UM SPH Home > SPH Informatics & Computing Services > Technical Guides & FAQs > UNIX Logins, Environment Variables and AFS Tips > AFS Tips

Computing Services

Classroom Services & Room Scheduling Unit

Web Services

E-Learning & Instructional Technology

Distance Education

Site Menu

Related Sites

Accessibility Statement. Privacy Statement.

symbol for authentication required denotes that authentication is required.

AFS Tips

What are ACLs?

  • AFS is the network file system used by the SPH UNIX machines. All personal and group disk directories reside in AFS (note that all these directory names begin with /afs/sph.umich.edu).
  • Each directory residing in AFS has an access control list (ACL), which lists which users or groups are allowed to access this directory and what type of access each can have.
  • Traditional UNIX ownership and permissions (as displayed in the ls -al command) mean little for AFS files. An SPH user should not use the chmod command in hopes of restricting access to AFS files.

Checking and changing acls

  • Each user or group can have up to seven attributes in the ACL which control access to a a particular directory. The attributes with a brief description of each are shown below:
    • r - this user or group can read the contents of a file in this directory
    • l - can get a directory listing (just list the names only -- nothing else)
    • i - can create (insert) a new file in this directory
    • d - can delete a file from this directory
    • w - can modify the contents (write to) of a file in this directory
    • k - can lock a file in this directory (some programs like SAS need the ability to 'lock' a file temporarily to guarantee that no other process (program) will change the file while it is being used)
    • a - can change the access control list for this directory (they can add or delete users or groups from the list as well as change any of these attributes for anyone of the list).
  • The ACLs for a given directory can be displayed by running the fs listacl command followed by the name of the directory. For example, to list the ACLs for the current directory (represented by "."), run the command 
        fs listacl .
or
    fs la .
    This will produce output similar to: 
    Access list for . is
Normal rights:
  some.admin rlidwka
  some.group rlidwk
  sphinfo rlidwka
  system:administrators rlidwka
  drpepper rlidwk
  rosmith rl
    This output lists groups (some.admin, some.group, sphinfo and system:administrators are groups) and users and the access that each is permitted.
  • ACLs are set by running the fs setacl command. For example, the command 
        fs setacl . someuser rl
    sets the ACLs to be read-only for the user, someuser, for the current directory. The command, 
        fs setacl /group/research/Public system:anyuser rl
    sets the ACLs to be read-only for the group, system:anyuser (every person who as access to an AFS machine is in this group), for the directory, /group/research/Public.
  • Most users in SPH will grant the following attributes for various users and groups:
    rlidwka
    full access for those you can trust
    rlidwk
    full access to files but not permitted to change ACLs
    rl
    read-only access (user cannot change files or directories)
    rlk
    read-only access for those that need to run SAS here (SAS requires the k attribute even for read-only access)

What is a volume?

  • A volume is a logical container for a given directory tree on the AFS file system.
  • A person's home directory is usually contained entirely within one volume. Group directories used by the various projects in SPH are usually made up of several volumes.
  • The existence of volumes doesn't matter to SPH users most of the time. When a user moves from one volume to another when changing directories or when shuffling files, they usually won't notice the volume change. Knowing about a volume becomes more important when a user has run out of space on the volume or when the user has deleted a file and wants to recover the file from the backup volume (which is usually known to many in SPH as the OldFiles directory).

Checking the quota on a volume

  • The quota on a volume can be checked by running the fs listquota command. For example, to check the quota on whatever volume the current directory is in, enter the command, 
        fs listquota .
or
    fs lq .
    You will see something like: 
        Volume Name            Quota    Used    % Used   Partition 
    user.testuser           5000    3259       65%         73%
    The first field tells you that you are in the volume "user.testuser". The second field tells you how much space you are permitted to use in kilobytes (1024 bytes, abbreviated KB) and the third field tells you how many KB you have actually used.
  • If you ever have problems saving files in AFS and you see that you are not over your quota but the partition listed in the last field is at 100%, send a message to sph.help@umich.edu and the SPH Computing Services staff will promptly fix the problem.

For more information, see http://www.sph.umich.edu/computing/docs.html#afs.