Skip to content Accesskey=4Skip to sub-navigation Accesskey=3View our Accessibility Options MIT Information Systems Home About IS&T Contact IS&T Site Map Search Advanced Search
Getting StartedGetting Services by Topic or Alphabetically Getting Help

On This Page

[Help]

  

Quick Links

Top Level
Related Links

Ask OLC a question

Athena Consulting Homepage

Helpdesk Stock Answers (for Mac/PC questions)

Making a file accessible/inaccessible

How do I make individual files accessible or inaccessible?
----------------------------------------------------------

Unlike NFS, where individual files may be readable and writable by
everyone, a group of people, or only you, AFS only allows you to set
permissions for entire directories at a time.  AFS does not directly
allow you to protect certain files in a directory while allowing access
to others, and vice versa.  However, it is possible to make files appear
in a public directory without actually making the files accessible.
This might be necessary for programs which rely on a file to be in a
certain (public) location, whose contents you do not wish to be known.
In order to do this, you must create what is known as a "link".  A link
is the same as a pointer.  In other words, if a file is a link, then the
file isn't really there; rather, the link "points to" where the file
really is.  So, for example, if one were to make a link called "log" to
the file /usr/tmp/log, then typing "more log" would actually display the
contents of /usr/tmp/log.  However, the file itself is not really in the
current directory, the link just redirects you to the /usr/tmp
directory.  (For more information on links, type "man ln" at the athena%
prompt.)

Suppose a link is created in directory A to a file in directory B.  In
order to read the contents of this file, the user must have the "read"
permissions in directory B as well as A.  If he has read access to
directory A but not B, then even though he can read other files in
directory A, he will not be able to read the one which is a link to a
file in directory B.

To protect a file in a directory with read permissions set for anyone,
you need to move it to a private directory, and then make a link from
the original directory to the private one.  For example, to make a file
inaccessible in the Public directory, you would type the following
commands from your athena% prompt:

	cd
	mv  ~/Public/filename  ~/Private
	ln  -s  ~/Private/filename  ~/Public

Now, "filename" will appear in the Public directory, but will actually
be in the Private directory.  To the owner, no change will be evident;
however, to other users, the file is now inaccessible.

On the other side of the coin, to make an individual file readable in
your home directory (which, by default, is lookup-only), you would
type these commands:

	cd
	mv filename ~/Public
	ln -s ~/Public/filename

Now, "filename" will appear in your home directory, and its contents can
be read, while other files remain unaccessible.

For more information about permissions of files and directories under
AFS, type:

	help  afs

at your athena% prompt.

MIT Home | Getting Started | Getting Services | Getting Help | About IS&T | Accessibility
Ask a technology question or send a comment about this web page.