Access Keys:
Skip to content (Access Key - 0)

Q: How do I change permissions in AFS?

Permissions in AFS are controlled on a per-directory basis, not a per-file basis. You cannot, therefore, make only one file in your home directory readable by your friend without exposing the entire top level of your home directory. For more detailed information, see How do permissions work in AFS?

Changing permissions recursively
This article will help you understand how to change permissions on a single directory in AFS. If you need to change permissions on a directory and all of its sub-directories, see How do I change AFS permissions for all subdirectories of a directory (recursively)?

Methods:

Nautilus Folder Properties

As of Spring 2013, you can now edit AFS permissions through the "Nautilus" file manager.

  1. Simply right-click on any folder, and choose Properties. (If you're currently viewing the contents of a folder, you may right-click anywhere in the window itself, and choose Properties).
  2. Click on the AFS Permissions tab.
  3. Click the Add button to bring up the Add an entry dialog box.
  4. You can enter a username in the text box, or enter a group name and check the "This is a Moira group" box. Or you can click the drop-down menu to choose several common entities. You can then choose from several predefined "Access" modes, or specify a combination of properties manually.
  5. The Edit button functions like the Add button, but only allows you to change access rights. To change the entity associated with those rights, you will need to select them and click Remove, and then add the new entity.
Note: Changing AFS permissions through the "Nautilus" file manager affects only the selected directory.

The Command Line

Changing permissions is accomplished through the following command:

joeuser@athena:~$ fs sa directory entity modes

  
Note: Be sure to fill in the correct information for directory and entity and modes.
  • directory is any directory in AFS
  • entity is an Athena username or a group (see below for group permissions)
  • modes is one of read, write, all, or none
  • The permissions are as follows:
    • none - No permission (i.e. remove previous permissions)
    • read - Permission to read files
    • write - Permission to read and write files
    • all - Permission to read, write, and change access of files
  • Groups must be specified in the form
    system:<name of group>
    

    For example, if the moira list happy-students@mit.edu exists and is an AFS group, you would specify that as:

    system:happy-students
    

    Note that there are two special groups:

    • system:anyuser - Any user, anywhere in the world. Including via the web. Use with care, as this could mean information in that directory gets indexed and cached on Google or other search engines. NEVER assign "write" privileges to system:anyuser, your directory will almost immediately get abused by spammers and you will likely lose data.
    • system:authuser - Anyone with an Athena account

Some examples:

  • To set the current directory writable by joeuser:
    fs sa . joeuser write
    
  • To set the "18.01" sub-directory of your home directory readable by the group "my-18.01-friends":
    fs sa \~/18.01 system:my-18.01-friends read
    
  • To set the top level "happyfunclub" locker readable by MIT users only (assuming you administer that locker):
    fs sa /mit/happyfunclub system:authuser read
    
Note: Changing AFS permissions on the command line using the fs command affects only the specified directory.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

July 29, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
olc-afs olc-afs Delete
afs afs Delete
permissions permissions Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki