1
.\" NFSv4 Access Control Lists manual pages
2
.\" format with: groff -man -Tascii foo.1
6
.TH NFS4_SETFACL 1 "version 0.3.3, August 2008" "Linux" "NFSv4 Access Control Lists"
8
nfs4_setfacl, nfs4_editfacl \- manipulate NFSv4 file/directory access control lists
11
.BR nfs4_setfacl " [OPTIONS] COMMAND "
14
.BR nfs4_editfacl " [OPTIONS] "
18
manipulates the NFSv4 Access Control List (ACL) of one or more
20
(or directories), provided they are on a mounted NFSv4 filesystem
25
.BR "nfs4_setfacl -e" .
30
manpage for information about NFSv4 ACL terminology and syntax.
33
.BR "-a " "\fIacl_spec\fP [\fIindex\fP]"
34
.RI "add the ACEs from " acl_spec " to " file "'s ACL."
35
ACEs are inserted starting at the
37
position (DEFAULT: 1) of
41
.BR "-A " "\fIacl_file\fP [\fIindex\fP]"
42
.RI "add the ACEs from the acl_spec in " acl_file " to " file "'s ACL."
43
ACEs are inserted starting at the
45
position (DEFAULT: 1) of
48
.BI "-x " "acl_spec \fR|\fP index"
49
delete ACEs matched from
55
ACL. Note that the ordering of the ACEs in
60
delete ACEs matched from the acl_spec in
61
.IR acl_file " from " file "'s ACL."
62
Note that the ordering of the ACEs in the acl_spec does not matter.
65
.RI "set " file "'s ACL to " acl_spec .
68
.RI "set " file "'s ACL to the acl_spec in " acl_file .
71
.RI "edit " file "'s ACL in the editor defined in the EDITOR environment variable (DEFAULT: "
72
.BR vi "(1)) and set the resulting ACL upon a clean exit, assuming changes made in the editor
73
were saved. Note that if multiple
74
.IR files " are specified, the editor will be serially invoked once per " file .
76
.BI "-m " "from_ace to_ace"
77
.RI "modify " file "'s ACL in-place by replacing " from_ace " with " to_ace .
79
.BR "-?" ", " "-h" ", " "--help"
80
display help text and exit.
83
display this program's version and exit.
85
.RI "NOTE: if '-' is given as the " acl_file
87
.RB "with the " -A / -X / -S " flags, the acl_spec will be read from stdin."
90
.BR "-R" , " --recursive"
91
recursively apply to a directory's files and subdirectories. Similar to
93
the default behavior is to follow symlinks given on the command line and to skip symlinks
94
encountered while recursing through directories.
96
.BR "-L" , " --logical"
98
.BR -R / --recursive ", a logical walk follows all symbolic links."
100
.BR "-P" , " --physical"
102
.BR -R / --recursive ", a physical walk skips all symbolic links."
107
but do not save changes.
109
.SH PERMISSIONS ALIASES
112
one can use simple abbreviations ("aliases") to express generic "read"
116
and generic "execute"
119
familiar from the POSIX mode bits used by, e.g.,
121
To use these aliases, one can put them in the
123
field of an NFSv4 ACE and
125
will convert them: an
135
added to directory ACEs), and an
141
manpage for information on specific NFSv4 ACE
144
For example, if one wanted to grant generic "read" and "write" access on a file, the NFSv4
146
field would normally contain something like
148
Instead, one might use aliases to accomplish the same goal with
153
not included in any of the aliases are
157
(write-owner). However, they can still be used: e.g., a
161
expresses generic "write" access as well as the ability to delete and change ownership.
163
Assume that the file `foo' has the following NFSv4 ACL for the following examples:
176
add ACE granting `alice@nfsdomain.org' generic "read" and "execute" access (defaults to prepending ACE to ACL):
178
$ nfs4_setfacl -a A::alice@nfsdomain.org:rxtncy foo
180
add the same ACE as above, but using aliases:
182
$ nfs4_setfacl -a A::alice@nfsdomain.org:RX foo
184
edit existing ACL in a text editor and set modified ACL on clean save/exit:
186
$ nfs4_setfacl -e foo
188
set ACL (overwrites original) to contents of a
192
$ nfs4_setfacl -S newacl.txt foo
194
recursively set the ACLs of all files and subdirectories in the current directory, skipping
195
all symlinks encountered, to the ACL contained in the
199
$ nfs4_setfacl -R -P -S newacl.txt *
201
delete the first ACE, but only print the resulting ACL (does not save changes):
203
$ nfs4_setfacl --test -x 1 foo
205
delete the last two ACEs above:
207
$ nfs4_setfacl -x "A::EVERYONE@rtncy, D::EVERYONE@:waxTC" foo
209
modify (in-place) the second ACE above:
211
$ nfs4_setfacl -m D::OWNER@:x D::OWNER@:xo foo
213
set ACLs of `bar' and `frobaz' to ACL of `foo':
215
$ nfs4_getfacl foo | nfs4_setfacl -S - bar frobaz
218
was written by people at CITI, the Center for Information Technology Integration
219
.RI ( http://www.citi.umich.edu ).
220
This manpage was written by David Richter.
222
Please send bug reports, feature requests, and comments to
223
.RI < nfsv4@linux-nfs.org >.
225
.BR nfs4_getfacl "(1), " nfs4_acl (5),
226
.IR RFC3530 " (NFSv4.0), NFSv4.1 Minor Version Draft."