FAQ
Hardware & Procedures
1. Which machines can I use?
Several UNIX machines are available as the department's general use compute servers.
The Elements Cluster
For linux, please connect to
elements.cs.pitt.edu.
This will connect you to to one of the multi-processor servers
in the elements cluster. The machines in the cluster are:
Hostname | Processors | Memory | Architecture | OS Rev | Kernel |
---|---|---|---|---|---|
aluminum | Dual Quad-Core 2.33GHz Xeons | 16GB RAM | 64-bit Linux | CentOS 6.10 | 2.6 |
selenium | Dual Quad-Core 2.33GHz Xeons | 16GB RAM | 64-bit Linux | CentOS 6.10 | 2.6 |
hydrogen | Dual Dual-Core 3.6GHz Xeons | 12GB RAM | 64-bit Linux | CentOS 7.6 | 3.10 |
oxygen | Dual Dual-Core 3.6GHz Xeons | 12GB RAM | 64-bit Linux | CentOS 7.6 | 3.10 |
nitrogen | Dual Dual-Core 3.6GHz Xeons | 12GB RAM | 64-bit Linux | CentOS 7.6 | 3.10 |
rhenium | Dual Hyper-Threaded Quad-Core 2.93GHz Xeons | 96GB RAM | 64-bit Linux | CentOS 7.6 | 3.10 |
nickel | Dual Hyper-Threaded Six-Core 3.33GHz Xeons | 96GB RAM | 64-bit Linux | CentOS 7.6 | 3.10 |
neodymium | Dual Hyper-Threaded Six-Core 3.33GHz Xeons | 96GB RAM | 64-bit Linux | CentOS 7.6 | 3.10 |
neptunium | Dual Hyper-Threaded Six-Core 3.33GHz Xeons | 96GB RAM | 64-bit Linux | CentOS 7.7 | 3.10 |
germanium | Dual Hyper-Threaded Eight-Core 2.3GHz Xeons | 128GB RAM | 64-bit Linux | CentOS 6.9 | 2.6 |
2. How do I connect to the CS UNIX servers?
You can connect to the servers using "putty", an SSH client program that has been installed on the departmental Windows machines, or by using ssh from another UNIX machine. For security reasons, the department does not accept telnet connections to our servers.
If you are trying to log into the console of a UNIX workstation, press return once or twice to clear the screensaver. Enter your username and password at the prompts; most workstations in the department are running the X Display Manager interface (XDM).
3. Which printers can I use?
The printers listed below are available
to be used appropriately (see next question) by all faculty, staff, and
graduate students in the department. The printers and their locations are:
ps
SENSQ 5414, 5th floor Mail Room
ps2
SENSQ 6146, 6th floor Mail Room
color-ps (color printer for faculty and staff)
SENSQ 6146, 6th floor Mail Room
cps5414 (color printer for faculty and staff)
SENSQ 5414, 5th floor Mail Room
nbpr (color printer)
BELPB 531, 130 N. Bellefield
Some faculty also provide printers for their students to use. The use of these printers is restricted.
4. What is appropriate use of the printers?
The printers should be used only for class work, departmental business, and supervised research. The printers are not for personal business.
5. How do I send files to the printers?
For general printing of text and PostScript files there is the standard UNIX lpr command and there is the Adobe enscript command.
The lpr command will print both text and PostScript files with limited
formatting and control options. You must specify which printer to send your
output to. The syntax is: lpr -Pprinter filename
where printer is the name of the printer to send your output
and filename is the name of the file you would like to print.
The enscript command, on the other hand, converts text files to POSTSCRIPT language format for printing. It will perform the conversion according to the command line options specified (see the man page) and spool the file for printing in one operation. Here again, you must use the -P option to specify the printer you want to use. Enscript has many options including page numbers, page headings, two column output, landscape mode printing, and more. See the man page for more information.
If the -P option is not specified, both commands will look to the PRINTER environment variable set for your shell and try to send the output to this printer. The command 'printenv PRINTER' will display the value for this variable. The command 'export PRINTER=ps2' will set the value of this variable to "ps2". The export command is typically set in the .bashrc.custom file located in each user's home directory.
Note that compressed files must be uncompressed before they can be printed. Photo image files may be printed only from a web browser or photo editing program. Printing a compressed file or a photo image file will jam the print spooler and hold up subsequent processing. If you suspect this has happened, send e-mail to the tech staff. Compressed files can be recognized by a .z, .Z, .gz, .zip, .gzip, .tar, .rar, or .bz2 suffix. Photo image files can be recognized by a .jpg, .gif, .tif, or .targa suffix.
To use the printers under Windows you must have the printers installed on your workstation. Send an e-mail to tech@sci.pitt.edu to request that a printer be installed on your workstation.
6. How do I send pdf files to the printers?
pdf files cannot be sent directly to the printer. As with compressed and photo image files, sending a pdf file directly to the printer will cause it to jam or otherwise waste paper and not print correctly. Instead open the file using Adobe Acrobat Reader (or other software capable of opening an Adobe Acrobat file) and print the file from within that. In UNIX, some commands for this are: acroread, evince, okular, and xpdf.
7. Where are the departmental photocopiers?
Photocopy machines are available in the Mail Rooms (5414 and 6146).
Please see Michele Thomas in room 6129 to get an authorization code to use the machines.
8. How can I access the wireless network in Sennott Square?
You may access Pitt IT's "WIRELESS-PITTNET" in Sennott Square.
For details about configuring your laptop for "WIRELESS-PITTNET" see:
https://www.technology.pitt.edu/help-desk/how-to-documents/pittnetwireless-configuring-wi-fi-devices
9. How can I get information about the video conferencing room in Sennott Square?
The Eli Lilly Conference Room in 6106 Sennott Square is equipped with a pair of LCD monitors connected to a PC with Skype, Skype-For-Business, and BlueJeans clients. A wireless mouse and keyboard are there to provide access.
10. What are the configurations of the public printers?
All public printers come configured with Tray 1 and Tray 2 containing 100 and 500 sheets respectively. Below are the additional configuration options for each printer.
Queue | Model | Tray 3 Sheets | Tray 4 Sheets | Tray 5 Sheets | Tray 6 Sheets | Memory | Duplexer Available |
---|---|---|---|---|---|---|---|
ps2 | Xerox Phaser 5550DT | 500 | 500 | 500 | 3500 | 2 GB | Yes |
color-ps | Xerox Phaser 6360DT | 500 | N/A | N/A | N/A | 768 MB | Yes |
ps | Xerox Phaser 5550DN | 500 | NA | N/A | N/A | 2 GB | Yes |
cps5414 | Lexmark C950 | N/A | N/A | N/A | N/A | 1 GB | Yes |
nbpr | Lexmark CS943de | N/A | N/A | N/A | N/A | 4 GB | Yes |
The printers are loaded with 8 1/2 inch by 11 inch size paper. This size is commonly known as LETTER size. We do not use A4 size paper which is common in Europe and China. When installing printer drivers you may need to change the default paper size from A4 to LETTER.
11. How do I configure my Windows 7 machine to print?
Adding printers in Windows 7 is done by going to START, Devices and Printers, Add a printer, Add a local printer (this is not intuitive, but Windows considers printers linked by LPR to be local and NOT networked), select "Create a new port", choose "LPR Port", click NEXT.
When printing via WIRELESS-PITTNET, you must activate the VPN in order to print. A new window will open and request 2 entries. The "Name of the server providing lpd" is always "printsrv.cs.pitt.edu". The "Name of the printer" will be the printer you wish to install, such as ps2, color-ps, ps6n, etc.
Windows now asks you to install a printer driver. Select the manufacturer of the printer from the left box and the printer model from the right box. You can determine this from the table above.
If you do not see the model of the printer listed, press the "Windows Update" button and Windows will find more drivers for you. Choose a postscript driver (the name usually ends in PS). Click "NEXT".
Windows now asks you to name the printer. Choose something like "queue-name-here via LPR". For example, for the ps2 queue, choose "PS2 via LPR". You may rename this printer at any time, so the name you choose is not critical. Click NEXT.
Windows next asks if you wish to share this printer. Choose "Do not share this printer". Click NEXT.
Windows now allows you to print a test page and decide if you wish to use this printer as your default. Make your selections and Click FINISH. Note that you may change your default printer at any time, so this choice is not set in stone!
Your printer is now installed. You may wish to enable features, such as duplex printing. Or you can start using it right away. If you wish to customize the printer settings, right click on the printer and select "Printer Properties" and/or "Printer Preferences". Each driver is unique, but inside "Printer Properties" you'll find a "Device Setting" tab that will allow you to enable "Installable options" such as duplex printing. Inside "Printing Preferences" you'll find a "Finishing" tab that will allow you to use "Duplex printing" as your default. You may find that you must first enable duplex printing inside "Printer Properies" before you can see it in "Printing Preferences". Again, each driver is unique so the tab names may vary.
If you have any questions or problems installing a print driver, or do not feel comfortable attempting this, just contact the tech staff via the ticket system. We will happily arrange an appointment to demonstrate to you how printers are installed and will setup the printers for you.
When printing via WIRELESS-PITTNET, you must activate the VPN in order to print.
12. How do I configure my Macintosh to print?
All printing is done using the LPR/LPD protocol to our print server, printsrv.cs.pitt.edu. This is not a website. Please follow the instructions below.
Determine the manufacturer and model number of the printer you wish to use and download the correct driver from the manufacturer's web site. When you install it, it may try to take you through a dialog to add a printer definition. You can try that, making sure to specify LPD printing over IP to printsrv.cs.pitt.edu using the name of the printer as the queue name. If it does not prompt you to add a printer definition, or if the definition doesn't work, then follow these steps:- Click on System Preferences->Print and Fax. If necessary, click on the padlock and enter your password to make changes.
- Click on the + sign to add a printer.
- Click on IP
- Set the Protocol to Line Printer Daemon - LPD
- Set the Address to printsrv.cs.pitt.edu
- Set the Queue to the name of the printer, e.g. ps2
- Set the Name to the name of the printer, e.g. ps2
- (optional) Set the location to the building and room number, e.g. 6146 SenSq
- Set the Print Using to "Select a driver to use..." or "Select Software" dependent on your operation system version.
- Choose the correct driver for the make and model printer you wish to use
- Click Add
You may be shown a screen asking for Installed Options. The table above lists the options for each public printer.
When printing via WIRELESS-PITTNET, you must activate the VPN in order to print.
13. How do I get help with thoth.cs.pitt.edu?
Software & Procedures
1. What software is in the CS Windows image?
All machines are running Windows 10 Enterprise 64-bit for their OS except for those in the 6110 classroom, which are still running Windows 8.1. The individual software packages are detailed below.
In all labs:
- Adobe Acrobat Reader DC
- Adobe AIR
- Adobe Flash Player
- Alice 3
- Aptana Studio
- FileZilla Client
- GIMP
- Git
- Google Chrome
- IIS
- Java 8
- Java SE Development Kit
- Malwarebytes
- Microsoft Office Pro Plus 2016
- Microsoft Onedrive
- Microsoft Silverlight
- Microsoft Visual Studio
- Mozilla Firefox
- NetBeans
- Notepad++
- OpenAFS Client
- PuTTY
- Python
- Symantec Endpoint Protection
- Wing
- Xming
In the 5505 lab, this package is also available:
- Dreamweaver CS4
In the 6110 lab, these packages are also available:
- Classic Shell
- CUDA Toolkit
- freeglut
- MARS
- NVIDIA Nsight
- SecureZIP
- VLC Media Player
- WinSCP
2. How do I create a Subversion repository for a code project?
1. How do I create an SVN repository?
2. How do I use an existing SVN repository?
0. What is SVN?
SVN is short for Subversion. It is a code repository management solution that is made to both save code persistently and support organized multi-user interaction with the codebase. A central version of the code is saved on a server, and each user has their own "checkout" of the code. Every time the server version is saved, the version number is increased. In the case of major bugs or mistakes, the code can always be reverted to a previous version.
For complete information via the free Subversion book, check out http://svnbook.red-bean.com/.
A very handy cheat card for svn commands can be found here.
