creation timestamp of <TT>20:55</TT> for any dump operation
+that begins between 20:55:00 and 20:55:59.
+Automatically adding 59 seconds to a time thus includes the records for all
+dumps created during that minute.
+<P>Provide either this argument, the <B>-dumpid</B> argument, or the
+<B>-groupid</B> argument, or combine this argument and the
+<B>-groupid</B> argument. This argument is required if the
+<B>-from</B> argument is provided.
+<P><B>Caution:</B> Specifying the value <B>NOW</B> for this
+argument when the <B>-from</B> argument is omitted deletes all dump
+records from the Backup Database (except for Backup Database dump records
+created with the <B>backup savedb</B> command).
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">A plus sign follows this argument in the command's syntax statement
+because it accepts a multiword value which does not need to be enclosed in
+double quotes or other delimiters, not because it accepts multiple
+dates. Provide only one date (and optionally, time) definition.
+</TD></TR></TABLE>
+<P><DT><B>-port
+</B><DD>Specifies the port offset number of the Tape Coordinator that communicates
+with the XBSA server that maintains the records to delete. It must be
+the Tape Coordinator that transferred AFS data to the XBSA server when the
+dump was created. The corresponding records in the Backup Database are
+also deleted.
+<P>This argument is meaningful only when deleting records maintained by an
+XBSA server. Do not combine it with the <B>-dbonly</B> flag.
+If this argument is omitted when other options pertinent to an XBSA server are
+included, the Tape Coordinator with port offset 0 (zero) is used.
+<P><DT><B>-groupid
+</B><DD>Specifies the group ID number that is associated with the records to
+delete. The Tape Coordinator ignores group IDs if this argument is
+omitted.
+<P>Provide either this argument, the <B>-dumpid</B> argument, or the
+<B>-to</B> argument, or combine this argument and the <B>-to</B>
+argument with any options other than the <B>-dumpid</B> argument.
+<P><DT><B>-dbonly
+</B><DD>Deletes records from the Backup Database without attempting to delete the
+corresponding records maintained by an XBSA server. Do not combine this
+flag with the <B>-port</B> argument or the <B>-force</B> flag.
+<P><DT><B>-force
+</B><DD>Deletes the specified records from the Backup Database even when the
+attempt to delete the corresponding records maintained by an XBSA server
+fails. Do not combine this flag with the <B>-dbonly</B>
+flag. To identify the Tape Coordinator when this argument is used,
+either provide the <B>-port</B> argument or omit it to specify the Tape
+Coordinator with port offset 0 (zero).
+<P><DT><B>-noexecute
+</B><DD>Displays a list of the dump records to be deleted, without actually
+deleting them. Combine it with the options to be included on the actual
+command.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the <B>-noexecute</B> flag is not included, the output generated at
+the conclusion of processing lists the dump IDs of all deleted dump records,
+in the following format:
+<PRE> The following dumps were deleted:
+ <VAR>dump ID 1</VAR>
+ <VAR>dump ID 2</VAR>
+ <VAR>etc.</VAR>
+</PRE>
+<P>If the <B>-noexecute</B> flag is included, the output instead lists the
+dump IDs of all dump records to be deleted, in the following format:
+<PRE> The following dumps would have been deleted:
+ <VAR>dump ID 1</VAR>
+ <VAR>dump ID 2</VAR>
+ <VAR>etc.</VAR>
+</PRE>
+<P>The notation <TT>Appended Dump</TT> after a dump ID indicates that the
+dump is to be deleted because it is appended to an initial dump that also
+appears in the list, even if the appended dump's dump ID or group ID
+number was not specified on the command line. For more about deleting
+appended dumps, see the preceding <B>Cautions</B> section of this
+reference page.
+<P><STRONG>Examples</STRONG>
+<P>The following command deletes the dump record with dump ID 653777462, and
+for any appended dumps associated with it:
+<PRE> % <B>backup deletedump -dumpid 653777462</B>
+ The following dumps were deleted:
+ 653777462
+</PRE>
+<P>The following command deletes the Backup Database record of all dumps
+created between midnight on 1 January 1999 and 23:59:59 hours on
+31 December 1999:
+<PRE> % <B>backup deletedump -from 01/01/1999 -to 12/31/1999</B>
+ The following dumps were deleted:
+ 598324045
+ 598346873
+ ...
+ ...
+ 653777523
+ 653779648
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><B>CFG_</B><VAR>tcid</VAR>
+<P><B>backup</B>
+<P><B>backup dumpinfo</B>
+<P><B>backup scantape</B>
+<P>
+<H3><A NAME="HDRBK_DUMPINFO" HREF="aurns002.htm#ToC_51">backup dumpinfo</A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Displays a dump record from the Backup Database
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup dumpinfo</B> [<B>-ndumps</B> <<VAR>no. of dumps</VAR>>] [<B>-id</B> <<VAR>dump id</VAR>>]
+ [<B>-verbose</B>] [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B> ]
+
+<B>backup dumpi</B> [<B>-n</B> <<VAR>no. of dumps</VAR>>] [<B>-i</B> <<VAR>dump id</VAR>>]
+ [<B>-v</B>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup dumpinfo</B> command formats and displays the Backup
+Database record for the specified dumps. To specify how many of the
+most recent dumps to display, starting with the newest one and going back in
+time, use the <B>-ndumps</B> argument. To display more detailed
+information about a single dump, use the <B>-id</B> argument. To
+display the records for the 10 most recent dumps, omit both the
+<B>-ndumps</B> and <B>-id</B> arguments.
+<P>The <B>-verbose</B> flag produces very detailed information that is
+useful mostly for debugging purposes. It can be combined only with the
+<B>-id</B> argument.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-ndumps
+</B><DD>Displays the Backup Database record for each of the specified number of
+dumps that were most recently performed. If the database contains fewer
+dumps than are requested, the output includes the records for all existing
+dumps. Do not combine this argument with the <B>-id</B> or
+<B>-verbose</B> options; omit all options to display the records for
+the last 10 dumps.
+<P><DT><B>-id
+</B><DD>Specifies the dump ID number of a single dump for which to display the
+Backup Database record. Precede the <VAR>dump id</VAR> value with the
+<B>-id</B> switch; otherwise, the command interpreter interprets it
+as the value of the <B>-ndumps</B> argument. Combine this argument
+with the <B>-verbose</B> flag if desired, but not with the
+<B>-ndumps</B> argument; omit all options to display the records for
+the last 10 dumps.
+<P><DT><B>-verbose
+</B><DD>Provides more detailed information about the dump specified with the
+<B>-id</B> argument, which must be provided along with it. Do not
+combine this flag with the <B>-ndumps</B> argument.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the <B>-ndumps</B> argument is provided, the output presents the
+following information in table form, with a separate line for each dump:
+<DL>
+<P><DT><B><TT>dumpid</TT>
+</B><DD>The dump ID number.
+<P><DT><B><TT>parentid</TT>
+</B><DD>The dump ID number of the dump's parent dump. A value of
+<TT>0</TT> (zero) identifies a full dump.
+<P><DT><B><TT>lv</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used to create the
+dump. A value of <TT>0</TT> (zero) identifies a full dump, in which
+case the value in the <TT>parentid</TT> field is also <TT>0</TT>. A
+value of <TT>1</TT> or greater indicates an incremental dump made at the
+corresponding level in the dump hierarchy.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the Backup System started the dump operation
+that created the dump.
+<P><DT><B><TT>nt</TT>
+</B><DD>The number of tapes that contain the data in the dump. A value of
+<TT>0</TT> (zero) indicates that the dump operation was terminated or
+failed. Use the <B>backup deletedump</B> command to remove such
+entries.
+<P><DT><B><TT>nvols</TT>
+</B><DD>The number of volumes from which the dump includes data. If a
+volume spans tapes, it is counted twice. A value of <TT>0</TT> (zero)
+indicates that the dump operation was terminated or failed; the value in
+the <TT>nt</TT> field is also <TT>0</TT> in this case.
+<P><DT><B><TT>dump name</TT>
+</B><DD>The dump name in the form
+<PRE> <VAR>volume_set_name</VAR>.<VAR>dump_level_name</VAR> (<VAR>initial_dump_ID</VAR>)
+
+</PRE>
+<P>
+<P>where <VAR>volume_set_name</VAR> is the name of the volume set, and
+<VAR>dump_level_name</VAR> is the last element in the dump level pathname at
+which the volume set was dumped.
+<P>The <VAR>initial_dump_ID</VAR>, if displayed, is the dump ID of the initial
+dump in the dump set to which this dump belongs. If there is no value
+in parentheses, the dump is the initial dump in a dump set that has no
+appended dumps.
+</DL>
+<P>If the <B>-id</B> argument is provided alone, the first line of output
+begins with the string <TT>Dump</TT> and reports information for the entire
+dump in the following fields:
+<DL>
+<P><DT><B><TT>id</TT>
+</B><DD>The dump ID number.
+<P><DT><B><TT>level</TT>
+</B><DD>The depth in the dump hierarchy of the dump level used to create the
+dump. A value of <TT>0</TT> (zero) identifies a full dump. A
+value of <TT>1</TT> (one) or greater indicates an incremental dump made at
+the specified level in the dump hierarchy.
+<P><DT><B><TT>volumes</TT>
+</B><DD>The number of volumes for which the dump includes data.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the dump operation began.
+</DL>
+<P>If an XBSA server was the backup medium for the dump (rather than a tape
+device or backup data file), the following line appears next:
+<PRE> Backup Service: <VAR>XBSA_program</VAR>: Server: <VAR>hostname</VAR>
+</PRE>
+<P>where <VAR>XBSA_program</VAR> is the name of the XBSA-compliant program and
+<VAR>hostname</VAR> is the name of the machine on which the program runs.
+<P>Next the output includes an entry for each tape that houses volume data
+from the dump. Following the string <TT>Tape</TT>, the first two
+lines of each entry report information about that tape in the following
+fields:
+<DL>
+<P><DT><B><TT>name</TT>
+</B><DD>The tape's permanent name if it has one, or its AFS tape name
+otherwise, and its tape ID number in parentheses.
+<P><DT><B><TT>nVolumes</TT>
+</B><DD>The number of volumes for which this tape includes dump data.
+<P><DT><B><TT>created</TT>
+</B><DD>The date and time at which the Tape Coordinator began writing data to this
+tape.
+</DL>
+<P>Following another blank line, the tape-specific information concludes with
+a table that includes a line for each volume dump on the tape. The
+information appears in columns with the following headings:
+<DL>
+<P><DT><B><TT>Pos</TT>
+</B><DD>The relative position of each volume in this tape or file. On a
+tape, the counter begins at position 2 (the tape label occupies position 1),
+and increments by one for each volume. For volumes in a backup data
+file, the position numbers start with 1 and do not usually increment only by
+one, because each is the ordinal of the 16 KB offset in the file at which the
+volume's data begins. The difference between the position numbers
+therefore indicates how many 16 KB blocks each volume's data
+occupies. For example, if the second volume is at position 5 and the
+third volume in the list is at position 9, that means that the dump of the
+second volume occupies 64 KB (four 16-KB blocks) of space in the file.
+<P><DT><B><TT>Clone time</TT>
+</B><DD>For a backup or read-only volume, the time at which it was cloned from its
+read/write source. For a Read/Write volume, it is the same as the dump
+creation date reported on the first line of the output.
+<P><DT><B><TT>Nbytes</TT>
+</B><DD>The number of bytes of data in the dump of the volume.
+<P><DT><B><TT>Volume</TT>
+</B><DD>The volume name, complete with <TT>.backup</TT> or
+<TT>.readonly</TT> extension if appropriate.
+</DL>
+<P>If both the <B>-id</B> and <B>-verbose</B> options are provided,
+the output is divided into several sections:
+<UL>
+<P><LI>The first section, headed by the underlined string <TT>Dump</TT>,
+includes information about the entire dump. The fields labeled
+<TT>id</TT>, <TT>level</TT>, <TT>created</TT>, and <TT>nVolumes</TT>
+report the same values (though in a different order) as appear on the first
+line of output when the <B>-id</B> argument is provided by itself.
+Other fields of potential interest to the backup operator are:
+<DL>
+<P><DT><B><TT>Group id</TT>
+</B><DD>The dump's <I>group ID number</I>, which is recorded in the
+dump's Backup Database record if the <B>GROUPID</B> instruction
+appears in the Tape Coordinator's <B>
+/usr/afs/backup/CFG_</B><VAR>tcid</VAR> file when the dump is created.
+<P><DT><B><TT>maxTapes</TT>
+</B><DD>The number of tapes that contain the dump set to which this dump
+belongs.
+<P><DT><B><TT>Start Tape Seq</TT>
+</B><DD>The ordinal of the tape on which this dump begins in the set of tapes that
+contain the dump set.
+</DL>
+<P><LI>For each tape that contains data from this dump, there follows a section
+headed by the underlined string <TT>Tape</TT>. The fields labeled
+<TT>name</TT>, <TT>written</TT>, and <TT>nVolumes</TT> report the same
+values (though in a different order) as appear on the second and third lines
+of output when the <B>-id</B> argument is provided by itself. Other
+fields of potential interest to the backup operator are:
+<DL>
+<P><DT><B><TT>expires</TT>
+</B><DD>The date and time when this tape can be recycled, because all dumps it
+contains have expired.
+<P><DT><B><TT>nMBytes Data</TT> and <TT>nBytes Data</TT>
+</B><DD>Summed together, these fields represent the total amount of dumped data
+actually from volumes (as opposed to labels, filemarks, and other
+markers).
+<P><DT><B><TT>KBytes Tape Used</TT>
+</B><DD>The number of kilobytes of tape (or disk space, for a backup data file)
+used to store the dump data. It is generally larger than the sum of the
+values in the <TT>nMBytes Data</TT> and <TT>nBytes Data</TT> fields,
+because it includes the space required for the label, file marks and other
+markers, and because the Backup System writes data at 16 KB offsets, even if
+the data in a given block doesn't fill the entire 16 KB.
+</DL>
+<P><LI>For each volume on a given tape, there follows a section headed by the
+underlined string <TT>Volume</TT>. The fields labeled
+<TT>name</TT>, <TT>position</TT>, <TT>clone</TT>, and <TT>nBytes</TT>
+report the same values (though in a different order) as appear in the table
+that lists the volumes in each tape when the <B>-id</B> argument is
+provided by itself. Other fields of potential interest to the backup
+operator are:
+<DL>
+<P><DT><B><TT>id</TT>
+</B><DD>The volume ID.
+<P><DT><B><TT>tape</TT>
+</B><DD>The name of the tape containing this volume data.
+</DL>
+</UL>
+<P><STRONG>Examples</STRONG>
+<P>The following example displays information about the last five dumps:
+<P>The following example displays a more detailed record for a single
+dump.
+<PRE> % <B>backup dumpinfo -id 922097346</B>
+ Dump: id 922097346, level 0, volumes 1, created Mon Mar 22 05:09:06 1999
+ Tape: name monday.user.backup (922097346)
+ nVolumes 1, created 03/22/1999 05:09
+ Pos Clone time Nbytes Volume
+ 1 03/22/1999 04:43 27787914 user.pat.backup
+</PRE>
+<P>The following example displays even more detailed information about the
+dump displayed in the previous example (dump ID 922097346). This
+example includes only one exemplar of each type of section (<TT>Dump</TT>,
+<TT>Tape</TT>, and <TT>Volume</TT>):
+<PRE> % <B>backup dumpinfo -id 922097346 -verbose</B>
+ Dump
+ ----
+ id = 922097346
+ Initial id = 0
+ Appended id = 922099568
+ parent = 0
+ level = 0
+ flags = 0x0
+ volumeSet = user
+ dump path = /monday1
+ name = user.monday1
+ created = Mon Mar 22 05:09:06 1999
+ nVolumes = 1
+ Group id = 10
+ tapeServer =
+ format= user.monday1.%d
+ maxTapes = 1
+ Start Tape Seq = 1
+ name = pat
+ instance =
+ cell =
+ Tape
+ ----
+ tape name = monday.user.backup
+ AFS tape name = user.monday1.1
+ flags = 0x20
+ written = Mon Mar 22 05:09:06 1999
+ expires = NEVER
+ kBytes Tape Used = 121
+ nMBytes Data = 0
+ nBytes Data = 19092
+ nFiles = 0
+ nVolumes = 1
+ seq = 1
+ tapeid = 0
+ useCount = 1
+ dump = 922097346
+ Volume
+ ------
+ name = user.pat.backup
+ flags = 0x18
+ id = 536871640
+ server =
+ partition = 0
+ nFrags = 1
+ position = 2
+ clone = Mon Mar 22 04:43:06 1999
+ startByte = 0
+ nBytes = 19092
+ seq = 0
+ dump = 922097346
+ tape = user.monday1.1
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><B>backup</B>
+<P><B>backup deletedump</B>
+<P>
+<H3><A NAME="HDRBK_STATUS" HREF="aurns002.htm#ToC_52">backup status</A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Reports a Tape Coordinator's status
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>backup status</B> [<B>-portoffset</B> <<VAR>TC port offset</VAR>>]
+ [<B>-localauth</B>] [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-help</B>]
+
+<B>backup st</B> [<B>-p</B> <<VAR>TC port offset</VAR>>] [<B>-l</B>] [<B>-c</B> <<VAR>cell name</VAR>>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>backup status</B> command displays which operation, if any, the
+indicated Tape Coordinator is currently executing.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-portoffset
+</B><DD>Specifies the port offset number of the Tape Coordinator for which to
+report the status.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>backup</B> command
+interpreter presents it to the Backup Server, Volume Server and VL Server
+during mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument. For more details, see the introductory
+<B>backup</B> reference page.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>backup</B> reference page.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following message indicates that the Tape Coordinator is not currently
+performing an operation:
+<PRE> Tape coordinator is idle
+</PRE>
+<P>Otherwise, the output includes a message of the following format for each
+running or pending operation:
+<PRE> Task <VAR>task_ID</VAR>: <VAR>operation</VAR>: <VAR>status</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>task_ID</VAR>
+</B><DD>Is a task identification number assigned by the Tape Coordinator.
+It begins with the Tape Coordinator's port offset number.
+<P><DT><B><VAR>operation</VAR>
+</B><DD>Identifies the operation the Tape Coordinator is performing, which is
+initiated by the indicated command:
+<UL>
+<P><LI><TT>Dump</TT> (the <B>backup dump</B> command)
+<P><LI><TT>Restore</TT> (the <B>backup diskrestore</B>, <B>backup
+volrestore</B>, or <B>backup volsetrestore</B> commands)
+<P><LI><TT>Labeltape</TT> (the <B>backup labeltape</B> command)
+<P><LI><TT>Scantape</TT> (the <B>backup scantape</B> command)
+<P><LI><TT>SaveDb</TT> (the <B>backup savedb</B> command)
+<P><LI><TT>RestoreDb</TT> (the <B>backup restoredb</B> command)
+</UL>
+<P><DT><B><VAR>status</VAR>
+</B><DD>Indicates the job's current status in one of the following
+messages.
+<DL>
+<P><DT><B><VAR>number</VAR> <TT>Kbytes transferred, volume</TT> <VAR>volume_name</VAR>
+</B><DD>For a running dump operation, indicates the number of kilobytes copied to
+tape or a backup data file so far, and the volume currently being
+dumped.
+<P><DT><B><VAR>number</VAR> <TT>Kbytes, restore.volume</TT>
+</B><DD>For a running restore operation, indicates the number of kilobytes copied
+into AFS from a tape or a backup data file so far.
+<P><DT><B><TT>[abort requested]</TT>
+</B><DD>The <B>(backup) kill</B> command was issued, but the termination
+signal has yet to reach the Tape Coordinator.
+<P><DT><B><TT>[abort sent]</TT>
+</B><DD>The operation is canceled by the <B>(backup) kill</B> command.
+Once the Backup System removes an operation from the queue or stops it from
+running, it no longer appears at all in the output from the command.
+<P><DT><B><TT>[butc contact lost]</TT>
+</B><DD>The <B>backup</B> command interpreter cannot reach the Tape
+Coordinator. The message can mean either that the Tape Coordinator
+handling the operation was terminated or failed while the operation was
+running, or that the connection to the Tape Coordinator timed out.
+<P><DT><B><TT>[done]</TT>
+</B><DD>The Tape Coordinator has finished the operation.
+<P><DT><B><TT>[drive wait]</TT>
+</B><DD>The operation is waiting for the specified tape drive to become
+free.
+<P><DT><B><TT>[operator wait]</TT>
+</B><DD>The Tape Coordinator is waiting for the backup operator to insert a tape
+in the drive.
+</DL>
+</DL>
+<P>If the Tape Coordinator is communicating with an XBSA server (a third-party
+backup utility that implements the Open Group's Backup Service API
+[XBSA]), the following message appears last in the output:
+<PRE> <VAR>XBSA_program</VAR> Tape coordinator
+</PRE>
+<P>where <VAR>XBSA_program</VAR> is the name of the XBSA-compliant
+program.
+<P><STRONG>Examples</STRONG>
+<P>The following example shows that the Tape Coordinator with port offset 4
+has so far dumped about 1.5 MB of data for the current dump operation,
+and is currently dumping the volume named
+<B>user.pat.backup</B>:
+<PRE> % <B>backup status -portoffset 4</B>
+ Task 4001: Dump: 1520 Kbytes transferred, volume user.pat.backup
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+every machine where the Backup Server is running, or must be logged onto a
+server machine as the local superuser <B>root</B> if the
+<B>-localauth</B> flag is included.
+<P><STRONG>Related Information</STRONG>
+<P><B>backup</B>
+<P><B>butc</B>
+<P>
+<H3><A NAME="HDRVOS_DELENTRY" HREF="aurns002.htm#ToC_53">vos delentry</A></H3>
+<P><STRONG>Purpose</STRONG>
+<P>Removes a volume entry from the VLDB.
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>vos delentry</B> [<B>-id</B> <<VAR>volume name or ID</VAR>><SUP>+</SUP>]
+ [<B>-prefix</B> <<VAR>prefix of volume whose VLDB entry is to be deleted</VAR>>]
+ [<B>-server</B> <<VAR>machine name</VAR>>] [<B>-partition</B> <<VAR>partition name</VAR>>]
+ [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-noauth</B>] [<B>-localauth</B>] [<B>-verbose</B>] [<B>-help</B>]
+
+<B>vos de</B> [<B>-i</B> <<VAR>volume name or ID</VAR>><SUP>+</SUP>]
+ [<B>-pr</B> <<VAR>prefix of volume whose VLDB entry is to be deleted</VAR>>]
+ [<B>-s</B> <<VAR>machine name</VAR>>] [<B>-pa</B> <<VAR>partition name</VAR>>] [<B>-c</B> <<VAR>cell name</VAR>>]
+ [<B>-n</B>] [<B>-l</B>] [<B>-v</B>] [<B>-h</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>vos delentry</B> command removes the Volume Location Database
+(VLDB) entry for each specified volume. Specify one or more read/write
+volumes; specifying a read-only or backup volume results in an
+error. The command has no effect on the actual volumes on file server
+machines, if they exist.
+<P>This command is useful if a volume removal operation did not update the
+VLDB (perhaps because the <B>vos zap</B> command was used), but the system
+administrator does not feel it is necessary to use the <B>vos syncserv</B>
+and <B>vos syncvldb</B> commands to synchronize an entire file server
+machine.
+<P>To remove the VLDB entry for a single volume, use the <B> -id</B>
+argument. To remove groups of volumes, combine the <B> -prefix</B>,
+<B>-server</B>, and <B>-partition</B> arguments. The following
+list describes how to remove the VLDB entry for the indicated group of
+volumes:
+<UL>
+<P><LI>For every volume whose name begins with a certain character string (for
+example, <B>sys.</B> or <B>user.</B>): use the
+<B>-prefix</B> argument.
+<P><LI>Every volume for which the VLDB lists a site on a certain file server
+machine: specify the file server name with the <B>-server</B>
+argument.
+<P><LI>Every volume for which the VLDB lists a site on a partition of the same
+name (for instance, on the <B>/vicepa</B> partition on any file server
+machine): specify the partition name with the <B> -partition</B>
+argument.
+<P><LI>Every volume for which the VLDB lists a site one a specific partition of a
+file server machine: specify both the <B>-server</B> and
+<B>-partition</B> arguments.
+<P><LI>Every volume whose name begins with a certain prefix and for which the
+VLDB lists a site on a file server machine: combine the
+<B>-prefix</B> and <B>-server</B> arguments. Combine the
+<B>-prefix</B> argument with the <B>-partition</B> argument, or both
+the <B>-server</B> and <B>-partition</B> arguments, to remove a more
+specific group of volumes.
+</UL>
+<P><STRONG>Cautions</STRONG>
+<P>A single VLDB entry represents all versions of a volume (read/write,
+readonly, and backup). The command removes the entire entry even though
+only the read/write volume is specified.
+<P>Do not use this command to remove a volume in normal circumstances; it
+does not remove a volume from the file server machine, and so is likely to
+make the VLDB inconsistent with state of the volumes on server
+machines. Use the <B>vos remove</B> command to remove both the
+volume and its VLDB entry.
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-id
+</B><DD>Specifies the complete name or volume ID number of each read/write volume
+for which to remove the VLDB entry. The entire entry is removed.
+Provide this argument or some combination of the <B>-prefix</B>,
+<B>-server</B>, and <B>-partition</B> arguments.
+<P><DT><B>-prefix
+</B><DD>Specifies a character string of any length; the VLDB entry for a
+volume whose name begins with the string is removed. Include field
+separators (such as periods) if appropriate. Combine this argument with
+the <B>-server</B> argument, <B>-partition</B> argument, or
+both.
+<P><DT><B>-server
+</B><DD>Identifies a file server machine; if a volume's VLDB entry lists
+a site on the machine, the entry is removed. Provide the machine's
+IP address or its host name (either fully qualified or using an unambiguous
+abbreviation). For details, see the introductory reference page for the
+<B>vos</B> command suite.
+<P>Combine this argument with the <B>-prefix</B> argument, the
+<B>-partition</B> argument, or both.
+<P><DT><B>-partition
+</B><DD>Identifies a partition; if a volume's VLDB entry lists a site on
+the partition, the entry is removed. Provide the partition's
+complete name with preceding slash (for example, <B>/vicepa</B>) or use
+one of the three acceptable abbreviated forms. For details, see the
+introductory reference page for the <B>vos</B> command suite.
+<P>Combine this argument with the <B>-prefix</B> argument, the
+<B>-server</B> argument, or both.
+<P><DT><B>-cell
+</B><DD>Names the cell in which to run the command. Do not combine this
+argument with the <B>-localauth</B> flag. For more details, see the
+introductory <B>vos</B> reference page.
+<P><DT><B>-noauth
+</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
+issuer. Do not combine this flag with the <B>-localauth</B>
+flag. For more details, see the introductory <B>vos</B> reference
+page.
+<P><DT><B>-localauth
+</B><DD>Constructs a server ticket using a key from the local
+<B>/usr/afs/etc/KeyFile</B> file. The <B>vos</B> command
+interpreter presents it to the Volume Server and Volume Location Server during
+mutual authentication. Do not combine this flag with the
+<B>-cell</B> argument or <B>-noauth</B> flag. For more details,
+see the introductory <B>vos</B> reference page.
+<P><DT><B>-verbose
+</B><DD>Produces on the standard output stream a detailed trace of the
+command's execution. If this argument is omitted, only warnings
+and error messages appear.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>The following message confirms the success of the command by indicating how
+many VLDB entries were removed.
+<PRE> Deleted <VAR>number</VAR> VLDB entries
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following command removes the VLDB entry for the volume
+<B>user.temp</B>.
+<PRE> % <B>vos delentry user.temp</B>
+</PRE>
+<P>The following command removes the VLDB entry for every volume whose name
+begins with the string <B>test</B> and for which the VLDB lists a site on
+the file server machine <B>fs3.abc.com</B>.
+<PRE> % <B>vos delentry -prefix test -server fs3.abc.com</B>
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be listed in the <B>/usr/afs/etc/UserList</B> file on
+the machine specified with the <B>-server</B> argument and on each
+database server machine. If the <B>-localauth</B> flag is included,
+the issuer must instead be logged on to a server machine as the local
+superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><B>vos</B>
+<P><B>vos remove</B>
+<P><B>vos syncserv</B>
+<P><B>vos syncvldb</B>
+<P><B>vos zap</B>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="aurns002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="aurns003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P><HR>
+AFS<BR>
+User Guide<BR>
+<P>Version 3.6
+<P>Document Number GC09-4561-00
+<P>
+<BR>
+<P><B>First Edition (April 2000)</B>
+<P>This edition applies to:
+<DL COMPACT>
+<DD>IBM AFS for AIX, Version 3.6
+<DD>IBM AFS for Digital Unix, Version 3.6
+<DD>IBM AFS for HP-UX, Version 3.6
+<DD>IBM AFS for Linux, Version 3.6
+<DD>IBM AFS for SGI IRIX, Version 3.6
+<DD>IBM AFS for Solaris, Version 3.6
+</DL>
+<P>and to all subsequent releases and modifications until otherwise indicated
+in new editions.
+<P>This softcopy version is based on the printed edition of this book.
+Some formatting amendments have been made to make this information more
+suitable for softcopy.
+<P>Order publications through your IBM representative or through the IBM
+branch office serving your locality.
