File Storage FAQ

Skip to end of metadata
Go to start of metadata

File Storage FAQ

DCShome is the file service of the Department of Computer Science that provides home directory file space for all faculty, staff, students, and designated people associated with the Department of Computer Science.

General Information

Who can use DCShome?

All Computer Science faculty, staff, and students are given accounts on DCShome. Additionally, visitors, collaborators, and designated department guests may be given an account on DCShome. Authentication to DCShome is done via the campus Active Directory. You can find out more about the campus Active Directory at this URL: http://www.ad.uiuc.edu/.

When is DCShome available?

DCShome is intended to be available 24 hours a day, 7 days a week. For graduating students, DCShome accounts will be available for approximately three months after graduation. Students who change majors or leave the University before graduation will have access to DCShome until their Campus Active Directory account is disabled or the start of the next semester, whichever comes first. For all others who are no longer affiliated with the Department of Computer Science, DCShome accounts will be suspended two weeks after affiliation ends unless other arrangements are made with TSG.

What does DCShome run on?

DCShome is comprised of two Hewlett-Packard BL460c Blades devices running Solaris 10, which are configured as a Sun Solaris cluster. Both nodes are attached via two Fibre Channel host bus adapters to a Hewlett-Packard Enterprise Virtual Array 5000 storage array.

How can DCShome be accessed?

DCSHome can be accessed from the following clients and network protocols:

  • Any computer connected to UIUCnet (including computers connected through VPN) using Server Message Block (SMB) or Common Internet File System (CIFS) protocols
  • NFS accessibility is available via CSIL and sal clients.

Is DCShome secure?

DCShome data is secured to the individual account in the campus Active Directory to whom the account is assigned. The file system for DCShome home directories is Sun's ZFS and has permissions defined in Access Control Lists (ACLs) so that the only person who can read and write files in each individual home directory is the owner of the home directory. Every home directory contains a public_html subdirectory that is readable by a web service account, to permit the hosting of home pages from the Department of Computer Science web server (www.cs.illinois.edu).

How do I report a problem with DCShome or make suggestions about the DCShome service?

Please either email userhelp@cs.illinois.edu or use the TSG ticket system.

Quotas

What is the quota for DCShome accounts?

Designation Quota DCShome path
CS Faculty 5.0 GB \\dcshome.cs.illinois.edu\netid or /home/cs/netid
CS Staff 5.0 GB \\dcshome.cs.illinois.edu\netid or /home/cs/netid

All Students home directories are now stored on Engineering Workstation Systems (EWS) storage.

How can the quota be increased for an individual?

TSG will have a process defined in the future for increasing quotas, purchasing additional disk space (not necessarily on DCShome), and acquiring additional storage.

Can a group quota be assigned?

DCShome is strictly for individual home directories. A second service called DCSfiles is available to facilitate group sharing of storage.

Snapshots and Backups

What are snapshots?

Snapshots are backup copies of a file system taken at a specific point in time. A snapshot is a list of pointers to all the files on a volume at the time the snapshot is created. Before a file is deleted or modified, a copy of that file is made to the snapshot storage pool, and the pointer in the snapshot is changed to point to the previous version of the file.

How are snapshot backups accessed?

In Microsoft Windows clients, snapshot backups can be accessed through the special folder named .zfs in your home directory. In machines that have DCShome home directories NFS mounted, snapshots can be accessed through the special directory named .zfs in the root of your home directory. The snapshot directories are located under a snapshots directory in .zfs and are named GMT-YYYY.MM.DD-HH:00:SS where YYYY is the year of the snapshot, MM is the month, DD is the day of the month, HH is the hour the snapshot was taken, and SS is the seconds (00 will always be the minutes of the snapshot time). For example, .zfs/snapshots/GMT-2009.08.19-14:00:00 would be your home directory snapshot taken on August 18, 2009 at 2:00 PM.

How often are snapshot backups made?

Currently, snapshot backups are taken eight times daily. Although you may see more snapshots available, TSG only guarantees two days worth of snapshots at this time. This number will increase later this year.

Do snapshots count against my quota?

No. Currently snapshots do not count against your quota.

What technology is used to perform snapshots?

DCShome employs Solaris ZFS technology to create the snapshots automatically at specified times.

