Update nfs4-file-acl.md

333d4b13 · Ondrej Dvorak · 697108e5 · 333d4b13
Commit 333d4b13 authored 3 years ago by Ondrej Dvorak
--- a/docs.it4i/storage/nfs4-file-acl.md
+++ b/docs.it4i/storage/nfs4-file-acl.md
-# NFSv4 File ACL
+NFSv4 ACL
+==================
+at the first - knowledge of ACL is necessary
-## Example
+ACL - access control list
+ACE - access control entry
+An NFSv4 ACL consists of one or more NFSv4 ACEs, each delimited by commas or whitespace.
+An NFSv4 ACE is written as a colon-delimited, 4-field string in the following format:
+    <type>:<flags>:<principal>:<permissions>
+[root@login2.salomon proj1]# nfs4_getfacl open-20-11
+# file: open-20-11
+A::OWNER@:rwaDxtTcCy
+A::GROUP@:rxtcy
+A:g:open-20-11@it4i.cz:rwaDxtcy
+A::EVERYONE@:tcy
+A:fdi:OWNER@:rwaDxtTcCy
+A:fdi:GROUP@:rxtcy
+A:fdig:open-20-11@it4i.cz:rwaDxtcy
+A:fdi:EVERYONE@:tcy
+    * <type> - one of:
+        'A'  allow
+        'D'  deny
+        'U'  audit
+        'L'  alarm
+    * <flags> - zero or more (depending on <type>) of:
+        'f'  file-inherit
+        'd'  directory-inherit
+        'p'  no-propagate-inherit
+        'i'  inherit-only
+        'S'  successful-access
+        'F'  failed-access
+        'g'  group (denotes that <principal> is a group)
+    * <principal> - named user or group, or one of: "OWNER@", "GROUP@", "EVERYONE@"
+    * <permissions> - one or more of:
+        'r'  read-data / list-directory 
+        'w'  write-data / create-file 
+        'a'  append-data / create-subdirectory 
+        'x'  execute 
+        'd'  delete
+        'D'  delete-child (directories only)
+        't'  read-attrs
+        'T'  write-attrs
+        'n'  read-named-attrs
+        'N'  write-named-attrs
+        'c'  read-ACL
+        'C'  write-ACL
+        'o'  write-owner
+        'y'  synchronize