jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-20 07:51:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
de5f1c47e8
openafs/doc/html/AdminReference/auarf148.htm
Derrick Brashear d7da1acc31 initial-html-documentation-20010606 
pull in all documentation from IBM
2001-06-06 19:09:07 +00:00

176 lines
9.0 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved -->
<BODY bgcolor="ffffff">
<!-- End Header Records ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf147.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf149.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<P>
<H2><A NAME="HDRFS_LISTACL" HREF="auarf002.htm#ToC_162">fs listacl</A></H2>
<A NAME="IDX4854"></A>
<A NAME="IDX4855"></A>
<A NAME="IDX4856"></A>
<A NAME="IDX4857"></A>
<A NAME="IDX4858"></A>
<A NAME="IDX4859"></A>
<P><STRONG>Purpose</STRONG>
<P>Displays ACLs
<P><STRONG>Synopsis</STRONG>
<PRE><B>fs listacl</B> [<B>-path</B> &lt;<VAR>dir/file&nbsp;path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-help</B>]
<B>fs la</B> [<B>-p</B> &lt;<VAR>dir/file&nbsp;path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
<B>fs lista</B> [<B>-p</B> &lt;<VAR>dir/file&nbsp;path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>fs listacl</B> command displays the access control list (ACL)
associated with each specified file, directory, or symbolic link. The
specified element can reside in the DFS filespace if the issuer is using the
AFS/DFS Migration Toolkit Protocol Translator to access DFS data (and DFS does
implement per-file ACLs). To display the ACL of the current working
directory, omit the <B>-path</B> argument.
<P>To alter an ACL, use the <B>fs setacl</B> command. To copy an
ACL from one directory to another, use the <B>fs copyacl</B>
command. To remove obsolete entries from an ACL, use the <B>fs
cleanacl</B> command.
<P><STRONG>Cautions</STRONG>
<P>Placing a user or group on the <TT>Negative rights</TT> section of the
ACL does not guarantee denial of permissions, if the <TT>Normal rights</TT>
section grants the permissions to members of the
<B>system:anyuser</B> group. In that case, the user needs
only to issue the <B>unlog</B> command to obtain the permissions granted
to the <B>system:anyuser</B> group.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-path
</B><DD>Names each directory or file for which to display the ACL. For AFS
files, the output displays the ACL from the file's parent directory;
DFS files do have their own ACL. Incomplete pathnames are interpreted
relative to the current working directory, which is also the default value if
this argument is omitted.
<P><DT><B>-id
</B><DD>Displays the Initial Container ACL of each DFS directory. This
argument is supported only on DFS directories accessed via the AFS/DFS
Migration Toolkit Protocol Translator.
<P><DT><B>-if
</B><DD>Displays the Initial Object ACL of each DFS directory. This
argument is supported only on DFS directories accessed via the AFS/DFS
Migration Toolkit Protocol Translator.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Output</STRONG>
<P>The first line of the output for each file, directory, or symbolic link
reads as follows:
<PRE> Access list for <VAR>directory</VAR> is
</PRE>
<P>If the issuer used shorthand notation in the pathname, such as the period
(<B>.</B>) to represent the current current directory, that
notation sometimes appears instead of the full pathname of the
directory.
<P>Next, the <TT>Normal rights</TT> header precedes a list of users and
groups who are granted the indicated permissions, with one pairing of user or
group and permissions on each line. If negative permissions have been
assigned to any user or group, those entries follow a <TT>Negative
rights</TT> header. The format of negative entries is the same as
those on the <TT>Normal rights</TT> section of the ACL, but the user or
group is denied rather than granted the indicated permissions.
<P>AFS does not implement per-file ACLs, so for a file the command displays
the ACL on its directory. The output for a symbolic link displays the
ACL that applies to its target file or directory, rather than the ACL on the
directory that houses the symbolic link.
<P>The permissions for AFS enable the possessor to perform the indicated
action:
<DL>
<P><DT><B><TT>a</TT>
</B><DD>(<B>administer</B>): change the entries on the ACL
<P><DT><B><TT>d</TT>
</B><DD>(<B>delete</B>): remove files and subdirectories from the
directory or move them to other directories
<P><DT><B><TT>i</TT>
</B><DD>(<B>insert</B>): add files or subdirectories to the directory by
copying, moving or creating
<P><DT><B><TT>k</TT>
</B><DD>(<B>lock</B>): set read locks or write locks on the files in the
directory
<P><DT><B><TT>l</TT>
</B><DD>(<B>lookup</B>): list the files and subdirectories in the
directory, stat the directory itself, and issue the <B>fs listacl</B>
command to examine the directory's ACL
<P><DT><B><TT>r</TT>
</B><DD>(<B>read</B>): read the contents of files in the directory;
issue the <B>ls -l</B> command to stat the elements in the directory
<P><DT><B><TT>w</TT>
</B><DD>(<B>write</B>): modify the contents of files in the directory,
and issue the UNIX <B>chmod</B> command to change their mode bits
<P><DT><B><TT>A</TT>, <TT>B</TT>, <TT>C</TT>, <TT>D</TT>, <TT>E</TT>,
<TT>F</TT>, <TT>G</TT>, <TT>H</TT>:
</B><DD>Have no default meaning to the AFS server processes, but are made
available for applications to use in controlling access to the
directory's contents in additional ways. The letters must be
uppercase.
</DL>
<P>For DFS files and directories, the permissions are similar, except that the
DFS <B>x</B> (<B>execute</B>) permission replaces the AFS <B>l</B>
(<B>lookup</B>) permission, DFS <B>c</B> (<B>control</B>) replaces
AFS <B>a</B> (<B>administer</B>), and there is no DFS equivalent to
the AFS <B>k</B> (<B>lock</B>) permission. The meanings of the
various permissions also differ slightly, and DFS does not implement negative
permissions. For a complete description of DFS permissions, see the DFS
documentation and the <I>IBM AFS/DFS Migration Toolkit Administration Guide
and Reference</I>.
<P><STRONG>Examples</STRONG>
<P>The following command displays the ACL on the home directory of the user
<B>pat</B> (the current working directory), and on its <B>private</B>
subdirectory.
<PRE> % <B>fs listacl -path . private</B>
Access list for . is
Normal rights:
system:authuser rl
pat rlidwka
pat:friends rlid
Negative rights:
smith rlidwka
Access list for private is
Normal rights:
pat rlidwka
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>If the <B>-path</B> argument names an AFS directory, the issuer must
have the <B>l</B> (<B>lookup</B>) permission on its ACL and the ACL
for every directory that precedes it in the pathname.
<P>If the <B>-path</B> argument names an AFS file, the issuer must have
the <B>l</B> (<B>lookup</B>) and <B>r</B> (<B>read</B>)
permissions on the ACL of the file's directory, and the <B>l</B>
permission on the ACL of each directory that precedes it in the
pathname.
<P>If the <B>-path</B> argument names a DFS directory or file, the issuer
must have the <B>x</B> (<B>execute</B>) permission on its ACL and on
the ACL of each directory that precedes it in the pathname.
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf135.htm#HDRFS_CLEANACL">fs cleanacl</A>
<P><A HREF="auarf136.htm#HDRFS_COPYACL">fs copyacl</A>
<P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
<P><I>IBM AFS/DFS Migration Toolkit Administration Guide and Reference</I>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf147.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf149.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<!-- Begin Footer Records ========================================== -->
<P><HR><B>
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
</B>
<!-- End Footer Records ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>
Reference in New Issue View Git Blame Copy Permalink