1LFC‐SETACL(1)                        LFC       User      Commands
2LFC‐SETACL(1)
3
4
5
6[1mNAME[0m
7       lfc‐setacl ‐ set LFC directory/file access control lists
8
9[1mSYNOPSIS[0m
10       [1mlfc‐setacl  [22m[[1m‐d[22m]   [[1m‐m[22m]   [[1m‐s[22m]
11[4macl_entries[24m [4mpath[24m...
12
13[1mDESCRIPTION[0m
14       [1mlfc‐setacl   [22msets  the  Access Control List associ‐
15ated with a LFC direc‐
16       tory/file.
17
18       [4macl_entries[24m is a comma separated list  of  entries.
19Each entry has  colon
20       separated   fields: ACL type, id (uid or gid), permission.
21Only directo‐
22       ries can have default ACL entries.
23
24       The entries look like:
25
26            user::perm
27            user:uid:perm
28            group::perm
29            group:gid:perm
30            mask:perm
31            other:perm
32            default:user::perm
33            default:user:uid:perm
34            default:group::perm
35            default:group:gid:perm
36            default:mask:perm
37            default:other:perm
38
39       The ACL type can be abbreviated to the first letter.   The
40first  "user"
41       entry  gives  the  permissions granted to the owner of the
42file.  The fol‐
43       lowing "user" entries  show  the  permissions  granted  to
44specific  users,
45       they   are  sorted  in  ascending order of uid.  The first
46"group" entry
47       gives the permissions granted to the group  owner  of  the
48file.  The fol‐
49       lowing  "group"  entries  show  the permissions granted to
50specific groups,
51       they are sorted in ascending order of  gid.   The   "mask"
52entry  is  the
53       maximum  permission  granted  to specific users or groups.
54It does not
55       affect the "owner" and "other"  permissions.   The  "mask"
56entry  must  be
57       present   if   there   are  specific "user" or "group" en‐
58tries.  "default"
59       entries associated with a directory are inherited  as  ac‐
60cess ACL by  the
61       files  or  sub‐directories  created in that directory. The
62[1mumask [22mis not
63       used.  Sub‐directories also inherit the default ACL as de‐
64fault ACL.  As
65       soon  as there is one default ACL entry, the 3 default ACL
66base entries
67       (default user,  default  group,  default  other)  must  be
68present.
69
70       The  entry  processing conforms to the Posix 1003.1e draft
71standard 17.
72
73       The effective user ID of the process must match the  owner
74of  the  file
75       or  the caller must have ADMIN privilege in the Cupv data‐
76base.
77
78       [4mpath[24m     specifies    the    LFC   pathname.     If
79[4mpath[24m does not start with [1m/[22m, it
80              is  prefixed  by  the  content  of  the [1mLFC_HOME
81[22menvironment variable.
82
83       [4muid[24m    can be given as the username or  the  corre‐
84sponding numeric id.
85
86       [4mgid[24m     can be given as the groupname or the corre‐
87sponding numeric id.
88
89       [4mperm[24m   can be expressed as a combination of charac‐
90ters  [1mrwx‐  [22mor  as  a
91              value between 0 and 7.
92
93[1mOPTIONS[0m
94       [1m‐d      [22mremove ACL entries. The "perm" field is ig‐
95nored.
96
97       [1m‐m     [22mmodify existing ACL entries or add  new  en‐
98tries.
99
100       [1m‐s      [22mset  the  ACL  entries.  The  complete  set
101of  ACL  entries is
102              replaced.
103
104[1mEXAMPLES[0m
105       Let’s create a directory:
106            lfc‐mkdir /grid/atlas/test/file.log/d6
107       and add write permission for user bcouturi:
108            lfc‐setacl    ‐m    u:bcouturi:rwx,m:rwx    /grid/at‐
109las/test/file.log/d6
110       Let’s create a directory:
111            lfc‐mkdir /grid/atlas/test/file.log/d7
112       and add default ACLs to it:
113            lfc‐setacl     ‐m    d:u::7,d:g::7,d:o:5    /grid/at‐
114las/test/file.log/d7
115       Let’s check the resulting ACLs:
116            lfc‐getacl /grid/atlas/test/file.log/d7
117       # file: /grid/atlas/test/file.log/d7
118       # owner: baud
119       # group: c3
120       user::rwx
121       group::r‐x              #effective:r‐x
122       other::r‐x
123       default:user::rwx
124       default:group::rwx
125       default:other::r‐x
126
127       Let’s create a sub‐directory and check the resulting ACLs:
128            lfc‐mkdir /grid/atlas/test/file.log/d7/d2
129            lfc‐getacl /grid/atlas/test/file.log/d7/d2
130       # file: /grid/atlas/test/file.log/d7/d2
131       # owner: baud
132       # group: c3
133       user::rwx
134       group::rwx              #effective:rwx
135       other::r‐x
136       default:user::rwx
137       default:group::rwx
138       default:other::r‐x
139
140       Let’s create a file in the same directory  and  check  the
141resulting ACLs:
142            lfc‐touch /grid/atlas/test/file.log/d7/f2
143            lfc‐getacl /grid/atlas/test/file.log/d7/f2
144       # file: /grid/atlas/test/file.log/d7/f2
145       # owner: baud
146       # group: c3
147       user::rw‐
148       group::rw‐              #effective:rw‐
149       other::r‐‐
150
151[1mEXIT STATUS[0m
152       This program returns 0 if the operation was successful  or
153>0  if  the
154       operation failed.
155
156[1mSEE ALSO[0m
157       [1mCastor_limits(4)[22m,              [1mlfc_chmod(3)[22m,
158[1mlfc_chown(3)[22m, [1mCupvlist(1)[0m
159
160[1mAUTHOR[0m
161       [1mLCG Grid Deployment [22mTeam
162
163
164
165LFC                         $Date:    2003/08/26    06:21:13    $
166LFC‐SETACL(1)
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198