Creating and setting AFS permissions on your public_html directory

In order to serve your pages, the Web server must have at least read permissions on your public_html directory and at least lookup permissions on your home directory. By default, home directories are created with appropriate permissions for read-only access, and the public_html directory will inherit those defaults, but if you change the permissions on either, here are the minimum requirements:

• If you need to keep some of the data in your site private using .htaccess files or other Web-server access control, you need to change the permissions on the ~/public_html directory, or the subdirectory of ~/public_html where those files are located, using the following command:

  fs setacl DIRECTORY-TO-PROTECT system:anyuser none www read
  

• If you want to restrict access to the data to authenticated CSAIL users (which includes the Web server) you can instead use:

  fs setacl DIRECTORY-TO-PROTECT system:anyuser none system:authuser read
  

For other information about permissions in AFS, see our AFS Intro or the more detailed OpenAFS site.