|
Every account has a directory /users/login/pub. By
default, any file the user places in this directory can be
read by other WAM users. To make a file publically readable,
copy it to this directory, or to a subdirectory in this
directory.
If a user wants to be able to access the file from their home
directory without having to specify
~/../pub/file_or_directory, they should make a
symbolic link to
/afs/wam.umd.edu/usrX/login/pub/file_or_directory
wherever they would like the file or directory to appear to
exist.
If a user wants to make a directory that only their friends
can get to, the best thing for them to do is:
-
make the directory in ~/../pub
-
revoke any system:anyuser and system:authuser permissions
for the subdirectory (not ~/../pub).
To grant or revoke access permissions on a directory use:
fs setacl -dir directory -acl people
read [people read ...]
where people can be any AFS group (system:anyuser for
everyone, system:authuser for people who have authenticated
with that AFS cell, or a user defined AFS group) or a list of
userids. "read" is an easier to remember form of "rl" for
Read and Lookup ACL access. If you want a user or group to be
able to access a directory, but not be able to read files in
the directory, then only give them lookup (l) permission.
Lookup allows them to do "ls" and "cd", but will not allow
them to read any files. To revoke permissions, set the
permission for a user or group to "none".
For more information, refer to the printed AFS User's Manual,
or the
other AFS entries here.
|
