Working on Athena (AC-11) Working on Athena (AC-11)The conventions used in Athena documents for describing special characters are:
Before you start to use Athena, be sure to also familiarize yourself with the Athena Rules of Use. Many of the rules presented there deal specifically with the use of Athena equipment.
A workstation is a complete computer, not just a terminal connected to a computer. Nevertheless, workstations in the Athena environment are not stand-alone machines -- they are connected to many other computers and other devices such as printers in a vast network.
Additionally, Athena has many Quickstations located around campus. A Quickstation is a workstation which has all of the capabilities of an Athena workstation. However, Quickstations are only intended to be used for ten minutes; after ten minutes, the workstation strongly encourages you to log out. This way, users can access Athena quickly to perform functions such as checking their mail, or anything that can be done on Athena in ten minutes or less.
To determine what kind of workstation you have, you can look at the the computer itself; the type of workstation is printed on the box. If you do not have access to the computer itself, on the Suns you can use the machtype command; type machtype -c at the Athena prompt.
To determine what operating system your workstation is running, use the uname command; uname tells you the name of the operating system, and uname -r tells you the version number.
The major differences that regular users need to know among these currently supported workstation types include:
There are many control characters which are useful when working with
Athena. Among these are:
For a summary of the printing privileges and limitations associated with an Athena account, see the section Assuring Fair Access to Athena Printers in the Athena Rules of Use.
For detailed instructions on how to obtain hardcopy output from Athena, see the document Printing from an Athena Workstation.
To find out the current status of the Athena clusters, type xcluster or cview at the athena% prompt, or select Help > Athena Help > Clusters > Locations and Machines Available from the panel menu (it looks like a footprint) at the bottom of your screen. cview can also be found on the Web at http://www.mit.edu/cview. The status of all of the public cluster printers can be found by typing cview printers at the Athena prompt, or at http://www.mit.edu/cview?printers. You can also call up xcluster on a workstation without actually logging in; select the Other Options mwnu of the main login window and select Map/Status of Athena Clusters.
For Athena, logging in involves gaining access to the workstation itself, the Athena facilities available over the network, and, especially, your private Athena workspace. You can log into Athena in any of three ways:
| Key | Selection | Resulting Session Type |
| F1 | Your usual login session | Standard Athena login, using your customizations ("dotfiles"). |
| F2 | Ignore your customizations | Standard Athena login, ignoring your customizations ("dotfiles"). |
| F3 | Terminal-style session | No-frills Athena session, using only your tty-oriented customizations (one xterm, no window manager). |
| F4 | Check your e-mail | Summary of e-mail waiting for you (as determined by from command) is displayed in the console window, with option to continue login or cancel session. |
| F5 | Specify special login | Run a shell script (you specify pathname of executable script) and bypass standard xsession script. |
| F6 | Start over | Return selection to default login choice ("Your usual login session") and clear anything already entered for username and password. |
The login window disappears. If you have entered a valid username and password, a console window appears in the upper right hand corner of your screen a few moments later. In this console window, the system displays a series of messages like the following to indicate the progress of your session startup:
14:32 Athena Workstation (sun4) Version 8.1.18 Tue Jun 23 00:42:13 EDT 1998 14:32 Setting up environment... 14:33 Starting mwm window manager... 14:33 Starting the Athena Dashboard... 14:33 Creating logout button... 14:33 Creating initial xterm window... 14:33 Running standard startup activities... 14:33 You have 2 messages (172890 bytes) on PO9.MIT.EDU. 14:33 Session initialization completed.If you have customized your session through the use of configuration files ("dotfiles"), other messages might appear as well. (See the document Dotfiles to learn more about using configuration files to customize your session.) You can get rid of the console window by clicking on the Hide button.
After a few moments, the Panel menubar appears at the bottom of your screen, and the login process creates a Terminal window. After a short initial pause, the window displays the following prompt:
athena%This is the Athena system prompt, and it indicates that you have logged in successfully. The system uses this prompt to indicate that it's waiting for you to enter a command. You are now ready to work in the Athena environment.
The workstation does not let you log in if you mistype your username or your password. Try logging in again, and be sure to type your username and password exactly as you gave them to the registration program when you originally registered for your Athena account; don't insert blank spaces, and remember that there is a difference between lower case and capital letters. One common cause of the unknown username error is simply hitting the spacebar accidentally before typing your username.
If the error recurs, and you are certain you are typing your username and password correctly, contact Athena User Accounts at x3-1325. You will have to go there (first floor of N42) with a valid MIT ID during business hours in order for them to help you.
This error usually occurs when you try to log into a machine you don't have access to. Unless you know differently, the only machines you can log into are the workstations in the Athena clusters and the dialup servers. These can also occur when you mistype your username, typing the name of another (or a nonexistent) user.
Your home directory, the private workspace where you keep your files, is stored on one of several large file server computers located somewhere on the network. You normally don't have to worry where the server is -- when you log in, the workstation you are using automatically finds your private workspace for you and gives you access to it. Sometimes, however, the fileserver machine that holds your files is "down" (inoperative), or the intervening network is having problems.
If it has been more than a day since you registered, the most likely cause of this message is that your fileserver is down. To find out if this is the case, call the Consulting Hotline at x3-4435, or use the On-Line Consultant program, olc. (Type olc at the athena% prompt and follow directions.) Since servers are hardware, you can also try the Athena Hardware Hotline at x3-1410.
If, for some reason, the workstation cannot connect to your locker, the login process displays a message asking whether you want to continue with a temporary directory /tmp/username. If you choose to go ahead with a temporary directory for that session, you will not have access to your locker. Therefore, you will not be able to get to your permanent files, and any files you create in /tmp/username are deleted after you log out.
You should always make sure to log out of your session when you are through working on Athena. If you do not log out but simply leave the terminal, your private workspace will be accessible to whoever next uses that workstation. (When you do log out, in contrast, your account is protected.)
You can log out using any of the methods explained below. With any of these, you should be sure to wait a few seconds at your workstation to make sure that the system actually logs you out. You can tell that you have logged out successfully if your windows disappear and the initial login window reappears on your screen.
athena% logoutIf you are on a workstation, you can enter this command in any terminal window that displays the athena% prompt.
NOTE: In some instances, the system may return the message "There are stopped jobs" and not log you out. This means that a program you started from that window has been suspended (usually by your having typed Ctrl-z while the program was running) and has not been properly terminated. The system is giving you one final opportunity to take care of the stopped processes before you log out. (To see what jobs are stopped but not terminated, type jobs at the athena% prompt in the window in which you received the stopped jobs message.)
If you simply want to terminate the stopped jobs and log out, type logout again at the athena% prompt and the system will log you out. Otherwise, see the section on Special Keys and Control Characters for how to resume a job stopped by Ctrl-z.
If you are logged into an Athena workstation that displays an EXIT button on the Panel menubar, you can log out by using the workstation's mouse.
Click on the EXIT button (usually in the bottom right-hand
corner of the screen). 
The screen will become shaded and a dialog box will appear. If you really want to log out, click on the "Yes, logout" button. If you would prefer to remain logged in, click on the other button and the logout dialog box disappears and your screen returns to normal.
NOTE: Just clicking on the EXIT button does not by itself log you out -- you must confirm your logout request at the logout dialog box.
If for some reason the system is frozen and you cannot even use this method, or if the system will not respond to any logout method, you will have to reboot the workstation. Rebooting the workstation should only be done when absolutely needed.
| Machine Type | Reboot Sequence |
| Sun | Hold Stop and press a, then at the ok prompt, type boot. |
| Linux | Hold down control, alt, and press backspace. |
After rebooting any machine, wait for the "Hit any key to start" message and start again as usual. If the machine will not reboot successfully (e.g., it gives a message that it has halted itself), call the Athena Hardware Hotline.
Your initial terminal looks like this:
To create a new terminal window, click on the "Prompt" button in the Panel.
You can also start a new terminal window by typing:
athena% gnome-terminal &The system returns something like:
[1] 8389 athena%Don't forget to type the & after gnome-terminal. Using the & causes the gnome-terminal program to run in parallel with the first window. If you don't type the &, you won't be able to work in your original window, since you will be running xterm in it. The [1] means that this is your first background process and the 8389 is its Process Identification number, or PID.
Whichever way you choose to start it, a new terminal window that is 80 columns wide and 24 lines high will appear on your screen. You can move the window to wherever you want it on your screen by clicking on the title bar with the left mouse button and dragging the window to the location you desire. When you release the mouse button, the window will stay in its new location.
Note that after you have created a window, you may have to wait a few seconds for the prompt to appear before you can type commands. Once the prompt appears, you have another window to work in.
Terminal windows have many features that you can customize (e.g., the scroll bar, fonts, and colors). Click on the Settings menu at the top of your terminal window and choose Preferenceto adjust your terminal wondow settings. Alternatively, you can use the On-Line Consultants available on Athena; type olc at your prompt. At the olc prompt, type answers. Once you are in the section of answers, choose X Window System. The stock answers explain how to make other kinds of customizations to your windows.
There are several different window managers available on Athena to run in conjunction with the X Window System, reflecting different styles of interacting with windows. At Athena, the window manager used by default is the GNOME based metacity window manager. When you login, the login process automatically starts up metacity for you. However, you can change your window manager; see Appendix D: Windowmanagers of Dotfiles for more information on the various window managers and how to change yours.
You issue commands (among other ways) from the mouse with various mouse-button point, click, and drag combinations. The following list describes some of the basic window management actions in metacity.
Move a window. To move a window, click on the title bar with the left mouse button. When you execute this command and move the mouse, the active window will move with the cursor. Move the window to a new location by dragging the mouse; when you release the mouse button, the window will stay in its new location. The window will also be raised to the top of the stack of windows on the screen when you move it.
Resize a window. First, position the mouse cursor along the edge of the window you want to resize. The mouse cursor will turn into an arrow when you are in the correct position. Click (with the left button) and drag the mouse until the window is the desired size. The edge of the window will appear as a outline as you drag it. Once you release the mouse button, the window will resize itself to the desired dimensions. If the mouse pointer started near the middle of a side, that side will move in or out. If the mouse pointer started out near a corner, that corner will move. Notice that in the center of your screen, a small box displays the window's width and height (for xterms, it shows columns by lines, such as "80x24"). As you change the size of the window, the numbers in the box change accordingly. Release the button when the window is the size you want.
NOTE: After you resize a window, most programs you run in that window will adjust themselves automatically to accommodate the new window size. Some programs, especially mozilla, may take a few moments to readjust the content of the window to fit its new size.
Iconify a window. In the upper right corner of every xterm, there are three boxes. One contains a line at the bottom; another, a half-shaded box; and the last an X. To iconify a window, click on the one with the line at the bottom. (The half-shaded box maximizes the window - makes it take up your entire screen; the X destroys the window.) When you iconify a window, it disappears form the screen and the entry for that window in the panel task list has brackets around the name of the program.
Deiconify a window. Deiconifying a window means restoring the window to its old size and location. To deiconify a window, click once on the name of the window in the task list. The task list is the list of program names on the right side of the panel next to the EXIT sign.
The name of the window is shown in brackets when a window is iconified. When you deiconify a window, the restored window reappears in its old location. and the task list entry will no longer contain the brackets.
Raising a window. "Raising a window" means bringing a window to the top of a stack of windows. Think of your screen as displaying a stack of windows. Executing this command will bring the active window to the top of the stack. (The active window is the one with the mouse cursor positioned in it when you execute the command.) To do this, click on the title bar of the window.
Lowering a window. "Lowering a window" means pushing it beneath others. This command pushes the active window to the bottom of the stack, away from you. To do this, click on the title bar of the window with the right mouse button. A menu of options will pop up. Select Lower to shuffle the window to the bottom of the stack.
The operating system used in all Athena workstations is some member of the UNIX family of operating systems. UNIX was originally developed at Bell Labs, a facility owned by the AT&T Corporation, but the Athena workstations use different descendants of UNIX.
The section of this document on Differences Among Workstations contains a list of what operating systems are currently being run on Athena, and directions on how to find out what operating system your computer is running.
Having a shell allows you to enter sophisticated commands using shorthand notation, and lets you edit commands and recall previous commands. (The operating system by itself just waits for the final version to be passed to it from the shell.)
On Athena, you can choose from among several shells with different abilities. By default, Athena users automatically use a version of the C shell (typically the tcsh program).
athena% lpr -h -Pbias myfile.PS otherfile.PS
--- --------- ----------------------
command options arguments
Most commands must be entered in all lowercase, and you cannot abbreviate
command names. Though the dividing line between a command option and a command argument can sometimes be a little fuzzy, the general idea is that options are supposed to tell a command how to do what it does, while arguments are meant to tell a command what to do it to.
Command. A "command" is really nothing more than the name of a program. The command part of the above example is the lpr.
Options. Options are the "adjectives and adverbs"; they modify the way that the command works, for example, "Show me all of them instead of just some," or "send it to that printer instead of the usual one." (You may also see options referred to as "arguments," "flags," "qualifiers," and "switches" depending upon the operating system background of the person talking.)
Not all commands have the same options, and many have no options at all, but there are some things you should know about command options:
Arguments. Finally, you list the arguments to the command. Often these will be the names of the files that you want the command to work on. If there is something wrong with the file specification, the system usually replies: "filename not found", or "filename: cannot open", or "filename: no such file or directory".
