LinuxGuruz
Toll Free Numbers
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads
  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    fs_setacl

    
    
    

    SYNOPSIS

           fs setacl -dir <directory>+ -acl <access list entries>+
               [-clear] [-negative] [-id] [-if] [-help]
    
           fs sa -d <directory>+ -a <access list entries>+
               [-c] [-n] [-id] [-if] [-h]
    
           fs seta -d <directory>+ -a <access list entries>+
               [-c] [-n] [-id] [-if] [-h]
    
    
    

    DESCRIPTION

           The fs setacl command adds the access control list (ACL) entries
           specified with the -acl argument to the ACL of each directory named by
           the -dir argument.
    
           If the -dir argument designates a pathname in DFS filespace (accessed
           via the AFS/DFS Migration Toolkit Protocol Translator), it can be a
           file as well as a directory. The ACL must already include an entry for
           "mask_obj", however.
    
           Only user and group entries are acceptable values for the -acl
           argument. Do not place machine entries (IP addresses) directly on an
           ACL; instead, make the machine entry a group member and place the group
           on the ACL.
    
           To completely erase the existing ACL before adding the new entries,
           provide the -clear flag. To add the specified entries to the "Negative
           rights" section of the ACL (deny rights to specified users or groups),
           provide the -negative flag.
    
           To display an ACL, use the fs listacl command. To copy an ACL from one
           directory to another, use the fs copyacl command.
    
    
    

    CAUTIONS

           If the ACL already grants certain permissions to a user or group, the
           permissions specified with the fs setacl command replace the existing
           permissions, rather than being added to them.
    
           Setting negative permissions is generally unnecessary and not
           recommended. Simply omitting a user or group from the "Normal rights"
           section of the ACL is normally adequate to prevent access. In
           particular, note that it is futile to deny permissions that are granted
           to members of the system:anyuser group on the same ACL; the user needs
           only to issue the unlog command to receive the denied permissions.
    
           When including the -clear option, be sure to reinstate an entry for
           each directory's owner that includes at least the "l" (lookup)
           permission. Without that permission, it is impossible to resolve the
           "dot" (".") and "dot dot" ("..") shorthand from within the directory.
           (The directory's owner does implicitly have the "a" (administer)
           permission even on a cleared ACL, but must know to use it to add other
           permissions.)
    
           -acl <access list entries>+
               Defines a list of one or more ACL entries, each a pair that names:
    
               ?   A user name or group name as listed in the Protection Database.
    
               ?   One or more ACL permissions, indicated either by combining the
                   individual letters or by one of the four acceptable shorthand
                   words.
    
               in that order, separated by a space (thus every instance of this
               argument has two parts). The accepted AFS abbreviations and
               shorthand words, and the meaning of each, are as follows:
    
               a (administer)
                   Change the entries on the ACL.
    
               d (delete)
                   Remove files and subdirectories from the directory or move them
                   to other directories.
    
               i (insert)
                   Add files or subdirectories to the directory by copying, moving
                   or creating.
    
               k (lock)
                   Set read locks or write locks on the files in the directory.
    
               l (lookup)
                   List the files and subdirectories in the directory, stat the
                   directory itself, and issue the fs listacl command to examine
                   the directory's ACL.
    
               r (read)
                   Read the contents of files in the directory; issue the "ls -l"
                   command to stat the elements in the directory.
    
               w (write)
                   Modify the contents of files in the directory, and issue the
                   UNIX chmod command to change their mode bits.
    
               A, B, C, D, E, F, G, H
                   Have no default meaning to the AFS server processes, but are
                   made available for applications to use in controlling access to
                   the directory's contents in additional ways. The letters must
                   be uppercase.
    
               all Equals all seven permissions ("rlidwka").
    
               none
                   No permissions. Removes the user/group from the ACL, but does
                   not guarantee they have no permissions if they belong to groups
    
               Granting the "l" (lookup) and "i" (insert) permissions without
               granting the "w" (write) and/or "r" (read) permissions is a special
               case, and grants rights approrpriate for "dropbox" directories. See
               the DROPBOXES section for details.
    