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Table of Contents]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg002.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<H2><A NAME="ToC">Table of Contents</A></H2>
+<P><B><A NAME="ToC_1" HREF="auusg003.htm#HDRWQ1">About This Guide</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_2" HREF="auusg003.htm#HDRPREFAUDPUR">Audience and Purpose</A>
+<LI><A NAME="ToC_3" HREF="auusg003.htm#HDRPREFORGAN">Document Organization</A>
+<LI><A NAME="ToC_4" HREF="auusg003.htm#HDRUSERFRONTHOWTO">How To Use This Document</A>
+<LI><A NAME="ToC_5" HREF="auusg003.htm#HDRPREFRELATE">Related Documents</A>
+<LI><A NAME="ToC_6" HREF="auusg003.htm#HDRTYPO_CONV">Typographical Conventions</A>
+</MENU>
+<P><B><A NAME="ToC_7" HREF="auusg004.htm#HDRWQ2">An Introduction to AFS</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_8" HREF="auusg004.htm#HDRWQ3">AFS Concepts</A>
+<MENU>
+<LI><A NAME="ToC_9" HREF="auusg004.htm#Header_9">Client/Server Computing</A>
+<LI><A NAME="ToC_10" HREF="auusg004.htm#Header_10">Distributed File Systems</A>
+<LI><A NAME="ToC_11" HREF="auusg004.htm#HDRWQ4">AFS Filespace and Local Filespace</A>
+<LI><A NAME="ToC_12" HREF="auusg004.htm#HDRWQ5">Cells and Sites</A>
+<LI><A NAME="ToC_13" HREF="auusg004.htm#HDRWQ6">Volumes and Mount Points</A>
+<LI><A NAME="ToC_14" HREF="auusg004.htm#HDRWQ7">Volume Quotas</A>
+</MENU>
+<LI><A NAME="ToC_15" HREF="auusg004.htm#HDRWQ8">Using Files in AFS</A>
+<MENU>
+<LI><A NAME="ToC_16" HREF="auusg004.htm#HDRWQ9">The Cache Manager</A>
+<LI><A NAME="ToC_17" HREF="auusg004.htm#HDRWQ10">Updating Copies of Cached Files</A>
+<LI><A NAME="ToC_18" HREF="auusg004.htm#Header_18">Multiple Users Modifying Files</A>
+</MENU>
+<LI><A NAME="ToC_19" HREF="auusg004.htm#HDRWQ11">AFS Security</A>
+<MENU>
+<LI><A NAME="ToC_20" HREF="auusg004.htm#HDRWQ12">Passwords and Mutual Authentication</A>
+<LI><A NAME="ToC_21" HREF="auusg004.htm#Header_21">Access Control Lists</A>
+</MENU>
+<LI><A NAME="ToC_22" HREF="auusg004.htm#HDRWQ13">Differences Between UNIX and AFS</A>
+<MENU>
+<LI><A NAME="ToC_23" HREF="auusg004.htm#HDRWQ14">File Sharing</A>
+<LI><A NAME="ToC_24" HREF="auusg004.htm#HDRWQ15">Login and Authentication</A>
+<LI><A NAME="ToC_25" HREF="auusg004.htm#HDRWQ16">File and Directory Protection</A>
+<LI><A NAME="ToC_26" HREF="auusg004.htm#HDRWQ17">Machine Outages</A>
+<LI><A NAME="ToC_27" HREF="auusg004.htm#HDRWQ18">Remote Commands</A>
+<LI><A NAME="ToC_28" HREF="auusg004.htm#Header_28">Differences in the Semantics of Standard UNIX Commands</A>
+</MENU>
+<LI><A NAME="ToC_29" HREF="auusg004.htm#HDRWQ19">Using AFS with NFS</A>
+</MENU>
+<P><B><A NAME="ToC_30" HREF="auusg005.htm#HDRWQ20">Using AFS</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_31" HREF="auusg005.htm#HDRWQ21">Logging in and Authenticating with AFS</A>
+<MENU>
+<LI><A NAME="ToC_32" HREF="auusg005.htm#HDRWQ22">Logging In</A>
+<LI><A NAME="ToC_33" HREF="auusg005.htm#Header_33">To Log In Using an AFS-modified Login Utility</A>
+<LI><A NAME="ToC_34" HREF="auusg005.htm#HDRWQ23">To Log In Using a Two-Step Login Procedure</A>
+<LI><A NAME="ToC_35" HREF="auusg005.htm#HDRWQ24">Authenticating with AFS</A>
+<LI><A NAME="ToC_42" HREF="auusg005.htm#HDRWQ29">To Authenticate with AFS</A>
+<LI><A NAME="ToC_43" HREF="auusg005.htm#HDRWQ30">To Display Your Tokens</A>
+<LI><A NAME="ToC_44" HREF="auusg005.htm#Header_44">Example: Authenticating in the Local Cell</A>
+<LI><A NAME="ToC_45" HREF="auusg005.htm#Header_45">Example: Authenticating as a Another User</A>
+<LI><A NAME="ToC_46" HREF="auusg005.htm#Header_46">Example: Authenticating in a Foreign Cell</A>
+<LI><A NAME="ToC_47" HREF="auusg005.htm#HDRWQ31">Limits on Failed Authentication Attempts</A>
+<LI><A NAME="ToC_48" HREF="auusg005.htm#HDRWQ32">To Display Your Failed Authentication Limit and Lockout Time</A>
+</MENU>
+<LI><A NAME="ToC_49" HREF="auusg005.htm#HDRWQ33">Exiting an AFS Session</A>
+<MENU>
+<LI><A NAME="ToC_50" HREF="auusg005.htm#Header_50">To Discard Tokens</A>
+<LI><A NAME="ToC_51" HREF="auusg005.htm#Header_51">Example: Unauthenticating from a Specific Cell</A>
+<LI><A NAME="ToC_52" HREF="auusg005.htm#Header_52">To Log Out</A>
+</MENU>
+<LI><A NAME="ToC_53" HREF="auusg005.htm#HDRWQ34">Accessing the AFS Filespace</A>
+<MENU>
+<LI><A NAME="ToC_54" HREF="auusg005.htm#Header_54">AFS Pathnames</A>
+<LI><A NAME="ToC_55" HREF="auusg005.htm#Header_55">Example: Displaying the Contents of Another User's Directory</A>
+<LI><A NAME="ToC_56" HREF="auusg005.htm#HDRWQ35">Accessing Foreign Cells</A>
+</MENU>
+<LI><A NAME="ToC_57" HREF="auusg005.htm#HDRWQ36">Changing Your Password</A>
+<MENU>
+<LI><A NAME="ToC_58" HREF="auusg005.htm#HDRWQ37">To Display Password Expiration Date and Reuse Policy</A>
+<LI><A NAME="ToC_59" HREF="auusg005.htm#Header_59">To Change Your AFS Password</A>
+<LI><A NAME="ToC_60" HREF="auusg005.htm#Header_60">To Change Your UNIX Password</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_61" HREF="auusg006.htm#HDRWQ38">Displaying Information about AFS</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_62" HREF="auusg006.htm#HDRWQ39">Displaying Volume Quota</A>
+<MENU>
+<LI><A NAME="ToC_63" HREF="auusg006.htm#Header_63">To Display Percentage of Quota Used</A>
+<LI><A NAME="ToC_64" HREF="auusg006.htm#Header_64">Example: Displaying Percentage of Quota Used</A>
+<LI><A NAME="ToC_65" HREF="auusg006.htm#Header_65">To Display Quota and Other Information about a Volume</A>
+<LI><A NAME="ToC_66" HREF="auusg006.htm#Header_66">Example: Display Quota and Other Information about a Volume</A>
+<LI><A NAME="ToC_67" HREF="auusg006.htm#Header_67">To Display Quota and Other Information about a Volume and Partition</A>
+<LI><A NAME="ToC_68" HREF="auusg006.htm#Header_68">Example: Displaying Quota and Other Information about a Volume and Partition</A>
+</MENU>
+<LI><A NAME="ToC_69" HREF="auusg006.htm#HDRWQ40">Locating Files and Directories</A>
+<MENU>
+<LI><A NAME="ToC_70" HREF="auusg006.htm#Header_70">To Display a File or Directory's Location</A>
+<LI><A NAME="ToC_71" HREF="auusg006.htm#Header_71">Example: Displaying Directory Location</A>
+</MENU>
+<LI><A NAME="ToC_72" HREF="auusg006.htm#HDRWQ41">Checking the Status of Server Machines</A>
+<MENU>
+<LI><A NAME="ToC_73" HREF="auusg006.htm#Header_73">To Check File Server Machine Status</A>
+<LI><A NAME="ToC_74" HREF="auusg006.htm#Header_74">Example: Checking Server Machine Status</A>
+</MENU>
+<LI><A NAME="ToC_75" HREF="auusg006.htm#HDRWQ42">Determining Access to Foreign Cells</A>
+<MENU>
+<LI><A NAME="ToC_76" HREF="auusg006.htm#Header_76">To Display Foreign Cells</A>
+</MENU>
+<LI><A NAME="ToC_77" HREF="auusg006.htm#HDRWQ43">Displaying Server Preference Ranks</A>
+<MENU>
+<LI><A NAME="ToC_78" HREF="auusg006.htm#Header_78">To Display Server Preference Ranks</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_79" HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_80" HREF="auusg007.htm#HDRWQ45">Access Control Lists</A>
+<MENU>
+<LI><A NAME="ToC_81" HREF="auusg007.htm#Header_81">Directory Level Access Control</A>
+</MENU>
+<LI><A NAME="ToC_82" HREF="auusg007.htm#HDRWQ46">The AFS ACL Permissions</A>
+<MENU>
+<LI><A NAME="ToC_83" HREF="auusg007.htm#HDRWQ47">The Four Directory Permissions</A>
+<LI><A NAME="ToC_84" HREF="auusg007.htm#HDRWQ48">The Three File Permissions</A>
+<LI><A NAME="ToC_85" HREF="auusg007.htm#Header_85">The Eight Auxiliary Permissions</A>
+<LI><A NAME="ToC_86" HREF="auusg007.htm#Header_86">Shorthand Notation for Sets of Permissions</A>
+<LI><A NAME="ToC_87" HREF="auusg007.htm#HDRWQ49">About Normal and Negative Permissions</A>
+<LI><A NAME="ToC_88" HREF="auusg007.htm#Header_88">Setting DFS ACLs</A>
+</MENU>
+<LI><A NAME="ToC_89" HREF="auusg007.htm#HDRWQ50">Using the System Groups on ACLs</A>
+<MENU>
+<LI><A NAME="ToC_90" HREF="auusg007.htm#Header_90">Enabling Access to Subdirectories</A>
+<LI><A NAME="ToC_91" HREF="auusg007.htm#Header_91">Extending Access to Service Processes</A>
+<LI><A NAME="ToC_92" HREF="auusg007.htm#HDRWQ51">Extending Access to Users from Foreign Cells</A>
+</MENU>
+<LI><A NAME="ToC_93" HREF="auusg007.htm#HDRWQ52">Displaying an ACL</A>
+<MENU>
+<LI><A NAME="ToC_94" HREF="auusg007.htm#HDRWQ53">To display an ACL</A>
+<LI><A NAME="ToC_95" HREF="auusg007.htm#Header_95">Example: Displaying the ACL on One Directory</A>
+<LI><A NAME="ToC_96" HREF="auusg007.htm#Header_96">Example: Displaying the ACLs on Multiple Directories</A>
+</MENU>
+<LI><A NAME="ToC_97" HREF="auusg007.htm#HDRWQ54">Changing an ACL</A>
+<MENU>
+<LI><A NAME="ToC_98" HREF="auusg007.htm#HDRWQ55">To Add, Remove, or Edit Normal ACL Permissions</A>
+<LI><A NAME="ToC_99" HREF="auusg007.htm#Header_99">Example: Adding a Single ACL Entry</A>
+<LI><A NAME="ToC_100" HREF="auusg007.htm#Header_100">Example: Setting Several ACL Entries on One Directory</A>
+<LI><A NAME="ToC_101" HREF="auusg007.htm#HDRWQ56">To Add, Remove, or Edit Negative ACL Permissions</A>
+<LI><A NAME="ToC_102" HREF="auusg007.htm#Header_102">Example: Setting an Entry in the Negative Permissions Section</A>
+<LI><A NAME="ToC_103" HREF="auusg007.htm#Header_103">Example: Restoring Access by Removing an Entry from the Negative Permissions Section</A>
+</MENU>
+<LI><A NAME="ToC_104" HREF="auusg007.htm#HDRWQ57">Completely Replacing an ACL</A>
+<MENU>
+<LI><A NAME="ToC_105" HREF="auusg007.htm#Header_105">To Replace an ACL Completely</A>
+<LI><A NAME="ToC_106" HREF="auusg007.htm#Header_106">Example: Replacing an ACL</A>
+</MENU>
+<LI><A NAME="ToC_107" HREF="auusg007.htm#HDRWQ58">Copying ACLs Between Directories</A>
+<MENU>
+<LI><A NAME="ToC_108" HREF="auusg007.htm#Header_108">To Copy an ACL Between Directories</A>
+<LI><A NAME="ToC_109" HREF="auusg007.htm#Header_109">Example: Copying an ACL from One Directory to Another</A>
+</MENU>
+<LI><A NAME="ToC_110" HREF="auusg007.htm#HDRWQ59">How AFS Uses the UNIX Mode Bits</A>
+<MENU>
+<LI><A NAME="ToC_111" HREF="auusg007.htm#Header_111">Example: Disabling Write Access for a File</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_112" HREF="auusg008.htm#HDRWQ60">Using Groups</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_113" HREF="auusg008.htm#HDRWQ61">About Groups</A>
+<MENU>
+<LI><A NAME="ToC_114" HREF="auusg008.htm#HDRWQ62">Suggestions for Using Groups Effectively</A>
+<LI><A NAME="ToC_115" HREF="auusg008.htm#HDRWQ63">Group Names</A>
+<LI><A NAME="ToC_116" HREF="auusg008.htm#Header_116">Group-creation Quota</A>
+</MENU>
+<LI><A NAME="ToC_117" HREF="auusg008.htm#HDRWQ64">Displaying Group Information</A>
+<MENU>
+<LI><A NAME="ToC_118" HREF="auusg008.htm#HDRWQ65">To Display Group Membership</A>
+<LI><A NAME="ToC_119" HREF="auusg008.htm#Header_119">Example: Displaying the Members of a Group</A>
+<LI><A NAME="ToC_120" HREF="auusg008.htm#Header_120">Example: Displaying the Groups to Which a User Belongs</A>
+<LI><A NAME="ToC_121" HREF="auusg008.htm#HDRWQ66">To Display the Groups a User or Group Owns</A>
+<LI><A NAME="ToC_122" HREF="auusg008.htm#Header_122">Example: Displaying the Groups a Group Owns</A>
+<LI><A NAME="ToC_123" HREF="auusg008.htm#Header_123">Example: Displaying the Groups a User Owns</A>
+<LI><A NAME="ToC_124" HREF="auusg008.htm#HDRWQ67">To Display A Group Entry</A>
+<LI><A NAME="ToC_125" HREF="auusg008.htm#Header_125">Example: Listing Information about a Group</A>
+<LI><A NAME="ToC_126" HREF="auusg008.htm#Header_126">Example: Listing Group Information about a User</A>
+</MENU>
+<LI><A NAME="ToC_127" HREF="auusg008.htm#HDRWQ68">Creating Groups and Adding Members</A>
+<MENU>
+<LI><A NAME="ToC_128" HREF="auusg008.htm#HDRWQ69">To Create a Group</A>
+<LI><A NAME="ToC_129" HREF="auusg008.htm#Header_129">Example: Creating a Group</A>
+<LI><A NAME="ToC_130" HREF="auusg008.htm#HDRWQ70">To Add Members to a Group</A>
+<LI><A NAME="ToC_131" HREF="auusg008.htm#Header_131">Example: Adding Members to a Group</A>
+</MENU>
+<LI><A NAME="ToC_132" HREF="auusg008.htm#HDRWQ71">Removing Users from a Group and Deleting a Group</A>
+<MENU>
+<LI><A NAME="ToC_133" HREF="auusg008.htm#Header_133">To Remove Members from a Group</A>
+<LI><A NAME="ToC_134" HREF="auusg008.htm#Header_134">Example: Removing Group Members</A>
+<LI><A NAME="ToC_135" HREF="auusg008.htm#Header_135">To Delete a Group</A>
+<LI><A NAME="ToC_136" HREF="auusg008.htm#Header_136">Example: Deleting a Group</A>
+<LI><A NAME="ToC_137" HREF="auusg008.htm#Header_137">To Remove Obsolete ACL Entries</A>
+<LI><A NAME="ToC_138" HREF="auusg008.htm#Header_138">Example: Removing an Obsolete ACL Entry</A>
+</MENU>
+<LI><A NAME="ToC_139" HREF="auusg008.htm#HDRWQ72">Changing a Group's Owner or Name</A>
+<MENU>
+<LI><A NAME="ToC_140" HREF="auusg008.htm#HDRWQ73">To Change a Group's Owner</A>
+<LI><A NAME="ToC_141" HREF="auusg008.htm#Header_141">Example: Changing a Group's Owner to Another User</A>
+<LI><A NAME="ToC_142" HREF="auusg008.htm#Header_142">Example: Changing a Group's Owner to Itself</A>
+<LI><A NAME="ToC_143" HREF="auusg008.htm#Header_143">Example: Changing a Group's Owner to a Group</A>
+<LI><A NAME="ToC_144" HREF="auusg008.htm#Header_144">To Change a Group's Name</A>
+<LI><A NAME="ToC_145" HREF="auusg008.htm#Header_145">Example: Changing a Group's <VAR>group_name</VAR> Suffix</A>
+<LI><A NAME="ToC_146" HREF="auusg008.htm#Header_146">Example: Changing a Group's <VAR>owner_name</VAR> Prefix</A>
+</MENU>
+<LI><A NAME="ToC_147" HREF="auusg008.htm#HDRWQ74">Protecting Group-Related Information</A>
+<MENU>
+<LI><A NAME="ToC_148" HREF="auusg008.htm#HDRPRIVACY-FLAGS">Interpreting the Privacy Flags</A>
+<LI><A NAME="ToC_149" HREF="auusg008.htm#HDRWQ75">To Set a Group's Privacy Flags</A>
+<LI><A NAME="ToC_150" HREF="auusg008.htm#Header_150">Example: Setting a Group's Privacy Flags</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_151" HREF="auusg009.htm#HDRWQ76">Troubleshooting</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_152" HREF="auusg009.htm#HDRWQ77">Problem: Cannot Access, Copy, or Save File</A>
+<LI><A NAME="ToC_153" HREF="auusg009.htm#HDRWQ78">Problem: Accidentally Removed Your Entry from an ACL</A>
+<LI><A NAME="ToC_154" HREF="auusg009.htm#HDRWQ79">Error Message: "afs: Lost contact with fileserver"</A>
+<LI><A NAME="ToC_155" HREF="auusg009.htm#Header_155">Error Message: "<VAR>command</VAR>: Connection timed out"</A>
+<LI><A NAME="ToC_156" HREF="auusg009.htm#Header_156">Error Message: "fs: You don't have the required access rights on '<VAR>file</VAR>'"</A>
+<LI><A NAME="ToC_157" HREF="auusg009.htm#Header_157">Error Message: "afs: failed to store file"</A>
+</MENU>
+<P><B><A NAME="ToC_158" HREF="auusg010.htm#HDRWQ80">Appendix A. Using the NFS/AFS Translator</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_159" HREF="auusg010.htm#HDRWQ81">Requirements for Using the NFS/AFS Translator</A>
+<LI><A NAME="ToC_160" HREF="auusg010.htm#Header_160">Accessing AFS via the Translator</A>
+<MENU>
+<LI><A NAME="ToC_161" HREF="auusg010.htm#HDRWQ82">To Authenticate on a Supported Operating System</A>
+<LI><A NAME="ToC_162" HREF="auusg010.htm#HDRWQ83">To Authenticate on an Unsupported Operating System</A>
+</MENU>
+<LI><A NAME="ToC_163" HREF="auusg010.htm#HDRWQ84">Troubleshooting the NFS/AFS Translator</A>
+<MENU>
+<LI><A NAME="ToC_164" HREF="auusg010.htm#HDRWQ85">Your NFS Client Machine is Frozen</A>
+<LI><A NAME="ToC_165" HREF="auusg010.htm#Header_165">NFS/AFS Translator Reboots</A>
+<LI><A NAME="ToC_166" HREF="auusg010.htm#Header_166">System Error Messages</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_167" HREF="auusg011.htm#HDRWQ86">Appendix B. AFS Command Syntax and Online Help</A></B><BR>
+<MENU>
+<LI><A NAME="ToC_168" HREF="auusg011.htm#HDRWQ87">AFS Command Syntax</A>
+<MENU>
+<LI><A NAME="ToC_169" HREF="auusg011.htm#Header_169">Command Syntax Example</A>
+</MENU>
+<LI><A NAME="ToC_170" HREF="auusg011.htm#HDRWQ88">Rules for Using AFS Commands</A>
+<MENU>
+<LI><A NAME="ToC_171" HREF="auusg011.htm#Header_171">Spaces and Lines</A>
+<LI><A NAME="ToC_172" HREF="auusg011.htm#Header_172">Abbreviations and Aliases for Operation Codes</A>
+<LI><A NAME="ToC_173" HREF="auusg011.htm#Header_173">Omitting Argument Switches</A>
+<LI><A NAME="ToC_174" HREF="auusg011.htm#Header_174">Shortening Switches and Flags</A>
+<LI><A NAME="ToC_175" HREF="auusg011.htm#Header_175">Shortening Directory References</A>
+</MENU>
+<LI><A NAME="ToC_176" HREF="auusg011.htm#Header_176">Commonly Used fs and pts Commands</A>
+<MENU>
+<LI><A NAME="ToC_177" HREF="auusg011.htm#Header_177">About the fs Commands</A>
+<LI><A NAME="ToC_178" HREF="auusg011.htm#Header_178">About the pts Commands</A>
+</MENU>
+<LI><A NAME="ToC_179" HREF="auusg011.htm#HDRWQ89">Getting Help in AFS</A>
+<MENU>
+<LI><A NAME="ToC_180" HREF="auusg011.htm#Header_180">Displaying Command Syntax and Aliases</A>
+<LI><A NAME="ToC_181" HREF="auusg011.htm#Header_181">Displaying Operation Code Descriptions</A>
+</MENU></MENU>
+<P><B><A NAME="ToC_182" HREF="auusg012.htm#HDRWQ90">Appendix C. Glossary</A></B><BR>
+<P><B><A NAME="ToC_183" HREF="auusg013.htm#HDRINDEX">Index</A></B><BR>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg000.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg003.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRWQ1" HREF="auusg002.htm#ToC_1">About This Guide</A></H1>
+<P>This section describes the purpose, organization, and conventions of this
+document.
+<HR><H2><A NAME="HDRPREFAUDPUR" HREF="auusg002.htm#ToC_2">Audience and Purpose</A></H2>
+<P>This guide describes concepts and procedures for
+accessing information stored in the AFS filespace. It is intended for
+AFS users who are familiar with UNIX but not necessarily AFS.
+<P>The first chapter describes basic AFS concepts and guidelines for using it,
+and summarizes some of the differences between the UNIX file system and
+AFS. The remaining chapters explain how to perform basic AFS functions,
+including logging in, changing a password, listing information, protecting
+files, creating groups, and troubleshooting. Concepts important to a
+specific task or group of related tasks are presented in context, just prior
+to the procedures. Many examples are provided.
+<P>Instructions generally include only the commands and command options
+necessary for a specific task. For a complete list of AFS commands and
+description of all options available on every command, see the <I>IBM AFS
+Administration Reference</I>.
+<HR><H2><A NAME="HDRPREFORGAN" HREF="auusg002.htm#ToC_3">Document Organization</A></H2>
+<P>This document is divided into the following
+chapters.
+<P><A HREF="auusg004.htm#HDRWQ2">An Introduction to AFS</A> introduces the basic concepts and functions of AFS.
+To use AFS successfully, it is important to be familiar with the terms and
+concepts described in this chapter.
+<P><A HREF="auusg005.htm#HDRWQ20">Using AFS</A> describes how to use AFS's basic features: how to
+log in and authenticate, unlog, log out, access AFS files and directories in
+AFS, and change your password.
+<P><A HREF="auusg006.htm#HDRWQ38">Displaying Information about AFS</A> describes how to display information about AFS volume quota
+and location, file server machine status, and the foreign cells you can
+access.
+<P><A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A> describes how to protect your data using AFS access control
+lists (ACLs).
+<P><A HREF="auusg008.htm#HDRWQ60">Using Groups</A> describes how to create and manage groups.
+<P><A HREF="auusg009.htm#HDRWQ76">Troubleshooting</A> outlines step-by-step diagnostic and corrective steps for
+specific problems.
+<P><A HREF="auusg010.htm#HDRWQ80">Appendix A, Using the NFS/AFS Translator</A> describes how to use the NFS/AFS Translator to access the
+AFS filespace from an NFS client machine.
+<P><A HREF="auusg011.htm#HDRWQ86">Appendix B, AFS Command Syntax and Online Help</A> describes AFS command syntax and how to obtain online
+information about commands.
+<P><A HREF="auusg012.htm#HDRWQ90">Appendix C, Glossary</A> defines terms used in the <I>IBM AFS User
+Guide</I>.
+<HR><H2><A NAME="HDRUSERFRONTHOWTO" HREF="auusg002.htm#ToC_4">How To Use This Document</A></H2>
+<P>Before you begin using AFS, read <A HREF="auusg004.htm#HDRWQ2">An Introduction to AFS</A>. Next, follow the procedures
+outlined in <A HREF="auusg005.htm#HDRWQ20">Using AFS</A> to get started using AFS as an authenticated user. It
+describes how to access files in the AFS filespace and how to end an AFS
+session. Consult the other chapters as you need to perform the tasks
+they describe.
+<HR><H2><A NAME="HDRPREFRELATE" HREF="auusg002.htm#ToC_5">Related Documents</A></H2>
+<P>The AFS Documentation Kit also includes the following
+documents:
+<UL>
+<P><LI>The <I>IBM AFS Administration Reference</I> details the syntax of each
+AFS command and is intended for the experienced AFS administrator, programmer,
+or user. For each AFS command, the <I>IBM AFS Administration
+Reference</I> lists the command syntax, aliases and abbreviations,
+description, arguments, warnings, output, examples, and related topics.
+Commands are organized alphabetically.
+<P><LI>The <I>IBM AFS Administration Guide</I> describes concepts and
+procedures necessary for administering an AFS cell, as well as more extensive
+coverage of the topics in the <I>IBM AFS User Guide</I>.
+<P><LI>The <I>IBM AFS Quick Beginnings</I> provides instructions for
+installing AFS server and client machines.
+</UL>
+<HR><H2><A NAME="HDRTYPO_CONV" HREF="auusg002.htm#ToC_6">Typographical Conventions</A></H2>
+<P>This document uses the following typographical
+conventions:
+<UL>
+<P><LI>Command and option names appear in <B>bold type</B> in syntax
+definitions, examples, and running text. Names of directories, files,
+machines, partitions, volumes, and users also appear in <B>bold
+type</B>.
+<P><LI>Variable information appears in <I>italic type</I>. This
+includes user-supplied information on command lines and the parts of prompts
+that differ depending on who issues the command. New terms also appear
+in <I>italic type</I>.
+<P><LI>Examples of screen output and file contents appear in <TT>monospace
+type</TT>.
+</UL>
+<P>In addition, the following symbols appear in command syntax definitions,
+both in the documentation and in AFS online help statements. When
+issuing a command, do not type these symbols.
+<UL>
+<P><LI>Square brackets <B>[ ]</B> surround optional items.
+<P><LI>Angle brackets <B>< ></B> surround user-supplied values in AFS
+commands.
+<P><LI>A superscripted plus sign <B>+</B> follows an argument that accepts
+more than one value.
+<P><LI>The percent sign <TT>%</TT> represents the regular command shell
+prompt. Some operating systems possibly use a different character for
+this prompt.
+<P><LI>The number sign <TT>#</TT> represents the command shell prompt for the
+local superuser <B>root</B>. Some operating systems possibly use a
+different character for this prompt.
+<P><LI>The pipe symbol <B> |</B> in a command syntax statement separates
+mutually exclusive values for an argument.
+</UL>
+<P>For additional information on AFS commands, including a description of
+command string components, acceptable abbreviations and aliases, and how to
+get online help for commands, see <A HREF="auusg011.htm#HDRWQ86">Appendix B, AFS Command Syntax and Online Help</A>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg002.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg004.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ2" HREF="auusg002.htm#ToC_7">An Introduction to AFS</A></H1>
+<P>This chapter introduces basic AFS concepts and terms.
+It assumes that you are already familiar with standard UNIX commands, file
+protection, and pathname conventions.
+<HR><H2><A NAME="HDRWQ3" HREF="auusg002.htm#ToC_8">AFS Concepts</A></H2>
+<P>AFS makes it easy for people to work together on the same
+files, no matter where the files are located. AFS users do not have to
+know which machine is storing a file, and administrators can move files from
+machine to machine without interrupting user access. Users always
+identify a file by the same pathname and AFS finds the correct file
+automatically, just as happens in the local file system on a single
+machine. While AFS makes file sharing easy, it does not compromise the
+security of the shared files. It provides a sophisticated protection
+scheme.
+<A NAME="IDX747"></A>
+<A NAME="IDX748"></A>
+<P><H3><A NAME="Header_9" HREF="auusg002.htm#ToC_9">Client/Server Computing</A></H3>
+<P>AFS uses a <I>client/server computing</I> model. In
+client/server computing, there are two types of machines. <I>Server
+machines</I> store data and perform services for client machines.
+<I>Client machines</I> perform computations for users and access data and
+services provided by server machines. Some machines act as both clients
+and servers. In most cases, you work on a client machine, accessing
+files stored on a file server machine.
+<A NAME="IDX749"></A>
+<A NAME="IDX750"></A>
+<A NAME="IDX751"></A>
+<A NAME="IDX752"></A>
+<A NAME="IDX753"></A>
+<A NAME="IDX754"></A>
+<P><H3><A NAME="Header_10" HREF="auusg002.htm#ToC_10">Distributed File Systems</A></H3>
+<P>AFS is a <I>distributed file system</I> which joins together the
+file systems of multiple file server machines, making it as easy to access
+files stored on a remote file server machine as files stored on the local
+disk. A distributed file system has two main advantages over a
+conventional centralized file system:
+<A NAME="IDX755"></A>
+<UL>
+<P><LI>Increased availability: A copy of a popular file, such as the binary
+for an application program, can be stored on many file server machines.
+An outage on a single machine or even multiple machines does not necessarily
+make the file unavailable. Instead, user requests for the program are
+routed to accessible machines. With a centralized file system, the loss
+of the central file storage machine effectively shuts down the entire
+system.
+<P><LI>Increased efficiency: In a distributed file system, the work load is
+distributed over many smaller file server machines that tend to be more fully
+utilized than the larger (and usually more expensive) file storage machine of
+a centralized file system.
+</UL>
+<P>AFS hides its distributed nature, so working with AFS files looks and feels
+like working with files stored on your local machine, except that you can
+access many more files. And because AFS relies on the power of
+users' client machines for computation, increasing the number of AFS
+users does not slow AFS performance appreciably, making it a very efficient
+computing environment.
+<P><H3><A NAME="HDRWQ4" HREF="auusg002.htm#ToC_11">AFS Filespace and Local Filespace</A></H3>
+<A NAME="IDX756"></A>
+<P>AFS acts as an extension of your machine's local UNIX file
+system. Your system administrator creates a directory on the local disk
+of each AFS client machine to act as a gateway to AFS. By convention,
+this directory is called <B>/afs</B>, and it functions as the root of the
+<I>AFS filespace</I>.
+<A NAME="IDX757"></A>
+<A NAME="IDX758"></A>
+<A NAME="IDX759"></A>
+<P>Just like the UNIX file system, AFS uses a hierarchical file structure (a
+tree). Under the <B>/afs</B> root directory are subdirectories
+created by your system administrator, including your home directory.
+Other directories that are at the same level of the local file system as
+<B>/afs</B>, such as <B>/usr</B>, <B>/etc</B>, or <B>/bin</B>,
+can either be located on your local disk or be links to AFS
+directories. Files relevant only to the local machine are usually
+stored on the local machine. All other files can be stored in AFS,
+enabling many users to share them and freeing the local machine's disk
+space for other uses.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You can use AFS commands only on files in the AFS filespace or the local
+directories that are links to the AFS filespace.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ5" HREF="auusg002.htm#ToC_12">Cells and Sites</A></H3>
+<P>The <I>cell</I> is the administrative domain in
+AFS. Each cell's administrators determine how client machines are
+configured and how much storage space is available to each user. The
+organization corresponding to a cell can be a company, a university
+department, or any defined group of users. From a hardware perspective,
+a cell is a grouping of client machines and server machines defined to belong
+to the same cell.
+<A NAME="IDX760"></A>
+An AFS <I>site</I> is a grouping of one or more related cells. For
+example, the cells at the ABC Corporation form a single site.
+<A NAME="IDX761"></A>
+<P>By convention, the subdirectories of the <B>/afs</B> directory are
+cellular filespaces, each of which contains subdirectories and files that
+belong to a single cell. For example, directories and files relevant to
+the ABC Corporation cell are stored in the subdirectory
+<B>/afs/abc.com</B>.
+<P>While each cell organizes and maintains its own filespace, it can also
+connect with the filespace of other AFS cells. The result is a huge
+filespace that enables file sharing within and across cells.
+<A NAME="IDX762"></A>
+<P>The cell to which your client machine belongs is called your <I>local
+cell</I>. All other cells in the AFS filespace are termed
+<I>foreign cells</I>.
+<A NAME="IDX763"></A>
+<A NAME="IDX764"></A>
+<A NAME="IDX765"></A>
+<P><H3><A NAME="HDRWQ6" HREF="auusg002.htm#ToC_13">Volumes and Mount Points</A></H3>
+<P>The storage disks in a computer are divided into sections
+called <I>partitions</I>. AFS further divides partitions into units
+called <I>volumes</I>, each of which houses a subtree of related files and
+directories. The volume provides a convenient container for storing
+related files and directories. Your system administrators can move
+volumes from one file server machine to another without your noticing, because
+AFS automatically tracks a volume's location.
+<A NAME="IDX766"></A>
+<A NAME="IDX767"></A>
+<P>You access the contents of a volume by accessing its <I>mount point</I>
+in the AFS filespace. A mount point is a special file system element
+that looks and acts like a regular UNIX directory, but tells AFS the
+volume's name. When you change to a different directory (by using
+the <B>cd</B> command, for example) you sometimes <I>cross</I> a mount
+point and start accessing the contents of a different volume than
+before. You normally do not notice the crossing, however, because AFS
+automatically interprets mount points and retrieves the contents of the new
+directory from the appropriate volume. You do not need to track which
+volume, partition, or file server machine is housing a directory's
+contents. If you are interested, though, you can learn a volume's
+location; for instructions, see <A HREF="auusg006.htm#HDRWQ40">Locating Files and Directories</A>.
+<A NAME="IDX768"></A>
+<A NAME="IDX769"></A>
+<P>If your system administrator has followed the conventional practice, your
+home directory corresponds to one volume, which keeps its contents together on
+one partition of a file server machine. User volumes are typically
+named <B>user.</B><VAR>username</VAR>. For example, the volume
+for a user named <B>smith</B> in the cell <B>abc.com</B> is
+called <B>user.smith</B> and is mounted at the directory
+<B>/afs/abc.com/usr/smith</B>.
+<A NAME="IDX770"></A>
+<P>Because AFS volumes are stored on different file server machines, when a
+machine becomes unavailable only the volumes on that machine are
+inaccessible. Volumes stored on other machines are still
+accessible. However, if a volume's mount point resides in a volume
+that is stored on an unavailable machine, the former volume is also
+inaccessible. For that reason, volumes containing frequently used
+directories (for example, <B>/afs</B> and
+<B>/afs/</B><VAR>cellname</VAR>) are often copied and distributed to many
+file server machines.
+<P><H3><A NAME="HDRWQ7" HREF="auusg002.htm#ToC_14">Volume Quotas</A></H3>
+<A NAME="IDX771"></A>
+<P>Each volume has a size limit, or <I>quota</I>, assigned by the system
+administrator. A volume's quota determines the maximum amount of
+disk space the volume can consume. If you attempt to exceed a
+volume's quota, you receive an error message. For instructions on
+checking volume quota, see <A HREF="auusg006.htm#HDRWQ39">Displaying Volume Quota</A>.
+<P>Volumes have completely independent quotas. For example, say that
+the current working directory is <B>/afs/abc.com/usr/smith</B>,
+which is the mount point for the <B>user.smith</B> volume with 1000
+free blocks. You try to copy a 500 block file from the current working
+directory to the <B>/afs/abc.com/usr/pat</B> directory, the mount
+point for the volume <B>user.pat</B>. However, you get an
+error message saying there is not enough space. You check the volume
+quota for <B>user.pat</B>, and find that the volume only has 50
+free blocks.
+<HR><H2><A NAME="HDRWQ8" HREF="auusg002.htm#ToC_15">Using Files in AFS</A></H2>
+<P><H3><A NAME="HDRWQ9" HREF="auusg002.htm#ToC_16">The Cache Manager</A></H3>
+<P>You can access the AFS filespace only when working on an AFS
+client machine. The <I>Cache Manager</I> on that machine is your
+agent in accessing information stored in the AFS filespace. When you
+access a file, the Cache Manager on your client machine requests the file from
+the appropriate file server machine and stores (<I>caches</I>) a copy of
+it on your client machine's local disk. Application programs on
+your client machine use the local, cached copy of the file. This
+improves performance because it is much faster to use a local file than to
+send requests for file data across the network to the file server
+machine.
+<A NAME="IDX772"></A>
+<A NAME="IDX773"></A>
+<A NAME="IDX774"></A>
+<A NAME="IDX775"></A>
+<P>Because application programs use the cached copy of a file, any changes you
+make are not necessarily stored permanently to the central version stored on
+the file server machine until the file closes. At that point, the Cache
+Manager writes your changes back to the file server machine, where they
+replace the corresponding parts of the existing file. Some application
+programs close a file in this way each time you issue their <B>save</B>
+command (and then immediately reopen the file so that you can continue
+working). With other programs, issuing the <B>save</B> command
+writes the changes only to the local cached copy. If you use the latter
+type of text editor, you need to close the file periodically to make sure your
+changes are stored permanently.
+<P>If a file server machine becomes inaccessible, you can continue working
+with the local, cached copy of a file fetched from that machine, but you
+cannot save your changes permanently until the server machine is again
+accessible.
+<P><H3><A NAME="HDRWQ10" HREF="auusg002.htm#ToC_17">Updating Copies of Cached Files</A></H3>
+<A NAME="IDX776"></A>
+<A NAME="IDX777"></A>
+<P>When the central version of a file changes on the file server machine, the
+AFS <I>File Server</I> process running on that machine advises all other
+Cache Managers with copies of that file that their version is no longer
+valid. AFS has a special mechanism for performing these notifications
+efficiently. When the File Server sends the Cache Manager a copy of a
+modifiable file, it also sends a <I>callback</I>. A callback
+functions as a promise from the File Server to contact the Cache Manager if
+the centrally stored copy of the file is changed while it is being
+used. If that happens, the File Server <I>breaks</I> the
+callback. If you run a program that requests data from the changed
+file, the Cache Manager notices the broken callback and gets an updated copy
+of the file from the File Server. Callbacks ensure that you are working
+with the most recent copy of a file.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The callback mechanism does not guarantee that you immediately see the
+changes someone else makes to a file you are using. Your Cache Manager
+does not notice the broken callback until your application program asks it for
+more data from the file.
+</TD></TR></TABLE>
+<P><H3><A NAME="Header_18" HREF="auusg002.htm#ToC_18">Multiple Users Modifying Files</A></H3>
+<A NAME="IDX778"></A>
+<A NAME="IDX779"></A>
+<P>Like a standard UNIX file system, AFS preserves only the changes to a file
+that are saved last, regardless of who made the changes. When
+collaborating with someone on the same files, you must coordinate your work to
+avoid overwriting each other's changes. You can use AFS access
+control lists (ACLs) to limit the ability of other users to access or change
+your files, and so prevent them from accidentally overwriting your
+files. See <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>.
+<HR><H2><A NAME="HDRWQ11" HREF="auusg002.htm#ToC_19">AFS Security</A></H2>
+<A NAME="IDX780"></A>
+<A NAME="IDX781"></A>
+<P>AFS makes it easy for many users to access the same files, but also uses
+several mechanisms to ensure that only authorized users access the AFS
+filespace. The mechanisms include the following:
+<UL>
+<P><LI>Passwords and mutual authentication ensure that only authorized users
+access AFS filespace
+<P><LI>Access control lists enable users to restrict or permit access to their
+own directories
+</UL>
+<P><H3><A NAME="HDRWQ12" HREF="auusg002.htm#ToC_20">Passwords and Mutual Authentication</A></H3>
+<A NAME="IDX782"></A>
+<A NAME="IDX783"></A>
+<A NAME="IDX784"></A>
+<P>AFS uses two related mechanisms to ensure that only authorized users access
+the filespace: passwords and mutual authentication. Both
+mechanisms require that a user prove his or her identity.
+<P>When you first identify yourself to AFS, you must provide the password
+associated with your username, to prove that you are who you say you
+are. When you provide the correct password, you become
+<I>authenticated</I> and your Cache Manager receives a
+<I>token</I>. A token is a package of information that is scrambled
+by an AFS authentication program using your AFS password as a key. Your
+Cache Manager can unscramble the token because it knows your password and
+AFS's method of scrambling.
+<A NAME="IDX785"></A>
+<A NAME="IDX786"></A>
+<P>The token acts as proof to AFS server programs that you are authenticated
+as a valid AFS user. It serves as the basis for the second means
+through which AFS creates security, called <I>mutual
+authentication</I>. Under mutual authentication, both parties
+communicating across the network prove their identities to one another.
+AFS requires mutual authentication whenever a server and client (most often, a
+Cache Manager) communicate with each other.
+<P>The mutual authentication protocol that AFS uses is designed to make it
+very difficult for people to authenticate fraudulently. When your Cache
+Manager contacts a File Server on your behalf, it sends the token you obtained
+when you authenticated. The token is encrypted with a key that only an
+AFS File Server can know. If the File Server can decrypt your token, it
+can communicate with your Cache Manager. In turn, the Cache Manager
+accepts the File Server as genuine because the File Server can decrypt and use
+the information in the token.
+<A NAME="IDX787"></A>
+<P><H3><A NAME="Header_21" HREF="auusg002.htm#ToC_21">Access Control Lists</A></H3>
+<A NAME="IDX788"></A>
+<P>AFS uses <I>access control lists</I> (<I>ACLs</I>) to determine who
+can access the information in the AFS filespace. Each AFS directory has
+an ACL to specify what actions different users can perform on that directory
+and its files. An ACL can contain up to about 20 entries for users,
+groups, or both; each entry lists a user or group and the permissions it
+possesses.
+<P>The owner of a directory and system administrators can always administer an
+ACL. Users automatically own their home directories and
+subdirectories. Other non-owner users can define a directory's ACL
+only if specifically granted that permission on the ACL. For more
+information on ACLs, see <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>
+.
+<P>A group is composed of one or more users and client machines. If a
+user belongs to a group that appears on an ACL, the user gets all of the
+permissions granted to that group, just as if the user were listed directly on
+the ACL. Similarly, if a user is logged into a client machine that
+belongs to a group, the user has all of the permissions granted to that
+group. For instructions on defining and using groups, see <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>.
+<P>All users who can access your cell's filespace, authenticated or not,
+are automatically assigned to a group called
+<B>system:anyuser</B>. For a discussion of placing the
+<B>system:anyuser</B> group on ACLs, see <A HREF="auusg007.htm#HDRWQ51">Extending Access to Users from Foreign Cells</A>.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">You can use the UNIX mode bits to control access on specific files within an
+AFS directory; however, the effect of these mode bits is different under
+AFS than in the standard UNIX file system. See <A HREF="#HDRWQ16">File and Directory Protection</A>.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ13" HREF="auusg002.htm#ToC_22">Differences Between UNIX and AFS</A></H2>
+<P>AFS is designed to be similar to the UNIX file system.
+For instance, many of the basic UNIX file manipulation commands (<B>cp</B>
+for copy, <B>rm</B> for remove, and so on) are the same in AFS as they are
+as in UNIX. All of your application programs work as they did
+before. The following sections describe some of the differences between
+a standard UNIX file system and AFS.
+<P><H3><A NAME="HDRWQ14" HREF="auusg002.htm#ToC_23">File Sharing</A></H3>
+<A NAME="IDX789"></A>
+<A NAME="IDX790"></A>
+<A NAME="IDX791"></A>
+<P>AFS enables users to share remote files as easily as local files. To
+access a file on a remote machine in AFS, you simply specify the file's
+pathname. In contrast, to access a file in a remote machine's UNIX
+file system, you must log into the remote machine or create a mount point on
+the local machine that points to a directory in the remote machine's UNIX
+file system.
+<P>AFS users can see and share all the files under the <B>/afs</B> root
+directory, given the appropriate privileges. An AFS user who has the
+necessary privileges can access a file in any AFS cell, simply by specifying
+the file's pathname. File sharing in AFS is not restricted by
+geographical distances or operating system differences.
+<P><H3><A NAME="HDRWQ15" HREF="auusg002.htm#ToC_24">Login and Authentication</A></H3>
+<A NAME="IDX792"></A>
+<P>To become an authenticated AFS user, you need to provide a password to
+AFS.
+<UL>
+<P><LI>On machines that use an AFS-modified login utility, logging in is a
+one-step process; your initial login automatically authenticates you with
+AFS.
+<P><LI>On machines that do not use an AFS-modified login utility, you must
+perform two steps.
+<OL TYPE=1>
+<P><LI>Log in to your local machine.
+<P><LI>Issue the <B>klog</B> command with the <B>-setpag</B> argument to
+authenticate with AFS and get your token.
+</OL>
+</UL>
+<P>Your system administrator can tell you whether your machine uses an
+AFS-modified login utility or not. Then see the login instructions in <A HREF="auusg005.htm#HDRWQ21">Logging in and Authenticating with AFS</A>.
+<P>AFS authentication passwords are stored in special AFS database, rather
+than in the local password file (<B>/etc/passwd</B> or equivalent).
+If your machine uses an AFS-modified login utility, you can change your
+password with a single command. If your machine does not use an
+AFS-modified login utility, you must issue separate commands to change your
+AFS and local passwords. See <A HREF="auusg005.htm#HDRWQ36">Changing Your Password</A>.
