As AFS is not a native Unix file system, separate installation and
management are required. Unix users and/or data may be located either on
a local Unix disk partition or on AFS volumes or on a NFS
file system. In a Unix system both local disk and NFS file systems
are treated in the same way with regard to protections that differ from
AFS file system ownership handling. To access NFS files, AFS
supports a translator managed by the knfs command. No detailed
information on the translator is given in this document.
AFS users may be authenticated in two differents ways:
pagsh to create space for token holding
issue klog to authenticate
AFS and Unix protections are completely different: Unix relies on mode bits while AFS relies on ACLs and interacts with Unix mode bits. Unix mode bits specify for each file the following protections:
UNIX MODE BITS: rwx for ugo --->
read|write|execute for user|group|others
AFS access in controlled by 7 ACls that apply to the whole directory and provides up to 20 user/group definitions. The
provided ACLs are:
AFS ACLs: rldiwka for 'groups' --->
read|lookup|insert|delete|write|lock|administer for adm|any|user
(Default: system:administrators|system:anyuser|user)
When running ftp, rcp, rsh, rlogin on an AFS machine, if the user is not AFS authenticated on the remote node (in which case direct access is given), the following message is displayed:
Warning: unable to authenticatein this case file access is granted only as
system:anyuser member.