Man Linux: Main Page and Category List

NAME

       fs_copyacl - Copies an ACL from a directory to one or more other
       directories

SYNOPSIS

       fs copyacl -fromdir <source directory (or DFS file)>
           -todir <destination directory (or DFS file)>+
           [-clear] [-id] [-if] [-help]

       fs co -f <source directory (or DFS file)>
           -t <destination directory (or DFS file)>+
           [-c] [-id] [-if] [-h]

DESCRIPTION

       The fs copyacl command copies the access control list (ACL) from a
       source directory to each specified destination directory. The source
       directory’s ACL is unchanged, and changes to the destination
       directory’s ACL obey the following rules:

       ·   If an entry on the source ACL does not already exist on the
           destination ACL, it is added.

       ·   If an entry exists on both the source and destination ACLs, the
           permissions from the source ACL entry replace the current
           permissions on the destination ACL entry.

       ·   If an entry on the destination ACL has no corresponding entry on
           the source ACL, it is removed if the -clear flag is included and is
           unchanged otherwise. In other words, if the -clear flag is
           provided, the source ACL completely replaces the destination ACL.

       When using this command to copy ACLs between objects in DFS filespace
       accessed via the AFS/DFS Migration Toolkit Protocol Translator, it is
       possible to specify files, as well as directories, with the -fromdir
       and -todir arguments. For more information on copying ACLs between DFS
       directories and files, refer to the IBM AFS/DFS Migration Toolkit
       Administration Guide and Reference.

CAUTIONS

       Do not copy ACLs between AFS and DFS files or directories. The ACL
       formats are incompatible.

OPTIONS

       -fromdir <source directory>
           Specifies the source directory from which to copy the ACL.
           (Specifying an AFS file copies its directory’s ACL, but specifying
           a DFS file copies its own ACL.) A partial pathname is interpreted
           relative to the current working directory.

       -todir <destination directory>
           Specifies each directory for which to alter the ACL to match the
           source ACL. (Specifying an AFS file halts the command with an
           error, but specifying a DFS file alters the file’s ACL). A partial
           pathname is interpreted relative to the current working directory.

           Specify the read/write path to each directory (or DFS file), to
           avoid the failure that results from attempting to change a read-
           only volume. By convention, the read/write path is indicated by
           placing a period before the cell name at the pathname’s second
           level (for example, "/afs/.abc.com"). For further discussion of the
           concept of read/write and read-only paths through the filespace,
           see the fs mkmount reference page.

       -clear
           Replaces the ACL of each destination directory with the source ACL.

       -id Modifies the Initial Container ACL of each DFS directory named by
           the -todir argument, rather than the regular Object ACL. This
           argument is supported only when both the source and each
           destination directory reside in DFS and are accessed via the
           AFS/DFS Migration Toolkit Protocol Translator.

       -if Modifies the Initial Object ACL of each DFS directory named by the
           -todir argument, rather than the regular Object ACL. This argument
           is supported only when both the source and each destination
           directory reside in DFS and are accessed via the AFS/DFS Migration
           Toolkit Protocol Translator.

       -help
           Prints the online help for this command. All other valid options
           are ignored.

EXAMPLES

       The following example command copies the current working directory’s
       ACL to its subdirectory called reports. Note that the source
       directory’s ACL is unaffected. Entries on the reports directory’s that
       are not on the source ACL of the current directory remain unaffected as
       well, because the -clear flag is not used.

          % fs listacl . reports
          Access list for . is
          Normal rights:
             pat rlidwka
             smith rlidwk
          Access list for reports is
          Normal rights:
             pat rl
             pat:friends rl
          Negative rights
             jones rlidwka

          % fs copyacl -fromdir . -todir reports

          % fs listacl . reports
          Access list for . is
          Normal rights:
             pat rlidwka
             smith rlidwk
          Access list for reports is
          Normal rights:
             pat rlidwka
             pat:friends rl
             smith rlidwk
          Negative rights
             jones rlidwka

PRIVILEGE REQUIRED

       To copy an ACL between AFS objects, the issuer must have the "l"
       (lookup) permission on the source directory’s ACL and the "a"
       (administer) permission on each destination directory’s ACL. If the
       -fromdir argument names a file rather than a directory, the issuer must
       have both the "l" and "r" (read) permissions on the ACL of the file’s
       directory.

       To copy an ACL between DFS objects, the issuer must have the r
       permission on the source directory or file’s ACL and the "c" (control)
       permission on each destination directory or file’s ACL.

SEE ALSO

       fs_listacl(1), fs_mkmount(1), fs_setacl(1)

       IBM AFS/DFS Migration Toolkit Administration Guide and Reference

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.
       It was converted from HTML to POD by software written by Chas Williams
       and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.