Tag Archives: acl

Introduction to AFS

AFS, or the Andrew File system, is a secure, distributed filesystem that is used widely in the academic community and, particularly here, at CMU. It has many benefits, including:

  • Access to files from any machine that has access to AFS, no matter where those files were created nor where they are stored.
  • Fine-grained access controls for directories that are stored within AFS.
  • A single, global namespace.
  • For most ordinary purposes, the AFS filesystem on your machines can be accessed and treated in exactly the same way as you treat your local filesystems.

These features result in massive convenience and flexibility in usage patterns for services, infrastructure, and individual users, on MS Windows and Unix/Linux platforms. In particular, a user can access files from any machine that can mount an AFS filesystem and is connected to the internet, and they can access their own secured files if they are authenticated to ECE’s kerberos realm*.

Our AFS Cell is named ece.cmu.edu. You should be able to access /afs/ece.cmu.edu/ from any machine that has a properly installed AFS client, either on our campus machines or your own personal devices.  On ECE campus machines /afs/ece.cmu.edu/ is shortened to /afs/ece/, however either prefix works.

Links from your home directory to your ECE and Andrew AFS space

Some people like to have easy links from their home directory to their ECE or Andrew AFS space. Clearly, if your home directory on a particular machine is in AFS itself, one of these links will not be necessary.

cd /home/<username>
ln -s /afs/ece.cmu.edu/usr/<username> ece
ln -s /afs/andrew.cmu.edu/usr20/<username> andrew


AFS space is allocated in volumes, which can be thought of as disk drives or disk partitions. The storage capacity of a volume is referred to as its quota. AFS quotas are measured in kilobytes, and the typical default allocation for a user’s AFS volume is 1GB, or 1000000KB. Additional quota for a volume can be requested by sending a message to help@ece.cmu.edu.

To determine the current quota usage of a volume use the fs command.

$ fs lq /afs/ece/usr/maint
Volume Name                   Quota      Used %Used   Partition
user.maint                      250000    98324    39%         15%

In the above example the volume user.maint has a quota allocation of 250MB and is currently using 98MB, or about 39% of that allocation. The Partition column refers to the partition on the AFS file server where the volume is stored.

In general AFS quotas are not limited to a particular size, but are allocated to customers as they need additional space for research or class projects. Depending on the amount of quota required Computing Facilities may meet with the customer(s) to discuss an effective way to structure their volumes to allow them to be productive while maintaining the ability to manage the various servers.

Running out of Quota

If you are getting error messages similar to “Can’t write file to home directory,” you may be exceeding your current allocation. If the output of the fs command is similar to this

$ fs lq /afs/ece/usr/maint
Volume Name      Quota      Used %Used   Partition
user.maint        100000    98324    98%<<      15%    <<WARNING

If the %Used value is very high, then you might want to clean out some files. Alternatively, you may want to request an increase your AFS quota by sending mail to help@ece.cmu.edu. Please note, the OldFiles directory is not included as part of the used quota allocation and you cannot remove files from that directory.

If %Used is less than 90%, and you’ve been logged on for a long time, type klist to see if your kerberos tickets have expired. If they have, just type kauth, and enter your password. This will get you new tickets, and you should be able to write to your home directory again.

Temporary and/or shared storage

AFS is not suitable for the occasional,manual transfers of either large, or many, files or directories between two machines on both of which you have an account. Rather, it makes more sense to use scp or tarcopy over ssh instead. This is because if you move the data to your afs space it is transferred (admittedly transparently by the kernel module, but it still takes time and flushes your afs cache) to the afs server and then pulled by the destination machine. If you use scp or tarcopy over ssh (or even rsync over ssh if it is to happen on a regular basis), the data instead goes directly to the destination machine.

However, AFS is very suitable for making data available to multiple users and/or machines from a shared location. You can use ACLs to obtain necessary privacy. For example, if you want to share experimental results or a code repository between multiple members of a research group, AFS space would be very suitable.


The OldFiles subdirectory is a nightly-updated snapshot of your home directory and its subdirectories. If you accidentally delete something important, rather than hunt down an administrator and get the backup restored, you can just copy it out of the OldFiles tree.

Restoring from OldFiles

Note that you can’t get rid of the OldFiles directory. Even if you could, you probably wouldn’t want to, as it wouldn’t get you any more AFS space, and you would lose the handy-dandy “Oh my god I need that file back RIGHT NOW” ability.

Keeping tickets and tokens around with krenew

Posted in Accounts, Data Storage, Services, Software Tagged , , , , , , , , , ,