TU Berlin

Center for CampusmanagementRights management SSH

"das Wort tubIT in roter Schrift auf weißem Grund"

Page Content

to Navigation

AFS rights management with a terminal

AFS directories can be configured for shared usage of multiple users. tubIT allows all users to access their data in a secured way. For this purpose we host a SSH server which grants access to the AFS homes.

This includes access to all areas for which you have rights. You will need a SSH client for this service. UNIX/Linux system have a ssh client by default. For Windows systems PuTTY is recommended.

Address: sshgate.tu-berlin.de

Authentication: Kerberosticket, username and password

General Notes

Groups are structured like this: <group owner >:<group name>

Groups created by tubIT are always structured: units:<area name>

The group with the owner units shows the responsible person for an AFS area. This group cannot be edited.

The groups system:backup and system:administrators also belong to tubIT and cannot be edited.

In order to grant coworkers access to subfolders with correspondent rights, it is necessary to create new groups with these rights. The person creating a group is automatically the owner of a group. The owner is declared with his tubIT user name.

If you create subfolders, the rights will be inherited from the parent folder.

Commands

The following commands will help you administrating the rights:

Create a group: pts creategroup <tubIT name owner>:<group name>

Add a user to a group: pts adduser <tubIT name user> <tubIT name owner>:<group name>

Show group members: pts membership <tubIT name owner>:<group name>

Remove group member: pts removeuser <tubIT name user> <tubIT name owner>:<group name>

Show rights for a certain folder: fs listacl -path <folder path>

Show rights of current folder: fs listacl

Set rights for a group for a folder including subfolders: find <folder with subfolders> -type d -exec fs sa "{}" -acl <tubIT name owner>:<group name> <rights> \;

Remove rights from a group for a folder including subfolders: find <folder with subfolders> -type d -exec fs sa "{}" -acl <tubIT name owner>:<group name> none \;

Set rights for current folder: fs setacl -dir . -acl <tubIT name owner>:<group name> <rights>

Remove rights for current folder: fs setacl -dir . -acl <tubIT name owner>:<group name> none

Set rights for a certain folder: fs setacl -dir <folder path> -acl <tubIT name owner>:<group name><rights>

Remove rights for a certain folder: fs setacl -dir <folder path> -acl <tubIT name owner>:<group name>none

These commands can only be executed by owners of the administrator right (a). If a group has the administrator right, all members are entitled to run the commands. Group commands can always be run by the group owner.

Rights:

 

  • r = read
  • l = list folder contents
  • i = insert
  • d = delete
  • w = write
  • k = lock file
  • a = administration

 

This manual as PDF (german)

FAQ AFS

Hinweise zu Firewall, Ports, Systemzeit, ReiserFS, Windows-Domäne, Vista 64 Bit und VPN. more to: FAQ AFS

Navigation

Quick Access

Schnellnavigation zur Seite über Nummerneingabe