1NFS4_SETFACL(1)           NFSv4 Access Control Lists           NFS4_SETFACL(1)
2
3
4

NAME

6       nfs4_setfacl,  nfs4_editfacl  -  manipulate NFSv4 file/directory access
7       control lists
8

SYNOPSIS

10       nfs4_setfacl [OPTIONS] COMMAND file...
11       nfs4_editfacl [OPTIONS] file...
12

DESCRIPTION

14       nfs4_setfacl manipulates the NFSv4 Access Control List (ACL) of one  or
15       more  files  (or  directories),  provided  they  are on a mounted NFSv4
16       filesystem which supports ACLs.
17
18       nfs4_editfacl is equivalent to nfs4_setfacl -e.
19
20       Refer to the nfs4_acl(5) manpage for information about NFSv4 ACL termi‐
21       nology and syntax.
22
23   COMMANDS
24       -a acl_spec [index]
25              add  the  ACEs  from  acl_spec to file's ACL.  ACEs are inserted
26              starting at the indexth position (DEFAULT: 1) of file's ACL.
27
28       -A acl_file [index]
29              add the ACEs from the acl_spec in acl_file to file's ACL.   ACEs
30              are  inserted  starting  at the indexth position (DEFAULT: 1) of
31              file's ACL.
32
33       -x acl_spec | index
34              delete ACEs matched from acl_spec - or delete the indexth ACE  -
35              from file's ACL.  Note that the ordering of the ACEs in acl_spec
36              does not matter.
37
38       -X acl_file
39              delete ACEs matched from the acl_spec in  acl_file  from  file's
40              ACL.   Note  that  the ordering of the ACEs in the acl_spec does
41              not matter.
42
43       -s acl_spec
44              set file's ACL to acl_spec.
45
46       -S acl_file
47              set file's ACL to the acl_spec in acl_file.
48
49       -e, --edit
50              edit file's ACL in the editor defined in the EDITOR  environment
51              variable (DEFAULT: vi(1)) and set the resulting ACL upon a clean
52              exit, assuming changes made in the editor were saved.  Note that
53              if  multiple  files  are  specified, the editor will be serially
54              invoked once per file.
55
56       -m from_ace to_ace
57              modify file's ACL in-place by replacing from_ace with to_ace.
58
59       -?, -h, --help
60              display help text and exit.
61
62       --version
63              display this program's version and exit.
64
65       NOTE: if '-' is given as the acl_file  with  the  -A/-X/-S  flags,  the
66       acl_spec will be read from stdin.
67
68   OPTIONS
69       -R, --recursive
70              recursively  apply  to  a  directory's files and subdirectories.
71              Similar to setfacl(1), the default behavior is  to  follow  sym‐
72              links given on the command line and to skip symlinks encountered
73              while recursing through directories.
74
75       -L, --logical
76              in conjunction with -R/--recursive, a logical walk  follows  all
77              symbolic links.
78
79       -P, --physical
80              in  conjunction  with  -R/--recursive, a physical walk skips all
81              symbolic links.
82
83       --test
84              display results of COMMAND, but do not save changes.
85
86

PERMISSIONS ALIASES

88       With nfs4_setfacl, one can  use  simple  abbreviations  ("aliases")  to
89       express  generic "read" (R), generic "write" (W), and generic "execute"
90       (X) permissions, familiar from the  POSIX  mode  bits  used  by,  e.g.,
91       chmod(1).   To  use  these aliases, one can put them in the permissions
92       field of an NFSv4 ACE and nfs4_setfacl  will  convert  them:  an  R  is
93       expanded  to rntcy, a W is expanded to watTNcCy (with D added to direc‐
94       tory ACEs), and an  X  is  expanded  to  xtcy.   Please  refer  to  the
95       nfs4_acl(5) manpage for information on specific NFSv4 ACE permissions.
96
97       For  example,  if one wanted to grant generic "read" and "write" access
98       on a file, the NFSv4 permissions field would normally contain something
99       like rwatTnNcCy.  Instead, one might use aliases to accomplish the same
100       goal with RW.
101
102       The two permissions not included in any of the aliases are  d  (delete)
103       and  o (write-owner).  However, they can still be used: e.g., a permis‐
104       sions field consisting of Wdo expresses generic "write" access as  well
105       as the ability to delete and change ownership.
106

EXAMPLES

108       Assume  that the file `foo' has the following NFSv4 ACL for the follow‐
109       ing examples:
110
111              A::OWNER@:rwatTnNcCy
112              D::OWNER@:x
113              A:g:GROUP@:rtncy
114              D:g:GROUP@:waxTC
115              A::EVERYONE@:rtncy
116              D::EVERYONE@:waxTC
117
118       - add ACE granting `alice@nfsdomain.org' generic "read"  and  "execute"
119         access (defaults to prepending ACE to ACL):
120              $ nfs4_setfacl -a A::alice@nfsdomain.org:rxtncy foo
121
122       - add the same ACE as above, but using aliases:
123              $ nfs4_setfacl -a A::alice@nfsdomain.org:RX foo
124
125       - edit  existing  ACL  in  a  text editor and set modified ACL on clean
126         save/exit:
127              $ nfs4_setfacl -e foo
128
129       - set ACL (overwrites  original)  to  contents  of  a  spec_file  named
130         `newacl.txt':
131              $ nfs4_setfacl -S newacl.txt foo
132
133       - recursively  set the ACLs of all files and subdirectories in the cur‐
134         rent directory, skipping all symlinks encountered, to  the  ACL  con‐
135         tained in the spec_file named `newacl.txt':
136              $ nfs4_setfacl -R -P -S newacl.txt *
137
138       - delete the first ACE, but only print the resulting ACL (does not save
139         changes):
140              $ nfs4_setfacl --test -x 1 foo
141
142       - delete the last two ACEs above:
143              $ nfs4_setfacl -x "A::EVERYONE@rtncy, D::EVERYONE@:waxTC" foo
144
145       - modify (in-place) the second ACE above:
146              $ nfs4_setfacl -m D::OWNER@:x  D::OWNER@:xo foo
147
148       - set ACLs of `bar' and `frobaz' to ACL of `foo':
149              $ nfs4_getfacl foo | nfs4_setfacl -S - bar frobaz
150

AUTHORS

152       nfs4_setfacl was written by people at CITI, the Center for  Information
153       Technology  Integration  (http://www.citi.umich.edu).  This manpage was
154       written by David Richter.
155

CONTACT

157       Please  send  bug  reports,   feature   requests,   and   comments   to
158       <nfsv4@linux-nfs.org>.
159

SEE ALSO

161       nfs4_getfacl(1),  nfs4_acl(5), RFC3530 (NFSv4.0), NFSv4.1 Minor Version
162       Draft.
163
164
165
166Linux                     version 0.3.3, August 2008           NFS4_SETFACL(1)
Impressum