3 fs cleanacl - Remove obsolete entries from an ACL
7 B<fs cleanacl> [B<-path> <I<dir/file path>>+] [B<-help>]
9 B<fs cl> [B<-p> <I<dir/file path>>+] [B<-h>]
13 The B<fs cleanacl> command removes from the access control list (ACL) of
14 each specified directory or file any entry that refers to a user or group
15 that no longer has a Protection Database entry. Such an entry appears on
16 the ACL as an AFS user ID number (UID) rather than a name, because without
17 a Protection Database entry, the File Server cannot translate the UID into
20 Cleaning access control lists in this way not only keeps them from
21 becoming crowded with irrelevant information, but also prevents the new
22 possessor of a recycled AFS UID from obtaining access intended for the
23 former possessor of the AFS UID. (Note that recycling UIDs is not
24 recommended in any case.)
30 =item B<-path> <I<dir/file path>>+
32 Names each directory for which to clean the ACL (specifying a filename
33 cleans its directory's ACL). If this argument is omitted, the current
34 working directory's ACL is cleaned.
36 Specify the read/write path to each directory, to avoid the failure that
37 results from attempting to change a read-only volume. By convention, the
38 read/write path is indicated by placing a period before the cell name at
39 the pathname's second level (for example, F</afs/.abc.com>). For further
40 discussion of the concept of read/write and read-only paths through the
41 filespace, see the B<fs mkmount> reference page.
45 Prints the online help for this command. All other valid options are
52 If there are no obsolete entries on the ACL, the following message
55 Access list for <path> is fine.
57 Otherwise, the output reports the resulting state of the ACL, following the
60 Access list for <path> is now
62 At the same time, the following error message appears for each file in the
65 fs: '<filename>': Not a directory
69 The following example illustrates the cleaning of the ACLs on the current
70 working directory and two of its subdirectories. Only the second
71 subdirectory had obsolete entries on it.
73 % fs cleanacl -path . ./reports ./sources
74 Access list for . is fine.
75 Access list for ./reports is fine.
76 Access list for ./sources is now
81 =head1 PRIVILEGE REQUIRED
83 The issuer must have the C<a> (administer) permission on each directory's
84 ACL (or the ACL of each file's parent directory); the directory's owner
85 and the members of the system:administrators group have the right
86 implicitly, even if it does not appear on the ACL.
95 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
97 This documentation is covered by the IBM Public License Version 1.0. It was
98 converted from HTML to POD by software written by Chas Williams and Russ
99 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.