xenial (1) dpns-setacl.1.gz

Provided by: dpm_1.8.10-1build3_amd64 bug

NAME

       dpns-setacl - set DPNS directory/file access control lists

SYNOPSIS

       dpns-setacl [-d] [-m] [-s] acl_entries path...

DESCRIPTION

       dpns-setacl sets the Access Control List associated with a DPNS directory/file.

       acl_entries  is  a  comma  separated list of entries. Each entry has colon separated fields: ACL type, id
       (uid or gid), permission. Only directories can have default ACL entries.

       The entries look like:

            user::perm
            user:uid:perm
            group::perm
            group:gid:perm
            mask:perm
            other:perm
            default:user::perm
            default:user:uid:perm
            default:group::perm
            default:group:gid:perm
            default:mask:perm
            default:other:perm

       The ACL type can be abbreviated to the first letter.   The  first  "user"  entry  gives  the  permissions
       granted  to the owner of the file.  The following "user" entries show the permissions granted to specific
       users, they are sorted in ascending order of uid.  The first "group" entry gives the permissions  granted
       to  the  group owner of the file.  The following "group" entries show the permissions granted to specific
       groups, they are sorted in ascending order of gid.  The "mask" entry is the maximum permission granted to
       specific users or groups.  It does not affect the "owner" and "other" permissions.  The "mask" entry must
       be present if there are specific  "user"  or  "group"  entries.   "default"  entries  associated  with  a
       directory  are  inherited  as  access  ACL by the files or sub-directories created in that directory. The
       umask is not used.  Sub-directories also inherit the default ACL as default ACL.  As soon as there is one
       default  ACL  entry,  the 3 default ACL base entries (default user, default group, default other) must be
       present.

       The entry processing conforms to the Posix 1003.1e draft standard 17.

       The effective user ID of the process must match the owner of the file  or  the  caller  must  have  ADMIN
       privilege in the Cupv database.

       path   specifies  the DPNS pathname.  If path does not start with /, it is prefixed by the content of the
              DPNS_HOME environment variable.

       uid    can be given as the username or the corresponding numeric id.

       gid    can be given as the groupname or the corresponding numeric id.

       perm   can be expressed as a combination of characters rwx- or as a value between 0 and 7.

OPTIONS

       -d     remove ACL entries. The "perm" field is ignored.

       -m     modify existing ACL entries or add new entries.

       -s     set the ACL entries. The complete set of ACL entries is replaced.

EXAMPLES

       Let's create a directory:
            dpns-mkdir /dpm/dteam/test/file.log/d6
       and add write permission for user bcouturi:
            dpns-setacl -m u:bcouturi:rwx,m:rwx /dpm/dteam/test/file.log/d6
       Let's create a directory:
            dpns-mkdir /dpm/dteam/test/file.log/d7
       and add default ACLs to it:
            dpns-setacl -m d:u::7,d:g::7,d:o:5 /dpm/dteam/test/file.log/d7
       Let's check the resulting ACLs:
            dpns-getacl /dpm/dteam/test/file.log/d7
       # file: /dpm/dteam/test/file.log/d7
       # owner: baud
       # group: c3
       user::rwx
       group::r-x              #effective:r-x
       other::r-x
       default:user::rwx
       default:group::rwx
       default:other::r-x

       Let's create a sub-directory and check the resulting ACLs:
            dpns-mkdir /dpm/dteam/test/file.log/d7/d2
            dpns-getacl /dpm/dteam/test/file.log/d7/d2
       # file: /dpm/dteam/test/file.log/d7/d2
       # owner: baud
       # group: c3
       user::rwx
       group::rwx              #effective:rwx
       other::r-x
       default:user::rwx
       default:group::rwx
       default:other::r-x

       Let's create a file in the same directory and check the resulting ACLs:
            dpns-touch /dpm/dteam/test/file.log/d7/f2
            dpns-getacl /dpm/dteam/test/file.log/d7/f2
       # file: /dpm/dteam/test/file.log/d7/f2
       # owner: baud
       # group: c3
       user::rw-
       group::rw-              #effective:rw-

       other::r--

EXIT STATUS

       This program returns 0 if the operation was successful or >0 if the operation failed.

SEE ALSO

       Castor_limits(4), dpns_chmod(3), dpns_chown(3), Cupvlist(1)

AUTHOR

       LCG Grid Deployment Team