Coda File Protection

Coda provides a close approximation to UNIX protection semantics. An access control list (ACL) controls access to directories by granting and restricting the rights of users or groups of users. An entry in an access list maps a member of the protection domain into a set of rights. Userrights are determined by the rights of all of the groups that he or she is either a direct or indirect member. In addition to the Coda access lists, the three owner bits of the file mode are used to indicate readability, writability, and executability. You should use chmod(1) to set the permissions on individual files. Coda rights are given as a combination of rlidwka where:

Coda also has negative rights, which deny access. Any of the normal rights listed above can also be negative.

Access control lists are managed with the cfs with the listacl and setacl options. They can be abbreviated as la and sa respectively. To see the access control list of any directory in a Coda file system, use cfs la. The following example displays the current directory's ACL:

% cfs la .
      System:AnyUser  rl
               raiff  rlidwka

The displayed list, shows that the user "raiff" has all of the access rights possible on the directory and that the group System:AnyUser has read and lookup privileges. System:AnyUser is a special Coda group, that includes all users.

A second example shows another group, System:Coda. Anyone who is a member of the group, will have the groups access rights:

% cfs la /coda
      	 System:coda  rlidwka
      System:AnyUser  rl

Use cfs sa to change or set a directory's access control list. Options to cfs sa include -negative to assign negative rights to a user and -clear to clear the access list completely before setting any new access rights. You can also use all or none to specify all rights or no rights respectively.

To remove System:AnyUsers access to the current directory, you would issue the following command:

% cfs sa . System:AnyUser none

To give System:AnyUser read and lookup rights, use:

% cfs sa . System:AnyUser rl

To deny rights to a user, use the -negative switch:

% cfs sa -negative . baduser rl

This will deny baduser read and lookup rights, even though any other user has these rights. Note that negative rights are maintained separately from the normal rights, so to re-instate badusers' read and lookup access, you must use:

% cfs sa -negative . baduser none

If you omit the -negative switch, then baduser will still be denied read and lookup access.