Accessing the AFS Filespace

While you are logged in and authenticated, you can access files in AFS just as you do in the UNIX file system. The only difference is that you can access potentially many more files. Just as in the UNIX file system, you can only access those files for which you have permission. AFS uses access control lists (ACLs) to control access, as described in Protecting Your Directories and Files.

AFS Pathnames

AFS pathnames look very similar to UNIX file system names. The main difference is that every AFS pathname begins with the AFS root directory, which is called /afs by convention. Having /afs at the top of every AFS cell's filespace links together their filespaces into a global filespace.

Note for Windows users: Windows uses a backslash ( \ ) rather than a forward slash ( / ) to separate the elements in a pathname. Otherwise, your access to AFS filespace is much the same as for users working on UNIX machines.

The second element in AFS pathnames is generally a cell's name. For example, the Example Corporation cell is called example.com and the pathname of every file in its filespace begins with the string /afs/example.com. Some cells also create a directory at the second level with a shortened name (such as example for example.com or testcell for testcell.example.org), to reduce the amount of typing necessary. Your system administrator can tell you if your cell's filespace includes shortened names like this. The rest of the pathname depends on how the cell's administrators organized its filespace.

To access directories and files in AFS you must both specify the correct pathname and have the required permissions on the ACL that protects the directory and the files in it.

Example: Displaying the Contents of Another User's Directory

The user terry wants to look for a file belonging to another user, pat. He issues the ls command on the appropriate pathname.

   % ls /afs/example.com/usr/pat/public
   doc/                    directions/
   guide/                  jokes/
   library/

Accessing Foreign Cells

You can access files not only in your own cell, but in any AFS cell that you can reach via the network, regardless of geographical location. There are two additional requirements:

  • Your Cache Manager's list of foreign cells must include the cell you want to access. Only the local superuser root can edit the list of cells, but anyone can display it. See Determining Access to Foreign Cells.

  • The ACL on the directory that houses the file, and on every parent directory in the pathname, must grant you the necessary permissions. The simplest way for the directory's owner to extend permission to foreign users is to put an entry for the system:anyuser group on the ACL.

    The alternative is for the foreign cell's administrator to create an account for you, essentially making you a local user in the cell. The directory's owner creates an ACL entry for you as for any other local user. To authenticate in the foreign cell, issue the aklog command with the -cell argument.

For further discussion of directory and file protection, see Protecting Your Directories and Files.