What kinds of things would you want in the GNU OS?

John F Carr jfc at athena.mit.edu
Tue Jun 6 18:04:43 AEST 1989 

In article <3306 at cps3xx.UUCP> rang at cpswh.cps.msu.edu (Anton Rang) writes:

>Just out of curiousity, is anyone out there using the Andrew system
>(AFS)?  I've been told that the machines hooked up to it have a truly
>transparent file system (i.e. a friend of mine at Univ. of Mich. can
>get at files on CMU's systems without knowing which campus they're
>on).  True?  If so, I'd think this would be much preferable to all the
>"remote mount" junk....
>  For security...something along the lines of Kerberos would be great.

We use AFS+Kerberos at project Athena.  It's now in the almost releasable
state.  There are some changes that need to be made before we can use it
for normal file service.  It should be said that AFS is not a replacement
for NFS.

Ways in which AFS wins:

	Performance: it keeps a local cache of recently accessed files
		(this cache is not destroyed by reboot), so performance
		is much better.

	Transparency: there is no need to explicitly mount a filesystem.
		Directories can be moved around without the owner knowing
		or caring (important for load-balancing).  I can tell anyone
		to look at athena.mit.edu/mit/jfc/README.afs in his afs
		filesystem, and he will be able to get to it from anywhere
		with a net connection.

	Quota: quota control is per-directory instead of per-filesystem
		(this is an important requirement in our environment,
		since per-user quota doesn't "do the right thing" on
		group-writeable directories).

	Access control: Access control lists per directory, updates are
		instantaneous.  (At Athena the group lists on NFS servers
		are updated no more than daily.)

Ways in which AFS loses:

	Access control: There are per-directory acls, but no way (yet) to
		set permission on an individual file.

	Filesystem format:  You can't export a UNIX filesystem via AFS.
		There isn't any good way to get at AFS files on the same
		machine, except through AFS (which means sending them
		over the network, back to your disk [now in your AFS cache],
		and then reading them).

	Ease of setup:  With our Kerberos authenticated NFS, untrusted
		servers are possible (since each NFS server uses a different
		key to authenticate requests, breaking into one server does
		nothing for the others).  With AFS, all servers share a key
		(so root access to a server is equivalent to root access to
		files on other local servers).  This means you can't add a
		random machine to AFS while maintaining security.

Some of the problems will be fixed over time.  For most of our file service
needs, AFS wins big over NFS.  NFS won't go away, because it is more widely
used (measured by number of sites and number of machine/OS types) and because
it works with a UNIX filesystem, but it will get a lot less use in the future.

    --John Carr (jfc at athena.mit.edu)

More information about the Comp.unix.wizards mailing list