NAME

       fs_cleanacl - Remove obsolete entries from an ACL

SYNOPSIS

       fs cleanacl [-path <dir/file path>+] [-help]

       fs cl [-p <dir/file path>+] [-h]

DESCRIPTION

       The fs cleanacl command removes from the access control list (ACL) of each specified
       directory or file any entry that refers to a user or group that no longer has a Protection
       Database entry. Such an entry appears on the ACL as an AFS user ID number (UID) rather
       than a name, because without a Protection Database entry, the File Server cannot translate
       the UID into a name.

       Cleaning access control lists in this way not only keeps them from becoming crowded with
       irrelevant information, but also prevents the new possessor of a recycled AFS UID from
       obtaining access intended for the former possessor of the AFS UID. (Note that recycling
       UIDs is not recommended in any case.)

OPTIONS

       -path <dir/file path>+
           Names each directory for which to clean the ACL (specifying a filename cleans its
           directory's ACL). If this argument is omitted, the current working directory's ACL is
           cleaned.

           Specify the read/write path to each directory, to avoid the failure that results from
           attempting to change a read-only volume. By convention, the read/write path is
           indicated by placing a period before the cell name at the pathname's second level (for
           example, /afs/.abc.com). For further discussion of the concept of read/write and read-
           only paths through the filespace, see the fs mkmount reference page.

       -help
           Prints the online help for this command. All other valid options are ignored.

OUTPUT

       If there are no obsolete entries on the ACL, the following message appears:

          Access list for <path> is fine.

       Otherwise, the output reports the resulting state of the ACL, following the header

          Access list for <path> is now

       At the same time, the following error message appears for each file in the cleaned
       directories:

          fs: '<filename>': Not a directory

EXAMPLES

       The following example illustrates the cleaning of the ACLs on the current working
       directory and two of its subdirectories. Only the second subdirectory had obsolete entries
       on it.

          % fs cleanacl -path . ./reports ./sources
          Access list for . is fine.
          Access list for ./reports is fine.
          Access list for ./sources is now
          Normal rights:
             system:authuser rl
             pat rlidwka

PRIVILEGE REQUIRED

       The issuer must have the "a" (administer) permission on each directory's ACL (or the ACL
       of each file's parent directory); the directory's owner and the members of the
       system:administrators group have the right implicitly, even if it does not appear on the
       ACL.

SEE ALSO

       fs_listacl(1), fs_mkmount(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.