3 fs listacl - Displays ACLs
7 B<fs listacl> [B<-path> <I<dir/file path>>+] [B<-id>] [B<-if>] [-help]
9 B<fs la> [B<-p> <I<dir/file path>>+] [B<-id>] [B<-if>] [-h]
11 B<fs lista> [B<-p> <I<dir/file path>>+] [B<-id>] [B<-if>] [-h]
15 The fs listacl command displays the access control list (ACL)
16 associated with each specified file, directory, or symbolic link. The
17 specified element can reside in the DFS filespace if the issuer is using the
18 AFS/DFS Migration Toolkit Protocol Translator to access DFS data (and DFS does
19 implement per-file ACLs). To display the ACL of the current working
20 directory, omit the B<-path> argument.
22 To alter an ACL, use the fs setacl command. To copy an
23 ACL from one directory to another, use the B<fs copyacl>
24 command. To remove obsolete entries from an ACL, use the B<fs
29 Placing a user or group on the C<Negative rights> section of the
30 ACL does not guarantee denial of permissions, if the C<Normal rights>
31 section grants the permissions to members of the
32 B<system:anyuser> group. In that case, the user needs
33 only to issue the B<unlog> command to obtain the permissions granted
34 to the B<system:anyuser> group.
42 Names each directory or file for which to display the ACL. For AFS
43 files, the output displays the ACL from the file's parent directory;
44 DFS files do have their own ACL. Incomplete pathnames are interpreted
45 relative to the current working directory, which is also the default value if
46 this argument is omitted.
50 Displays the Initial Container ACL of each DFS directory. This
51 argument is supported only on DFS directories accessed via the AFS/DFS
52 Migration Toolkit Protocol Translator.
56 Displays the Initial Object ACL of each DFS directory. This
57 argument is supported only on DFS directories accessed via the AFS/DFS
58 Migration Toolkit Protocol Translator.
62 Prints the online help for this command. All other valid options
69 The first line of the output for each file, directory, or symbolic link
72 Access list for I<directory> is
74 If the issuer used shorthand notation in the pathname, such as the period
75 (B<.>) to represent the current current directory, that
76 notation sometimes appears instead of the full pathname of the
79 Next, the C<Normal rights> header precedes a list of users and
80 groups who are granted the indicated permissions, with one pairing of user or
81 group and permissions on each line. If negative permissions have been
82 assigned to any user or group, those entries follow a C<Negative
83 rights> header. The format of negative entries is the same as
84 those on the C<Normal rights> section of the ACL, but the user or
85 group is denied rather than granted the indicated permissions.
87 AFS does not implement per-file ACLs, so for a file the command displays
88 the ACL on its directory. The output for a symbolic link displays the
89 ACL that applies to its target file or directory, rather than the ACL on the
90 directory that houses the symbolic link.
92 The permissions for AFS enable the possessor to perform the indicated
100 (administer): change the entries on the ACL
105 (delete): remove files and subdirectories from the
106 directory or move them to other directories
111 (insert): add files or subdirectories to the directory by
112 copying, moving or creating
117 (lock): set read locks or write locks on the files in the
123 (lookup): list the files and subdirectories in the
124 directory, stat the directory itself, and issue the B<fs listacl>
125 command to examine the directory's ACL
130 (read): read the contents of files in the directory;
131 issue the B<ls -l> command to stat the elements in the directory
136 (write): modify the contents of files in the directory,
137 and issue the UNIX B<chmod> command to change their mode bits
139 =item C<A, C<B>, C<C>, C<D>, C<E>,
143 Have no default meaning to the AFS server processes, but are made
144 available for applications to use in controlling access to the
145 directory's contents in additional ways. The letters must be
150 For DFS files and directories, the permissions are similar, except that the
151 DFS B<x> (B<execute>) permission replaces the AFS B<l>
152 (B<lookup>) permission, DFS B<c> (B<control>) replaces
153 AFS B<a> (B<administer>), and there is no DFS equivalent to
154 the AFS B<k> (B<lock>) permission. The meanings of the
155 various permissions also differ slightly, and DFS does not implement negative
156 permissions. For a complete description of DFS permissions, see the DFS
157 documentation and the I<IBM AFS/DFS Migration Toolkit Administration Guide
162 The following command displays the ACL on the home directory of the user
163 B<pat> (the current working directory), and on its B<private>
166 % fs listacl -path . private
174 Access list for private is
178 =head1 PRIVILEGE REQUIRED
180 If the -path argument names an AFS directory, the issuer must
181 have the B<l> (B<lookup>) permission on its ACL and the ACL
182 for every directory that precedes it in the pathname.
184 If the -path argument names an AFS file, the issuer must have
185 the B<l> (B<lookup>) and B<r> (B<read>)
186 permissions on the ACL of the file's directory, and the B<l>
187 permission on the ACL of each directory that precedes it in the
190 If the -path argument names a DFS directory or file, the issuer
191 must have the B<x> (B<execute>) permission on its ACL and on
192 the ACL of each directory that precedes it in the pathname.
200 I<IBM AFS/DFS Migration Toolkit Administration Guide and Reference>
204 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
206 This documentation is covered by the IBM Public License Version 1.0. It was
207 converted from HTML to POD by software written by Chas Williams and Russ
208 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.