+<A NAME="IDX793"></A>
+<A NAME="IDX794"></A>
+<A NAME="IDX795"></A>
+<P><H3><A NAME="HDRWQ16" HREF="auusg002.htm#ToC_25">File and Directory Protection</A></H3>
+<A NAME="IDX796"></A>
+<A NAME="IDX797"></A>
+<P>AFS does not rely on the mode bit protections of a standard UNIX system
+(though its protection system does interact with these mode bits).
+Instead, AFS uses an access control list (ACL) to control access to each
+directory and its contents. The following list summarizes the
+differences between the two methods:
+<UL>
+<P><LI>UNIX mode bits specify three types of access permissions:
+<B>r</B> (<B>read</B>), <B>w</B> (<B>write</B>), and
+<B>x</B> (<B>execute</B>). An AFS ACL uses seven types of
+permissions: <B>r</B> (<B>read</B>), <B>l</B>
+(<B>lookup</B>), <B>i</B> (<B>insert</B>), <B>d</B>
+(<B>delete</B>), <B>w</B> (<B>write</B>), <B>k</B>
+(<B>lock</B>), and <B>a</B> (<B>administer</B>). For more
+information, see <A HREF="auusg007.htm#HDRWQ46">The AFS ACL Permissions</A> and <A HREF="auusg007.htm#HDRWQ59">How AFS Uses the UNIX Mode Bits</A>.
+<P><LI>The three sets of mode bits on each UNIX file or directory enable you to
+grant permissions to three users or groups of users: the file or
+directory's owner, the group that owns the file or directory, and all
+other users. An ACL can accommodate up to about 20 entries, each of
+which extends certain permissions to a user or group. Unlike standard
+UNIX, a user can belong to an unlimited number of groups, and groups can be
+defined by both users and system administrators. See <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>.
+<P><LI>UNIX mode bits are set individually on each file and directory. An
+ACL applies to all of the files in a directory. While at first glance
+the AFS method possibly seems less precise, in actuality (given a proper
+directory structure) there are no major disadvantages to directory-level
+protections and they are easier to establish and maintain.
+</UL>
+<P><H3><A NAME="HDRWQ17" HREF="auusg002.htm#ToC_26">Machine Outages</A></H3>
+<P>The kinds of failures you experience when a standard UNIX
+file system goes down are different than when one or more individual AFS file
+server machines become unavailable. When a standard UNIX file system is
+inaccessible, the system simply locks up and you can lose changes to any files
+with which you were working.
+<P>When an AFS file server machine becomes inaccessible, you cannot access the
+files on that machine. If a copy of the file is available from another
+file server machine, however, you do not necessarily even notice the server
+outage. This is because AFS gives your cell's system
+administrators the ability to store copies of popular programs on multiple
+file servers. The Cache Manager chooses between the copies
+automatically; when one copy becomes unavailable, the Cache Manager
+simply chooses another.
+<P>If there are no other copies of a file that is stored on an inaccessible
+server machine, you can usually continue to use the copy stored in your client
+machine's local AFS cache. However, you cannot save changes to
+files stored on an inaccessible file server machine until it is accessible
+again.
+<P><H3><A NAME="HDRWQ18" HREF="auusg002.htm#ToC_27">Remote Commands</A></H3>
+<P>
+<A NAME="IDX798"></A>
+<A NAME="IDX799"></A>
+<A NAME="IDX800"></A>
+<A NAME="IDX801"></A>
+<A NAME="IDX802"></A>
+<A NAME="IDX803"></A>
+<A NAME="IDX804"></A>
+<A NAME="IDX805"></A>
+The UNIX <I>remote commands</I> enable you to run programs on a remote
+machine without establishing a connection to it by using a program such as
+<B>telnet</B>. Many of the remote commands (such as <B>ftp</B>,
+<B>rcp</B>, and <B>rsh</B>) remain available in AFS, depending on how
+your administrators have configured them. If the remote machine has a
+Cache Manager, your token is used there also and you are authenticated while
+the remote command runs. If the remote machine does not run a Cache
+Manager, you receive the following message:
+<PRE> Warning: unable to authenticate.
+</PRE>
+<P>In this case, you are logged into the remote machine's UNIX file
+system, but you are not authenticated to AFS. You can access the local
+files on the remote machine and the AFS directories that grant access to the
+<B>system:anyuser</B> group, but you cannot access protected AFS
+directories.
+<P><H3><A NAME="Header_28" HREF="auusg002.htm#ToC_28">Differences in the Semantics of Standard UNIX Commands</A></H3>
+<P>This section summarizes differences in the functionality of some
+commonly issued UNIX commands.
+<DL>
+<P><DT><B>chmod
+<A NAME="IDX806"></A>
+<A NAME="IDX807"></A>
+</B><DD>Only members of the <B>system:administrators</B> group can use
+this command to turn on the setuid, setgid or sticky mode bits on AFS
+files. (For more information about this group, see <A HREF="auusg007.htm#HDRWQ50">Using the System Groups on ACLs</A>.)
+<P><DT><B>chown
+<A NAME="IDX808"></A>
+<A NAME="IDX809"></A>
+</B><DD>Only members of the <B>system:administrators</B> group can issue
+this command on AFS files.
+<P><DT><B>chgrp
+<A NAME="IDX810"></A>
+<A NAME="IDX811"></A>
+</B><DD>Only members of the <B>system:administrators</B> group can issue
+this command on AFS files and directories.
+<P><DT><B>groups
+<A NAME="IDX812"></A>
+<A NAME="IDX813"></A>
+</B><DD>If the user's AFS tokens are identified by a process authentication
+group (PAG), the output of this command includes two large numbers. For
+a description of PAGs, see <A HREF="auusg005.htm#HDRWQ24">Authenticating with AFS</A>.
+<P><DT><B>inetd
+<A NAME="IDX814"></A>
+<A NAME="IDX815"></A>
+</B><DD>The AFS version of this daemon authenticates remote issuers of the
+AFS-modified <B>rcp</B> and <B>rsh</B> commands with AFS.
+<P><DT><B>login utilities
+<A NAME="IDX816"></A>
+</B><DD>AFS-modified login utilities both log you into the local UNIX file system
+and authenticate you with AFS.
+<P><DT><B>ln
+<A NAME="IDX817"></A>
+<A NAME="IDX818"></A>
+</B><DD>You cannot use this command to create a hard link between files that
+reside in different AFS directories. You must add the <B>-s</B>
+option to create a symbolic link instead.
+</DL>
+<HR><H2><A NAME="HDRWQ19" HREF="auusg002.htm#ToC_29">Using AFS with NFS</A></H2>
+<P>Some cells use the Networking File System (NFS) in addition
+to AFS. If you work on an NFS client machine, your system administrator
+can configure it to access the AFS filespace through a program called the
+<I>NFS/AFS Translator</I><SUP>TM</SUP>. See <A HREF="auusg010.htm#HDRWQ80">Appendix A, Using the NFS/AFS Translator</A>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg003.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg005.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ20" HREF="auusg002.htm#ToC_30">Using AFS</A></H1>
+<P>This chapter explains how to perform four basic AFS
+tasks: logging in and authenticating with AFS, ending an AFS session,
+accessing the AFS filespace, and changing your password.
+<HR><H2><A NAME="HDRWQ21" HREF="auusg002.htm#ToC_31">Logging in and Authenticating with AFS</A></H2>
+<P>To access the AFS filespace as an authenticated user, you
+must both log into an AFS client machine's local (UNIX) file system and
+authenticate with AFS. When you log in, you establish your local system
+identity. When you authenticate, you prove your identity to AFS and
+obtain a token, which your Cache Manager uses to prove your authenticated
+status to the AFS server processes it contacts on your behalf. Users
+who are not authenticated (who do not have a token) have limited access to AFS
+directories and files.
+<P><H3><A NAME="HDRWQ22" HREF="auusg002.htm#ToC_32">Logging In</A></H3>
+<A NAME="IDX819"></A>
+<A NAME="IDX820"></A>
+<A NAME="IDX821"></A>
+<P>On machines that use an AFS-modified login utility, you log in and
+authenticate in one step. On machines that do not use an AFS-modified
+login utility, you log in and authenticate in separate steps. To
+determine which type of login utility your machine uses, you can check for AFS
+tokens after logging in, or ask your system administrator, who can also tell
+you about any differences between your login procedure and the two methods
+described here.
+<P><H3><A NAME="Header_33" HREF="auusg002.htm#ToC_33">To Log In Using an AFS-modified Login Utility</A></H3>
+<P>Provide your username at the <TT>login:</TT> prompt that
+appears when you establish a new connection to a machine. Then provide
+your password at the <TT>Password:</TT> prompt as shown in the
+following example. (Your password does not echo visibly on the
+screen.)
+<PRE> login: <VAR>username</VAR>
+ Password: <VAR>password</VAR>
+</PRE>
+<P>If you are not sure which type of login utility is running on your machine,
+it is best to issue the <B>tokens</B> command to check if you are
+authenticated; for instructions, see <A HREF="#HDRWQ30">To Display Your Tokens</A>. If you do not have tokens, issue the <B>klog</B>
+command as described in <A HREF="#HDRWQ29">To Authenticate with AFS</A>.
+<P><H3><A NAME="HDRWQ23" HREF="auusg002.htm#ToC_34">To Log In Using a Two-Step Login Procedure</A></H3>
+<P>If your machine does not use an AFS-modified login utility,
+you must perform a two-step procedure:
+<OL TYPE=1>
+<P><LI>Log in to your client machine's local file system by providing a user
+name and password at the <B>login</B> program's prompts.
+<P><LI>Issue the <B>klog</B> command to authenticate with AFS. Include
+the command's <B>-setpag</B> argument to associate your token with a
+special identification number called a <I>PAG</I> (for <I>process
+authentication group</I>). For a description of PAGs, see <A HREF="#HDRWQ25">Protecting Your Tokens with a PAG</A>.
+<PRE>
+ % <B>klog -setpag</B>
+ Password: <VAR>your_AFS_password</VAR>
+</PRE>
+</OL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If your machine uses a two-step login procedure, you can choose to use
+different passwords for logging in and authenticating. It is simplest
+to use the same one for both, though. Talk with your system
+administrator.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ24" HREF="auusg002.htm#ToC_35">Authenticating with AFS</A></H3>
+<P>To work most effectively in the AFS filespace, you must
+authenticate with AFS. When you do, your Cache Manager is given a token
+as proof of your authenticated status. It uses your token when
+requesting services from AFS servers, which accept the token as proof of your
+authenticated status. If you do not have a token, AFS servers consider
+you to be the <B>anonymous</B> user and your access to AFS filespace is
+limited: you have only the ACL permissions granted to the
+<B>system:anyuser</B> group.
+<A NAME="IDX822"></A>
+<A NAME="IDX823"></A>
+<A NAME="IDX824"></A>
+<P>You can obtain new tokens (reauthenticate) at any time, even after using an
+AFS-modified login utility, which logs you in and authenticates you in one
+step. Issue the <B>klog</B> command as described in <A HREF="#HDRWQ29">To Authenticate with AFS</A>.
+<P><H4><A NAME="HDRWQ25">Protecting Your Tokens with a PAG</A></H4>
+<P>To make your access to AFS as secure as possible, it is best
+to associate your tokens with a unique identification number called a
+<I>PAG</I> (for <I>process authentication group</I>).
+<A NAME="IDX825"></A>
+<A NAME="IDX826"></A>
+<A NAME="IDX827"></A>
+AFS-modified login utilities automatically create a PAG and associate the new
+token with it. To create a PAG when you use the two-step login
+procedure, include the <B>klog</B> command's <B>-setpag</B>
+flag. If you do not use this flag, your tokens are associated with your
+UNIX UID number instead. This type of association has two potential
+drawbacks:
+<UL>
+<P><LI>Anyone who can assume your local UNIX identity can use your tokens.
+The local superuser <B>root</B> can always use the UNIX <B>su</B>
+command to assume your UNIX UID, even without knowing your password.
+<P><LI>In some environments, certain programs cannot use your tokens even when it
+is appropriate for them to do so. For example, printing commands such
+as <B>lp</B> or <B>lpr</B> possibly cannot access the files you want
+to print, because they cannot use your tokens.
+</UL>
+<P><H4><A NAME="HDRWQ26">Obtaining Tokens For Foreign Cells</A></H4>
+<A NAME="IDX828"></A>
+<P>A token is valid only in one cell (the cell whose AFS authentication
+service issued it). The AFS server processes in any other cell consider
+you to be the <B>anonymous</B> user unless you have an account in the cell
+and authenticate with its AFS authentication service.
+<P>To obtain tokens in a foreign cell, use the <B>-cell</B> argument to
+the <B>klog</B> command. You can have tokens for your home cell and
+one or more foreign cells at the same time.
+<P><H4><A NAME="HDRWQ27">The One-Token-Per-Cell Rule</A></H4>
+<P>You can have only one token per cell for each PAG you have
+obtained on a client machine. If you already have a token for a
+particular cell and issue the <B>klog</B> command, the new token
+overwrites the existing one. Getting a new token is useful if your
+current token is almost expired but you want to continue accessing AFS
+files. For a discussion of token expiration, see <A HREF="#HDRWQ28">Token Lifetime</A>.
+<P>To obtain a second token for the same cell, you must either login on a
+different machine or establish another separate connection to the machine
+where you already have a token (by using the <B>telnet</B> utility, for
+example). You get a new PAG for each separate machine or connection,
+and can use the associated tokens only while working on that machine or
+connection.
+<P><H4><A NAME="Header_39">Obtaining Tokens as Another User</A></H4>
+<A NAME="IDX829"></A>
+<P>You can authenticate as another username if you know the associated
+password. (It is, of course, unethical to use someone else's
+tokens without permission.) If you use the <B>klog</B> command to
+authenticate as another AFS username, you retain your own local (UNIX)
+identity, but the AFS server processes recognize you as the other user.
+The new token replaces any token you already have for the relevant cell (for
+the reason described in <A HREF="#HDRWQ27">The One-Token-Per-Cell Rule</A>).
+<P><H4><A NAME="HDRWQ28">Token Lifetime</A></H4>
+<A NAME="IDX830"></A>
+<A NAME="IDX831"></A>
+<P>Tokens have a limited lifetime. To determine when your tokens
+expire, issue the <B>tokens</B> command as described in <A HREF="#HDRWQ30">To Display Your Tokens</A>. If you are ever unable to access AFS in a way that
+you normally can, issuing the <B>tokens</B> command tells you whether an
+expired token is a possible reason.
+<P>Your cell's administrators set the default lifetime of your
+token. The AFS authentication service never grants a token lifetime
+longer than the default, but you can request a token with a shorter
+lifetime. See the <B>klog</B> reference page in the <I>IBM AFS
+Administration Reference</I> to learn how to use its <B>-lifetime</B>
+argument for this purpose.
+<P><H4><A NAME="Header_41">Authenticating for DFS Access</A></H4>
+<A NAME="IDX832"></A>
+<A NAME="IDX833"></A>
+<A NAME="IDX834"></A>
+<A NAME="IDX835"></A>
+<A NAME="IDX836"></A>
+<P>If your machine is configured to access a DCE cell's DFS filespace by
+means of the AFS/DFS Migration Toolkit, you can use the <B>dlog</B>
+command to authenticate with DCE. The <B>dlog</B> command has no
+effect on your ability to access AFS filespace.
+<P>If your system administrator has converted your AFS account to a DCE
+account and you are not sure of your DCE password, use the <B>dpass</B>
+command to display it. You must be authenticated as the AFS user whose
+AFS account was converted to a DCE account, and be able to provide the correct
+AFS password. Like the <B>dlog</B> command, the <B>dpass</B>
+command has no functionality with respect to AFS.
+<P>For more information on using the <B>dlog</B> and <B>dpass</B>
+commands, see your system administrator.
+<P><H3><A NAME="HDRWQ29" HREF="auusg002.htm#ToC_42">To Authenticate with AFS</A></H3>
+<A NAME="IDX837"></A>
+<A NAME="IDX838"></A>
+<A NAME="IDX839"></A>
+<P>If your machine is not using an AFS-modified login utility, you must
+authenticate after login by issuing the <B>klog</B> command. You
+can also issue this command at any time to obtain a token with a later
+expiration date than your current token.
+<PRE> % <B>klog</B> [<B>-setpag</B>] [<B>-cell</B> <<VAR>cell name</VAR>>]
+ Password: <VAR>your_AFS_password</VAR>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-setpag
+</B><DD>Associates the resulting tokens with a PAG (see <A HREF="#HDRWQ25">Protecting Your Tokens with a PAG</A>). Include this flag the first time you obtain a token
+for a particular cell during a login session or connection. Do not
+include it when refreshing the token for a cell during the same
+session.
+<P><DT><B>-cell
+</B><DD>Names the cell for which to obtain the token. You must have an
+account in the cell.
+</DL>
+<P>Your password does not echo visibly appear on the screen. When the
+command shell prompt returns, you are an authenticated AFS user. You
+can use the <B>tokens</B> command to verify that you are authenticated, as
+described in the following section.
+<P><H3><A NAME="HDRWQ30" HREF="auusg002.htm#ToC_43">To Display Your Tokens</A></H3>
+<A NAME="IDX840"></A>
+<A NAME="IDX841"></A>
+<A NAME="IDX842"></A>
+<A NAME="IDX843"></A>
+<A NAME="IDX844"></A>
+<P>Use the <B>tokens</B> command to display your tokens.
+<PRE> % <B>tokens</B>
+</PRE>
+<P>The following output indicates that you have no tokens:
+<PRE> Tokens held by the Cache Manager:
+ --End of list--
+</PRE>
+<P>If you have one or more tokens, the output looks something like the
+following example, in which the tokens for AFS UID 1022 in the <B>
+abc.com</B> cell expire on August 3 at 2:35 p.m.
+The tokens for AFS UID 9554 in the <B>stateu.edu</B> cell expire on
+August 4 at 1:02 a.m.
+<PRE> Tokens held by the Cache Manager:
+ User's (AFS ID 1022) tokens for afs@abc.com [Expires Aug 3 14:35]
+ User's (AFS ID 9554) tokens for afs@stateu.edu [Expires Aug 4 1:02]
+ --End of list--
+</PRE>
+<P><H3><A NAME="Header_44" HREF="auusg002.htm#ToC_44">Example: Authenticating in the Local Cell</A></H3>
+<A NAME="IDX845"></A>
+<P>Suppose that user <B>terry</B> cannot save a file. He uses the
+<B>tokens</B> command and finds that his tokens have expired. He
+reauthenticates in his local cell under his current identity by issuing the
+following command:
+<PRE> % <B>klog</B>
+ Password: <VAR>terry's_password</VAR>
+</PRE>
+<P>The he issues the <B>tokens</B> command to make sure he is
+authenticated.
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ User's (AFS ID 4562) tokens for afs@abc.com [Expires Jun 22 14:35]
+ --End of list--
+</PRE>
+<P><H3><A NAME="Header_45" HREF="auusg002.htm#ToC_45">Example: Authenticating as a Another User</A></H3>
+<A NAME="IDX846"></A>
+<P>Now <B>terry</B> authenticates in his local cell as another user,
+<B>pat</B>. The new token replaces <B>terry</B>'s existing
+token, because the Cache Manager can store only one token per cell per login
+session on a machine.
+<PRE> % <B>klog pat</B>
+ Password: <VAR>pat's_password</VAR>
+ % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ User's (AFS ID 4278) tokens for afs@abc.com [Expires Jun 23 9:46]
+ --End of list--
+</PRE>
+<P><H3><A NAME="Header_46" HREF="auusg002.htm#ToC_46">Example: Authenticating in a Foreign Cell</A></H3>
+<A NAME="IDX847"></A>
+<P>Now <B>terry</B> authenticates in the <B>stateu.edu</B> cell
+where his account is called <B>ts09</B>.
+<PRE> % <B>klog ts09 -cell stateu.edu</B>
+ Password: <VAR>ts09's_password</VAR>
+ % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ User's (AFS ID 4562) tokens for afs@abc.com [Expires Jun 22 14:35]
+ User's (AFS ID 8346) tokens for afs@stateu.edu [Expires Jun 23 1:02]
+ --End of list--
+</PRE>
+<P><H3><A NAME="HDRWQ31" HREF="auusg002.htm#ToC_47">Limits on Failed Authentication Attempts</A></H3>
+<A NAME="IDX848"></A>
+<P>Your system administrator can choose to limit the number of times that you
+fail to provide the correct password when authenticating with AFS (using
+either an AFS-modified login utility or the <B>klog</B> command).
+If you exceed the limit, the AFS authentication service refuses further
+authentication attempts for a period of time set by your system
+administrator. The purpose of this limit is to prevent unauthorized
+users from breaking into your account by trying a series of passwords.
+<P>To determine if your user account is subject to this limit, ask your system
+administrator or issue the <B>kas examine</B> command as described in <A HREF="#HDRWQ32">To Display Your Failed Authentication Limit and Lockout Time</A>.
+<P>The following message indicates that you have exceeded the limit on failed
+authentication attempts.
+<PRE> Unable to authenticate to AFS because ID is locked - see your system admin
+</PRE>
+<P><H3><A NAME="HDRWQ32" HREF="auusg002.htm#ToC_48">To Display Your Failed Authentication Limit and Lockout Time</A></H3>
+<A NAME="IDX849"></A>
+<A NAME="IDX850"></A>
+<A NAME="IDX851"></A>
+<A NAME="IDX852"></A>
+<P>Issue the <B>kas examine</B> command to determine if there is a limit
+on the number of unsuccessful authentication attempts for your user account
+and any associated lockout time. You can examine only your own
+account. The fourth line of the output reports the maximum number of
+times you can provide an incorrect password before being locked out of your
+account. The <TT>lock time</TT> field on the next line reports how
+long the AFS authentication service refuses authentication attempts after the
+limit is exceeded.
+<PRE> % <B>kas examine</B> <VAR>your_username</VAR>
+ Password for <VAR>your_username</VAR>: <VAR>your_AFS_password</VAR>
+</PRE>
+<P>The following example displays the output for the user <B>pat</B>, who
+is allowed nine failed authentication attempts. The lockout time is
+25.5 minutes.
+<PRE> User data for pat
+ key (15) cksum is 3414844392, last cpw: Thu Oct 21 16:05:44 1999
+ password will expire: Fri Nov 26 20:44:36 1999
+ 9 consecutive unsuccessful authentications are permitted.
+ The lock time for this user is 25.5 minutes.
+ User is not locked.
+ entry never expires. Max ticket lifetime 100.00 hours.
+ last mod on Wed Aug 18 08:22:29 1999 by admin
+ permit password reuse
+</PRE>
+<HR><H2><A NAME="HDRWQ33" HREF="auusg002.htm#ToC_49">Exiting an AFS Session</A></H2>
+<A NAME="IDX853"></A>
+<A NAME="IDX854"></A>
+<A NAME="IDX855"></A>
+<A NAME="IDX856"></A>
+<A NAME="IDX857"></A>
+<P>Because logging in and authenticating with AFS are distinct operations, you
+must both logout and unauthenticate (issue the <B>unlog</B> command to
+discard your tokens) when exiting an AFS session. Simply logging out
+does not necessarily destroy your tokens.
+<P>You can use the <B>unlog</B> command any time you want to
+unauthenticate, not just when logging out. For instance, it is a good
+practice to unauthenticate before leaving your machine unattended, to prevent
+other users from using your tokens during your absence. When you return
+to your machine, issue the <B>klog</B> command to reauthenticate, as
+described in <A HREF="#HDRWQ29">To Authenticate with AFS</A>.
+<P>Do not issue the <B>unlog</B> command when you are running jobs that
+take a long time to complete, even if you are logging out. Such
+processes must have a token during the entire time they need authenticated
+access to AFS.
+<P>If you have tokens from multiple cells and want to discard only some of
+them, include the <B>unlog</B> command's <B>-cell</B>
+argument.
+<P><H3><A NAME="Header_50" HREF="auusg002.htm#ToC_50">To Discard Tokens</A></H3>
+<A NAME="IDX858"></A>
+<A NAME="IDX859"></A>
+<P>Issue the <B>unlog</B> command to discard your tokens:
+<PRE> % <B>unlog -cell</B> <<VAR>cell name</VAR>><SUP>+</SUP>
+</PRE>
+<P>Omit the <B>-cell</B> argument to discard all of your tokens, or use it
+to name each cell for which to discard tokens. It is best to provide
+the full name of each cell (such as <B>stateu.edu</B> or
+<B>abc.com</B>).
+<P>You can issue the <B>tokens</B> command to verify that your tokens were
+destroyed, as in the following example.
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ --End of list--
+</PRE>
+<P><H3><A NAME="Header_51" HREF="auusg002.htm#ToC_51">Example: Unauthenticating from a Specific Cell</A></H3>
+<A NAME="IDX860"></A>
+<P>In the following example, a user has tokens in both the
+<B>accounting</B> and <B>marketing</B> cells at her company.
+She discards the token for the <B>acctg.abc.com</B> cell but
+keeps the token for the <B>mktg.abc.com</B> cell.
+<PRE> % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ User's (AFS ID 35) tokens for afs@acctg.abc.com [Expires Nov 10 22:30]
+ User's (AFS ID 674) tokens for afs@mktg.abc.com [Expires Nov 10 18:44]
+ --End of list--
+ % <B>unlog -cell acctg.abc.com</B>
+ % <B>tokens</B>
+ Tokens held by the Cache Manager:
+ User's (AFS ID 674) tokens for afs@mktg.abc.com [Expires Nov 10 18:44]
+ --End of list--
+</PRE>
+<P><H3><A NAME="Header_52" HREF="auusg002.htm#ToC_52">To Log Out</A></H3>
+<P>After you have unauthenticated, log out by issuing the command
+appropriate for your machine type, which is possibly one of the
+following.
+<PRE> % <B>logout</B>
+</PRE>
+<P>or
+<PRE> % <B>exit</B>
+</PRE>
+<P>or
+<PRE> % <<B>Ctrl-d</B>>
+</PRE>
+<HR><H2><A NAME="HDRWQ34" HREF="auusg002.htm#ToC_53">Accessing the AFS Filespace</A></H2>
+<A NAME="IDX861"></A>
+<A NAME="IDX862"></A>
+<P>While you are logged in and authenticated, you can access files in AFS just
+as you do in the UNIX file system. The only difference is that you can
+access potentially many more files. Just as in the UNIX file system,
+you can only access those files for which you have permission. AFS uses
+access control lists (ACLs) to control access, as described in <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>.
+<P><H3><A NAME="Header_54" HREF="auusg002.htm#ToC_54">AFS Pathnames</A></H3>
+<A NAME="IDX863"></A>
+<P>AFS pathnames look very similar to UNIX file system names. The main
+difference is that every AFS pathname begins with the AFS root directory,
+which is called <B>/afs</B> by convention. Having <B>/afs</B>
+at the top of every AFS cell's filespace links together their filespaces
+into a global filespace.
+<A NAME="IDX864"></A>
+<A NAME="IDX865"></A>
+<A NAME="IDX866"></A>
+<A NAME="IDX867"></A>
+<P><B>Note for Windows users:</B> Windows uses a backslash
+( <B>\</B> ) rather than a forward slash
+( <B>/</B> ) to separate the elements in a
+pathname. Otherwise, your access to AFS filespace is much the same as
+for users working on UNIX machines.
+<P>The second element in AFS pathnames is generally a cell's name.
+For example, the ABC Corporation cell is called <B>abc.com</B> and
+the pathname of every file in its filespace begins with the string
+<B>/afs/abc.com</B>. Some cells also create a directory at
+the second level with a shortened name (such as <B>abc</B> for
+<B>abc.com</B> or <B>stateu</B> for
+<B>stateu.edu</B>), to reduce the amount of typing
+necessary. Your system administrator can tell you if your cell's
+filespace includes shortened names like this. The rest of the pathname
+depends on how the cell's administrators organized its filespace.
+<P>To access directories and files in AFS you must both specify the correct
+pathname and have the required permissions on the ACL that protects the
+directory and the files in it.
+<P><H3><A NAME="Header_55" HREF="auusg002.htm#ToC_55">Example: Displaying the Contents of Another User's Directory</A></H3>
+<P>The user <B>terry</B> wants to look for a file belonging to another
+user, <B>pat</B>. He issues the <B>ls</B> command on the
+appropriate pathname.
+<PRE> % <B>ls /afs/abc.com/usr/pat/public</B>
+ doc/ directions/
+ guide/ jokes/
+ library/
+</PRE>
+<P><H3><A NAME="HDRWQ35" HREF="auusg002.htm#ToC_56">Accessing Foreign Cells</A></H3>
+<A NAME="IDX868"></A>
+<A NAME="IDX869"></A>
+<P>You can access files not only in your own cell, but in any AFS cell that
+you can reach via the network, regardless of geographical location.
+There are two additional requirements:
+<UL>
+<P><LI>Your Cache Manager's list of foreign cells must include the cell you
+want to access. Only the local superuser <B>root</B> can edit the
+list of cells, but anyone can display it. See <A HREF="auusg006.htm#HDRWQ42">Determining Access to Foreign Cells</A>.
+<P><LI>The ACL on the directory that houses the file, and on every parent
+directory in the pathname, must grant you the necessary permissions.
+The simplest way for the directory's owner to extend permission to
+foreign users is to put an entry for the <B>system:anyuser</B> group
+on the ACL.
+<P>The alternative is for the foreign cell's administrator to create an
+account for you, essentially making you a local user in the cell. The
+directory's owner creates an ACL entry for you as for any other local
+user. To authenticate in the foreign cell, issue the <B>klog</B>
+command with the <B>-cell</B> argument.
+</UL>
+<P>For further discussion of directory and file protection, see <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>.
+<HR><H2><A NAME="HDRWQ36" HREF="auusg002.htm#ToC_57">Changing Your Password</A></H2>
+<P>In cells that use an AFS-modified login utility, the password
+is the same for both logging in and authenticating with AFS. In this
+case, you use a single command, <B>kpasswd</B>, to change the
+password.
+<P>If your machine does not use an AFS-modified login utility, there are
+separate passwords for logging into the local file system and authenticating
+with AFS. (The two passwords can be the same or different, at your
+discretion.) In this case, use the <B>kpasswd</B> command to change
+your AFS password and the UNIX <B>passwd</B> command to change your UNIX
+password.
+<P>Your system administrator can improve cell security by configuring several
+features that guide your choice of password. Keep them in mind when you
+issue the <B>kpasswd</B> command:
+<UL>
+<P><LI>Limiting the amount of time your password is valid. This improves
+your cell's security by limiting the amount of time an unauthorized user
+has to try to guess your password. Your system administrator needs to
+tell you when your password is due to expire so that you can change it in
+time. The administrator can configure the AFS-modified login utility to
+report this information automatically each time you log in. You can
+also use the <B>kas examine</B> command to display the password expiration
+date, as instructed in <A HREF="#HDRWQ37">To Display Password Expiration Date and Reuse Policy</A>.
+<P>You can change your password prior to the expiration date, but your system
+administrator can choose to set a minimum time between password
+changes. The following message indicates that the minimum time has not
+yet passed.
+<PRE> kpasswd: password was not changed because you changed it too
+ recently; see your system administrator
+</PRE>
+<P><LI>Enforcing password quality standards, such as a minimum length or
+inclusion of nonalphabetic characters. The administrator needs to tell
+you about such requirements so that you do not waste time picking unacceptable
+passwords.
+<P><LI>Rejecting a password that is too similar to the last 20 passwords you
+used. You can use the <B>kas examine</B> command to check whether
+this policy applies to you, as instructed in <A HREF="#HDRWQ37">To Display Password Expiration Date and Reuse Policy</A>. The following message indicates that the password
+you have chosen is too similar to a previous password.
+<PRE> kpasswd: Password was not changed because it seems like a reused password
+</PRE>
+</UL>
+<P><H3><A NAME="HDRWQ37" HREF="auusg002.htm#ToC_58">To Display Password Expiration Date and Reuse Policy</A></H3>
+<A NAME="IDX870"></A>
+<A NAME="IDX871"></A>
+<A NAME="IDX872"></A>
+<A NAME="IDX873"></A>
+<A NAME="IDX874"></A>
+<A NAME="IDX875"></A>
+<P>Issue the <B>kas examine</B> command to display your password
+expiration date and reuse policy. You can examine only your own
+account. The third line of the output reports your password's
+expiration date. The last line reports the password reuse policy that
+applies to you.
+<PRE> % <B>kas examine</B> <VAR>your_username</VAR>
+ Password for <VAR>your_username</VAR>: <VAR>your_AFS_password</VAR>
+</PRE>
+<P>The following example displays the output for the user
+<B>pat</B>.
+<PRE> User data for pat
+ key (15) cksum is 3414844392, last cpw: Thu Oct 21 16:05:44 1999
+ password will expire: Fri Nov 26 20:44:36 1999
+ 9 consecutive unsuccessful authentications are permitted.
+ The lock time for this user is 25.5 minutes.
+ User is not locked.
+ entry never expires. Max ticket lifetime 100.00 hours.
+ last mod on Wed Aug 18 08:22:29 1999 by admin
+ don't permit password reuse
+</PRE>
+<P><H3><A NAME="Header_59" HREF="auusg002.htm#ToC_59">To Change Your AFS Password</A></H3>
+<A NAME="IDX876"></A>
+<A NAME="IDX877"></A>
+<A NAME="IDX878"></A>
+<A NAME="IDX879"></A>
+<P>Issue the <B>kpasswd</B> command, which prompts you to provide your old
+and new passwords and to confirm the new password. The passwords do not
+echo visibly on the screen.
+<PRE> % <B>kpasswd</B>
+ Old password: <VAR>current_password</VAR>
+ New password (RETURN to abort): <VAR>new_password</VAR>
+ Retype new password: <VAR>new_password</VAR>
+</PRE>
+<P><H3><A NAME="Header_60" HREF="auusg002.htm#ToC_60">To Change Your UNIX Password</A></H3>
+<P>
+<A NAME="IDX880"></A>
+<A NAME="IDX881"></A>
+<A NAME="IDX882"></A>
+<A NAME="IDX883"></A>
+Issue the UNIX <B>passwd</B> command, which prompts you to provide your
+old and new passwords and to confirm the new password. The passwords do
+not echo visibly on the screen. On many machines, the <B>passwd</B>
+resides in the <B>/bin</B> directory, and you possibly need to type the
+complete pathname.
+<PRE> % <B>passwd</B>
+ Changing password for <VAR>username</VAR>.
+ Old password: <VAR>current_password</VAR>
+ New password: <VAR>new_password</VAR>
+ Retype new passwd: <VAR>new_password</VAR>
+</PRE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg004.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg006.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ38" HREF="auusg002.htm#ToC_61">Displaying Information about AFS</A></H1>
+<P>This chapter explains how to display information that can
+help you use AFS more effectively. It includes the following
+sections.
+<DL>
+<DD><P><A HREF="#HDRWQ39">Displaying Volume Quota</A>
+<DD><P><A HREF="#HDRWQ40">Locating Files and Directories</A>.
+<DD><P><A HREF="#HDRWQ41">Checking the Status of Server Machines</A>
+<DD><P><A HREF="#HDRWQ42">Determining Access to Foreign Cells</A>
+<DD><P><A HREF="#HDRWQ43">Displaying Server Preference Ranks</A>
+</DL>
+<HR><H2><A NAME="HDRWQ39" HREF="auusg002.htm#ToC_62">Displaying Volume Quota</A></H2>
+<P>By convention, the files in your home directory are stored
+together in a single volume. (For information about volumes, see <A HREF="auusg004.htm#HDRWQ6">Volumes and Mount Points</A>.) To allocate your cell's available disk space
+as fairly as possible, your system administrators impose a size limit, or
+<I>quota</I>, on each volume. You cannot store more data in a
+volume than its quota allows. If a volume is close to its quota, you
+sometimes cannot save changes you have made to files stored in the
+volume.
+<P>The amount of space available on the partition that houses the volume also
+limits how large the volume can grow. If the disk partition is full,
+you can become unable to save changes to a file even though the volume is not
+close to its quota.
+<A NAME="IDX884"></A>
+<A NAME="IDX885"></A>
+<P>Check the quota on your home volume periodically to make sure you have
+adequate space. Also, if you encounter problems saving a file, check
+the quota of the volume in which the file is stored. Use the following
+commands to display volume quota.
+<UL>
+<P><LI>The <B>fs quota</B> command lists the percentage of the volume quota
+used.
+<P><LI>Both the <B>fs listquota</B> and <B>fs examine</B> commands list
+the volume name, its maximum size (quota), and its current size. They
+also report the following additional information.
+<UL>
+<P><LI>The <B>fs listquota</B> command lists the percentage used of both the
+volume and the partition.
+<P><LI>The <B>fs examine</B> command lists the partition's size, the
+amount of space currently used, and any messages associated with the
+volume.
+</UL>
+</UL>
+<P><H3><A NAME="Header_63" HREF="auusg002.htm#ToC_63">To Display Percentage of Quota Used</A></H3>
+<A NAME="IDX886"></A>
+<A NAME="IDX887"></A>
+<A NAME="IDX888"></A>
+<A NAME="IDX889"></A>
+<P>Issue the <B>fs quota</B> command to display the percentage of the
+quota currently used for the volume that contains a specified directory or
+file.
+<PRE> % <B>fs quota</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where <VAR>dir/file path</VAR> specifies the pathname of a file or directory
+in each volume for which to display quota information. If you do not
+provide a pathname, the output reports quota information for the volume that
+contains the current working directory.
+<P><H3><A NAME="Header_64" HREF="auusg002.htm#ToC_64">Example: Displaying Percentage of Quota Used</A></H3>
+<P>
+<A NAME="IDX890"></A>
+The following example displays the percentage of quota used for the volumes
+that contain two user home directories in the ABC Corporation cell.
+<PRE> % <B>cd /afs/abc.com/usr</B>
+ % <B>fs quota terry pat</B>
+ 34% of quota used.
+ 85% of quota used.
