AFS Access Rights There are seven access rights available on ACLs

AFS Access Rights

There are seven access rights available on ACLs. These rights are associated with the directory
itself and apply to all elements in it, both files and subdirectories. The seven access rights can be
divided into two groups: 'Directory' rights (LOOKUP, INSERT, DELETE, and ADMINISTER)
which apply to the directory itself, and 'File' rights (READ, WRITE, and LOCK) which apply to the
files in the directory. Each right has an accepted single-character abbreviation, which appears
following the complete name in the definitions below.

Directory Access Rights:

The four rights in this group apply to the directory itself. For example,
the INSERT right means that the user can create or copy a file into the directory (but does not
mean that the possessor can 'insert' data into a file. That would require the WRITE right
described below).

LOOKUP (l): allows the user to list files in your directory.

INSERT (i): allows the user to add new files to the directory (either by creating new files or
copying existing files), and to create new subdirectories.

DELETE (d): allows the user to remove files and subdirectories from the directory or move them
into other directories (where the user has the INSERT right).

ADMINISTER (a): allows the user to change the ACL for the directory. Users always have this
right with files they own.

READ (r): allows the user to read the file. For files in the current directory, the possessor can
read the data in the file. For subdirectories within this directory, the possessor can read the names
of files contained in those subdirectories.

WRITE (w): allows the user to modify the contents of files in the directory and to change their
UNIX mode bits with the chmod command. The user is allowed to alter files in the directory.

LOCK (k): allows the user to run programs that need to 'flock' (lock files) in the directory.

When granting access privileges, you can use some easy to remember shorthand notations for
commonly used combinations of the seven access rights:

write = rlidwk
read = rl
all = rlidwka
none = removes all rights