From 333d4b1363ab3db24e6159e8160ff9830f57e22a Mon Sep 17 00:00:00 2001 From: Ondrej Dvorak <ondrej.dvorak@vsb.cz> Date: Thu, 3 Jun 2021 07:01:38 +0000 Subject: [PATCH] Update nfs4-file-acl.md --- docs.it4i/storage/nfs4-file-acl.md | 59 +++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/docs.it4i/storage/nfs4-file-acl.md b/docs.it4i/storage/nfs4-file-acl.md index 6bead846d..00d69cd91 100644 --- a/docs.it4i/storage/nfs4-file-acl.md +++ b/docs.it4i/storage/nfs4-file-acl.md @@ -1,3 +1,58 @@ -# NFSv4 File ACL +NFSv4 ACL +================== +at the first - knowledge of ACL is necessary -## Example +ACL - access control list +ACE - access control entry + +An NFSv4 ACL consists of one or more NFSv4 ACEs, each delimited by commas or whitespace. +An NFSv4 ACE is written as a colon-delimited, 4-field string in the following format: + + <type>:<flags>:<principal>:<permissions> + + +[root@login2.salomon proj1]# nfs4_getfacl open-20-11 + +# file: open-20-11 +A::OWNER@:rwaDxtTcCy +A::GROUP@:rxtcy +A:g:open-20-11@it4i.cz:rwaDxtcy +A::EVERYONE@:tcy +A:fdi:OWNER@:rwaDxtTcCy +A:fdi:GROUP@:rxtcy +A:fdig:open-20-11@it4i.cz:rwaDxtcy +A:fdi:EVERYONE@:tcy + + + * <type> - one of: + 'A' allow + 'D' deny + 'U' audit + 'L' alarm + + * <flags> - zero or more (depending on <type>) of: + 'f' file-inherit + 'd' directory-inherit + 'p' no-propagate-inherit + 'i' inherit-only + 'S' successful-access + 'F' failed-access + 'g' group (denotes that <principal> is a group) + + * <principal> - named user or group, or one of: "OWNER@", "GROUP@", "EVERYONE@" + + * <permissions> - one or more of: + 'r' read-data / list-directory + 'w' write-data / create-file + 'a' append-data / create-subdirectory + 'x' execute + 'd' delete + 'D' delete-child (directories only) + 't' read-attrs + 'T' write-attrs + 'n' read-named-attrs + 'N' write-named-attrs + 'c' read-ACL + 'C' write-ACL + 'o' write-owner + 'y' synchronize -- GitLab