+</PRE>
+<P><H3><A NAME="Header_65" HREF="auusg002.htm#ToC_65">To Display Quota and Other Information about a Volume</A></H3>
+<A NAME="IDX891"></A>
+<A NAME="IDX892"></A>
+<A NAME="IDX893"></A>
+<A NAME="IDX894"></A>
+<A NAME="IDX895"></A>
+<A NAME="IDX896"></A>
+<P>Issue the <B>fs listquota</B> command to display the following
+information:
+<UL>
+<P><LI>The name of the volume that houses each specified file or directory
+<P><LI>The quota, expressed as a number of kilobytes (<TT>1024</TT> indicates
+one megabyte)
+<P><LI>The current size of the volume (the number of kilobytes of currently used)
+<P><LI>The percentage of the quota used
+<P><LI>The percentage of space used on the disk partition housing the volume
+</UL>
+<P>The command's syntax is as follows.
+<PRE> % <B>fs listquota</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where <VAR>dir/file path</VAR> specifies the pathname of a file or directory
+in each volume for which to display quota information. If you do not
+provide a pathname, the output reports quota information for the volume that
+contains the current working directory.
+<P><H3><A NAME="Header_66" HREF="auusg002.htm#ToC_66">Example: Display Quota and Other Information about a Volume</A></H3>
+<A NAME="IDX897"></A>
+<P>The following example displays quota information about the volume that
+houses the home directory of user <B>terry</B>.
+<PRE> % <B>fs listquota ~terry</B>
+ Volume Name Quota Used % Used Partition
+ user.terry 10000 3400 34% 86%
+</PRE>
+<P><H3><A NAME="Header_67" HREF="auusg002.htm#ToC_67">To Display Quota and Other Information about a Volume and Partition</A></H3>
+<A NAME="IDX898"></A>
+<A NAME="IDX899"></A>
+<A NAME="IDX900"></A>
+<A NAME="IDX901"></A>
+<A NAME="IDX902"></A>
+<A NAME="IDX903"></A>
+<P>Issue the <B>fs examine</B> command to display the following
+information about a volume and the partition it resides on:
+<UL>
+<P><LI>The volume's ID number (abbreviated in the output as <TT>vid</TT>)
+<P><LI>The volume name
+<P><LI>The volume's quota and current size, in kilobytes
+<P><LI>The number of kilobyte blocks available on the disk partition housing the
+volume and the total size of that partition
+<P><LI>An <I>off-line message</I> associated with the volume, if any, as set
+by a system administrator
+</UL>
+<P>The command's syntax is as follows.
+<PRE> % <B>fs examine</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where <VAR>dir/file path</VAR> specifies the pathname of a file or directory
+in each volume for which to display quota information. If you do not
+provide a pathname, the output reports quota information for the volume that
+contains the current working directory.
+<P><H3><A NAME="Header_68" HREF="auusg002.htm#ToC_68">Example: Displaying Quota and Other Information about a Volume and Partition</A></H3>
+<A NAME="IDX904"></A>
+<P>The following example displays quota and other information about the volume
+that houses the current working directory.
+<PRE> % <B>fs examine</B>
+ Volume status for vid = 536871122 named user.terry
+ Current disk quota is 10000
+ Current blocks used are 5745
+ The partition has 1593 blocks available out of 99162
+</PRE>
+<HR><H2><A NAME="HDRWQ40" HREF="auusg002.htm#ToC_69">Locating Files and Directories</A></H2>
+<A NAME="IDX905"></A>
+<A NAME="IDX906"></A>
+<P>Normally, you do not need to know which file server machine stores the
+volume containing a file or directory. Given the pathname to a file,
+the Cache Manager on your client machine automatically accesses the
+appropriate server machine.
+<P>If you become unable to access a file, however, it can be useful to know
+which file server machine houses it. You can then check whether the
+File Server process or machine is functioning correctly, as described in <A HREF="#HDRWQ41">Checking the Status of Server Machines</A>. Or, if your system administrators schedule downtime
+for a machine, you can learn whether the outage is likely to prevent you from
+accessing certain files.
+<P><H3><A NAME="Header_70" HREF="auusg002.htm#ToC_70">To Display a File or Directory's Location</A></H3>
+<A NAME="IDX907"></A>
+<A NAME="IDX908"></A>
+<A NAME="IDX909"></A>
+<A NAME="IDX910"></A>
+<P>Issue the <B>fs whereis</B> command to display the file server machine
+on which a file or directory is stored.
+<PRE> % <B>fs whereis</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where <VAR>dir/file path</VAR> specifies the pathname of each file or
+directory for which you want location information. If you do not
+provide a pathname, the output reports the machine housing the volume that
+contains the current working directory.
+<P>If the output mentions more than one machine, there is a copy of the volume
+at each site (the volume is <I>replicated</I>). Your system
+administrators can choose to replicate volumes that contain information many
+people need to use, both for load balancing reasons and to make the
+information available even if there is an outage on one machine that houses
+the volume.
+<P><H3><A NAME="Header_71" HREF="auusg002.htm#ToC_71">Example: Displaying Directory Location</A></H3>
+<A NAME="IDX911"></A>
+<P>The following example displays the names of the server machines that house
+the home volumes for users <B>terry</B> and <B>pat</B>.
+<PRE> % <B>cd /afs/abc.com/usr</B>
+ % <B>fs whereis terry pat</B>
+ File /afs/abc.com/usr/terry is on host fs2.abc.com
+ File /afs/abc.com/usr/pat is on host fs3.abc.com
+</PRE>
+<HR><H2><A NAME="HDRWQ41" HREF="auusg002.htm#ToC_72">Checking the Status of Server Machines</A></H2>
+<A NAME="IDX912"></A>
+<A NAME="IDX913"></A>
+<A NAME="IDX914"></A>
+<P>Sometimes one or more server machines in your cell become inaccessible due
+to hardware problems, software problems, or routine maintenance. During
+the outage, you cannot access files stored on those machines or save any
+changes you have made to files that are stored on those machines. (Your
+Cache Manager possibly has copies of the files stored locally, which you can
+still work with.)
+<P>To check the status of server machines, use the <B>fs checkservers</B>
+command. If a server machine has more than one network interface
+address (is <I>multihomed</I>), the Cache Manager sends the
+status-checking message to all of the machine's interfaces. If at
+least one of the server's interfaces replies, the command's output
+reports the machine as accessible. If there is no reply from any of the
+interfaces, the output reports the machine as inaccessible but displays only
+one of the interfaces (usually the one with the best preference rank; see
+<A HREF="#HDRWQ43">Displaying Server Preference Ranks</A>).
+<P>To check the status of different groups of server machines, combine the
+<B>fs checkservers</B> command's options as indicated:
+<UL>
+<P><LI>To check file server machines in the local cell only, do not include any
+options
+<P><LI>To check file server machines in a particular foreign cell only, include
+the <B>-cell</B> argument
+<P><LI>To check every file server machine that your Cache Manager has contacted
+in any cell, include the <B>-all</B> flag
+</UL>
+<P>It can take several minutes for the command shell prompt to return, because
+the <B>fs</B> command interpreter waits a timeout period before concluding
+that an unresponsive machine is really inaccessible. To have the
+command shell prompt return immediately, add the ampersand (<B>&</B>),
+which runs the <B>fs checkservers</B> command in the background.
+<P><H3><A NAME="Header_73" HREF="auusg002.htm#ToC_73">To Check File Server Machine Status</A></H3>
+<A NAME="IDX915"></A>
+<A NAME="IDX916"></A>
+<P>Issue the <B>fs checkservers</B> command to check the status of file
+server machines.
+<PRE> % <B>fs checkservers</B> [<B>-cell</B> <<VAR>cell to check</VAR>>] [<B>-all</B>] [<B>&</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-cell
+</B><DD>Names each cell for which to check server machine status. Do not
+combine this argument and the <B>-all</B> flag.
+<P><DT><B>-all
+</B><DD>Checks the status of all server machines. Do not combine this flag
+and the <B>-cell</B> argument.
+</DL>
+<P>The following message indicates that all server machines replied to the
+Cache Manager's status-checking message:
+<PRE> All servers are running.
+</PRE>
+<P>Otherwise, a message like the following lists the inaccessible
+machines:
+<PRE> These servers unavailable due to network or server problems: <VAR>list of machines</VAR>.
+</PRE>
+<P><H3><A NAME="Header_74" HREF="auusg002.htm#ToC_74">Example: Checking Server Machine Status</A></H3>
+<A NAME="IDX917"></A>
+<P>The following example checks the status of every file server machine the
+Cache Manager has contacted in any cell. Two machines are not
+responding.
+<PRE> % <B>fs checkservers -all &</B>
+ These servers unavailable due to network or server problems:
+ fs1.abc.com server7.stateu.edu.
+</PRE>
+<HR><H2><A NAME="HDRWQ42" HREF="auusg002.htm#ToC_75">Determining Access to Foreign Cells</A></H2>
+<A NAME="IDX918"></A>
+<P>The Cache Manager maintains a list of foreign cells that it knows how to
+reach. A cell must appear in the list for you to access its AFS
+filespace. (In addition, the ACL on each directory in the pathname to
+the file must grant you the necessary permissions, and your system
+administrator must mount the cell in the local AFS filespace--by
+convention, just under the <B>/afs</B> directory.)
+<P><H3><A NAME="Header_76" HREF="auusg002.htm#ToC_76">To Display Foreign Cells</A></H3>
+<A NAME="IDX919"></A>
+<A NAME="IDX920"></A>
+<P>Issue the <B>fs listcells</B> command to display the cells you can
+access from this client machine. It can take several minutes for the
+command shell prompt to return. The Cache Manager stores the machines
+as IP addresses, but has the addresses translated to names before displaying
+them. To have the command shell prompt return immediately, use the
+ampersand (<B>&</B>) to run the <B>fs listcells</B> command in the
+background as in the following example.
+<PRE> % <B>fs listcells &</B>
+ Cell abc.com on hosts
+ db1.abc.com
+ db2.abc.com
+ db3.abc.com
+ Cell test.abc.com on hosts
+ test4.abc.com.
+ Cell stateu.edu on hosts
+ sv5.stateu.edu.
+ sv2.stateu.edu.
+ sv11.stateu.edu.
+ Cell def.com on hosts
+ serverA.def.com
+</PRE>
+<HR><H2><A NAME="HDRWQ43" HREF="auusg002.htm#ToC_77">Displaying Server Preference Ranks</A></H2>
+<A NAME="IDX921"></A>
+<A NAME="IDX922"></A>
+<A NAME="IDX923"></A>
+<P>The Cache Manager stores a list of preference ranks for file server
+machines. When it needs to access a file or directory, the Cache
+Manager compares the ranks of the file server machines that house the relevant
+volume. It first tries to access the volume on the machine with the
+best rank. (If a file server machine is multihomed--has more than
+one network interface--the Cache Manager actually assigns a separate rank
+to each interface.)
+<P>The Cache Manager assigns a default rank to a file server machine interface
+by comparing its own IP address to the interface's IP address. It
+assigns a better rank to interfaces that are on its own subnetwork or network
+than to interfaces on other networks. Therefore, the ranks bias the
+Cache Manager to fetch files from file server machines that are close in terms
+of network distance, which tends to reduce network traffic and help the Cache
+Manager deliver data to applications more quickly.
+<P>The Cache Manager stores each rank as a pairing of a file server machine
+interface's IP address and an integer rank from the range <B>0</B> to
+<B>65,534</B>. A lower number is a better rank. To display
+the server preference ranks on the local client machine, use the <B>fs
+getserverprefs</B> command.
+<P>The Cache Manager stores a separate but similar set of ranks for Volume
+Location (VL) Servers, which tell the Cache Manager the location of volumes
+that house files and directories. To display those ranks, add the
+<B>-vlservers</B> flag to the <B>fs getserverprefs</B> command.
+<P>If the default ranks do not seem to result in the best performance, your
+system administrator can change them. Ask your system administrator
+about the ranks if appropriate.
+<P><H3><A NAME="Header_78" HREF="auusg002.htm#ToC_78">To Display Server Preference Ranks</A></H3>
+<P>Issue the <B>fs getserverprefs</B> command to display the file
+server machine preference ranks used by the Cache Manager on the local
+machine. To display VL Server ranks, add the <B>-vlservers</B>
+flag. By default, the Cache Manager has the IP address of each
+interface translated into a hostname before displaying it. To bypass
+the translation and display IP addresses, include the <B>-numeric</B>
+flag. This can significantly speed up the command's output.
+<PRE> % <B>fs getserverprefs</B> [<B>-numeric</B>] [<B>-vlservers</B>]
+</PRE>
+<P>The following example displays the file server machine preference ranks for
+a client machine in the <B>abc.com</B> cell. The ranks of
+the file server machines in that cell are lower than the ranks of the file
+server machines from the foreign cell, <B>def.com</B>.
+Because the <B>-numeric</B> flag is not used, the output displays
+hostnames. The appearance of an IP address for two machines indicates
+that translating them was not possible.
+<PRE> % <B>fs getserverprefs</B>
+ fs2.abc.com 20007
+ fs3.abc.com 30002
+ fs1.abc.com 20011
+ fs4.abc.com 30010
+ server1.def.com 40002
+ 192.12.105.34 40000
+ server6.def.com 40012
+ 192.12.105.37 40005
+</PRE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg005.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg007.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ44" HREF="auusg002.htm#ToC_79">Protecting Your Directories and Files</A></H1>
+<P>This chapter explains how to protect AFS files and
+directories by defining permissions on an access control list.
+<HR><H2><A NAME="HDRWQ45" HREF="auusg002.htm#ToC_80">Access Control Lists</A></H2>
+<A NAME="IDX924"></A>
+<A NAME="IDX925"></A>
+<A NAME="IDX926"></A>
+<A NAME="IDX927"></A>
+<A NAME="IDX928"></A>
+<P>AFS augments and refines the standard UNIX scheme for controlling access to
+files and directories. Instead of using mode bits to define access
+permissions for individual files, as UNIX does, AFS stores an <I>access
+control list</I> (<I>ACL</I>) with each directory. It defines
+which users and groups can access the directory and the files it contains, and
+in what manner. An ACL can store up to about 20 entries, each of which
+pairs a user or group and a set of permissions. AFS defines seven
+permissions rather than the three that UNIX uses.
+<P>Another refinement to the standard UNIX protection scheme is that users can
+define their own protection <I>groups</I> and then place the groups on
+ACLs as though they were individual users. A group can include both
+users and machines. Each user who belongs to a group inherits all of
+the permissions granted to the group on the ACL. Similarly, all users
+who are logged into a machine that belongs to a group inherits all of the
+permissions granted to the group. You can create groups to place on
+ACLs and also use groups that other users have created. To learn more
+about group creation, see <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>.
+<P>In addition, AFS defines two system groups called
+<B>system:anyuser</B> and <B>system:authuser</B>.
+By placing them on ACLs, you can grant access to large numbers of users at
+once. See <A HREF="#HDRWQ50">Using the System Groups on ACLs</A>.
+<P>Although AFS uses ACLs to protect files and directories, it also uses the
+UNIX mode bits to a limited extent. See <A HREF="#HDRWQ59">How AFS Uses the UNIX Mode Bits</A>.
+<P><H3><A NAME="Header_81" HREF="auusg002.htm#ToC_81">Directory Level Access Control</A></H3>
+<P>As noted, AFS associates an ACL with each directory, and it applies to
+all of the files stored in the directory. Files do not have separate
+ACLs. Defining access at the directory level has several
+consequences:
+<UL>
+<P><LI>The permissions on a directory's ACL apply to all of the files in the
+directory. When you move a file to a different directory, you
+effectively change its permissions to those on its new directory's
+ACL. Changing a directory's ACL changes the protection on all the
+files in it.
+<P><LI>When you create a subdirectory, it inherits the current ACL of its parent
+directory. You can then set the subdirectory's ACL to be different
+from its parent's. However, do not make the ACL on the parent
+directory more restrictive than on a subdirectory, because that can prevent
+users from accessing the subdirectory even when they have the necessary
+permissions on its ACL. Specifically, a user must have the <B>l</B>
+(<B>lookup</B>) permission (defined in <A HREF="#HDRWQ46">The AFS ACL Permissions</A>) on the parent directory to reach its subdirectories.
+<A NAME="IDX929"></A>
+<A NAME="IDX930"></A>
+</UL>
+<P>As a general rule, it makes sense to grant fairly liberal access to your
+home directory. If you need to protect certain files more closely,
+place them in subdirectories that have more restrictive ACLs.
+<HR><H2><A NAME="HDRWQ46" HREF="auusg002.htm#ToC_82">The AFS ACL Permissions</A></H2>
+<A NAME="IDX931"></A>
+<A NAME="IDX932"></A>
+<A NAME="IDX933"></A>
+<P>There are seven standard AFS ACL permissions. Functionally, they
+fall into two groups: one that applies to the directory itself and one
+that applies to the files.
+<P><H3><A NAME="HDRWQ47" HREF="auusg002.htm#ToC_83">The Four Directory Permissions</A></H3>
+<P>The four permissions in this group are meaningful with
+respect to the directory itself. For example, the <B>i</B>
+(<B>insert</B>) permission does not control addition of data to a file,
+but rather creation of a new file or subdirectory.
+<DL>
+<P><DT><B>The l (lookup) permission
+</B><DD>This permission functions as something of a gate keeper for access to the
+directory and its files, because a user must have it in order to exercise any
+other permissions. In particular, a user must have this permission to
+access anything in the directory's subdirectories.
+<A NAME="IDX934"></A>
+<A NAME="IDX935"></A>
+<P>This permission enables a user to issue the following commands:
+<UL>
+<P><LI>The <B>ls</B> command to list the names of the files and
+subdirectories in the directory
+<P><LI>The <B>ls -ld</B> command to obtain complete status information for
+the directory element itself
+<P><LI>The <B>fs listacl</B> command to examine the directory's ACL
+</UL>
+<P>This permission does not enable a user to read the contents of a file in
+the directory or to issue the <B>ls -l</B> or <B>fs listacl</B>
+commands with a filename as the argument. Those operations require the
+<B>r</B> (<B>read</B>) permission, which is described in <A HREF="#HDRWQ48">The Three File Permissions</A>.
+<P>Similarly, this permission does not enable a user to issue the
+<B>ls</B>, <B>ls -l</B>, <B>ls -ld</B>, or <B>fs listacl</B>
+commands against a subdirectory of the directory. Those operations
+require the <B>l</B> permission on the ACL of the subdirectory
+itself.
+<P><DT><B>The i (insert) permission
+</B><DD>This permission enables a user to add new files to the directory, either
+by creating or copying, and to create new subdirectories. It does not
+extend into any subdirectories, which are protected by their own ACLs.
+<A NAME="IDX936"></A>
+<A NAME="IDX937"></A>
+<P><DT><B>The d (delete) permission
+</B><DD>This permission enables a user to remove files and subdirectories from the
+directory or move them into other directories (assuming that the user has the
+<B>i</B> permission on the ACL of the other directories).
+<A NAME="IDX938"></A>
+<A NAME="IDX939"></A>
+<P><DT><B>The a (administer) permission
+</B><DD>This permission enables a user to change the directory's ACL.
+Members of the <B>system:administrators</B> group implicitly have
+this permission on every directory (that is, even if that group does not
+appear on the ACL). Similarly, the owner of a directory implicitly has
+this permission on its ACL and those of all directories below it.
+<A NAME="IDX940"></A>
+<A NAME="IDX941"></A>
+</DL>
+<P><H3><A NAME="HDRWQ48" HREF="auusg002.htm#ToC_84">The Three File Permissions</A></H3>
+<P>The three permissions in this group are meaningful with
+respect to files in a directory, rather than the directory itself or its
+subdirectories.
+<DL>
+<P><DT><B>The r (read) permission
+</B><DD>This permission enables a user to read the contents of files in the
+directory and to issue the <B>ls -l</B> command to stat the file
+elements.
+<A NAME="IDX942"></A>
+<A NAME="IDX943"></A>
+<P><DT><B>The w (write) permission
+</B><DD>This permission enables a user to modify the contents of files in the
+directory and to issue the <B>chmod</B> command to change their UNIX mode
+bits.
+<A NAME="IDX944"></A>
+<A NAME="IDX945"></A>
+<P><DT><B>The k (lock) permission
+</B><DD>This permission enables a user to run programs that issue system calls to
+lock files in the directory.
+<A NAME="IDX946"></A>
+<A NAME="IDX947"></A>
+</DL>
+<P><H3><A NAME="Header_85" HREF="auusg002.htm#ToC_85">The Eight Auxiliary Permissions</A></H3>
+<A NAME="IDX948"></A>
+<A NAME="IDX949"></A>
+<P>AFS provides eight additional permissions that do not have a defined
+meaning. They are denoted by the uppercase letters <B>A</B>,
+<B>B</B>, <B>C</B>, <B>D</B>, <B>E</B>, <B>F</B>,
+<B>G</B>, and <B>H</B>.
+<P>Your system administrator can choose to write application programs that
+assign a meaning to one or more of the permissions, and then place them on
+ACLs to control file access by those programs. Use the <B>fs
+listacl</B> and <B>fs setacl</B> commands to display and set the
+auxiliary permissions on ACLs just like the standard seven.
+<P><H3><A NAME="Header_86" HREF="auusg002.htm#ToC_86">Shorthand Notation for Sets of Permissions</A></H3>
+<A NAME="IDX950"></A>
+<A NAME="IDX951"></A>
+<A NAME="IDX952"></A>
+<P>You can combine the seven permissions in any way in an ACL entry, but
+certain combinations are more useful than others. Four of the more
+common combinations have corresponding shorthand forms. When using the
+<B>fs setacl</B> command to define ACL entries, you can provide either one
+or more of the individual letters that represent the permissions, or one of
+the following shorthand forms:
+<DL>
+<P><DT><B>all
+</B><DD>Represents all seven standard permissions (<B>rlidwka</B>)
+<A NAME="IDX953"></A>
+<P><DT><B>none
+</B><DD>Removes the entry from the ACL, leaving the user or group with no
+permission
+<A NAME="IDX954"></A>
+<P><DT><B>read
+</B><DD>Represents the <B>r</B> (<B>read</B>) and <B>l</B>
+(<B>lookup</B>) permissions
+<A NAME="IDX955"></A>
+<P><DT><B>write
+</B><DD>Represents all permissions except <B>a</B>
+(<B>administer</B>): <B>rlidwk</B>
+<A NAME="IDX956"></A>
+</DL>
+<P><H3><A NAME="HDRWQ49" HREF="auusg002.htm#ToC_87">About Normal and Negative Permissions</A></H3>
+<A NAME="IDX957"></A>
+<A NAME="IDX958"></A>
+<A NAME="IDX959"></A>
+<A NAME="IDX960"></A>
+<A NAME="IDX961"></A>
+<A NAME="IDX962"></A>
+<A NAME="IDX963"></A>
+<P>ACLs enable you both to grant and to deny access to a directory and the
+files in it. To grant access, use the <B>fs setacl</B> command to
+create an ACL entry that associates a set of permissions with a user or group,
+as described in <A HREF="#HDRWQ54">Changing an ACL</A>. When you use the <B>fs listacl</B> command to
+display an ACL (as described in <A HREF="#HDRWQ52">Displaying an ACL</A>), such entries appear underneath the following header, which
+uses the term <I>rights</I> to refer to permissions:
+<PRE> Normal rights
+</PRE>
+<P>There are two ways to deny access:
+<A NAME="IDX964"></A>
+<OL TYPE=1>
+<P><LI>The recommended method is simply to omit an entry for the user or group
+from the ACL, or to omit the appropriate permissions from an entry. Use
+the <B>fs setacl</B> command to remove or edit an existing entry.
+In most cases, this method is enough to prevent access of certain kinds or by
+certain users. You must take care, however, not to grant the undesired
+permissions to any groups to which such users belong.
+<P><LI>The more explicit method for denying access is to place an entry on the
+<I>negative permissions</I> section of an ACL, by including the
+<B>-negative</B> flag to the <B>fs setacl</B> command. For
+instructions, see <A HREF="#HDRWQ56">To Add, Remove, or Edit Negative ACL Permissions</A>. The <B>fs listacl</B> command displays the
+negative permissions section of an ACL underneath the following header:
+<PRE> Negative rights
+</PRE>
+<P>When determining what type of access to grant to a user, AFS first examines
+all of the entries in the normal permissions section of the ACL. It
+then subtracts any permissions associated with the user (or with groups to
+which the user belongs) on the negative permissions section of the ACL.
+Therefore, negative permissions always cancel out normal permissions.
+<P>Negative permissions can be confusing, because they reverse the usual
+meaning of the <B>fs setacl</B> command. In particular, combining
+the <B>none</B> shorthand and the <B>-negative</B> flag is a double
+negative: by removing an entry from the negative permissions section of
+the ACL, you enable a user once again to obtain permissions via entries in the
+normal permissions section. Combining the <B>all</B> shorthand with
+the <B>-negative</B> flag explicitly denies all permissions.
+<P>It is useless to create an entry in the negative permissions section if an
+entry in the normal permissions section grants the denied permissions to the
+<B>system:anyuser</B> group. In this case, users can obtain
+the permissions simply by using the <B>unlog</B> command to discard their
+tokens. When they do so, AFS recognizes them as the
+<B>anonymous</B> user, who belongs to the <B>system:anyuser</B>
+group but does not match the entries on the negative permissions section of
+the ACL.
+</OL>
+<P><H3><A NAME="Header_88" HREF="auusg002.htm#ToC_88">Setting DFS ACLs</A></H3>
+<P>If your machine is configured to access a DCE cell's DFS filespace
+via the AFS/DFS Migration Toolkit, then you can use the AFS <B>fs
+listacl</B> and <B>fs setacl</B> commands to display and set the ACLs on
+DFS directories and files that you own. However, DFS uses a slightly
+different set of permissions and a different syntax for ACL entries.
+See the DFS documentation or ask your system administrator.
+<HR><H2><A NAME="HDRWQ50" HREF="auusg002.htm#ToC_89">Using the System Groups on ACLs</A></H2>
+<P>
+<A NAME="IDX965"></A>
+<A NAME="IDX966"></A>
+<A NAME="IDX967"></A>
+<A NAME="IDX968"></A>
+AFS defines two <I>system groups</I> that grant access to a large number
+of users at once when placed on an ACL. However, you cannot control the
+membership of these groups, so consider carefully what kind of permissions you
+wish to give them. (You do control the membership of the groups you
+own; see <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>.)
+<DL>
+<P><DT><B>system:anyuser
+</B><DD>Includes anyone who can access the cell's file tree, including users
+who have tokens in the local cell, users who have logged in on a local AFS
+client machine but have not obtained tokens (such as the local superuser
+<B>root</B>), and users who have connected to a local machine from outside
+the cell. Creating an ACL entry for this group is the only way to
+extend access to AFS users from foreign cells, unless your system
+administrator creates local authentication accounts for them.
+<A NAME="IDX969"></A>
+<P><DT><B>system:authuser
+</B><DD>Includes all users who have a valid AFS token obtained from the local
+cell's AFS authentication service.
+</DL>
+<P>The third system group, <B>system:administrators</B>, includes a
+small group of administrators who have extensive permissions in the
+cell. You do not generally need to put this group on your ACLs, because
+its members always have the <B>a</B> (<B>administer</B>) permission on
+every ACL, even if the group does not appear on it.
+<P><H3><A NAME="Header_90" HREF="auusg002.htm#ToC_90">Enabling Access to Subdirectories</A></H3>
+<A NAME="IDX970"></A>
+<A NAME="IDX971"></A>
+<P>A user must have the <B>l</B> permission on a directory to access its
+subdirectories in any way. Even if users have extensive permissions on
+a subdirectory, they cannot access it if the parent directory's ACL does
+not grant the <B>l</B> permission.
+<P>You can grant the <B>l</B> permission in one of three ways: grant
+it to a system group (<B>system:anyuser</B> or
+<B>system:authuser</B>), grant it to individual users, or grant it
+to one or more groups of users defined by you or other users (see <A HREF="auusg008.htm#HDRWQ60">Using Groups</A>). Granting the <B>l</B> permission to the
+<B>system:anyuser</B> group is the easiest option and is generally
+secure because the permission only enables users to list the contents of the
+directory, not to read the files in it. If you want to enable only
+locally authenticated users to list a directory's contents, substitute
+the <B>system:authuser</B> group for the
+<B>system:anyuser</B> group. Your system administrator has
+possibly already created an entry on your home directory's ACL that
+grants the <B>r</B> and <B>l</B> permissions to the
+<B>system:anyuser</B> group.
+<P><H3><A NAME="Header_91" HREF="auusg002.htm#ToC_91">Extending Access to Service Processes</A></H3>
+<A NAME="IDX972"></A>
+<P>It is sometimes necessary to grant more extensive permissions to the
+<B>system:anyuser</B> group so that processes that provide printing
+and mail delivery service can work correctly. For example, printing
+processes sometimes need the <B>r</B> permission in addition to the
+<B>l</B> permission. A mail delivery process possibly needs the
+<B>i</B> permission to place new messages in your mail directory.
+Your system administrator has probably already created the necessary ACL
+entries. If you notice an ACL entry for which the purpose is unclear,
+check with your system administrator before removing it.
+<P><H3><A NAME="HDRWQ51" HREF="auusg002.htm#ToC_92">Extending Access to Users from Foreign Cells</A></H3>
+<P>
+<A NAME="IDX973"></A>
+ The only way to grant access to users from foreign cells who do not have an
+account in your cell is to put the <B>system:anyuser</B> group on an
+ACL. Remember, however, that such an entry extends access to everyone
+who can reach your cell, not just the AFS users from foreign cells that you
+have in mind.
+<HR><H2><A NAME="HDRWQ52" HREF="auusg002.htm#ToC_93">Displaying an ACL</A></H2>
+<A NAME="IDX974"></A>
+<A NAME="IDX975"></A>
+<A NAME="IDX976"></A>
+<P>To display the ACL associated with a file or directory, issue the <B>fs
+listacl</B> command.
+<P><B>Note for AFS/DFS Migration Toolkit users:</B> If the machine
+on which you issue the <B>fs listacl</B> command is configured to access a
+DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, you can use
+the command to display the ACL on DFS files and directories. To display
+a DFS directory's Initial Container or Initial Object ACL instead of the
+regular one, include the <B>fs listacl</B> command's <B>-id</B>
+or <B>-if</B> flag. For more information, ask your system
+administrator. The <B>fs</B> command interpreter ignores the
+<B>-id</B> and <B>-if</B> flags if you include them when displaying an
+AFS ACL.
+<P><H3><A NAME="HDRWQ53" HREF="auusg002.htm#ToC_94">To display an ACL</A></H3>
+<OL TYPE=1>
+<P><LI>Issue the <B>fs listacl</B> command.
+<A NAME="IDX977"></A>
+<A NAME="IDX978"></A>
+<PRE> % <B>fs listacl</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>la
+</B><DD>Is an acceptable alias for <B>listacl</B> (and <B>lista</B> is the
+shortest acceptable abbreviation).
+<P><DT><B><VAR>dir/file path</VAR>
+</B><DD>Names one or more files or directories for which to display the
+ACL. For a file, the output displays the ACL on its directory.
+If you omit this argument, the output is for the current working
+directory. Partial pathnames are interpreted relative to the current
+working directory. You can also use the following notation on its own
+or as part of a pathname:
+<DL>
+<P><DT><B>.
+</B><DD>(A single period). Specifies the current working directory.
+<P><DT><B>..
+</B><DD>(Two periods). Specifies the current working directory's
+parent directory.
+<P><DT><B>*
+</B><DD>(The asterisk). Specifies each file and subdirectory in the current
+working directory. The ACL displayed for a file is always the same as
+for its directory, but the ACL for each subdirectory can differ.
+</DL>
+</DL>
+</OL>
+<P>The output for each file or directory specified as <VAR>dir/file path</VAR>
+begins with the following header to identify it:
+<PRE> Access list for <VAR>dir/file path</VAR> is
+</PRE>
+<P>The <TT>Normal rights</TT> header appears on the next line, followed by
+lines that each pair a user or group name and a set of permissions. The
+permissions appear as the single letters defined in <A HREF="#HDRWQ46">The AFS ACL Permissions</A>, and always in the order <B>rlidwka</B>. If there
+are any negative permissions, the <TT>Negative rights</TT> header appears
+next, followed by pairs of negative permissions.
+<P>If the following error message appears instead of an ACL, you do not have
+the permissions needed to display an ACL. To specify a directory name
+as the <VAR>dir/file path</VAR> argument, you must have the <B>l</B>
+(<B>lookup</B>) permission on the ACL. To specify a filename, you
+must also have the <B>r</B> (<B>read</B>) permission on its
+directory's ACL.
+<PRE> fs: You don't have the required access permissions on '<VAR>dir/file path</VAR>'
+</PRE>
+<P><H3><A NAME="Header_95" HREF="auusg002.htm#ToC_95">Example: Displaying the ACL on One Directory</A></H3>
+<A NAME="IDX979"></A>
+<P>The following example displays the ACL on user <B>terry</B>'s home
+directory in the ABC Corporation cell:
+<PRE> % <B>fs la /afs/abc.com/usr/terry</B>
+ Access list for /afs/abc.com/usr/terry is
+ Normal rights:
+ system:authuser rl
+ pat rlw
+ terry rlidwka
+ Negative rights:
+ terry:other-dept rl
+ jones rl
+</PRE>
+<P>where <B>pat</B>, <B>terry</B>, and <B>jones</B> are individual
+users, <B>system:authuser</B> is a system group, and
+<B>terry:other-dept</B> is a group that <B>terry</B>
+owns. The list of normal permissions grants all permissions to
+<B>terry</B>, the <B>rlw</B> permissions to <B>pat</B>, and the
+<B>rl</B> permissions to the members of the
+<B>system:authuser</B> group.
+<P>The list of negative permissions denies the <B>rl</B> permissions to
+<B>jones</B> and the members of the <B>terry:other-dept</B>
+group. These entries effectively prevent them from accessing
+<B>terry</B>'s home directory in any way; they cancel out the
+<B>rl</B> permissions extended to the <B>system:authuser</B>
+group, which is the only entry on the normal permissions section of the ACL
+that possibly applies to them.
+<P><H3><A NAME="Header_96" HREF="auusg002.htm#ToC_96">Example: Displaying the ACLs on Multiple Directories</A></H3>
+<A NAME="IDX980"></A>
+<P>The following example illustrates how you can specify pathnames in
+different ways, and the appearance of the output for multiple
+directories. It displays the ACL for three directories: the
+current working directory (which is a subdirectory of user
+<B>terry</B>'s home directory), the home directory for user
+<B>pat</B>, and another subdirectory of <B>terry</B>'s home
+directory called <B>plans</B>.
+<PRE> % <B>fs listacl . /afs/abc.com/usr/pat ../plans</B>
+ Access list for . is
+ Normal rights:
+ system:anyuser rl
+ pat:dept rliw
+ Access list for /afs/abc.com/usr/pat is
+ Normal rights:
+ system:anyuser rl
+ pat rlidwka
+ terry rliw
+ Access list for ../plans is
+ Normal rights:
+ terry rlidwka
+ pat rlidw
+</PRE>
+<HR><H2><A NAME="HDRWQ54" HREF="auusg002.htm#ToC_97">Changing an ACL</A></H2>
+<A NAME="IDX981"></A>
+<A NAME="IDX982"></A>
+<A NAME="IDX983"></A>
+<A NAME="IDX984"></A>
+<P>To add, remove, or edit ACL entries, use the <B>fs setacl</B>
+command. By default, the command manipulates entries on the normal
+permissions section of the ACL. To manipulate entries on the negative
+permissions section, include the <B>-negative</B> flag as instructed in <A HREF="#HDRWQ56">To Add, Remove, or Edit Negative ACL Permissions</A>.
+<P>You can change any ACL on which you already have the <B>a</B>
+permission. You always have the <B>a</B> permission on the ACL of
+every directory that you own, even if you accidentally remove that permission
+from the ACL. (The <B>ls -ld</B> command reports a directory's
+owner.) Your system administrator normally designates you as the owner
+of your home directory and its subdirectories, and you possibly own other
+directories also.
+<P>If an ACL entry already exists for the user or group you specify, then the
+new permissions completely replace the existing permissions rather than being
+added to them. In other words, when issuing the <B>fs setacl</B>
+command, you must include all permissions that you want to grant to a user or
+group.
+<P><B>Note for AFS/DFS Migration Toolkit users:</B> If the machine
+on which you issue the <B>fs setacl</B> command is configured to access a
+DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, you can use
+the command to set the ACL on DFS files and directories. To set a DFS
+directory's Initial Container or Initial Object ACL instead of the
+regular one, include the <B>fs setacl</B> command's <B>-id</B> or
+<B>-if</B> flag. For more information, ask your system
+administrator. The <B>fs</B> command interpreter ignores the
+<B>-id</B> and <B>-if</B> flags if you include them when setting an
+AFS ACL.
+<P><H3><A NAME="HDRWQ55" HREF="auusg002.htm#ToC_98">To Add, Remove, or Edit Normal ACL Permissions</A></H3>
+<A NAME="IDX985"></A>
+<A NAME="IDX986"></A>
+<A NAME="IDX987"></A>
+<A NAME="IDX988"></A>
+<A NAME="IDX989"></A>
+<A NAME="IDX990"></A>
+<A NAME="IDX991"></A>
+<P>Issue the <B>fs setacl</B> command to edit entries in the normal
+permissions section of the ACL. To remove an entry, specify the
+<B>none</B> shorthand as the permissions. If an ACL entry already
+exists for a user or group, the permissions you specify completely replace
+those in the existing entry.
+<A NAME="IDX992"></A>
+<A NAME="IDX993"></A>
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is an acceptable alias for <B>setacl</B> (and <B>seta</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-dir
+</B><DD>Names one or more directories to which to apply the ACL entries defined by
+the <B>-acl</B> argument. Partial pathnames are interpreted
+relative to the current working directory. You can also use the
+following notation on its own or as part of a pathname:
+<DL>
+<P><DT><B>.
+</B><DD>(A single period). If used by itself, sets the ACL on the current
+working directory.
+<P><DT><B>..
+</B><DD>(Two periods). If used by itself, sets the ACL on the current
+working directory's parent directory.
+<P><DT><B>*
+</B><DD>(The asterisk). Sets the ACL on each of the subdirectories in the
+current working directory. You must precede it with the <B>-dir</B>
+switch, since it potentially designates multiple directories. The
+<B>fs</B> command interpreter generates the following error message for
+each file in the directory:
+<PRE> fs: '<VAR>filename</VAR>': Not a directory
+</PRE>
+</DL>
+<P>If you specify only one directory (or file) name, you can omit the
+<B>-dir</B> and <B>-acl</B> switches. For more on omitting
+switches, see <A HREF="auusg011.htm#HDRWQ86">Appendix B, AFS Command Syntax and Online Help</A>.
+<P><DT><B>-acl
+</B><DD>Specifies one or more ACL entries, each of which pairs a user or group
+name and a set of permissions. Separate the pairs, and the two parts of
+each pair, with one or more spaces.
+<P>To define the permissions, provide either:
+<UL>
+<P><LI>One or more of the letters that represent the standard or auxiliary
+permissions (<B>rlidwka</B> and <B>ABCDEFGH</B>), in any order
+<P><LI>One of the four shorthand notations:
+<UL>
+<P><LI><B>all</B> (equals <B>rlidwka</B>)
+<P><LI><B>none</B> (removes the entry)
+<P><LI><B>read</B> (equals <B>rl</B>)
+<P><LI><B>write</B> (equals <B>rlidwk</B>)
+</UL>
+</UL>
+<P>On a single command line, you can combine user and group entries.
+Also, you can both combine individual letters and use the shorthand notations,
+but not within a single pair.
+</DL>
+<P><H3><A NAME="Header_99" HREF="auusg002.htm#ToC_99">Example: Adding a Single ACL Entry</A></H3>
+<A NAME="IDX994"></A>
+<P>Either of the following example commands grants user <B>pat</B> the
+<B>r</B> and <B>l</B> permissions on the ACL of the <B>notes</B>
+subdirectory of the current working directory. They illustrate how it
+is possible to omit the <B>-dir</B> and <B>-acl</B> switches when you
+name only one directory.
+<PRE> % <B>fs sa notes pat rl</B>
+ % <B>fs sa pat read</B>
+</PRE>
+<P><H3><A NAME="Header_100" HREF="auusg002.htm#ToC_100">Example: Setting Several ACL Entries on One Directory</A></H3>
+<P>The following example edits the ACL for the current working
+directory. It removes the entry for the <B>system:anyuser</B>
+group, and adds two entries: one grants all permissions except
+<B>a</B> to the members of the <B>terry:colleagues</B> group and
+the other grants the <B>r</B> and <B>l</B> permissions to the
+<B>system:authuser</B> group.
+<PRE> % <B>fs sa -dir . -acl system:anyuser none terry:colleagues write</B> \
+ <B>system:authuser rl</B>
+</PRE>
+<P><H3><A NAME="HDRWQ56" HREF="auusg002.htm#ToC_101">To Add, Remove, or Edit Negative ACL Permissions</A></H3>
+<A NAME="IDX995"></A>
+<A NAME="IDX996"></A>
+<A NAME="IDX997"></A>
+<A NAME="IDX998"></A>
+<A NAME="IDX999"></A>
+<A NAME="IDX1000"></A>
+<P>Issue the <B>fs setacl</B> command with the <B>-negative</B> flag
+to edit entries in the negative permissions section of the ACL. To
+remove an entry, specify the <B>none</B> shorthand as the
+permissions. If an ACL entry already exists for a user or group, the
+permissions you specify completely replace those in the existing entry.
+<A NAME="IDX1001"></A>
+<A NAME="IDX1002"></A>
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP> <B>-negative</B>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is an acceptable alias for <B>setacl</B> (and <B>seta</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-dir
+</B><DD>Names one or more directories to which to apply the negative ACL entries
+defined by the <B>-acl</B> argument. For a detailed description of
+acceptable values, see <A HREF="#HDRWQ55">To Add, Remove, or Edit Normal ACL Permissions</A>.
+<P><DT><B>-acl
+</B><DD>Specifies one or more ACL entries, each of which pairs a user or group
+name and a set of permissions. Separate the pairs, and the two parts of
+each pair, with one or more spaces. For a detailed description of
+acceptable values, see <A HREF="#HDRWQ55">To Add, Remove, or Edit Normal ACL Permissions</A>. Keep in mind that the usual meaning of each
+permission is reversed.
+<P><DT><B>-negative
+</B><DD>Places the entries defined by the <B>-acl</B> argument on the negative
+permissions section of the ACL for each directory named by the <B>-dir</B>
+argument.
+</DL>
+<P><H3><A NAME="Header_102" HREF="auusg002.htm#ToC_102">Example: Setting an Entry in the Negative Permissions Section</A></H3>
+<A NAME="IDX1003"></A>
+<P>User <B>terry</B> has granted all access permissions except
+<B>a</B> to the group <B>terry:team</B> on her <B>plans</B>
+subdirectory.
+<PRE> % <B>cd /afs/abc.com/usr/terry</B>
+ % <B>fs listacl plans</B>
+ Access control list for plans is
+ Normal rights:
+ system:anyuser rl
+ terry:team rlidwk
+ terry rlidwka
+</PRE>
+<P>However, <B>terry</B> notices that one of the members of the group,
+user <B>pat</B>, has been making inappropriate changes to files. To
+prevent this without removing <B>pat</B> from the group or changing the
+permissions for the <B>terry:team</B> group, <B>terry</B>
+creates an entry on the negative permissions section of the ACL that denies
+the <B>w</B> and <B>d</B> permissions to <B>pat</B>:
+<PRE> % <B>fs setacl plans pat wd -negative</B>
+ % <B>fs listacl plans</B>
+ Access control list for plans is
+ Normal rights:
+ system:anyuser rl
+ terry:team rlidwk
+ terry: rlidwka
+ Negative rights:
+ pat wd
+</PRE>
+<P><H3><A NAME="Header_103" HREF="auusg002.htm#ToC_103">Example: Restoring Access by Removing an Entry from the Negative Permissions Section</A></H3>
+<P>In the previous example, user <B>terry</B> put <B>pat</B> on
+the negative permissions section of ACL for the <B>plans</B>
+subdirectory. But the result has been inconvenient and <B>pat</B>
+has promised not to change files any more. To enable <B>pat</B> to
+exercise all permissions granted to the members of the
+<B>terry:team</B> group, <B>terry</B> removes the entry for
+<B>pat</B> from the negative permissions section of the ACL.
+<PRE> % <B>fs setacl plans pat none -negative</B>
+ % <B>fs listacl plans</B>
+ Access control list for plans is
+ Normal rights:
+ system:anyuser rl
+ terry:team rlidwk
+ terry rlidwka
+</PRE>
+<HR><H2><A NAME="HDRWQ57" HREF="auusg002.htm#ToC_104">Completely Replacing an ACL</A></H2>
+<A NAME="IDX1004"></A>
+<A NAME="IDX1005"></A>
+<A NAME="IDX1006"></A>
+<A NAME="IDX1007"></A>
+<A NAME="IDX1008"></A>
+<A NAME="IDX1009"></A>
+<A NAME="IDX1010"></A>
+<P>It is sometimes simplest to clear an ACL completely before defining new
+permissions on it, for instance if the mix of normal and negative permissions
+makes it difficult to understand how their interaction affects access to the
+directory. To clear an ACL completely while you define new entries,
+include the <B>-clear</B> flag on the <B>fs setacl</B> command.
+When you include this flag, you can create entries on either the normal
+permissions or the negative permissions section of the ACL, but not on both at
+once.
+<P>Remember to create an entry for yourself. As the owner of the
+directory, you always have the <B>a</B> (<B>administer</B>) permission
+required to replace a deleted entry, but the effects the effects of a missing
+ACL entry can be confusing enough to make it difficult to realize that the
+problem is a missing entry. In particular, the lack of the <B>l</B>
+(<B>lookup</B>) permission prevents you from using any shorthand notation
+in pathnames (such as a period for the current working directory or two
+periods for the parent directory).
+<P><H3><A NAME="Header_105" HREF="auusg002.htm#ToC_105">To Replace an ACL Completely</A></H3>
+<P>Issue the <B>fs setacl</B> command with the <B>-clear</B> flag
+to clear the ACL completely before setting either normal or negative
+permissions. Because you need to grant the owner of the directory all
+permissions, it is better in most cases to set normal permissions at this
+point.
+<A NAME="IDX1011"></A>
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP> <B>-clear</B> [<B>-negative</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>sa
+</B><DD>Is an acceptable alias for <B>setacl</B> (and <B>seta</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-dir
+</B><DD>Names one or more directories to which to apply the ACL entries defined by
+the <B>-acl</B> argument. For a detailed description of acceptable
+values, see <A HREF="#HDRWQ55">To Add, Remove, or Edit Normal ACL Permissions</A>.
+<P><DT><B>-acl
+</B><DD>Specifies one or more ACL entries, each of which pairs a user or group
+name and a set of permissions. Separate the pairs, and the two parts of
+each pair, with one or more spaces. Remember to grant all permissions
+to the owner of the directory. For a detailed description of acceptable
+values, see <A HREF="#HDRWQ55">To Add, Remove, or Edit Normal ACL Permissions</A>.
+<P><DT><B>-clear
+</B><DD>Removes all entries from each ACL before creating the entries indicated by
+the <B>-acl</B> argument.
+<P><DT><B>-negative
+</B><DD>Places the entries defined by the <B>-acl</B> argument on the negative
+permissions section of each ACL.
+</DL>
+<P><H3><A NAME="Header_106" HREF="auusg002.htm#ToC_106">Example: Replacing an ACL</A></H3>
+<A NAME="IDX1012"></A>
+<P>The following example clears the ACL on the current working directory and
+creates entries that grant all permissions to user <B>terry</B> and all
+permissions except <B>a</B> to user <B>pat</B>.
+<PRE> % <B>fs setacl . terry all pat write -clear</B>
+ % <B>fs listacl .</B>
+ Access control list for . is
+ Normal rights:
+ terry rlidwka
+ pat rlidwk
+</PRE>
+<HR><H2><A NAME="HDRWQ58" HREF="auusg002.htm#ToC_107">Copying ACLs Between Directories</A></H2>
+<A NAME="IDX1013"></A>
+<A NAME="IDX1014"></A>
+<A NAME="IDX1015"></A>
+<A NAME="IDX1016"></A>
+<P>The <B>fs copyacl</B> command copies a source directory's ACL to
+one or more destination directories. It does not affect the source ACL
+at all, but changes each destination ACL as follows:
+<UL>
+<P><LI>If an entry on the source ACL does not exist on the destination ACL, the
+command copies it to the destination ACL.
+<P><LI>If an entry on the destination ACL does not also exist on the source ACL,
+the command does not remove it unless you include the <B>-clear</B> flag,
+which overwrites the destination ACL completely.
+<P><LI>If an entry is on both ACLs, the command changes the destination ACL entry
+to match the source ACL entry.
+</UL>
+<P>To copy an ACL, you must have the <B>l</B> permission on the source ACL
+and the <B>a</B> permission on each destination ACL. If you
+identify the source directory by naming a file in it, you must also have the
+<B>r</B> permission on the source ACL. To display the permissions
+you have on the two directories, use the <B>fs listacl</B> command as
+described in <A HREF="#HDRWQ52">Displaying an ACL</A>.
+<P><B>Note for AFS/DFS Migration Toolkit users:</B> If the machine
+on which you issue the <B>fs copyacl</B> command is configured for access
+to a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, you can
+use the command to copy ACLs between DFS files and directories also.
+The command includes <B>-id</B> and <B>-if</B> flags for altering a
+DFS directory's Initial Container and Initial Object ACLs as well as its
+regular ACL; for details, ask your system administrator. You
+cannot copy ACLs between AFS and DFS directories, because they use different
+ACL formats. The <B>fs</B> command interpreter ignores the
+<B>-id</B> and <B>-if</B> flags if you include them when copying AFS
+ACLs.
+<P><H3><A NAME="Header_108" HREF="auusg002.htm#ToC_108">To Copy an ACL Between Directories</A></H3>
+<A NAME="IDX1017"></A>
+<A NAME="IDX1018"></A>
+<P>Issue the <B>fs copyacl</B> command to copy a source ACL to the ACL on
+one or more destination directories.
+<PRE> % <B>fs copyacl -fromdir</B> <<VAR>source directory</VAR>> <B>-todir</B> <<VAR>destination directory</VAR>><SUP>+</SUP> \
+ [<B>-clear</B>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>co
+</B><DD>Is the shortest acceptable abbreviation for <B>copyacl</B>.
+<P><DT><B>-fromdir
+</B><DD>Names the source directory from which to copy the ACL. Partial
+pathnames are interpreted relative to the current working directory. If
+this argument names a file, the ACL is copied from its directory.
+<P><DT><B>-todir
+</B><DD>Names each destination directory to which to copy the source ACL.
+Partial pathnames are interpreted relative to the current working
+directory. Filenames are not acceptable.
+<P><DT><B>-clear
+</B><DD>Completely overwrites each destination directory's ACL with the
+source ACL.
+</DL>
+<P><H3><A NAME="Header_109" HREF="auusg002.htm#ToC_109">Example: Copying an ACL from One Directory to Another</A></H3>
+<A NAME="IDX1019"></A>
+<P>In this example, user <B>terry</B> copies the ACL from her home
+directory (the current working directory) to its <B>plans</B>
+subdirectory. She begins by displaying both ACLs.
+<PRE> % <B>fs listacl . plans</B>
+ Access list for . is
+ Normal rights:
+ terry rlidwka
+ pat rlidwk
+ jones rl
+ Access list for plans is
+ Normal rights:
+ terry rlidwka
+ pat rl
+ smith rl
+
+ % <B>fs copyacl -from . -to plans</B>
+
+ % <B>fs listacl . plans</B>
+ Access list for . is
+ Normal rights:
+ terry rlidwka
+ pat rlidwk
+ jones rl
+ Access list for plans is
+ Normal rights:
+ terry rlidwka
+ pat rlidwk
+ jones rl
+ smith rl
+</PRE>
+<HR><H2><A NAME="HDRWQ59" HREF="auusg002.htm#ToC_110">How AFS Uses the UNIX Mode Bits</A></H2>
+<A NAME="IDX1020"></A>
+<A NAME="IDX1021"></A>
+<P>Although AFS protects data primarily with ACLs rather than mode bits, it
+does not ignore the mode bits entirely. An explanation of how mode bits
+work in the UNIX file system is outside the scope of this document, and the
+following discussion assumes you understand them; if necessary, see your
+UNIX documentation. Also, the following discussion does not cover the
+setuid, setgid or sticky bits. If you need to understand how those bits
+work on AFS files, see the <I>IBM AFS Administration Guide</I> or ask your
+system administrator.
+<P>AFS uses the UNIX mode bits in the following way:
+<UL>
+<P><LI>It uses the initial bit to distinguish files and directories. This
+is the bit that appears first in the output from the <B>ls -l</B> command
+and shows the hyphen (<TT>-</TT>) for a file or the letter <TT>d</TT> for
+a directory.
+<P><LI>It does not use any of the mode bits on a directory. The AFS ACL
+alone controls directory access.
+<P><LI>For a file, the owner (first) set of bits interacts with the ACL entries
+that apply to the file in the following way. AFS does not use the group
+or world (second and third sets) of mode bits at all.
+<UL>
+<P><LI>If the first <B>r</B> mode bit is not set, no one (including the
+owner) can read the file, no matter what permissions they have on the
+ACL. If the bit is set, users also need the <B>r</B> and
+<B>l</B> permissions on the ACL of the file's directory to read the
+file.
+<P><LI>If the first <B>w</B> mode bit is not set, no one (including the
+owner) can modify the file. If the <B>w</B> bit is set, users also
+need the <B>w</B> and <B>l</B> permissions on the ACL of the
+file's directory to modify the file.
+<P><LI>There is no ACL permission directly corresponding to the <B>x</B> mode
+bit, but to execute a file stored in AFS, the user must also have the
+<B>r</B> and <B>l</B> permissions on the ACL of the file's
+directory.
+</UL>
+</UL>
+<P>When you issue the UNIX <B>chmod</B> command on an AFS file or
+directory, AFS changes the bits appropriately. To change a file's
+mode bits, you must have the AFS <B>w</B> permission on the ACL of the
+file's directory. To change a directory's mode bits, you must
+have the <B>d</B>, <B>i</B>, and <B>l</B> permissions on its
+ACL.
+<A NAME="IDX1022"></A>
+<A NAME="IDX1023"></A>
+<P><H3><A NAME="Header_111" HREF="auusg002.htm#ToC_111">Example: Disabling Write Access for a File</A></H3>
+<P><B></B>
+<A NAME="IDX1024"></A>
+<P>Suppose <B>terry</B> is chairing a committee that is writing a
+proposal. As each section is approved, she turns off write access to
+that file to prevent further changes. For example, the following
+<B>chmod</B> command turns off the <B>w</B> mode bits on the file
+<B>proposal.chap2</B>. This makes it impossible for anyone
+to change the file, no matter what permissions are granted on the directory
+ACL.
+<PRE> % <B>chmod -w proposal.chap2</B>
+ % <B>ls -l</B>
+ -rw-r--r-- 1 terry 573 Nov 10 09:57 conclusion
+ -r--r--r-- 1 terry 573 Nov 15 10:34 intro
+ -r--r--r-- 1 terry 573 Dec 1 15:07 proposal.chap2
+ -rw-r--r-- 1 terry 573 Nov 10 09:57 proposal.chap3
+ -rw-r--r-- 1 terry 573 Nov 10 09:57 proposal.chap4
+</PRE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg006.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg008.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ60" HREF="auusg002.htm#ToC_112">Using Groups</A></H1>
+<P>This chapter explains how to create groups and discusses
+different ways to use them.
+<HR><H2><A NAME="HDRWQ61" HREF="auusg002.htm#ToC_113">About Groups</A></H2>
+<P>An AFS <I>group</I> is a list of specific users that you
+can place on access control lists (ACLs). Groups make it much easier to
+maintain ACLs. Instead of creating an ACL entry for every user
+individually, you create one entry for a group to which the users
+belong. Similarly, you can grant a user access to many directories at
+once by adding the user to a group that appears on the relevant ACLs.
+<P>AFS client machines can also belong to a group. Anyone logged into
+the machine inherits the permissions granted to the group on an ACL, even if
+they are not authenticated with AFS. In general, groups of machines are
+useful only to system administrators, for specialized purposes like complying
+with licensing agreements your cell has with software vendors. Talk
+with your system administrator before putting a client machine in a group or
+using a machine group on an ACL.
+<A NAME="IDX1025"></A>
+<A NAME="IDX1026"></A>
+<P>To learn about AFS file protection and how to add groups to ACLs, see <A HREF="auusg007.htm#HDRWQ44">Protecting Your Directories and Files</A>.
+<P><H3><A NAME="HDRWQ62" HREF="auusg002.htm#ToC_114">Suggestions for Using Groups Effectively</A></H3>
+<P>There are three typical ways to use groups, each suited to a
+particular purpose: private use, shared use, and group use. The
+following are only suggestions. You are free to use groups in any way
+you choose.
+<UL>
+<P><LI><I>Private use</I>: you create a group and place it on the ACL
+of directories you own, without necessarily informing the group's members
+that they belong to it. Members notice only that they can or cannot
+access the directory in a certain way. You retain sole administrative
+control over the group, since you are the owner.
+<A NAME="IDX1027"></A>
+<A NAME="IDX1028"></A>
+<P>The existence of the group and the identity of its members is not
+necessarily secret. Other users can see the group's name on an ACL
+when they use the <B>fs listacl</B> command, and can use the <B>pts
+membership</B> command to display + the groups to which they themselves
+belong. You can, however, limit who can display the members of the
+group, as described in <A HREF="#HDRWQ74">Protecting Group-Related Information</A>.
+<P><LI><I>Shared use</I>: you inform the group's members that they
+belong to the group, but you are the group's sole owner and
+administrator. For example, the manager of a work group can create a
+group of all the members in the work group, and encourage them to use it on
+the ACLs of directories that house information they want to share with other
+members of the group.
+<A NAME="IDX1029"></A>
+<A NAME="IDX1030"></A>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you place a group owned by someone else on your ACLs, the group's
+owner can change the group's membership without informing you.
+Someone new can gain or lose access in a way you did not intend and without
+your knowledge.
+</TD></TR></TABLE>
+<P><LI><I>Group use</I>: you create a group and then use the <B>pts
+chown</B> command to assign ownership to a group--either another group
+or the group itself (the latter type is a <I>self-owned</I> group).
+You inform the members of the owning group that they all can administer the
+owned group. For instructions for the <B>pts chown</B> command, see
+<A HREF="#HDRWQ73">To Change a Group's Owner</A>.
+<A NAME="IDX1031"></A>
+<A NAME="IDX1032"></A>
+<A NAME="IDX1033"></A>
+<A NAME="IDX1034"></A>
+<A NAME="IDX1035"></A>
+<P>The main advantage of designating a group as an owner is that several
+people share responsibility for administering the group. A single
+person does not have to perform all administrative tasks, and if the
+group's original owner leaves the cell, there are still other people who
+can administer it.
+<P>However, everyone in the owner group can make changes that affect others
+negatively: adding or removing people from the group inappropriately or
+changing the group's ownership to themselves exclusively. These
+problems can be particularly sensitive in a self-owned group. Using an
+owner group works best if all the members know and trust each other; it
+is probably wise to keep the number of people in an owner group small.
+</UL>
+<P><H3><A NAME="HDRWQ63" HREF="auusg002.htm#ToC_115">Group Names</A></H3>
+<A NAME="IDX1036"></A>
+<P>The groups you create must have names with two parts, in the following
+format:
+<P><VAR> owner_name</VAR><B>:</B><VAR>group_name</VAR>
+<P>The <VAR>owner_name</VAR> prefix indicates which user or group owns the group
+(naming rules appear in <A HREF="#HDRWQ69">To Create a Group</A>). The <VAR>group_name</VAR> part indicates the
+group's purpose or its members' common interest. Group names
+must always be typed in full, so a short <VAR>group_name</VAR> is most
+practical. However, names like <B>terry:1</B> and
+<B>terry:2</B> that do not indicate the group's purpose are
+less useful than names like <B>terry:project</B>.
+<P>Groups that do not have the <VAR>owner_name</VAR> prefix possibly appear on
+some ACLs; they are created by system administrators only. All of
+the groups you create must have an <VAR>owner_name</VAR> prefix.
+<P><H3><A NAME="Header_116" HREF="auusg002.htm#ToC_116">Group-creation Quota</A></H3>
+<A NAME="IDX1037"></A>
+<A NAME="IDX1038"></A>
+<P>By default, you can create 20 groups, but your system administrators can
+change your <I>group-creation quota</I> if appropriate. When you
+create a group, your group quota decrements by one. When a group that
+you created is deleted, your quota increments by one, even if you are no
+longer the owner. You cannot increase your quota by transferring
+ownership of a group to someone else, because you are always recorded as the
+creator.
+<P>If you exhaust your group-creation quota and need to create more groups,
+ask your system administrator. For instructions for displaying your
+group-creation quota, see <A HREF="#HDRWQ67">To Display A Group Entry</A>.
+<HR><H2><A NAME="HDRWQ64" HREF="auusg002.htm#ToC_117">Displaying Group Information</A></H2>
+<A NAME="IDX1039"></A>
+<A NAME="IDX1040"></A>
+<A NAME="IDX1041"></A>
+<P>You can use the following commands to display information about groups and
+the users who belong to them:
+<UL>
+<P><LI>To display the members of a group, or the groups to which a user belongs,
+use the <B>pts membership</B> command.
+<P><LI>To display the groups that a user or group owns, use the <B>pts
+listowned</B> command.
+<P><LI>To display general information about a user or group, including its name,
+AFS ID, creator, and owner, use the <B>pts examine</B> command.
+</UL>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">The <B>system:anyuser</B> and <B>system:authuser</B>
+system groups do not appear in a user's list of group memberships, and
+the <B>pts membership</B> command does not display their members.
+For more information on the system groups, see <A HREF="auusg007.htm#HDRWQ50">Using the System Groups on ACLs</A>.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ65" HREF="auusg002.htm#ToC_118">To Display Group Membership</A></H3>
+<A NAME="IDX1042"></A>
+<A NAME="IDX1043"></A>
+<P>Issue the <B>pts membership</B> command to display the members of a
+group, or the groups to which a user belongs.
+<PRE> % <B>pts membership</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where <VAR>user or group name or id</VAR> specifies the name or AFS UID of
+each user for which to display group membership, or the name or AFS GID of
+each group for which to display the members. If identifying a group by
+its AFS GID, precede the GID with a hyphen (<B>-</B>) to indicate that it
+is a negative number.
+<P><H3><A NAME="Header_119" HREF="auusg002.htm#ToC_119">Example: Displaying the Members of a Group</A></H3>
+<A NAME="IDX1044"></A>
+<P>The following example displays the members of the group
+<B>terry:team</B>.
+<PRE> % <B>pts membership terry:team</B>
+ Members of terry:team (id: -286) are:
+ terry
+ smith
+ pat
+ johnson
+</PRE>
+<P><H3><A NAME="Header_120" HREF="auusg002.htm#ToC_120">Example: Displaying the Groups to Which a User Belongs</A></H3>
+<P>The following example displays the groups to which users
+<B>terry</B> and <B>pat</B> belong.
+<PRE> % <B>pts membership terry pat</B>
+ Groups terry (id: 1022) is a member of:
+ smith:friends
+ pat:accounting
+ terry:team
+ Groups pat (id: 1845) is a member of:
+ pat:accounting
+ sam:managers
+ terry:team
+</PRE>
+<P><H3><A NAME="HDRWQ66" HREF="auusg002.htm#ToC_121">To Display the Groups a User or Group Owns</A></H3>
+<A NAME="IDX1045"></A>
+<A NAME="IDX1046"></A>
+<A NAME="IDX1047"></A>
+<A NAME="IDX1048"></A>
+<A NAME="IDX1049"></A>
+<P>Issue the <B>pts listowned</B> command to display the groups that a
+user or group owns.
+<PRE> % <B>pts listowned</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where <VAR>user or group name or id</VAR> specifies the name or AFS UID of
+each user, or the name or AFS GID of each group, for which to display group
+ownership. If identifying a group by its AFS GID, precede the GID with
+a hyphen (<B>-</B>) to indicate that it is a negative number.
+<P><H3><A NAME="Header_122" HREF="auusg002.htm#ToC_122">Example: Displaying the Groups a Group Owns</A></H3>
+<A NAME="IDX1050"></A>
+<P>The following example displays the groups that the group
+<B>terry:team</B> owns.
+<PRE> % <B>pts listowned -286</B>
+ Groups owned by terry:team (id: -286) are:
+ terry:project
+ terry:planners
+</PRE>
+<P><H3><A NAME="Header_123" HREF="auusg002.htm#ToC_123">Example: Displaying the Groups a User Owns</A></H3>
+<A NAME="IDX1051"></A>
+<P>The following example displays the groups that user <B>pat</B>
+owns.
+<PRE> % <B>pts listowned pat</B>
+ Groups owned by pat (id: 1845) are:
+ pat:accounting
+ pat:plans
+
+</PRE>
+<P><H3><A NAME="HDRWQ67" HREF="auusg002.htm#ToC_124">To Display A Group Entry</A></H3>
+<A NAME="IDX1052"></A>
+<A NAME="IDX1053"></A>
+<A NAME="IDX1054"></A>
+<A NAME="IDX1055"></A>
+<A NAME="IDX1056"></A>
+<A NAME="IDX1057"></A>
+<A NAME="IDX1058"></A>
+<A NAME="IDX1059"></A>
+<A NAME="IDX1060"></A>
+<P>Issue the <B>pts examine</B> command to display general information
+about a user or group, including its name, AFS ID, creator, and owner.
+<PRE> % <B>pts examine</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where <VAR>user or group name or id</VAR> specifies the name or AFS UID of
+each user, or the name or AFS GID of each group, for which to display
+group-related information. If identifying a group by its AFS GID,
+precede the GID with a hyphen (<B>-</B>) to indicate that it is a negative
+number.
+<P>The output includes information in the following fields:
+<DL>
+<P><DT><B><TT>Name</TT>
+</B><DD>For users, this is the character string typed when logging in. For
+machines, the name is the IP address; a zero in address field acts as a
+wildcard, matching any value. For most groups, this is a name of the
+form <VAR>owner_name</VAR><B>:</B><VAR>group_name</VAR>. Some
+groups created by your system administrator do not have the
+<VAR>owner_name</VAR> prefix. See <A HREF="#HDRWQ63">Group Names</A>.
+<P><DT><B><TT>id</TT>
+</B><DD>This is a unique identification number that the AFS server processes use
+internally. It is similar in function to a UNIX UID, but operates in
+AFS rather than the UNIX file system. Users and machines have positive
+integer AFS user IDs (UIDs), and groups have negative integer AFS group IDs
+(GIDs).
+<A NAME="IDX1061"></A>
+<A NAME="IDX1062"></A>
+<A NAME="IDX1063"></A>
+<P><DT><B><TT>owner</TT>
+</B><DD>This is the user or group that owns the entry and so can administer
+it.
+<P><DT><B><TT>creator</TT>
+</B><DD>The name of the user who issued the <B>pts createuser</B> and <B>pts
+creategroup</B> command to create the entry. This field is useful
+mainly as an audit trail and cannot be changed.
+<P><DT><B><TT>membership</TT>
+</B><DD>For users and machines, this indicates how many groups the user or machine
+belongs to. For groups, it indicates how many members belong to the
+group. This number cannot be set explicitly.
+<P><DT><B><TT>flags</TT>
+</B><DD>This field indicates who is allowed to list certain information about the
+entry or change it in certain ways. See <A HREF="#HDRWQ74">Protecting Group-Related Information</A>.
+<P><DT><B><TT>group quota</TT>
+</B><DD>This field indicates how many more groups a user is allowed to
+create. It is set to 20 when a user entry is created. The
+creation quota for machines or groups is meaningless because it not possible
+to authenticate as a machine or group.
+</DL>
+<P><H3><A NAME="Header_125" HREF="auusg002.htm#ToC_125">Example: Listing Information about a Group</A></H3>
+<A NAME="IDX1064"></A>
+<P>The following example displays information about the group
+<B>pat:accounting</B>, which includes members of the department that
+<B>pat</B> manages. Notice that the group is self-owned, which
+means that all of its members can administer it.
+<PRE> % <B>pts examine pat:accounting</B>
+ Name: pat:accounting, id: -673, owner: pat:accounting, creator: pat,
+ membership: 15, flags: S-M--, group quota: 0
+</PRE>
+<P>
+<P><H3><A NAME="Header_126" HREF="auusg002.htm#ToC_126">Example: Listing Group Information about a User</A></H3>
+<A NAME="IDX1065"></A>
+<P>The following example displays group-related information about user
+<B>pat</B>. The two most interesting fields are
+<TT>membership</TT>, which shows that <B>pat</B> belongs to 12 groups,
+and <TT>group quota</TT>, which shows that <B>pat</B> can create another
+17 groups.
+<PRE> % <B>pts examine pat</B>
+ Name: pat, id: 1045, owner: system:administrators, creator: admin,
+ membership: 12, flags: S-M--, group quota: 17
+</PRE>
+<HR><H2><A NAME="HDRWQ68" HREF="auusg002.htm#ToC_127">Creating Groups and Adding Members</A></H2>
+<A NAME="IDX1066"></A>
+<A NAME="IDX1067"></A>
+<A NAME="IDX1068"></A>
+<A NAME="IDX1069"></A>
+<A NAME="IDX1070"></A>
+<P>Use the <B>pts creategroup</B> command to create a group and the
+<B>pts adduser</B> command to add members to it. Users and machines
+can belong to groups, but other groups cannot.
+<P>When you create a group, you normally become its owner
+automatically. This means you alone can administer it: add and
+remove members, change the group's name, transfer ownership of the group,
+or delete the group entirely. If you wish, you can designate another
+owner when you create the group, by including the <B>-owner</B> argument
+to the <B>pts creategroup</B> command. If you assign ownership to
+another group, the owning group must already exist and have at least one
+member. You can also change a group's ownership after creating it
+by using the <B>pts chown</B> command as described in <A HREF="#HDRWQ72">Changing a Group's Owner or Name</A>.
+<P><H3><A NAME="HDRWQ69" HREF="auusg002.htm#ToC_128">To Create a Group</A></H3>
+<A NAME="IDX1071"></A>
+<A NAME="IDX1072"></A>
+<P>Issue the <B>pts creategroup</B> command to create a group. Your
+group-creation quota decrements by one for each group.
+<PRE> % <B>pts creategroup -name</B> <<VAR>group name</VAR>>+ [<B>-owner</B> <<VAR>owner of the group</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B>cg
+</B><DD>Is an alias for <B>creategroup</B> (and <B>createg</B> is the
+shortest acceptable abbreviation).
+<P><DT><B>-name
+</B><DD>Names each group to create. The name must have the following
+format:
+<P><VAR>owner_name</VAR><B>:</B><VAR>group_name</VAR>
+<P>The <VAR>owner_name</VAR> prefix must accurately indicate the group's
+owner. By default, you are recorded as the owner, and the
+<VAR>owner_name</VAR> must be your AFS username. You can include the
+<B>-owner</B> argument to designate another AFS user or group as the
+owner, as long as you provide the required value in the <VAR>owner_name</VAR>
+field:
+<A NAME="IDX1073"></A>
+<A NAME="IDX1074"></A>
+<UL>
+<P><LI>If the owner is a user, it must be the AFS username.
+<P><LI>If the owner is another regular group, it must match the owning
+group's <VAR>owner_name</VAR> field. For example, if the owner is
+the group <B>terry:associates</B>, the owner field must be
+<B>terry</B>.
+<P><LI>If the owner is a group without an <VAR>owner_name</VAR> prefix, it must be
+the owning group's name.
+</UL>
+<P>The name can include up to 63 characters including the colon. Use
+numbers and lowercase letters, but no spaces or punctuation characters other
+than the colon.
+<P><DT><B>-owner
+</B><DD>Is optional and assigns ownership to a user other than yourself, or to a
+group. If you specify a group, it must already exist and have at least
+one member. (This means that to make a group self-owned, you must issue
+the <B>pts chown</B> command after using this command to create the group,
+and the <B>pts adduser</B> command to add a member. See <A HREF="#HDRWQ72">Changing a Group's Owner or Name</A>.)
+<P>Do not name a machine as the owner. Because no one can authenticate
+as a machine, there is no way to administer a group owned by a machine.
+</DL>
+<P><H3><A NAME="Header_129" HREF="auusg002.htm#ToC_129">Example: Creating a Group</A></H3>
+<P><B></B>
+<A NAME="IDX1075"></A>
+<P>In the following example user <B>terry</B> creates a group to include
+all the other users in his work team, and then examines the new group
+entry.
+<PRE> % <B>pts creategroup terry:team</B>
+ group terry:team has id -286
+ % <B>pts examine terry:team</B>
+ Name: terry:team, id: -286, owner: terry, creator: terry,
+ membership: 0, flags: S----, group quota: 0.
+</PRE>
+<P><H3><A NAME="HDRWQ70" HREF="auusg002.htm#ToC_130">To Add Members to a Group</A></H3>
+<A NAME="IDX1076"></A>
+<A NAME="IDX1077"></A>
+<A NAME="IDX1078"></A>
+<A NAME="IDX1079"></A>
+<P>Issue the <B>pts adduser</B> command to add one or more users to one or
+more groups. You can always add members to a group you own (either
+directly or because you belong to the owning group). If you belong to a
+group, you can add members if its fourth privacy flag is the lowercase letter
+<B>a</B>; see <A HREF="#HDRWQ74">Protecting Group-Related Information</A>.
+<PRE> % <B>pts adduser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+</PRE>
+<P>You must add yourself to groups that you own, if that is
+appropriate. You do not belong automatically just because you own the
+group.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If you already have a token when you are added to a group, you must issue the
+<B>klog</B> command to reauthenticate before you can exercise the
+permissions granted to the group on ACLs.
+</TD></TR></TABLE>
+<P>where
+<DL>
+<P><DT><B>-user
+</B><DD>Specifies the username of each user to add to the groups named by the
+<B>-group</B> argument. Groups cannot belong to other
+groups.
+<P><DT><B>-group
+</B><DD>Names each group to which to add users.
+</DL>
+<P><H3><A NAME="Header_131" HREF="auusg002.htm#ToC_131">Example: Adding Members to a Group</A></H3>
+<A NAME="IDX1080"></A>
+<P>In this example, user <B>terry</B> adds himself, <B>pat</B>,
+<B>indira</B>, and <B>smith</B> to the group he just created,
+<B>terry:team</B>, and then verifies the new list of members.
+<PRE> % <B>pts adduser -user terry pat indira smith -group terry:team</B>
+ % <B>pts members terry:team</B>
+ Members of terry:team (id: -286) are:
+ terry
+ pat
+ indira
+ smith
+</PRE>
+<HR><H2><A NAME="HDRWQ71" HREF="auusg002.htm#ToC_132">Removing Users from a Group and Deleting a Group</A></H2>
+<A NAME="IDX1081"></A>
+<A NAME="IDX1082"></A>
+<A NAME="IDX1083"></A>
+<A NAME="IDX1084"></A>
+<A NAME="IDX1085"></A>
+<A NAME="IDX1086"></A>
+<A NAME="IDX1087"></A>
+<A NAME="IDX1088"></A>
+<P>You can use the following commands to remove groups and their
+members:
+<UL>
+<P><LI>To remove a user from a group, use the <B>pts removeuser</B> command
+<P><LI>To delete a group entirely, use the <B>pts delete</B> command
+<P><LI>To remove deleted groups from ACLs, use the <B>fs cleanacl</B> command
+</UL>
+<P>When a group that you created is deleted, your group-creation quota
+increments by one, even if you no longer own the group.
+<P>When a group or user is deleted, its AFS ID appears on ACLs in place of its
+AFS name. You can use the <B>fs cleanacl</B> command to remove
+these obsolete entries from ACLs on which you have the <B>a</B>
+(<B>administer</B>) permission.
