MIT

Web Guide is no longer being maintained and the information on this page may be out of date. For assistance with managing course materials, please visit MIT's Stellar course management system.

Academic Web Page Creation Guide


Publishing Your Pages > Using an Athena Course Locker > Controlling Access to Athena Lockers

Controlling Access to Athena Lockers

Note: The following information applies to Web sites which are world-readable (i.e., whose contents can be viewed from any Web browser). Information on other access options is covered in Restricting Access to Your Site.

On this page:

Access to Browse Your Web Site

Standard Configuration: World-readable

New course lockers include a www directory with access permissions preconfigured so that files placed inside www can be viewed from any Web browser, but if you inherited an older locker or wish to house your Web site in a different directory than www, you may need to adjust access permissions as described below. Note that Section 7 of MIT's Student Information Policy stipulates that some types of information on course Web pages must be restricted to use by the staff and students of that class only; if this applies to any of your materials, see the section on Restricting Access to Your Site.

To make Web pages accessible to all Web browsers, the files must be world-readable. On Athena, this means two things:

Checking Access Settings (ACLS) on Directories

To check the access permissions on a directory, the command is fs la (file server, list ACL). You can specify the path, as follows, or omit the path for the current directory:
    athena% fs la path
This displays the ACL (Access Control List) for the specified directory. For example, a new course locker will look something like the following. On the top level, system:anyuser has list access (l at the end of the line):
    athena% fs la /mit/29.123
    Access list for /mit/29.123 is
    Normal rights:
    system:expunge ld
    system:29.123 rlidwka
    system:facdev rlidwka
    system:authuser rl
    system:anyuser l
    jqprof rlidwka
On the www directory, system:anyuser has read access (rl at the end of the line)
    athena% fs la /mit/29.123/www
    Normal rights:
    system:expunge ld
    system:29.123 rlidwka
    system:facdev rlidwka
    system:authuser rl
    system:anyuser rl
    jqprof rlidwka
(The other entries are explained in the Default Access Settings for Course Lockers section, below.)

Changing ACLs

To change the access permissions, the command is:
    athena% fs sa path user-or-group access
where access specifies the access-level, such as rl for read access, or l for list access. For example, to give system:anyuser list access to the top-level of the 29.123 course locker:
    athena% fs sa /mit/29.123 system:anyuser l
To give system:anyuser read access to the Web site (in the www directory):
    athena% fs sa /mit/29.123/www system:anyuser rl

Common Reconfigurations

Access to Modify Your Site

Administrative Group for a Course Locker

By default, each course locker has associated with it an "administrative group" which usually consists of the faculty and TAs for the class. The locker is set up to give administrative privileges to this group, which means that each member of the administrative group has full write access to the locker, as well as permissions to modify the group membership. This makes it easy to change who has administrative privileges on the locker: you simply add new teaching staff to the group, or remove old staff from it, rather than modifying the ACL on each directory in the locker.

You can modify the membership of the administrative group either via the web, or by logging onto Athena.

Default Access Settings for Course Lockers

Note that while MIT's Student Information Policy has specific language about restricting Web pages, it may also be necessary to restrict other areas of your locker if you have sensitive materials, to prevent unwanted access via Athena or AFS mroe generally; feel free to contact us if you have questions.

When the course locker is created, it is set up with administrative access for the locker's owner (usually the faculty member who requested the locker), the locker's administrative group, and a group named facdev (which consists of the Faculty Liaison staff). The other settings on the default ACL give any user logged onto Athena read-only access to the locker, give list-only access for other users (in particular, for Web browsers) and give the Athena system access to remove old files marked for deletion (the group expunge has delete access).

Here is an example of the default ACL on a course locker's top level:

    athena% fs la /mit/29.123
    Access list for /mit/29.123 is
    Normal rights:
    system:expunge ld              |  delete access for expunge process        
    system:29.123 rlidwka          |  admin access for 29.123 (locker's admin. group)
    system:facdev rlidwka          |  admin access for facdev (group of Faculty Liaisons)
    system:authuser rl             |  read access for Athena users
    system:anyuser l               |  list access for all users
    jqprof rlidwka                 |  admin access for jqprof (locker owner)

A few basic facts about ACLs:

If you wish to set your access permissions differently from the default, or if you inherited an old locker which needs different settings, feel free to contact the Faculty Liaisons for help. For more information on how ACLs work and how to modify them, see Access Control in the Course Locker Maintenance Guide.

Student Project Space and Other Limited Write Access to a Course Locker

Some course instructors wish to give students write access to space in the course locker for projects or other purposes. In general, it is best to do this by creating student groups, and giving them write access to limited areas of the course locker. This way you can easily add and remove access for each student by modifying the group membership. This ensures that they don't have write access to all of the files in the course locker. The Faculty Liaisons will help you set this up, and can also advise you on disk space needs (for projects requiring extra space, we can make a temporary extra allocation in addition to the course locker quota).