Examples. The date command can take an option, but does not use any arguments. If you enter date without an option, date displays the local date and time:
athena% date Thur Jul 2 21:14:20 EDT 1998If you include the -u option (u stands for universal time, or the time in Greenwich, England), date displays the universal date and time:
athena% date -u Fri Jul 3 01:14:53 GMT 1998Some programs are smart enough to let you know what they need if you leave out options or arguments. For example, take zlocate, mentioned in the section on Checking If a User Is Logged On:
athena% zlocate usage: zlocate [ -a | -d ] [ -p ] [ -1 ] user ...
You must train your eye to pay attention to the case of letters and always mimic exactly what you see. If you are having problems, especially with characters that do not echo on the screen, check to see whether Caps Lock is set.
If you have entered a command that you want to cancel while it is still in progress, try entering Ctrl-c. If once doesn't work, try Ctrl-c several times. Unfortunately, some programs ignore Ctrl-c and refuse to quit; for these programs, try entering q (for quit) or exit and press Return, or enter Return Ctrl-d. As a last resort, you might try Ctrl-z. See the section on useful control characters for how to deal with Ctrl-z.
If all else fails, contact a consultant (but don't turn off the workstation!).
If you don't know how to send and get mail, refer to
the document Electronic Mail on
Athena for some of the basics.
The sections below cover a few basics for using Athena lists.
athena% blanche list -a username
For instance, if your user name is jruser, and you want to add yourself to the widgetmania list:
athena% blanche widgetmania -a jruser
Alternatively, you can use the mailmaint program; type mailmaint at the Athena prompt. This program has a menu; it is very easy to work with, and much more intuitive than the blanche command. You can also use the new web interface. It requires certificates, but can be used from anywhere you have web access and an MIT personal certificate.
If the mailing list is not public (and/or if the above does not work), you will have to e-mail the administrator of the list and get them to add you. Many lists have a request list as well; for instance, requests for the list "reuse" go to "reuse-request". No matter what method you choose, it will take a few hours for your addition to have effect.
Do not e-mail the list itself; most of the people on the list cannot help you, and you may receive lots of e-mail from upset people.
athena% blanche list -d usernamethe mailmaint program or the web interface, all of which are described above, will nd mail to the list administrators; again, mailing the list itself is not likely to have the desired result. Also, you may wish to check that your name (rather than a list you are on) is on the offending list; mailmaint or the web interface can be used to check this. If all else fails, contact OLC by typing olc at your Athena prompt.
To remove yourself from many mailing lists, use the web interface or the listmaint program:
athena% listmaint
This command displays a menu. Select the "query-remove" option to remove yourself from each list you belong to. You are asked to confirm each deletion. Removal from mailing lists (whether one or many) takes a few hours to take effect.
athena% chpobox -s jruser@whitehouse.gov
When you come back, you can unforward your mail with the command:
athena% chpobox -pOnce again, both of these commands take a few hours to take effect.
If you're going away for the summer and don't want your mail forwarded, or if you're going away forever, see What Happens When You Leave (Temporarily or Permanently).
For more options for forwarding your mail, including splitting your mailbox, visit the Forwarding section of Electronic Mail on Athena
athena% zlocate jruser
If the user is logged in and currently receiving zephyrgrams, this will say where they are currently are logged in. (The first entry is where they currently are; the last is when they logged in.) If they are not logged in, or not receiving zephyrgrams, this will say "Hidden or not logged in".
athena% zwrite jruserand follow the directions.
An example transcript:
athena% zlocate wjclinto white-house.mit.edu :0.0 Sun Jan 4 19:32:10 1998 athena% zwrite wjclinto Type your message now. End with control-D or a dot on a line by itself. hi there. . Message queued for wjclinto... sent athena% zlocate mlewinsk Hidden or not logged in athena% zwrite mlewinsk mlewinsk: Not logged in or not subscribing to messages
For more information on these and the many other features of zephyr, see Zephyr on Athena.
When your home directory is over quota, Mozilla Firefox will often claim your certificates are invalid when this is not the case. If you find yourself having this problem, consult Getting Below Quota for how to get yourself below quota.
Certificates can be obtained from a certificate-granting authority - a location which gives them out. Different certificates can be obtained from different authorities; certificates specific to the site with which you are communicating are needed. To get the certificates allowing you to register for MIT classes, for instance, visit the web site http://student.mit.edu and select "Obtain Digital Certificate". For more information on certificates, see "Oliver's Guide to Coping with Certificates" or the Certificate Quick Guide.
Athena machines are not completely private and secure. There are, however, steps you can take to make access to your files very difficult and ensure that your files will not be destroyed. All users, from the beginner to the most advanced, should take these simple precautions:
Your password should be something that you will remember, but that cannot be easily guessed by others. Here are some points to keep in mind when choosing a password:
Do choose:
Don't choose:
Remember that your password is the key to your account and access to the system. Once someone has your password, that user is you on the system.
It is a good idea to change your password regularly (at least once a semester is a good rule of thumb). To change your password, type:
athena% passwd
The program asks you for your old password, then has you type in the new password twice. Neither your old password nor your new one appears on the screen as you type it.
Your new password takes effect immediately. However, any programs you started before you changed your password, such as xss, will continue to use the old password until you restart the programs or log in using the new password.
If after typing passwd, you decide not to change your password, you can exit and keep your old password by pressing Ctrl-c.
If you have forgotten your password, or get the message "Login failed" when you try to login and type your password correctly, you can go to the Athena User Accounts office (first floor, N42; x3-1325; accounts@mit.edu) during office hours to resolve the problem. Please remember to bring some form of photo ID.
There are also two other passwords you might have to work with: the "second password" or "SIS password" previously given for access to the old Student Information Service, and the browser password.
If you forgot your second password and find yourself needing it, go to Athena User Accounts (N42, first floor), with a picture ID to reset it. If you don't have a second password, don't worry; you will be given the opportunity to create one if and when you need it.
To create a browser password for Mozilla:
Tools menu >> Password Manager >> Change Master Password.
If you have forget your password, you will need to delete your old password and create a new one.
Your disk quota is the limit on the amount of space on Athena you can use to store your files and the number of files you can have. As of Feburary 5, 2008, You initially have a limit of 1.5 gigabytes (1.5 Gb, or 1.5 Gigs). As you accumulate mail, papers, and other files in your directory, you may approach this limit. If you reach your limit, you are not able to incorporate mail or save files.
To check your quota, use the quota -v command:
athena% quota -v Disk quotas for mariavt (uid 4863): Filesystem Type ID usage quota limit files quota limit /mit/mariavt volume 184768 1500000 1500000
This shows the disk usage and limits on attached lockers you maintain (i.e., attached volumes to which you have write access).