+<P><H3><A NAME="Header_133" HREF="auusg002.htm#ToC_133">To Remove Members from a Group</A></H3>
+<A NAME="IDX1089"></A>
+<A NAME="IDX1090"></A>
+<P>Issue the <B>pts removeuser</B> command to remove one or more members
+from one or more groups. You can always remove members from a group
+that you own (either directly or because you belong to the owning
+group). If you belong to a group, you can remove members if its fifth
+privacy flag is the lowercase letter <B>r</B>; see <A HREF="#HDRWQ74">Protecting Group-Related Information</A>. (To display a group's owner, use the <B>pts
+examine</B> command as described in <A HREF="#HDRWQ67">To Display A Group Entry</A>.)
+<PRE> % <B>pts removeuser -user</B> <<VAR>user name</VAR>><SUP>+</SUP> <B>-group</B> <<VAR>group name</VAR>><SUP>+</SUP>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-user
+</B><DD>Specifies the username of each user to remove from the groups named by the
+<B>-group</B> argument.
+<P><DT><B>-group
+</B><DD>Names each group from which to remove users.
+</DL>
+<P><H3><A NAME="Header_134" HREF="auusg002.htm#ToC_134">Example: Removing Group Members</A></H3>
+<A NAME="IDX1091"></A>
+<P>The following example removes user <B>pat</B> from both the
+<B>terry:team</B> and <B>terry:friends</B> groups.
+<PRE> % <B>pts removeuser pat -group terry:team terry:friends</B>
+</PRE>
+<P><H3><A NAME="Header_135" HREF="auusg002.htm#ToC_135">To Delete a Group</A></H3>
+<A NAME="IDX1092"></A>
+<A NAME="IDX1093"></A>
+<P>Issue the <B>pts delete</B> command to delete a group. You can
+always delete a group that you own (either directly or because you belong to
+the owning group). To display a group's owner, use the <B>pts
+examine</B> command as described in <A HREF="#HDRWQ67">To Display A Group Entry</A>.
+<PRE> % <B>pts delete</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+</PRE>
+<P>where <VAR>user or group name or id</VAR> specifies the name or AFS UID of
+each user, or the name or AFS GID of each group, to delete. If
+identifying a group by its AFS GID, precede the GID with a hyphen
+(<B>-</B>) to indicate that it is a negative number.
+<P><H3><A NAME="Header_136" HREF="auusg002.htm#ToC_136">Example: Deleting a Group</A></H3>
+<P><B></B>
+<A NAME="IDX1094"></A>
+<P>In the following example, the group <B>terry:team</B> is
+deleted.
+<PRE> % <B>pts delete terry:team</B>
+</PRE>
+<P><H3><A NAME="Header_137" HREF="auusg002.htm#ToC_137">To Remove Obsolete ACL Entries</A></H3>
+<A NAME="IDX1095"></A>
+<A NAME="IDX1096"></A>
+<P>Issue the <B>fs cleanacl</B> command to remove obsolete entries from
+ACLs after the corresponding user or group has been deleted.
+<PRE> % <B>fs cleanacl</B> [<<VAR>dir/file path</VAR>><SUP>+</SUP>]
+</PRE>
+<P>where <VAR>dir/file path</VAR> name each directory for which to clean the
+ACL. If you omit this argument, the current working directory's
+ACL is cleaned.
+<P><B></B>
+<A NAME="IDX1097"></A>
+<P><H3><A NAME="Header_138" HREF="auusg002.htm#ToC_138">Example: Removing an Obsolete ACL Entry</A></H3>
+<P>After the group <B>terry:team</B> is deleted, its AFS GID
+(-286) appears on ACLs instead of its name. In this example, user
+<B>terry</B> cleans it from the ACL on the plans directory in his home
+directory.
+<PRE> % <B>fs listacl plans</B>
+ Access list for plans is
+ Normal rights:
+ terry rlidwka
+ -268 rlidwk
+ sam rliw
+ % <B>fs cleanacl plans</B>
+ % <B>fs listacl plans</B>
+ Access list for plans is
+ Normal rights:
+ terry rlidwka
+ sam rliw
+</PRE>
+<HR><H2><A NAME="HDRWQ72" HREF="auusg002.htm#ToC_139">Changing a Group's Owner or Name</A></H2>
+<A NAME="IDX1098"></A>
+<A NAME="IDX1099"></A>
+<A NAME="IDX1100"></A>
+<A NAME="IDX1101"></A>
+<P>To change a group's owner, use the <B>pts chown</B>
+command. To change its name, use the <B>pts rename</B>
+command.
+<P>You can change the owner or name of a group that you own (either directly
+or because you belong to the owning group). You can assign group
+ownership to another user, another group, or the group itself. If you
+are not already a member of the group and need to be, use the <B>pts
+adduser</B> command before transferring ownership, following the
+instructions in <A HREF="#HDRWQ70">To Add Members to a Group</A>.
+<P>The <B>pts chown</B> command automatically changes a group's
+<VAR>owner_name</VAR> prefix to indicate the new owner. If the new owner
+is a group, only its <VAR>owner_name</VAR> prefix is used, not its entire
+name. However, the change in <VAR>owner_name</VAR> prefix command does
+not propagate to any groups owned by the group whose owner is changing.
+If you want their <VAR>owner_name</VAR> prefixes to indicate the correct owner,
+you must use the <B>pts rename</B> command.
+<P>Otherwise, you normally use the <B>pts rename</B> command to change
+only the <VAR>group_name</VAR> part of a group name (the part that follows the
+colon). You can change the <VAR>owner_name</VAR> prefix only to reflect
+the actual owner.
+<P><H3><A NAME="HDRWQ73" HREF="auusg002.htm#ToC_140">To Change a Group's Owner</A></H3>
+<A NAME="IDX1102"></A>
+<A NAME="IDX1103"></A>
+<P>Issue the <B>pts chown</B> command to change a group's
+name.
+<PRE> % <B>pts chown</B> <<VAR>group name</VAR>> <<VAR>new owner</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>group name</VAR>
+</B><DD>Specifies the current name of the group to which to assign a new
+owner.
+<P><DT><B><VAR>new owner</VAR>
+</B><DD>Names the user or group that is to own the group.
+</DL>
+<P><H3><A NAME="Header_141" HREF="auusg002.htm#ToC_141">Example: Changing a Group's Owner to Another User</A></H3>
+<A NAME="IDX1104"></A>
+<P>In the following example, user <B>pat</B> transfers ownership of the
+group <B>pat:staff</B> to user <B>terry</B>. Its name
+changes automatically to <B>terry:staff</B>, as confirmed by the
+<B>pts examine</B> command.
+<PRE> % <B>pts chown pat:staff terry</B>
+ % <B>pts examine terry:staff</B>
+ Name: terry:staff, id: -534, owner: terry, creator: pat,
+ membership: 15, flags: SOm--, group quota: 0.
+</PRE>
+<P><H3><A NAME="Header_142" HREF="auusg002.htm#ToC_142">Example: Changing a Group's Owner to Itself</A></H3>
+<A NAME="IDX1105"></A>
+<P>In the following example, user <B>terry</B> makes the
+<B>terry:team</B> group a self-owned group. Its name does not
+change because its <VAR>owner_name</VAR> prefix is already
+<B>terry</B>.
+<PRE> % <B>pts chown terry:team terry:team</B>
+ % <B>pts examine terry:team</B>
+ Name: terry:team, id: -286, owner: terry:team, creator: terry,
+ membership: 6, flags: SOm--, group quota: 0.
+</PRE>
+<P><H3><A NAME="Header_143" HREF="auusg002.htm#ToC_143">Example: Changing a Group's Owner to a Group</A></H3>
+<P>In this example, user <B>sam</B> transfers ownership of the group
+<B>sam:project</B> to the group <B>smith:cpa</B>.
+Its name changes automatically to <B>smith:project</B>, because
+<B>smith</B> is the <VAR>owner_name</VAR> prefix of the group that now owns
+it. The <B>pts examine</B> command displays the group's status
+before and after the change.
+<PRE> % <B>pts examine sam:project</B>
+ Name: sam:project, id: -522, owner: sam, creator: sam,
+ membership: 33, flags: SOm--, group quota: 0.
+ % <B>pts chown sam:project smith:cpa</B>
+ % <B>pts examine smith:project</B>
+ Name: smith:project, id: -522, owner: smith:cpa, creator: sam,
+ membership: 33, flags: SOm--, group quota: 0.
+</PRE>
+<P><H3><A NAME="Header_144" HREF="auusg002.htm#ToC_144">To Change a Group's Name</A></H3>
+<A NAME="IDX1106"></A>
+<A NAME="IDX1107"></A>
+<P>Issue the <B>pts rename</B> command to change a group's
+name.
+<PRE> % <B>pts rename</B> <<VAR>old name</VAR>> <<VAR>new name</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>old name</VAR>
+</B><DD>Specifies the group's current name.
+<P><DT><B><VAR>new name</VAR>
+</B><DD>Specifies the complete new name to assign to the group. The
+<VAR>owner_name</VAR> prefix must correctly indicate the group's
+owner.
+</DL>
+<P><H3><A NAME="Header_145" HREF="auusg002.htm#ToC_145">Example: Changing a Group's <VAR>group_name</VAR> Suffix</A></H3>
+<A NAME="IDX1108"></A>
+<P>The following example changes the name of the
+<B>smith:project</B> group to
+<B>smith:fiscal-closing</B>. The group's
+<VAR>owner_name</VAR> prefix remains <B>smith</B> because its owner is not
+changing.
+<PRE> % <B>pts examine smith:project</B>
+ Name: smith:project, id: -522, owner: smith:cpa, creator: sam,
+ membership: 33, flags: SOm--, group quota: 0.
+ % <B>pts rename smith:project smith:fiscal-closing</B>
+ % <B>pts examine smith:fiscal-closing</B>
+ Name: smith:fiscal-closing, id: -522, owner: smith:cpa, creator: sam,
+ membership: 33, flags: SOm--, group quota: 0.
+</PRE>
+<P><H3><A NAME="Header_146" HREF="auusg002.htm#ToC_146">Example: Changing a Group's <VAR>owner_name</VAR> Prefix</A></H3>
+<P>In a previous example, user <B>pat</B> transferred ownership of the
+group <B>pat:staff</B> to user <B>terry</B>. Its name
+changed automatically to <B>terry:staff</B>. However, a group
+that <B>terry:staff</B> owns is still called
+<B>pat:plans</B>, because the change to a group's
+<VAR>owner_name</VAR> that results from the <B>pts chown</B> command does
+not propagate to any groups it owns. In this example, a member of
+<B>terry:staff</B> uses the <B>pts rename</B> command to change
+the name to <B>terry:plans</B> to reflect its actual
+ownership.
+<PRE> % <B>pts examine pat:plans</B>
+ Name: pat:plans, id: -535, owner: terry:staff, creator: pat,
+ membership: 8, flags: SOm--, group quota: 0.
+ % <B>pts rename pat:plans terry:plans</B>
+ % <B>pts examine terry:plans</B>
+ Name: terry:plans, id: -535, owner: terry:staff, creator: pat,
+ membership: 8, flags: SOm--, group quota: 0.
+</PRE>
+<HR><H2><A NAME="HDRWQ74" HREF="auusg002.htm#ToC_147">Protecting Group-Related Information</A></H2>
+<A NAME="IDX1109"></A>
+<A NAME="IDX1110"></A>
+<A NAME="IDX1111"></A>
+<A NAME="IDX1112"></A>
+<A NAME="IDX1113"></A>
+<A NAME="IDX1114"></A>
+<A NAME="IDX1115"></A>
+<A NAME="IDX1116"></A>
+<P>A group's <I>privacy flags</I> control who can administer it in
+various ways. The privacy flags appear in the <TT>flags</TT> field of
+the output from the <B>pts examine</B> command command; see <A HREF="#HDRWQ67">To Display A Group Entry</A>. To set the privacy flags for a group you own, use
+the <B>pts setfields</B> command as instructed in <A HREF="#HDRWQ75">To Set a Group's Privacy Flags</A>.
+<P><H3><A NAME="HDRPRIVACY-FLAGS" HREF="auusg002.htm#ToC_148">Interpreting the Privacy Flags</A></H3>
+<P>The five privacy flags always appear, and always
+must be set, in the following order:
+<DL>
+<P><DT><B>s
+</B><DD>Controls who can issue the <B>pts examine</B> command to display the
+entry.
+<P><DT><B>o
+</B><DD>Controls who can issue the <B>pts listowned</B> command to list the
+groups that a user or group owns.
+<P><DT><B>m
+</B><DD>Controls who can issue the <B>pts membership</B> command to list the
+groups a user or machine belongs to, or which users or machines belong to a
+group.
+<P><DT><B>a
+</B><DD>Controls who can issue the <B>pts adduser</B> command to add a user or
+machine to a group.
+<P><DT><B>r
+</B><DD>Controls who can issue the <B>pts removeuser</B> command to remove a
+user or machine from a group.
+</DL>
+<P>Each flag can take three possible types of values to enable a different set
+of users to issue the corresponding command:
+<UL>
+<P><LI>A hyphen (<B>-</B>) means that the group's owner can issue the
+command, along with the administrators who belong to the
+<B>system:administrators</B> group.
+<P><LI>The lowercase version of the letter means that members of the group can
+issue the command, along with the users indicated by the hyphen.
+<P><LI>The uppercase version of the letter means that anyone can issue the
+command.
+</UL>
+<P>For example, the flags <TT>SOmar</TT> on a group entry indicate that
+anyone can examine the group's entry and list the groups that it owns,
+and that only the group's members can list, add, or remove its
+members.
+<P>The default privacy flags for groups are <TT>S-M--</TT>, meaning that
+anyone can display the entry and list the members of the group, but only the
+group's owner and members of the <B>system:administrators</B>
+group can perform other functions.
+<P><H3><A NAME="HDRWQ75" HREF="auusg002.htm#ToC_149">To Set a Group's Privacy Flags</A></H3>
+<A NAME="IDX1117"></A>
+<A NAME="IDX1118"></A>
+<P>Issue the <B>pts setfields</B> command to set the privacy flags on one
+or more groups.
+<PRE> % <B>pts setfields -nameorid</B> <<VAR>user or group name or id</VAR>><SUP>+</SUP>
+ <B>-access</B> <<VAR>set privacy flags</VAR>>
+</PRE>
+<P>where
+<DL>
+<P><DT><B>-nameorid
+</B><DD>Specifies the name or AFS GID of each group for which to set the privacy
+flags. If identifying a group by its AFS GID, precede the GID with a
+hyphen (<B>-</B>) to indicate that it is a negative number.
+<P><DT><B>-access
+</B><DD>Specifies the privacy flags to set for each group. Observe the
+following rules:
+<UL>
+<P><LI>Provide a value for all five flags in the order <B>somar</B>.
+<P><LI>Set the first flag to lowercase <B>s</B> or uppercase <B>S</B>
+only.
+<P><LI>Set the second flag to the hyphen (<B>-</B>) or uppercase <B>O</B>
+only. For groups, AFS interprets the hyphen as equivalent to lowercase
+<B>o</B> (that is, members of a group can always list the groups that it
+owns).
+<P><LI>Set the third flag to the hyphen (<B>-</B>), lowercase <B>m</B>,
+or uppercase <B>M</B>.
+<P><LI>Set the fourth flag to the hyphen (<B>-</B>), lowercase <B>a</B>,
+or uppercase <B>A</B>. The uppercase <B>A</B> is not a secure
+choice, because it permits anyone to add members to the group.
+<P><LI>Set the fifth flag to the hyphen (<B>-</B>) or lowercase <B>r</B>
+only.
+</UL>
+</DL>
+<P><H3><A NAME="Header_150" HREF="auusg002.htm#ToC_150">Example: Setting a Group's Privacy Flags</A></H3>
+<A NAME="IDX1119"></A>
+<P>The following example sets the privacy flags on the
+<B>terry:team</B> group to set the indicated pattern of
+administrative privilege.
+<PRE> % <B>pts setfields terry:team -access SOm--</B>
+
+</PRE>
+<UL>
+<P><LI>Everyone can issue the <B>pts examine</B> command to display general
+information about it (uppercase <B>S</B>).
+<P><LI>Everyone can issue the <B>pts listowned</B> command to display the
+groups it owns (uppercase <B>O</B>).
+<P><LI>The members of the group can issue the <B>pts membership</B> command
+to display the group's members (lowercase <B>m</B>).
+<P><LI>Only the group's owner, user <B>terry</B>, can issue the <B>pts
+adduser</B> command to add members (the hyphen).
+<P><LI>Only the group's owner, user <B>terry</B>, can issue the <B>pts
+removeuser</B> command to remove members (the hyphen).
+</UL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg007.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg009.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg010.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ76" HREF="auusg002.htm#ToC_151">Troubleshooting</A></H1>
+<P>This chapter explains how to investigate and solve some
+problems you can sometimes encounter when working with AFS files. To
+use the instructions, find the heading that describes your problem or matches
+the error message you received.
+<HR><H2><A NAME="HDRWQ77" HREF="auusg002.htm#ToC_152">Problem: Cannot Access, Copy, or Save File</A></H2>
+<P>
+<A NAME="IDX1120"></A>
+<A NAME="IDX1121"></A>
+<A NAME="IDX1122"></A>
+<A NAME="IDX1123"></A>
+<A NAME="IDX1124"></A>
+<A NAME="IDX1125"></A>
+<OL TYPE=1>
+<P><LI><A NAME="LINOSAVE-TOKENS"></A>Issue the <B>tokens</B> command to verify that you
+have valid tokens. For complete instructions, see <A HREF="auusg005.htm#HDRWQ30">To Display Your Tokens</A>.
+<PRE> % <B>tokens</B>
+</PRE>
+<UL>
+<P><LI>If your tokens are valid, proceed to Step <A HREF="#LINOSAVE-FSCHECKS">2</A>.
+<P><LI>If your do not have tokens for the relevant cell, or they are expired,
+issue the <B>klog</B> command to authenticate. For complete
+instructions, see <A HREF="auusg005.htm#HDRWQ29">To Authenticate with AFS</A>. Then try accessing or saving the file again.
+If you are not successful, proceed to Step <A HREF="#LINOSAVE-FSCHECKS">2</A>.
+<PRE> % <B>klog</B>
+</PRE>
+</UL>
+<P><LI><A NAME="LINOSAVE-FSCHECKS"></A>Issue the <B>fs checkservers</B> command to check
+the status of file server machines. For complete instructions, see <A HREF="auusg006.htm#HDRWQ41">Checking the Status of Server Machines</A>.
+<PRE> % <B>fs checkservers &</B>
+</PRE>
+<UL>
+<P><LI>If the following message appears, proceed to Step <A HREF="#LINOSAVE-PERMS">3</A>.
+<PRE> All servers are running.
+</PRE>
+<P><LI>Output like the following indicates that your Cache Manager cannot reach
+the indicated file server machines.
+<PRE> These servers unavailable due to network or server problem:
+ <VAR>list of machines</VAR>.
+</PRE>
+<P>Issue the <B>fs whereis</B> command to check if the file you are
+attempting to access or save is stored on one of the inaccessible file server
+machines. For complete instructions, see <A HREF="auusg006.htm#HDRWQ40">Locating Files and Directories</A>.
+<PRE> % <B>fs whereis</B> <<VAR>dir/file path</VAR>>
+</PRE>
+<P>If your file is stored on an inaccessible machine, then you cannot access
+the file or save it back to the File Server until the machine is again
+accessible. If your file is on a machine that is not listed as
+inaccessible, proceed to Step <A HREF="#LINOSAVE-PERMS">3</A>.
+</UL>
+<P><LI><A NAME="LINOSAVE-PERMS"></A>Issue the <B>fs listacl</B> command to verify that
+you have the permissions you need for accessing, copying, or saving the
+file. For complete instructions, see <A HREF="auusg007.htm#HDRWQ53">To display an ACL</A>.
+<PRE> % <B>fs listacl</B> <<VAR>dir/file path</VAR>>
+</PRE>
+<P>You need the indicated permissions:
+<UL>
+<P><LI>To access, copy, or save a file, you must have the <B>l</B>
+(<B>lookup</B>) permission on the directory and on all directories above
+it in the pathname.
+<P><LI>To save changes to an existing file, you must in addition have the
+<B>w</B> (<B>write</B>) permission. To create a new file, you
+must in addition have the <B>i</B> (<B>insert</B>) and <B>w</B>
+permissions.
+<P><LI>To copy a file between two directories, you must in addition have the
+<B>r</B> (<B>read</B>) permission on the source directory and the
+<B>i</B> permission on the destination directory.
+</UL>
+<P>If you do not have the necessary permissions but own the directory, you
+always have the <B>a</B> (<B>administer</B>) permission even if you do
+not appear on the ACL. Issue the <B>fs setacl</B> command to grant
+yourself the necessary permissions. For complete instructions, see <A HREF="auusg007.htm#HDRWQ54">Changing an ACL</A>.
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>><SUP>+</SUP> <B>-acl</B> <<VAR>access list entries</VAR>><SUP>+</SUP>
+</PRE>
+<P>If you do not have the necessary permissions and do not own the directory,
+ask the owner or a system administrator to grant them to you. If they
+add you to a group that has the required permissions, you must issue the
+<B>klog</B> command to reauthenticate before you can exercise them.
+<P>If you still cannot access the file even though you have the necessary
+permissions, contact your system administrator for help in investigating
+further possible causes of your problem. If you still cannot copy or
+save the file even though you have the necessary permissions, proceed to Step <A HREF="#LINOSAVE-QUOTA">4</A>.
+<P><LI><A NAME="LINOSAVE-QUOTA"></A>If copying a file, issue the <B>fs listquota</B>
+command to check whether the volume into which you are copying it, or the
+partition that houses that volume, is almost full. For saving, check
+the volume and partition that contain the directory into which you are saving
+the file. For complete instructions, see <A HREF="auusg006.htm#HDRWQ39">Displaying Volume Quota</A>.
+<PRE> % <B>fs listquota</B> <<VAR>dir/file path</VAR>>
+</PRE>
+<P>The command produces output as in the following example:
+<PRE> % <B>fs listquota /afs/abc.com/usr/terry</B>
+ Volume Name Quota Used % Used Partition
+ user.terry 10000 3400 34% 86%
+</PRE>
+<UL>
+<P><LI>If the value in the <TT>Partition</TT> field is not close to 100%, the
+partition is not almost full. Check the value in the <TT>% Used</TT>
+field. If it is close to 100%, then the volume is almost full.
+If possible, delete files from the volume that are no longer needed, or ask
+your system administrator to increase the volume's quota.
+<P>If the value in the <TT>% Used</TT> field is not close to 100% (is, say,
+90% or less), then it is unlikely that you are exceeding the volume's
+quota, unless the file is very large or the volume's quota is
+small. Contact your system administrator for help in investigating
+further possible causes of your problem.
+<P><LI>If the value in the <TT>Partition</TT> field is very close to 100%, the
+partition is possibly nearly full. However, server machine partitions
+are usually very large and can still have enough space for an average file
+when nearly full. You can either ask your system administrator about
+the partition's status, or issue the <B>fs examine</B>
+command. The final line in its output reports how many kilobyte blocks
+are still available on the partition. For complete instructions, see <A HREF="auusg006.htm#HDRWQ39">Displaying Volume Quota</A>.
+<PRE> % <B>fs examine</B> <<VAR>dir/file path</VAR>>
+</PRE>
+<P>If there is enough free space on the partition but you still cannot save
+the file, ask your system administrator for help in investigating further
+possible causes of your problem.
+</UL>
+</OL>
+<HR><H2><A NAME="HDRWQ78" HREF="auusg002.htm#ToC_153">Problem: Accidentally Removed Your Entry from an ACL</A></H2>
+<P>
+<A NAME="IDX1126"></A>
+<A NAME="IDX1127"></A>
+<OL TYPE=1>
+<P><LI>If you own the directory from which you have accidentally removed your ACL
+entry, then you actually still have the <B>a</B> (<B>administer</B>)
+permission even if it does not appear on the ACL. You normally own your
+home directory and all of its subdirectories, for instance. Issue the
+<B>fs setacl</B> command to grant yourself all other permissions.
+For complete instructions, see <A HREF="auusg007.htm#HDRWQ55">To Add, Remove, or Edit Normal ACL Permissions</A>.
+<PRE> % <B>fs setacl -dir</B> <<VAR>directory</VAR>> <B>-acl <</B><VAR>your_username</VAR>> <B>all</B>
+</PRE>
+<P>For <VAR>directory</VAR>, provide the complete pathname to the directory (for
+example, <B>/afs/abc.com/usr/</B><VAR>your_username</VAR>).
+This is necessary because AFS cannot interpret pathname abbreviations if you
+do not have the <B>l</B> (<B>lookup</B>) permission.
+<P><LI>If you do not own the directory, issue the <B>fs listacl</B> to check
+if any remaining entries grant you the permissions you need (perhaps you
+belong to one or more groups that appear on the ACL). For complete
+instructions, see <A HREF="auusg007.htm#HDRWQ53">To display an ACL</A>.
+<PRE> % <B>fs listacl</B> <<VAR>dir/file path</VAR>>
+</PRE>
+<UL>
+<P><LI>The following message displays the directory's ACL. If you
+need permissions that no entry currently grants you, ask the directory's
+owner or your system administrator for help.
+<PRE> Access list for <<VAR>dir/file path</VAR>> is
+ Normal rights
+ <VAR>list of entries</VAR>
+</PRE>
+<P><LI>If the command returns the following error message instead of an ACL, then
+you do not have the <B>l</B> permission.
+<PRE> fs: You don't have the required access rights on '<VAR>dir/file path</VAR>'
+</PRE>
+<P>Ask the directory's owner or your system administrator to grant you
+the permissions you need. If they add you to a group that has the
+required permissions, you must issue the <B>klog</B> command to
+reauthenticate before you can exercise them.
+</UL>
+</OL>
+<HR><H2><A NAME="HDRWQ79" HREF="auusg002.htm#ToC_154">Error Message: "afs: Lost contact with fileserver"</A></H2>
+<A NAME="IDX1128"></A>
+<A NAME="IDX1129"></A>
+<A NAME="IDX1130"></A>
+<P>Issue the <B>fs checkservers</B> command to check the status of file
+server machines. For complete instructions, see <A HREF="auusg006.htm#HDRWQ41">Checking the Status of Server Machines</A>.
+<PRE> % <B>fs checkservers &</B>
+</PRE>
+<UL>
+<P><LI>If the following message appears, ask your system administrator for
+assistance in diagnosing the cause of the <TT>Lost contact</TT> error
+message.
+<PRE> All servers are running.
+</PRE>
+<P><LI>Output like the following indicates that your Cache Manager cannot reach
+the indicated file server machines. You must wait until they are again
+accessible before continuing to work with the files that are stored on
+them.
+<PRE> These servers unavailable due to network or server problem:
+ <VAR>list_of_machines</VAR>.
+</PRE>
+</UL>
+<A NAME="IDX1131"></A>
+<HR><H2><A NAME="Header_155" HREF="auusg002.htm#ToC_155">Error Message: "<VAR>command</VAR>: Connection timed out"</A></H2>
+<P>Issue the <B>fs checkservers</B> command as described in <A HREF="#HDRWQ79">Error Message: afs: Lost contact with fileserver</A>.
+<A NAME="IDX1132"></A>
+<HR><H2><A NAME="Header_156" HREF="auusg002.htm#ToC_156">Error Message: "fs: You don't have the required access rights on '<VAR>file</VAR>'"</A></H2>
+<P>You do not have the ACL permissions you need to perform the operation
+you are attempting. If you own the directory and have accidentally
+removed yourself from the ACL, see <A HREF="#HDRWQ78">Problem: Accidentally Removed Your Entry from an ACL</A>. Otherwise, ask the directory's owner or your
+system administrator to grant you the appropriate permissions.
+<A NAME="IDX1133"></A>
+<A NAME="IDX1134"></A>
+<HR><H2><A NAME="Header_157" HREF="auusg002.htm#ToC_157">Error Message: "afs: failed to store file"</A></H2>
+<P>Follow the instructions in <A HREF="#HDRWQ77">Problem: Cannot Access, Copy, or Save File</A>.
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg008.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg010.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg009.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg011.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRWQ80" HREF="auusg002.htm#ToC_158">Appendix A. Using the NFS/AFS Translator</A></H1>
+<P>
+<A NAME="IDX1135"></A>
+<A NAME="IDX1136"></A>
+<A NAME="IDX1137"></A>
+<A NAME="IDX1138"></A>
+Some cells use the Network File System (NFS) in addition to AFS. If you
+work on an NFS client machine, your system administrator can configure it to
+access the AFS filespace through a program called the <I>NFS/AFS
+Translator</I><SUP>TM</SUP>. If you have an AFS account, you can
+access AFS as an authenticated user while working on your NFS client
+machine. Otherwise, you access AFS as the <B>anonymous</B>
+user.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">Acceptable NFS/AFS Translator performance requires that NFS is functioning
+correctly.
+</TD></TR></TABLE>
+<HR><H2><A NAME="HDRWQ81" HREF="auusg002.htm#ToC_159">Requirements for Using the NFS/AFS Translator</A></H2>
+<P>
+<A NAME="IDX1139"></A>
+<A NAME="IDX1140"></A>
+For you to use the NFS/AFS Translator, your system administrator must
+configure the following types of machines as indicated:
+<UL>
+<P><LI>An <I>NFS/AFS translator machine</I> is an AFS client machine that
+also acts as an NFS server machine. Its Cache Manager acts as the
+surrogate Cache Manager for your NFS client machine. Ask your system
+administrator which translator machines you can use.
+<P><LI>Your NFS client machine must have an NFS mount to a translator
+machine. Most often, your system administrator mounts the translator
+machine's <B>/afs</B> directory and names the mount <B>/afs</B>
+as well. This enables you to access the entire AFS filespace using
+standard AFS pathnames. It is also possible to create mounts directly
+to subdirectories of <B>/afs</B>, and to give NFS mounts different names
+on the NFS client machine.
+</UL>
+<P>Your access to AFS is much more extensive if you have an AFS user
+account. If you do not, the AFS servers recognize you as the
+<B>anonymous</B> user and only grant you the access available to members
+of the <B>system:anyuser</B> group.
+<P>If your NFS client machine uses an operating system that AFS supports, your
+system administrator can configure it to enable you to issue many AFS commands
+on the machine. Ask him or her about the configuration and which
+commands you can issue.
+<HR><H2><A NAME="Header_160" HREF="auusg002.htm#ToC_160">Accessing AFS via the Translator</A></H2>
+<A NAME="IDX1141"></A>
+<P>If you do not have an AFS account or choose not to access AFS as an
+authenticated user, then all you do to access AFS is provide the pathname of
+the relevant file. Its ACL must grant the necessary permissions to the
+<B>system:anyuser</B> group.
+<P>If you have an AFS account and want to access AFS as an authenticated user,
+the best method depends on whether your NFS machine is a supported
+type. If it is, use the instructions in <A HREF="#HDRWQ82">To Authenticate on a Supported Operating System</A>. If it is not a supported type, use the
+instructions in <A HREF="#HDRWQ83">To Authenticate on an Unsupported Operating System</A>.
+<P><H3><A NAME="HDRWQ82" HREF="auusg002.htm#ToC_161">To Authenticate on a Supported Operating System</A></H3>
+<OL TYPE=1>
+<P><LI>Log into the NFS client machine using your NFS username.
+<P><LI>Issue the <B>klog</B> command. For complete instructions, see <A HREF="auusg005.htm#HDRWQ29">To Authenticate with AFS</A>.
+<PRE> % <B>klog -setpag</B>
+</PRE>
+</OL>
+<P><H3><A NAME="HDRWQ83" HREF="auusg002.htm#ToC_162">To Authenticate on an Unsupported Operating System</A></H3>
+<OL TYPE=1>
+<P><LI>Log onto the NFS client machine using your NFS username.
+<P><LI><A NAME="LINFS-TELNET"></A>Establish a connection to the NFS/AFS translator machine
+you are using (for example, using the <B>telnet</B> utility) and log onto
+it using your AFS username (which is normally the same as your NFS
+username).
+<P><LI>If the NFS/AFS translator machine uses an AFS-modified login utility, then
+you obtained AFS tokens in Step <A HREF="#LINFS-TELNET">2</A>. To check, issue the <B>tokens</B> command, which
+is described fully in <A HREF="auusg005.htm#HDRWQ30">To Display Your Tokens</A>.
+<PRE> % <B>tokens</B>
+</PRE>If you do not have tokens, issue the <B>klog</B> command, which is
+described fully in <A HREF="auusg005.htm#HDRWQ29">To Authenticate with AFS</A>.
+<PRE> % <B>klog -setpag</B>
+</PRE>
+<P><LI><A NAME="LINFS-KNFS"></A>Issue the <B>knfs</B> command to associate your AFS
+tokens with your UNIX UID on the NFS client machine where you are
+working. This enables the Cache Manager on the translator machine to
+use the tokens properly when you access AFS from the NFS client
+machine.
+<P>If your NFS client machine is a system type for which AFS defines a system
+name, it can make sense to add the <B>-sysname</B> argument. This
+argument helps the Cache Manager access binaries specific to your NFS client
+machine, if your system administrator has used the <I>@sys</I> variable in
+pathnames. Ask your system administrator if this argument is useful for
+you.
+<A NAME="IDX1142"></A>
+<A NAME="IDX1143"></A>
+<PRE> % <B>knfs</B> <<VAR>host name</VAR>> [<<VAR>user ID (decimal)</VAR>>] \
+ [<B>-sysname</B> <<VAR>host's '@sys' value</VAR>>]
+</PRE>
+<P>where
+<DL>
+<P><DT><B><VAR>host name</VAR>
+</B><DD>Specifies the fully-qualified hostname of your NFS client machine (such as
+<B>nfs52.abc.com</B>).
+<P><DT><B><VAR>user ID</VAR>
+</B><DD>Specifies your UNIX UID or equivalent (not your username) on the NFS
+client machine. If your system administrator has followed the
+conventional practice, then your UNIX and AFS UIDs are the same. If you
+do not know your local UID on the NFS machine, ask your system administrator
+for assistance. Your system administrator can also explain the issues
+you need to be aware of if your two UIDs do not match, or if you omit this
+argument.
+<P><DT><B>-sysname
+</B><DD>Specifies your NFS client machine's system type name.
+</DL>
+<P><LI><A NAME="LINFS-LOGOUT"></A>(<B>Optional</B>) Log out from the translator machine,
+but do not unauthenticate.
+<P><LI>Work on the NFS client machine, accessing AFS as necessary.
+<P><LI>When you are finished accessing AFS, issue the <B>knfs</B> command on
+the translator machine again. Provide the same <VAR>host name</VAR> and
+<VAR>user ID</VAR> arguments as in Step <A HREF="#LINFS-KNFS">4</A>, and add the <B>-unlog</B> flag to destroy your
+tokens. If you logged out from the translator machine in Step <A HREF="#LINFS-LOGOUT">5</A>, then you must first reestablish a connection to the
+translator machine as in Step <A HREF="#LINFS-TELNET">2</A>.
+<PRE> % <B>knfs</B> <<VAR>host name</VAR>> [<<VAR>user ID (decimal)</VAR>>] <B>-unlog</B>
+</PRE>
+</OL>
+<HR><H2><A NAME="HDRWQ84" HREF="auusg002.htm#ToC_163">Troubleshooting the NFS/AFS Translator</A></H2>
+<P>Acceptable performance by the NFS/AFS translator depends for
+the most part on NFS. Sometimes, problems that appear to be AFS file
+server outages, broken connections, or inaccessible files are actually caused
+by NFS outages.
+<P>This section describes some common problems and their possible
+causes. If other problems arise, contact your system administrator, who
+can ask the AFS Product Support group for assistance if necessary.
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">To avoid degrading AFS performance, the Cache Manager on the translator
+machine does not immediately send changes made on NFS client machines to the
+File Server. Instead, it checks every 60 seconds for such changes and
+sends them then. It can take longer for changes made on an NFS client
+machine to be saved than for changes made on an AFS client machine. The
+save operation must complete before the changes are visible on NFS client
+machines that are using a different translator machine or on AFS client
+machines.
+</TD></TR></TABLE>
+<P><H3><A NAME="HDRWQ85" HREF="auusg002.htm#ToC_164">Your NFS Client Machine is Frozen</A></H3>
+<P>If your system administrator has used the recommended options
+when creating an NFS mount to an NFS/AFS translator machine, then the mount is
+both <I>hard</I> and <I>interruptible</I>:
+<UL>
+<P><LI>A hard mount means that the NFS client retries its requests if it does not
+receive a response within the expected time frame. This is useful
+because requests have to pass through both the NFS and AFS client software,
+which can sometimes take longer than the NFS client expects. However,
+it means that if the NFS/AFS translator machine actually becomes inaccessible,
+your NFS client machine can become inoperative (<I>freeze</I> or
+<I>hang</I>).
+<P><LI>If the NFS mount is interruptible, then in the case of an NFS/AFS
+translator machine outage you can press <<B>Ctrl-c</B>> or another
+interrupt signal to halt the NFS client's repeated attempts to access
+AFS. You can then continue to work locally, or can NFS-mount another
+translator machine. If the NFS mount is not interruptible, you must
+actually remove the mount to the inaccessible translator machine.
+</UL>
+<P><H3><A NAME="Header_165" HREF="auusg002.htm#ToC_165">NFS/AFS Translator Reboots</A></H3>
+<P>If you have authenticated to AFS and your translator machine reboots,
+you must issue the <B>klog</B> command (and <B>knfs</B> command, if
+appropriate) to reauthenticate. If you used the <B>knfs</B>
+command's <B>-sysname</B> argument to define your NFS client
+machine's system name, use it again.
+<P><H3><A NAME="Header_166" HREF="auusg002.htm#ToC_166">System Error Messages</A></H3>
+<P>This section explains possible meanings for NFS error messages you
+receive while accessing AFS filespace.
+<P><TT>stale NFS client</TT>
+<P><TT>Getpwd: can't read</TT>
+<P>Both messages possibly means that your translator machine was rebooted and
+cannot determine the pathname to the current working directory. To
+reestablish the path, change directory and specify the complete pathname
+starting with <B>/afs</B>.
