Views:
AFS uses its own independent permissions set. AFS permissions can ONLY be set through the AFS client. They cannot be set through Secure FX or by using any other clients.

Permission Descriptions
 
  • Read (r) - Granting this permission will give the ability to read files.
  • Lookup (l) - Granting this permission will give the ability to browse through the directory.
  • Insert (i) - Granting this permission will give the ability to add new files and folders.
  • Delete (d) - Granting this permission will give the ability to remove files and folders.
  • Write (w) - Granting this permission will give the ability to edit files.
  • Lock (k) - Granting this permission will give the ability to place advisory locks on files.
  • Administer (a) - Granting this permission will give the ability to administer the folders permissions.

Managing Permissions

AFS permissions ONLY apply to folders, not files. File permissions are based on the enclosing folder, not the files themselves. It is possible to modify all the folders in a parent folder by using the following Linux command:
find /top/level/folder –type d –exec fs sa {} <user-or-group> <permissions> \;
where /top/level/folder is the parent folder to modify AFS permissions. <user-or-group> is the AFS user or group to be added, deleted, or updated, and <permissions> are the AFS permissions listed above.

Windows Client
 
  • Right click on the file or folder and go to AFS -> Access Control Lists...
  • [Add To Permissions List] To add a user or group to the permission list click on the Add Button.
  • [Add To Permissions List] In the box that comes up enter the name of the user or group and check which permissions you wish them to have. Hit the Ok button when finished.
    • WARNING: Make sure the Normal Entry option is selected. You should not use the Negative Entry checkbox unless you know what you are doing.
    • NOTE: AFS will not check to make sure the user or group is valid and will instead just add it to the list.
  • [Remove From Permissions list] To remove a user or group from the permissions list highlight the name you wish to remove and hit the Remove button.
  • [Edit Permissions] To edit the permissions of a user or group highlight the name you wish to edit.
  • [Edit Permissions] On the right side of the screen you should see a group of checkboxes.
  • [Edit Permissions] To add a permission check the box next to the permission name. To remove a permission, uncheck that box.
  • When you are finished making changes hit the Ok button.

Linux Client
 
  • Navigate to the folder you wish to change
  • To list the ACL currently on the file or folder use the following command fs listacl FileOrDirectory. For example: fs listacl test.
  • [Add/Edit Permissions] To add a user or group to the permission list or edit the permissions of a user or group run the command fs setacl FileOrDirectory UserOrGroup Permissions. For example: fs setacl test personalweb rl.
    • For the permissions option use the abbreviations instead of the full permissions name (r,l,i,d,w,k) without space between each permission (ex: rld). You can also use the word all to select all permissions.
    • NOTE: AFS will not check to make sure the user or group is valid and will instead just add it to the list.
  • [Remove From Permissions list] To remove a user or group from the permissions list run the following command fs setacl FileOrDirectory UserOrGroup none. For example: fs setacl test personalweb none.

Groups and Users

AFS's user and group data is drawn from AFS's own database and not from Active Directory. In addition, several groups are created automatically from Banner data daily at 1:05 am.

Listing Group Members

You can find out who is in an AFS group by logging into one of the public linux machines and running the following command: pts members GroupName where GroupName is the name of the group.

Automatically Generated Groups

While these groups are auto-generated every three months, they can easily be modified at any point in time during the term and all changes take place within 24 hours except under extenuating circumstances.
  • All Students by Year
All students by current year standing, such as Freshmen, Sophomore, etc. These groups follow the convention of all-fr, all-so, etc.
  • Year-Department
Students grouped by year and department, such as Freshmen Computer Science or Junior Chemical Engineering. These groups follow the convention of fr-cs, jr-cheme, etc.
  • Department
Faculty and Staff organized by department as noted by Banner. These groups follow the convention of cs_dept, busofc_dept, etc.
  • Courses
AFS groups for each course currently in session. Each course has at least two groups generated for it. The first is the pure course group, such as em104. This group contains a list of all students enrolled in all sections of the course. The remaining groups take the form of em104-01 and consist only of students enrolled in that specific section.

Other Groups

AFS groups can be created for clubs, and organizations on campus by contact the EIT Service Desk. In addition, users can create their own groups to use for setting permissions on their home folder.
  • Adding a Group
From a public linux machine run the following command: pts creategroup username:groupID username where username is your username and groupID is the name of the group you wish to make.
  • Adding Users to a Group
From a public linux machine run the following command: pts adduser UserNameToAdd username:groupID, where username is your username, groupID is the name of the group, and UserNameToAdd is the user you wish to add.
  • Removing a Group
From a public linux machine run the following command: pts delete username:groupID where username is your username and groupID is the name of the group.
  • Removing Users from a Group
From a public linux machine run the following command: pts removeuser UserNameToAdd username:groupID, where username is your username, groupID is the name of the group, and UserNameToAdd is the user you wish to remove.
 
 
Keywords: afs, folder permissions