Advertisment
Implementation Guides

Managing OpenAFS

author-image
PCQ Bureau
New Update

Last month (OpenAFS, page 70) we'd discussed what OpenAFS is and how you can deploy it on your network. This time we take the series further and will discuss how you can manage it. In this article, we will see creating users and groups, setting access rights on folders, managing server operations and closely look at its disaster recovery feature. 

Advertisment

Managing users and groups



In any implementation, user authentication plays a very important role. OpenAFS has a built-in user and group management system for an AFS cell (we talked about AFS cells in the previous part). Before creating users, you need to create the user groups and then add the users to these groups. Creating groups simplifies managing the users. 

Go to the 'AFS Central Control Server' and open 'Accounts Manager' from Start>Programs>Open AFS>Control Center. This will open an 'Accounts Management' window on your screen showing the four built-in users. Here, select the Groups tab and you will find one built-in group called

'system:Adminstrators'. To create a new group, click on the Create button. In the 'Create Group' window that pops up, type in the new group name you want to create and click on OK. 

Direct

Hit!

Applies to: System administrators

USP: Once you have implemented it, learn to secure and manage the OpenAFS servers

Primary Link:

http://openafs.org 
Google keywords:

 openafs
Advertisment

Once you have created the groups according to your organizational structure, proceed to creating the users. From the 'Accounts Manager' window, go to the Users tab and click on Create. Here, on the 'Create Users' screen, type in the username and password and then click on Groups button first and then on 'Create users-Advanced'. Next click on Add. The groups you created above will be displayed. Select the group that you want to assign to this user and click on OK. 

Managing access control 



Administrators can set up access control polices on the OpenAFS shares. This is a simple task to do. Just go to the 'Control Server' machine and click on Start>Run and type in \\afs. This will open an Explorer window showing all the AFS shares. Note that you cannot set up ACL on the root shares, you will need to create subfolders within these shares to set up access control. 

Rebuild the AFS volumes/partitions using Salvage. The time taken for it depends on the amount of data in them
Advertisment

So, create a folder inside any of the shares you now see, and then right click on that folder. From the context menu, select AFS>Access Control list. On the screen that appears, check on the access control items on the left side as per your requirements. 

By default the Administrator has all the rights and 'everyone' has only 'read' and 'lookup' rights. If you want to set up access control for specific groups then click on the Add button. A new window will appear. Here in the Name textbox, type in the group name with the syntax 'system:GroupName' and then click on OK to save the settings. 

Server management



Managing OpenAFS is also not difficult, as you can create as many virtual volumes and partitions as you want. To manage OpenAFS, go to the 'Control Center Server' and open 'Server Manager' from Start>Programs>OpenAFS>Control Center. You will get a window showing the virtual AFS volumes. Here you can lock/unlock, synchronize, backup, edit server security and salvage the volumes. If you have used a Netware system, these operations are exactly the same.

Advertisment
Server-management options in OpenAFS

Lock/Unlock: Allows or disallows using that folder or file which is on the OpenAFS share till the option is changed again. Use it to remove access to files/folders, say, during backup or house-cleaning operations.

Synchronize: Syncs the offline files, files being accessed remotely and those that exist on the server. It is used to force changes made to be visible to all users.

Backup: Backs up the files and folders.

Edit server security: Allows you to view/modify the encryption keys for the AFS server. An encryption key is a string of octal numbers used to encrypt and decrypt packets of information. In the AFS, a server encryption key is the key used to provide security for information being transferred between the AFS server processes and their clients.

Salvaging volumes:

 Refer to the 'Disaster recovery' section for details.

Disaster recovery 



If one of the virtual AFS volumes get corrupted due to an improper shutdown, OpenAFS gives you the ability to re-build the entire volume, using its Salvage tool. To use this tool, open the 'Server Configuration' from the Start>Programs>OpenAFS> Server. Select the mounted AFS space (by default it's named as 'vicepd'). From the same window click on Salvage button, a warning window will appear, showing three salvaging options. Select 'Salvage all of the volumes on the selected partition' and then click on OK. If you want to Salvage all the volume from all AFS partitions then select 'Salvage volume on all the partitions'. This will re-build the corrupted AFS volume. This process takes sometime because it recollects the data from the Backup serverand re-builds the AFS volume. So if you have implemented openAFS, make sure you have configured the Backup server as well.

Sanjay Majumder

Advertisment