Overview
Before you start worrying about how to give permissions, you should know if you have the administrative ability to do so. If you don't, we give you tips for gaining admin power.
Are you allowed to set permissions?
In the example below, your SUNet ID is "jdoe" and you want to set ACLs in a directory called "rocketscience" in the "dept" section of Stanford's AFS space. It would therefore be located at the end of the following directory path in AFS: /afs/ir/dept/rocketscience/. You'll use the "cd" command to get there. If this sounds like gobbledygook, take a look at the Navigating AFS page or just follow along using the directory in which you really want to set permissions instead of our hypothetical "rocketscience" directory..
2) Go to the directory where you'd like to set permissions.
a) In this example, you'd type:cd /afs/ir/dept/rocketscience/b.) You can always tell if you're in the right directory because the command prompt will be augmented with your present location. In other words, a command prompt that used to look something like this:cardinal4:>shows your location in AFS like this:cardinal4: /afs/ir/dept/rocketscience/>
3.) Check the ACLs in that directory.
At the command prompt, while in this directory, type:
fs la
Access list for . is
Normal rights:
rocketscience-admins rlidwka
system:dept-admin rlidwka
system:backup rl
system:administrators rlidwka
system:anyuser rl
jdoe rlidwka
Look for your Sunet ID in the ACL list. If it's there, with
"rlidwka" listed afterward, as shown in the example, ("jdoe rlidwka" at
the bottom of the list) then you're ready to set ACLs. Go to the Commonly
used ACLs section of the How to set permissions
with ACLs page .
4.) Tips for getting admin power
- If your SUNet ID is not displayed in the ACL list, or if
your SUNet ID is displayed with only "rlidwk" afterward (you need the "a"
at the end: it's what gives you "administrative" power), then you can't set
ACLs. But all is not lost.
Your SUNet ID may not be showing up because it's actually located in your department's admin group. In our example, the entry called "rocketscience-admin" in the ACL list is tyical of groups created by or composed of people with administrative control over a directory. To find out if you're a member of this "pts" group, type "pts mem <groupname>" at the command prompt (as in pts mem rocketscience-admin). The system will display the SUNet IDs of everyone in that group. Since the group has "rlidwka" privileges, if your SUNet ID is among those displayed it means that you too possess administrative privileges. - If your SUNet ID is not displayed in the ACL list, and
you have only "rlidwk" privileges (or less), and you're not a member of a
pts group that has "rlidwka" privileges, you may still have hope.
You need to find someone who has administrative permissions and ask about
obtaining them for yourself in that directory. You can probably find that
someone by scanning the ACL list on your screen.
- If there is another SUNet ID in the ACL list that has "rlidwka" privileges it may belong to a colleague or someone you know. If you can't identify the person by their SUNet ID, either 1) type the word "whois" and their SUNet ID at the command line (as in "whois jdoe") or 2) go to the Stanfordwho page on the web, use the "for Stanford community members only" link, and scroll down to the "Or find the person by SUNet ID" field.
- Use the same "pts mem <groupname> technique you did before. After issuing the "pts mem" command on your rocketscience-admins group, scan the results to see if there's anyone you know, or use a "whois" look up as described above to find out which SUNet IDs belong to which people. Note that this only works for admin groups peculiar to your department. Other groups in the ACL list -- system:dept-admin, system:backup, system:administrators, etc. -- won't be able to help you.
- Still no luck? Use the "cd ../" command to move up one directory. You might find people with control over your sub-directory in the ACL list of the directory right above the one you're in.