Controlling access to your files and directories

Overview
ZFScontrol
Windows
- XP
- Vista
Macintosh

By default, all the files and folders in a userfile space in ZFS can be accessed only by the user, and the files and folders in a group file space can be accessed only by members of the group. There is one exception: the folder www and the files it contains can be read (but not written) by anyone in the world using a web browser.

User

www folder
- Available on the World Wide Web
- Readable by anyone (only writable by the user)
everything else
- Not available on the World Wide Web
- Can be accessed only by the user

Group

www folder
- Available on the World Wide Web
- Readable by anyone (only writable by members of the group)
everything else
- Not available on the World Wide Web
- Can be accessed only by members of the group

Why would I want to change this?

Most users won't need to change this. Web pages go in www, everything else outside of it. But there are cases where you might want to restrict or permit different access; here are some common examples:

Allow a specific group (for example, a class group) to access web pages, but restrict them from everyone else.
Allow users or group members to upload files to a "digital drop-box".
Allow other users to access files that are not available on the web.

These pages explain how to change your access controls.

Methods to avoid

ZFS uses NFS version 4 Access Control Lists (ACLs) for file and folder permissions. Some of you may be used to changing file and folder permissions on other systems, using other methods. Some of these should be avoided on ZFS, because they do an incomplete job and can cause trouble in the long run.

chmod: This Unix command is not intended to set ACLs, but rather file system modes. In ZFS, these are translated into ACLs, but using chmod on a file that already has complex ACLs might prevent them from working as expected.
setfacl: This Linux command is used for setting older versions of ACLs; like chmod, it may interfere with complex permissions.
SFTP clients: Some SFTP programs, such as WinSCP3 that is recommended by eHelp, allow you to change file and folder permissions. They are effectively using chmod, and should be avoided for the same reasons.
Older versions of Windows: You really shouldn't be using versions of Windows prior to XP anyway, but if you do, they don't support NFS version 4 ACLs, and so you may get inconsistent results.