1. How do I create an SVN repository?
To create an svn repository requires only 1 simple command line operation on a system that has svn installed. If you are creating this repository on the cs afs space, you will first need to ssh into the machine who's svn installation will be used. You may use any machine (on elements, pishon, blitz, etc), but you must always use the same machine to access the repository or you could corrupt the it. If you log into a set of machines like elements, be sure to find out which specific machine (e.g. arsenic) that you are on using the host command. The reason that this is important is that different machines may have different versions of svn installed and will access the repository in different ways. You will enforce using the same machine later, but when you are creating the repository just take note of the machine you are using. Lately we've been using antimony.
Once you are in the parent directory where you will create your repository, create the actual holding directory and then issue the following command from the parent directory:
svnadmin --fs-type=fsfs create your_svn_directory
The --fs-type=fsfs is very important when creating the repository on afs. This tells SVN to use the Fast Secure File System (FSFS) backend instead of Berkeley Data Base (BDB) because of the way BDB handles file locking.
Then go to your own local workspace, and checkout the svn repo (see item 2. How do I use an existing SVN repository? below). Add your own files and directories to the repo, commit etc.
Hints about setting up svn repos for manuscripts:
* Do not add .pdf, .dvi, .log etc files to the repo. Just the source files.
Otherwise we'll always get nasty conflicts as we check in a new version.
* Place figures in a separate figures/ directory
* Convert figures to .eps to avoid bounding boxes problems
* Split the manuscript into subparts. Label the subparts
chronologically, starting with 01. or so. This makes it easier to
avoid conflicts.
3. How do I use an existing SVN repository?
We will never access the repository directly, but will interact through our own checkouts. We will access the repository using svn+ssh. This method uses the security built in to our cs machines and afs.
To get a checkout,
1. Create a file on your machine that will hold the checkout of the repository.
2. From just inside of that directory, use this command:
svn checkout svn+ssh:// your_cs_username @ machine_name (eg. arsenic.cs.pitt.edu) directory_of_repository (eg. /afs/cs.pitt.edu/public/projects/gfx3/...)
inserting the appropriate directory/machine name/directory.E.g.:
svn checkout svn+ssh://als152@arsenic.cs.pitt.edu/afs/cs.pitt.edu/projects/vis/visweb/webtest/astro_cs1699/gigi/
If command-line is not your style, then keep in mind that for Windows clients the program TortoiseSvn is available, which integrates the subversion functionality into the Internet Explorer (actually, looking at the page, this might work pretty nicely with OSX and Linux too).
You will be asked for your password twice.
The repository is available from anywhere, but again it is important to check it out from the machine that it was originally created on. This is so that there is only 1 instance of the svn server software accessing the repository files at one time. The server location is stored once the checkout is acquired, so you only have to specify it at this step and it will be automatic after that point.
Now you should have the contents of the repository in your local directory. You interact with the checkout as you would any directory structure on your system. These changes will not effect what is on the repository server until you use special svn commands:
svn add &lang file or directory &rang - This adds file or directory to the subversion management system.
svn delete &lang file or directory &rang - This removes the file or directory from the subversion management system *and also deletes it from your filesystem*.
svn commit -m "&lang message &rang" - This finalization step uploads the changes to the server. So you will add files, and then commit to send them to the server. The -m "&lang message &rang" adds a description to your upload. It's best if you create a detailed description for every commit.
To get all of the uploads that other users have committed to the repository, use
svn update - Gets all changes from the server and applies them to your local checkout.
Commit and update actions will require you to enter your password again. Each commit results in creating a new revision with a unique id.
You can revert back to any previous revision if need be using the svn revert command.
If multiple people end up editing the same file, you will encounter a "collision". If you do have to edit a lot of the same code as other team members, then you can "branch" the codebase so you each have your own copies of the whole system that you "merge" later.
For more details, check out the free svn book or, of course, Google.
3. How do I use Pitt IT's VPN to access computing resources in the department?
If you are trying to connect to Computer Science resources (e.g. the Elements cluster, departmental printers) from WIRELESS-PITTNET or from off-campus, you must use Pitt IT's Virtual Private Network (VPN). Here are Pitt IT's instructions for setting up the Global Protect VPN:
- Setting up on Mac and Windows Systems: https://services.pitt.edu/TDClient/33/Portal/KB/ArticleDet?ID=293
4. How do I change my password?
Go to My Pitt, click on Profile, then click on Manage Your Account, then click on the Login & Security tab and chose CHANGE PASSWORD
Note: Please see the password complexity requirements in the next FAQ item below or go here.
5. What are the password requirements?
- Your new password must be eight to 14 characters long.
- Passwords should never be shared with another individual.
- Your new password should consist of some combination of letters and numbers and must also contain at least one special character (for example, +, @, #, or $).
- The following characters can NOT be used: _ . ` , < > & !
- Passwords that contain only letters and dictionary words are easier for someone to guess or for computer programs to decipher.
- Do not use your name, your username, or a portion of these as your password.
- You cannot reuse the same password within a year, and you cannot reuse any of your previous six passwords.
- For additional password information, visit technology.pitt.edu.
6. Why can't my directory under public/html be seen?
options +Indexes
7. How do I check my e-mail?
8. How do I read my e-mail from home?
9. What is the URL for my home page?
Setting your web browser to the URL: 'http://www.cs.pitt.edu/~username'; will display the file ${HOME}/public/html/index.html, if it exists. Web content served through www.cs.pitt.edu (or people.cs.pitt.edu) is limited to static content only.
Dynamic content may be viewed on http://intranet.cs.pitt.edu/~username but access to that site is restricted to Pitt's network only. In this case, the index file may be named any one of these: index.shtml index.cgi index.php index.phtml.
10. What kinds of programs are there on the CS machines?
Some directories worth mentioning are:
The files under the /usr/local/contrib directory are installed and maintained by faculty and students and are not supported by the department. If you would like to see a package installed in this directory, first clear it with the tech staff by sending e-mail to tech@sci.pitt.edu. If approved, you will be asked to build the package for all department architectures; not just the one you usually use./usr/local/bin - contains host dependent software not part of
standard UNIX and may vary from machine to machine
/usr/local/X11/bin - contains host dependent X11 software
/usr/local/contrib - contains user contributed & maintained software
11. What information is available online?
General information about both the University and the Computer Science Department can be found in their respective home pages (http://www.pitt.edu and http://www.cs.pitt.edu).
12. How do I logout?
Logging out depends on the UNIX shell (command line parser) and/or the windowing system (if logged in at a UNIX workstation) you are using.
By default, typing Control-D will exit any of the UNIX shells. In this case, Control-D indicates the end of file; here the end of the standard input (stdin) stream. Be careful when using programs that use Control-D to terminate; typing one too many Control-Ds may actually log you out of the system prematurely. Most UNIX shells allow this feature to be disabled by setting a shell variable called "ignoreeof". When set, the user must type exit or logout, depending on the shell, to either leave the current shell or logout of the machine completely.
The following table summarizes the different shells and their various means of termination:
ignoreeof variable logout command exit command sh no no yes ksh yes no yes csh/tcsh yes only for login shell only for subshell bash yes only for login shell yes
13. What do I do if I suspect I am having a hardware or software problem?
Mail sent to tech@sci.pitt.edu is entered
into the tech queue of the Department's ticket system and is read by the technical
support staff. In most cases, we can respond to your request rather quickly,
however some requests will take longer. Please be patient.
14. How do I set up my UNIX account to use LaTeX?
For the majority of users, this is all that will be necessary. The file latex.env will add to your UNIX shell environment all of the necessary paths and environment variable defaults upon logging in. You may execute this command manually as well in order to avoid logging out, then back in for the first-time user.source /usr/local/etc/latex.env
Users can make additional modifications to the variables set in this file if necessary.
NOTES:
Note that if you are using the department standard cshrc script you need not do anything. This shell script executes latex.env for you. Customizations to your latex environment may be made in your .cshrc.custom file.
15. How do I set up my UNIX account to run other software in the Department?
Edit your .login file to look like this:
Edit your .cshrc or .tcshrc file to look like this:source /usr/local/etc/login
You can customize your environment as you wish by editing your .cshrc.custom file.source /usr/local/etc/cshrc
16. How do I set up my Windows machine at home to be able to access AFS files?
Please follow the instructions found on our SSO page and return here after you finish installing AFS.
Login and authenticate to AFS.
It is now time to map an AFS drive to a drive letter. You do this via the "MAP NETWORK DRIVE" menu by right clicking on "MY COMPUTER" (or "COMPUTER" depending upon your version of Windows). The general syntax is \\afs\cs.pitt.edu where "afs" is the "server" and the "cs.pitt.edu" path is the "share".
To map to a specific afs path, just enter the path after the share "cs.pitt.edu". For example, to map to the files of username "maestro" the syntax would be \\afs\cs.pitt.edu\usr0\maestro
Another important mapping you may want to create is the "all" mapping. This maps the AFS root cell to a drive-letter of your choosing. This will allow you to read and share files in world-wide AFS cells including the cs.pitt.edu cell.
This is accomplished using the syntax \\afs\all
The standard drive mappings that we use on the departmental Windows machines are:
- M: - the currently logged on user's home directory
- N: - the AFS root cell
17. How do I verify if the message I got about a virus is true or not?
18. Why do I sometimes get 2 requests for passwords when logging into Linux?
PAM is the Pluggable Authentication Module. It is supported on most of our architectures, such as Solaris and Linux. You can look at the The Linux PAM web page.
19. How can I look and edit MS Office (Word, Excel, etc) files in the UNIX machines?
20. How can I add to my $PATH variable?
export PATH=${PATH}:<path-to-be-added>
21. How can I install programs (for everyone to use and not using my own disk quota) in the UNIX machines?
- Send a request to tech@sci.pitt.edu and request to be added to the contributor's list. Be sure to specify what you want to install in this e-mail!
- Download the software into the contrib directory, untar, etc.
- Install the software for as many platforms as possible. Here is a list of the platforms we currently support:
- The install procedure is as follows:
- any of the Elements machines for CentOS Linux (see the chart at the top of this page for the different CentOS variants)
- blitz.cs.pitt.edu for Solaris 9
- hydra.cs.pitt.edu for Solaris 10
- There is a directory under /usr/local/contrib that you add the software to. Unzip the software and add the sources to /usr/local/contrib/XXX/src and add the binaries to /usr/local/contrib/bin (NOTE: No XXX in the bin directory, it is pure /usr/local/contrib/bin).
- Write a documentation or README file that will reside in the /usr/local/contrib/XXX directory. This should include the paths and the variables that the software requires. If the usage is complicated, a script should be created to facilitate using the program.
- Install the man pages in /usr/local/contrib/man.
Thanks again for volunteering! We truly appreciate it! Also, let tech know if you have any problems.
22. How do I create a symbolic link in UNIX?
See the manual page for ln(1) for more information.ln -s <path-to-original-location> <path-to-link-destination>
23. How to have email forwarded to another address?
Suppose you want your email forwarded to other_address@wherever.com.
Log on to https://my.pitt.edu, click on Profile, then click on Manage Your Account, then click on the EMAIL & MESSAGING tab, then click on the Forwarding tab, fill out the forwarding address, then click Save Forwarding.
24. As an Instructor, I want to limit the network access during the classes I teach. What can I do?
25. How can I use Ruby on Rails?
26. Pitt IT's Faculty Computing Program
Teaching faculty can get software such as Acrobat Pro, Photoshop, MS Office, Visual Studio, Matlab, etc. for FREE! However, there is a catch: to use this software you must have a University IP address.
This specially-modified software requires a communication with a license server every time it is run and therefore direct connection to PITTNET, either by being physically at the University's network or by connecting through a VPN. There is also the possibility that all the licenses for a software product might be in use and therefore users will have to wait their turn to use the software.
In short, using this software on your office computer should be easy to do. Using it outside of the University will be more difficult and, in some cases, impossible.
You can learn more about this program at and the packages offered at: https://technology.pitt.edu/software/faculty-computing-program/access.html
Note that all full-time faculty in the department have already been approved for this program by the department chair.
To download the software please visit http://software.pitt.edu.
27. What is my e-mail official address?
Disks & Files
1. How often are my files backed up?
If you discover the error the same day (i.e. before the next nightly backup is done), you can quickly recover the file yourself. Each night, a copy of all files within your AFS volume is backed up to a separate volume pointed to by the symbolic link called "Backup" in your home directory. You may use the UNIX command "cd" to get to this volume and its subdirectories which is a mirror of your home directory for the previous day.
Once you locate the file in question, use the UNIX "cp" command to copy this file to the appropriate spot in your home directory. See the "cp" man page for the system that you are logged onto; there are slight variations between UNIX platforms.
It is faster to recover files yourself from the ${HOME}/Backup directory whenever possible since it does not involve the staff loading tapes when time permits.
2. What do I do if I need more disk space?
The AFS command "fs lq" will tell you your disk quota (in 1-Kbyte blocks), how many of those blocks are currently used, the percentage used, and the percentage of space used on the disk partition that you share with other users. Note that this command will tell you this information about the AFS volume that your current working directory resides in. If your username does not appear in the volume name listed with this command just "cd" to your home directory.
The UNIX command "du" will give you a block count and an idea of how much space is being used by a individual directories and files. See the man page for this command for the particular workstation you are on.
3. How are my files set up?
When you log into a UNIX machine, your current working directory is set to your home directory. Your home directory and all files and subdirectories are stored in what is called an AFS volume (or simply volume) which can be displayed by the AFS command "fs lq".
A user's home directory is initially set up with two subdirectories called "public", and "private", and a symbolic link to a backup directory called "Backup". The AFS access rights for each of these files is appropriately set and should not be changed. The public directory is world readable and is intended for sharing files with others and holding the user's World Wide Web home pages. The private directory is intended for personal files that a user wishes to protect from world-wide and local users.
A user's home directory can usually be referenced in UNIX shell commands by the syntax "${HOME}" or "~", the tilde character; the former syntax is the preferred method when referencing the home directory from shell scripts.
Access to particular files within a user's home directory is controlled by AFS access rights. The usual UNIX mode settings controlled via the UNIX command "chmod" are meaningless when the file or directory is located within an AFS volume.
4. How do I control access to my AFS files?
An ACL has two parts: a user or group name and the access control rights. The user/group name and the "rights" are separated by a space. The seven access rights are indicated by letters or, alternatively, one of four "shorthand" words used to represent more frequently used subsets of these rights:
Access Control Rights Shorthand Notationr: read d: delete read = rll: lookup w: write write = rlidwki: insert k: lock all = rlidwkaa: administer none = removes entry
The AFS command used to set and modify ACLs is the "fs" command. Limited help is available on the man page for this command. A synopsis of these commands may be displayed by typing "fs -help", "fs listacl -help", and "fs setacl -help".
EXAMPLES:
- List ACL for current working directory:
fs listacl- List ACL for the directory dir:
fs listacl dir- Give user john all rights to dir:
fs setacl dir john all- Revoke all rights to group system:anyuser (The following command should be used when creating a new mail directory.):
fs setacl Mail system:anyuser none- Provide user john with write access and user jane with read access to all files in the current working directory:
fs setacl . john write jane read (or fs setacl . john rlidwk jane rl)
5. How do I set recursive permissions in AFS?
If you want to give user foo, permissions baa recursively,
the way to do it is:
find . -type d -exec fs sa -dir \{\} -acl foo baa \;
6. When I do an "ls -l" on the '/afs' directory, my terminal hangs. Why?
The information that you request with the -l or -F option when invoking
the ls command is actually kept at these remote locations. These
specific options will cause AFS processes to contact remote AFS processes
to gather statistics about the relevant directory entries. Depending on
the number of locations contacted, their distance from the local cell (in
this case, cs.pitt.edu) and the random occurrence of network failures, it
can take a very long time to complete the commands: ls -l /afs
or ls -F /afs
.
If you have inadvertantly, or otherwise, executed these commmands on remote /afs entries, you can check which ls command you are using by the commmand "which ls" at a later time - you may have it aliased to one of these.
To try and abort this command is at times difficult. You can try typing ^c (control-c) to interrupt this command or, if this does not seem to work, try typing ^z to suspend this command. If this works, your prompt will come back and you will be able to type the jobs command to see the suspended job. Then type "bg" to run this command in the background, followed by "kill %" to interrupt the most recent job put in the background. This may take a moment or longer; kill will send a terminate signal to the ls process which may be too busy at the moment to catch this signal and respond right away.
