there is a public folder. Unless you change the permissions on this
folder, any files or new subfolders are readable and copyable by any other user
of the CNF Fileserver or anyone accessing the fileserver from a computer on the
CNF networks.
Located under the shares folder, public subfolder, cnf subfolder --
anyone on a computer on one of the CNF networks and any user of our fileserver
can read, write, create, modify, and delete files.
Located under the shares folder, public subfolder, outside_users
subfolder. Only staff can place files here. But files placed here can be read
by any user on our fileserver, anyone accessing the fileserver from a computer
on the CNF networks, and any user of AFS (the file system we use) at another
institution.
Located under the shares folder, private or CNF_Staff subfolder,
staff_compound subfolder. Any staff member can create, delete, read, write,
modify new files and subfolders.
On a unix machine, fs la directory
On a Mac OS X machine, right or control click on a folder and choose AFS -
Access Control List
On a WIndows machine, right click on a folder and choose AFS - Access Control
Lists
r - read a file/copy a file (but can't see they're there w/o the l permission)
l - lookup - be able to look through the directories and see that files are
there (but can't actually read/copy them w/o the r permission)
i - insert - create a new file/folder
d - delete - delete an existing file/folder
w - write - write to/modify an existing file/folder
k - lock
a - administer - be able to set the permissions on files/folders here
On Windows machines which I have set up, our AFS "cell", cnf.cornell.edu, is
mapped to the X drive. Windows users can also go to the start menu, select run,
and enter the path: \\afs\cnf.cornell.edu
On Mac OS X machines, there will be an icon on the desktop labeled AFS. Double
click it. Under that, you will see a list of cells your machine knows about.
Ours is "cnf.cornell.edu"
On UNIX machines, use the path /afs/cnf.cornell.edu
cnfhosts - all computers on the main CNF network (CNF offices, CAD room) and
the lab network (eg cleanroom) -- does not include CIT RedRover wireless.
grp_all - everyone who has an account on our fileserver
grp_staff - all CNF staff
grp_users - all CNF users (at present, most users do not yet have accounts)
grp_fellows - the CNF Fellows
grp_finance - Financial staff
grp_it - Your friendly CNF IT staff
system:anyuser - anyone anywhere in the world
You can also create your own groups and add people to them.
Data on the CNF file server is backed up on a daily basis.
Also, a daily snapshop of your home directory is kept in a subfolder named "Yesterday". This daily snapshot folder may also be available for some of the CNF shares.
1. Download OAFS package (1.4.x) from www.openafs.org
2. Download afsinstall.app.tar.gz from
http://cf.ccmr.cornell.edu/publicdownloads/afs/
3. Run the OAFS package
A. do NOT reboot when done
4. Run the afsinstall.app
A. Cellname: cnf.cornell.edu
B. CellAlias: cnf
C. Accept defaults for CellServDB
D. For the AFS Options
a. change -fakestat to -fakestat-all
5. copy the attached edu.mit.Kerberos file to Mac HD - Library - Preferences
6. Download the gui AFSTokens app (Tiger version) from
https://forge.cornell.edu/sf/projects/afs_tokens
File Releases tab
7. Download the OpenAFS Contextual Menu Plugin from:
http://www.ncsu.edu/mac/pn/index.php?name=UpDownload&req=viewdownloaddetails&lid=10
8. Copy the Contextual Menu Plugin to Mac HD - Library - Contextual Menu Items
9. Reboot
10. Enjoy
to login to afs, start menu -> All Programs -> OpenAFS -> Authentication (icon
is a lock icon)
this will put a lock icon w. a red X over it in your system tray. You can
double click on this icon to pop up a window where you can obtain afs tokens.
Tokens are what your afs client presents to the afs file server to authenticate
you.
For your username, you will use:
netid@CIT.CORNELL.EDU
having CIT.CORNELL.EDU in all caps is very important.
and use your netid password.
To access afs from windows, you can:
start menu -> run
\\afs\cnf.cornell.edu
this will bring up the root of the cnf afs cell. You can map this path to a
drive letter
1. rt click on My Network Places
2. Choose Map Network Drive
3. Drive letter X (to match what we've done elsewhere)
4. Path should be //afs/cnf.cornell.edu
Lengthy delays in obtaining tokens or trying to browse through the AFS filespace are most likely the result of firewall issues (Symantec or others). If you experience these problems, consult with CNF IT staff on how to resolve the problem.
To get tokens, after logging in to the machine:
kinit netid (gets kerberos tickets)
aklog (converts kerberos tickets to afs tokens)
You can then view your kerberos tickets w.
klist
and your tokens with:
tokens
Remove Kerberos tickets with:
kdestroy
and remove afs tokens with:
unlog
Our afs cell is in the path /afs/cnf.cornell.edu