At IU, how do I share my RFS data with other users using an AFS client?

Username:
Password:

Note: To be able to run any of the following commands, you need to have the OpenAFS client installed. See At IU, how do I install and configure OpenAFS on my workstation for use with the RFS?

On this page:

Introduction

In the Research File System (RFS) at Indiana University, you can share data with other RFS users by setting permissions in Access Control Lists (ACLs) that are stored with directories and subdirectories. The ACL specifies the users and groups that have access to a directory, and the usage rights they have been given. The Andrew File System (AFS), on which RFS is based, provides permissions.

The following permissions apply to file access:

read (r)	Users can read the contents of a file.
write (w)	Users can change the file.
lock (k)	Users can run programs that issue system calls to lock files in the directory.

The following permissions apply at the directory level:

lookup (l)	Users can list the files in a directory.
insert (i)	Users can add files to a directory.
delete (d)	Users can remove files from a directory.
administer (a)	Users can modify the directory ACL.

You can add users to ACLs when you need to share files. If you have multiple directories or varying permissions for a large number of users, you can simplify ACL management tasks by creating groups.

Note: You can share your RFS data only with other RFS users.

Sharing RFS files with other users

The most permissive access provided by the ACL is rlidwka, which is the default level of access for the owner of the directory. To restrict access, you can define a more selective combination of permissions. For example, you can give the rl set of permissions to users who need read-only access to the files in a directory.

To set ACL permissions for your RFS directories from the command line, use the fs command with the appropriate arguments:

To view the ACLs on directories and subdirectories, use: fs listacl
To give users access to directories and subdirectories, use: fs setacl
To copy ACLs between directories, use: fs copyacl

To view a list of all fs subcommands, use:

fs help

To view the correct syntax for arguments, add the argument to the end of the command:

fs help listacl

For full examples of the various fs commands, see:

Note: You cannot set file permissions in AFS. AFS permissions are set at the directory and subdirectory level, and are inherited by the files in them.

Creating and managing groups in RFS

To create groups and add users to groups from the command line, use the pts command. To create a group, use:

pts creategroup username:groupname

Replace username with your username, and groupname with the name of your group.

To add a user to a group, use:

pts adduser newuser username:groupname

Replace newuser with the username to be added, username with your username, and groupname with the name of your group.

Note: Users automatically inherit applicable permissions when you add them to a group for which you've defined ACL permissions.

Some other useful pts commands are:

	`pts removeuser`	Remove a user from a group.
	`pts delete`	Remove a user or a group from the database.
	`pts chown`	Change ownership of a group.
	`pts membership`	List the members of a group.

To view a list of all pts subcommands, use:

pts help

You can find full examples of pts commands at the OpenAFS Administration Reference for pts.

For help with RFS, email Research Storage.

This is document asxa in domain all.
Last modified on June 09, 2011.