Owner
Commands - Managing Users in an AFS Volume
OIT uses a distributed, network-based filesystem known as AFS to store and manage user accounts and most university websites, both personal webpages and official campus sites. UMBC's AFS filesystem is closely integrated with OIT's general access Unix servers (also known as the gl.umbc.edu cluster), which means you can log into a gl server and use normal Unix commands to sort, edit and manipulate your web documents, and you'll always have access to the same set of files, no matter which gl server you work from. To use AFS commands (such as the ones discussed in this guide), you must log into a gl Unix server (using SSH) and execute commands from the Unix command line.
Whether you're creating your first personal homepage, or maintaining an extensive departmental website, AFS offers campus webmasters the ability to control specific access permissions to your web directories. Each directory you own has a corresponding AFS Access Control List or ACL that governs who has what access to the directory and its contents. To view a directory's ACL, use the fs listacl [directory path] command. Each line listed in a directory's ACL has two parts: a username, followed by a string of letters. Each of these letters stands for a specific AFS access right that the user has been given for the directory. For example, the r and l ACL rights stand for read and list, which entitle a user to read a directory's files (but not change or delete them) and view a listing of the directory's contents.
Giving Users Access to Your Web Directories using AFS Access Control Lists
Once your UMBC website is underway, you might consider using ACLs to give other users the ability to work with the files located in your AFS web directories. Individual usernames and directory rights may be appended to a directory's ACL using the fs adduser [directory path] [username] [ACL rights]. There are seven distinct directory rights (and seven individual letters representing these rights) that can be assigned to each user listed in an ACL. Fortunately, AFS has four easier to remember keywords that can be used with the fs adduser command: write, read, all and none. You should be careful of giving users all directory permissions, as the full set of rights allows users the ability to modify ACLs. Instead, the permissions included with the write keyword gives users the ability to edit, save, create and delete the files in the specified web directory, and should be sufficient for anyone contributing to the content of your webpage. To use any of the ACL keywords, simply execute the fs adduser command as spelled out above, substituting the write (or other) keyword instead of a string of individual letters.
The following commands
must be issued from the command prompt. This means using SSH
telnet
to connect to your gl account, where you will enter your
username and password.
At the system prompt
(umbc{20}%) type: cd /afs/umbc.edu/public/www/deptname
for example: cd /afs/umbc.edu/public/www/oit
You are now in the proper
directory to grant access rights.
To add a user to a group,
type
pts adduser username
{owner}:{volume}
for example: pts
adduser username fritz:oit (where fritz is the owner, and oit is the volume)
To remove people from
group (when they no longer need access), type
pts removeuser username
{owner}:{volume}
for example: pts
removeuser username fritz:business (where fritz is the owner, and business
is the volume)
Both the adduser and
removeuser can be done at any time.
|
