Chapter 14. Managing Access Control Lists

Table of Contents

Summary of Instructions
Protecting Data in AFS
Differences Between UFS and AFS Data Protection
The AFS ACL Permissions
Using Normal and Negative Permissions
Using Groups on ACLs
Displaying ACLs
To display an ACL
Setting ACL Entries
To add, remove, or edit normal ACL permissions
To add, remove, or edit negative ACL permissions
Completely Replacing an ACL
To replace an ACL completely
Copying ACLs Between Directories
To copy an ACL between directories
Removing Obsolete AFS IDs from ACLs
To clean obsolete AFS IDs from an ACL
How AFS Interprets the UNIX Mode Bits

To control access to a directory and all of the files in it, AFS associates an access control list (ACL) with it, rather than the mode bits that the UNIX file system (UFS) associates with individual files or directories. AFS ACLs provide more refined access control because there are seven access permissions rather than UFS's three, and there is room for approximately 20 user or group entries on an ACL, rather than just the three UFS entries (owner, group, and other).

Summary of Instructions

This chapter explains how to perform the following tasks by using the indicated commands:

Examine access control listfs listacl
Edit ACL's normal permissions sectionfs setacl
Edit ACL's negative permissions sectionfs setacl with -negative flag
Replace an ACLfs setacl with -clear flag
Copy an ACLfs copyacl
Remove obsolete AFS UIDsfs cleanacl