|
|
||
|
Protecting your Directories & Files
NOTE: This collection of frequently asked questions (FAQ) on how one can keep his/her files private is not meant to replace the other AFS documents that are also provided at this site.
Q. I just got an Internet account and noticed that I have a directory called "private". My friend's account does not have it though. What is it? Does my friend need it?
A. A subdirectory called "private" is provided in every user's account. We recommend that you use it to protect files and directories that you want to keep private. This is where all files and directories that you don't want to share with anyone should go. Check if you have this directory by typing: ls from the system prompt (e.g., apollo% ls).
Assuming that your account name is act, check the ACLs (access control list) for this directory by:apollo% fs listacl private
which should return the following on your screen:
Access list for private is
Normal rights:
system:administrators rlidwka
act rlidwkaIf you don't have the "private" subdirectory, do the following:
prompt
command
description
apollo%
cd
Start from your home directory
apollo%
mkdir private
Create the directory
apollo%
fs setacl private system:anyuser none
Gives the public no rights to the files and subdirectories that you create under the "private" directory
Then, move all files and directories that you want to be secure to this subdirectory by:
prompt
command
description
apollo%
cd
Takes you to your home directory
apollo%
mv file1 private
Move the file named "file1" to subdirectory "private"
apollo%
mv directory1 private
Move the directory named "directory1" to the subdirectory "private"
Q. So what does system:administrators and system:anyuser refer to when I do an "fs listacl" on a directory?
A. System:administrators and system:anyuser are AFS systemwide protection groups. System:administrators is a group comprised of the Division of Information Technology's system administrators who have all access control rights to all directories in the AFS cell sfsu.edu.
System:anyuser is a group that includes all users, including non-AFS users.
Q. I want everything in my account to be inaccessible to other people; including files that start with a . (dot). How do I do that? Will I break anything if I restrict access?
A. If you do not want anything in your account to be accessed by other users, type the following from the system prompt:
prompt
command
description
apollo%
cd
Makes sure you are at your home directory
apollo%
cd ..
Moves you up a directory above your home directory
apollo%
fs setacl act system:anyuser none
This prevents anyone from accessing files and subdirectories in act's account
apollo%
cd
Takes you back to your home directory
The disadvantages of doing this are:
your .forward, .plan, and .vacation files will not work you lose access to bbs conferences you won't be able to publish a homepage on the WWW
If you are not doing any of the above utilities/activities, then you are fine.
Q. Can I turn off the "system:administrators rlidwka" rights from my home directory?
A. Not recommended. You have to leave these rights so the system administrators can backup your account.
Q. I would like a friend of mine to be able to read some of my files in my account. My account name is fdb and hers is jto. The file I'd like to share is called proj.part1 and it is currently in my "private" directory. How do I do this?
A. What we recommend you do is to create a separate directory for files you'd like to share with other people. You do this by:
prompt
command
description
apollo%
cd
Start from your home directory
apollo%
mkdir shared
Create a directory where all shared stuff will go
apollo%
fs setacl shared jto rl
This will allow your friend to list, and read/copy any file that is in the "shared" directory
apollo%
fs listacl shared
Check to see that the ACLs were set to what you want
apollo%
cp private/proj.part1 shared
Copies the file proj.part1 from your "private" directory to your "shared" directory
Your friend can now copy the file to her own account by:
apollo% cp ~fdb/shared/proj.part1
HOME
Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us
Last Modified: 17 Jul 1996
doit@sfsu.edu