Administration Reference


[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

fs cleanacl

Purpose

Remove obsolete entries from an ACL

Synopsis

fs cleanacl [-path <dir/file path>+]  [-help]
   
fs cl [-p <dir/file path>+]  [-h] 

Description

The fs cleanacl command removes from the access control list (ACL) of each specified directory or file any entry that refers to a user or group that no longer has a Protection Database entry. Such an entry appears on the ACL as an AFS user ID number (UID) rather than a name, because without a Protection Database entry, the File Server cannot translate the UID into a name.

Cleaning access control lists in this way not only keeps them from becoming crowded with irrelevant information, but also prevents the new possessor of a recycled AFS UID from obtaining access intended for the former possessor of the AFS UID. (Note that recycling UIDs is not recommended in any case.)

Options

-path
Names each directory for which to clean the ACL (specifying a filename cleans its directory's ACL). If this argument is omitted, the current working directory's ACL is cleaned.

Specify the read/write path to each directory, to avoid the failure that results from attempting to change a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the fs mkmount reference page.

-help
Prints the online help for this command. All other valid options are ignored.

Output

If there are no obsolete entries on the ACL, the following message appears:

   Access list for dir/file path is fine.
   

Otherwise, the output reports the resulting state of the ACL, following the header

   Access list for dir/file path is now
   

At the same time, the following error message appears for each file in the cleaned directories:

   fs: 'filename': Not a directory
   

Examples

The following example illustrates the cleaning of the ACLs on the current working directory and two of its subdirectories. Only the second subdirectory had obsolete entries on it.

   % fs cleanacl -path . ./reports ./sources
   Access list for . is fine.
   Access list for ./reports is fine.
   Access list for ./sources is now
   Normal rights:
      system:authuser rl
      pat rlidwka
   

Privilege Required

The issuer must have the a (administer) permission on each directory's ACL (or the ACL of each file's parent directory); the directory's owner and the members of the system:administrators group have the right implicitly, even if it does not appear on the ACL.

Related Information

fs listacl

fs mkmount


[Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]



© IBM Corporation 2000. All Rights Reserved