fs_listacl - Displays ACLs
fs listacl [-path <dir/file path>+] [-cmd] [-help]
The fs listacl command (alias fs la) displays the access control list (ACL) associated with each specified file, directory, mount point or symbolic link. To display the ACL of the current working directory, omit the -path argument.
To alter an ACL, use the fs_setacl(1) command. To copy an ACL from one object to another, use the fs_copyacl(1) command. To remove obsolete entries from an ACL, use the fs_cleanacl(1) command.
Placing a user or group on the
Negative rights section of the ACL does not guarantee denial of permissions,
Normal rights section grants the permissions to either the
anonymous identity or the
the user need only discard their authentication tokens via the unlog(1) command to become
anonymous and obtain the granted permissions.
Names each AFS file or directory to run the command on. Partial pathnames are interpreted relative to the current working directory, which is also the default value if this argument is omitted.
Outputs an fs_setacl(1) command string that can be used to recreate the ACL applied to the specified object.
Prints the online help for this command. All other valid options are ignored.
The first line of the output for each object reads as follows:
Access list [(inherited)] for <object> is
If the issuer used shorthand notation in the pathname, such as the period (
.) to represent the current current directory, that notation sometimes appears instead of the full pathname of the directory.
Normal rights header precedes a list of users and groups who are granted the indicated permissions, with one pairing of user or group list and permissions on each line. If rights have been revoked from any user or group list, those entries follow a
Negative rights header. The format of negative entries is the same as those on the
Normal rights section of the ACL, but the user or group list is denied rather than granted the indicated permissions.
The output for a symbolic link or mount point displays the ACL that applies to its target file or directory, rather than the ACL that applies to the symbolic link or mount point.
If the object is a file with no file specific ACL, (inherited) will appear in the output to indicate that the file is currently inheriting its permissions from the parent directory. In this state, access to the file will be affected by ACL changes to the parent. If there is no indication that the ACL is inherited, the ACL shown is specific to the file and is not affected by changes to the parent's ACL.
If the volume containing the object has a maximum ACL set, it will be shown following the object's ACL. Access to the object will also need to statisfy the volume maximum ACL. Volume maximum ACLs can be adjusted by members of the
system:administrators group via use of the vos_setmaxacl(1) command.
The permissions enable the grantee to perform the indicated action:
Change the entries on the ACL.
Remove files and subdirectories from the directory or move them to other directories.
Add files or subdirectories to the directory by copying, moving or creating.
Set read locks on the files in the directory.
List the files and subdirectories in the directory, stat the directory itself, and issue the fs listacl command to examine the directory's ACL.
Read the contents of files in the directory; issue the
ls -l command to stat the elements in the directory.
Modify the contents of files in the directory, set write locks, and issue the UNIX chmod or fs chmod command to change their mode bits.
Have no default meaning to the File Server, but are made available for applications to use in controlling access to the directory's contents in additional ways. The letters must be uppercase.
The following command displays the ACL on the home directory of the user
pat (the current working directory), and on its
% fs listacl -path . private Access list for . is Normal rights: system:authuser rl pat rlidwka pat:friends rlid Negative rights: smith rlidwka Access list for private is Normal rights: pat rlidwka
The following command generates the fs_setacl(1) command required to recreate the ACL on the home directory of the user
pat (the current working directory), and on its
% fs listacl -path . private -cmd fs setacl -path . -acl system:authuser rl pat rlidwka pat:friends rlid fs setacl -path . -acl smith rlidwka -negative fs setacl -path private -acl pat rlidwka
If the -path argument names a directory under /afs, the issuer must have the
l (lookup) permission on its ACL and the ACL for every directory that precedes it in the pathname.
If the -path argument names a file under /afs, the issuer must have the
r (read) permission for the file and the l (lookup) permission on the ACL of each directory that precedes it in the pathname.
auristorfs_acls(7), fs_chmod(1), fs_cleanacl(1), fs_copyacl(1), fs_setacl(1) fs_removeacl(1) vos_setmaxacl(1) vos_listmaxacl(1)
IBM Corporation 2000. http://www.ibm.com/ All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)
"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)
The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).
"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).
"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.