The quota -v command returns:
To find the quota for a specific locker (which must be attached), use the -f option with the filesystem path, as in:
quota -v -f /mit/lockername
For example:
athena% quota -v -f /mit/sipb Disk quotas for mariavt (uid 4863): Filesystem Type ID usage quota limit files quota limit /mit/sipb volume 159940 166000 166000<< 96% of the disk quota on /mit/sipb has been used.
If you give someone write access in a directory in your locker, any files they create there count toward your quota.
If your usage is over or approaching your quota, you need to take action to avoid losing any files. See Getting Below Quota for tips on cleaning up your files.
You can tell that you have used up your limit of disk space if you see a message like one of the following:
/afs/athena/user/u/s/username disc quota exceeded Over disc quota on /mit/username
You'll notice that you can't create any more files or use any more disk space. To find your current usage and limits, type quota -v.
Do not ignore the warning message, or any mysterious file disappearances. If you do, you risk losing the contents of any file that you try to edit.
Other symptoms of being over quota include the following:
In your Emacs minibuffer, you receive a message of the form:
Opening output file: disc quota exceeded, filename
Try to delete any unnecessary files (see Getting Below Quota).
comp: unable to create /afs/athena/user/u/s/username/Mail/draft: Disc quota exceeded
inc: unable to write 131: Disc quota exceeded
inc copies as many of your new messages as it can to your directory, but leaves the original versions of all your messages on your post office so that you can "re-inc" it when you have made enough space available. You can find more information on this in the Electronic Mail on Athena document.
cp: filename: Disc quota exceeded
There are several things that you can do to get below your quota:
The program helpquota in the consult locker will help you figure out what files are taking up up all your quota. It will also and help you find and remove expendable files. To run it:
athena% add consult athena% helpquota
The following files are often expendable:
| Filename | Description |
| file~ | an older version of the file |
| file.o | object files created when you compile a program, which will be recreated when you recompile the program |
| file.err file.otl file.aux |
files generated by LaTeX (usually), which can be re-created by processing the source file again |
| file.dvi file.PS |
usually files made with LaTeX, which can be recreated if you have the corresponding file.tex around (NOTE: files ending in .dvi or .PS may not have necessarily been generated by LaTeX; other software creates .dvi and .PS files as well; make sure that you have the source file that generated the file before you remove it) |
| core | files that may have been created when you were running a program that failed with the message "Segmentation fault (core dumped)" or "Bus Error (core dumped)" (core files are useful for finding out what caused the program to fail, but little else) |
| capture.rgb capture.mv capture.aifc |
files (still camera pictures, movies, and audio files, respectively) take up a very large amount of room and are often unneeded or forgotten |
| .netscape/cache/* .netscape/history.db .netscape/history.list |
history of all webpages you have visited with Netscape; the cache directory contains copies of all of these pages; often huge, and Netscape can function without them |
Once you've removed your unneeded files, you can use the quota -v command again to see whether you are still over your quota.
athena% expunge -r ~/Mail
This forces the removal. Also, remove files that have been deleted with the delete command using expunge or purge; see Removing a File (delete and rm) for more information on these commands.
compress filename
This compresses the file, and renames it filename.Z. For more information about compress, type:
athena% man compress
NOTE: You cannot use the compress command directly if you are already over quota. Instead, move the file to a temporary directory, compress it there, then replace the original with the compressed version. For example, to do this with a file called bigfile, type:
athena% mv bigfile /var/tmp athena% compress /var/tmp/bigfile athena% mv /var/tmp/bigfile.Z .
(The last character is a period, .).
Pay attention to any error messages you might get. Since the file is temporarily outside your home directory, if anything happens to it you might lose it.
When you have more space, you can uncompress the file:
athena% uncompress bigfile.Z
Or you can read it without uncompressing by using the zcat command:
athena% zcat bigfile.Z
Since a compressed file is usually a large file, you probably want to run zcat through more so you can read the file one page at a time:
athena% zcat bigfile.Z | more
If you still find you need more space, first confirm that you have deleted (and purged) all the files you don't need and have compressed (or saved elsewhere) files you want to keep. Then, if you still need more quota, particularly if you are working on your thesis, call Athena User Accounts (x3-1325), or send electronic mail to accounts@mit.edu. Be sure to include:
There are two main kinds of file:
Some common extensions you may encounter:
* is one of the two most commonly used wildcard characters. It matches all files except those whose names begin with . (a period), or any number of characters within a filename. For example, *.f means "all filenames with a .f extension"; h.f and verylongfilename.f would both match. a* means "all filenames that begin with a;" a and anotherfilename.c would both match.
The other is ?, which matches single characters. ?.f means "all one-character filenames with a .f extension;" a.f would match, but ab.f would not.
athena% echo specificationThe echo command simply types out its arguments. When it is run, all wildcards are expanded into full filenames if any matching files exist. The actual files themselves are not touched.
For instance, suppose these were the contents of a directory:
athena% ls Cold Hot temps temps.oldIf you wanted to remove the old version of the temps file (temps.old) using an abbreviated form, you could first test your file specification using the echo command:
athena% echo *old Cold temps.oldHere you would find that your directory specification did not match what you intended. You could try again with a more precise specification:
athena% echo *.old temps.oldNow that you have confirmed that the specification refers to the files you want, you can use that specification in the actual command (such as delete) that you intended to use with confidence that the files referred to are the appropriate ones!
In practice, file specifications are a tricky business, and using echo to try them out before really using them is always a good idea.
You can also take the output of any command and create a new file from it. For example, the scan command shows you what electronic mail messages you have:
athena% scan 102 2/10 wjclinto@mit.edu Hi, dear. << Now that Kennet 104 2/10 mlewinsk@mit.edu Re: Hi, dear. << Actually, I 105 2/10 wjclinto@mit.edu Re: Hi, dear. << Don't *lie* 109 2/12 kstarr@mit.edu Subpoena << Hello, Ms. LewinWhen you enter this command, the output from the command is displayed on the screen. If you wanted to save what you were seeing on the screen in a file, you could redirect the output of the command into a file:
athena% scan > mymail athena% ls Mail Private README.mail welcome OldFiles Public mymailThe > in the command line is the redirection mechanism. It tells the scan command to redirect its output somewhere other than the screen (in this case, into mymail). Be sure the arrow is pointing the right way. It is all right to have a blank between the > and the filename.