What other backups are there for DCShome?

DCShome storage is backed up to tape on a nightly basis for complete restoration in the event it is needed. TSG anticipates most people will be able to use snapshots for self-service restores and tape backups will only be used in situations where a complete restoration of DCShome is needed.

Windows SMB Access

What Windows clients support connecting to DCShome?

All Microsoft Windows clients from Windows 95 to Windows Vista can connect to DCShome.

For People using Microsoft Windows 7
TSG has identified the following change that must be made to allow Windows 7 to work with your home directory:

Open "Local Security Policy" from the Administrative Tools for the system. (run gpedit.msc from the start menu if you don't have Administrative Tools)

Under Local Computer Policy-> Computer Configuration-> Windows Settings -> Security Settings -> Local Policies -> Security Options locate "Network security: LAN Manager authentication level" and change it to "Send LM & NTLM - use NTLMv2 session security if negotiated" from "Not Defined"

What authentication mechanisms are used to connect to DCShome from a Windows client?

Currently, DCShome will authenticate users with a Windows client through the campus Active Directory using Kerberos.

Can permissions be changed on files in a home directory on DCShome?

Yes, permissions of files and subdirectories within a DCShome home directory can be changed. However, mixing environments (Windows SMB clients and Linux/Solaris NFS mounts) when changing permissions can cause lost access to your own files and folders.

Are Universal Naming Convention (UNC) connections or mapped drive letters better to connect to DCShome?

The answer to this question depends on applications used and personal preference. If you use applications that rely on a mapped drive for proper use, or you prefer to have a specific drive letter associated with your DCShome home directory, then setting up a script or remembered connection is suggested. There is no requirement to map your DCShome home directory to a drive letter.

Linux SMB Access

What software in Linux is needed to access DCShome home directories?

The Samba client software version 3.0.10a (or later) and appropriate extensions in the Linux kernel are required to use Linux to access DCShome via smbfs or cifs.

What is the command to use to mount a DCShome home directory?

The mount command from the Samba client software is used to mount DCShome home directories in Linux. Here is an example of a mount command with the appropriate options:

mount -t cifs //dcshome.cs.illinois.edu/netid /mnt/home/netid \
-o user=netid,dom=UIUC,uid=netid,gid=csUndergrads,file_mode=0644,dir_mode=0755 

where netid is replaced with your campus NetID. In place of "csUndergrads" you would need to enter your appropriate designation from the following list: csFaculty, csstaff, csGrads, and csUndergrads. When prompted for a password, you should enter your campus Active Directory password. You may wish to use a file_mode and dir_mode of 0600 and 0700, respectively, instead of 0644 and 0755.

What are all the options needed on the mount command?

The mount command requires specific options at the end of the command line, and the options are:

    user= (your campus NetID)
    dom= UIUC
    uid= (your campus NetID to display your account as default owner) gid= (your group designation for default group permissions)
    file_mode= (the default file access mode in octal e.g. 0644)
    dir_mode= (the default directory access mode in octal e.g. 0755)

Why do file permissions appear incorrectly with Linux SMB?

The mount command will determine a default set of permissions for owner and group permissions in Linux. This "default" set of permissions appears to be applied to all the files, but the real file permissions are not displayed. Likewise, if you change permissions on DCShome files/directories through an SMB mount, the real file permissions are not changed, only the appearance of the default set of permissions are changed. As soon as the volume is umounted and re-mounted through smbfs/cifs, the permissions will appear to be the default set specified in the mount command.

Can the true ZFS permissions on a DCShome home directory be viewed from a Linux SMB client?

Yes, the true ZFS permissions on a DCShome directory can be viewed using the Samba client command smbcacls. Please see the man page of smbcacls for usage.

Network File System (NFS) Access

What computers NFS mount DCShome home directories?

Because of security issues, NFS mounting of DCShome home directories is limited to designated machines within the Department of Computer Science. Computers in the Computer Science Instructional Labs (CSIL) and the sal cluster have access to DCShome.

Why can't everyone use NFS to mount DCShome home directories?

NFS version 3 security is relatively weak. However, our file server is using NFS version 4 primarily. TSG hopes to offer NFS exports of home directories to trusted machines in the future. Until that time, only sal* cluster nodes can NFS mount DCShome home directories.

Why does my home directory become inaccessible periodically?

The new fileservers are using kerberos integrity to ensure that you are you and that even if the machine is hacked your files are protected. A kerberos ticket is good for 10 hours, and can be renewed for up to 7 days. You may have issues with your home directory being inaccessible after your kerberos tickets expire. You can check on the status of your ticket by running the command klist with no options. It will present output like this:

[danders5@salute ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_305982_j78xos
Default principal: danders5@AD.UIUC.EDU

Valid starting     Expires            Service principal
08/25/09 09:50:04  08/25/09 19:50:04  krbtgt/AD.UIUC.EDU@AD.UIUC.EDU
    renew until 09/01/09 09:50:04
08/25/09 09:50:04  08/25/09 19:50:04  
nfs/dcshome.cs.illinois.edu@AD.UIUC.EDU
    renew until 09/01/09 09:50:04


Kerberos 4 ticket cache: /tmp/tkt305982
klist: You have no tickets cached
[danders5@salute ~]$

The default principal should be your netid@AD.UIUC.EDU, and the krbtgt/AD.UIUC.EDU@AD.UIUC.EDU entry is for your ticket granting ticket which allows services like NFS to authenticate that you are you. As you can see the ticket above is valid starting August 25, 2009 at 9:50:04 a.m. and expires at 7:50:04 p.m. which is 10 hours.

At anytime before your ticket expires you can run "kinit -R" to renew your ticket. If your ticket is still active you will get a new one, if your ticket is already expired then it cannot be renewed and you must request a new one. The command to request a new one is just "kinit" with no options.

If you are going to be running something that is going to take more than 10 hours to do you can use cron or a background shell script to run kinit -R every 4 hours and that will keep your kerberos ticket alive for up to 7 days.

It is a preferred practice that you sign off the machine when you are done using it, that way if there are fileserver problems then sal or CSIL computers might not need to be restarted because of stale mounts, and also it is easier for TSG to apply patches if we can reboot the machine when it is idle rather than chase down idle logins or leave the machines unpatched. If you do need to leave yourself logged in you can use the kinit command to keep your tickets active.

How are permissions handled through the NFS mounts?

DCShome files are stored on an ZFS partition and shared out using NFSv4. The NFSv4 protocol allows the viewing and setting of ACLs using the nfs4_getfacl and nfs4_setfacl commands.

Why doesn't the Solaris/Linux command chown work on home directories, when it appears it should?

ZFS permissions are much more granular to allow control of files and subdirectories at various levels. Although each individual owns the files in the DCShome home directory, the right to change ownership (Take Ownership in Windows terminology) is not granted to individuals. The operating system will prevent you from re-assigning ownership by returning a "Permission denied" or "Operation not permitted" error message.

Does the Solaris/Linux command chgrp work on home directories?

Yes, chgrp will work on any files created by the owner of the DCShome home directory. There are only a few groups currently defined and mapped on the DCShome cluster, so caution is advised when using chgrp in a DCShome home directory.

How does the Solaris/Linux command chmod work on home directories?

The chmod command in Solaris/Linux will add or modify three Access Control Entries (ACEs) on the file(s)/diretory(ies) being processed. One for the owner, one for the default group of the owner, and one for the builtin group Everyone in the Active Directory domain. For a good description of how read, write, execute, and extended attributes are mapped to Solaris ZFS, please refer to Sun's website for documentation or contact TSG.

File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP) Access

Are DCShome home directories accessible through FTP?

No. FTP uses clear-text passwords. Since DCShome accounts use campus Active Directory passwords, enabling FTP would also expose users Active Directory passwords and potentially compromise access to services other than DCShome.

Are DCShome home directories accessible through HTTP/S?

DCShome directories are not available through the http or https protocols.

Is there a URL or public place to publish web content using DCShome home directories?

Yes, every home directory on DCShome has a public_html subdirectory into which its owner may place files. Directory indexing is turned off. An index.html file must exist in the public_html subdirectory to use the URL which is:

http://www.cs.illinois.edu/homes/netid/

where netid is the campus NetID of the owner of the home directory. Please note that CGI and PHP are not supported at this time for this service.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.