Skip to main content

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

Differences Between AFS and Native UNIX/Macintosh/Windows File Systems

Most users will only notice small differences between AFS home directories and standard UNIX home directories, but there are differences some users will encounter on a daily basis. The table below highlights the major differences users are likely to notice when using AFS.

 

AFS

Standard UNIX

Home Directory Permissions

The top level of an AFS home directory may by publicly visible. Any user on any Dartmouth system with an AFS client may be able to see the names, but not the contents, of files in an AFS home directory.  Some unauthenticated system processes assume they have access to a home directory, and will not work if the directory is private.  AFS volumes used only for data storage may be completely private.

UNIX home directories, while traditionally readable by the world, can be protected.

Directory Path Names

AFS directory paths start with /afs/northstar. In general, most users find that directory path names are longer in an AFS filesystem than in a UNIX filesystem. Path names not starting with /afs refer to files on a local disk.  Shortcuts, aliases and mapped drive letters can be used to provide direct access to locations in AFS.

UNIX directory path names start with "/" and will not be as long as AFS directory path names.

Directory Access Lifetime

A user's ability to access an AFS directory ends after a set period of time. A valid AFS token is required to access AFS directories, and tokens expire. Token expiration creates situations where a user can be logged into a machine, but is unable to access any of their files. The remedy is to use klog to get a new token. A token's lifetime is normally 25 hours, but can be extended to 30 days for users who need to run long jobs.

There is no time limit on a users ability to access a directory or file.

File Sharing (File Access Control)

File sharing is handled by controlling access to a directory using access control lists. All files in a particular directory share the same directory permissions. Access control lists allow users more control than standard UNIX permissions and allow files to be shared with individual users. In a directory, the file owner permission bits are used to control access to the file for all users who have access to the directory.

File sharing is handled by controlling access to each file. Files can only be shared with members of a single "group" or with all users (world) on a computer.

Default Permissions for New Files and Directories

A new AFS directory inherits its AFS permissions from its parent directory. The user's "umask" (file mode creation mask) is still used for file creation, however, only the "owner" UNIX permissions bits apply to AFS files. The "group" and "world" umask bits are not relevant for AFS files.

New UNIX files and directories are created using the current "umask."

Last Updated: 4/2/11