If you want to send the output from a command to both your screen and a file, you can use the tee command:
athena% command | tee filenameThis lets the command send output to the screen as usual, but captures a copy of the output and sends it into the specified file as well. For example:
athena% scan | tee mymail2 102 2/10 wjclinto@mit.edu Hi, dear. << Now that Kennet 104 2/10 mlewinsk@mit.edu Re: Hi, dear. << Actually, I 105 2/10 wjclinto@mit.edu Re: Hi, dear. << Don't *lie* 109 2/12 kstarr@mit.edu Subpoena << Hello, Ms. Lewin athena% ls Mail Private README.mail mymail2 OldFiles Public mymail welcome
cat filenameFor example:
athena% cat ~/.environment attach sipb attach gamesThe contents of the file are shown on the screen. If the file is very long, its contents will scroll past you faster than you can read them. You can type Ctrl-s to stop the screen from scrolling, and Ctrl-q to resume scrolling. To cancel a cat command and stop its output, type Ctrl-c.
NOTE: The workstation may print out garbage and beep a lot after you ask it to cat certain files. This is because some kinds of files are unprintable; they contain data in a format that cannot be displayed on the screen. Binary files are not printable; neither are directory files (the ones ls -F shows with a / suffix).
Also, a quick way to create a small file is by using the cat command to send text you type at the keyboard directly into a file. To do this, you use the > character to direct the output of the cat command into a file. (If you leave off the > character and the filename, cat will just echo your input to the terminal and create no new files.)
With this method, you just type the contents of the file at the keyboard. You can fix typing mistakes in the current line by deleting them; you can erase the current line by typing Ctrl-u, but you cannot change previous lines. When you are done, you finish the last line with a Return and then type Ctrl-d (it is displayed as ^D). For example:
athena% cat > README
The files in this directory are my C programs for 1.00.
The files marked .c are the source code, and the file
marked a.out is the latest compiled program.
Jo User, 1991
^D
athena%
To fix any mistakes in this file, you can delete it and re-enter the whole
thing, or use a text editor such as Emacs. You can also add text at the end of an existing
file by using the >> character instead of >:
athena% cat >> README almost forgot -- remember to rename a.out to something else before compiling again! ^D athena%>> is another redirection mechanism. It differs from > in that it appends the text that follows it to the end of any existing file, while > would attempt to replace the file with the text that followed it.
more filenameOnce more has filled up the screen, you must give it a subcommand to tell it to continue. There are many such subcommands. Here are the most commonly used ones:
| Command | Action |
| Spacebar | move forward one screenful |
| Return | move forward one line |
| b | move back one screenful |
| /string Return | search forward for string |
| q or Ctrl-c | quit |
| ? | help |
The more command is a filter program, that is, other operating system commands filter their output through more: instead of giving you their output directly, these commands send the output through more so that it will be easy to read and under your control. This is often said as "they pipe their output through more." For example, the man command (which displays online documentation) does this.
You, too, can "pipe things through more." Whenever you enter a command and its output is too large to fit on one screen, cancel it by typing Ctrl-c and re-enter it like this:
athena% command | moreThe "|" is the pipe character. For example, if you have collected hundreds of files, you can pipe the output of ls through more by typing ls | more.
Type man more at your Athena prompt to learn more about more.
cp fromfile tofileIf cp copies the file successfully, it returns you to the Athena prompt. At this point, two identical copies of the file exist. The file specifications can be relative names or full pathnames. For example, to make a copy of a file named PARTY in your home directory and put the copy into an existing subdirectory Public, you could type:
athena% cp PARTY Public/PARTYBe careful: if a tofile file already exists with the name you specify, cp overwrites the file without asking you. To avoid this problem, use cp with the -i switch; in this case, the system asks you whether you really want to overwrite the existing file before it tries to copy. The original fromfile is not affected by the cp operation in any case.
mv fromfile tofileThe system renames fromfile as tofile, in effect moving it from one location to another (unlike the cp command, there is still only one version of the file when you use mv). The file specifications can be relative names or full pathnames. For example, to move a file PARTY.LIST in your home directory into an existing subdirectory Private, you could type:
athena% mv PARTY.LIST Private/PARTY.LISTLike cp, if a tofile file already exists with the name you specify, mv overwrites the file without asking you. To avoid this problem, use mv with the -i switch -- in this case, the system asks you whether you really want to overwrite the existing file.
Whether or not mv renames the file successfully, it returns you to the Athena prompt.
athena% ls Mail OldFiles Private Public README.mail welcome www(Actually, the directory contains other files, but ls does not show the others because they are "dotfiles", files with names that are prefixed with a period.)
If you have had an Athena account for a while, you no doubt have other files and directories in your home directory, which would be listed by ls.
The ls command by itself lists just the filenames, alphabetically (A-Z before a-z) in as many columns as will fit across the screen. The ls command has many options. To see them all, use the man command to look at the online manual page for ls by typing man ls. This section discusses some of the more useful ones.
To get a list of all of the files in a directory, including those whose names begin with a . (dot) character, use the -a option (for "all"):
athena% ls -a . .cshrc .mh_profile OldFiles Public welcome .. .login Mail Private README.mail wwwThe file . always refers to the current directory, in this case your home directory /afs/athena.mit.edu/user/first-letter/second-letter/username. The file .. always refers to the current directory's parent directory, in this case your home directory's parent /afs/athena.mit.edu/user/first-letter/second-letter. (See the section Working with Directories for more information about what these directory pathnames signify.)
To get a list of your files that shows more information about them, type ls -l :
athena% ls -l total 2 drwx------ 2 jruser 2048 Aug 18 17:00 Mail drwx------ 2 jruser 2048 Aug 18 17:00 OldFiles drwx------ 2 jruser 2048 Aug 18 17:00 Private drwx------ 2 jruser 2048 Aug 18 17:00 Public -rw-r--r-- 1 jruser 433 Aug 18 17:00 README.mail -rw-r--r-- 1 jruser 1915 Aug 18 17:01 welcomeThe following table summarizes the parts of the ls -l output.
| Element | Example | Definition |
| mode | -rw-r--r-- | file's access permission modes -- see About File Mode Bits. |
| links | 1 | number of links the file has (for directories, this is how many subdirectories exist "beneath" the file, which is always at least two: itself and its parent). |
| owner | jruser | username of the user who owns the file (in most cases, your username). |
| size | 1915 | size of file in bytes (for text files, equals number of characters in file). |
| modify-time | Aug 18 17:00 | date and time when file was last modified (if file has never been modified, date file was created). |
| name | welcome | actual filename. |
There are different types of files: simple files (text files, binary files, or shell scripts), and directory files. Often you need to know the type of the files you are listing. The -F option shows this information (this example shows a directory of someone who's used Athena for a while):
athena% ls -F README a.out* decmipsbin/ myfortpgm.f src/ sun4bin/Notice the suffix characters (/ and *) following some of the filenames. These characters are not part of the filename, but give information about the type of file:
| Suffix | Meaning |
| (none) | regular file |
| / | directory |
| * | executable binary file or a shell script |
| @ | symbolic link to another file |
As with many commands, you can combine ls options to use more than one at the same time. For example, to get a long listing of all the files in a directory, type ls -la.
