3 fs listacl - Displays ACLs
7 B<fs listacl> [B<-path> <I<dir/file path>>+] [B<-id>] [B<-if>] [B<-help>]
9 B<fs la> [B<-p> <I<dir/file path>>+] [B<-id>] [B<-if>] [B<-h>]
11 B<fs lista> [B<-p> <I<dir/file path>>+] [B<-id>] [B<-if>] [B<-h>]
15 The B<fs listacl> command displays the access control list (ACL)
16 associated with each specified file, directory, or symbolic link. The
17 specified element can reside in the DFS filespace if the issuer is using
18 the AFS/DFS Migration Toolkit Protocol Translator to access DFS data (and
19 DFS does implement per-file ACLs). To display the ACL of the current
20 working directory, omit the B<-path> argument.
22 To alter an ACL, use the fs setacl command. To copy an ACL from one
23 directory to another, use the B<fs copyacl> command. To remove obsolete
24 entries from an ACL, use the B<fs cleanacl> command.
28 Placing a user or group on the C<Negative rights> section of the ACL does
29 not guarantee denial of permissions, if the C<Normal rights> section
30 grants the permissions to members of the system:anyuser group. In that
31 case, the user needs only to issue the B<unlog> command to obtain the
32 permissions granted to the system:anyuser group.
38 =item B<-path> <I<dir/file path>>+
40 Names each directory or file for which to display the ACL. For AFS files,
41 the output displays the ACL from the file's parent directory; DFS files do
42 have their own ACL. Incomplete pathnames are interpreted relative to the
43 current working directory, which is also the default value if this
48 Displays the Initial Container ACL of each DFS directory. This argument is
49 supported only on DFS directories accessed via the AFS/DFS Migration
50 Toolkit Protocol Translator.
54 Displays the Initial Object ACL of each DFS directory. This argument is
55 supported only on DFS directories accessed via the AFS/DFS Migration
56 Toolkit Protocol Translator.
60 Prints the online help for this command. All other valid options are
67 The first line of the output for each file, directory, or symbolic link
70 Access list for <directory> is
72 If the issuer used shorthand notation in the pathname, such as the period
73 (C<.>) to represent the current current directory, that notation sometimes
74 appears instead of the full pathname of the directory.
76 Next, the C<Normal rights> header precedes a list of users and groups who
77 are granted the indicated permissions, with one pairing of user or group
78 and permissions on each line. If negative permissions have been assigned
79 to any user or group, those entries follow a C<Negative rights>
80 header. The format of negative entries is the same as those on the
81 C<Normal rights> section of the ACL, but the user or group is denied
82 rather than granted the indicated permissions.
84 AFS does not implement per-file ACLs, so for a file the command displays
85 the ACL on its directory. The output for a symbolic link displays the ACL
86 that applies to its target file or directory, rather than the ACL on the
87 directory that houses the symbolic link.
89 The permissions for AFS enable the possessor to perform the indicated
96 Change the entries on the ACL.
100 Remove files and subdirectories from the directory or move them to other
105 Add files or subdirectories to the directory by copying, moving or
110 Set read locks or write locks on the files in the directory.
114 List the files and subdirectories in the directory, stat the directory
115 itself, and issue the B<fs listacl> command to examine the directory's
120 Read the contents of files in the directory; issue the C<ls -l> command to
121 stat the elements in the directory.
125 Modify the contents of files in the directory, and issue the UNIX B<chmod>
126 command to change their mode bits
128 =item A, B, C, D, E, F, G, H
130 Have no default meaning to the AFS server processes, but are made
131 available for applications to use in controlling access to the directory's
132 contents in additional ways. The letters must be uppercase.
136 For DFS files and directories, the permissions are similar, except that
137 the DFS C<x> (execute) permission replaces the AFS C<l> (lookup)
138 permission, DFS C<c> (control) replaces AFS C<a> (administer), and there
139 is no DFS equivalent to the AFS C<k> (lock) permission. The meanings of
140 the various permissions also differ slightly, and DFS does not implement
141 negative permissions. For a complete description of DFS permissions, see
142 the DFS documentation and the I<IBM AFS/DFS Migration Toolkit
143 Administration Guide and Reference>.
147 The following command displays the ACL on the home directory of the user
148 C<pat> (the current working directory), and on its C<private>
151 % fs listacl -path . private
159 Access list for private is
163 =head1 PRIVILEGE REQUIRED
165 If the B<-path> argument names an AFS directory, the issuer must have the
166 C<l> (lookup) permission on its ACL and the ACL for every directory that
167 precedes it in the pathname.
169 If the B<-path> argument names an AFS file, the issuer must have the C<l>
170 (lookup) and C<r> (read) permissions on the ACL of the file's directory,
171 and the B<l> permission on the ACL of each directory that precedes it in
174 If the B<-path> argument names a DFS directory or file, the issuer must
175 have the C<x> (execute) permission on its ACL and on the ACL of each
176 directory that precedes it in the pathname.
184 I<IBM AFS/DFS Migration Toolkit Administration Guide and Reference>
188 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
190 This documentation is covered by the IBM Public License Version 1.0. It was
191 converted from HTML to POD by software written by Chas Williams and Russ
192 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.