DCShome is the file service of the Department of Computer Science that provides home directory file space for all faculty, staff, students, and designated people associated with the Department of Computer Science.
- General Information
List General Information FAQs
List Quotas FAQs
List Snapshots and Backups FAQs
List Windows SMB Access FAQs
- What Windows clients support connecting to DCShome?
- What authentication mechanisms are used to connect to DCShome from a Windows client?
- Can permissions be changed on files in a home directory on DCShome?
- Are Universal Naming Convention (UNC) connections or mapped drive letters better to connect to DCShome?
List Linux SMB Access FAQs
- What software in Linux is needed to access DCShome home directories?
- What is the command to use to mount a DCShome home directory?
- What are all the options needed on the mount command?
- Why do file permissions appear incorrectly with Linux SMB?
- Can the true ZFS permissions on a DCShome home directory be viewed from a Linux SMB client?
List Network File System (NFS) Access FAQs
- What computers NFS mount DCShome home directories?
- Why can't everyone use NFS to mount DCShome home directories?
- Why does my home directory become inaccessible periodically?
- How are permissions handled through the NFS mounts?
- Why doesn't the Solaris/Linux command chown work on home directories, when it appears it should?
- Does the Solaris/Linux command chgrp work on home directories?
- How does the Solaris/Linux command chmod work on home directories?
List File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP) Access FAQs
All Computer Science faculty, staff, and students are given accounts on DCShome. Additionally, visitors, collaborators, and designated department guests may be given an account on DCShome. Authentication to DCShome is done via the campus Active Directory. You can find out more about the campus Active Directory at this URL: http://www.ad.uiuc.edu/.
DCShome is intended to be available 24 hours a day, 7 days a week. For graduating students, DCShome accounts will be available for approximately three months after graduation. Students who change majors or leave the University before graduation will have access to DCShome until their Campus Active Directory account is disabled or the start of the next semester, whichever comes first. For all others who are no longer affiliated with the Department of Computer Science, DCShome accounts will be suspended two weeks after affiliation ends unless other arrangements are made with TSG.
DCShome is comprised of two Hewlett-Packard BL460c Blades devices running Solaris 10, which are configured as a Sun Solaris cluster. Both nodes are attached via two Fibre Channel host bus adapters to a Hewlett-Packard Enterprise Virtual Array 5000 storage array.
DCSHome can be accessed from the following clients and network protocols:
- Any computer connected to UIUCnet (including computers connected through VPN) using Server Message Block (SMB) or Common Internet File System (CIFS) protocols
- NFS accessibility is available via CSIL and sal clients.
DCShome data is secured to the individual account in the campus Active Directory to whom the account is assigned. The file system for DCShome home directories is Sun's ZFS and has permissions defined in Access Control Lists (ACLs) so that the only person who can read and write files in each individual home directory is the owner of the home directory. Every home directory contains a public_html subdirectory that is readable by a web service account, to permit the hosting of home pages from the Department of Computer Science web server (www.cs.illinois.edu).
|CS Faculty||5.0 GB||\\dcshome.cs.illinois.edu\netid or /home/cs/netid|
|CS Staff||5.0 GB||\\dcshome.cs.illinois.edu\netid or /home/cs/netid|
All Students home directories are now stored on Engineering Workstation Systems (EWS) storage.
TSG will have a process defined in the future for increasing quotas, purchasing additional disk space (not necessarily on DCShome), and acquiring additional storage.
DCShome is strictly for individual home directories. A second service called DCSfiles is available to facilitate group sharing of storage.
Snapshots are backup copies of a file system taken at a specific point in time. A snapshot is a list of pointers to all the files on a volume at the time the snapshot is created. Before a file is deleted or modified, a copy of that file is made to the snapshot storage pool, and the pointer in the snapshot is changed to point to the previous version of the file.
In Microsoft Windows clients, snapshot backups can be accessed through the special folder named .zfs in your home directory. In machines that have DCShome home directories NFS mounted, snapshots can be accessed through the special directory named .zfs in the root of your home directory. The snapshot directories are located under a snapshots directory in .zfs and are named GMT-YYYY.MM.DD-HH:00:SS where YYYY is the year of the snapshot, MM is the month, DD is the day of the month, HH is the hour the snapshot was taken, and SS is the seconds (00 will always be the minutes of the snapshot time). For example, .zfs/snapshots/GMT-2009.08.19-14:00:00 would be your home directory snapshot taken on August 18, 2009 at 2:00 PM.
Currently, snapshot backups are taken eight times daily. Although you may see more snapshots available, TSG only guarantees two days worth of snapshots at this time. This number will increase later this year.
No. Currently snapshots do not count against your quota.
DCShome employs Solaris ZFS technology to create the snapshots automatically at specified times.
DCShome storage is backed up to tape on a nightly basis for complete restoration in the event it is needed. TSG anticipates most people will be able to use snapshots for self-service restores and tape backups will only be used in situations where a complete restoration of DCShome is needed.
All Microsoft Windows clients from Windows 95 to Windows Vista can connect to DCShome.
|For People using Microsoft Windows 7|
TSG has identified the following change that must be made to allow Windows 7 to work with your home directory:
Open "Local Security Policy" from the Administrative Tools for the system. (run gpedit.msc from the start menu if you don't have Administrative Tools)
Under Local Computer Policy-> Computer Configuration-> Windows Settings -> Security Settings -> Local Policies -> Security Options locate "Network security: LAN Manager authentication level" and change it to "Send LM & NTLM - use NTLMv2 session security if negotiated" from "Not Defined"
Currently, DCShome will authenticate users with a Windows client through the campus Active Directory using Kerberos.
