How do I control access to my AFS files?
Last updated: July 31st, 2013 04:42 PM
An ACL has two parts: a user or group name and the access control rights. The user/group name and the "rights" are separated by a space. The seven access rights are indicated by letters or, alternatively, one of four "shorthand" words used to represent more frequently used subsets of these rights:
Access Control Rights Shorthand Notation r: read d: delete read = rl l: lookup w: write write = rlidwk i: insert k: lock all = rlidwka a: administer none = removes entry
The AFS command used to set and modify ACLs is the "fs" command. Limited help is available on the man page for this command. A synopsis of these commands may be displayed by typing "fs -help", "fs listacl -help", and "fs setacl -help".
- List ACL for current working directory:
- List ACL for the directory dir:
fs listacl dir
- Give user john all rights to dir:
fs setacl dir john all
- Revoke all rights to group system:anyuser (The following command should be used when creating a new mail directory.):
fs setacl Mail system:anyuser none
- Provide user john with write access and user jane with read access to all files in the current working directory:
fs setacl . john write jane read (or fs setacl . john rlidwk jane rl)