+<P><TT>NFS server <VAR>translator_machine</VAR> is not responding still
+trying</TT>.
+<P>The NFS client is not getting a response from the NFS/AFS translator
+machine. If the NFS mount to the translator machine is a hard mount,
+your NFS client continues retrying the request until it gets a response (see <A HREF="#HDRWQ85">Your NFS Client Machine is Frozen</A>). If the NFS mount to the translator machine is a
+soft mount, the NFS client stops retrying after a certain number of attempts
+(three by default).
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg009.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg011.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg010.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg012.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ86" HREF="auusg002.htm#ToC_167">Appendix B. AFS Command Syntax and Online Help</A></H1>
+<A NAME="IDX1144"></A>
+<P>The AFS commands available to you are used to authenticate, list AFS
+information, protect directories, create and manage groups, and create and
+manage ACLs. There are three general types of commands available to all
+AFS users: file server commands, protection server commands, and
+miscellaneous commands. This chapter discusses the syntax of these AFS
+commands, the rules that must be followed when issuing them, and ways of
+accessing help relevant to them.
+<HR><H2><A NAME="HDRWQ87" HREF="auusg002.htm#ToC_168">AFS Command Syntax</A></H2>
+<P>
+<A NAME="IDX1145"></A>
+Most AFS commands use the following syntax:
+<PRE> <B>command_suite operation_code -switch</B> <<VAR>value</VAR>><SUP>[+]</SUP> <B>-flag</B>
+</PRE>
+<P>The <I>command suite</I> indicates the general type of command and the
+server process that performs the command. Regular AFS users have access
+to two main command suites and a miscellaneous set of commands:
+<A NAME="IDX1146"></A>
+<A NAME="IDX1147"></A>
+<UL>
+<P><LI>The <B>fs</B> command suite is used to issue file server commands that
+interact with the File Server process.
+<P><LI>The <B>pts</B> command suite is used to issue protection-related
+commands.
+<P><LI>The miscellaneous commands are not associated with any command
+suite.
+</UL>
+<P>The <I>operation code</I> indicates the action that the command
+performs. Miscellaneous commands have operation codes only.
+<A NAME="IDX1148"></A>
+<P>A command can have multiple <I>options</I>, which can be
+<I>arguments</I> or <I>flags</I>:
+<UL>
+<P><LI>Arguments are used to supply additional information for use by the
+command.
+<A NAME="IDX1149"></A>
+They consist of a paired <I>switch</I> and <I>instance</I>.
+<A NAME="IDX1150"></A>
+<A NAME="IDX1151"></A>
+A switch defines the type of argument and is always preceded by a hyphen;
+arguments can take multiple instances if a plus sign (+) appears after the
+instance. An instance represents some variable piece of information
+that is used by the command. Arguments can be optional or
+required.
+<P><LI>Flags are used to direct a command to perform in a specific way (for
+example, to generate a specific type of output).
+<A NAME="IDX1152"></A>
+Flags are always preceded by a hyphen and are always optional.
+</UL>
+<P><H3><A NAME="Header_169" HREF="auusg002.htm#ToC_169">Command Syntax Example</A></H3>
+<P>In the following AFS command
+<PRE> % <B>fs setacl -dir $HOME -acl pat all terry none -negative</B>
+</PRE>
+<UL>
+<P><LI><B>fs</B> is the command suite.
+<P><LI><B>setacl</B> is the <I>operation code</I>, which directs the File
+Server process to set an access control list.
+<P><LI><B>-dir $HOME</B> and <B>-acl pat all terry none</B> are
+<I>arguments</I>.
+<UL>
+<P><LI><B>-dir</B> and <B>-acl</B> are switches; <B>-dir</B>
+indicates the name of the directory on which to set the ACL, and
+<B>-acl</B> defines the entries to set on it.
+<P><LI><B>$HOME</B> and <B>pat all terry none</B> are
+<I>instances</I> of the arguments. <B>$HOME</B> defines a
+specific directory for the directory argument. The <B>-acl</B>
+argument has two instances specifying two ACL entries: <B>pat
+all</B> and <B>terry none</B>.
+</UL>
+<P><LI><B>-negative</B> is a flag; it directs the command to put the
+access list entries on the negative rather than the normal permissions
+list.
+</UL>
+<HR><H2><A NAME="HDRWQ88" HREF="auusg002.htm#ToC_170">Rules for Using AFS Commands</A></H2>
+<P>This section describes the rules to follow when using AFS
+commands.
+<P><H3><A NAME="Header_171" HREF="auusg002.htm#ToC_171">Spaces and Lines</A></H3>
+<P>Separate each command element (command suite, operation code, switches,
+instances, and flags) with a space. Multiple instances of an argument
+are also separated by a space.
+<P>Type all AFS commands on one line, followed by a carriage return.
+Some commands in this document appear on more than one line, but that is for
+legibility only.
+<P><H3><A NAME="Header_172" HREF="auusg002.htm#ToC_172">Abbreviations and Aliases for Operation Codes</A></H3>
+<A NAME="IDX1153"></A>
+<P>You can type operation codes in one of three ways:
+<UL>
+<P><LI>You can type the operation code in full.
+<P><LI>You can abbreviate the operation code to the shortest form that
+distinguishes it from the other operation codes in its command suite.
+<P><LI>You can use the alias for the operation code, if one exists.
+</UL>
+<P>For example, the <B>fs listacl</B> command can be issued as
+follows:
+<UL>
+<P><LI><B>fs listacl</B> (full command)
+<P><LI><B>fs lista</B> (abbreviation)
+<P><LI><B>fs la</B> (alias)
+</UL>
+<P>The <I>IBM AFS Administration Reference</I> provides information on the
+full and abbreviated command syntax as well as any aliases for all of the
+commands discussed in this guide.
+<P><H3><A NAME="Header_173" HREF="auusg002.htm#ToC_173">Omitting Argument Switches</A></H3>
+<A NAME="IDX1154"></A>
+<P>You can omit an argument's switch if the command takes only one
+argument, or if the following conditions are met.
+<UL>
+<P><LI>All of the command's required arguments appear in the order
+prescribed by the syntax statement.
+<P><LI>No switches are used on any arguments, even if they are in the correct
+order.
+<P><LI>There is only one value for each argument. The important exception
+to this condition is if the final required argument accepts multiple
+values; in this case, it is acceptable to provide multiple values without
+providing the switch.
+</UL>
+<P>For example, the following two commands are equivalent:
+<PRE> % <B>fs setacl -dir /afs/abc.com/usr/terry/private -acl pat rl</B>
+ % <B>fs setacl /afs/abc.com/usr/terry/private pat rl</B>
+</PRE>
+<P>However, the following is not an acceptable short form because the
+arguments are not in the prescribed order:
+<PRE> % <B>fs setacl -acl pat rl /afs/abc.com/usr/terry/private</B>
+</PRE>
+<P><H3><A NAME="Header_174" HREF="auusg002.htm#ToC_174">Shortening Switches and Flags</A></H3>
+<P>
+<A NAME="IDX1155"></A>
+If you are required to use a switch, or if you decide to use a flag, you can
+often shorten the name of that switch or flag provided that the shortened form
+still distinguishes it from the command's other flags and
+switches.
+<P>For example, when you issue the <B>fs setacl</B> command, you can
+abbreviate all of the switches and flags of the command to their initial
+letter because they all begin with a different letter. However, when
+you issue the <B>knfs</B> command, the <B>-host</B> argument and
+<B>-help</B> flag both begin with the letter <B>h</B>, so the shortest
+unambiguous abbreviations are <B>-ho</B> and <B>-he</B>
+respectively.
+<P><H3><A NAME="Header_175" HREF="auusg002.htm#ToC_175">Shortening Directory References</A></H3>
+<P>
+<A NAME="IDX1156"></A>
+Most AFS command arguments that require directory or pathnames instances
+accept one or more of the following short forms:
+<UL>
+<P><LI>A single period (<B>.</B>) indicates the current working
+directory.
+<P><LI>Two periods (<B>..</B>) indicate the parent directory of
+the current working directory.
+<P><LI>The $HOME environment variable indicates the issuer's home
+directory.
+</UL>
+<P>For example, if the user <B>terry</B> wants to grant <B>r</B>
+(<B>read</B>) and <B>l</B> (<B>lookup</B>) permissions on his home
+directory to his manager <B>pat</B>, <B>terry</B> can issue the
+following command.
+<PRE> % <B>fs setacl -dir $HOME -acl pat rl</B>
+</PRE>
+<P>If the current working directory is <B>terry</B>'s home directory,
+he can issue the following command.
+<PRE> % <B>fs setacl -dir . -acl pat rl</B>
+</PRE>
+<P>Both of the previous examples are acceptable short forms for the following
+command:
+<PRE> % <B>fs setacl -dir /afs/abc.com/usr/terry -acl pat rl</B>
+</PRE>
+<HR><H2><A NAME="Header_176" HREF="auusg002.htm#ToC_176">Commonly Used fs and pts Commands</A></H2>
+<P>This section provides additional information on the commonly used AFS
+<B>fs</B> and<B> pts</B> commands. For more detailed
+information, see the <I>IBM AFS Administration Reference</I>.
+<P><H3><A NAME="Header_177" HREF="auusg002.htm#ToC_177">About the fs Commands</A></H3>
+<A NAME="IDX1157"></A>
+<P>Some <B>fs</B> commands extend UNIX file system semantics by invoking
+file-related functions that UNIX does not provide (setting access control
+lists, for example). Other <B>fs</B> commands help you control the
+performance of the Cache Manager running on your local client machine.
+<A NAME="IDX1158"></A>
+<A NAME="IDX1159"></A>
+<P>All <B>fs</B> commands accept the optional <B>-help</B>
+flag. It has the same function as the <B>fs help</B> command:
+it prints a command's online help message on the screen. Do not
+provide other options at the same time as this flag. It overrides them,
+and the only effect of issuing the command is to display the help
+message.
+<A NAME="IDX1160"></A>
+<P>The privilege required for issuing <B>fs</B> commands varies.
+The necessary privileges for the <B>fs</B> commands described in this
+guide include the following:
+<UL>
+<P><LI>Having certain permissions on a directory's access control
+list. For example, creating and removing mount points requires
+<B>a</B> (<B>administer</B>), <B>i</B> (<B>insert</B>), and
+<B>d</B> (<B>delete</B>) permissions for the directory in which the
+mount point resides.
+<P><LI>Belonging to the <B>system:administrators</B> group (see <A HREF="auusg007.htm#HDRWQ50">Using the System Groups on ACLs</A>).
+<P><LI>No privilege. Many <B>fs</B> commands simply list information
+and so do not require any special privilege.
+</UL>
+<P><H3><A NAME="Header_178" HREF="auusg002.htm#ToC_178">About the pts Commands</A></H3>
+<A NAME="IDX1161"></A>
+<A NAME="IDX1162"></A>
+<P>The <B>pts</B> command suite is the interface through which you can
+create protection groups and add members to them. System administrators
+who belong to a special system group called
+<B>system:administrators</B> group can manipulate any group, and
+also create the user and machine entries that can belong to groups.
+Users who do not belong to the <B>system:administrators</B> group
+can always list the information associated with the group entries they own, as
+well as their own user entries. Depending on the setting of an
+entry's privacy flags, regular users can sometimes access and manipulate
+group entries in certain ways.
+<P>All <B>pts</B> commands accept optional arguments and flags.
+They are listed in the command descriptions in the <I>IBM AFS Administration
+Reference</I> and are described here in detail:
+<DL>
+<A NAME="IDX1163"></A>
+<P><DT><B>[-cell <<VAR>cell name</VAR>>]
+</B><DD>This argument indicates that the command runs in the indicated
+cell. The issuer can abbreviate the <VAR>cell name</VAR> value to the
+shortest form that distinguishes it from the other cells listed in the
+<B>/usr/vice/etc/CellServDB</B> file on the client machine on which the
+command is issued. By default, commands are executed in the local cell
+as defined
+<UL>
+<P><LI>First, by the value of the environment variable AFSCELL. (This
+variable is normally not defined by default. If you are working in
+another, nonlocal cell for an extended period of time, you can set the
+variable to the name of that cell.)
+<P><LI>Second, in the <B>/usr/vice/etc/ThisCell</B> file on the client
+machine on which the command is issued.
+</UL>
+</DL>
+<DL>
+<P><DT><B>[-force]
+</B><DD>This flag directs the <B>pts</B> command interpreter to continue
+executing the command, if possible, even if it encounters problems during the
+command's execution.
+<A NAME="IDX1164"></A>
+The command interpreter performs as much of the requested operation as
+possible, rather than halting if it encounters a problem. The command
+interpreter reports any errors it encounters during the command's
+execution. This flag is especially useful if you provide many instances
+for an argument; if one of the instances is invalid, the command reports
+the error and proceeds with the remaining arguments.
+</DL>
+<DL>
+<P><DT><B>[-help]
+<A NAME="IDX1165"></A>
+<A NAME="IDX1166"></A>
+</B><DD>This flag has the same function as the <B>pts help</B> command:
+it prints the command's online help message on the screen. Do not
+provide other options at the same time as this flag. It overrides them,
+and the only effect of issuing the command is to display the help
+message.
+</DL>
+<HR><H2><A NAME="HDRWQ89" HREF="auusg002.htm#ToC_179">Getting Help in AFS</A></H2>
+<A NAME="IDX1167"></A>
+<A NAME="IDX1168"></A>
+<P>AFS online help consists of basic syntax messages. The AFS
+distribution also includes help in HTML format which your system administrator
+can make available to you.
+<P><H3><A NAME="Header_180" HREF="auusg002.htm#ToC_180">Displaying Command Syntax and Aliases</A></H3>
+<A NAME="IDX1169"></A>
+<A NAME="IDX1170"></A>
+<A NAME="IDX1171"></A>
+<P>To display a brief description of a command, its syntax statement, and
+alias if any, use the <B>help</B> operation code. For example, to
+display the online help entry for the <B>fs listacl</B> command, enter the
+following command:
+<PRE> % <B>fs help listacl</B>
+ fs listacl: list access control list
+ aliases: la
+ Usage: fs listacl [-path <dir/file path>+] [-id] [-if] [-help]
+</PRE>
+<P>To display the syntax statement only, use the <B>-help</B> flag, which
+is available on most AFS commands. For example, to display the syntax
+statement for the <B>fs setacl</B> command, enter the following
+command:
+<PRE> % <B>fs setacl -help</B>
+ Usage: fs setacl -dir <directory>+ -acl <access list entries>+ [-clear] [-negative]
+ [-id] [-if] [-help]
+</PRE>
+<P><H3><A NAME="Header_181" HREF="auusg002.htm#ToC_181">Displaying Operation Code Descriptions</A></H3>
+<P>To display a short description of all of a command suite's
+operation codes, issue the <B>help</B> operation code without any other
+arguments. For example, the <B>fs help</B> command displays a short
+description of every operation code in the <B>fs</B> command suite.
+<A NAME="IDX1172"></A>
+<P>To display a list of the commands in a command suite that concern a certain
+type of object, provide a relevant keyword argument to the <B>apropos</B>
+operation code. For example, if you want to set an ACL but cannot
+remember which <B>fs</B> command to use, issue the following
+command:
+<PRE> % <B>fs apropos set</B>
+ setacl: set access control list
+ setcachesize: set cache size
+ setcell: set cell status
+ setclientaddrs: set client network interface addresses
+ setquota: set volume quota
+ setserverprefs: set file server ranks
+ setvol: set volume status
+ sysname: get/set sysname (i.e. @sys) value
+</PRE>
+<P>The following message indicates that there are no commands whose names or
+descriptions include the keyword string you have provided:
+<PRE> Sorry, no commands found
+</PRE>
+<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If the keyword you provide has spaces in it, enclose it in double quotes
+(<B>" "</B>).
+</TD></TR></TABLE>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg010.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg012.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg011.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auusg013.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<HR><H1><A NAME="HDRWQ90" HREF="auusg002.htm#ToC_182">Appendix C. Glossary</A></H1>
+<DL>
+<P><DT><B><B>a (administer) Permission</B>
+</B><DD>The ACL permission that allows the possessor to change the entries on the
+ACL .
+<P><DT><B><B>a Privacy Flag</B>
+</B><DD>The fourth privacy flag on a group, which enables the possessor to add
+members to it.
+<P><DT><B><B>Access Control List (ACL)</B>
+</B><DD>A list associated with an AFS directory that specifies what actions a user
+or group can perform on the directory and the files in it. There are
+seven access permissions: <B>a</B> (<B>administer</B>),
+<B>d</B> (<B>delete</B>), <B>i</B> (<B>insert</B>),
+<B>k</B> (<B>lock</B>), <B>l</B> (<B>lookup</B>), <B>r</B>
+(<B>read</B>), and <B>w</B> (<B>write</B>).
+<P><DT><B><B>ACL Entry</B>
+</B><DD>An entry on an ACL that pairs a user or group with specific access
+permissions.
+<P><DT><B><B>Alias</B>
+</B><DD>An alternative name for an AFS command.
+<P><DT><B><B>all ACL Shorthand</B>
+</B><DD>A shorthand notation used with the <B>fs setacl</B> command to
+represent all seven permissions.
+<P><DT><B><B>Anonymous</B>
+</B><DD>The identity assigned to a user who does not have a valid token for the
+local cell.
+<P><DT><B><B>Argument</B>
+</B><DD>The portion of a command that names an entity to be affected by the
+command. Arguments consist of two parts: a <I>switch</I> and
+one or more <I>instances</I>. Some AFS commands take one or more
+arguments.
+<P><DT><B><B>Authenticate</B>
+</B><DD>To become recognized as a valid AFS user by providing the correct
+password. Authenticate by logging onto a machine that uses an
+AFS-modified login utility or by issuing the <B>klog</B> command.
+Only authenticated users can perform most AFS actions.
+<P><DT><B><B>Byte, kilobyte</B>
+</B><DD>A unit of measure used to measure usage of space in a volume or on a
+partition. A kilobyte block is equal to 1024 bytes.
+<P><DT><B><B>Cache Manager</B>
+</B><DD>A set of modifications to the operating system on a client machine which
+enables users on the machine to access files stored in AFS. The Cache
+Manager requests files from the File Server and stores (<I>caches</I>) a
+copy of each file on the client machine's local disk. Application
+programs then use the cached copy, which eliminates repeated network requests
+to file server machines.
+<P><DT><B><B>Cached File</B>
+</B><DD>A copy of a file that the Cache Manager stores on a workstation's
+local disk.
+<P><DT><B><B>Callback</B>
+</B><DD>A promise from the File Server to contact the Cache Manager if the
+centrally stored copy of the file changes while the Cache Manager has a cached
+copy. If the file is altered, the File Server <I>breaks</I> the
+callback. The next time an application program asks for data from the
+file, the Cache Manager notices the broken callback and retrieves an updated
+copy of the file from the File Server. Callbacks ensure the user is
+working with the most recent copy of a file.
+<P><DT><B><B>Cell</B>
+</B><DD>An independently administered site running AFS, consisting of a collection
+of file server machines and client machines defined to belong to the
+cell. A machine can belong to only one cell at a time.
+<P><DT><B><B>Client Machines</B>
+</B><DD>Computers that perform computations for users. Users normally work
+on a client machine, accessing files stored on a file server machine.
+<P><DT><B><B>Client/Server Computing</B>
+</B><DD>A computing system in which two types of computers (client machines and
+server machines) perform different specialized functions.
+<P><DT><B><B>Command</B>
+</B><DD>A string of characters indicating an action for an AFS server to
+perform. For a description of AFS command syntax, see <A HREF="auusg011.htm#HDRWQ86">Appendix B, AFS Command Syntax and Online Help</A>.
+<P><DT><B><B>Command Suite</B>
+</B><DD>A group of AFS commands with related functions. The command suite
+name is the first word in many AFS commands.
+<P><DT><B><B>Complete Pathname</B>
+</B><DD>A full specification of a file's location in AFS, starting at the
+root of the filespace (by convention mounted at the <B>/afs</B> directory)
+and specifying all the directories the Cache Manager must pass through to
+access the file. The names of the directories are separated by
+slashes.
+<P><DT><B><B>d (delete) Permission</B>
+</B><DD>The ACL permission that enables the possessor to remove elements from a
+directory.
+<P><DT><B><B>Directory</B>
+</B><DD>A logical structure containing a collection of files and other
+directories.
+<P><DT><B><B>Distributed File System</B>
+</B><DD>A file system that joins the file systems of individual machines.
+Files are stored on different machines in the network but are accessible from
+all machines.
+<P><DT><B><B>File</B>
+</B><DD>A collection of information stored and retrieved as a unit.
+<P><DT><B><B>File Server Machine</B>
+</B><DD>A type of machine that stores files and transfers them to client machines
+on request.
+<P><DT><B><B>Flag</B>
+</B><DD>Part of a command that determines how the command executes, or the type of
+output it produces.
+<P><DT><B><B>Foreign Cell</B>
+</B><DD>A cell other than the cell to which the client machine belongs. If
+the client machine is appropriately configured, users can access the AFS
+filespace in foreign cells as well as the local cell, and can authenticate in
+foreign cells in which they have AFS accounts.
+<P><DT><B><B>Group</B>
+</B><DD>A defined list of users, which can be placed on a directory's ACL to
+extend a set of permissions to all of its members at once.
+<P><DT><B><B>Group-owned Group</B>
+</B><DD>A group owned by another group. All members of the owning group can
+administer the owned group; the members of the owned group do not have
+administer permissions themselves.
+<P><DT><B><B>Hierarchical File Structure</B>
+</B><DD>A method of storing data in directories that are organized in a tree
+structure.
+<P><DT><B><B>Home Directory</B>
+</B><DD>A directory owned by a user and dedicated to storage of the user's
+personal files.
+<P><DT><B><B>i (insert) Permission</B>
+</B><DD>The ACL permission that enables the possessor to add files or
+subdirectories to a directory.
+<P><DT><B><B>Instance</B>
+</B><DD>The part of a command string that defines the entity to affect.
+<P><DT><B><B>k (lock) Permission</B>
+</B><DD>See the k (lock) Permission entry. The ACL permission that enables
+programs to place advisory locks on a file.
+<P><DT><B>Kilobyte
+</B><DD>A unit of measure used to measure usage of space in a volume or on a
+partition. A kilobyte is equal to 1024 bytes. The term
+<I>kilobyte block</I> is sometimes used when referring to disk
+space.
+<P><DT><B><B>l (lookup) Permission</B>
+</B><DD>The ACL permission that enables the possessor to list the contents of a
+directory and display its ACL.
+<P><DT><B><B>Local Cell</B>
+</B><DD>The cell to which the user's account and client machine
+belong.
+<P><DT><B><B>lock Permission</B>
+</B><DD>See the <B>k (lock) Permission</B> entry.
+<P><DT><B><B>Login</B>
+</B><DD>The process of establishing a connection to a client machine's local
+file system as a specific user.
+<P><DT><B><B>Logout</B>
+</B><DD>The process of ending a connection to the local file system.
+<P><DT><B><B>m Privacy Flag</B>
+</B><DD>The third privacy flag on a group, which enables the possessor to list the
+members of a group or the groups to which a user belongs.
+<P><DT><B><B>Mode Bits</B>
+</B><DD>A set of permissions that the UNIX file system associates with a file or
+directory to control access to it. They appear in the first field of
+the output from the <B>ls -l</B> command.
+<P><DT><B><B>Mount Point</B>
+</B><DD>A special type of directory that associates a location in the AFS file
+space with a volume. It acts like a standard UNIX directory in that
+users can change directory to it and list its contents with the UNIX
+<B>cd</B> and <B>ls</B> commands.
+<P><DT><B><B>Mutual Authentication</B>
+</B><DD>A procedure through which two parties prove their identities to one
+another. AFS server and client processes normally mutually authenticate
+as they establish a connection.
+<P><DT><B><B>NFS/AFS Translator</B>
+</B><DD>A program that enables users on NFS client machines to access files in the
+AFS filespace.
+<P><DT><B><B>none ACL Shorthand</B>
+</B><DD>A shorthand notation used with the <B>fs setacl</B> command to delete
+an entry from an ACL.
+<P><DT><B><B>o Privacy Flag</B>
+</B><DD>The second privacy flag on a group, which enables the possessor to list
+groups owned by the user or group.
+<P><DT><B><B>Operation Code</B>
+</B><DD>The second word in an AFS command that belongs to a suite. It
+indicates the command's function.
+<P><DT><B><B>Owner of a Group</B>
+</B><DD>The person or group who can administer a group.
+<P><DT><B><B>Parent Directory</B>
+</B><DD>The directory in which a directory or file resides.
+<P><DT><B><B>Partition</B>
+</B><DD>A logical section of a disk in a computer.
+<P><DT><B><B>Password</B>
+</B><DD>A unique, user-defined string of characters validating the user's
+system identity. The user must correctly enter the password in order to
+be authenticated.
+<P><DT><B><B>Permission</B>
+</B><DD>A certain type of access granted on an ACL. Anyone who possesses
+the permission can perform the action.
+<P><DT><B><B>Quota</B>
+</B><DD>The size limit of a volume, assigned by the system administrator and
+measured in kilobyte blocks.
+<P><DT><B><B>r (read) Permission</B>
+</B><DD>The ACL permission that enables the possessor to examine the contents of a
+file.
+<P><DT><B><B>r Privacy Flag</B>
+</B><DD>The fifth privacy flag on a group, which enables the possessor to remove
+members from it.
+<P><DT><B><B>read ACL Shorthand</B>
+</B><DD>A shorthand notation used with the <B>fs setacl</B> command to
+represent the <B>r</B> and <B>l</B> permissions.
+<P><DT><B><B>Relative Pathname</B>
+</B><DD>A pathname that does not begin at the root of the AFS or local filespace
+and so represents a file or directory's location with respect to the
+current working directory.
+<P><DT><B><B>Remote Commands</B>
+</B><DD>Commands used to run programs on a remote machine without establishing a
+persistent connection to it.
+<P><DT><B><B>s Privacy Flag</B>
+</B><DD>The first privacy flag on a group, which enables the possessor to list
+general information about it.
+<P><DT><B><B>Self-owned Group</B>
+</B><DD>A group that owns itself, enabling all of its members to administer
+it.
+<P><DT><B><B>Server</B>
+</B><DD>A program or machine that provides a specialized service to its clients,
+such as storing and transferring files or performing authentication.
+<P><DT><B><B>Subdirectory</B>
+</B><DD>A directory that resides in another directory in the file system
+hierarchy.
+<P><DT><B><B>Switch</B>
+</B><DD>The part of a command string defining the type of an argument. It
+is preceded by a hyphen.
+<P><DT><B><B>Syntax Statement</B>
+</B><DD>A specification of the options available on a command and their
+ordering.
+<P><DT><B><B>System Administrator</B>
+</B><DD>A user who is authorized to administer an AFS cell.
+<P><DT><B><B>System Groups</B>
+</B><DD>Groups that AFS defines automatically to represent users who share certain
+characteristics. See the following three entries.
+<P><DT><B><B>System:administrators group</B>
+</B><DD>A system group that includes users authorized to administer AFS.
+<P><DT><B><B>System:anyuser</B> group
+</B><DD>A system group that includes everyone who can gain access the cell's
+AFS filespace. It includes unauthenticated users, who are assigned the
+identity <B>anonymous</B>.
+<P><DT><B><B>System:authuser</B> group
+</B><DD>A system group that includes all users who currently have valid AFS tokens
+for the local cell.
+<P><DT><B><B>Token</B>
+</B><DD>A collection of data that the AFS server processes accept as evidence that
+the possessor has successfully proved his or her identity to the cell's
+AFS authentication service. AFS assigns the identity
+<B>anonymous</B> to users who do not have a token.
+<P><DT><B><B>UNIX Mode Bits</B>
+</B><DD>See the <B>Mode Bits</B> entry.
+<P><DT><B><B>Username</B>
+</B><DD>A character string entered at login that uniquely identifies a person in
+the local cell.
+<P><DT><B><B>Volume</B>
+</B><DD>A structure that AFS uses to group a set of files and directories into a
+single unit for administrative purposes. The contents of a volume
+reside on a single disk partition and must be mounted in the AFS filespace to
+be accessible.
+<P><DT><B><B>w (write) Permission</B>
+</B><DD>The ACL permission that enables the possessor to modify the contents of a
+file.
+<P><DT><B><B>write ACL Shorthand</B>
+</B><DD>A shorthand notation used with the <B>fs setacl</B> command to
+represent all permissions except the <B>a</B> permission.
