Changing AFS permissions
Permissions in AFS are controlled on a per-directory basis, not a
per-file basis. You cannot, therefore, make only one file in your
home directory readable by your friend without exposing the entire
toplevel of your homedirectory. For more information, see "How AFS
Permissions work" in this category, or "Sharing files with other users".
Changing permissions is accomplished through the following command:
athena% fs sa <directory> <user or group> <modes>
where <directory> is a directory in AFS, <user or group> is an MIT
username or a group (see below), and <modes> can simply be one of the
following:
none No permission (ie: remove previous permissions)
read Permission to read files
write Permission to read and write files
all Permission to read, write, and *change access*
Groups must be specified in the form
system:<name of group>
For example, if the moira list happy-students@mit.edu exists and is an
AFS group, you would specify that as:
system:happy-students
Note that there are two special groups:
system:anyuser - Any user, anywhere in the world. Including via the web.
Use with care, as this could mean information in that
directory gets indexed and cached on Google or other
search engines.
NEVER assign "write" privileges to system:anyuser,
your directory will almost immediately get abused
by spammers and you will likely lose data.
system:authuser - Any user who can authenticate to the Athena afs cell
(ie: people with Athena accounts)
Some examples:
To set the current directory writable by joeuser:
fs sa . joeuser write
To set the "18.01" subdirectory of your homedirectory readable by the
group "my-18.01-friends":
fs sa ~/18.01 system:my-18.01-friends read
To set the top level "happyfunclub" locker readable by MIT users only
(assuming you administer that locker):
fs sa /mit/happyfunclub system:authuser read
$Date: 2008/07/03 20:04:47 $
|
