[OpenAFS] Questions, vol. 2.
Jeffrey Hutzelman
jhutz@cmu.edu
Wed, 21 Jan 2004 17:22:51 -0500
On Wednesday, January 21, 2004 13:53:41 -0500 "Todd M. Lewis"
<utoddl@email.unc.edu> wrote:
>> -Volumes and volume sizes -- what do you use as a typical volume
>> size/quota? The default is 5 Mb, which is ridiculously small (and points
>> toward an assumption that AFS will be used largely for user home
Actually, that default is quite old. Once upon a time, 5MB was a _lot_ of
disk space. AFS is that old.
>> directories). What is too big? For example, I have just created a volume
>> with a 4 Gb quota, as that will comfortably fit on a DVD-R.
> You've got to decide (1) what you want a volume to hold and (2) how
> you're going to manipulate its data. You've done #2 nicely here, as it's
> something you can back up on a specific medium.
It's important here to understand that volume quota is just a number that
affects how much storage the volume is allowed to use -- it doesn't
correspond to preallocated space, and can be changed in an instant. So if
you end up needing a volume to have a larger quota, you just change it.
As for what's "too big"...
Well, a volume whose quota is larger than the size of the partition it's on
is probably too big -- there's no way it can use more space than exists.
Also, you should think about the relative sizes of volumes and partitions.
In most cells, most vice partitions will be around the same size, or at
least one of a few sizes (in our cell, we currently have mostly 9GB, 18GB,
and 36GB partitions; we're about to start a transition to a new set of
servers which will have mostly 100GB and 200GB partitions). If a volume is
a substantial fraction of the partition size, then it will be less
convenient to find a place to put it if you have to move it.
Note also that volumes can be moved completely transparently, at any time.
So if one partition is getting too full, just move some volumes elsewhere.
>> -Another partition question -- on a /vicepxx partition, where does the
>> data actually reside?
>
> I deffer to the server-side folks on that one.
There are two basic fileserver architectures, which for somewhat obscure
reasons we call "inode" and "namei". Which one you're using depends
largely on what platform your fileserver runs on.
The namei server is used on Linux, Darwin/MacOS X, and the various BSD's.
The inode server is used on most commercial UNIX's, though there is an
option to build the namei server on these platforms as well.
If your server uses the namei fileserver, the actual data is stored in
/vicepx/AFSIDat, using a structure of directory and file names which
encodes the internal identifying information for each file. This tree can
be backed up, restored, and even moved to a new disk, as long as you are
careful to preserve _all_ the metadata. However, we recommend using AFS
utilities to perform backups on a per-volume level, instead of backing up
entire partitions. It is best to start thinking early of the volume as the
basic administrative unit of data storage.
If your server uses the inode fileserver, the file data is stored in inodes
which have specific properties that allow them to be identified, but do not
have any links in the vice partition directory structure. This model
requires the use of a special fsck, which is included with OpenAFS for
platforms where this server is supported. Checking inode-server vice
partitions with an ordinary fsck will destroy the contents of AFS volumes.
>> If I want to create a new user in the cell, does this mean that I have to
>> first create a user in AFS
>> create a user on the user's workstation with the same UID/GID as the new
>> AFS user?
>
> The order doesn't matter. The UID needs to match up, but there's no
> relation between pts group numbers (the negative numbers in your next
> question) and the UNIX gid of the local ID.
Actually, it's not even required that the UID's match. They really
identify two separate things, though there is a correspondence and it is
useful to keep them in sync.
UNIX UID's identify users, processes, and so on within a client
workstation. They control access to files, sending signals to processes,
and so on. Your UNIX UID is generally set by 'su' or 'login', based on the
UID that appears in the password file. UNIX files have a UID and GID
associated with them, which are used to determine which set of access bits
(user, group or other) apply to a particular process.
AFS ID's identify users to AFS, and control access to files and directories
in AFS, through the ownership of AFS files and the contents of ACL's. The
AFS ID for a particular user is controlled by the tokens he has when
accessing the fileserver, and by the PTS database which maps AFS usernames
to AFS ID's. AFS files and directories also have a UID and GID associated
with them; however, these are _not_ used to control access. Instead, the
"user" bits always apply to every process; the "group" and "other" bits are
never used. However, access is additionally controlled by the ACL on each
directory -- in order to read a file, you must have "r" access to the
directory containing it, and the owner "r" bit on the file must be on. The
actual UID and GID associated with the file are not relevant. The access
bits on a file may be changed by anyone who has "a" access on the directory
containing it.
Of course, things are actually slightly more complex than this.
First, if the UID on a directory is the same as your AFS ID, then AFS will
behave as if the ACL granted you "a" access to that directory. Similarly,
if the UID on the root directory of a volume is the same as your AFS ID,
then you get the implied "a" rights on every directory in that volume.
This feature prevents you from accidentally revoking your own rights on
something you "own". Further, administrators (members of the special PTS
group system:administrators) are granted these implicit rights on _every_
directory. That enables them to alter ACL's as needed.
Second, the "x" bit is actually not implemented by AFS at all; what it
actually does is control whether the operating system thinks a file is an
executable program. Because of this, the "group" or "other" "x" bits may
apply to you (depending on your UID and GID and those on the file), even
though AFS itself normally ignores these bits.
Third, UNIX includes the concept of set-uid and set-gid programs. These
features are also implemented by the operating system on the client. If
one of these bits is set on an executable file in AFS, then when that file
is run, the resulting process will have its UID and/or GID set based on the
file's properties, just as if the file were in some other operating system.
This does _not_ affect access to AFS files in any way (unless you had no
PAG, in which case changing your UID will also affect what tokens you use).
Finally, it is worth noting that "ls" is generally not AFS-aware. It will
look up the UID and GID on a file in /etc/passwd, so if AFS ID's don't
match, then it will show the wrong thing.
>> -Group IDs -- AFS uses negative group ID numbers. The Linux machines
>> have no idea what to do with that -- they just read the group ID's as "0"
>
> Right. The UNIX/Linux gid for users is not relevant to AFS.
Exactly. The concepts are completely separate. PTS groups are used to
control access to AFS files. They can be placed on ACL's, just like users
can. There is no special meaning to setting the GID of an AFS file to a
PTS group. It is possible to set the UID of a file to a negative number,
if your operating system will let you (most won't); in this case, all
members of that group get the implicit privileges described above. I
wouldn't count on this behaviour, though, since most OS's won't let you set
a negative owner.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA