Storing System Binaries in AFS

You can also choose to store other system binaries in AFS volumes, such as the standard UNIX programs conventionally located in local disk directories such as /etc, /bin, and /lib. Storing such binaries in an AFS volume not only frees local disk space, but makes it easier to update binaries on all client machines.

The following is a suggested scheme for storing system binaries in AFS. It does not include instructions, but you can use the instructions in Storing AFS Binaries in AFS (which are for AFS-specific binaries) as a template.

Some files must remain on the local disk for use when AFS is inaccessible (during bootup and file server or network outages). The required binaries include the following:

In most cases, it is more secure to enable only locally authenticated users to access system binaries, by granting the l (lookup) and r (read) permissions to the system:authuser group on the ACLs of directories that contain the binaries. If users need to access a binary while unauthenticated, however, the ACL on its directory must grant those permissions to the system:anyuser group.

The following chart summarizes the suggested volume and mount point names for storing system binaries. It uses a separate volume for each directory. You already created a volume called sysname for this machine's system type when you followed the instructions in Storing AFS Binaries in AFS.

You can name volumes in any way you wish, and mount them at other locations than those suggested here. However, this scheme has several advantages:

Volume NameMount Point
sysname/afs/cellname/sysname
sysname.bin/afs/cellname/sysname/bin
sysname.etc/afs/cellname/sysname/etc
sysname.usr/afs/cellname/sysname/usr
sysname.usr.afsws/afs/cellname/sysname/usr/afsws
sysname.usr.bin/afs/cellname/sysname/usr/bin
sysname.usr.etc/afs/cellname/sysname/usr/etc
sysname.usr.inc/afs/cellname/sysname/usr/include
sysname.usr.lib/afs/cellname/sysname/usr/lib
sysname.usr.loc/afs/cellname/sysname/usr/local
sysname.usr.man/afs/cellname/sysname/usr/man
sysname.usr.sys/afs/cellname/sysname/usr/sys