+</DL>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg011.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auusg013.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auusg013.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>User Guide</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3629/auusg000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 2 Oct 2000 at 14:38:44 -->
+<META HTTP-EQUIV="updated" CONTENT="Mon, 02 Oct 2000 14:38:42">
+<META HTTP-EQUIV="review" CONTENT="Tue, 02 Oct 2001 14:38:42">
+<META HTTP-EQUIV="expires" CONTENT="Wed, 02 Oct 2002 14:38:42">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>User Guide</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg012.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <P>
+<P>
+<HR><H1><A NAME="HDRINDEX" HREF="auusg002.htm#ToC_183">Index</A></H1>
+<A NAME="IDX0_41" HREF="#IDX1_41">A</A>
+<A NAME="IDX0_43" HREF="#IDX1_43">C</A>
+<A NAME="IDX0_44" HREF="#IDX1_44">D</A>
+<A NAME="IDX0_45" HREF="#IDX1_45">E</A>
+<A NAME="IDX0_46" HREF="#IDX1_46">F</A>
+<A NAME="IDX0_47" HREF="#IDX1_47">G</A>
+<A NAME="IDX0_48" HREF="#IDX1_48">H</A>
+<A NAME="IDX0_49" HREF="#IDX1_49">I</A>
+<A NAME="IDX0_4B" HREF="#IDX1_4B">K</A>
+<A NAME="IDX0_4C" HREF="#IDX1_4C">L</A>
+<A NAME="IDX0_4D" HREF="#IDX1_4D">M</A>
+<A NAME="IDX0_4E" HREF="#IDX1_4E">N</A>
+<A NAME="IDX0_4F" HREF="#IDX1_4F">O</A>
+<A NAME="IDX0_50" HREF="#IDX1_50">P</A>
+<A NAME="IDX0_51" HREF="#IDX1_51">Q</A>
+<A NAME="IDX0_52" HREF="#IDX1_52">R</A>
+<A NAME="IDX0_53" HREF="#IDX1_53">S</A>
+<A NAME="IDX0_54" HREF="#IDX1_54">T</A>
+<A NAME="IDX0_55" HREF="#IDX1_55">U</A>
+<A NAME="IDX0_56" HREF="#IDX1_56">V</A>
+<A NAME="IDX0_57" HREF="#IDX1_57">W</A>
+<A NAME="IDX0_59" HREF="#IDX1_59">Y</A>
+<HR>
+<STRONG><A NAME="IDX1_41" HREF="#IDX0_41">A</A></STRONG>
+<MENU>
+<LI>a ACL permission
+<A HREF="auusg007.htm#IDX941">(941)</A>
+<LI>a privacy flag on groups
+<A HREF="auusg008.htm#IDX1115">(1115)</A>
+<LI>access control list
+<MENU>
+<LI>see entry: <I>ACL</I>
+<A HREF="auusg007.htm#IDX928">(928)</A>
+</MENU>
+<LI>access permissions on ACL
+<MENU>
+<LI>see entries: <I>permissions on ACL</I>, <I>ACL</I>
+<A HREF="auusg007.htm#IDX931">(931)</A>
+</MENU>
+<LI>access to AFS filespace
+<MENU>
+<LI>ACL entries control
+<A HREF="auusg007.htm#IDX989">(989)</A>
+<LI>controlling at directory level
+<A HREF="auusg007.htm#IDX930">(930)</A>
+<LI>controlling for subdirectories
+<A HREF="auusg007.htm#IDX971">(971)</A>
+<LI>enabling for service processes
+<A HREF="auusg007.htm#IDX972">(972)</A>
+<LI>enabling for users from foreign cells
+<A HREF="auusg007.htm#IDX973">(973)</A>
+<LI>failures, troubleshooting
+<A HREF="auusg009.htm#IDX1125">(1125)</A>
+<LI>format of pathnames
+<A HREF="auusg005.htm#IDX865">(865)</A>
+<LI>from NFS client machines
+<A HREF="auusg010.htm#IDX1138">(1138)</A>
+<LI>granting and denying to users
+<A HREF="auusg007.htm#IDX925">(925)</A>
+</MENU>
+<LI>ACL
+<MENU>
+<LI>accidentally removed yourself
+<A HREF="auusg009.htm#IDX1127">(1127)</A>
+<LI>auxiliary permissions
+<A HREF="auusg007.htm#IDX949">(949)</A>
+<LI>clearing
+<A HREF="auusg007.htm#IDX1005">(1005)</A>
+<LI>compared to UNIX mode bits
+<A HREF="auusg004.htm#IDX796">(796)</A>
+<LI>copying between directories
+<A HREF="auusg007.htm#IDX1013">(1013)</A>
+<LI>creating negative entry
+<A HREF="auusg007.htm#IDX996">(996)</A>
+<LI>creating normal entry
+<A HREF="auusg007.htm#IDX986">(986)</A>
+<LI>described
+<A HREF="auusg004.htm#IDX788">(788)</A>, <A HREF="auusg007.htm#IDX927">(927)</A>
+<LI>displaying
+<A HREF="auusg007.htm#IDX974">(974)</A>
+<LI>foreign users on
+<A HREF="auusg007.htm#IDX969">(969)</A>
+<LI>negative permissions
+<A HREF="auusg007.htm#IDX959">(959)</A>
+<LI>normal permissions
+<A HREF="auusg007.htm#IDX958">(958)</A>
+<LI>normal vs. negative permissions
+<A HREF="auusg007.htm#IDX957">(957)</A>
+<LI>permissions defined
+<A HREF="auusg007.htm#IDX933">(933)</A>
+<LI>removing obsolete entries
+<A HREF="auusg008.htm#IDX1088">(1088)</A>
+<LI>replacing all entries
+<A HREF="auusg007.htm#IDX1004">(1004)</A>
+<LI>setting
+<A HREF="auusg007.htm#IDX983">(983)</A>
+<LI>shorthand notation for grouping sets of permissions
+<A HREF="auusg007.htm#IDX950">(950)</A>
+</MENU>
+<LI>adding
+<MENU>
+<LI>ACL entry to negative permissions section
+<A HREF="auusg007.htm#IDX997">(997)</A>
+<LI>ACL entry to normal permissions section
+<A HREF="auusg007.htm#IDX987">(987)</A>
+<LI>users to groups
+<A HREF="auusg008.htm#IDX1066">(1066)</A>
+</MENU>
+<LI>administer ACL permission
+<A HREF="auusg007.htm#IDX940">(940)</A>
+<LI>AFS
+<MENU>
+<LI>accessing filespace
+<A HREF="auusg005.htm#IDX864">(864)</A>
+<LI>accessing from NFS client machine
+<A HREF="auusg010.htm#IDX1137">(1137)</A>
+<LI>filespace as extension of local filespace
+<A HREF="auusg004.htm#IDX757">(757)</A>
+<LI>security
+<A HREF="auusg004.htm#IDX780">(780)</A>
+<LI>sharing information
+<A HREF="auusg004.htm#IDX747">(747)</A>
+<LI>transparent access
+<A HREF="auusg004.htm#IDX748">(748)</A>
+<LI>UIDs and GIDs
+<A HREF="auusg008.htm#IDX1061">(1061)</A>
+</MENU>
+<LI>afs (/afs) directory
+<MENU>
+<LI>as root of AFS filespace
+<A HREF="auusg004.htm#IDX758">(758)</A>, <A HREF="auusg005.htm#IDX866">(866)</A>
+</MENU>
+<LI>afs: failed to store file (error message)
+<A HREF="auusg009.htm#IDX1133">(1133)</A>
+<LI>all shorthand for ACL permissions
+<A HREF="auusg007.htm#IDX953">(953)</A>
+<LI>apropos operation code
+<A HREF="auusg011.htm#IDX1169">(1169)</A>
+<LI>arguments to AFS commands
+<A HREF="auusg011.htm#IDX1149">(1149)</A>
+<LI>authentication
+<MENU>
+<LI>as another user
+<A HREF="auusg005.htm#IDX829">(829)</A>
+<LI>defined
+<A HREF="auusg004.htm#IDX786">(786)</A>
+<LI>in a foreign cell
+<A HREF="auusg005.htm#IDX828">(828)</A>
+<LI>limits on consecutive failed attempts
+<A HREF="auusg005.htm#IDX848">(848)</A>
+<LI>mutual
+<A HREF="auusg004.htm#IDX783">(783)</A>
+<LI>to AFS on NFS client machines
+<A HREF="auusg010.htm#IDX1141">(1141)</A>
+<LI>tokens as proof
+<A HREF="auusg005.htm#IDX822">(822)</A>
+<LI>with DCE for DFS access
+<A HREF="auusg005.htm#IDX836">(836)</A>
+</MENU>
+<LI>auxiliary ACL permissions
+<A HREF="auusg007.htm#IDX948">(948)</A>
+</MENU>
+<STRONG><A NAME="IDX1_43" HREF="#IDX0_43">C</A></STRONG>
+<MENU>
+<LI>Cache Manager
+<MENU>
+<LI>described
+<A HREF="auusg004.htm#IDX773">(773)</A>
+<LI>displaying file server preferences
+<A HREF="auusg006.htm#IDX923">(923)</A>
+<LI>tokens, use of
+<A HREF="auusg005.htm#IDX824">(824)</A>
+</MENU>
+<LI>caching files
+<A HREF="auusg004.htm#IDX772">(772)</A>
+<LI>callbacks
+<A HREF="auusg004.htm#IDX777">(777)</A>
+<LI>cells
+<MENU>
+<LI>defined
+<A HREF="auusg004.htm#IDX760">(760)</A>
+<LI>local vs. foreign
+<A HREF="auusg004.htm#IDX765">(765)</A>
+</MENU>
+<LI>changing
+<MENU>
+<LI>ACLs
+<A HREF="auusg007.htm#IDX981">(981)</A>
+<LI>AFS password
+<A HREF="auusg005.htm#IDX877">(877)</A>
+<LI>group name
+<A HREF="auusg008.htm#IDX1100">(1100)</A>
+<LI>group owner
+<A HREF="auusg008.htm#IDX1099">(1099)</A>
+<LI>UNIX password
+<A HREF="auusg005.htm#IDX883">(883)</A>
+</MENU>
+<LI>checking
+<MENU>
+<LI>tokens
+<A HREF="auusg005.htm#IDX840">(840)</A>
+</MENU>
+<LI>chgrp command
+<A HREF="auusg004.htm#IDX810">(810)</A>
+<LI>chmod command
+<A HREF="auusg004.htm#IDX806">(806)</A>, <A HREF="auusg007.htm#IDX1023">(1023)</A>
+<LI>chown command
+<A HREF="auusg004.htm#IDX808">(808)</A>
+<LI>clearing all ACL entries
+<A HREF="auusg007.htm#IDX1008">(1008)</A>
+<LI>client machine
+<A HREF="auusg004.htm#IDX750">(750)</A>, <A HREF="auusg004.htm#IDX774">(774)</A>
+<LI>client/server computing
+<A HREF="auusg004.htm#IDX749">(749)</A>
+<LI>commands
+<MENU>
+<LI>AFS, issuing on NFS client machine
+<A HREF="auusg010.htm#IDX1140">(1140)</A>
+<LI>chgrp
+<A HREF="auusg004.htm#IDX811">(811)</A>
+<LI>chmod
+<A HREF="auusg004.htm#IDX807">(807)</A>, <A HREF="auusg007.htm#IDX1022">(1022)</A>
+<LI>chown
+<A HREF="auusg004.htm#IDX809">(809)</A>
+<LI>dlog
+<A HREF="auusg005.htm#IDX832">(832)</A>
+<LI>dpass
+<A HREF="auusg005.htm#IDX833">(833)</A>
+<LI>fs checkservers
+<A HREF="auusg006.htm#IDX916">(916)</A>
+<LI>fs cleanacl
+<A HREF="auusg008.htm#IDX1095">(1095)</A>
+<LI>fs copyacl
+<A HREF="auusg007.htm#IDX1017">(1017)</A>
+<LI>fs examine
+<A HREF="auusg006.htm#IDX899">(899)</A>
+<LI>fs getserverprefs
+<A HREF="auusg006.htm#IDX921">(921)</A>
+<LI>fs listacl
+<A HREF="auusg007.htm#IDX978">(978)</A>
+<LI>fs listcells
+<A HREF="auusg006.htm#IDX919">(919)</A>
+<LI>fs listquota
+<A HREF="auusg006.htm#IDX893">(893)</A>
+<LI>fs quota
+<A HREF="auusg006.htm#IDX888">(888)</A>
+<LI>fs setacl
+<A HREF="auusg007.htm#IDX992">(992)</A>, <A HREF="auusg007.htm#IDX1002">(1002)</A>
+<LI>fs whereis
+<A HREF="auusg006.htm#IDX908">(908)</A>
+<LI>ftp
+<A HREF="auusg004.htm#IDX800">(800)</A>
+<LI>groups
+<A HREF="auusg004.htm#IDX813">(813)</A>
+<LI>inetd
+<A HREF="auusg004.htm#IDX815">(815)</A>
+<LI>kas examine
+<A HREF="auusg005.htm#IDX850">(850)</A>, <A HREF="auusg005.htm#IDX871">(871)</A>
+<LI>klog
+<A HREF="auusg005.htm#IDX838">(838)</A>
+<LI>knfs
+<A HREF="auusg010.htm#IDX1143">(1143)</A>
+<LI>kpasswd
+<A HREF="auusg005.htm#IDX878">(878)</A>
+<LI>ln
+<A HREF="auusg004.htm#IDX818">(818)</A>
+<LI>login
+<A HREF="auusg005.htm#IDX821">(821)</A>
+<LI>passwd
+<A HREF="auusg005.htm#IDX880">(880)</A>
+<LI>pts adduser
+<A HREF="auusg008.htm#IDX1077">(1077)</A>
+<LI>pts chown
+<A HREF="auusg008.htm#IDX1102">(1102)</A>
+<LI>pts creategroup
+<A HREF="auusg008.htm#IDX1071">(1071)</A>
+<LI>pts delete
+<A HREF="auusg008.htm#IDX1092">(1092)</A>
+<LI>pts examine
+<A HREF="auusg008.htm#IDX1052">(1052)</A>
+<LI>pts listowned
+<A HREF="auusg008.htm#IDX1046">(1046)</A>
+<LI>pts membership
+<A HREF="auusg008.htm#IDX1042">(1042)</A>
+<LI>pts removeuser
+<A HREF="auusg008.htm#IDX1089">(1089)</A>
+<LI>pts rename
+<A HREF="auusg008.htm#IDX1106">(1106)</A>
+<LI>pts setfields
+<A HREF="auusg008.htm#IDX1117">(1117)</A>
+<LI>rcp
+<A HREF="auusg004.htm#IDX802">(802)</A>
+<LI>rsh
+<A HREF="auusg004.htm#IDX804">(804)</A>
+<LI>suite organization for AFS
+<A HREF="auusg011.htm#IDX1146">(1146)</A>
+<LI>syntax for AFS
+<A HREF="auusg011.htm#IDX1145">(1145)</A>
+<LI>tokens
+<A HREF="auusg005.htm#IDX841">(841)</A>
+<LI>unlog
+<A HREF="auusg005.htm#IDX858">(858)</A>
+</MENU>
+<LI>communication
+<MENU>
+<LI>among cells and sites
+<A HREF="auusg004.htm#IDX762">(762)</A>
+<LI>between clients and servers
+<A HREF="auusg004.htm#IDX754">(754)</A>
+</MENU>
+<LI>connection timed out (error message)
+<A HREF="auusg009.htm#IDX1131">(1131)</A>
+<LI>copying
+<MENU>
+<LI>ACL between directories
+<A HREF="auusg007.htm#IDX1015">(1015)</A>
+<LI>files, inability to
+<A HREF="auusg009.htm#IDX1123">(1123)</A>
+</MENU>
+<LI>creating
+<MENU>
+<LI>ACL as copy of another
+<A HREF="auusg007.htm#IDX1014">(1014)</A>
+<LI>ACL entry in negative permissions section
+<A HREF="auusg007.htm#IDX995">(995)</A>
+<LI>ACL entry in normal permissions section
+<A HREF="auusg007.htm#IDX985">(985)</A>
+<LI>groups
+<A HREF="auusg008.htm#IDX1067">(1067)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_44" HREF="#IDX0_44">D</A></STRONG>
+<MENU>
+<LI>d ACL permission
+<A HREF="auusg007.htm#IDX939">(939)</A>
+<LI>delete ACL permission
+<A HREF="auusg007.htm#IDX938">(938)</A>
+<LI>deleting groups
+<A HREF="auusg008.htm#IDX1084">(1084)</A>
+<LI>denying access with negative ACL entry
+<A HREF="auusg007.htm#IDX998">(998)</A>
+<LI>directories
+<MENU>
+<LI>accessing AFS
+<A HREF="auusg005.htm#IDX862">(862)</A>
+<LI>copying ACLs between
+<A HREF="auusg007.htm#IDX1016">(1016)</A>
+<LI>denying access
+<A HREF="auusg007.htm#IDX999">(999)</A>
+<LI>displaying location
+<A HREF="auusg006.htm#IDX906">(906)</A>
+<LI>granting access
+<A HREF="auusg007.htm#IDX990">(990)</A>
+<LI>inability to access
+<A HREF="auusg009.htm#IDX1124">(1124)</A>
+<LI>replacing ACL
+<A HREF="auusg007.htm#IDX1010">(1010)</A>
+<LI>setting access control list
+<A HREF="auusg007.htm#IDX926">(926)</A>
+<LI>shorthand notation for referencing
+<A HREF="auusg011.htm#IDX1156">(1156)</A>
+</MENU>
+<LI>disk partition
+<MENU>
+<LI>consequences when full
+<A HREF="auusg006.htm#IDX885">(885)</A>
+<LI>displaying percentage of space used
+<A HREF="auusg006.htm#IDX896">(896)</A>
+<LI>displaying space available and total size
+<A HREF="auusg006.htm#IDX903">(903)</A>
+<LI>use in AFS
+<A HREF="auusg004.htm#IDX767">(767)</A>
+</MENU>
+<LI>displaying
+<MENU>
+<LI>ACL entries
+<A HREF="auusg007.htm#IDX975">(975)</A>
+<LI>directory/file location
+<A HREF="auusg006.htm#IDX909">(909)</A>
+<LI>disk partition percentage space used
+<A HREF="auusg006.htm#IDX895">(895)</A>
+<LI>disk partition space available and total size
+<A HREF="auusg006.htm#IDX902">(902)</A>
+<LI>file or directory location
+<A HREF="auusg006.htm#IDX910">(910)</A>
+<LI>group creator
+<A HREF="auusg008.htm#IDX1055">(1055)</A>
+<LI>group information
+<A HREF="auusg008.htm#IDX1039">(1039)</A>
+<LI>group owner
+<A HREF="auusg008.htm#IDX1054">(1054)</A>
+<LI>group-creation quota
+<A HREF="auusg008.htm#IDX1056">(1056)</A>
+<LI>groups owned by a group
+<A HREF="auusg008.htm#IDX1045">(1045)</A>
+<LI>password expiration date
+<A HREF="auusg005.htm#IDX874">(874)</A>
+<LI>password reuse policy
+<A HREF="auusg005.htm#IDX875">(875)</A>
+<LI>percentage of volume quota used
+<A HREF="auusg006.htm#IDX889">(889)</A>
+<LI>tokens
+<A HREF="auusg005.htm#IDX844">(844)</A>
+<LI>volume quota with other information
+<A HREF="auusg006.htm#IDX894">(894)</A>, <A HREF="auusg006.htm#IDX901">(901)</A>
+</MENU>
+<LI>distributed file system
+<A HREF="auusg004.htm#IDX755">(755)</A>
+<LI>dlog command
+<A HREF="auusg005.htm#IDX834">(834)</A>
+<LI>dpass command
+<A HREF="auusg005.htm#IDX835">(835)</A>
+</MENU>
+<STRONG><A NAME="IDX1_45" HREF="#IDX0_45">E</A></STRONG>
+<MENU>
+<LI>erasing all ACL entries
+<A HREF="auusg007.htm#IDX1007">(1007)</A>
+<LI>error messages, troubleshooting
+<A HREF="auusg009.htm#IDX1129">(1129)</A>
+<LI>examples
+<MENU>
+<LI>adding a user to an ACL
+<A HREF="auusg007.htm#IDX994">(994)</A>
+<LI>adding members to a group
+<A HREF="auusg008.htm#IDX1080">(1080)</A>
+<LI>authenticating
+<A HREF="auusg005.htm#IDX845">(845)</A>
+<LI>authenticating as another user
+<A HREF="auusg005.htm#IDX846">(846)</A>
+<LI>authenticating in a foreign cell
+<A HREF="auusg005.htm#IDX847">(847)</A>
+<LI>changing group name
+<A HREF="auusg008.htm#IDX1108">(1108)</A>
+<LI>changing group owner
+<A HREF="auusg008.htm#IDX1104">(1104)</A>
+<LI>checking status of file servers
+<A HREF="auusg006.htm#IDX917">(917)</A>
+<LI>copying ACL between directories
+<A HREF="auusg007.htm#IDX1019">(1019)</A>
+<LI>creating a group
+<A HREF="auusg008.htm#IDX1075">(1075)</A>
+<LI>creating a self-owned group
+<A HREF="auusg008.htm#IDX1105">(1105)</A>
+<LI>creating entry on negative permissions section of ACL
+<A HREF="auusg007.htm#IDX1003">(1003)</A>
+<LI>deleting a group
+<A HREF="auusg008.htm#IDX1094">(1094)</A>
+<LI>displaying ACL for single directory
+<A HREF="auusg007.htm#IDX979">(979)</A>
+<LI>displaying ACLs for multiple directories
+<A HREF="auusg007.htm#IDX980">(980)</A>
+<LI>displaying group information about a user
+<A HREF="auusg008.htm#IDX1065">(1065)</A>
+<LI>displaying groups a group owns
+<A HREF="auusg008.htm#IDX1050">(1050)</A>
+<LI>displaying groups a user owns
+<A HREF="auusg008.htm#IDX1051">(1051)</A>
+<LI>displaying information about group
+<A HREF="auusg008.htm#IDX1064">(1064)</A>
+<LI>displaying members of a group
+<A HREF="auusg008.htm#IDX1044">(1044)</A>
+<LI>displaying volume information
+<A HREF="auusg006.htm#IDX904">(904)</A>
+<LI>displaying volume quota and other information
+<A HREF="auusg006.htm#IDX897">(897)</A>
+<LI>displaying volume quota percentage used
+<A HREF="auusg006.htm#IDX890">(890)</A>
+<LI>locating multiple files
+<A HREF="auusg006.htm#IDX911">(911)</A>
+<LI>removing deleted groups from ACLs
+<A HREF="auusg008.htm#IDX1097">(1097)</A>
+<LI>removing group members
+<A HREF="auusg008.htm#IDX1091">(1091)</A>
+<LI>replacing an ACL
+<A HREF="auusg007.htm#IDX1012">(1012)</A>
+<LI>setting group's privacy flags
+<A HREF="auusg008.htm#IDX1119">(1119)</A>
+<LI>unauthenticating from selected cells
+<A HREF="auusg005.htm#IDX860">(860)</A>
+<LI>using chmod
+<A HREF="auusg007.htm#IDX1024">(1024)</A>
+<LI>volume/mount point interaction
+<A HREF="auusg004.htm#IDX770">(770)</A>
+</MENU>
+<LI>exiting an AFS session
+<A HREF="auusg005.htm#IDX855">(855)</A>
+</MENU>
+<STRONG><A NAME="IDX1_46" HREF="#IDX0_46">F</A></STRONG>
+<MENU>
+<LI>failed to store file (error message)
+<A HREF="auusg009.htm#IDX1134">(1134)</A>
+<LI>file server machines
+<MENU>
+<LI>checking status
+<A HREF="auusg006.htm#IDX912">(912)</A>
+</MENU>
+<LI>files
+<MENU>
+<LI>accessing AFS
+<A HREF="auusg005.htm#IDX861">(861)</A>
+<LI>caching
+<A HREF="auusg004.htm#IDX775">(775)</A>
+<LI>denying access
+<A HREF="auusg004.htm#IDX778">(778)</A>, <A HREF="auusg007.htm#IDX1000">(1000)</A>
+<LI>displaying location
+<A HREF="auusg006.htm#IDX905">(905)</A>
+<LI>granting access
+<A HREF="auusg007.htm#IDX991">(991)</A>
+<LI>inability to access, copy or save
+<A HREF="auusg009.htm#IDX1121">(1121)</A>
+<LI>sharing
+<A HREF="auusg004.htm#IDX779">(779)</A>, <A HREF="auusg004.htm#IDX791">(791)</A>
+<LI>updating
+<A HREF="auusg004.htm#IDX776">(776)</A>
+</MENU>
+<LI>flags on AFS commands
+<A HREF="auusg011.htm#IDX1152">(1152)</A>
+<LI>foreign cells
+<MENU>
+<LI>accessing
+<A HREF="auusg005.htm#IDX868">(868)</A>
+<LI>defined
+<A HREF="auusg004.htm#IDX764">(764)</A>
+<LI>enabling access
+<A HREF="auusg006.htm#IDX918">(918)</A>
+</MENU>
+<LI>format of AFS pathnames
+<A HREF="auusg005.htm#IDX867">(867)</A>
+<LI>fs commands
+<MENU>
+<LI>checkservers
+<A HREF="auusg006.htm#IDX915">(915)</A>
+<LI>cleanacl
+<A HREF="auusg008.htm#IDX1096">(1096)</A>
+<LI>copyacl
+<A HREF="auusg007.htm#IDX1018">(1018)</A>
+<LI>examine
+<A HREF="auusg006.htm#IDX898">(898)</A>
+<LI>getserverprefs
+<A HREF="auusg006.htm#IDX922">(922)</A>
+<LI>getting help
+<A HREF="auusg011.htm#IDX1159">(1159)</A>
+<LI>help flag
+<A HREF="auusg011.htm#IDX1158">(1158)</A>
+<LI>introduction
+<A HREF="auusg011.htm#IDX1157">(1157)</A>
+<LI>listacl
+<A HREF="auusg007.htm#IDX977">(977)</A>
+<LI>listcells
+<A HREF="auusg006.htm#IDX920">(920)</A>
+<LI>listquota
+<A HREF="auusg006.htm#IDX891">(891)</A>
+<LI>privileges required
+<A HREF="auusg011.htm#IDX1160">(1160)</A>
+<LI>quota
+<A HREF="auusg006.htm#IDX886">(886)</A>
+<LI>setacl
+<A HREF="auusg007.htm#IDX993">(993)</A>
+<MENU>
+<LI>completely replacing ACL
+<A HREF="auusg007.htm#IDX1011">(1011)</A>
+<LI>with -negative flag
+<A HREF="auusg007.htm#IDX1001">(1001)</A>
+</MENU>
+<LI>whereis
+<A HREF="auusg006.htm#IDX907">(907)</A>
+</MENU>
+<LI>ftp command
+<A HREF="auusg004.htm#IDX801">(801)</A>
+</MENU>
+<STRONG><A NAME="IDX1_47" HREF="#IDX0_47">G</A></STRONG>
+<MENU>
+<LI>GID, AFS
+<A HREF="auusg008.htm#IDX1062">(1062)</A>
+<LI>granting access to AFS filespace
+<A HREF="auusg007.htm#IDX988">(988)</A>
+<LI>group use of group
+<A HREF="auusg008.htm#IDX1031">(1031)</A>
+<LI>group-creation quota
+<MENU>
+<LI>defined
+<A HREF="auusg008.htm#IDX1037">(1037)</A>
+<LI>displaying
+<A HREF="auusg008.htm#IDX1060">(1060)</A>
+</MENU>
+<LI>groups
+<MENU>
+<LI>adding members
+<A HREF="auusg008.htm#IDX1069">(1069)</A>, <A HREF="auusg008.htm#IDX1076">(1076)</A>
+<LI>changing name
+<A HREF="auusg008.htm#IDX1098">(1098)</A>
+<LI>changing owner
+<A HREF="auusg008.htm#IDX1101">(1101)</A>
+<LI>creating
+<A HREF="auusg008.htm#IDX1068">(1068)</A>
+<LI>creation quota
+<A HREF="auusg008.htm#IDX1038">(1038)</A>
+<LI>creator, displaying
+<A HREF="auusg008.htm#IDX1058">(1058)</A>
+<LI>deleting
+<A HREF="auusg008.htm#IDX1082">(1082)</A>
+<LI>displaying information
+<A HREF="auusg008.htm#IDX1040">(1040)</A>
+<LI>group use
+<A HREF="auusg008.htm#IDX1033">(1033)</A>
+<LI>group-owned groups
+<A HREF="auusg008.htm#IDX1034">(1034)</A>
+<LI>listing groups owned
+<A HREF="auusg008.htm#IDX1048">(1048)</A>
+<LI>machines as members
+<A HREF="auusg008.htm#IDX1026">(1026)</A>
+<LI>naming conventions
+<A HREF="auusg008.htm#IDX1036">(1036)</A>
+<LI>owner as administrator
+<A HREF="auusg008.htm#IDX1070">(1070)</A>
+<LI>owner, displaying
+<A HREF="auusg008.htm#IDX1057">(1057)</A>
+<LI>privacy flags
+<A HREF="auusg008.htm#IDX1110">(1110)</A>
+<LI>private use
+<A HREF="auusg008.htm#IDX1028">(1028)</A>
+<LI>removing members
+<A HREF="auusg008.htm#IDX1081">(1081)</A>
+<LI>rules for assigning ownership
+<A HREF="auusg008.htm#IDX1073">(1073)</A>
+<LI>self-owned groups
+<A HREF="auusg008.htm#IDX1035">(1035)</A>
+<LI>shared use
+<A HREF="auusg008.htm#IDX1030">(1030)</A>
+</MENU>
+<LI>groups command
+<A HREF="auusg004.htm#IDX812">(812)</A>
+</MENU>
+<STRONG><A NAME="IDX1_48" HREF="#IDX0_48">H</A></STRONG>
+<MENU>
+<LI>help
+<MENU>
+<LI>examples
+<A HREF="auusg011.htm#IDX1171">(1171)</A>
+<LI>online for AFS commands
+<A HREF="auusg011.htm#IDX1167">(1167)</A>
+<LI>operation code in AFS command suites
+<A HREF="auusg011.htm#IDX1170">(1170)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_49" HREF="#IDX0_49">I</A></STRONG>
+<MENU>
+<LI>i ACL permission
+<A HREF="auusg007.htm#IDX937">(937)</A>
+<LI>inetd command
+<A HREF="auusg004.htm#IDX814">(814)</A>
+<LI>insert ACL permission
+<A HREF="auusg007.htm#IDX936">(936)</A>
+<LI>instances to AFS commands
+<A HREF="auusg011.htm#IDX1151">(1151)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4B" HREF="#IDX0_4B">K</A></STRONG>
+<MENU>
+<LI>k ACL permission
+<A HREF="auusg007.htm#IDX946">(946)</A>
+<LI>kas commands
+<MENU>
+<LI>examine
+<A HREF="auusg005.htm#IDX849">(849)</A>, <A HREF="auusg005.htm#IDX870">(870)</A>
+</MENU>
+<LI>keyword for apropos command
+<A HREF="auusg011.htm#IDX1172">(1172)</A>
+<LI>klog command
+<A HREF="auusg005.htm#IDX837">(837)</A>
+<LI>knfs command
+<A HREF="auusg010.htm#IDX1142">(1142)</A>
+<LI>kpasswd command
+<A HREF="auusg005.htm#IDX879">(879)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4C" HREF="#IDX0_4C">L</A></STRONG>
+<MENU>
+<LI>l ACL permission
+<A HREF="auusg007.htm#IDX935">(935)</A>
+<LI>lifetime of tokens
+<A HREF="auusg005.htm#IDX831">(831)</A>
+<LI>limits on authentication attempts
+<A HREF="auusg005.htm#IDX851">(851)</A>
+<LI>ln command
+<A HREF="auusg004.htm#IDX817">(817)</A>
+<LI>local cell, defined
+<A HREF="auusg004.htm#IDX763">(763)</A>
+<LI>local machine
+<A HREF="auusg004.htm#IDX756">(756)</A>
+<LI>local password file (/etc/passwd)
+<A HREF="auusg004.htm#IDX794">(794)</A>
+<LI>lock ACL permission
+<A HREF="auusg007.htm#IDX947">(947)</A>
+<LI>logging in
+<A HREF="auusg005.htm#IDX819">(819)</A>
+<LI>logging out
+<A HREF="auusg005.htm#IDX856">(856)</A>
+<LI>login utility
+<A HREF="auusg004.htm#IDX816">(816)</A>, <A HREF="auusg005.htm#IDX820">(820)</A>
+<LI>lookup ACL permission
+<A HREF="auusg007.htm#IDX934">(934)</A>
+<LI>lost contact with fileserver (error message)
+<A HREF="auusg009.htm#IDX1130">(1130)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4D" HREF="#IDX0_4D">M</A></STRONG>
+<MENU>
+<LI>m privacy flag on groups
+<A HREF="auusg008.htm#IDX1114">(1114)</A>
+<LI>machines
+<MENU>
+<LI>as members of groups
+<A HREF="auusg008.htm#IDX1025">(1025)</A>
+<LI>client
+<A HREF="auusg004.htm#IDX753">(753)</A>
+<LI>server
+<A HREF="auusg004.htm#IDX752">(752)</A>
+</MENU>
+<LI>mode bits (UNIX)
+<MENU>
+<LI>interpretation in AFS
+<A HREF="auusg007.htm#IDX1021">(1021)</A>
+</MENU>
+<LI>mount points defined
+<A HREF="auusg004.htm#IDX768">(768)</A>
+<LI>mutual authentication
+<A HREF="auusg004.htm#IDX782">(782)</A>
+</MENU>
+<STRONG><A NAME="IDX1_4E" HREF="#IDX0_4E">N</A></STRONG>
+<MENU>
+<LI>negative ACL permissions
+<MENU>
+<LI>defined
+<A HREF="auusg007.htm#IDX963">(963)</A>
+<LI>setting
+<A HREF="auusg007.htm#IDX964">(964)</A>
+</MENU>
+<LI>NFS
+<MENU>
+<LI>accessing AFS from client
+<A HREF="auusg010.htm#IDX1135">(1135)</A>
+<LI>issuing AFS commands on NFS client machine
+<A HREF="auusg010.htm#IDX1139">(1139)</A>
+</MENU>
+<LI>NFS/AFS Translator
+<A HREF="auusg010.htm#IDX1136">(1136)</A>
+<LI>none shorthand for ACL permissions
+<A HREF="auusg007.htm#IDX954">(954)</A>
+<LI>normal ACL permissions
+<MENU>
+<LI>defined
+<A HREF="auusg007.htm#IDX961">(961)</A>
+<LI>setting
+<A HREF="auusg007.htm#IDX962">(962)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_4F" HREF="#IDX0_4F">O</A></STRONG>
+<MENU>
+<LI>o privacy flag on groups
+<A HREF="auusg008.htm#IDX1113">(1113)</A>
+<LI>online help
+<A HREF="auusg011.htm#IDX1168">(1168)</A>
+<LI>operation codes in AFS commands
+<MENU>
+<LI>abbreviating
+<A HREF="auusg011.htm#IDX1153">(1153)</A>
+<LI>defined
+<A HREF="auusg011.htm#IDX1148">(1148)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_50" HREF="#IDX0_50">P</A></STRONG>
+<MENU>
+<LI>PAG
+<A HREF="auusg005.htm#IDX825">(825)</A>
+<LI>passwd
+<MENU>
+<LI>command
+<A HREF="auusg005.htm#IDX881">(881)</A>
+<LI>file
+<A HREF="auusg004.htm#IDX795">(795)</A>
+</MENU>
+<LI>password
+<A HREF="auusg004.htm#IDX784">(784)</A>
+<MENU>
+<LI>changing AFS
+<A HREF="auusg005.htm#IDX876">(876)</A>
+<LI>changing UNIX
+<A HREF="auusg005.htm#IDX882">(882)</A>
+<LI>expiration date, displaying
+<A HREF="auusg005.htm#IDX872">(872)</A>
+<LI>reuse policy, displaying
+<A HREF="auusg005.htm#IDX873">(873)</A>
+</MENU>
+<LI>pathnames
+<A HREF="auusg005.htm#IDX863">(863)</A>
+<LI>permissions on ACL
+<MENU>
+<LI>defined
+<A HREF="auusg007.htm#IDX932">(932)</A>
+<LI>displaying
+<A HREF="auusg007.htm#IDX976">(976)</A>
+<LI>normal vs. negative
+<A HREF="auusg007.htm#IDX960">(960)</A>
+<LI>setting
+<A HREF="auusg007.htm#IDX984">(984)</A>
+<LI>shorthand for
+<A HREF="auusg007.htm#IDX952">(952)</A>
+</MENU>
+<LI>privacy flags on groups
+<A HREF="auusg008.htm#IDX1111">(1111)</A>
+<LI>private use of group
+<A HREF="auusg008.htm#IDX1027">(1027)</A>
+<LI>process authentication group (PAG)
+<A HREF="auusg005.htm#IDX826">(826)</A>
+<LI>protection
+<MENU>
+<LI>for files and directories
+<A HREF="auusg007.htm#IDX924">(924)</A>
+<LI>group-related information
+<A HREF="auusg008.htm#IDX1109">(1109)</A>
+</MENU>
+<LI>Protection Database
+<A HREF="auusg011.htm#IDX1162">(1162)</A>
+<LI>pts commands
+<MENU>
+<LI> chown
+<A HREF="auusg008.htm#IDX1103">(1103)</A>
+<LI>adduser
+<A HREF="auusg008.htm#IDX1078">(1078)</A>
+<LI>cell argument
+<A HREF="auusg011.htm#IDX1163">(1163)</A>
+<LI>creategroup
+<A HREF="auusg008.htm#IDX1072">(1072)</A>
+<LI>delete
+<A HREF="auusg008.htm#IDX1093">(1093)</A>
+<LI>examine
+<A HREF="auusg008.htm#IDX1053">(1053)</A>
+<LI>force flag
+<A HREF="auusg011.htm#IDX1164">(1164)</A>
+<LI>getting help
+<A HREF="auusg011.htm#IDX1166">(1166)</A>
+<LI>help flag
+<A HREF="auusg011.htm#IDX1165">(1165)</A>
+<LI>listowned
+<A HREF="auusg008.htm#IDX1049">(1049)</A>
+<LI>membership
+<A HREF="auusg008.htm#IDX1043">(1043)</A>
+<LI>privilege required
+<A HREF="auusg011.htm#IDX1161">(1161)</A>
+<LI>removeuser
+<A HREF="auusg008.htm#IDX1090">(1090)</A>
+<LI>rename
+<A HREF="auusg008.htm#IDX1107">(1107)</A>
+<LI>setfields
+<A HREF="auusg008.htm#IDX1118">(1118)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_51" HREF="#IDX0_51">Q</A></STRONG>
+<MENU>
+<LI>quitting an AFS session
+<A HREF="auusg005.htm#IDX857">(857)</A>
+</MENU>
+<STRONG><A NAME="IDX1_52" HREF="#IDX0_52">R</A></STRONG>
+<MENU>
+<LI>r ACL permission
+<A HREF="auusg007.htm#IDX943">(943)</A>
+<LI>r privacy flag on groups
+<A HREF="auusg008.htm#IDX1116">(1116)</A>
+<LI>rcp command
+<A HREF="auusg004.htm#IDX803">(803)</A>
+<LI>read ACL permission
+<A HREF="auusg007.htm#IDX942">(942)</A>
+<LI>read shorthand for ACL permissions
+<A HREF="auusg007.htm#IDX955">(955)</A>
+<LI>remote commands
+<A HREF="auusg004.htm#IDX799">(799)</A>
+<LI>removing
+<MENU>
+<LI>all ACL entries
+<A HREF="auusg007.htm#IDX1009">(1009)</A>
+<LI>obsolete ACL entries
+<A HREF="auusg008.htm#IDX1087">(1087)</A>
+<LI>users from groups
+<A HREF="auusg008.htm#IDX1083">(1083)</A>, <A HREF="auusg008.htm#IDX1085">(1085)</A>
+</MENU>
+<LI>replacing
+<MENU>
+<LI>all entries on ACL
+<A HREF="auusg007.htm#IDX1006">(1006)</A>
+</MENU>
+<LI>root of AFS filespace
+<A HREF="auusg004.htm#IDX759">(759)</A>
+<LI>rsh command
+<A HREF="auusg004.htm#IDX805">(805)</A>
+<LI>rules for assigning group names
+<A HREF="auusg008.htm#IDX1074">(1074)</A>
+</MENU>
+<STRONG><A NAME="IDX1_53" HREF="#IDX0_53">S</A></STRONG>
+<MENU>
+<LI>s privacy flag on groups
+<A HREF="auusg008.htm#IDX1112">(1112)</A>
+<LI>saving files
+<MENU>
+<LI>inability to
+<A HREF="auusg009.htm#IDX1122">(1122)</A>
+<LI>on inaccessible file server machines
+<A HREF="auusg006.htm#IDX914">(914)</A>
+</MENU>
+<LI>security in AFS
+<A HREF="auusg004.htm#IDX781">(781)</A>
+<LI>self-owned group
+<A HREF="auusg008.htm#IDX1032">(1032)</A>
+<LI>server machines defined
+<A HREF="auusg004.htm#IDX751">(751)</A>
+<LI>setpag argument to klog command
+<A HREF="auusg005.htm#IDX827">(827)</A>
+<LI>setting permissions on ACL
+<A HREF="auusg007.htm#IDX982">(982)</A>
+<LI>shared use of group
+<A HREF="auusg008.htm#IDX1029">(1029)</A>
+<LI>shorthand notation for ACL permissions
+<A HREF="auusg007.htm#IDX951">(951)</A>
+<LI>site defined
+<A HREF="auusg004.htm#IDX761">(761)</A>
+<LI>status of file server machines
+<A HREF="auusg006.htm#IDX913">(913)</A>
+<LI>subdirectories, accessing
+<A HREF="auusg007.htm#IDX929">(929)</A>, <A HREF="auusg007.htm#IDX970">(970)</A>
+<LI>suite, defined for AFS command
+<A HREF="auusg011.htm#IDX1147">(1147)</A>
+<LI>switches on AFS commands
+<MENU>
+<LI>abbreviating
+<A HREF="auusg011.htm#IDX1155">(1155)</A>
+<LI>defined
+<A HREF="auusg011.htm#IDX1150">(1150)</A>
+<LI>omitting
+<A HREF="auusg011.htm#IDX1154">(1154)</A>
+</MENU>
+<LI>syntax of AFS commands described
+<A HREF="auusg011.htm#IDX1144">(1144)</A>
+<LI>system groups
+<MENU>
+<LI>using on ACLs
+<A HREF="auusg007.htm#IDX965">(965)</A>
+</MENU>
+<LI>system:administrators group
+<A HREF="auusg007.htm#IDX968">(968)</A>
+<LI>system:anyuser group
+<MENU>
+<LI>controlling access by foreign users
+<A HREF="auusg005.htm#IDX869">(869)</A>
+<LI>using on ACLs
+<A HREF="auusg007.htm#IDX966">(966)</A>
+</MENU>
+<LI>system:authuser group
+<A HREF="auusg007.htm#IDX967">(967)</A>
+</MENU>
+<STRONG><A NAME="IDX1_54" HREF="#IDX0_54">T</A></STRONG>
+<MENU>
+<LI>tokens
+<MENU>
+<LI>as proof of authentication
+<A HREF="auusg004.htm#IDX785">(785)</A>, <A HREF="auusg005.htm#IDX823">(823)</A>
+<LI>command
+<A HREF="auusg005.htm#IDX842">(842)</A>
+<LI>destroying
+<A HREF="auusg005.htm#IDX853">(853)</A>
+<LI>displaying
+<A HREF="auusg005.htm#IDX843">(843)</A>
+<LI>getting
+<A HREF="auusg005.htm#IDX839">(839)</A>
+<LI>lifetime
+<A HREF="auusg005.htm#IDX830">(830)</A>
+<LI>use in mutual authentication
+<A HREF="auusg004.htm#IDX787">(787)</A>
+</MENU>
+<LI>troubleshooting
+<MENU>
+<LI>accidental removal from ACL
+<A HREF="auusg009.htm#IDX1126">(1126)</A>
+<LI>error messages
+<A HREF="auusg009.htm#IDX1128">(1128)</A>
+<LI>inability to access, copy or save file
+<A HREF="auusg009.htm#IDX1120">(1120)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_55" HREF="#IDX0_55">U</A></STRONG>
+<MENU>
+<LI>UID, AFS
+<A HREF="auusg008.htm#IDX1063">(1063)</A>
+<LI>unauthenticating
+<A HREF="auusg005.htm#IDX854">(854)</A>
+<LI>UNIX, differences with AFS
+<MENU>
+<LI>commands
+<A HREF="auusg004.htm#IDX798">(798)</A>
+<LI>file access/protection
+<A HREF="auusg004.htm#IDX797">(797)</A>
+<LI>file transfer
+<A HREF="auusg004.htm#IDX789">(789)</A>
+<LI>login
+<A HREF="auusg004.htm#IDX792">(792)</A>
+<LI>mode bits, interpretation
+<A HREF="auusg007.htm#IDX1020">(1020)</A>
+<LI>passwords
+<A HREF="auusg004.htm#IDX793">(793)</A>
+<LI>sharing files
+<A HREF="auusg004.htm#IDX790">(790)</A>
+</MENU>
+<LI>unlog command
+<A HREF="auusg005.htm#IDX859">(859)</A>
+<LI>users
+<MENU>
+<LI>account lockout time
+<A HREF="auusg005.htm#IDX852">(852)</A>
+<LI>adding as group members
+<A HREF="auusg008.htm#IDX1079">(1079)</A>
+<LI>displaying group information
+<A HREF="auusg008.htm#IDX1041">(1041)</A>
+<LI>displaying number of group memberships
+<A HREF="auusg008.htm#IDX1059">(1059)</A>
+<LI>listing groups owned
+<A HREF="auusg008.htm#IDX1047">(1047)</A>
+<LI>removing from groups
+<A HREF="auusg008.htm#IDX1086">(1086)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_56" HREF="#IDX0_56">V</A></STRONG>
+<MENU>
+<LI>volume quota
+<A HREF="auusg006.htm#IDX884">(884)</A>
+<MENU>
+<LI>displaying percentage used
+<A HREF="auusg006.htm#IDX887">(887)</A>
+<LI>displaying with other information
+<A HREF="auusg006.htm#IDX892">(892)</A>, <A HREF="auusg006.htm#IDX900">(900)</A>
+</MENU>
+<LI>volumes
+<MENU>
+<LI>accessing via mount points
+<A HREF="auusg004.htm#IDX769">(769)</A>
+<LI>defined
+<A HREF="auusg004.htm#IDX766">(766)</A>
+<LI>volume/mount point interaction
+<A HREF="auusg004.htm#IDX771">(771)</A>
+</MENU>
+</MENU>
+<STRONG><A NAME="IDX1_57" HREF="#IDX0_57">W</A></STRONG>
+<MENU>
+<LI>w ACL permission
+<A HREF="auusg007.htm#IDX945">(945)</A>
+<LI>write shorthand for ACL permissions
+<A HREF="auusg007.htm#IDX956">(956)</A>
+<LI>write ACL permission
+<A HREF="auusg007.htm#IDX944">(944)</A>
+</MENU>
+<STRONG><A NAME="IDX1_59" HREF="#IDX0_59">Y</A></STRONG>
+<MENU>
+<LI>you don't have the required access rights (error message)
+<A HREF="auusg009.htm#IDX1132">(1132)</A>
+</MENU>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auusg002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auusg012.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
projects / packages / o / openafs.git / commitdiff