Next: Getting Help Up: Sharing Files on RCS Previous: Using the chmod Command

Working With Groups

AFS also allows you to create groups, or defined lists of users on which you can place an ACL, for easy filesharing among several people. For example, if you're working on a project with a group of Rensselaer colleagues, you can place all of their Rensselaer userIDs in a group, and then grant or deny them the same directory access rights all at the same time. This saves you the trouble of having to change each group member's ACL entry individually. If you wish, you can use a group for your own convenience, without telling people that they are in a group. In this way, you can control the group's access to files in a directory, and the other users only know that they can or cannot access certain files. However, users can always list group members. On the other hand, you can also create a group and then inform its members that you have included them in that group. In turn, the group members can add the group's name to their own ACLs to allow all the group members file access. However, if you are in a group that someone else has created, and you have added the group to an ACL, you should know that the group's owner can add other people to the group without informing you. These new group members will automatically have the same access to your files that the other group members do. When you create a group, you are the owner, and this means that only you can administer the group; that is, you are the only one who can add or remove members, rename or delete the group, etc. However, anyone can see that a group exists, since it will appear in the ACL whenever they issue an fs la command. (By default, anyone can list the members of a group.) More information about groups and protecting group information follows. To use a group, you must:

1.: create a group
2.: assign members to the group
3.: set an ACL entry for the group

Creating a Group

In order to work with a group, the first thing you need to do is create one. Most of the group-related commands use the pts command, which tells AFS to use the protection server to check directory access permitted to group members. As an example, suppose you want to create a group with your project team members in it. The basic command format to use is:
$\begin{alltt} {\bf pts creategroup}{\it yourid:groupname} \end{alltt}$
where

yourid refers to your own Rensselaer userID
groupname refers to the name you wish to give the group

As a general rule, group names have two parts, separated by a colon, with the first part containing the owner's name, and the second part containing the group's name. All letters must be lowercase; you can include numbers and punctuation, except for the colon. The total name (userID and group name) may contain as many as 63 characters. As an example, suppose your own userid is doej2. To create a group called doej2:team, you would enter the pts command shown below:
$\begin{alltt} {\bf pts creategroup doej2:team} {\tt group doej2:team has id -300} \end{alltt}$
Each group is assigned an id-number.

Adding Users to a Group

It's important to note that a newly-created group is empty, so, once you have created a group, your next step is to add users to it. To add users to a group, use the following command format:
$\begin{alltt} {\bf pts adduser -user}{\it userid1 userid2 userid3}{\bf -group}{\it yourid:groupname} \end{alltt}$
where

useridi1, userid2, and userid3 refer to the Rensselaer userIDs of the users you want to add to the group
yourid refers to your own Rensselaer userID
groupname refers to the name of the group to which you want to add members

As an example, to add three members to the group team, you would enter the following command:
$\begin{alltt} {\bf pts adduser -user ramabz healyj tartom -group doej2:team} \end{alltt}$

Setting an ACL Entry for a Group

Setting the ACL entry for a group gives the members specified access to the files in that directory. The command for setting a group ACL entry, which is very similar to that for an individual user, uses the following format:
$\begin{alltt} {\bf fs sa}{\it directory yourid:groupname rights} \end{alltt}$
where

directory refers to the directory to which you want to give the group access
yourid refers to your own Rensselaer userID
groupname refers to the name of the group
rights may consist of any combination (or shortcut) of rlidwka access rights

For example, to give the group team write access to the math directory, first make sure you're in math's parent directory, and then issue the following command:
$\begin{alltt} {\bf fs sa math doej2:team write} \end{alltt}$
You can then use the following fs la command to check the results:
$\begin{alltt} {\bf fs la math} {\tt Access list for math is Normal rights: doej2:team rlidwk system:anyuser rl doej2 rlidwka} \end{alltt}$

Listing Group Members

To list group members, use the following command format:
$\begin{alltt} {\bf pts membership}{\it yourid:groupname} \end{alltt}$
If you wish, you may use the abbreviation mem instead of membership. For example, to see the members of doej2:team, enter the following command:
$\begin{alltt} {\bf pts mem doej2:team} {\tt Members of doej2:team (id: -300) are: ramabz healyj tartom} \end{alltt}$

Listing the Groups to Which You Belong

To see a list of the groups to which you belong, use the following command format:
$\begin{alltt} {\bf pts mem}{\it yourid} \end{alltt}$

Example:
$\begin{alltt} {\bf pts mem ramabz} {\tt Groups ramabz (id: 00060) is a member of: doej2:team doej2:dept its:consultants healyj:neatstuff} \end{alltt}$

In addition to the groups listed, you are always a member of system:anyuser and, if you are logged on, a member of system:authuser.

Removing a User From a Group

To remove a user from a group, use the following command format:

$\begin{alltt} {\bf pts removeuser -user}{\it userid}{\it yourid:groupname} \end{alltt}$

If you want to remove a person from more than one group, add the -group option just after the userID of the person you want to remove, and add other group names to the end of the command. Examples: To remove the member ramabz from the group team:

$\begin{alltt} {\bf pts removeuser -user ramabz doej2:team} \end{alltt}$

To remove the member ramabz from the groups team and dept:

: pts removeuser -user ramabz -group doej2:team doej2:dept

Removing a Group

Removing a group requires two separate actions: you must first delete the group, and then remove its ACL reference. To delete a group, use the following command format:
$\begin{alltt} {\bf pts delete}{\it yourid:groupname} \end{alltt}$
To then remove the group's ACL reference:
$\begin{alltt} {\bf fs cleanacl}{\it directory} \end{alltt}$
where directory refers to the directory containing the ACL from which you want to remove the group. The system will automatically show you an updated ACL for the directory. For example, to delete the group doej2:team, you would enter the command:
$\begin{alltt} {\bf pts delete doej2:team} \end{alltt}$

To then remove the group from the math directory's ACL:
$\begin{alltt} {\bf fs cleanacl math} \end{alltt}$
The system will then show you an updated ACL like this:
$\begin{alltt} {\tt Access list for math is now Normal rights: doej2 rlidwka} \end{alltt}$

Next: Getting Help Up: Sharing Files on RCS Previous: Using the chmod Command

Send comments to consult@rpi.edu.