Skip to content Skip to site navigation

Why AFS?

To increase security and reduce risk, Stanford is sunsetting its AFS service for web hosting and file storage. While you can still access AFS using your valid Stanford SUNetID, there are more secure web hosting platforms and document management solutions to which you should transition.

To reduce the use of AFS, UIT has taken these actions:

  • UIT no longer automatically provisions new faculty and staff members with AFS user volumes. New faculty or staff who need a personal user volume must submit a Help request.
    • This change does not impact existing AFS directories or the process for adding permissions for new individuals to those existing directories. Your existing space and everything in it remains intact.
    • This change does not impact auto-provisioning of new AFS user volumes for students and postdocs.

    See New Process for Provisioning AFS User Volumes for more information.

  • All user, dept, and group AFS volumes must be renewed annually or they will be locked, archived, and permanently deleted as detailed in the AFS Volume Expiration Policy.

Advantages of AFS

  • Better Networking Performance: AFS was designed for larger networks so it's faster and more efficient. Under AFS, files are maintained by a central server. Client machines cache files they access to the local disk. If a client machine updates a file, it updates a local copy and sends the update to the server. In contrast, other file systems (such as NFS), require that filing systems be synchronized; this is not feasible across a large network connected by routers, like Stanford's. And while many other filing systems work well on small and medium size networks, most are not suited for a large network like Stanford's.

  • User Authentication: AFS authenticates users, not machines. This allows people with an AFS account to access their account files from any machine that mounts the AFS filing system, such as those in the Terman cluster.

  • Global File System: Each institution that uses AFS and is connected to the Internet most likely has a cell. Check under the directory /afs/ for the file system of other institutions. For instance, you can access the Macintosh archive at the University of Michigan by changing directory to /afs/, thus eliminating the need to FTP public files on a remote AFS server.

  • Easier Administration: Since AFS is a distributed system, administrators can focus on servers instead of client machines because client machines get all their information from the servers anyway. This makes updating and maintaining software much easier.

  • File Permissions: AFS allows greater control over the file permissions of one's directories. Individuals can grant privileges to individuals or user-created groups. This is ideal for group projects. AFS users need to learn a new set of commands and file permissions that are different from those they may have used in NFS. One important distinction: AFS does not support file-based permissions; AFS permissions only apply to directories (though Unix file permissions still exist for files). AFS permissions are covered in the Setting Permissions section.

  • Backups: Each night, the AFS server creates a backup of your account which you can access. This sometimes allows you to undelete files you accidently deleted or overwrote.

  • And last but not least, Security: AFS combined with Kerberos offers excellent security because it authenticates users and jobs, not machines (this reduces the possibility of IP spoofing). It also offers encryption through Kerberos, thus helping to reduce the chances of someone sniffing your password out of packets.

Disadvantages of AFS

  • AFS does not use Unix file semantics: it only supports directory permissions. This may confuse people accustomed to the standard Unix chmod permission sets. However, you will soon find that typing fs setacl ~/Public system:anyuser rl is as easy as typing chmod 755 ~/Public.

  • Authentication may cause problems: The need to authenticate everything and everyone may sometimes cause problems for people who have no idea how to handle authentication. Hopefully, this will change as security becomes a bigger issue and people realize the need for more authentication.

  • Certain special files used in standard Unix are not supported in AFS. Examples include hard links and device files.

  • AFS requires annual renewal. See message at top of page.

  • Stanford is sunsetting AFS service as a web and file-sharing platform. See message at top of page. For alternatives, see Web Hosting OptionsDocument Management, and Storage Recommendations.

Last modified March 2, 2022