Access Control List Rights

The AFS allows users to store and share files on the University system. It also controls access to these files and maintains security. The default settings on your account limit the visibility and usability of files in your home directory to yourself and the system administrators. The administrators’ only interests in your files are security and maintenance; they will not access or edit your files without your knowledge.

It may be convenient when working on group projects to share files through your AFS space. To share these files, you can grant others access to certain directories in your space by changing the Access Control List (ACL) for that directory. However, there are some rules to be aware of before granting access to others.

fs

The fs command, when combined with certain command names and options, allows you to inspect and modify the access rights of your AFS space.

fs la

The “fs la” command allows you to list the access rights that are currently assigned in a particular directory.

To see the access information in your current working directory:

eos$ fs la

To see access in a different directory:

eos$ fs la pathname

fs sa

The “fs sa” command allows you to modify the access settings of a particular directory. This command requires you to specify a pathname for the access, the unityid of the person you are granting access to, and the type of access.

eos$ fs sa pathname unityid access

Access types that you can grant to others can be any combination of l, r, i, d, w, k, and a.

  • l – look access only allows users to see the files that are in the directory
  • r – read access allows users to read, view, or copy file contents
  • i – insert access allows users to move files or create new ones
  • d – delete access allows users to remove files
  • w – write access allows users to write files
  • k – lock access allows users to lock others out of a directory. Do not lock yourself out of your own space.
  • a – admin access gives users admin rights to your directory. They will be able to assign access for others to that directory.
  • all – all access grants users l, r, i, d, w, k, and a access
  • none – removes all accesses assigned to the user

Example:

Let’s say you want to give your TA, Joe Schmoe, read and look access to your ~/MyE115 Directory.  Here is how you would do it:

eos$ fs sa ~/MyE115 jschmoe rl

Later, after the semester is over, your TA doesn’t need access anymore, here is how you would do it:

eos$ fs sa ~/MyE115 jschmoe none 

Should I expect an output?

For fs sa – No

For fs la – Yes:

Access list for . is
Normal rights:
www:servers l
system:administrators rlidwka
unityid rlidwka

Note: Output will vary depending on pathname