Group Workspace
The EECS department has its own area in the Andrew File System (AFS). This area is available over the network and allows for more advanced file permissions than the typical Unix permissions. You have probably used AFS already, for example when accessing kit files at /afs/eecs.umich.edu/kits from a linux machine.
Our group (WICS) has its own group workspace area located at /afs/eecs.umich.edu/wics. This is a good place to put things like project libraries or other shared resources. However, space is limited, so don't run things like huge sims from this area. Everyone in the group should have a personal folder with the "users" area. Additionally, the members of each project should have access to the appropriate folder in the "projects" area.
If you are having any issues with the group workspace contact one of the current group workspace administrators:
- David Moore (mooredav)
AFS Permissions and Commands
In AFS, every file or directory has an Access Control List (ACL) associated with it, which controls who can do what to that file/directory. The most important permission is a, which allows all other permissions to be changed. Be careful with it. The following is from wikipedia:
The following Access Control List permissions can be granted:
- Lookup (l)
- allows a user to list the contents of the AFS directory, examine the ACL associated with the directory and access subdirectories.
- Insert (i)
- allows a user to add new files or subdirectories to the directory.
- Delete (d)
- allows a user to remove files and subdirectories from the directory.
- Administer (a)
- allows a user to change the ACL for the directory. Users always have this right on their home directory, even if they accidentally remove themselves from the ACL.
Permissions that affect files and subdirectories include:
- Read (r)
- allows a user to look at the contents of files in a directory and list files in subdirectories. Files that are to be granted read access to any user, including the owner, need to have the standard UNIX "owner read" permission set.
- Write (w)
- allows a user to modify files in a directory. Files that are to be granted write access to any user, including the owner, need to have the standard UNIX "owner write" permission set.
- Lock (k)
- allows the processor to run programs that need to "flock" files in the directory.
Permissions can be assigned to either individual users or to groups. The administrators for the group workspace are members of the group wics. Additionally, groups can have subgroups within them, denoted with a colon. All students in our research group should be members of the subgroup wics:users. Users can also create their own subgroups with respect to their username. For example, if you wanted to use AFS to share files with your friends, you could create the subgroup youruniqname:friends, which only you would administer. In our group, we have a separate wics:____ subgroup for each project, in order to control who can write to the relevant project directory and avoid accidental deletion.
Commands
In order to view or edit AFS info, you need some basic commands. Here are the most relevant ones you'll use, along with examples.
- To display the ACL for a file, use:
[Prompt]$ fs la /afs/eecs.umich.edu/wics/users Access list for /afs/eecs.umich.edu/wics/users is Normal rights: wics:users rl wics rliwa system:administrators rlidwka jkbrown rl
- To change the ACL for a file, use:
[Prompt]$ fs sa -dir ./newdir -acl mooredav rlidwk [Prompt]$ fs la newdir Access list for newdir is Normal rights: wics:users rl wics rliwa system:administrators rlidwka jkbrown rl mooredav rlidwk
- To check group membership, use:
[Prompt]$ pts membership -c eecs.umich.edu -name wics Members of wics (id: -329) are: wentzlof jvanlav jkbrown mooredav
- See other commands at [1]. Note that you must modify the pts commands given there to use
-c eecs.umich.edu -name, because otherwise it will look for the groups in the umich.edu cell (NOT eecs.umich.edu), and fail to find them.
Old Workspace
There is another group workspace located at /net/oakland.eecs.umich.edu/z/workspace which is still used sometimes; however, it doesn't have the AFS permissions and tends to just get cluttered up, so it's not preferred. It can still be useful for quick transfers though.