File Permissions in AFS

Previous: The NFS to AFS migration


Next: AFS Groups

File Permissions in AFS

In NFS and UFS, you can set permissions on a file-by-file basis. In AFS, file permissions are specified for each directory, and apply to the directory and to all the files that directory contains. They do not apply to the subdirectories of a directory, since the subdirectories have their own permissions; however, any newly created subdirectory will inherit the permissions of its parent directory. These directory permissions are flexible; they can be applied individually for each user. You can give Jim, Mary and Bill the permission to see the list of all files in your home directory, Valerie the permission to list and read them, and Tom the permission to list, read and write them. The list of all users that have permissions, along with their permissions, is called the access control list or ACL of the directory.

There are seven types of access that you can grant:

With lookup access on a directory, it is possible to look at the directory's ACL and to list the contents of the directory (i.e., what files and directories are in it). It does not imply read access to the files. You must have lookup permission to use any other permission (except administer).
Read access on a directory implies permission to read the contents of all the files in a directory. (This says nothing about the right to read files in its subdirectories.)
Write access on a directory grants permission to modify existing files and subdirectories within a directory, and to change permissions on the files in that directory. It implies neither insert nor delete access to the directory.
Insert access on a directory implies permission to create files or subdirectories in the directory. It does not imply the ability to modify the files once they are created, however. Insert access without write access is useful mainly for the case when you want to allow someone to create files or subdirectories in a given directory but not to modify files that are already there.
Delete access on a directory gives the ability to remove files or empty subdirectories from the directory. Like insert, delete access does not imply write access.
With administer access on a directory, it is possible to change the ACL of the directory. Administer access does not imply any other kind of access. As with all other rights, setting or resetting administer access on a directory only affects that particular directory. It does not affect pre-existing subdirectories.
A user with lock access on a directory can put advisory locks on files within the directory. This is typically useful only to programmers.

To change the the ACL for a file or directory, you can use the fs command, mentioned in Section 6.2 of this document.

UFS file permissions still exist for files in AFS, but their meaning is different. User field of UFS file permissions can be used to further restrict the access rights on the AFS files and directories. Withdrawing the user permissions will deny the right of access to all the users who would normally have that right, including the owner of the file. For example, if the user read permission for a file is set (as it normally is), then anyone who has an AFS read permission on the directory can access the file. However, if you withdraw the user read permission using the chmod command, then no one (including you) will be able to read the file, even if they have AFS read permission on the directory. If you set all the UFS permissions on a file, then the right of access that file will be determined solely from the ACL on the directory. (Group and other fields of UFS file permissions are generally not used.)

It is also possible to give users ``negative permissions'' on a directory, thus specifically denying them the corresponding rights. Negative permissions are stronger than the positive ones. Their use is described in more detail in section 3.3 of this document.

Each directory has its own ACL. Whenever you create a new directory, it ``inherits'' the ACL of its parent. You always have the administer rights on the top-level directories in your locker (or any other AFS volume you own). You cannot take this right away from yourself.