Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
FS_LISTACL(1)		     AFS Command Reference		 FS_LISTACL(1)

NAME
       fs_listacl - Displays ACLs

SYNOPSIS
       fs listacl [-path <dir/file path>+] [-id] [-if] [-cmd] [-help]

       fs la [-p <dir/file path>+] [-id] [-if] [-cmd] [-h]

       fs lista	[-p <dir/file path>+] [-id] [-if] [-cmd] [-h]

DESCRIPTION
       The fs listacl command displays the access control list (ACL)
       associated with each specified file, directory, or symbolic link. The
       specified element can reside in the DFS filespace if the	issuer is
       using the AFS/DFS Migration Toolkit Protocol Translator to access DFS
       data (and DFS does implement per-file ACLs). To display the ACL of the
       current working directory, omit the -path argument.

       To alter	an ACL,	use the	fs setacl command. To copy an ACL from one
       directory to another, use the fs	copyacl	command. To remove obsolete
       entries from an ACL, use	the fs cleanacl	command.

CAUTIONS
       Placing a user or group on the "Negative	rights"	section	of the ACL
       does not	guarantee denial of permissions, if the	"Normal	rights"
       section grants the permissions to members of the	system:anyuser group.
       In that case, the user needs only to issue the unlog command to obtain
       the permissions granted to the system:anyuser group.

OPTIONS
       -path <dir/file path>+
	   Names each directory	or file	for which to display the ACL. For AFS
	   files, the output displays the ACL from the file's parent
	   directory; DFS files	do have	their own ACL. Incomplete pathnames
	   are interpreted relative to the current working directory, which is
	   also	the default value if this argument is omitted.

       -id Displays the	Initial	Container ACL of each DFS directory. This
	   argument is supported only on DFS directories accessed via the
	   AFS/DFS Migration Toolkit Protocol Translator.

       -if Displays the	Initial	Object ACL of each DFS directory. This
	   argument is supported only on DFS directories accessed via the
	   AFS/DFS Migration Toolkit Protocol Translator.

       -cmd
	   Outputs an fs setacl	command	string that can	be used	to recreate
	   the ACL applied to the specified file, directory or symbolic	link.

       -help
	   Prints the online help for this command. All	other valid options
	   are ignored.

OUTPUT
       The first line of the output for	each file, directory, or symbolic link
       reads as	follows:

	  Access list for <directory> is

       If the issuer used shorthand notation in	the pathname, such as the
       period (".") to represent the current current directory,	that notation
       sometimes appears instead of the	full pathname of the directory.

       Next, the "Normal rights" header	precedes a list	of users and groups
       who are granted the indicated permissions, with one pairing of user or
       group and permissions on	each line. If negative permissions have	been
       assigned	to any user or group, those entries follow a "Negative rights"
       header. The format of negative entries is the same as those on the
       "Normal rights" section of the ACL, but the user	or group is denied
       rather than granted the indicated permissions.

       AFS does	not implement per-file ACLs, so	for a file the command
       displays	the ACL	on its directory. The output for a symbolic link
       displays	the ACL	that applies to	its target file	or directory, rather
       than the	ACL on the directory that houses the symbolic link.

       The permissions for AFS enable the possessor to perform the indicated
       action:

       a (administer)
	   Change the entries on the ACL.

       d (delete)
	   Remove files	and subdirectories from	the directory or move them to
	   other directories.

       i (insert)
	   Add files or	subdirectories to the directory	by copying, moving or
	   creating.

       k (lock)
	   Set read locks or write locks on the	files in the directory.

       l (lookup)
	   List	the files and subdirectories in	the directory, stat the
	   directory itself, and issue the fs listacl command to examine the
	   directory's ACL.

       r (read)
	   Read	the contents of	files in the directory;	issue the "ls -l"
	   command to stat the elements	in the directory.

       w (write)
	   Modify the contents of files	in the directory, and issue the	UNIX
	   chmod command to change their mode bits

       A, B, C,	D, E, F, G, H
	   Have	no default meaning to the AFS server processes,	but are	made
	   available for applications to use in	controlling access to the
	   directory's contents	in additional ways. The	letters	must be
	   uppercase.

       For DFS files and directories, the permissions are similar, except that
       the DFS "x" (execute) permission	replaces the AFS "l" (lookup)
       permission, DFS "c" (control) replaces AFS "a" (administer), and	there
       is no DFS equivalent to the AFS "k" (lock) permission. The meanings of
       the various permissions also differ slightly, and DFS does not
       implement negative permissions. For a complete description of DFS
       permissions, see	the DFS	documentation.

EXAMPLES
       The following command displays the ACL on the home directory of the
       user "pat" (the current working directory), and on its "private"
       subdirectory.

	  % fs listacl -path . private
	  Access list for . is
	  Normal rights:
	     system:authuser rl
	     pat rlidwka
	     pat:friends rlid
	  Negative rights:
	     smith rlidwka
	  Access list for private is
	  Normal rights:
	     pat rlidwka

       The following command generates the fs setacl command required to
       recreate	the ACL	on the home directory of the user "pat"	(the current
       working directory), and on its "private"	subdirectory.

	  % fs listacl -path . private -cmd
	  fs setacl -dir . -acl	system:authuser	rl  pat	rlidwka	  pat:friends rlid
	  fs setacl -dir . -acl	smith rlidwka -negative
	  fs setacl -dir private -acl pat rlidwka

PRIVILEGE REQUIRED
       If the -path argument names an AFS directory, the issuer	must have the
       "l" (lookup) permission on its ACL and the ACL for every	directory that
       precedes	it in the pathname.

       If the -path argument names an AFS file,	the issuer must	have the "l"
       (lookup)	and "r"	(read) permissions on the ACL of the file's directory,
       and the l permission on the ACL of each directory that precedes it in
       the pathname.

       If the -path argument names a DFS directory or file, the	issuer must
       have the	"x" (execute) permission on its	ACL and	on the ACL of each
       directory that precedes it in the pathname.

SEE ALSO
       fs_cleanacl(1), fs_copyacl(1), fs_setacl(1)

COPYRIGHT
       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by	the IBM	Public License Version 1.0.
       It was converted	from HTML to POD by software written by	Chas Williams
       and Russ	Allbery, based on work by Alf Wachsmann	and Elizabeth Cassell.

OpenAFS				  2016-12-14			 FS_LISTACL(1)

NAME | SYNOPSIS | DESCRIPTION | CAUTIONS | OPTIONS | OUTPUT | EXAMPLES | PRIVILEGE REQUIRED | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=fs_listacl&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help