[OpenAFS] AFS and NFS export of same partition
Tino Schwarze
openafs-info.lists@tisc.de
Sat, 17 Jul 2004 14:10:11 +0200
Hi Anup,
On Sat, Jul 17, 2004 at 05:18:41PM +0530, Anup Gangwar wrote:
> We were planning to shift our NFS based setup to an AFS based one.
> While everything else seems fine, handling mails (esp. procmail) and SAMBA
> exports of homes would be potential problems.
>
> I was wondering whether it is possible to export the same
> filesystem as both AFS and NFS. This way some of our old setup can work as
> such while we get all the other advantages of AFS.
Unfortunately, this is not possible. AFS does not work like NFS. It does
not "export" an existing filesystem, but creates a filesystem space
itself. Only this way you can implement all the fancy volume management
features.
The fundamental entitiy in AFS is a volume. It's got a name, a number, a
quota and it resides on a server (and probably has some RO-replicas).
The volume doesn't know (nor does it need to) where it's mounted into
the AFS filespace. Actually a volume can be mounted as often as you like
anywhere you like. Files (and directories, mountpoints and ACLs) are stored
in volumes. The VLDB allows the client to figure out on which server a
volume resides. Therefore, if you want to access, say
/afs/yourcell/home/someuser/afile.txt, the client traverses the volumes:
/afs -> root.afs
/yourcell -> root.cell
/home -> home
/someuser -> user.someuser
/afile.txt
When using plaintext passwords, you can make Samba export the AFS tree,
but this is obviously ugly. There are some hacks flying around to pass
Samba the tokens needed for authentication.
I don't know about the state of the AFS-NFS-translator though. You can
in any case export an /afs via userspace NFS withouth access control
(that means, you only get access as far as system:anyuser gets, which is
the default anonymous group).
Keep in mind that AFS requires strong authentication - a UID means
nothing to AFS! You almost always need a token to get anything not
readable by system:anyuser.
HTH! Tino.