               If setting ACLs on a pathname in DFS filespace, see the DFS
               documentation for the proper format and acceptable values for DFS
               ACL entries.
    
           -clear
               Removes all existing entries on each ACL before adding the entries
               specified with the -acl argument.
    
           -negative
               Places the specified ACL entries in the "Negative rights" section
               of each ACL, explicitly denying the rights to the user or group,
               even if entries on the accompanying "Normal rights" section of the
               ACL grant them permissions.
    
               This argument is not supported for DFS files or directories,
               because DFS does not implement negative ACL permissions.
    
           -id Places the ACL entries on the Initial Container ACL of each DFS
               directory, which are the only file system objects for which this
               flag is supported.
    
           -if Places the ACL entries on the Initial Object ACL of each DFS
               directory, which are the only file system objects for which this
               flag is supported.
    
           -help
               Prints the online help for this command. All other valid options
               are ignored.
    
    
    

    DROPBOXES

           If an accessing user has the "l" (read) and "i" (insert) permissions on
           a directory, but not the "w" (write) and/or "r" (read) permissions, the
           user is implicitly granted the ability to write and/or read any file
           they create in that directory, until they close the file. This is to
           allow "dropbox"-style directories to exist, where users can deposit
           files, but cannot modify them later nor can they modify or read any
           files deposited in the directory by other users.
    
           Note, however, that the dropbox functionality is not perfect. The
           fileserver does not have knowledge of when a file is opened or closed
           on the client, and so the fileserver always allows an accessing user to
           read or write to a file in a "dropbox" directory if they own the file.
           While the client prevents the user from reading or modifying their
           deposited file later, this is not enforced on the fileserver, and so
           should not be relied on for security.
    
           Additionally, if "dropbox" permissions are granted to "system:anyuser",
    
    
    

    EXAMPLES

           The following example adds two entries to the "Normal rights" section
           of the current working directory's ACL: the first entry grants "r"
           (read) and "l" (lookup) permissions to the group pat:friends, while the
           other (using the "write" shorthand) gives all permissions except "a"
           (administer) to the user "smith".
    
              % fs setacl -dir . -acl pat:friends rl smith write
    
              % fs listacl -path .
              Access list for . is
              Normal rights:
                 pat:friends rl
                 smith rlidwk
    
           The following example includes the -clear flag, which removes the
           existing permissions (as displayed with the fs listacl command) from
           the current working directory's reports subdirectory and replaces them
           with a new set.
    
              % fs listacl -dir reports
              Access list for reports is
              Normal rights:
                 system:authuser rl
                 pat:friends rlid
                 smith rlidwk
                 pat rlidwka
              Negative rights:
                 terry rl
    
              % fs setacl -clear -dir reports -acl pat all smith write system:anyuser rl
    
              % fs listacl -dir reports
              Access list for reports is
              Normal rights:
                 system:anyuser rl
                 smith rlidwk
                 pat rlidwka
    
           The following example use the -dir and -acl switches because it sets
           the ACL for more than one directory (both the current working directory
           and its public subdirectory).
    
              % fs setacl -dir . public -acl pat:friends rli
    
              % fs listacl -path . public
              Access list for . is
              Normal rights:
                 pat rlidwka
                 pat:friends rli
              Access list for public is
              Normal rights:
    
           this special permission.
    
    
    

    SEE ALSO

           fs_copyacl(1), fs_listacl(1), fs_mkmount(1)
    
    
    

    COPYRIGHT

           IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
    
           This documentation is covered by the IBM Public License Version 1.0.
           It was converted from HTML to POD by software written by Chas Williams
           and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
    
    
    

    OpenAFS 2012-03-26 FS_SETACL(1)

    
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

Toll Free Numbers

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz