Provided by: dpm_1.8.10-1build3_amd64 
NAME
dpns-setacl - set DPNS directory/file access control lists
SYNOPSIS
dpns-setacl [-d] [-m] [-s] acl_entries path...
DESCRIPTION
dpns-setacl sets the Access Control List associated with a DPNS directory/file.
acl_entries is a comma separated list of entries. Each entry has colon separated fields:
ACL type, id (uid or gid), permission. Only directories can have default ACL entries.
The entries look like:
user::perm
user:uid:perm
group::perm
group:gid:perm
mask:perm
other:perm
default:user::perm
default:user:uid:perm
default:group::perm
default:group:gid:perm
default:mask:perm
default:other:perm
The ACL type can be abbreviated to the first letter. The first "user" entry gives the
permissions granted to the owner of the file. The following "user" entries show the
permissions granted to specific users, they are sorted in ascending order of uid. The
first "group" entry gives the permissions granted to the group owner of the file. The
following "group" entries show the permissions granted to specific groups, they are sorted
in ascending order of gid. The "mask" entry is the maximum permission granted to specific
users or groups. It does not affect the "owner" and "other" permissions. The "mask"
entry must be present if there are specific "user" or "group" entries. "default" entries
associated with a directory are inherited as access ACL by the files or sub-directories
created in that directory. The umask is not used. Sub-directories also inherit the
default ACL as default ACL. As soon as there is one default ACL entry, the 3 default ACL
base entries (default user, default group, default other) must be present.
The entry processing conforms to the Posix 1003.1e draft standard 17.
The effective user ID of the process must match the owner of the file or the caller must
have ADMIN privilege in the Cupv database.
path specifies the DPNS pathname. If path does not start with /, it is prefixed by the
content of the DPNS_HOME environment variable.
uid can be given as the username or the corresponding numeric id.
gid can be given as the groupname or the corresponding numeric id.
perm can be expressed as a combination of characters rwx- or as a value between 0 and 7.
OPTIONS
-d remove ACL entries. The "perm" field is ignored.
-m modify existing ACL entries or add new entries.
-s set the ACL entries. The complete set of ACL entries is replaced.
EXAMPLES
Let's create a directory:
dpns-mkdir /dpm/dteam/test/file.log/d6
and add write permission for user bcouturi:
dpns-setacl -m u:bcouturi:rwx,m:rwx /dpm/dteam/test/file.log/d6
Let's create a directory:
dpns-mkdir /dpm/dteam/test/file.log/d7
and add default ACLs to it:
dpns-setacl -m d:u::7,d:g::7,d:o:5 /dpm/dteam/test/file.log/d7
Let's check the resulting ACLs:
dpns-getacl /dpm/dteam/test/file.log/d7
# file: /dpm/dteam/test/file.log/d7
# owner: baud
# group: c3
user::rwx
group::r-x #effective:r-x
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
Let's create a sub-directory and check the resulting ACLs:
dpns-mkdir /dpm/dteam/test/file.log/d7/d2
dpns-getacl /dpm/dteam/test/file.log/d7/d2
# file: /dpm/dteam/test/file.log/d7/d2
# owner: baud
# group: c3
user::rwx
group::rwx #effective:rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
Let's create a file in the same directory and check the resulting ACLs:
dpns-touch /dpm/dteam/test/file.log/d7/f2
dpns-getacl /dpm/dteam/test/file.log/d7/f2
# file: /dpm/dteam/test/file.log/d7/f2
# owner: baud
# group: c3
user::rw-
group::rw- #effective:rw-
other::r--
EXIT STATUS
This program returns 0 if the operation was successful or >0 if the operation failed.
SEE ALSO
Castor_limits(4), dpns_chmod(3), dpns_chown(3), Cupvlist(1)
AUTHOR
LCG Grid Deployment Team