• IT Services
• Stanford OpenAFS
• Stanford OpenAFS for Macintosh 1.4
• Using Stanford OpenAFS for Macintosh

Using Stanford OpenAFS for Macintosh

Overview

Stanford OpenAFS is used to mount directories in AFS to your Mac's desktop, the same way you would work with other network volumes. Anyone with a full service SUNetID can access their own AFS space, or space in other user directories, group, and department directories, provided they have been granted the necessary permissions.

The easiest way to set permissions, once a directory is mounted, is to use the Access Control List (ACL) command that is found in the directory's contextual menu. Directories are limited to 20 ACLs. However, you can create a group ACL, referred to as a pts group. A pts group counts as one ACL but can hold as many SUNet IDs as you need.

For more information about AFS, see the AFS at Stanford web site.

::top of page

---

Installing Stanford OpenAFS

Note: To install Stanford OpenAFS, you need an Administrator account and password for the Mac. You will be prompted to restart your Mac to complete the installation.

1. Download and run the Stanford OpenAFS installer file from the Stanford OpenAFS web site or open Stanford Desktop Tools and click the Install Now link for Stanford OpenAFS.
   
   
2. If you are installing Stanford OpenAFS through Stanford Desktop Tools you will see the following message. Click OK to continue.
   
   
   
   
3. Click Continue.
   
   
   
   
   
4. Click Continue.
   
   
   
   
   
5. Click Continue.
   
   
   
   
   
6. Click Continue.
   
   
   
   
   
7. Agree to the terms of the software license agreement.
   
   
   
   
   
8. Select your System drive for the destination if it is not already selected and then click Continue.
   
   
   
   
   
9. Click Install to start the installation.
   
   
   
   
   
10. When prompted, enter your Administrator account for the Mac and click OK.
    
    
    
    
    
11. You will need to restart your Mac to complete the installation. Click Continue Installation to proceed.
    
    
    
    
12. Click Restart to finish the installation.
    
    
    

::top of page

---

Mounting AFS Volumes

Once a volume is mounted, you can see the volume's contents by double-clicking it to open a Finder window for it, or by using an open Finder window to navigate to it. The Finder will show all files and directories in the volume, except for dot files (files whose names begin with a period, e.g., .login), which are not accessible from the desktop. For other files, you can drag/drop them to your other volumes (your startup drive, for instance), and drag/drop files from them to your mounted AFS volume. You'll also have access to them in Open and Save dialog boxes.

Authenticate

Authenticate to Kerberos to Access Stanford OpenAFS Through Stanford Desktop Tools (Recommended)

1. If you have Stanford Desktop Tools installed, right-click (or Control + Click if using a single-button mouse) the Stanford Desktop Tools icon in the dock.
   
   
2. In the pop-up menu, click Mount AFS Volume .
   
   
   
   
3. If you are not already logged into Kerberos, enter your SUNet ID and password when prompted and click OK.
   Note: If the entry fields are not displayed, click anywhere in the dialog box to expand it.
   
   
   
   
4. The Mount AFS Volume window will be displayed.
   

Obtain AFS Token to Access Stanford OpenAFS Directly

1. If Stanford Desktop Tools is not installed, navigate to Applications > Stanford > AFS and open AFS Controller to display the Mount AFS Volume window.
   
   
2. If a dialog box appears, asking if you want to obtain a token, click Yes.
   
   
   
   
3. Enter you SUNet ID and password and click OK.
   
   
   
   
4. The Mount AFS Volume window will be displayed.
   

Mount Your Home Directory

1. Select My Home from the Mount Volume belonging to drop-down list box.
   
   
2. Click Mount.
   
   
   
   
3. An alias to your AFS home folder will mount on your desktop.

Mount a User, Class, Department, or Group Directory

1. Select User, Class, Department, or Group from the Mount Volume belonging to
   
   
2. In the adjacent box, type in the name of the directory you want to mount.
   
   • For User - enter the SUNet ID of a user's home directory (example: enter jdoe to mount John Doe's directory)
   • For Class - enter the class name (example: econ1)
   • For Department - enter the name of a department (example: biology)
   • For Group - enter the name of name of a group (example: dance)
     
     
3. Click Mount.
   
   
   
   
4. An alias to the AFS folder will mount on your desktop.

Mount AFS Root

Note: The AFS root volume is mounted by default when you install Stanford OpenAFS. There is no way to permanently not have the AFS root mounted on the desktop.

1. To view the entire AFS file system, double-click the AFS icon that is installed on your desktop as part of the Stanford OpenAFS installation.
   
