Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
docs.it4i.cz
Manage
Activity
Members
Labels
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
SCS
docs.it4i.cz
Commits
f52d82af
Commit
f52d82af
authored
3 years ago
by
Jan Siwiec
Browse files
Options
Downloads
Patches
Plain Diff
Update nfs4-file-acl.md
parent
0714cac8
No related branches found
No related tags found
1 merge request
!323
extended-acls-storage-section
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs.it4i/storage/nfs4-file-acl.md
+46
-47
46 additions, 47 deletions
docs.it4i/storage/nfs4-file-acl.md
with
46 additions
and
47 deletions
docs.it4i/storage/nfs4-file-acl.md
+
46
−
47
View file @
f52d82af
# NFSv4 ACL
A
t the first - knowledge of ACL is necessary
A
n NFSv4 ACL consists of one or more NFSv4 ACEs (Access Control Entry), each delimited by a comma or whitespace.
ACL - access control list
ACE - access control entry
An NFSv4 ACL consists of one or more NFSv4 ACEs, each delimited by commas or whitespace.
An NFSv4 ACE is written as a colon-delimited, 4-field string in the following format:
```
code
<type>:<flags>:<principal>:<permissions>
```
## ACE Elements
*
<type>
- one of:
| Flag | Name |
| ---- | ----- |
| A | allow |
| D | deny |
| U | audit |
| L | alarm |
*
<flags>
- zero or more (depending on
<type>
) of:
| Flag | Name |
| ---- | ------------------------------------------- |
| f | file-inherit |
| d | directory-inherit |
| p | no-propagate-inherit |
| i | inherit-only |
| S | successful-access |
| F | failed-access |
| g | group (denotes that
<principal>
is a group) |
*
<principal>
- named user or group, or one of: "OWNER@", "GROUP@", "EVERYONE@"
*
<permissions>
- one or more of:
| Flag | Name |
| ---- | --------------------------------- |
| r | read-data / list-directory |
| w | write-data / create-file |
| a | append-data / create-subdirectory |
| x | execute |
| d | delete |
| D | delete-child (directories only) |
| t | read-attrs |
| T | write-attrs |
| n | read-named-attrs |
| N | write-named-attrs |
| c | read-ACL |
| C | write-ACL |
| o | write-owner |
| y | synchronize |
## Example
```
code
[root@login2.salomon proj1]# nfs4_getfacl open-20-11
...
...
@@ -25,45 +66,3 @@ A:fdi:GROUP@:rxtcy
A:fdig:open-20-11@it4i.cz:rwaDxtcy
A:fdi:EVERYONE@:tcy
```
*
<type>
- one of:
| Flag || Name |
| ---- || ----- |
| A || allow |
| D || deny |
| U || audit |
| L || alarm |
*
<flags>
- zero or more (depending on
<type>
) of:
| Flag || Name |
| ---- || ------------------------------------------- |
| f || file-inherit |
| d || directory-inherit |
| p || no-propagate-inherit |
| i || inherit-only |
| S || successful-access |
| F || failed-access |
| g || group (denotes that
<principal>
is a group) |
*
<principal>
- named user or group, or one of: "OWNER@", "GROUP@", "EVERYONE@"
*
<permissions>
- one or more of:
| Flag || Name |
| ---- || --------------------------------- |
| r || read-data / list-directory |
| w || write-data / create-file |
| a || append-data / create-subdirectory |
| x || execute |
| d || delete |
| D || delete-child (directories only) |
| t || read-attrs |
| T || write-attrs |
| n || read-named-attrs |
| N || write-named-attrs |
| c || read-ACL |
| C || write-ACL |
| o || write-owner |
| y || synchronize |
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
