1DPNS‐SETACL(1)                      DPNS       User      Commands
2DPNS‐SETACL(1)
3
4
5
6[1mNAME[0m
7       dpns‐setacl ‐ set DPNS directory/file access control lists
8
9[1mSYNOPSIS[0m
10       [1mdpns‐setacl  [22m[[1m‐d[22m]  [[1m‐m[22m]   [[1m‐s[22m]
11[4macl_entries[24m [4mpath[24m...
12
13[1mDESCRIPTION[0m
14       [1mdpns‐setacl  [22msets the Access Control List associat‐
15ed with a DPNS direc‐
16       tory/file.
17
18       [4macl_entries[24m is a comma separated list  of  entries.
19Each entry has  colon
20       separated   fields: ACL type, id (uid or gid), permission.
21Only directo‐
22       ries can have default ACL entries.
23
24       The entries look like:
25
26            user::perm
27            user:uid:perm
28            group::perm
29            group:gid:perm
30            mask:perm
31            other:perm
32            default:user::perm
33            default:user:uid:perm
34            default:group::perm
35            default:group:gid:perm
36            default:mask:perm
37            default:other:perm
38
39       The ACL type can be abbreviated to the first letter.   The
40first  "user"
41       entry  gives  the  permissions granted to the owner of the
42file.  The fol‐
43       lowing "user" entries  show  the  permissions  granted  to
44specific  users,
45       they   are  sorted  in  ascending order of uid.  The first
46"group" entry
47       gives the permissions granted to the group  owner  of  the
48file.  The fol‐
49       lowing  "group"  entries  show  the permissions granted to
50specific groups,
51       they are sorted in ascending order of  gid.   The   "mask"
52entry  is  the
53       maximum  permission  granted  to specific users or groups.
54It does not
55       affect the "owner" and "other"  permissions.   The  "mask"
56entry  must  be
57       present   if   there   are  specific "user" or "group" en‐
58tries.  "default"
59       entries associated with a directory are inherited  as  ac‐
60cess ACL by  the
61       files  or  sub‐directories  created in that directory. The
62[1mumask [22mis not
63       used.  Sub‐directories also inherit the default ACL as de‐
64fault ACL.  As
65       soon  as there is one default ACL entry, the 3 default ACL
66base entries
67       (default user,  default  group,  default  other)  must  be
68present.
69
70       The  entry  processing conforms to the Posix 1003.1e draft
71standard 17.
72
73       The effective user ID of the process must match the  owner
74of  the  file
75       or  the caller must have ADMIN privilege in the Cupv data‐
76base.
77
78       [4mpath[24m     specifies    the   DPNS   pathname.     If
79[4mpath[24m does not start with [1m/[22m, it
80              is  prefixed  by  the  content of the  [1mDPNS_HOME
81[22menvironment  vari‐
82              able.
83
84       [4muid[24m    can be given as the username or  the  corre‐
85sponding numeric id.
86
87       [4mgid[24m     can be given as the groupname or the corre‐
88sponding numeric id.
89
90       [4mperm[24m   can  be  expressed   as   a  combination  of
91characters [1mrwx‐ [22mor as a
92              value between 0 and 7.
93
94[1mOPTIONS[0m
95       [1m‐d      [22mremove ACL entries. The "perm" field is ig‐
96nored.
97
98       [1m‐m     [22mmodify existing ACL entries or add  new  en‐
99tries.
100
101       [1m‐s      [22mset  the  ACL  entries.  The  complete  set
102of  ACL  entries  is
103              replaced.
104
105[1mEXAMPLES[0m
106       Let’s create a directory:
107            dpns‐mkdir /dpm/dteam/test/file.log/d6
108       and add write permission for user bcouturi:
109            dpns‐setacl          ‐m          u:bcouturi:rwx,m:rwx
110/dpm/dteam/test/file.log/d6
111       Let’s create a directory:
112            dpns‐mkdir /dpm/dteam/test/file.log/d7
113       and add default ACLs to it:
114            dpns‐setacl           ‐m          d:u::7,d:g::7,d:o:5
115/dpm/dteam/test/file.log/d7
116       Let’s check the resulting ACLs:
117            dpns‐getacl /dpm/dteam/test/file.log/d7
118       # file: /dpm/dteam/test/file.log/d7
119       # owner: baud
120       # group: c3
121       user::rwx
122       group::r‐x              #effective:r‐x
123       other::r‐x
124       default:user::rwx
125       default:group::rwx
126       default:other::r‐x
127
128       Let’s create a sub‐directory and check the resulting ACLs:
129            dpns‐mkdir /dpm/dteam/test/file.log/d7/d2
130            dpns‐getacl /dpm/dteam/test/file.log/d7/d2
131       # file: /dpm/dteam/test/file.log/d7/d2
132       # owner: baud
133       # group: c3
134       user::rwx
135       group::rwx              #effective:rwx
136       other::r‐x
137       default:user::rwx
138       default:group::rwx
139       default:other::r‐x
140
141       Let’s create a file in the same directory  and  check  the
142resulting ACLs:
143            dpns‐touch /dpm/dteam/test/file.log/d7/f2
144            dpns‐getacl /dpm/dteam/test/file.log/d7/f2
145       # file: /dpm/dteam/test/file.log/d7/f2
146       # owner: baud
147       # group: c3
148       user::rw‐
149       group::rw‐              #effective:rw‐
150       other::r‐‐
151
152[1mEXIT STATUS[0m
153       This  program  returns  0  if the operation was successful
154or >0 if the
155       operation failed.
156
157[1mSEE ALSO[0m
158       [1mCastor_limits(4)[22m,   [1mdpns_chmod(3)[22m,    [1mdp‐
159ns_chown(3)[22m, [1mCupvlist(1)[0m
160
161[1mAUTHOR[0m
162       [1mLCG Grid Deployment [22mTeam
163
164
165
166DPNS                        $Date:    2003/08/26    06:21:13    $
167DPNS‐SETACL(1)
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198