File Permissions Help Page

Subject: Setting File and Directory Permission on Your RCS Account

Software Category: system
Supported by: Academic Computing Services

Description:

The Rensselaer Computing System (RCS) uses AFS (formerly called the Andrew File System), which acts like most UNIX file systems, except that it makes it easier to share files with others - both on campus and at other sites that use AFS.

You can share files with others, or keep others from using your files by grouping the files into directories and granting specific kinds of access to the directories. For example, you can set up a directory so that others can only read the files in it, or you can set up a directory so that others can read and edit the files in it.

The commands explained here will work on any RCS system, including remote access, at a UNIX prompt. If you are on a workstation, you will need to open a UNIX window.

Knowledge of some basic UNIX commands, such as cd and ls are useful in some cases.

Getting Started:

Unlike standard UNIX file permissions, AFS uses Access Control Lists (ACLs) to control permissions on a directory and the files in that directory.

By using ACLs, you might also define an ACL that lets two people read and modify files in a directory, and lets a third person just read them. Since ACLs are defined for directories rather than files, the permissions specified by a directory's ACL affect all the files in that directory rather than affecting individual files.

To find out what permissions are currently set for a directory, issue the following command at a UNIX prompt:

fs la

For example:

      fs la
      Access list for /home/60/ramabz is
      Normal rights:
        system:anyuser l
        ramabz rlidwka

The file permissions are:

read (r): Look at what is in the files in that directory. They can also make copies of the files for themselves.
list (l): List, or look at the names of, the files in the directory. Users must have list permissions on a directory to cd (change directory) to that directory or access its subdirectories.
insert (i): Add new files to a directory. This does not permit them to change any existing files. The newly created files will be owned by the person who created them, and only that person can change the chmod permissions on that file.
delete (d): Remove files from a directory.
write (w): Modify the files in a directory.
lock (k): Lock files using the flock() system call.
administer (a): Change the Access Control List for that directory. This means that they could remove your access privileges to your own directories. This permission should be used with great care.

To give someone permission to access a directory, use the following command syntax at a UNIX prompt:

fs setacl directory userid access-rights

where

directory: is the name of the directory in which you want to add someone to the ACL
userid: is the Rensselaer userid of the person you want to add to the ACL
access-rights: is any combination of the seven access privileges (rlidwka) or a shortcut, as described earlier.

For example, to give user ramabz read access to a directory, named math in your account you would issue the command:

fs setacl math ramabz rl

Documentation:

Please refer to Memo RPI.114, Sharing Files in RCS UNIX, for more information. There is also a man page called access (man access).

Tips and Hints:

Your home directory contains two subdirectories, one named public and the other named private. You can simply put files in these directories to either share them or keep them private. Any file in your public directory can be read by anyone on campus or at related sites using AFS. No one can edit these files. Any file in your private directory can be viewed by you only.

You can use fs sa as a shortcut for fs setacl

There are also some shortcut commands you can use in place of specifying rlidwka. They are:

write: rlidwk: all rights except administer
read: rl: read and lookup rights
all: rlidwka: all rights
none

remove user from the ACL entry

Go to the Help Desk Consulting homepage.

Return to the Accounts page.

Return to ACS home page.

Please send comments and suggestions to consult@rpi.edu