How AFS Uses the UNIX Mode Bits

Although AFS protects data primarily with ACLs rather than mode bits, it does not ignore the mode bits entirely. An explanation of how mode bits work in the UNIX file system is outside the scope of this document, and the following discussion assumes you understand them; if necessary, see your UNIX documentation. Also, the following discussion does not cover the setuid, setgid or sticky bits. If you need to understand how those bits work on AFS files, see the OpenAFS Administration Guide or ask your system administrator.

AFS uses the UNIX mode bits in the following way:

When you issue the UNIX chmod command on an AFS file or directory, AFS changes the bits appropriately. To change a file's mode bits, you must have the AFS w permission on the ACL of the file's directory. To change a directory's mode bits, you must have the d, i, and l permissions on its ACL.

Example: Disabling Write Access for a File

Suppose terry is chairing a committee that is writing a proposal. As each section is approved, she turns off write access to that file to prevent further changes. For example, the following chmod command turns off the w mode bits on the file proposal.chap2. This makes it impossible for anyone to change the file, no matter what permissions are granted on the directory ACL.

   % chmod -w proposal.chap2
   % ls -l
   -rw-r--r--  1 terry     573 Nov 10 09:57 conclusion
   -r--r--r--  1 terry     573 Nov 15 10:34 intro
   -r--r--r--  1 terry     573 Dec  1 15:07 proposal.chap2
   -rw-r--r--  1 terry     573 Nov 10 09:57 proposal.chap3
   -rw-r--r--  1 terry     573 Nov 10 09:57 proposal.chap4