openafs/doc/man-pages/pod1/fs_copyacl.pod

173 lines
5.2 KiB
Plaintext
Raw Normal View History

=head1 NAME
fs_copyacl - Copies an ACL from a directory to one or more other directories
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<fs copyacl> S<<< B<-fromdir> <I<source directory (or DFS file)>> >>>
S<<< B<-todir> <I<destination directory (or DFS file)>>+ >>>
[B<-clear>] [B<-id>] [B<-if>] [-help]
B<fs co> S<<< B<-f> <I<source directory (or DFS file)>> >>>
S<<< B<-t> <I<destination directory (or DFS file)>>+ >>>
[B<-c>] [B<-id>] [B<-if>] [-h]
=for html
</div>
=head1 DESCRIPTION
The fs copyacl command copies the access control list (ACL) from a source
directory to each specified destination directory. The source directory's
ACL is unchanged, and changes to the destination directory's ACL obey the
following rules:
=over 4
=item *
If an entry on the source ACL does not already exist on the destination
ACL, it is added.
=item *
If an entry exists on both the source and destination ACLs, the
permissions from the source ACL entry replace the current permissions on
the destination ACL entry.
=item *
If an entry on the destination ACL has no corresponding entry on the
source ACL, it is removed if the B<-clear> flag is included and is
unchanged otherwise. In other words, if the B<-clear> flag is provided,
the source ACL completely replaces the destination ACL.
=back
When using this command to copy ACLs between objects in DFS filespace
accessed via the AFS/DFS Migration Toolkit Protocol Translator, it is
possible to specify files, as well as directories, with the B<-fromdir>
and B<-todir> arguments.
=head1 CAUTIONS
Do not copy ACLs between AFS and DFS files or directories. The ACL formats
are incompatible.
=head1 OPTIONS
=over 4
=item B<-fromdir> <I<source directory>>
Specifies the source directory from which to copy the ACL. (Specifying an
AFS file copies its directory's ACL, but specifying a DFS file copies its
own ACL.) A partial pathname is interpreted relative to the current
working directory.
=item B<-todir> <I<destination directory>>
Specifies each directory for which to alter the ACL to match the source
ACL. (Specifying an AFS file halts the command with an error, but
specifying a DFS file alters the file's ACL). A partial pathname is
interpreted relative to the current working directory.
Specify the read/write path to each directory (or DFS file), to avoid the
failure that results from attempting to change a read-only volume. By
convention, the read/write path is indicated by placing a period before
the cell name at the pathname's second level (for example,
C</afs/.example.com>). For further discussion of the concept of read/write and
read-only paths through the filespace, see the B<fs mkmount> reference
page.
=item B<-clear>
Replaces the ACL of each destination directory with the source ACL.
=item B<-id>
Modifies the Initial Container ACL of each DFS directory named by the
B<-todir> argument, rather than the regular Object ACL. This argument is
supported only when both the source and each destination directory reside
in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol
Translator.
=item B<-if>
Modifies the Initial Object ACL of each DFS directory named by the
B<-todir> argument, rather than the regular Object ACL. This argument is
supported only when both the source and each destination directory reside
in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol
Translator.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 EXAMPLES
The following example command copies the current working directory's ACL
to its subdirectory called F<reports>. Note that the source directory's
ACL is unaffected. Entries on the F<reports> directory's that are not on
the source ACL of the current directory remain unaffected as well, because
the B<-clear> flag is not used.
% fs listacl . reports
Access list for . is
Normal rights:
pat rlidwka
smith rlidwk
Access list for reports is
Normal rights:
pat rl
pat:friends rl
Negative rights
jones rlidwka
% fs copyacl -fromdir . -todir reports
% fs listacl . reports
Access list for . is
Normal rights:
pat rlidwka
smith rlidwk
Access list for reports is
Normal rights:
pat rlidwka
pat:friends rl
smith rlidwk
Negative rights
jones rlidwka
=head1 PRIVILEGE REQUIRED
To copy an ACL between AFS objects, the issuer must have the C<l> (lookup)
permission on the source directory's ACL and the C<a> (administer)
permission on each destination directory's ACL. If the B<-fromdir>
argument names a file rather than a directory, the issuer must have both
the C<l> and C<r> (read) permissions on the ACL of the file's directory.
To copy an ACL between DFS objects, the issuer must have the r permission
on the source directory or file's ACL and the C<c> (control) permission on
each destination directory or file's ACL.
=head1 SEE ALSO
L<fs_listacl(1)>,
L<fs_mkmount(1)>,
L<fs_setacl(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.