Next: Accessing Files Permitted to
Up: Sharing Files on RCS
Previous: File Security
Subsections
Understanding File Permissions
Because the Rensselaer Computing System uses AFS, this
means that RCS' file permission scheme is a little
different from those on UNIX systems that do not use AFS.
Specifically, rather than setting access controls on individual files, AFS
requires you to set your controls on the directory level, and as a result,
files which require the same set of access controls should be placed in the
same directory. Every directory has an
access control list, or ACL,
and you can use these these ACLs to grant access rights to other users.
AFS allows for seven specific access rights to be set up, and you can use
these ACLs to grant access to individuals or groups. There are two
distinct groups of rights: directory and file rights.
These rights apply to the directory itself. For example, if only the insert
right has been granted for your userID, you cannot insert text directly into
a specific file, but you can create (or insert) files in that
particular directory.
- lookup (l) -- Allows you to issue the ls command, examine
the ACL for the directory, and access the directory's subdirectories (which are
protected by their own ACLs). Users must have the lookup right before they
can access files or directories.
- insert (i) -- Allows users to add new files to the directory (by
creating or copying) and gives them permission to create subdirectories, but
they cannot change any existing files. The user who creates any new files
will own them, and only they can change their chmod permissions.
- delete (d) -- Allows you to delete files from the directory.
- administer (a) -- Allows you to set the ACL for that directory.
Users always have this right on any directory that they own, even if his or
her right has been removed from the directory's ACL.
These rights apply to individual files within a directory.
- read (r) -- Allows you to read the contents of a file
- write (w) -- Allows you to change the contents of a file
- lock (k) -- Allows you to run programs that must ``lock" files
in that directory. (For example, certain database programs may need to lock
files to prevent more than one person from writing to the same file at the
same time.)
Note that, even though other users can list the names of the files in your
home directory, you are the only one who can actually read them and any
files in subdirectories under it, except for those you
specifically make ``public."
Your public directory gives all users the ability to list names of files
(lookup) and read and copy them; the private directory gives others no
file permissions at all, and other users can't even list file names.
Note that you may combine these file and directory access rights (rlidwka)
in different ways, in a sort of ``shorthand" form. The shorthand for
the four most common combinations appears below.
(For example, instead of typing out rlidwk when you grant a user
permisssion to a directory, you can just use the word write.)
| Shortcut |
Rights |
Description/Action |
| write |
rlidwk |
Provides all rights except administer |
| read |
rl |
Provides read and lookup rights |
| all |
rlidwka |
Provides all rights, including administer |
| none |
no rights |
Removes user from the ACL entry |
Next: Accessing Files Permitted to
Up: Sharing Files on RCS
Previous: File Security
Send comments to consult@rpi.edu.