Versions Compared

Old Version 2

changes.mady.by.user Daniel Figat

Saved on

compared with

New Version Current

changes.mady.by.user Bartosz Palak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

To apply operations to all files and directories recursively, append the -R argument.

$ITMWORK

To make $ITMWORK visible (read access) to everyone:

Code Block
setfacl -R -m o::rx $ITMWORK

Available for the selected group (for example g2itmuse):

Code Block
setfacl -R -m g:g2itmuse:rx $ITMWORK

ACL at /afs

Show ACL

To show permissions, use fs la command:

...

There are seven standard AFS permissions, each referred to by one of the letters r, l, i, d, w, k and a. The lida permissions apply to directories and the rwk permissions apply to files.

DIRECTORY PERMISSIONS

ACLPermissions
l (lookup)Allows one to list the contents of a directory. It does not allow the reading of files.
i (insert)Allows one to create new files in a directory or copy new files to a directory.
d (delete)Allows one to remove files and sub-directories from a directory.
a (administer)

Allows one to change a directory's ACL. The owner of a directory can always change
the ACL of a directory any subdirectories in that directory.

FILE PERMISSIONS

ACLPermissions
r (read)Allows one to read the contents of file in the directory.
w (write)Allows one to modify the contents of files in a directory and use chmod on them.
k (lock)Allows programs to lock files in a directory.

Shortcuts

When specifying directory rights using fs, the following shortcuts may be used:

ShortcutPermissions
all rlidwka
readrl
writerlidwk
noneremoves all entries 

Set ACL

The ACL can be modified using the fs setacl command.

...

Code Block
fs setacl -dir /afs/<dir> -acl <user> read

As a shortcut, you can abbreviate "setacl" to "sa" and/or leave out the "-dir" and "-acl" as long as you maintain the arguments in the order given

Code Block
fs sa /afs/<dir> <user> read

To add user or group to an ACL - write permission:

...

Tip

How to copy ACL:

Code Block
fs copyacl -fromdir <dir1> -todir <dir2>


$HOME/public

To give read access to ~ / public for everyone:

Code Block
fs setacl -dir ~/public -acl system:anyuser rl

To give read access recursively for all directories in ~ / public:

Code Block
find ~/public -type d -exec fs setacl -dir {} -acl system:anyuser rl \;


Info
title Acknowledgement

This work has been carried out within the framework of the EUROfusion Consortium and has received funding from the Euratom research and training programme 2014-2018 under grant agreement No 633053.The scientific work is published for the realization of the international project co-financed by Polish Ministry of Science and Higher Education in 2019 and 2020 from financial resources of the program entitled "PMW"; Agreement No. 5040/H2020/Euratom/2019/2 and 5142/H2020-Euratom/2020/2”.