On Athena, there are two ways to get rid of unwanted files: delete and rm (remove). The delete command differs from the rm command in that delete is not necessarily permanent. When you use rm to remove a file, the file is erased from the system immediately and permanently; when you use delete to remove a file, the file is removed in such a way that you can recover the file (within about three days) before it is permanently eliminated from the system.
Completely erasing the file from the system is usually what you want, but once in a while you may accidently remove a file you wanted to keep -- the manuscript for a paper that's due the next morning, for example, or part of your thesis! Because of this possibility, it is a good idea to use only the delete command; this helps you avoid mistakenly losing any files.
| Command | Function |
| delete | Mark one or more files for permanent removal, making them invisible to the user (by renaming them with the prefix .#) but not actually erasing them from the system (use expunge or purge to permanently erase files marked for deletion). |
| undelete | Restore files marked for removal from current directory by delete (if not already expunged). |
| lsdel | List files marked for removal but not yet expunged. |
| expunge | Permanently remove specific files marked for removal. |
| purge | Permanently remove every file marked for removal in user's home directory and all subdirectories. |
If you accidentally delete a file and then realize that you want it back, you can get it back by using undelete.
Because of the way delete works, deleting files does not actually lower the amount of quota you are using (each file is simply renamed to a form that is invisible to your normal work, specifically from filename to .#filename). To lower your used quota, you must fully remove the deleted files from your system by using the purge or expunge commands.
For example, suppose you have a directory containing the following files:
advisor notes thesis.tex thesis.tex~Because you are near your quota, you decide to remove the old version of your manuscript file (the one ending with ~) to create some room. However, you accidently leave off the ~ from your command and thereby remove the newer version of the file from the directory:
athena% delete thesis.tex athena% ls advisor notes thesis.tex~If you had used rm to do this, you would not be able to recover the lost file, and would instead have to salvage what you could from the older file. However, because you used delete instead of rm, you can recover the deleted file by using undelete:
athena% lsdel thesis.tex athena% undelete thesis.tex athena% ls advisor notes thesis.tex thesis.tex~You can now remove the appropriate file, and even permanently eliminate it once you verify that you have marked the correct file for removal:
athena% delete thesis.tex~ athena% ls advisor notes thesis.tex athena% lsdel thesis.tex~ athena% expunge thesis.tex~ athena% lsdel athena% ls advisor notes thesis.texNote that the undelete command only retrieves files removed with the delete command -- it cannot retrieve files eliminated by rm. In addition, you cannot retrieve a deleted file that has been removed by purge or expunge. That is, you cannot undelete a file once it has been purged. (Now, under AFS, this may not be the end of the story, you may have one last chance: see Using ~/OldFiles For File Restoration for details. However, you will not get back any changes you made in the last day or two, and relying on this method is not a good idea.)
You can set up your system so that delete (rather than rm or rmdir) is automatically used whenever you want to remove files. Just put the following lines in the .cshrc.mine file in your home directory (which you can create if it does not exist):
alias rm delete -F alias rmdir delete -DThen when you type rm to get rid of a file or rmdir to get rid of a directory, delete is actually used.
To remove a file using the rm command, just type a command of the form:
rm filenameThe rm command does not verify the deletion; it simply returns you to the athena% prompt. Because rm removes files permanently without confirmation, it is a very good idea to use the -i option with rm. The -i option stands for interactive; with this option, rm asks you to confirm the deletion you are performing.
Before you rm something, remember the old Unix adage: "rm is forever."
The path to a file or directory is usually listed from top-most directory down, with intermediate directories separated by slashes. For instance, when you log into an Athena workstation, the system puts you into your home directory. (Your home directory, and all the subdirectories beneath it, constitute your locker.) Your home directory is located in the overall directory tree as:
/afs/athena.mit.edu/user/first-letter/second-letter/usernameHere, username is the name you enter when you login, first-letter is the first letter of your username, and second-letter is the second letter of your username. For instance, if your username were jruser, your home directory would have the following pathname:
/afs/athena.mit.edu/user/j/r/jruserThis means that someone starting at the root of the directory tree would have to go down into the directory tree through the following directories to get to your home directory:
Because the full pathname is rather long, Athena lets you specify your home directory in an alternative shorthand as follows:
/mit/usernameThe home directory is still in its original location, but there is a link in the /mit directory that lets you get to the home directory through the shorter path.
/afs/athena/type/.../lockernameSince all AFS lockers appear under the /afs tree, you can use the cd and ls commands to browse through the Athena cell and see what volumes of each type interest you. However, be sure to attach the locker when you want to use the contents of a volume (see the section on the attach command).
Here are all the Athena locker types:
athena% ls /afs/athena.mit.edu activity contrib dept project service system astaff course org reference software user
To access a locker, use the attach command as follows:
attach lockernameThe attach command does the following (these steps are done, for example, when your own locker is attached during login):
From the time you log in to the time you log out, you are in a current working directory. You start out in your home directory (e.g., /afs/athena.mit.edu/user/j/r/jruser, also known as /mit/jruser), because that is where the login process puts you when it lets you use the workstation.
Whenever you specify a simple filename, the system assumes that you are talking about a file in your working directory, and so can locate the file. You can change your working directory at any time. Each of the windows on your screen has its own current working directory.
The system provides a few short-hand synonyms relative to the working directory, which you can use in file and directory commands:
| Symbol | Meaning |
| . | the current working directory |
| .. | the directory above the current working directory |
| ~ | your home directory |
If you use the command immediately after logging in, the transaction proceeds as follows:
athena% pwd /afs/athena.mit.edu/user/first-letter/second-letter/usernamewhere username is your username, first-letter is the first letter of your username, and second-letter is the second letter of your username.
As you start hopping around the tree with cd commands (see Changing the Working Directory), it is easy to forget where you are. You can always find out your current working directory with pwd.
Note that the results might seem a little confusing if you go to a directory via a link pathname rather than its full pathname. For example, if you attach the sipb locker, it creates a link in /mit such that you can refer to the directory as /mit/sipb -- however, this pathname is just a convenient alias, not the actual path; the sipb locker is still actually located in the /afs branch of the file system tree. The pwd command returns the real pathname, not the link pathname, with results that might seem a little counterintuitive until you understand that links are not real paths.
For example, suppose you are in your home directory and you want to create a series of directories in which to store your programs. You want a directory called Programs in your home directory. To do this, type:
athena% mkdir Programsin the directory where you want the Programs directory to be (here, your home directory).
