160 likes | 366 Views
Intro to Unix Spring 2000 RCS FIle Permissions. 2. Access Control List - ACL. Each directory in an AFS file system has an access control list that determines who can access the files in the directory.Within a directory you can use the traditional Unix permissions to further restrict access.. In
E N D
1. Intro to Unix Spring 2000 RCS FIle Permissions 1 Quick Intro toRCS and AFS File Permissions Ref: man pages for fs, pts,
CIS Memo RPI.114:Sharing Files in RCS Unix
2. Intro to Unix Spring 2000 RCS FIle Permissions 2 Access Control List - ACL Each directory in an AFS file system has an access control list that determines who can access the files in the directory.
Within a directory you can use the traditional Unix permissions to further restrict access.
3. Intro to Unix Spring 2000 RCS FIle Permissions 3 Types of Permissions r read - users can view contents of file
l list - users can names of files in a directory.
i insert - users can add files to directory
d delete - users can delete files.
w write - users can change contents of files.
k lock - users can lock files (flock()).
a administer - users can change permissions.
4. Intro to Unix Spring 2000 RCS FIle Permissions 4 The fs command The fs command can be used to display and change an ACL.
fs does lots of other things also!
try fs help for details
5. Intro to Unix Spring 2000 RCS FIle Permissions 5 Displaying file permissions fs listacl dirname(s)
fs la dirname(s)
Shows the access control list for the named directories.
6. Intro to Unix Spring 2000 RCS FIle Permissions 6 fs la (pronounced "fuse lay")* > fs la public
Access list for public is
Normal rights:
system:backup l
system:anyuser rl
hollid2 rlidwka
>
7. Intro to Unix Spring 2000 RCS FIle Permissions 7 Setting Permissions fs setacl -d dirname -acl aclentries
fs sa -d dirname -acl aclentries
fs sa dirname username permissions
Changes the ACL for the named directory.
8. Intro to Unix Spring 2000 RCS FIle Permissions 8 aclentries Each acl entry is a username (or group) followed by any combination of the seven access privileges (rlidwka)
Examples:
hollid2 rlidwka
system:anyuser rl
hollid none
9. Intro to Unix Spring 2000 RCS FIle Permissions 9 fs sa (pronounced "fusy")* fs sa . system:anyuser all
fs sa tmp joe rl
fs sa foo sam none
10. Intro to Unix Spring 2000 RCS FIle Permissions 10 Negative Permissions fs sa dirname -negative aclentry
example:
fs sa . -negative faustn2 rl
11. Intro to Unix Spring 2000 RCS FIle Permissions 11 negativity > fs sa . system:anyuser all
> fs sa . -negative faustn2 all
> fs la .
Normal rights:
system:backup l
system:anyuser rlidwka
hollid2 rlidwka
Negative rights:
faustn2 rlidwka
12. Intro to Unix Spring 2000 RCS FIle Permissions 12 Groups You can create your own groups of users to simplify setting up permissions.
These are not the traditional "Unix groups", these are just for AFS file permissions!
Each group name you create starts with the prefix "yourid:"
13. Intro to Unix Spring 2000 RCS FIle Permissions 13 Creating a group pts creategroup yourid:groupname
example:
pts creategroup hollid2:students
14. Intro to Unix Spring 2000 RCS FIle Permissions 14 Adding a user to a group pts adduser username groupname
examples:
pts adduser god hollid2:closefriends
15. Intro to Unix Spring 2000 RCS FIle Permissions 15 pts removeuser (pronounced "puts fillybog")* pts removeuser username groupname
example:
pts removeuser joe hollid2:research
16. Intro to Unix Spring 2000 RCS FIle Permissions 16 Listing a group pts membership groupname
example:
> pts membership hollid2:blah
Members of hollid2:blah (id: -3128) are:
ingalr
faustn2