3 fs_listacl - Displays ACLs
10 B<fs listacl> S<<< [B<-path> <I<dir/file path>>+] >>> [B<-id>] [B<-if>] [B<-cmd>] [B<-help>]
12 B<fs la> S<<< [B<-p> <I<dir/file path>>+] >>> [B<-id>] [B<-if>] [B<-cmd>] [B<-h>]
14 B<fs lista> S<<< [B<-p> <I<dir/file path>>+] >>> [B<-id>] [B<-if>] [B<-cmd>] [B<-h>]
21 The B<fs listacl> command displays the access control list (ACL)
22 associated with each specified file, directory, or symbolic link. The
23 specified element can reside in the DFS filespace if the issuer is using
24 the AFS/DFS Migration Toolkit Protocol Translator to access DFS data (and
25 DFS does implement per-file ACLs). To display the ACL of the current
26 working directory, omit the B<-path> argument.
28 To alter an ACL, use the B<fs setacl> command. To copy an ACL from one
29 directory to another, use the B<fs copyacl> command. To remove obsolete
30 entries from an ACL, use the B<fs cleanacl> command.
34 Placing a user or group on the C<Negative rights> section of the ACL does
35 not guarantee denial of permissions, if the C<Normal rights> section
36 grants the permissions to members of the system:anyuser group. In that
37 case, the user needs only to issue the B<unlog> command to obtain the
38 permissions granted to the system:anyuser group.
44 =item B<-path> <I<dir/file path>>+
46 Names each directory or file for which to display the ACL. For AFS files,
47 the output displays the ACL from the file's parent directory; DFS files do
48 have their own ACL. Incomplete pathnames are interpreted relative to the
49 current working directory, which is also the default value if this
54 Displays the Initial Container ACL of each DFS directory. This argument is
55 supported only on DFS directories accessed via the AFS/DFS Migration
56 Toolkit Protocol Translator.
60 Displays the Initial Object ACL of each DFS directory. This argument is
61 supported only on DFS directories accessed via the AFS/DFS Migration
62 Toolkit Protocol Translator.
66 Outputs an B<fs setacl> command string that can be used to recreate
67 the ACL applied to the specified file, directory or symbolic link.
71 Prints the online help for this command. All other valid options are
78 The first line of the output for each file, directory, or symbolic link
81 Access list for <directory> is
83 If the issuer used shorthand notation in the pathname, such as the period
84 (C<.>) to represent the current current directory, that notation sometimes
85 appears instead of the full pathname of the directory.
87 Next, the C<Normal rights> header precedes a list of users and groups who
88 are granted the indicated permissions, with one pairing of user or group
89 and permissions on each line. If negative permissions have been assigned
90 to any user or group, those entries follow a C<Negative rights>
91 header. The format of negative entries is the same as those on the
92 C<Normal rights> section of the ACL, but the user or group is denied
93 rather than granted the indicated permissions.
95 AFS does not implement per-file ACLs, so for a file the command displays
96 the ACL on its directory. The output for a symbolic link displays the ACL
97 that applies to its target file or directory, rather than the ACL on the
98 directory that houses the symbolic link.
100 The permissions for AFS enable the possessor to perform the indicated
107 Change the entries on the ACL.
111 Remove files and subdirectories from the directory or move them to other
116 Add files or subdirectories to the directory by copying, moving or
121 Set read locks or write locks on the files in the directory.
125 List the files and subdirectories in the directory, stat the directory
126 itself, and issue the B<fs listacl> command to examine the directory's
131 Read the contents of files in the directory; issue the C<ls -l> command to
132 stat the elements in the directory.
136 Modify the contents of files in the directory, and issue the UNIX B<chmod>
137 command to change their mode bits
139 =item A, B, C, D, E, F, G, H
141 Have no default meaning to the AFS server processes, but are made
142 available for applications to use in controlling access to the directory's
143 contents in additional ways. The letters must be uppercase.
147 For DFS files and directories, the permissions are similar, except that
148 the DFS C<x> (execute) permission replaces the AFS C<l> (lookup)
149 permission, DFS C<c> (control) replaces AFS C<a> (administer), and there
150 is no DFS equivalent to the AFS C<k> (lock) permission. The meanings of
151 the various permissions also differ slightly, and DFS does not implement
152 negative permissions. For a complete description of DFS permissions, see
153 the DFS documentation.
157 The following command displays the ACL on the home directory of the user
158 C<pat> (the current working directory), and on its C<private>
161 % fs listacl -path . private
169 Access list for private is
173 The following command generates the B<fs setacl> command required to
174 recreate the ACL on the home directory of the user
175 C<pat> (the current working directory), and on its C<private>
178 % fs listacl -path . private -cmd
179 fs setacl -dir . -acl system:authuser rl pat rlidwka pat:friends rlid
180 fs setacl -dir . -acl smith rlidwka -negative
181 fs setacl -dir private -acl pat rlidwka
183 =head1 PRIVILEGE REQUIRED
185 If the B<-path> argument names an AFS directory, the issuer must have the
186 C<l> (lookup) permission on its ACL and the ACL for every directory that
187 precedes it in the pathname.
189 If the B<-path> argument names an AFS file, the issuer must have the C<l>
190 (lookup) and C<r> (read) permissions on the ACL of the file's directory,
191 and the B<l> permission on the ACL of each directory that precedes it in
194 If the B<-path> argument names a DFS directory or file, the issuer must
195 have the C<x> (execute) permission on its ACL and on the ACL of each
196 directory that precedes it in the pathname.
206 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
208 This documentation is covered by the IBM Public License Version 1.0. It was
209 converted from HTML to POD by software written by Chas Williams and Russ
210 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.