AFS

icon10

The webfile.nd.edu application will be discontinued on Friday, June 30, 2017. Please switch to an alternative connection method or consider one of the unlimited storage options such as Box or Google Drive. Learn more


Quotas

The following quotas for AFS file space are the default for all newly created accounts.

Faculty & Staff
1 MB
Students (Undergraduate & Graduate)
1 MB
Departmental Accounts
1 MB

 

Quota usage information for AFS is displayed near the top of the page when you view the contents of your AFS home folder in WebFile.  Default AFS quotas are set very low since a majority of users on campus will find that NetFile is better suited to their needs.

Quota Increase Requests

Those who need more AFS space can complete the AFS Quota Increase Request Form.

All quota increases are subject to system administrator approval.  Please allow up to two (2) business days for processing quota increase requests.

Back to Top

Backups and Restores

The OIT automatically performs nightly backups of AFS, and makes backups for the previous night available to you. Follow the instructions below to access these backups using WebFile.

  1. Login to WebFile with your NetID and password.
  2. Within your AFS home folder, navigate to the YESTRDAY folder.
  3. Within WebFile, you can copy files from within the YESTRDAY folder and paste them into any other folder in WebFile. Files that are accessible in WebFile are accessible in mapped drives as well.
     

To access an AFS backup older than the night before, but within the last 90 days, please send a request to the OIT Help Desk specifying the exact date from which you need to restore files.

Back to Top

Access Rights

Security Considerations
Modifying AFS Access Rights Using WebFile
Groups

Security Considerations

When modifying access rights to your AFS storage, it is important to recognize that you could be exposing your information to the entire Internet, when you did not intend to do so.  Such exposure could be a violation of the ND Information Security Policy. Here are the access settings:

Folder Name User Group Access Rights Summary
Private owner (your NetID) All With this setting, you have full access to the contents of this folder, but others cannot see any of the files.
Public owner (your NetID All With these settings, you have full access to the contents of this folder, and anyone on the internet can also see (read) them by manually mapping to this specific location.
system: anyuser Read

When you create new folders, they inherit the access rights of the parent folder unless you specifically modify those settings.

Modifying AFS Access Rights Using WebFile

 

AFS uses Unix-like access rights to determine a user’s permissions to access a particular file or folder. While these can be manipulated through a command prompt, most users will probably find WebFile’s graphical interface to be easier to navigate to assign the desired permissions to the folders.

To view or change your current AFS access rights or Access Control Lists (ACLs) in WebFile:

  1. Navigate to the folder for which you want to check the ACLs.
  2. Click on Access Rights.
    Access Rights AFS
     
  3. You will see a window like this one:

    Access Rights AFS

  4. Scroll down to the “Change Existing ACLs at netid/FolderName” section
    Access Rights AFS
     
  5. Explanation:
    • The “User/Group” column lists the netIDs of users, or the names of groups (see Groups, below) who have rights to that space.
      • The group “system:anyuser” allows anyone the access rights listed. Typically, this should be “List Only” or “None.”
    • The “Access Rights” column will list the various options for access rights that user/group has.
      • List Only: This means they can see the folder contents but cannot open the folders or files within it. This setting is usually put in place by the system itself.
      • Read: This setting means that user/group can view a list of the files/folders in this folder, and can open the file/folder for viewing, but cannot change a file.
      • Write: This allows all Read rights, plus the ability to edit or delete existing files or create new ones.
      • All: This allows a user/group all the rights of Read and Write, and in addition the ability to alter the access rights to these folders. Typically, this level of access should belong only to the owner of the file space.
      • None: This revokes all access to the folder.
    • The “Change To” drop down menu will list the available access rights for each user.
  6. To change access rights, simply select the rights you want to give to that particular user/group in the “Change To” column and scroll down and click the “Change ACL” button.
  7. To remove a user’s or group’s access, set their “Change To” column to “None” and click “Change ACL."
  8. To give someone rights to this folder, scroll to the “Add New Access Rights”, enter their NetID in user/group column and select the level of access rights you want to grant.
    Access Rights AFS

    If you want these users to have access to all the folders within this one, check the box labeled “Change access rights for all sub directories within.” (For example, in netid/MySharedFolder you have a "NeatStuff" folder. if you want to grant the same rights to that folder that you’re granting to “MySharedFolder,” check the box.)
    When you have finished setting access, click “Change ACLs."

Groups

You can create groups to control access rights to simplify adding and removing people to a number of different folders. You can use groups you create by substituting “netid:groupname” in the above access rights section instead of a NetID. This can be useful because you simply add or remove group members to the group, rather than add or remove individual NetIDs from ACLs.

To manage your groups click the “Group Management":

Group Management in NDAccess AFS Access Rights
You should see this window:

Group Management in NDAccess AFS Access Rights

  • To create a group, enter the name in the “New Group Name” box and click “Create It.”
  • To manage an existing group, choose it in the “Groups you own” drop down menu and click “Select It.”
    After you create a new group or manage an existing group, you will see the following beneath the initial options on the page:

    Group Management in NDAccess AFS Access Rights

  • To remove current group members, simply select them in the “Member List,” make sure you've clicked “remove selected member(s),” and click “Change Group.”
  • To add new group members, enter their NetIDs in the “Member list to add” box and click “Change Group.”
  • To delete a group, select the “delete the group” option and click “Change Group.”


For information about setting access rights in AFS, please refer to the WebFile Documentation.

Back to Top

Using Darrow to Work with AFS

The machine darrow.cc.nd.edu provides secure access (SSH, SCP, SFTP) to AFS files from both off- and on-campus hosts. Darrow is not intended for long-running processes, CPU-intensive processes, nor for running multiple jobs simultaneously.


Please note that hosts that attempt to misuse darrow.cc.nd.edu will be put on a blacklist to prevent further access.

Access to high performance computing resources is available through the Center for Research Computing (CRC); contact Rich Sudlow (rich@nd.edu) for more information on the CRC facilities or visit the CRC website.

Back to Top