If you really want to use these forms of the ls command on remote AFS sites, it is usually less frustrating to limit your inquiries to one or a few cells.
7. How do I access other AFS cells?
If you are currently authenticated with your Pitt account, you can gain full access rights to your Pitt IT AFS files just by issuing the "aklog" command.
aklog -cell pitt.edu
You may also authenticate to another AFS cell outside of Pitt by obtaining a Kerberos 5 token for that realm and then getting an AFS token from that. Example:
kinit USERNAME@SOME.OTHER.EDU Password for USERNAME@SOME.OTHER.EDU: aklog -cell some.other.edu
NOTES. The AFS command "tokens", will tell you what cells you are currently authenticated for. The AFS command "unlog -cell pitt.edu" will discard the token for access to the specified cell; be careful... not specifying a cell will discard all tokens including access rights to your home directories. If this happens just aklog again with no parameters; your current login cell is used by default.
8. I frequently have problems accessing files after I have been logged in for a long time. Why?
When logging into any Computer Science Department machine, you are authenticated (i.e. verified) as a user in Pitt's Active Directory domain, UNIV.PITT.EDU. The authentication process associates a Kerberos 5 token and an AFS token with your login process. The tokens you receive at each login are good for a period of 25 hours. If you are logged in for more than this time, your tokens automatically expire and you will not be able to access files in your home directories that are not publicly readable/writeable. To get new tokens, issue the command "kinit", which will prompt you for your password and reauthenticate you to the Active Directory Kerberos 5 domain. Next, issue the command "aklog" to obtain a new AFS token based on your Kerberos 5 token.
If your Kerberos 5 token has not yet expired and its maximum renewal period has not expired, you may type "krenew;aklog" to renew that token and reissue your AFS token.
9. How do I clean up my account to get more space (core files specifically)?
find ~ -name core -exec /bin/rm {} \;
10. What is my e-mail return address?
11. I have a long-running process. How can I maintain access to my AFS files?
Long-running processes that need access to AFS files must use this mechanism to keep their AFS token active. In the example below, replace 'username' with your user name.
- Create a keytab file containing your Pitt password in encrypted format. Do this once at the beginning and again each time after you change your password:
$ cd ~/private $ rm -f username.keytab $ ktutil ktutil: addent -password -p USERNAME@UNIV.PITT.EDU -k 1 -e aes256-cts Password for USERNAME@UNIV.PITT.EDU: [enter your Pitt password] ktutil: wkt username.keytab ktutil: quit $
IMPORTANT NOTE: Your username in the command above MUST be in all UPPER-CASE. Failure to do this will result in a keytab that does not work.
Please keep this keytab file in a secure place. Anyone who gets a copy of your keytab file can authenticate themselves as you.
- Then, each time you need to have a long-running process, copy your keytab file to /var/tmp and protect it so that only you can read it:
$ cp ~/private/username.keytab /var/tmp $ chmod 400 /var/tmp/username.keytab
- Start up a new Process Authentication Group (PAG), then within that, run the k5start daemon process that renews your tickets periodically, then run the 'screen' process manager:
For bash:
$ pagsh $ export AKLOG=/usr/bin/aklog $ k5start -b -t -K 600 -p /var/tmp/username.pid -f /var/tmp/username.keytab USERNAME@UNIV.PITT.EDU $ screen [...]
For tcsh:
% pagsh % setenv AKLOG /usr/bin/aklog % k5start -b -t -K 600 -p /var/tmp/username.pid -f /var/tmp/username.keytab USERNAME@UNIV.PITT.EDU % screen [...]
IMPORTANT NOTE: Your username in the commands above MUST be in all UPPER-CASE, otherwise the authentication will fail.
- Once your project is done, exit screen and kill the k5start process and remove your keytab from /var/tmp:
$ kill `cat /var/tmp/username.pid` $ rm /var/tmp/username.keytab /var/tmp/username.pid
Other Important Topics
1. What do I do if the pipes are leaking, the elevator doesn't work, my room is too hot or too cold?
2. My Pitt ID will not open the doors!
3. I need access to the copy machine!
4. I need to borrow a projector, a laptop or the conference phone!