openafs/doc/html/AdminReference/auarf136.htm

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records  ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID      -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30                -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved    --> 
<BODY bgcolor="ffffff"> 
<!-- End Header Records  ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf135.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf137.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<P>
<H2><A NAME="HDRFS_COPYACL" HREF="auarf002.htm#ToC_150">fs copyacl</A></H2>
<A NAME="IDX4753"></A>
<A NAME="IDX4754"></A>
<A NAME="IDX4755"></A>
<A NAME="IDX4756"></A>
<P><STRONG>Purpose</STRONG>
<P>Copies an ACL from one directory to one or more other directories
<P><STRONG>Synopsis</STRONG>
<PRE><B>fs copyacl -fromdir</B> &lt;<VAR>source&nbsp;directory&nbsp;(or&nbsp;DFS&nbsp;file)</VAR>>  
           <B>-todir</B> &lt;<VAR>destination&nbsp;directory&nbsp;(or&nbsp;DFS&nbsp;file)</VAR>><SUP>+</SUP>  
           [<B>-clear</B>]  [<B>-id</B>]  [<B>-if</B>]  [<B>-help</B>]
   
<B>fs co -f</B> &lt;<VAR>source&nbsp;directory&nbsp;(or&nbsp;DFS&nbsp;file)</VAR>>  
      <B>-t</B> &lt;<VAR>destination&nbsp;directory&nbsp;(or&nbsp;DFS&nbsp;file)</VAR>><SUP>+</SUP>  
      [<B>-c</B>]  [<B>-id</B>]  [<B>-if</B>]  [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>fs copyacl</B> command copies the access control list (ACL) from
a source directory to each specified destination directory. The source
directory's ACL is unchanged, and changes to the destination
directory's ACL obey the following rules:
<UL>
<P><LI>If an entry on the source ACL does not already exist on the destination
ACL, it is added.
<P><LI>If an entry exists on both the source and destination ACLs, the
permissions from the source ACL entry replace the current permissions on the
destination ACL entry.
<P><LI>If an entry on the destination ACL has no corresponding entry on the
source ACL, it is removed if the <B>-clear</B> flag is included and is
unchanged otherwise. In other words, if the <B>-clear</B> flag is
provided, the source ACL completely replaces the destination ACL.
</UL>
<P>When using this command to copy ACLs between objects in DFS filespace
accessed via the AFS/DFS Migration Toolkit Protocol Translator, it is possible
to specify files, as well as directories, with the <B>-fromdir</B> and
<B>-todir</B> arguments. For more information on copying ACLs
between DFS directories and files, refer to the <I>IBM AFS/DFS Migration
Toolkit Administration Guide and Reference</I>.
<P><STRONG>Cautions</STRONG>
<P>Do not copy ACLs between AFS and DFS files or directories. The ACL
formats are incompatible.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-fromdir
</B><DD>Specifies the source directory from which to copy the ACL.
(Specifying an AFS file copies its directory's ACL, but specifying a DFS
file copies its own ACL). A partial pathname is interpreted relative to
the current working directory.
<P><DT><B>-todir
</B><DD>Specifies each directory for which to alter the ACL to match the source
ACL. (Specifying an AFS file halts the command with an error, but
specifying a DFS file alters the file's ACL). A partial pathname
is interpreted relative to the current working directory.
<P>Specify the read/write path to each directory (or DFS file), to avoid the
failure that results from attempting to change a read-only volume. By
convention, the read/write path is indicated by placing a period before the
cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
<B>fs mkmount</B> reference page.
<P><DT><B>-clear
</B><DD>Replaces the ACL of each destination directory with the source ACL.
<P><DT><B>-id
</B><DD>Modifies the Initial Container ACL of each DFS directory named by the
<B>-todir</B> argument, rather than the regular Object ACL. This
argument is supported only when both the source and each destination directory
reside in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol
Translator.
<P><DT><B>-if
</B><DD>Modifies the Initial Object ACL of each DFS directory named by the
<B>-todir</B> argument, rather than the regular Object ACL. This
argument is supported only when both the source and each destination directory
reside in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol
Translator.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Examples</STRONG>
<P>The following example command copies the current working directory's
ACL to its subdirectory called <B>reports</B>. Note that the source
directory's ACL is unaffected. Entries on the <B>reports</B>
directory's that are not on the source ACL of the current directory
remain unaffected as well, because the <B>-clear</B> flag is not
used.
<PRE>   % <B>fs listacl . reports</B>
   Access list for . is
   Normal rights:
      pat rlidwka
      smith rlidwk
   Access list for reports is
   Normal rights:
      pat rl
      pat:friends rl
   Negative rights
      jones rlidwka
   
   % <B>fs copyacl -fromdir . -todir reports</B>
   
   % <B>fs listacl . reports</B>
   Access list for . is
   Normal rights:
      pat rlidwka
      smith rlidwk
   Access list for reports is
   Normal rights:
      pat rlidwka
      pat:friends rl
      smith rlidwk
   Negative rights
      jones rlidwka
   
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>To copy an ACL between AFS objects, the issuer must have the <B>l</B>
(<B>lookup)</B>) permission on the source directory's ACL and the
<B>a</B> (<B>administer</B>) permission on each destination
directory's ACL. If the <B>-fromdir</B> argument names a file
rather than a directory, the issuer must have both the <B>l</B> and
<B>r</B> (<B>read</B>) permissions on the ACL of the file's
directory.
<P>To copy an ACL between DFS objects, the issuer must have the <B>r</B>
permission on the source directory or file's ACL and the <B>c</B>
(<B>control</B>) permission on each destination directory or file's
ACL.
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf148.htm#HDRFS_LISTACL">fs listacl</A>
<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
<P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
<P><I>IBM AFS/DFS Migration Toolkit Administration Guide and Reference</I>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf135.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf137.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<!-- Begin Footer Records  ========================================== -->
<P><HR><B> 
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A>  All Rights Reserved 
</B> 
<!-- End Footer Records  ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>