mirror of
https://git.openafs.org/openafs.git
synced 2025-01-22 08:50:17 +00:00
6ef9f39335
The NAME heading for man pages can't contain a space in the program side or the man pages won't index with some man implementations.
106 lines
3.1 KiB
Plaintext
106 lines
3.1 KiB
Plaintext
=head1 NAME
|
|
|
|
fs_cleanacl - Remove obsolete entries from an ACL
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
=for html
|
|
<div class="synopsis">
|
|
|
|
B<fs cleanacl> S<<< [B<-path> <I<dir/file path>>+] >>> [B<-help>]
|
|
|
|
B<fs cl> S<<< [B<-p> <I<dir/file path>>+] >>> [B<-h>]
|
|
|
|
=for html
|
|
</div>
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The B<fs cleanacl> command removes from the access control list (ACL) of
|
|
each specified directory or file any entry that refers to a user or group
|
|
that no longer has a Protection Database entry. Such an entry appears on
|
|
the ACL as an AFS user ID number (UID) rather than a name, because without
|
|
a Protection Database entry, the File Server cannot translate the UID into
|
|
a name.
|
|
|
|
Cleaning access control lists in this way not only keeps them from
|
|
becoming crowded with irrelevant information, but also prevents the new
|
|
possessor of a recycled AFS UID from obtaining access intended for the
|
|
former possessor of the AFS UID. (Note that recycling UIDs is not
|
|
recommended in any case.)
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-path> <I<dir/file path>>+
|
|
|
|
Names each directory for which to clean the ACL (specifying a filename
|
|
cleans its directory's ACL). If this argument is omitted, the current
|
|
working directory's ACL is cleaned.
|
|
|
|
Specify the read/write path to each directory, to avoid the failure that
|
|
results from attempting to change a read-only volume. By convention, the
|
|
read/write path is indicated by placing a period before the cell name at
|
|
the pathname's second level (for example, F</afs/.abc.com>). For further
|
|
discussion of the concept of read/write and read-only paths through the
|
|
filespace, see the B<fs mkmount> reference page.
|
|
|
|
=item B<-help>
|
|
|
|
Prints the online help for this command. All other valid options are
|
|
ignored.
|
|
|
|
=back
|
|
|
|
=head1 OUTPUT
|
|
|
|
If there are no obsolete entries on the ACL, the following message
|
|
appears:
|
|
|
|
Access list for <path> is fine.
|
|
|
|
Otherwise, the output reports the resulting state of the ACL, following the
|
|
header
|
|
|
|
Access list for <path> is now
|
|
|
|
At the same time, the following error message appears for each file in the
|
|
cleaned directories:
|
|
|
|
fs: '<filename>': Not a directory
|
|
|
|
=head1 EXAMPLES
|
|
|
|
The following example illustrates the cleaning of the ACLs on the current
|
|
working directory and two of its subdirectories. Only the second
|
|
subdirectory had obsolete entries on it.
|
|
|
|
% fs cleanacl -path . ./reports ./sources
|
|
Access list for . is fine.
|
|
Access list for ./reports is fine.
|
|
Access list for ./sources is now
|
|
Normal rights:
|
|
system:authuser rl
|
|
pat rlidwka
|
|
|
|
=head1 PRIVILEGE REQUIRED
|
|
|
|
The issuer must have the C<a> (administer) permission on each directory's
|
|
ACL (or the ACL of each file's parent directory); the directory's owner
|
|
and the members of the system:administrators group have the right
|
|
implicitly, even if it does not appear on the ACL.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<fs_listacl(1)>,
|
|
L<fs_mkmount(1)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
|
|
|
|
This documentation is covered by the IBM Public License Version 1.0. It was
|
|
converted from HTML to POD by software written by Chas Williams and Russ
|
|
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
|