How To Add User ACLS

Sharing AFS Directories

Following are very simple instructions to give a user access to one of your AFS directories. For a much more thorough explanation, we highly recommend the following documentation.

Any user that needs to read/edit files in one of your directories, must also have at least "l" (note this is a lower case L, which is short for lookup) permission in all of parent directories up to and including your home directory.

Let's assume we have a directory called "Shared" that we want to share. First, we must allow the friendly user to have lookup access to our home directory. This does not allow them to access any files, only to see that the directory exists and that there are files in it. I recommend setting this for all authenticated users on campus, but you could also replace "system:authuser" with the AFS ID of a single user.

 $  fs sa ~ system:authuser l

If you just want the friendly user to be able to read the contents of ~/Shared:

 $  fs sa ~/Shared system:authuser rl

If you want to give a specific user with AFS ID "mylabmate" full write access to your Shared directory, you could say:

 $  fs sa ~/Shared mylabmate write

NOTE: Only give people you trust write access!


To list all ACL's on ~/Shared

 $  fs la ~/Shared

To remove mylabmate's permissions:

 $  fs sa ~/Shared mylabmate none

AFS Groups

If you're going to be sharing directories with multiple collaborators, it is recommended to create a group with the pts command.

 $  pts creategroup yourNETID:groupname
 $  pts adduser collaboratorNETID yourNETID:groupname

For example:

 $  pts creategroup ckankel:labmates
 $  pts adduser shampton ckankel:labmates

ACLs can be applied to groups through the same process as individual netIDs.

Recursively Share Directories

When new sub-folders are created the permissions are inherited from the parent directory. If you want to change permissions on folders that already exist, you must manually update them. You can do this on an folder-by-folder basis, however, for a large number of directories, you will want to use a quick unix command:

 $  cd ~/Shared
 $  find . -type d -exec fs sa {} mylabmate rl \;

For a speedup try:

 $ find . -type d | xargs -I '{}' -P 4 fs sa '{}' mylabmate read

If you would like to make these directories readable to all ND users, replace mylabmate with nd_campus.