3 fs cleanacl - Remove obsolete entries from an ACL
7 fs cleanacl [B<-path> I<dir/file path> [I<dir/file path> ...]] [B<-help>]
9 fs cl [B<-p> I<dir/file path> [I<dir/file path> ...]] [B<-h>]
13 The C<fs cleanacl> command removes from the access control list (ACL) of
14 each specified directory or file any entry that refers to a user or
15 group that no longer has a Protection Database entry. Such an entry
16 appears on the ACL as an AFS user ID number (UID) rather than a name,
17 because without a Protection Database entry, the File Server cannot
18 translate the UID into a name.
20 Cleaning access control lists in this way not only keeps them from
21 becoming crowded with irrelevant information, but also prevents the
22 new possessor of a recycled AFS UID from obtaining access intended for
23 the former possessor of the AFS UID. (Note that recycling UIDs is not
24 recommended in any case.)
30 =item B<-path> I<dir/file path> [I<dir/file path> ...]
32 Names each directory for which to clean the ACL (specifying a
33 filename cleans its directory's ACL). If this argument is
34 omitted, the current working directory's ACL is cleaned.
36 Specify the read/write path to each directory, to avoid the
37 failure that results from attempting to change a read-only
38 volume. By convention, the read/write path is indicated by
39 placing a period before the cell name at the pathname's second
40 level (for example, B</afs/.abc.com>). For further discussion of
41 the concept of read/write and read-only paths through the
42 filespace, see the L<fs_mkmount(1)> reference page.
46 Prints the online help for this command. All other valid
53 If there are no obsolete entries on the ACL, the following message
56 Access list for I<dir/file path> is fine.
58 Otherwise, the output reports the resulting state of the ACL,
61 Access list for I<dir/file path> is now
63 At the same time, the following error message appears for each file in
64 the cleaned directories:
66 fs: 'I<filename>': Not a directory
70 The following example illustrates the cleaning of the ACLs on the
71 current working directory and two of its subdirectories. Only the
72 second subdirectory had obsolete entries on it.
74 fs cleanacl -path . ./reports ./sources
75 Access list for . is fine.
76 Access list for ./reports is fine.
77 Access list for ./sources is now
82 =head1 PRIVILEGE REQUIRED
84 The issuer must have the B<a> (B<administer>) permission on each directory's
85 ACL (or the ACL of each file's parent directory); the directory's
86 owner and the members of the B<system:administrators> group have the
87 right implicitly, even if it does not appear on the ACL.
91 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
93 Converted from html to pod by Alf Wachsmann <alfw@slac.stanford.edu>, 2003,
94 and Elizabeth Cassell <e_a_c@mailsnare.net>, 2004,
95 Stanford Linear Accelerator Center, a department of Stanford University.