logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

fs_cleanacl - Remove obsolete entries from an ACL

Description

       The fscleanacl command removes from the access control list (ACL) of each specified directory or file
       any entry that refers to a user or group that no longer has a Protection Database entry. Such an entry
       appears on the ACL as an AFS user ID number (UID) rather than a name, because without a Protection
       Database entry, the File Server cannot translate the UID into a name.

       Cleaning access control lists in this way not only keeps them from becoming crowded with irrelevant
       information, but also prevents the new possessor of a recycled AFS UID from obtaining access intended for
       the former possessor of the AFS UID. (Note that recycling UIDs is not recommended in any case.)

Examples

       The following example illustrates the cleaning of the ACLs on the current working directory  and  two  of
       its subdirectories. Only the second subdirectory had obsolete entries on it.

          % fs cleanacl -path . ./reports ./sources
          Access list for . is fine.
          Access list for ./reports is fine.
          Access list for ./sources is now
          Normal rights:
             system:authuser rl
             pat rlidwka

Name

       fs_cleanacl - Remove obsolete entries from an ACL

Options

-path <dir/filepath>+
           Names  each  directory for which to clean the ACL (specifying a filename cleans its directory's ACL).
           If this argument is omitted, the current working directory's ACL is cleaned.

           Specify the read/write path to each directory, to avoid the failure that results from  attempting  to
           change a read-only volume. By convention, the read/write path is indicated by placing a period before
           the cell name at the pathname's second level (for example, /afs/.example.com). For further discussion
           of  the concept of read/write and read-only paths through the filespace, see the fsmkmount reference
           page.

       -help
           Prints the online help for this command. All other valid options are ignored.

Output

       If there are no obsolete entries on the ACL, the following message appears:

          Access list for <path> is fine.

       Otherwise, the output reports the resulting state of the ACL, following the header

          Access list for <path> is now

       At the same time, the following error message appears for each file in the cleaned directories:

          fs: '<filename>': Not a directory

Privilege Required

       The  issuer  must have the "a" (administer) permission on each directory's ACL (or the ACL of each file's
       parent directory); the directory's owner and the members of  the  system:administrators  group  have  the
       right implicitly, even if it does not appear on the ACL.

See Also

fs_listacl(1), fs_mkmount(1)

Synopsis

fscleanacl [-path <dir/filepath>+] [-help]

       fscl [-p <dir/filepath>+] [-h]

See Also