link to content
Essentials at NC State Home
skip header navigation and go to content Help | ResNet | Computing@NC State | For OIT Staff | Publications | Search NC State | Feedback | Site Map
your unity account
antivirus & security
email & messaging
connections & labs
your computer
software@nc state
files
 » Rules & regs
 » AFS at NC State
    » Access AFS with
       a Macintosh
    » AFS path for a
       URL
    » Restoring a file in
       AFS
 » File storage space
    (disk quota)
 » Printing your files
 » Allowing access to
    files
    » PTS Groups
 » Secure file transfer
 » Managing files in Unix
 » Most-used
    Unix commands
 » Lockers
    (extra file space)
 » Decompress &
    decode files
web pages
education & training
publications
other resources
troubleshooting
ITD Sections

Home » Managing files » Accessing AFS with a Macintosh Using OpenAFS » OpenAFS

OpenAFS

links to information on this page
What is OpenAFS?
What can OpenAFS do for me?
Where can I use OpenAFS?
What do I need to use OpenAFS?
How are folders used for access?
How do I set up OpenAFS?
How do I use OpenAFS?
How do I set AFS® Home folder privileges?
What are the AFS® access privileges?
How do I set sub-folder privileges?
How do I create a group?
How do I assign group privileges?
What are some tips on folder access?

 

What is OpenAFS?

As the name implies, OpenAFS is a free, open source branch of AFS®. It is used to manage AFS® file space. Complete infomation about OpenAFS is available at http://www.openafs.org/.

What can OpenAFS do for me?

By using OpenAFS you can allow other persons to view your Web pages, read your class notes and work collaboratively with you on files stored in your AFS® Home folder.

Where can I use OpenAFS?

You can use OpenAFS on any computer on which it has been installed and which is connected to the Internet.

What do I need to use OpenAFS?

  • You should have a basic knowledge of the Macintosh operating system. If you don’t, a tutorial is provided for you with the computer. To run the tutorial, select the Help menu on the right hand end of your menu bar and choose Mac Help.
  • Systemwise, you will need MacOS X 10.4.x.
  • You will also need a network connection that is reasonably fast (e.g., DSL, cable).

How are folders used for access?

Access to files is granted at the folder level only. All the files in a particular folder have the same level of access. To restrict a specific file’s access to a single person, for example, that person must have a Unity account, and the file must be in a folder accessible by that person only.

To avoid problems, it is very important that you create a separate, dedicated sub-folder within your AFS® Home folder for each group of documents that you want to grant access to. Put all of your Web pages in the www sub-folder (if you need to create this, see the procedure given below). Create a separate folder for each collaborative class project. Access privileges can then be granted as needed to each folder.

How do I set up OpenAFS?

WARNING: If your computer is frequently used in a VPN or Nomad wireless or wired network, you will need to be sure that you are connected to the network before using OpenAFS.

Here are the steps for setting up OpenAFS on your personal Macintosh. You’ll need to download a file from the NC State site, and you may need to manually change some files on your machine.

  1. You will need to be running MacOS X 10.4.x.
  2. Make sure that the network you will be using is reasonably fast (e.g., DSL, cable).
  3. If you haven’t already done so, create a local account on your machine with the same Short Name as your Unity ID. If you don’t know your Unity ID, contact the NC State Help Desk or help@ncsu.edu. If you don’t know how to create a user on your Macintosh, see Mac OS X 10.4 Help: "Adding a new user account to your computer."
  4. Download and run the OpenAFS installer package for NC State from:
    http://www.ncsu.edu/mac/pn/index.php?name=UpDownload&req=getit&lid=6
  5. Restart your machine when the installer finishes.
  6. Open the Applications folder on your hard drive.
  7. Find and double-click on the Mount_AFS icon.
  8. When you see the Authenticate window (below), enter your local machine owner/adminstrator username and password.

    Authenticate window

  9. Enter your Unity ID and password when you see the Authenticate to Kerberos window (below).

    Authenticate to Kerberos window

  10. Once AFS® is mounted, you will see the following window:

    AFS mounted window

  11. In addition, the AFS® icon (below) should appear on your Desktop. If it doesn’t, contact the NC State Help Desk.

    AFS icon

It may be a good idea to synchronize your MacOS X UID with your AFS® UID.

How do I use OpenAFS?

After it is installed, you can use OpenAFS by following steps 6-11 above.

How do I set AFS® Home folder privileges?

  1. Navigate to:
    /afs/unity.ncsu.edu/users/
  2. Highlight the folder named with the first letter of your Unity ID and bookmark it (add it to your Favorites) by dragging it to the heart icon on the menu bar of the AFS® window. This will make it easier to grant access in the future.
  3. Open this folder. This may take several minutes if it contains numerous sub-folders. The small rotating ring icon on the right side of the window, near the Search box, indicates that opening is in progress.
  4. Highlight your AFS® Home folder, the sub-folder whose name is your Unity ID.
  5. While holding down the Control key, press the mouse button.
  6. From the menu that appears, select AFS (at the bottom of the list).
  7. Select Access Control List.
  8. An AFS® Info window will open showing the persons who have access to your AFS® Home folder and the access privileges that each has.
  9. If system:anyuser does not appear on the list, select the Add button and type it into the Name text box.
  10. Make sure that the Normal radio button is selected and the Lookup checkbox is marked. This will allow anyone to view only the titles of the sub-folders and documents in your AFS® Home folder. If you want them to be able to view the contents, you will need to grant access privileges to the individual sub-folders. Lookup is normally the only access you will need to allow for your AFS® Home folder. See the list below for the available access privileges and examples of these privileges for certain sub-folders.
  11. Select the Save button.

What are the AFS® access privileges?

You are automatically granted the following seven options for all folders in your Home AFS ® space.

  • Lookup (l)—Users may look at the titles (but not read, copy, or alter the contents) of the items in a specified folder. You must give users Lookup access if you give them Read access (below). Also, you must grant Lookup access to an upper-level folder in order to grant additional access privileges for a sub-folder it contains.
  • Read (r)—User may read (but not alter) the contents of the files in a specified folder.
  • Lock (k)—You must choose Lock whenever you choose both the Read and Lookup options.
  • Write (w)—User may edit the contents of any file in a specified folder.
    NOTE: Use this option with special care. Whoever has Write privileges for your entire AFS® Home folder, for example, will be able to access and alter every sub-folder and file in it. To avoid this risk, create a sub-folder containing the documents you want to share and grant Write access to that sub-folder only. Also note that Write access allows a user to erase the entire contents of a folder or file but not to delete its name from the list. Always back up your shared files and folders in another location, but before doing ensure that the contents of each Write-accessible file are intact.
  • Insert (i)—User may insert sub-folders and files (create new ones or move existing ones) within a specified folder.
  • Delete (d)—User may delete sub-folders and files within a specified folder.
  • Admin (a)—User may change access privileges for your folders.
    NOTE: Normally, you would never give Admin rights to anyone except system:administrators. Whoever has Admin rights can change the access privileges on your folders and keep you from accessing them yourself.

How do I set sub-folder privileges?

The access options you choose for a sub-folder will depend on how you want its contents to be used. Below are three common examples.

Example 1. Web pages

If you have not already set up your www sub-folder in your AFS® Home folder, use the www setup tool. Login at https://sysnews.ncsu.edu/tools-bin/www-setup and follow the setup instructions. Copy your Web pages into the www folder They must be stored there in order for you to provide URLs for them. If you need it, there is help with copying a file.

  1. If you have bookmarked the folder named with the initial letter of your Unity ID, open it by selecting its icon in your Favorites folder.
  2. If you have not bookmarked this folder, navigate to it and bookmark it using steps 1-2 of the instructions included in setting AFS® Home folder privileges.
  3. Open this folder and find your AFS® Home folder inside it. This may take several minutes.
  4. Bookmark your AFS® Home folder, then open it.
  5. Highlight your www sub-folder.
  6. While holding down the Control key, press the mouse button.
  7. From the menu that appears, select AFS (at the bottom).
  8. Select Access Control List.
  9. A window will open showing the persons, if any, who have access to your www sub-folder and the access privileges that each has.
  10. If system:anyuser is not in the list, select the Add button and type it into the Name text box.
  11. Make sure that the Normal radio button is marked, and mark the checkboxes for Read, Lookup and Lock.
  12. Select the Save button.
  13. If system:anyuser is already in the list but without the letters rlk beside it, highlight it and select the Edit button.
  14. Make sure that the Normal radio button is selected and the checkboxes for Read, Lookup and Lock are marked.
  15. Select the Save button.

Example 2. Read-only materials

In some situations you may want to allow a user to read a file (class notes, for example) but not to make any changes. If you need it, there is help with creating a new sub-folder.

  1. Open your AFS® Home folder as described in steps 1-4 of the procedure for Web page privileges above.
  2. Highlight the sub-folder that contains the read-only file(s).
  3. While holding down the Control key, press the mouse button.
  4. From the menu that appears, select AFS (at the bottom).
  5. Select Access Control List.
  6. A window will open showing the persons, if any, who have access to this sub-folder and the access privileges that each has.
  7. To add a new person to the access list for this folder, select the Add button and type the desired Unity ID in the Name text box. For example, if you wanted to add John D. Doe, whose Unity ID is jddoe, you would type in jddoe.
  8. Make sure that the Normal radio button is marked and mark the Lookup, Read and Lock checkboxes. This will allow the user to view and copy every document in the read-only sub-folder but not to edit or delete anything. Nor will he/she be able to view, edit or delete the contents of any other sub-folder.
  9. Select the Save button.
  10. Repeat steps 7 through 9 to add other users, if any. To grant access privileges to a group of users simultaneously, see Creating and managing a group access list.

Example 3. Collaborative project

In some courses at NC State, you may be required to work on a group project. OpenAFS offers teams an easy way to collaborate. One person can store the project files in a folder on his/her AFS® space and grant every other group member appropriate access privileges for that folder. If you need it, there is help with creating a new folder.

  1. Open your AFS® Home folder as described in steps 1-4 of the procedure for Web page privileges above.
  2. Highlight the sub-folder containing the project files.
  3. While holding down the Control key, press the mouse button.
  4. From the menu that appears, select AFS (at the bottom).
  5. Select Access Control List.
  6. A window will open showing the persons, if any, who have access to this sub-folder and the access privileges that each has.
  7. To add a new person to the access list for this folder, select the Add button and type the desired Unity ID in the Name text box.
  8. Make sure that the Normal radio button is marked and mark the checkboxes for Lookup, Read, Lock, Write (if appropriate) and Insert (if appropriate). Lookup, Read, Lock and Write will allow your team members to view, copy and edit the project files. If you grant them Insert privileges, they will also be able to add files to the sub-folder. They will not be able to delete the name of any project file or to view, edit, or delete the contents of any other sub-folders. Remember that Write access allows a user to change or erase the contents of a project file and should be granted with caution. Open and read all Write-accessible files to make sure they are complete before you back them up.
  9. Select the Save button.
  10. Repeat steps 7 through 9 for each team member. To grant access privileges to a group of users simultaneously, see Creating and managing a group access list.

How do I create a group?

  1. Open the /Applications folder on your hard drive.
  2. Run afstokens by double-clicking on its icon.
  3. Make sure that you have a list of tokens.
  4. Select the Pts (Group Mgmt) button at the lower left of the window.
  5. Select the Groups I Own button.
  6. Select the Add a Group button.
  7. Type in the name you want for the group. It must begin with the designation unityid:, where unityid is your Unity ID.
  8. Select the Add button.
  9. The new group’s name will appear in the list. Write down the group name so that you will have it handy when you assign access privileges later.
  10. Mark the radio button for the group.
  11. Select the Edit Group button.
  12. Select the Add to Group button.
  13. Enter the users one at a time, selecting the Add button after each one.
  14. Use the Remove button to delete users from the group as needed.
  15. Quit afstokens.
  16. Assign access privileges to the group as described in one of the three examples given above.

How do I assign group privileges?

  1. Open your AFS® Home folder as described in steps 1-4 of the procedure for Web page privileges above.
  2. Highlight the sub-folder whose access privileges you want to change.
  3. While holding down the Control key, press the mouse button.
  4. From the menu that appears, select AFS (at the bottom).
  5. Select Access Control List.
  6. A window will open showing the persons and groups who have access to this sub-folder and the privileges of each.
  7. If you want to add or modify the privileges for a user or group, highlight that user’s Unity ID or group name, select the Edit button, mark or unmark the appropriate checkboxes and select the Save button.
  8. If you want to withdraw all privileges for that user or group, highlight the user’s Unity ID or group name and select the Delete button. Confirm that you want to delete.

What are some tips on folder access?

  • To keep your files as secure as possible, it is very important that you always create a separate sub-folder for each set of files to which you want to grant access.
  • To grant access to a sub-folder, you must grant access to each upper-level folder that contains it. The Lookup option is usually all that is needed for each upper-level folder.
  • If you are unsure about which checkboxes to mark, select only Read, Lookup and Lock. If you do not grant a user sufficient access initially, you can change the options later.
  • Be careful not to accidentally delete any of the seven folder privilege options that were given to you automatically.
  • If you are having trouble accessing another owner’s folder, contact the owner to make sure that you have been given sufficient access privileges.

Go to the main page for this guide.

Last modified October 2, 2007 by cawalker

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
jump back to content/page ends, begin footer
jump to content
jump to content Go to page top Page Top | Site Map | OIT | Policy Disclaimer | Site Survey