[OpenAFS] readonly/readwrite

Kelsang, Wangden wngdn@src.uchicago.edu
Thu, 1 Mar 2001 09:24:49 -0600 

Hi Corey,

> Can someone explain the difference between readonly and readwrite
> volumes?  When is it appropriate to use each? I want to keep users
> home directories in afs space ( I am using ldap for the
> authorization stuff), do I need to create a home volume and then
> create volumes for each user? whats the "standard" way to do this?

I asked about this on Transarc's AFS mailing list in December of 1999,
and I discovered that different sites use different strategies.

First, as far as read/write and read-only, I believe it's still the
case that you have to be a member of system:administrators to do a vos
release, so it isn't practical to make read-only volumes for ordinary
users.  This is something I would love to see changed in OpenAFS - if
I could give an ordinary user the ability to do a vos release on a
particular volume, and if that permission were controllable
volume-by-volume, it would be really nice.

Second, the organization of things.  People generally recommended not
to put hundreds or thousands of home directories in the same parent
directory, because ls time goes into the toilet.  What we ended up
doing was creating a volume called "users" mounted at
/afs/<cell>/users.  Inside that, we have two layers of subdirectories
corresponding to the first two characters of the username to break
things up.  So for example, my "wngdn" account is at
/afs/<cell>/users/w/n/wngdn, and that directory is a mount point for
my personal volume (users.wngdn).

Then to make things less confusing for the users, we created a volume
called "home" and mounted it at /afs/<cell>/home, and populated it
with symlinks to people's actual home directories.  So,
/afs/<cell>/home/wngdn points to /afs/<cell>/users/w/n/wngdn.

Then, we made a symlink in root.afs (/afs) called "home" and pointed
at /afs/<cell>/home.  What we tell users is that their home directory
is /afs/home/<username>, which is short and sweet.

The symlinks in home allow us to change our minds later about the
organization of users.  For instance, dividing by letter of the
alphabet desn't yield an even distribution, so maybe someday we'll
want to convert to just numbered subdirectories or something.  With
this system we have flexibility.

HTH,

Wangden
-- 
Kelsang, Wangden (Buddhist monk)        Technical Manager
Social Science Research Computing, University of Chicago
       wngdn@src.uchicago.edu      (773) 702-3792
  PGP key:  http://www.src.uchicago.edu/~wngdn/key.txt