1LFC-SETACL(1)                  LFC User Commands                 LFC-SETACL(1)
2
3
4

NAME

6       lfc-setacl - set LFC directory/file access control lists
7

SYNOPSIS

9       lfc-setacl [-d] [-m] [-s] acl_entries path...
10

DESCRIPTION

12       lfc-setacl  sets  the  Access Control List associated with a LFC direc‐
13       tory/file.
14
15       acl_entries is a comma separated list of entries. Each entry has  colon
16       separated  fields: ACL type, id (uid or gid), permission. Only directo‐
17       ries can have default ACL entries.
18
19       The entries look like:
20
21            user::perm
22            user:uid:perm
23            group::perm
24            group:gid:perm
25            mask:perm
26            other:perm
27            default:user::perm
28            default:user:uid:perm
29            default:group::perm
30            default:group:gid:perm
31            default:mask:perm
32            default:other:perm
33
34       The ACL type can be abbreviated to the first letter.  The first  "user"
35       entry gives the permissions granted to the owner of the file.  The fol‐
36       lowing "user" entries show the permissions granted to  specific  users,
37       they  are  sorted  in  ascending order of uid.  The first "group" entry
38       gives the permissions granted to the group owner of the file.  The fol‐
39       lowing "group" entries show the permissions granted to specific groups,
40       they are sorted in ascending order of gid.  The  "mask"  entry  is  the
41       maximum  permission  granted  to specific users or groups.  It does not
42       affect the "owner" and "other" permissions.  The "mask" entry  must  be
43       present  if  there  are  specific "user" or "group" entries.  "default"
44       entries associated with a directory are inherited as access ACL by  the
45       files  or  sub-directories  created in that directory. The umask is not
46       used.  Sub-directories also inherit the default ACL as default ACL.  As
47       soon  as there is one default ACL entry, the 3 default ACL base entries
48       (default user, default group, default other) must be present.
49
50       The entry processing conforms to the Posix 1003.1e draft standard 17.
51
52       The effective user ID of the process must match the owner of  the  file
53       or the caller must have ADMIN privilege in the Cupv database.
54
55       path   specifies  the  LFC pathname.  If path does not start with /, it
56              is prefixed by the content of the LFC_HOME environment variable.
57
58       uid    can be given as the username or the corresponding numeric id.
59
60       gid    can be given as the groupname or the corresponding numeric id.
61
62       perm   can be expressed as a combination of characters  rwx-  or  as  a
63              value between 0 and 7.
64

OPTIONS

66       -d     remove ACL entries. The "perm" field is ignored.
67
68       -m     modify existing ACL entries or add new entries.
69
70       -s     set  the  ACL  entries.  The  complete  set  of  ACL  entries is
71              replaced.
72

EXAMPLES

74       Let's create a directory:
75            lfc-mkdir /grid/atlas/test/file.log/d6
76       and add write permission for user bcouturi:
77            lfc-setacl -m u:bcouturi:rwx,m:rwx /grid/atlas/test/file.log/d6
78       Let's create a directory:
79            lfc-mkdir /grid/atlas/test/file.log/d7
80       and add default ACLs to it:
81            lfc-setacl -m d:u::7,d:g::7,d:o:5 /grid/atlas/test/file.log/d7
82       Let's check the resulting ACLs:
83            lfc-getacl /grid/atlas/test/file.log/d7
84       # file: /grid/atlas/test/file.log/d7
85       # owner: baud
86       # group: c3
87       user::rwx
88       group::r-x              #effective:r-x
89       other::r-x
90       default:user::rwx
91       default:group::rwx
92       default:other::r-x
93
94       Let's create a sub-directory and check the resulting ACLs:
95            lfc-mkdir /grid/atlas/test/file.log/d7/d2
96            lfc-getacl /grid/atlas/test/file.log/d7/d2
97       # file: /grid/atlas/test/file.log/d7/d2
98       # owner: baud
99       # group: c3
100       user::rwx
101       group::rwx              #effective:rwx
102       other::r-x
103       default:user::rwx
104       default:group::rwx
105       default:other::r-x
106
107       Let's create a file in the same directory and check the resulting ACLs:
108            lfc-touch /grid/atlas/test/file.log/d7/f2
109            lfc-getacl /grid/atlas/test/file.log/d7/f2
110       # file: /grid/atlas/test/file.log/d7/f2
111       # owner: baud
112       # group: c3
113       user::rw-
114       group::rw-              #effective:rw-
115       other::r--
116

EXIT STATUS

118       This program returns 0 if the operation was successful  or  >0  if  the
119       operation failed.
120

SEE ALSO

122       Castor_limits(4), lfc_chmod(3), lfc_chown(3), Cupvlist(1)
123

AUTHOR

125       LCG Grid Deployment Team
126
127
128
129LFC                      $Date: 2003/08/26 06:21:13 $            LFC-SETACL(1)
Impressum