.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.20) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "FS_LISTACL 1" .TH FS_LISTACL 1 "2021-12-09" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" fs_listacl \- Displays ACLs .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBfs listacl\fR [\fB\-path\fR\ <\fIdir/file\ path\fR>+] [\fB\-id\fR] [\fB\-if\fR] [\fB\-cmd\fR] [\fB\-help\fR] .PP \&\fBfs la\fR [\fB\-p\fR\ <\fIdir/file\ path\fR>+] [\fB\-id\fR] [\fB\-if\fR] [\fB\-cmd\fR] [\fB\-h\fR] .PP \&\fBfs lista\fR [\fB\-p\fR\ <\fIdir/file\ path\fR>+] [\fB\-id\fR] [\fB\-if\fR] [\fB\-cmd\fR] [\fB\-h\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBfs listacl\fR command displays the access control list (\s-1ACL\s0) associated with each specified file, directory, or symbolic link. The specified element can reside in the \s-1DFS\s0 filespace if the issuer is using the \s-1AFS/DFS\s0 Migration Toolkit Protocol Translator to access \s-1DFS\s0 data (and \&\s-1DFS\s0 does implement per-file ACLs). To display the \s-1ACL\s0 of the current working directory, omit the \fB\-path\fR argument. .PP To alter an \s-1ACL\s0, use the \fBfs setacl\fR command. To copy an \s-1ACL\s0 from one directory to another, use the \fBfs copyacl\fR command. To remove obsolete entries from an \s-1ACL\s0, use the \fBfs cleanacl\fR command. .SH "CAUTIONS" .IX Header "CAUTIONS" Placing a user or group on the \f(CW\*(C`Negative rights\*(C'\fR section of the \s-1ACL\s0 does not guarantee denial of permissions, if the \f(CW\*(C`Normal rights\*(C'\fR section grants the permissions to members of the system:anyuser group. In that case, the user needs only to issue the \fBunlog\fR command to obtain the permissions granted to the system:anyuser group. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-path\fR <\fIdir/file path\fR>+" 4 .IX Item "-path +" Names each directory or file for which to display the \s-1ACL\s0. For \s-1AFS\s0 files, the output displays the \s-1ACL\s0 from the file's parent directory; \s-1DFS\s0 files do have their own \s-1ACL\s0. Incomplete pathnames are interpreted relative to the current working directory, which is also the default value if this argument is omitted. .IP "\fB\-id\fR" 4 .IX Item "-id" Displays the Initial Container \s-1ACL\s0 of each \s-1DFS\s0 directory. This argument is supported only on \s-1DFS\s0 directories accessed via the \s-1AFS/DFS\s0 Migration Toolkit Protocol Translator. .IP "\fB\-if\fR" 4 .IX Item "-if" Displays the Initial Object \s-1ACL\s0 of each \s-1DFS\s0 directory. This argument is supported only on \s-1DFS\s0 directories accessed via the \s-1AFS/DFS\s0 Migration Toolkit Protocol Translator. .IP "\fB\-cmd\fR" 4 .IX Item "-cmd" Outputs an \fBfs setacl\fR command string that can be used to recreate the \s-1ACL\s0 applied to the specified file, directory or symbolic link. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH "OUTPUT" .IX Header "OUTPUT" The first line of the output for each file, directory, or symbolic link reads as follows: .PP .Vb 1 \& Access list for is .Ve .PP If the issuer used shorthand notation in the pathname, such as the period (\f(CW\*(C`.\*(C'\fR) to represent the current current directory, that notation sometimes appears instead of the full pathname of the directory. .PP Next, the \f(CW\*(C`Normal rights\*(C'\fR header precedes a list of users and groups who are granted the indicated permissions, with one pairing of user or group and permissions on each line. If negative permissions have been assigned to any user or group, those entries follow a \f(CW\*(C`Negative rights\*(C'\fR header. The format of negative entries is the same as those on the \&\f(CW\*(C`Normal rights\*(C'\fR section of the \s-1ACL\s0, but the user or group is denied rather than granted the indicated permissions. .PP \&\s-1AFS\s0 does not implement per-file ACLs, so for a file the command displays the \s-1ACL\s0 on its directory. The output for a symbolic link