NAME
fs_cleanacl - Remove obsolete entries from an ACL
SYNOPSIS
fs cleanacl [-path <dir/file path>+] [-help]
fs cl [-p <dir/file path>+] [-h]
DESCRIPTION
The fs cleanacl command removes from the access control list (ACL) of
each specified directory or file any entry that refers to a user or
group that no longer has a Protection Database entry. Such an entry
appears on the ACL as an AFS user ID number (UID) rather than a name,
because without a Protection Database entry, the File Server cannot
translate the UID into a name.
Cleaning access control lists in this way not only keeps them from
becoming crowded with irrelevant information, but also prevents the new
possessor of a recycled AFS UID from obtaining access intended for the
former possessor of the AFS UID. (Note that recycling UIDs is not
recommended in any case.)
OPTIONS
-path <dir/file path>+
Names each directory for which to clean the ACL (specifying a
filename cleans its directory’s ACL). If this argument is omitted,
the current working directory’s ACL is cleaned.
Specify the read/write path to each directory, to avoid the failure
that results from attempting to change a read-only volume. By
convention, the read/write path is indicated by placing a period
before the cell name at the pathname’s second level (for example,
/afs/.abc.com). For further discussion of the concept of read/write
and read-only paths through the filespace, see the fs mkmount
reference page.
-help
Prints the online help for this command. All other valid options
are ignored.
OUTPUT
If there are no obsolete entries on the ACL, the following message
appears:
Access list for <path> is fine.
Otherwise, the output reports the resulting state of the ACL, following
the header
Access list for <path> is now
At the same time, the following error message appears for each file in
the cleaned directories:
fs: '<filename>': Not a directory
EXAMPLES
The following example illustrates the cleaning of the ACLs on the
current working directory and two of its subdirectories. Only the
second subdirectory had obsolete entries on it.
% fs cleanacl -path . ./reports ./sources
Access list for . is fine.
Access list for ./reports is fine.
Access list for ./sources is now
Normal rights:
system:authuser rl
pat rlidwka
PRIVILEGE REQUIRED
The issuer must have the "a" (administer) permission on each
directory’s ACL (or the ACL of each file’s parent directory); the
directory’s owner and the members of the system:administrators group
have the right implicitly, even if it does not appear on the ACL.
SEE ALSO
fs_listacl(1), fs_mkmount(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.