From 0f95108832c5466a94defbe890cffebaa9dfb7e3 Mon Sep 17 00:00:00 2001
From: Jan Siwiec <jan.siwiec@vsb.cz>
Date: Tue, 15 Jun 2021 11:34:25 +0000
Subject: [PATCH] added nfs4 file acl

---
 docs.it4i/storage/nfs4-file-acl.md | 69 ++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 docs.it4i/storage/nfs4-file-acl.md

diff --git a/docs.it4i/storage/nfs4-file-acl.md b/docs.it4i/storage/nfs4-file-acl.md
new file mode 100644
index 000000000..1b7a3256b
--- /dev/null
+++ b/docs.it4i/storage/nfs4-file-acl.md
@@ -0,0 +1,69 @@
+# NFSv4 File ACL
+
+An NFSv4 ACL consists of one or more NFSv4 ACEs (Access Control Entry), each delimited by a comma or whitespace.
+
+An NFSv4 ACE is written as a colon-delimited, 4-field string in the following format:
+
+``` code
+<type>:<flags>:<principal>:<permissions>
+```
+
+## ACE Elements
+
+`<type>` - one of:
+
+| Flag | Name  |
+| ---- | ----- |
+| A    | allow |
+| D    | deny  |
+| U    | audit |
+| L    | alarm |
+
+`<flags>` - zero or more (depending on `<type>`) of:
+
+| Flag | Name                                        |
+| ---- | ------------------------------------------- |
+| f    | file-inherit                                |
+| d    | directory-inherit                           |
+| p    | no-propagate-inherit                        |
+| i    | inherit-only                                |
+| S    | successful-access                           |
+| F    | failed-access                               |
+| g    | group (denotes that <principal> is a group) |
+
+`<principal>` - named user or group, or one of: `OWNER@`, `GROUP@`, `EVERYONE@`
+
+`<permissions>` - one or more of:
+
+| Flag | Name                              |
+| ---- | --------------------------------- |
+| r    | read-data / list-directory        |
+| w    | write-data / create-file          |
+| a    | append-data / create-subdirectory |
+| x    | execute                           |
+| d    | delete                            |
+| D    | delete-child (directories only)   |
+| t    | read-attrs                        |
+| T    | write-attrs                       |
+| n    | read-named-attrs                  |
+| N    | write-named-attrs                 |
+| c    | read-ACL                          |
+| C    | write-ACL                         |
+| o    | write-owner                       |
+| y    | synchronize                       |
+
+## Example
+
+``` code
+[root@login2.salomon proj1]# nfs4_getfacl open-20-11
+
+# file: open-20-11
+A::OWNER@:rwaDxtTcCy
+A::GROUP@:rxtcy
+A:g:open-20-11@it4i.cz:rwaDxtcy
+A::EVERYONE@:tcy
+A:fdi:OWNER@:rwaDxtTcCy
+A:fdi:GROUP@:rxtcy
+A:fdig:open-20-11@it4i.cz:rwaDxtcy
+A:fdi:EVERYONE@:tcy
+```
-- 
GitLab