Newer
Older
NFSv4 ACL
==================
at the first - knowledge of ACL is necessary
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
ACL - access control list
ACE - access control entry
An NFSv4 ACL consists of one or more NFSv4 ACEs, each delimited by commas or whitespace.
An NFSv4 ACE is written as a colon-delimited, 4-field string in the following format:
<type>:<flags>:<principal>:<permissions>
[root@login2.salomon proj1]# nfs4_getfacl open-20-11
# file: open-20-11
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A:g:open-20-11@it4i.cz:rwaDxtcy
A::EVERYONE@:tcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rxtcy
A:fdig:open-20-11@it4i.cz:rwaDxtcy
A:fdi:EVERYONE@:tcy
* <type> - one of:
'A' allow
'D' deny
'U' audit
'L' alarm
* <flags> - zero or more (depending on <type>) of:
'f' file-inherit
'd' directory-inherit
'p' no-propagate-inherit
'i' inherit-only
'S' successful-access
'F' failed-access
'g' group (denotes that <principal> is a group)
* <principal> - named user or group, or one of: "OWNER@", "GROUP@", "EVERYONE@"
* <permissions> - one or more of:
'r' read-data / list-directory
'w' write-data / create-file
'a' append-data / create-subdirectory
'x' execute
'd' delete
'D' delete-child (directories only)
't' read-attrs
'T' write-attrs
'n' read-named-attrs
'N' write-named-attrs
'c' read-ACL
'C' write-ACL
'o' write-owner
'y' synchronize