Provided by: lfc_1.10.0-2_amd64 bug

NAME

       lfc-setacl - set LFC directory/file access control lists

SYNOPSIS

       lfc-setacl [-d] [-m] [-s] acl_entries path...

DESCRIPTION

       lfc-setacl sets the Access Control List associated with a LFC directory/file.

       acl_entries  is  a comma separated list of entries. Each entry has colon separated fields:
       ACL type, id (uid or gid), permission. Only directories can have default ACL entries.

       The entries look like:

            user::perm
            user:uid:perm
            group::perm
            group:gid:perm
            mask:perm
            other:perm
            default:user::perm
            default:user:uid:perm
            default:group::perm
            default:group:gid:perm
            default:mask:perm
            default:other:perm

       The ACL type can be abbreviated to the first letter.  The first  "user"  entry  gives  the
       permissions  granted  to  the  owner  of  the file.  The following "user" entries show the
       permissions granted to specific users, they are sorted in ascending  order  of  uid.   The
       first  "group"  entry  gives  the permissions granted to the group owner of the file.  The
       following "group" entries show the permissions granted to specific groups, they are sorted
       in ascending order of gid.  The "mask" entry is the maximum permission granted to specific
       users or groups.  It does not affect the "owner"  and  "other"  permissions.   The  "mask"
       entry  must be present if there are specific "user" or "group" entries.  "default" entries
       associated with a directory are inherited as access ACL by the  files  or  sub-directories
       created  in  that  directory.  The  umask  is  not used.  Sub-directories also inherit the
       default ACL as default ACL.  As soon as there is one default ACL entry, the 3 default  ACL
       base entries (default user, default group, default other) must be present.

       The entry processing conforms to the Posix 1003.1e draft standard 17.

       The  effective  user ID of the process must match the owner of the file or the caller must
       have ADMIN privilege in the Cupv database.

       path   specifies the LFC pathname.  If path does not start with /, it is prefixed  by  the
              content of the LFC_HOME environment variable.

       uid    can be given as the username or the corresponding numeric id.

       gid    can be given as the groupname or the corresponding numeric id.

       perm   can be expressed as a combination of characters rwx- or as a value between 0 and 7.

OPTIONS

       -d     remove ACL entries. The "perm" field is ignored.

       -m     modify existing ACL entries or add new entries.

       -s     set the ACL entries. The complete set of ACL entries is replaced.

EXAMPLES

       Let's create a directory:
            lfc-mkdir /grid/atlas/test/file.log/d6
       and add write permission for user bcouturi:
            lfc-setacl -m u:bcouturi:rwx,m:rwx /grid/atlas/test/file.log/d6
       Let's create a directory:
            lfc-mkdir /grid/atlas/test/file.log/d7
       and add default ACLs to it:
            lfc-setacl -m d:u::7,d:g::7,d:o:5 /grid/atlas/test/file.log/d7
       Let's check the resulting ACLs:
            lfc-getacl /grid/atlas/test/file.log/d7
       # file: /grid/atlas/test/file.log/d7
       # owner: baud
       # group: c3
       user::rwx
       group::r-x              #effective:r-x
       other::r-x
       default:user::rwx
       default:group::rwx
       default:other::r-x

       Let's create a sub-directory and check the resulting ACLs:
            lfc-mkdir /grid/atlas/test/file.log/d7/d2
            lfc-getacl /grid/atlas/test/file.log/d7/d2
       # file: /grid/atlas/test/file.log/d7/d2
       # owner: baud
       # group: c3
       user::rwx
       group::rwx              #effective:rwx
       other::r-x
       default:user::rwx
       default:group::rwx
       default:other::r-x

       Let's create a file in the same directory and check the resulting ACLs:
            lfc-touch /grid/atlas/test/file.log/d7/f2
            lfc-getacl /grid/atlas/test/file.log/d7/f2
       # file: /grid/atlas/test/file.log/d7/f2
       # owner: baud
       # group: c3
       user::rw-
       group::rw-              #effective:rw-

       other::r--

EXIT STATUS

       This program returns 0 if the operation was successful or >0 if the operation failed.

SEE ALSO

       Castor_limits(4), lfc_chmod(3), lfc_chown(3), Cupvlist(1)

AUTHOR

       LCG Grid Deployment Team