displays the \s-1ACL\s0 that applies to its target file or directory, rather than the \s-1ACL\s0 on the directory that houses the symbolic link. .PP The permissions for \s-1AFS\s0 enable the possessor to perform the indicated action: .IP "a (administer)" 4 .IX Item "a (administer)" Change the entries on the \s-1ACL\s0. .IP "d (delete)" 4 .IX Item "d (delete)" Remove files and subdirectories from the directory or move them to other directories. .IP "i (insert)" 4 .IX Item "i (insert)" Add files or subdirectories to the directory by copying, moving or creating. .IP "k (lock)" 4 .IX Item "k (lock)" Set read locks or write locks on the files in the directory. .IP "l (lookup)" 4 .IX Item "l (lookup)" List the files and subdirectories in the directory, stat the directory itself, and issue the \fBfs listacl\fR command to examine the directory's \&\s-1ACL\s0. .IP "r (read)" 4 .IX Item "r (read)" Read the contents of files in the directory; issue the \f(CW\*(C`ls \-l\*(C'\fR command to stat the elements in the directory. .IP "w (write)" 4 .IX Item "w (write)" Modify the contents of files in the directory, and issue the \s-1UNIX\s0 \fBchmod\fR command to change their mode bits .IP "A, B, C, D, E, F, G, H" 4 .IX Item "A, B, C, D, E, F, G, H" Have no default meaning to the \s-1AFS\s0 server processes, but are made available for applications to use in controlling access to the directory's contents in additional ways. The letters must be uppercase. .PP For \s-1DFS\s0 files and directories, the permissions are similar, except that the \s-1DFS\s0 \f(CW\*(C`x\*(C'\fR (execute) permission replaces the \s-1AFS\s0 \f(CW\*(C`l\*(C'\fR (lookup) permission, \s-1DFS\s0 \f(CW\*(C`c\*(C'\fR (control) replaces \s-1AFS\s0 \f(CW\*(C`a\*(C'\fR (administer), and there is no \s-1DFS\s0 equivalent to the \s-1AFS\s0 \f(CW\*(C`k\*(C'\fR (lock) permission. The meanings of the various permissions also differ slightly, and \s-1DFS\s0 does not implement negative permissions. For a complete description of \s-1DFS\s0 permissions, see the \s-1DFS\s0 documentation. .SH "EXAMPLES" .IX Header "EXAMPLES" The following command displays the \s-1ACL\s0 on the home directory of the user \&\f(CW\*(C`pat\*(C'\fR (the current working directory), and on its \f(CW\*(C`private\*(C'\fR subdirectory. .PP .Vb 11 \& % fs listacl \-path . private \& Access list for . is \& Normal rights: \& system:authuser rl \& pat rlidwka \& pat:friends rlid \& Negative rights: \& smith rlidwka \& Access list for private is \& Normal rights: \& pat rlidwka .Ve .PP The following command generates the \fBfs setacl\fR command required to recreate the \s-1ACL\s0 on the home directory of the user \&\f(CW\*(C`pat\*(C'\fR (the current working directory), and on its \f(CW\*(C`private\*(C'\fR subdirectory. .PP .Vb 4 \& % fs listacl \-path . private \-cmd \& fs setacl \-dir . \-acl system:authuser rl pat rlidwka pat:friends rlid \& fs setacl \-dir . \-acl smith rlidwka \-negative \& fs setacl \-dir private \-acl pat rlidwka .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" If the \fB\-path\fR argument names an \s-1AFS\s0 directory, the issuer must have the \&\f(CW\*(C`l\*(C'\fR (lookup) permission on its \s-1ACL\s0 and the \s-1ACL\s0 for every directory that precedes it in the pathname. .PP If the \fB\-path\fR argument names an \s-1AFS\s0 file, the issuer must have the \f(CW\*(C`l\*(C'\fR (lookup) and \f(CW\*(C`r\*(C'\fR (read) permissions on the \s-1ACL\s0 of the file's directory, and the \fBl\fR permission on the \s-1ACL\s0 of each directory that precedes it in the pathname. .PP If the \fB\-path\fR argument names a \s-1DFS\s0 directory or file, the issuer must have the \f(CW\*(C`x\*(C'\fR (execute) permission on its \s-1ACL\s0 and on the \s-1ACL\s0 of each directory that precedes it in the pathname. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIfs_cleanacl\fR\|(1), \&\fIfs_copyacl\fR\|(1), \&\fIfs_setacl\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.