next up previous contents
Next: Accessing Files Permitted to Up: Sharing Files on RCS Previous: File Security


Understanding File Permissions

Because the Rensselaer Computing System uses AFS, this means that RCS' file permission scheme is a little different from those on UNIX systems that do not use AFS. Specifically, rather than setting access controls on individual files, AFS requires you to set your controls on the directory level, and as a result, files which require the same set of access controls should be placed in the same directory. Every directory has an     access control list, or ACL, and you can use these these ACLs to grant access rights to other users.    

AFS allows for seven specific access rights to be set up, and you can use these ACLs to grant access to individuals or groups. There are two distinct groups of rights: directory and file rights.

Directory Rights (lookup, insert, delete, administer)

These rights apply to the directory itself. For example, if only the insert right has been granted for your userID, you cannot insert text directly into a specific file, but you can create (or insert) files in that particular directory.

File Rights (read, write, lock)

These rights apply to individual files within a directory. Note that, even though other users can list the names of the files in your home directory, you are the only one who can actually read them and any files in subdirectories under it, except for those you specifically make ``public." Your public directory gives all users the ability to list names of files (lookup) and read and copy them; the private directory gives others no file permissions at all, and other users can't even list file names.



Note that you may combine these file and directory access rights (rlidwka) in different ways, in a sort of ``shorthand" form. The shorthand for the four most common combinations appears below.   (For example, instead of typing out rlidwk when you grant a user permisssion to a directory, you can just use the word write.)

Shortcut Rights Description/Action
write rlidwk Provides all rights except administer
read rl Provides read and lookup rights
all rlidwka Provides all rights, including administer
none no rights Removes user from the ACL entry

next up previous contents
Next: Accessing Files Permitted to Up: Sharing Files on RCS Previous: File Security
Send comments to