Yes, permissions of files and subdirectories within a DCShome home directory can be changed. However, mixing environments (Windows SMB clients and Linux/Solaris NFS mounts) when changing permissions can cause lost access to your own files and folders.
Are Universal Naming Convention (UNC) connections or mapped drive letters better to connect to DCShome?
The answer to this question depends on applications used and personal preference. If you use applications that rely on a mapped drive for proper use, or you prefer to have a specific drive letter associated with your DCShome home directory, then setting up a script or remembered connection is suggested. There is no requirement to map your DCShome home directory to a drive letter.
The Samba client software version 3.0.10a (or later) and appropriate extensions in the Linux kernel are required to use Linux to access DCShome via smbfs or cifs.
The mount command from the Samba client software is used to mount DCShome home directories in Linux. Here is an example of a mount command with the appropriate options:
where netid is replaced with your campus NetID. In place of "csUndergrads" you would need to enter your appropriate designation from the following list: csFaculty, csstaff, csGrads, and csUndergrads. When prompted for a password, you should enter your campus Active Directory password. You may wish to use a file_mode and dir_mode of 0600 and 0700, respectively, instead of 0644 and 0755.
The mount command requires specific options at the end of the command line, and the options are:
The mount command will determine a default set of permissions for owner and group permissions in Linux. This "default" set of permissions appears to be applied to all the files, but the real file permissions are not displayed. Likewise, if you change permissions on DCShome files/directories through an SMB mount, the real file permissions are not changed, only the appearance of the default set of permissions are changed. As soon as the volume is umounted and re-mounted through smbfs/cifs, the permissions will appear to be the default set specified in the mount command.
Yes, the true ZFS permissions on a DCShome directory can be viewed using the Samba client command smbcacls. Please see the man page of smbcacls for usage.
Because of security issues, NFS mounting of DCShome home directories is limited to designated machines within the Department of Computer Science. Computers in the Computer Science Instructional Labs (CSIL) and the sal cluster have access to DCShome.
NFS version 3 security is relatively weak. However, our file server is using NFS version 4 primarily. TSG hopes to offer NFS exports of home directories to trusted machines in the future. Until that time, only sal* cluster nodes can NFS mount DCShome home directories.
The new fileservers are using kerberos integrity to ensure that you are you and that even if the machine is hacked your files are protected. A kerberos ticket is good for 10 hours, and can be renewed for up to 7 days. You may have issues with your home directory being inaccessible after your kerberos tickets expire. You can check on the status of your ticket by running the command klist with no options. It will present output like this:
The default principal should be your netid@AD.UIUC.EDU, and the krbtgt/AD.UIUC.EDU@AD.UIUC.EDU entry is for your ticket granting ticket which allows services like NFS to authenticate that you are you. As you can see the ticket above is valid starting August 25, 2009 at 9:50:04 a.m. and expires at 7:50:04 p.m. which is 10 hours.
At anytime before your ticket expires you can run "kinit -R" to renew your ticket. If your ticket is still active you will get a new one, if your ticket is already expired then it cannot be renewed and you must request a new one. The command to request a new one is just "kinit" with no options.
If you are going to be running something that is going to take more than 10 hours to do you can use cron or a background shell script to run kinit -R every 4 hours and that will keep your kerberos ticket alive for up to 7 days.
It is a preferred practice that you sign off the machine when you are done using it, that way if there are fileserver problems then sal or CSIL computers might not need to be restarted because of stale mounts, and also it is easier for TSG to apply patches if we can reboot the machine when it is idle rather than chase down idle logins or leave the machines unpatched. If you do need to leave yourself logged in you can use the kinit command to keep your tickets active.
DCShome files are stored on an ZFS partition and shared out using NFSv4. The NFSv4 protocol allows the viewing and setting of ACLs using the nfs4_getfacl and nfs4_setfacl commands.
ZFS permissions are much more granular to allow control of files and subdirectories at various levels. Although each individual owns the files in the DCShome home directory, the right to change ownership (Take Ownership in Windows terminology) is not granted to individuals. The operating system will prevent you from re-assigning ownership by returning a "Permission denied" or "Operation not permitted" error message.
Yes, chgrp will work on any files created by the owner of the DCShome home directory. There are only a few groups currently defined and mapped on the DCShome cluster, so caution is advised when using chgrp in a DCShome home directory.
The chmod command in Solaris/Linux will add or modify three Access Control Entries (ACEs) on the file(s)/diretory(ies) being processed. One for the owner, one for the default group of the owner, and one for the builtin group Everyone in the Active Directory domain. For a good description of how read, write, execute, and extended attributes are mapped to Solaris ZFS, please refer to Sun's website for documentation or contact TSG.
No. FTP uses clear-text passwords. Since DCShome accounts use campus Active Directory passwords, enabling FTP would also expose users Active Directory passwords and potentially compromise access to services other than DCShome.
DCShome directories are not available through the http or https protocols.
Yes, every home directory on DCShome has a public_html subdirectory into which its owner may place files. Directory indexing is turned off. An index.html file must exist in the public_html subdirectory to use the URL which is:
where netid is the campus NetID of the owner of the home directory. Please note that CGI and PHP are not supported at this time for this service.