   
   
   
2. The AFS root , which contains aliases to folders for the AFS file system and Stanford's AFS file system, is displayed.
   
   
   

Mount AFS Path

1. To mount a volume using a specific AFS path, select AFS Path from the Mount Volume belonging to drop-down list box and then enter the full path in the adjacent box (examples: enter /afs/ir.stanford.edu/dept/chemistry to mount the volume for the chemistry department; enter /afs/ir.stanford.edu/users/j/d/jdoe to mount John Doe's home directory).
   
   
2. Click Mount.
   
   
   
   
3. An alias to the AFS folder will mount on your desktop.

Disconnect a Mounted Volume

1. Click the Currently mounted volumes drop-down list box.
   
   
2. Select the volume that you want to disconnect and then click the Unmount button.
   
   

Remount a Previously Mounted Volume

1. Click the Previous mounted volumes drop-down list box. Up to 10 of the most recently mounted drives are displayed.
   
   
2. Select the drive that you want to remount and then click the Mount button.
   
   

::top of page

---

Managing PTS Groups

Note: This utility can be used to create and manage personally defined pts groups. Groups created by the system administrators to manage group and department AFS folders cannot be managed through this utility.

A pts group is a list of specific users that you can place on access control lists (ACLs). It provides a way to give permissions to a set of folders to many people.

You own all the files and folders in your account, and you can determine who gets access to your files. You can create your own groups of people, and then give them permissions to your files. When you create a pts group, you automatically become its owner. Only the owner of a group can add members, remove members, or delete the group entirely.

In AFS, permissions are set by folder, not by file. Every file in a folder has the same permission. New sub-folders inherit the permissions of their parent folders. An ACL can have up to twenty entries, but a pts group, regardless of the number of people in it, only counts as one entry. There is no restriction on the number of members in a pts group.

See AFS at Stanford: Setting Permissions with a Macintosh for more information.

Open the Manage PTS Groups Utility

1. If you have Stanford Desktop Tools installed, right-click (or Control + Click if using a single-button mouse) the Stanford Desktop Tools icon ( )in the dock. In the popup menu, click Manage PTS Groups.
   
   
2. If you do not have Stanford Desktop Tools installed, open Stanford OpenAFS. On the File menu, click Manage PTS Groups.
   
   

Create a PTS Group

1. In the PTS Group box, enter a name for your group and then click the Create Group button.
   
   
   
   
   

Add a Member to a PTS Group

1. To add a member to a group, select the group by clicking it in the My Groups column.
   
   
2. In the SUNet ID box, enter the Sunet ID of the person you want to add to the group. (This must be their true SUNet ID, not an alias)
   
   
3. Click the Add to Group button. The SUNet ID of the person added will appear in the Group Members column.
   
   
   
   

Remove a Member from a PTS Group

1. To remove a member from a group, select the group by clicking it in the My Groups column.
   
   
2. In the Group Members column, click the member you wish to remove.
   
   
3. Click the Remove Member button.
   
   
   
   
4. Click Yes to remove the member from the group.
   
   
   
   

Delete a PTS Group

1. Select the group you want to delete by clicking it in the My Groups column.
   
   
2. Click the Delete Group button.
   
   
   
   
3. Click Yes to delete the pts group.
   
   
   
   

Add a PTS Group to an AFS Access Control List (ACL)

1. In Stanford OpenAFS, mount the volume that contains the folder for which you want to add a pts group to the access control list. If the volume is already mounted, use an open Finder window to navigate to it
   
   
2. Right-click the folder and select AFS > Access Control List.
   
   
   
   
3. When the access control list for the folder is displayed, click Add.
   
   
   
   
4. Enter the following information for the pts group:
   • Name: enter the name of the pts group you want to add to the access control list. The name must start with your SUNet ID and a colon.
   • Entry Type: choose Normal to add permissions; choose Negative to remove permissions for someone who would otherwise have rights due to an entry in the Normal list, e.g., to deny privileges to an individual who is in a group that appears in the Normal list.
   • Permissions: check the boxes for the permissions you want to grant to the members of the pts group.
     
     
   Note: See AFS at Stanford: The Access Control List (ACL) for description of each permission.
   
   
   
   
5. Click Save to save your permissions and close the dialog box.
   
   
6. The name of the pts group will now appear in the access control list. Close the window.
   
   

Troubleshooting

Please see the Frequently Asked Questions for more information.

If you encounter problems or need assistance, please submit a HelpSU request.