Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | fs_cleanacl - Remove obsolete entries from an ACL | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<fs cleanacl> S<<< [B<-path> <I<dir/file path>>+] >>> [B<-help>] | |
11 | ||
12 | B<fs cl> S<<< [B<-p> <I<dir/file path>>+] >>> [B<-h>] | |
13 | ||
14 | =for html | |
15 | </div> | |
16 | ||
17 | =head1 DESCRIPTION | |
18 | ||
19 | The B<fs cleanacl> command removes from the access control list (ACL) of | |
20 | each specified directory or file any entry that refers to a user or group | |
21 | that no longer has a Protection Database entry. Such an entry appears on | |
22 | the ACL as an AFS user ID number (UID) rather than a name, because without | |
23 | a Protection Database entry, the File Server cannot translate the UID into | |
24 | a name. | |
25 | ||
26 | Cleaning access control lists in this way not only keeps them from | |
27 | becoming crowded with irrelevant information, but also prevents the new | |
28 | possessor of a recycled AFS UID from obtaining access intended for the | |
29 | former possessor of the AFS UID. (Note that recycling UIDs is not | |
30 | recommended in any case.) | |
31 | ||
32 | =head1 OPTIONS | |
33 | ||
34 | =over 4 | |
35 | ||
36 | =item B<-path> <I<dir/file path>>+ | |
37 | ||
38 | Names each directory for which to clean the ACL (specifying a filename | |
39 | cleans its directory's ACL). If this argument is omitted, the current | |
40 | working directory's ACL is cleaned. | |
41 | ||
42 | Specify the read/write path to each directory, to avoid the failure that | |
43 | results from attempting to change a read-only volume. By convention, the | |
44 | read/write path is indicated by placing a period before the cell name at | |
45 | the pathname's second level (for example, F</afs/.example.com>). For further | |
46 | discussion of the concept of read/write and read-only paths through the | |
47 | filespace, see the B<fs mkmount> reference page. | |
48 | ||
49 | =item B<-help> | |
50 | ||
51 | Prints the online help for this command. All other valid options are | |
52 | ignored. | |
53 | ||
54 | =back | |
55 | ||
56 | =head1 OUTPUT | |
57 | ||
58 | If there are no obsolete entries on the ACL, the following message | |
59 | appears: | |
60 | ||
61 | Access list for <path> is fine. | |
62 | ||
63 | Otherwise, the output reports the resulting state of the ACL, following the | |
64 | header | |
65 | ||
66 | Access list for <path> is now | |
67 | ||
68 | At the same time, the following error message appears for each file in the | |
69 | cleaned directories: | |
70 | ||
71 | fs: '<filename>': Not a directory | |
72 | ||
73 | =head1 EXAMPLES | |
74 | ||
75 | The following example illustrates the cleaning of the ACLs on the current | |
76 | working directory and two of its subdirectories. Only the second | |
77 | subdirectory had obsolete entries on it. | |
78 | ||
79 | % fs cleanacl -path . ./reports ./sources | |
80 | Access list for . is fine. | |
81 | Access list for ./reports is fine. | |
82 | Access list for ./sources is now | |
83 | Normal rights: | |
84 | system:authuser rl | |
85 | pat rlidwka | |
86 | ||
87 | =head1 PRIVILEGE REQUIRED | |
88 | ||
89 | The issuer must have the C<a> (administer) permission on each directory's | |
90 | ACL (or the ACL of each file's parent directory); the directory's owner | |
91 | and the members of the system:administrators group have the right | |
92 | implicitly, even if it does not appear on the ACL. | |
93 | ||
94 | =head1 SEE ALSO | |
95 | ||
96 | L<fs_listacl(1)>, | |
97 | L<fs_mkmount(1)> | |
98 | ||
99 | =head1 COPYRIGHT | |
100 | ||
101 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
102 | ||
103 | This documentation is covered by the IBM Public License Version 1.0. It was | |
104 | converted from HTML to POD by software written by Chas Williams and Russ | |
105 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |