mmeditacl command
Creates or changes a GPFS™ access control list.
Synopsis
mmeditacl [-d] [-k {nfs4 | posix | native}] Filename
Availability
Available on all IBM Spectrum Scale™ editions.
Description
Use the mmeditacl command for interactive editing of the ACL of a file or directory. This command uses the default editor, specified in the EDITOR environment variable, to display the current access control information, and allows the file owner to change it. The command verifies the change request with the user before making permanent changes.
This command cannot be run from a Windows node.
export EDITOR=/bin/vi
For information about NFS V4 ACLs, see Managing GPFS access control lists and Native NFS and GPFS.
- By default, mmeditacl returns the ACL
in a format consistent with the file system setting, specified using
the -k flag on the mmcrfs or mmchfs commands.
- If the setting is posix, the ACL is shown as a traditional ACL.
- If the setting is nfs4, the ACL is shown as an NFS V4 ACL.
- If the setting is all, the ACL is returned in its true form.
- The command mmeditacl -k nfs4 always produces an NFS V4 ACL.
- The command mmeditacl -k posix always produces a traditional ACL.
- The command mmeditacl -k native always shows the ACL in its true form regardless of the file system setting.
Command ACL mmcrfs -k Display -d (default)
------------------- ----- --------- ------------- --------------
mmeditacl posix posix Access ACL Default ACL
mmeditacl posix nfs4 NFS V4 ACL Error[1]
mmeditacl posix all Access ACL Default ACL
mmeditacl nfs4 posix Access ACL[2] Default ACL[2]
mmeditacl nfs4 nfs4 NFS V4 ACL Error[1]
mmeditacl nfs4 all NFS V4 ACL Error[1]
mmeditacl -k native posix any Access ACL Default ACL
mmeditacl -k native nfs4 any NFS V4 ACL Error[1]
mmeditacl -k posix posix any Access ACL Default ACL
mmeditacl -k posix nfs4 any Access ACL[2] Default ACL[2]
mmeditacl -k nfs4 any any NFS V4 ACL Error[1]
---------------------------------------------------------------------
[1] NFS V4 ACLs include inherited entries. Consequently, there cannot
be a separate default ACL.
[2] Only the mode entries (owner, group, everyone) are translated.
The rwx values are derived from the
NFS V4 file mode attribute. Since the NFS V4 ACL is more granular
in nature, some information is lost in this translation.
---------------------------------------------------------------------
In the case of NFS V4 ACLs, there is no concept of a default ACL. Instead, there is a single ACL and the individual access control entries can be flagged as being inherited (either by files, directories, both, or neither). Consequently, specifying the -d flag for an NFS V4 ACL is an error. By its nature, storing an NFS V4 ACL implies changing the inheritable entries (the GPFS default ACL) as well.
Depending on the file system's -k setting (posix, nfs4, or all), mmeditacl may be restricted. The mmeditacl command is not allowed to store an NFS V4 ACL if -k posix is in effect, and is not allowed to store a POSIX ACL if -k nfs4 is in effect. For more information, see the description of the -k flag for the mmchfs, mmcrfs, and mmlsfs commands.
Parameters
- Filename
- The path name of the file or directory for which the ACL is to be edited. If the -d option is specified, Filename must contain the name of a directory.
Options
- -d
- Specifies that the default ACL of a directory is to be edited.
- -k {nfs4 | posix | native}
-
- nfs4
- Always produces an NFS V4 ACL.
- posix
- Always produces a traditional ACL.
- native
- Always shows the ACL in its true form regardless of the file system setting.
This option should not be used for routine ACL manipulation. It is intended to provide a way to show the translations that are done. For example, if a posix ACL is translated by NFS V4. Beware that if the -k nfs4 flag is used, but the file system does not allow NFS V4 ACLs, you will not be able to store the ACL that is returned. If the file system does support NFS V4 ACLs, the -k nfs4 flag is an easy way to convert an existing posix ACL to nfs4 format.
Exit status
- 0
- Successful completion.
- nonzero
- A failure has occurred.
Security
You may issue the mmeditacl command only from a node in the GPFS cluster where the file system is mounted.
The mmeditacl command may be used to display an ACL. POSIX ACLs may be displayed by any user with access to the file or directory. NFS V4 ACLs have a READ_ACL permission that is required for non-privileged users to be able to see an ACL. To change an existing ACL, the user must either be the owner, the root user, or someone with control permission (WRITE_ACL is required where the existing ACL is of type NFS V4).
Examples
mmeditacl project2.history
The
current ACL entries are displayed using the default editor, provided
that the EDITOR environment variable specifies a complete path name.
When the file is saved, the system displays information similar to: mmeditacl: 6027-967 Should the modified ACL be applied? (yes) or (no)
After
responding yes, the ACLs are applied.