Q: How do I change permissions in AFS?
Permissions in AFS are controlled on a per-directory basis, not a per-file basis. You cannot, therefore, make only one file in your home directory readable by your friend without exposing the entire top level of your home directory. For more detailed information, see How do permissions work in AFS?
Changing permissions recursively This article will help you understand how to change permissions on a single directory in AFS. If you need to change permissions on a directory and all of its sub-directories, see How do I change AFS permissions for all subdirectories of a directory (recursively)? |
Methods:
Nautilus Folder Properties
As of Spring 2013, you can now edit AFS permissions through the "Nautilus" file manager.
- Simply right-click on any folder, and choose Properties. (If you're currently viewing the contents of a folder, you may right-click anywhere in the window itself, and choose Properties).
- Click on the AFS Permissions tab.
- Click the Add button to bring up the Add an entry dialog box.
- You can enter a username in the text box, or enter a group name and check the "This is a Moira group" box. Or you can click the drop-down menu to choose several common entities. You can then choose from several predefined "Access" modes, or specify a combination of properties manually.
- The Edit button functions like the Add button, but only allows you to change access rights. To change the entity associated with those rights, you will need to select them and click Remove, and then add the new entity.
Note: Changing AFS permissions through the "Nautilus" file manager affects only the selected directory. |
The Command Line
Changing permissions is accomplished through the following command:
joeuser@athena:~$ fs sa directory entity modes
Note: Be sure to fill in the correct information for directory and entity and modes.
- directory is any directory in AFS
- entity is an Athena username or a group (see below for group permissions)
- modes is one of read, write, all, or none
- The permissions are as follows:
- none - No permission (i.e. remove previous permissions)
- read - Permission to read files
- write - Permission to read and write files
- all - Permission to read, write, and change access of files
- Groups must be specified in the form
system:<name of group>
For example, if the moira list happy-students@mit.edu exists and is an AFS group, you would specify that as:
system:happy-students
Note that there are two special groups:
- system:anyuser - Any user, anywhere in the world. Including via the web. Use with care, as this could mean information in that directory gets indexed and cached on Google or other search engines. NEVER assign "write" privileges to system:anyuser, your directory will almost immediately get abused by spammers and you will likely lose data.
- system:authuser - Anyone with an Athena account
- system:anyuser - Any user, anywhere in the world. Including via the web. Use with care, as this could mean information in that directory gets indexed and cached on Google or other search engines. NEVER assign "write" privileges to system:anyuser, your directory will almost immediately get abused by spammers and you will likely lose data.
Some examples:
- To set the current directory writable by joeuser:
fs sa . joeuser write
- To set the "18.01" sub-directory of your home directory readable by the group "my-18.01-friends":
fs sa \~/18.01 system:my-18.01-friends read
- To set the top level "happyfunclub" locker readable by MIT users only (assuming you administer that locker):
fs sa /mit/happyfunclub system:authuser read
Note: Changing AFS permissions on the command line using the fs command affects only the specified directory. |