Last month (OpenAFS, page 70) we'd discussed what OpenAFS is and how you can deploy it on your network. This time we take the series further and will discuss how you can manage it. In this article, we will see creating users and groups, setting access rights on folders, managing server operations and closely look at its disaster recovery feature.
Managing users and groups
In any implementation, user authentication plays a very important role. OpenAFS has a built-in user and group management system for an AFS cell (we talked about AFS cells in the previous part). Before creating users, you need to create the user groups and then add the users to these groups. Creating groups simplifies managing the users.
Go to the 'AFS Central Control Server' and open 'Accounts Manager' from Start>Programs>Open AFS>Control Center. This will open an 'Accounts Management' window on your screen showing the four built-in users. Here, select the Groups tab and you will find one built-in group called 'system:Adminstrators'. To create a new group, click on the Create button. In the 'Create Group' window that pops up, type in the new group name you want to create and click on OK.
Once you have created the groups according to your organizational structure, proceed to creating the users. From the 'Accounts Manager' window, go to the Users tab and click on Create. Here, on the 'Create Users' screen, type in the username and password and then click on Groups button first and then on 'Create users-Advanced'. Next click on Add. The groups you created above will be displayed. Select the group that you want to assign to this user and click on OK.
Managing access control
Administrators can set up access control polices on the OpenAFS shares. This is a simple task to do. Just go to the 'Control Server' machine and click on Start>Run and type in \\\\afs. This will open an Explorer window showing all the AFS shares. Note that you cannot set up ACL on the root shares, you will need to create subfolders within these shares to set up access control.
So, create a folder inside any of the shares you now see, and then right click on that folder. From the context menu, select AFS>Access Control list. On the screen that appears, check on the access control items on the left side as per your requirements.
By default the Administrator has all the rights and 'everyone' has only 'read' and 'lookup' rights. If you want to set up access control for specific groups then click on the Add button. A new window will appear. Here in the Name textbox, type in the group name with the syntax 'system:GroupName' and then click on OK to save the settings.
Managing OpenAFS is also not difficult, as you can create as many virtual volumes and partitions as you want. To manage OpenAFS, go to the 'Control Center Server' and open 'Server Manager' from Start>Programs>OpenAFS>Control Center. You will get a window showing the virtual AFS volumes. Here you can lock/unlock, synchronize, backup, edit server security and salvage the volumes. If you have used a Netware system, these operations are exactly the same.
If one of the virtual AFS volumes get corrupted due to an improper shutdown, OpenAFS gives you the ability to re-build the entire volume, using its Salvage tool. To use this tool, open the 'Server Configuration' from the Start>Programs>OpenAFS> Server. Select the mounted AFS space (by default it's named as 'vicepd'). From the same window click on Salvage button, a warning window will appear, showing three salvaging options. Select 'Salvage all of the volumes on the selected partition' and then click on OK. If you want to Salvage all the volume from all AFS partitions then select 'Salvage volume on all the partitions'. This will re-build the corrupted AFS volume. This process takes sometime because it recollects the data from the Backup serverand re-builds the AFS volume. So if you have implemented openAFS, make sure you have configured the Backup server as well.