jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
openafs/doc/man-pages/pod1/fs_cleanacl.pod
Russ Allbery e3dfba8e6c man-page-conversion-20051208 
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages.  The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available.  The Makefile only installs.  The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).

This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.

This is only the first step, and this initial conversion has various
problems.  In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later.  Some of the
man pages have syntax problems and all of them have formatting errors.  The
next editing pass, coming shortly, will clean up most of the remaining
mess.
2005-12-08 12:14:33 +00:00

102 lines
3.0 KiB
Plaintext
Raw Blame History

=head1 NAME
fs cleanacl - Remove obsolete entries from an ACL
=head1 SYNOPSIS
B<fs cleanacl >[B<-path> <I<dir/file path>>+] [-help]
B<fs cl> [B<-p> <I<dir/file path>>+] [-h]
=head1 DESCRIPTION
The fs cleanacl command removes from the access control list
(ACL) of each specified directory or file any entry that refers to a user or
group that no longer has a Protection Database entry. Such an entry
appears on the ACL as an AFS user ID number (UID) rather than a name, because
without a Protection Database entry, the File Server cannot translate the UID
into a name.
Cleaning access control lists in this way not only keeps them from becoming
crowded with irrelevant information, but also prevents the new possessor of a
recycled AFS UID from obtaining access intended for the former possessor of
the AFS UID. (Note that recycling UIDs is not recommended in any
case.)
=head1 OPTIONS
=over 4
=item -path
Names each directory for which to clean the ACL (specifying a filename
cleans its directory's ACL). If this argument is omitted, the
current working directory's ACL is cleaned.
Specify the read/write path to each directory, to avoid the failure that
results from attempting to change a read-only volume. By convention,
the read/write path is indicated by placing a period before the cell name at
the pathname's second level (for example,
B</afs/.abc.com>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
B<fs mkmount> reference page.
=item -help
Prints the online help for this command. All other valid options
are ignored.
=back
=head1 OUTPUT
If there are no obsolete entries on the ACL, the following message
appears:
Access list for I<dir/file path> is fine.
Otherwise, the output reports the resulting state of the ACL, following the
header
Access list for I<dir/file path> is now
At the same time, the following error message appears for each file in the
cleaned directories:
fs: 'I<filename>': Not a directory
=head1 EXAMPLES
The following example illustrates the cleaning of the ACLs on the current
working directory and two of its subdirectories. Only the second
subdirectory had obsolete entries on it.
% fs cleanacl -path . ./reports ./sources
Access list for . is fine.
Access list for ./reports is fine.
Access list for ./sources is now
Normal rights:
system:authuser rl
pat rlidwka
=head1 PRIVILEGE REQUIRED
The issuer must have the B<a> (administer) permission on
each directory's ACL (or the ACL of each file's parent
directory); the directory's owner and the members of the
B<system:administrators> group have the right implicitly, even
if it does not appear on the ACL.
=head1 SEE ALSO
L<fs_listacl(1)>,
L<fs_mkmount(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink