...
Tip |
---|
To apply operations to all files and directories recursively, append the |
$ITMWORK
To make $ITMWORK visible (read access) to everyone:
Code Block |
---|
setfacl -R -m o::rx $ITMWORK |
Available for the selected group (for example g2itmuse):
Code Block |
---|
setfacl -R -m g:g2itmuse:rx $ITMWORK |
ACL at /afs
Show ACL
To show permissions, use fs la command:
...
There are seven standard AFS permissions, each referred to by one of the letters r, l, i, d, w, k and a. The lida permissions apply to directories and the rwk permissions apply to files.
DIRECTORY PERMISSIONS
ACL | Permissions |
---|---|
l (lookup) | Allows one to list the contents of a directory. It does not allow the reading of files. |
i (insert) | Allows one to create new files in a directory or copy new files to a directory. |
d (delete) | Allows one to remove files and sub-directories from a directory. |
a (administer) | Allows one to change a directory's ACL. The owner of a directory can always change |
FILE PERMISSIONS
ACL | Permissions |
---|---|
r (read) | Allows one to read the contents of file in the directory. |
w (write) | Allows one to modify the contents of files in a directory and use chmod on them. |
k (lock) | Allows programs to lock files in a directory. |
Shortcuts
When specifying directory rights using fs, the following shortcuts may be used:
Shortcut | Permissions |
---|---|
all | rlidwka |
read | rl |
write | rlidwk |
none | removes all entries |
Set ACL
The ACL can be modified using the fs setacl command.
...
Code Block |
---|
fs setacl -dir /afs/<dir> -acl <user> read |
As a shortcut, you can abbreviate "setacl" to "sa" and/or leave out the "-dir" and "-acl" as long as you maintain the arguments in the order given
Code Block |
---|
fs sa /afs/<dir> <user> read |
To add user or group to an ACL - write permission:
...
Tip | ||
---|---|---|
How to copy ACL:
|
$HOME/public
To give read access to ~ / public for everyone:
Code Block |
---|
fs setacl -dir ~/public -acl system:anyuser rl |
To give read access recursively for all directories in ~ / public:
Code Block |
---|
find ~/public -type d -exec fs setacl -dir {} -acl system:anyuser rl \; |
Info | ||
---|---|---|
| ||
This work has been carried out within the framework of the EUROfusion Consortium and has received funding from the Euratom research and training programme 2014-2018 under grant agreement No 633053.The scientific work is published for the realization of the international project co-financed by Polish Ministry of Science and Higher Education in 2019 and 2020 from financial resources of the program entitled "PMW"; Agreement No. 5040/H2020/Euratom/2019/2 and 5142/H2020-Euratom/2020/2”. |