Note that you must have appropriate access permission to create new directories under an existing directory; by default, you have this permission in every subdirectory of your home directory, but you may not have this permission in most other locations of the file system tree. Also, even for the directories you create in your own home directory, you will want to make sure the access permissions are set appropriately (e.g., you may not want any other users to be able to list the names of the files in your new subdirectory). For information about how to check and set access permissions, see the section on Sharing Files.
For example, suppose your username is jruser and your current working directory is your home directory. You want to modify some of the files in the subdirectory of your home directory called Private -- you want to "work in" that directory, as the saying goes. You could specify the files of interest by their full pathnames (e.g., /afs/athena.mit.edu/user/j/r/jruser/Private/resume.tex) or you could specify the files by their somewhat simpler but still tedious "relative pathnames" (i.e., pathnames relative to the current working directory, such as Private/resume.tex). However, if you intend to do any serious work in that directory, you probably want to change your working directory from your home directory to Private, then refer to the files by their local names (e.g., resume.tex). To do this, type:
athena% cd PrivateIf you are in a directory other than your home directory, you can use cd without an argument to change the working directory back to your home directory. Thus the cd /mit/jruser command at the end of the previous example could be shortened to just cd:
athena% cd athena% pwd /afs/athena.mit.edu/user/j/r/jruserYou may be working in somebody else's directory, somewhere else on the tree. Rather than always typing out /mit/otheruser, you can just change the working directory to their home directory after attaching their locker:
athena% cd /mit/otheruserThere are several potential oddities to note as you use cd. Any of these of these conditions can produce the illusion that something is seriously wrong with your files or your login session, but in fact some simple explanation lies behind the difficulty:
You cannot remove a directory unless all of the files underneath it are gone. This prevents you from accidentally wiping out important subtrees with one careless command. A quick way to delete all the files in a directory you want to get rid of is to change to that directory with cd, then:
athena% delete *Be careful before you do this! If the directory also has . dot files in it, you must also say:
athena% delete .[^.]*Now you can check what you've deleted with lsdel, then go ahead and expunge if you're certain about the files you're deleting. You can then delete the directory itself. Move out of the directory back to the one above it, then type:
athena% rmdir dirnameTo prevent accidentally erasing files, the rmdir command only removes empty directories. If a directory isn't empty, rmdir displays an error message. You must then cd to that directory and remove all of its files and subdirectories.
The following table lists some of the common ways to specify directories or files. (All of these have synonyms that would work just as well.) These specifications might be used, for example, in a command of the form cd specification.
| To Indicate ... | Use ... |
| the current working directory | . (a period) |
| the parent directory of the current working directory (i.e., the directory "above" the current working directory) | .. (two periods) |
| your home directory | ~ (a tilde) |
| a directory called foo inside your current directory | foo |
| all the files and directories in directory foo below your current directory | foo/* |
| a file or directory stuff in the directory foo inside your current directory | foo/stuff |
| a file or directory stuff in your home directory, when you are in your home directory | stuff |
| a file or directory stuff in your home directory, when you are in another directory | ~/stuff |
| a file stuff in the directory above you | ../stuff |
| a file stuff in the directory foo in the directory above the one you are in | ../foo/stuff |
Here's a common mistake: Suppose you wanted to look at the files in your Mail directory and issued the following command:
athena% ls /Mail /Mail not found (No such file or directory)This is one manifestation of a common mistake people make when learning about directory specifications. You were trying to list out the files under your Mail directory, but now it seems that your mail files have disappeared!
The problem is the use of the / character. A slash at the beginning of a directory specification means the whole system's root directory. Thus, you did not name your Mail directory, you named a Mail directory immediately under the root directory. This directory does not exist on Athena. (If it did, it would belong to the operating system, and it would be unreadable anyway.)
The rule, then, is to never start a directory specification with / unless you explicitly mean one of the directories immediately below the whole system's root directory, for example: /etc, /mit, and /usr.
| Command | Function | |
| ls | list contents of directory | |
| cat | catenate and display file(s) | |
| more | display contents of file one screenful at a time | |
| tee | pipe copy of output into file | |
| cp | copy file/directory | |
| mv | move (rename) file | |
| delete | mark file/directory for later permanent removal | |
| expunge | permanently remove files marked for deletion | |
| lsdel | list files marked for deletion | |
| purge | permanently remove files under ~ marked for deletion | |
| undelete | recover files marked for deletion but not yet removed | |
| rm | permanently remove file | |
| pwd | display name of current working directory | |
| cd | change to the specified directory | |
| mkdir | create new directory | |
| rmdir | remove empty directory | |
| echo | displays the typed text, expanding wildcards |
For more information on any of these commands, or any others, use a form of the man command at your athena% prompt:
athena% man command-name | more
Athena offers several ways to share a file with a friend or colleague without sharing your password. Each method has its pros and cons, so we'll give you the whole story and you can choose which method best suits your needs. This section covers sharing files with other users by transferring copies to them and by setting access permission lists.
Note that the discussion here refers to accounts that are maintained under the AFS filesystem (this includes all user accounts created since 1992 and most Athena lockers).
There are several ways to get a copy of a file to another user without requiring the other user to access the original copy of the file in your own directory. (For example, you might not want the other user to access all the files in that directory.)
mhmail email-address < filename
For example, to mail the file (share.tex) to the other user (iam@media.mit.edu), type:
athena% mhmail iam@media.mit.edu < share.tex
Also, this transfer can be accomplished with subdirectories; see Using Subdirectories to Share Files for more information on how to do this.
A group is a way to place users together. This is typically used for granting or denying access privileges. For instance, a course could set its locker such that only members of that course could read the contents of the locker. In addition, there are groups owned by the system, called Moira groups. These groups haves names which begin with system:. Users designated as administrators can maintain groups via the listmaint and blanche commands or the web interface. (Mailing lists, for example, may be system-owned Moira groups.)
When you update a group (with listmaint, blanche or the web interface), the change takes effect immediately for AFS purposes such as updating access control lists.
Here are some of the possible group specifications you can make (e.g., as a user-or-group field in an fs command), including several special system-owned groups:
| Group | Purpose |
| system:authuser | Any user with valid Kerberos tickets in the same cell (e.g., under athena.mit.edu). For all practical purposes, this is all users at MIT. |
| system:anyuser | Any user, including AFS users not at MIT. |
| system:expunge | The process which runs automatically on your fileserver to remove old delete'd files permanently. This group is given ld access to your directories by default, so that the process can look up the old delete'd files and remove them. |
| system:groupname | A system-owned (Moira) group, whose members can be edited with listmaint, blanche or the web interface. To create a group, contact Athena Accounts (send e-mail from their web page at http://web.mit.edu/accounts). To see if a mailing list is also a group, look at the list information by typing: blanche listname -i. |
NOTE: If you have an account created before 1997, you may also have a group that has the same name as your username (i.e., system:username). Because of the naming confusion between this group and your username, and because these groups were underutilized yet took up system resources, these personal groups are no longer automatically created for new user accounts.
In order to give other users access to files in your account, you need to understand how access permissions work. This section discusses:
Under AFS, individual files do not have access permissions associated specifically with them; access to a file depends on accessibility of the directory the file lives in. (Thus, for example, a file's rights change if the file is moved to a directory that has different access rights than the source directory.)
You set permissions to access directories (and thus the files in them) in the form of access control lists (ACLs). The ACL for a given directory is a list of users and groups, paired with their rights.
The owner of a directory (and anyone who has administer rights, as explained below) can set and manipulate the ACLs for the directory with the fs command.
There are seven kinds of access permissions that can be given to users of a directory under AFS. (Note that you can combine these, and give different combinations of permissions to different users.)
| Right | Enables users (who have been given that right) to: |
| r | Read the contents of files in the directory. |
| l | Look up status information about the files in the directory (i.e., list the filenames in the directory and look at the directory's access control list). This does not imply read access, but if you don't have lookup access, no other form of access (other than administer) can be used. |
| i | Insert files or subdirectories into the directory (i.e., create new files or move existing files into the directory). This does not imply ability to modify these same files (w). |
| d | Delete files or subdirectories from the directory. |
| w | Write or edit the contents of files in the directory. This only allows changing existing files; it does not imply delete (d) or insert (i) access. Write access also gives chmod access to files. |
| k | Set an advisory lock on a file. This is used mainly by application programs and not useful to most users; see man flock for more information. |
| a | Administer or change the rights on the access control list. This does not immediately imply any other kind of access. The owner of a volume always has implicit administer rights. The owner can give administer rights to other users, who can then also change the rights on the ACL. (Thus, be careful about giving administer rights to other users!) |
These rights have been aliased into commonly used groups of rights that can be referred to with the following shorthand notation:
| Alias | Expands to... | Meaning: |
| read | rl | read and look-up rights |
| write | rlidwk | all rights but administer |
| all | rlidwka | all rights |
| none | used to clear access |
To list the ACL for a directory, use the fs la command:
fs la [directory] [directory ... ]Directory is the directory you want to see the ACL for, and defaults to the current directory (i.e. .)
This command returns the list of users and groups with their associated rights. (A name with a colon in it is a group. See About Groups for more information.) For example, if members of the Trapp Family Singers had Athena accounts, you might see an ACL like the following:
athena% fs la
Access list for . is
Normal rights:
system:expunge ld
system:vontrapp rl
gvtrapp rlidwk
liesl rl
mariavt rlidwka
In this example, the following permissions are given for the current directory (indicated by the .):
As a directory owner, you can set permission rights for users to access your directories. To assign access rights to a directory, use the fs sa command:
fs sa directory user-or-group rights [user-or-group rights ...]
| Option | Meaning |
| directory | the directory you are setting the ACL for (use . for the current directory) |
| user-or-group | the user (a username) or group (usually specified as system:groupname; see About Groups) |
| rights | the rights to be given to the preceding user or group, either the explicit rights (from the rlidwka list) or one of the aliases read, write, all, or none |
For example, to give "write" (rlidwk) access for the current directory to the user gvtrapp, and "read" (rl) access to the user liesl, you could type:
athena% fs sa . gvtrapp write liesl read
To nullify the rights of individual entries, use the term none in the ACL pair:
fs sa directory user-or-group none
This clears the rights of the user or group from being explicitly specified in the directory's ACL. However, this does not necessarily preclude access to the directory--a user could be a member of another group that still has access to the directory, and the user would therefore have access. For example:
athena% fs la
Access list for . is
Normal rights:
system:expunge ld
system:vontrapp rl
gvtrapp rlidwk
mariavt rlidwka
athena% fs sa . gvtrapp none
athena% fs la
Access list for . is
Normal rights:
system:expunge ld
system:vontrapp rl
mariavt rlidwka
This example removes user gvtrapp's entry (for "write" access) from the ACL for the current directory, but since he presumably is a member of system:vontrapp, he probably still has "read" access to the directory.
The ACL can actually be two lists for a directory: Normal rights give users or groups access to that directory; Negative rights are rights that a user or group explicitly does not have. The Negative rights list always takes precedent over the Normal rights list.
To specify Negative rights, and thus ban a user or group from having those specific rights, use the -negative (-n) flag in the fs sa command:
fs sa directory user-or-group rights -negative
This prevents the specified user or group from having the specified access to the directory, even if they are explicitly or implicitly (by being a member of another group) given "Normal rights". For example:
athena% fs la Edelweiss
Access list for Edelweiss is
Normal rights:
system:expunge ld
system:austrians rl
mariavt rlidwka
athena% fs sa Edelweiss rolf all -n
athena% fs la Edelweiss
Access list for Edelweiss is
Normal rights:
system:expunge ld
system:austrians rl
mariavt rlidwka
Negative rights:
rolf rlidwka
Now, even though user rolf is a member of system:austrians, he cannot access any of the files in the directory Edelweiss.
Be careful. The group system:anyuser does not require authentication. If you assign Negative rights to a user, but give system:anyuser Normal rights, it's possible for an unauthenticated user to gain access to the directory with system:anyuser's rights. If you use system:authuser instead of system:anyuser, you can avoid this problem.
To nullify Negative rights (i.e., to remove an entry from the Negative rights list), use the term none in the ACL pair, plus the -n flag:
athena% fs la Edelweiss
Access list for Edelweiss is
Normal rights:
system:expunge ld
system:austrians rl
mariavt rlidwka
Negative rights:
rolf rlidwka
athena% fs sa Edelweiss rolf none -n
athena% fs la Edelweiss
Access list for Edelweiss is
Normal rights:
system:expunge ld
system:austrians rl
mariavt rlidwka
To clear all entries from an ACL (i.e., to clear all entries from both the Normal and Negative rights lists) use the flag -clear (-c):
fs sa directory user-or-group rights [user-or-group rights ...] -clear
This clears all rights except the ones explicitly set in the command line.
Again, be careful. To keep your own rights to the directory you should include an ACL pair with your rights any time you use the -clear flag, otherwise you, too, can lose access to the directory:
fs sa directory administrator all [user-or-group rights ...] -clear
If you inadvertently remove your rights from an ACL, you can restore them from the parent directory, as long as you have all rights there:
athena% fs sa Edelweiss mariavt none
athena% fs la Edelweiss
Access list for Edelweiss is
Normal rights:
system:expunge ld
athena% cd Edelweiss
Edelweiss: No such file or directory
athena% ls -ld Edelweiss
drwx------ 2 mariavt 2048 Jul 16 09:27 Edelweiss
athena% fs sa Edelweiss mariavt all
athena%