1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
3 <TITLE>Administration Reference</TITLE>
4 <!-- Begin Header Records ========================================== -->
5 <!-- /tmp/idwt3190/auarf000.scr converted by idb2h R4.2 (359) ID -->
6 <!-- Workbench Version (AIX) on 5 Nov 1999 at 13:58:29 -->
7 <META HTTP-EQUIV="updated" CONTENT="Fri, 05 Nov 1999 13:58:29">
8 <META HTTP-EQUIV="review" CONTENT="Sun, 05 Nov 2000 13:58:29">
9 <META HTTP-EQUIV="expires" CONTENT="Mon, 05 Nov 2001 13:58:29">
11 <!-- (C) IBM Corporation 2000. All Rights Reserved -->
12 <BODY bgcolor="ffffff">
13 <!-- End Header Records ============================================ -->
14 <A NAME="Top_Of_Page"></A>
15 <H1>Administration Reference</H1>
16 <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf147.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf149.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
18 <H2><A NAME="HDRFS_LISTACL" HREF="auarf002.htm#ToC_162">fs listacl</A></H2>
19 <A NAME="IDX4854"></A>
20 <A NAME="IDX4855"></A>
21 <A NAME="IDX4856"></A>
22 <A NAME="IDX4857"></A>
23 <A NAME="IDX4858"></A>
24 <A NAME="IDX4859"></A>
25 <P><STRONG>Purpose</STRONG>
27 <P><STRONG>Synopsis</STRONG>
28 <PRE><B>fs listacl</B> [<B>-path</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-help</B>]
30 <B>fs la</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
32 <B>fs lista</B> [<B>-p</B> <<VAR>dir/file path</VAR>><SUP>+</SUP>] [<B>-id</B>] [<B>-if</B>] [<B>-h</B>]
34 <P><STRONG>Description</STRONG>
35 <P>The <B>fs listacl</B> command displays the access control list (ACL)
36 associated with each specified file, directory, or symbolic link. The
37 specified element can reside in the DFS filespace if the issuer is using the
38 AFS/DFS Migration Toolkit Protocol Translator to access DFS data (and DFS does
39 implement per-file ACLs). To display the ACL of the current working
40 directory, omit the <B>-path</B> argument.
41 <P>To alter an ACL, use the <B>fs setacl</B> command. To copy an
42 ACL from one directory to another, use the <B>fs copyacl</B>
43 command. To remove obsolete entries from an ACL, use the <B>fs
45 <P><STRONG>Cautions</STRONG>
46 <P>Placing a user or group on the <TT>Negative rights</TT> section of the
47 ACL does not guarantee denial of permissions, if the <TT>Normal rights</TT>
48 section grants the permissions to members of the
49 <B>system:anyuser</B> group. In that case, the user needs
50 only to issue the <B>unlog</B> command to obtain the permissions granted
51 to the <B>system:anyuser</B> group.
52 <P><STRONG>Options</STRONG>
55 </B><DD>Names each directory or file for which to display the ACL. For AFS
56 files, the output displays the ACL from the file's parent directory;
57 DFS files do have their own ACL. Incomplete pathnames are interpreted
58 relative to the current working directory, which is also the default value if
59 this argument is omitted.
61 </B><DD>Displays the Initial Container ACL of each DFS directory. This
62 argument is supported only on DFS directories accessed via the AFS/DFS
63 Migration Toolkit Protocol Translator.
65 </B><DD>Displays the Initial Object ACL of each DFS directory. This
66 argument is supported only on DFS directories accessed via the AFS/DFS
67 Migration Toolkit Protocol Translator.
69 </B><DD>Prints the online help for this command. All other valid options
72 <P><STRONG>Output</STRONG>
73 <P>The first line of the output for each file, directory, or symbolic link
75 <PRE> Access list for <VAR>directory</VAR> is
78 <P>If the issuer used shorthand notation in the pathname, such as the period
79 (<B>.</B>) to represent the current current directory, that
80 notation sometimes appears instead of the full pathname of the
82 <P>Next, the <TT>Normal rights</TT> header precedes a list of users and
83 groups who are granted the indicated permissions, with one pairing of user or
84 group and permissions on each line. If negative permissions have been
85 assigned to any user or group, those entries follow a <TT>Negative
86 rights</TT> header. The format of negative entries is the same as
87 those on the <TT>Normal rights</TT> section of the ACL, but the user or
88 group is denied rather than granted the indicated permissions.
89 <P>AFS does not implement per-file ACLs, so for a file the command displays
90 the ACL on its directory. The output for a symbolic link displays the
91 ACL that applies to its target file or directory, rather than the ACL on the
92 directory that houses the symbolic link.
93 <P>The permissions for AFS enable the possessor to perform the indicated
97 </B><DD>(<B>administer</B>): change the entries on the ACL
99 </B><DD>(<B>delete</B>): remove files and subdirectories from the
100 directory or move them to other directories
102 </B><DD>(<B>insert</B>): add files or subdirectories to the directory by
103 copying, moving or creating
105 </B><DD>(<B>lock</B>): set read locks or write locks on the files in the
108 </B><DD>(<B>lookup</B>): list the files and subdirectories in the
109 directory, stat the directory itself, and issue the <B>fs listacl</B>
110 command to examine the directory's ACL
112 </B><DD>(<B>read</B>): read the contents of files in the directory;
113 issue the <B>ls -l</B> command to stat the elements in the directory
115 </B><DD>(<B>write</B>): modify the contents of files in the directory,
116 and issue the UNIX <B>chmod</B> command to change their mode bits
117 <P><DT><B><TT>A</TT>, <TT>B</TT>, <TT>C</TT>, <TT>D</TT>, <TT>E</TT>,
118 <TT>F</TT>, <TT>G</TT>, <TT>H</TT>:
119 </B><DD>Have no default meaning to the AFS server processes, but are made
120 available for applications to use in controlling access to the
121 directory's contents in additional ways. The letters must be
124 <P>For DFS files and directories, the permissions are similar, except that the
125 DFS <B>x</B> (<B>execute</B>) permission replaces the AFS <B>l</B>
126 (<B>lookup</B>) permission, DFS <B>c</B> (<B>control</B>) replaces
127 AFS <B>a</B> (<B>administer</B>), and there is no DFS equivalent to
128 the AFS <B>k</B> (<B>lock</B>) permission. The meanings of the
129 various permissions also differ slightly, and DFS does not implement negative
130 permissions. For a complete description of DFS permissions, see the DFS
131 documentation and the <I>AFS/DFS Migration Toolkit Administration Guide and
133 <P><STRONG>Examples</STRONG>
134 <P>The following command displays the ACL on the home directory of the user
135 <B>pat</B> (the current working directory), and on its <B>private</B>
137 <PRE> % <B>fs listacl -path . private</B>
140 system:authuser rl
145 Access list for private is
150 <P><STRONG>Privilege Required</STRONG>
151 <P>If the <B>-path</B> argument names an AFS directory, the issuer must
152 have the <B>l</B> (<B>lookup</B>) permission on its ACL and the ACL
153 for every directory that precedes it in the pathname.
154 <P>If the <B>-path</B> argument names an AFS file, the issuer must have
155 the <B>l</B> (<B>lookup</B>) and <B>r</B> (<B>read</B>)
156 permissions on the ACL of the file's directory, and the <B>l</B>
157 permission on the ACL of each directory that precedes it in the
159 <P>If the <B>-path</B> argument names a DFS directory or file, the issuer
160 must have the <B>x</B> (<B>execute</B>) permission on its ACL and on
161 the ACL of each directory that precedes it in the pathname.
162 <P><STRONG>Related Information</STRONG>
163 <P><A HREF="auarf135.htm#HDRFS_CLEANACL">fs cleanacl</A>
164 <P><A HREF="auarf136.htm#HDRFS_COPYACL">fs copyacl</A>
165 <P><A HREF="auarf157.htm#HDRFS_SETACL">fs setacl</A>
166 <P><I>AFS/DFS Migration Toolkit Administration Guide and Reference</I>
168 <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf147.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf149.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
169 <!-- Begin Footer Records ========================================== -->
171 <br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
173 <!-- End Footer Records ============================================ -->
174 <A NAME="Bot_Of_Page"></A>