AFS @ PSI
In short an AFS file system allows you to access your files from anywhere in the world in a secure manner.
At PSI AFS can be accessed by each AIT-supported operating system. Central AFS file servers provide storage for the users home, group and project directories. The AFS cell at PSI can be securely accessed world wide, using the corresponding client software.
Installation of an AFS client
If you do not have a standard PSI System you will need to install an AFS client for yourself. Since this is a task which depends strongly on the operating system for RedHat and macOS you are referred to the Auristor client installers. For Windows you can download the installer from HERE. For other linux distributions then RedHat install the OpenAFS client shipped with the OS. We advise that you always install the latest client version on your computer.
For the Authentication setting see KerberosAuthenticationEN
Home Directories in AFS
- Each user has a unique homedirectory with an initial total file size quota of 500 MB.
- This directory is globally accessible. On all machines with an installed AFS client the home directory is /afs/psi.ch/user/U/USERNAME where U is the first character of USERNAME.
- Centralized daily backup of data to tape is provided. In addition you can always access the state of the home-directory from the previous day, which exists as a snapshot in the directory Backup in your home-directory. Thus you can easily recover accidentally modified or deleted files from the state of the previous day without operator intervention by just copying the file back with the normal cp command. Note that this Backup directory is occupying essentially no disk-space and is not counted against your quota. Therefore don't try to delete it.
- Near local harddisk performance for reading: data is locally cached in a dedicated cache file on your desktop computer. Therefore after the initial access all subsequent access to the same file will be very fast.
- Fine grained access control to the data. AFS gives you much more control of who can access your data in which way compared to the normal unix user/group/world access control. In particular you can define which user or group has read/write/lookup/modify etc access rights by creating so called access control lists ACL. Each user can even create his own group definitions. This is especially useful for group-work, e.g. in connection with the web pages of a project. For some examples see below.
- Better security since access control is based on a kerberos server with strong authentication. The default access rights to your directory is:
only you and the AFS administrator has full access to the data. All other users have only lookup rights, i.e. they can see filenames, but not the contents of the files.
- There are two predefined directories named public and private. All files in the public folder are visible and readable from any user, but can not be modified. All files in the private folder are completely invisible to the other users, i.e. even no lookup rights exist.
| || ||The user |
| || ||Any user can see and read the files in this directory.|
| || ||Nobody except the user can see and change files.|
| || ||Backup of previous day.|
Projects Directories in AFS
| || ||All project administrators must be member of the group |