ARCHIVED: At IU, how do I share my RFS data with other users using an AFS client?
Note: To be able to run any of the following commands, you need to have the OpenAFS client installed.
On this page:
Introduction
In the Research File System (RFS) at Indiana University, you can share data with other RFS users by setting permissions in Access Control Lists (ACLs) that are stored with directories and subdirectories. The ACL specifies the users and groups that have access to a directory, and the usage rights they have been given. The Andrew File System (AFS), on which RFS is based, provides permissions.
The following permissions apply to file access:
read (r)
|
Users can read the contents of a file.
|
write (w)
|
Users can change the file. |
lock (k)
|
Users can run programs that issue system calls to lock files in the
directory.
|
The following permissions apply at the directory level:
lookup (l)
|
Users can list the files in a directory.
|
insert (i)
|
Users can add files to a directory.
|
delete (d)
|
Users can remove files from a directory.
|
administer (a)
|
Users can modify the directory ACL.
|
You can add users to ACLs when you need to share files. If you have multiple directories or varying permissions for a large number of users, you can simplify ACL management tasks by creating groups.
Note: You can share your RFS data only with other RFS users.
Sharing RFS files with other users
The most permissive access provided by the ACL is
rlidwka
, which is the default level of access for the
owner of the directory. To restrict access, you can define a more
selective combination of permissions. For example, you can give the
rl
set of permissions to users who need read-only access
to the files in a directory.
To set ACL permissions for your RFS directories from the command
line, use the fs
command with the appropriate
arguments:
- To view the ACLs on directories and subdirectories, use:
fs listacl
- To give users access to directories and subdirectories, use:
fs setacl
- To copy ACLs between directories, use:
fs copyacl
To view a list of all fs
subcommands, use:
fs help
To view the correct syntax for arguments, add the argument to the end of the command:
fs help listacl
For full examples of the various fs
commands, see:
Note: You cannot set file permissions in AFS. AFS permissions are set at the directory and subdirectory level, and are inherited by the files in them.
Creating and managing groups in RFS
To create groups and add users, use the pts
command. New users automatically inherit applicable permissions when
you add them to a group for which you've defined ACL permissions.
- To create a group, enter the following command, replacing
username
with your Network ID username andgroupname
with the name of your group:pts creategroup username:groupname
- To add a user to a group, enter the following command, replacing
newuser
with the user's Network ID username,username
with your Network ID username, andgroupname
with the name of your group:pts adduser newuser username:groupname
Note: To add a user to a project user group, you must use
projectname_user
instead ofusername:groupname
(replaceprojectname
with the name of your project user group); for example, to add new usersebulba
to thepodrace
project user group, enter:pts adduser sebulba podrace_user
Other useful pts
commands include:
pts removeuser
|
Remove a user from a group. |
pts delete
|
Remove a user or a group from the database.
|
pts chown
|
Change ownership of a group. |
pts membership
|
List the members of a group. |
To view a list of all pts
subcommands, use:
pts help
You can find full examples of pts
commands at the OpenAFS
Administration Reference for pts.
For help with RFS, email Research Storage.
This is document asxa in the Knowledge Base.
Last modified on 2018-01-18 15:00:11.