AFS is global
AFS data is stored on a number of AFS server machines. AFS clients can be installed on almost any computer to access that data. Clients request file data from servers when necessary and cache them locally.
AFS is more efficient and it scales better than NFS, for example and it also has greater flexibility than an ordinary Unix file system. AFS provides for greater stability through replication of system files. Because all authentication can be based on Kerberos, AFS provides for considerably better security as well.
AFS file protection
AFS uses a more precise way than UFS to control access to files through Access control lists, ACLs. There is one ACL for each directory. I.e., access control is directory bound. Sub-directories inherits the ACL of the parent directory when created.
So, do not use 'ls -l' to view file protection!
Special care has to be taken to generate different file protection rights for different files in the same directory. Usually this is done by creating soft links to files in directories with the appropriate access rights.
AFS does not use UNIX user IDs for authentication. Being able to run a program, i.e. login, on a computer does not always automatically imply that you are able to access files on it.
You have to have a valid AFS token on each computer on which you want to access files in the AFS. By default AFS tokens, and corresponding access rights, expire after 25 hours. Special care has to be taken when for instance submitting batch jobs. You must make sure to supply AFS tokens with a life time that exceeds your job time plus any time waiting in queue for you job to start.
An AFS volume contains a subtree of related files and directories. AFS disk quotas are set with respect to volumes.
Each night there is a backup made. More information on how to restore your files from the AFS backup.
Filenames may only consist of US ASCII strings.
Do not make the files in your home directory inaccessible! For your own convenience and that of others. One example: sendmail wants to take a look at the contents of your ~/.forward file.
It is considered as good behavior if you instead place your eventual secrets in separate sub-directories, for instance ~/Private/.