.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "FS_CLEANACL 1" .TH FS_CLEANACL 1 2024-03-20 OpenAFS "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME fs_cleanacl \- Remove obsolete entries from an ACL .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBfs cleanacl\fR [\fB\-path\fR\ <\fIdir/file\ path\fR>+] [\fB\-help\fR] .PP \&\fBfs cl\fR [\fB\-p\fR\ <\fIdir/file\ path\fR>+] [\fB\-h\fR] .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBfs cleanacl\fR command removes from the access control list (ACL) of each specified directory or file any entry that refers to a user or group that no longer has a Protection Database entry. Such an entry appears on the ACL as an AFS user ID number (UID) rather than a name, because without a Protection Database entry, the File Server cannot translate the UID into a name. .PP Cleaning access control lists in this way not only keeps them from becoming crowded with irrelevant information, but also prevents the new possessor of a recycled AFS UID from obtaining access intended for the former possessor of the AFS UID. (Note that recycling UIDs is not recommended in any case.) .SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-path\fR <\fIdir/file path\fR>+" 4 .IX Item "-path +" Names each directory for which to clean the ACL (specifying a filename cleans its directory's ACL). If this argument is omitted, the current working directory's ACL is cleaned. .Sp Specify the read/write path to each directory, to avoid the failure that results from attempting to change a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, \fI/afs/.example.com\fR). For further discussion of the concept of read/write and read-only paths through the filespace, see the \fBfs mkmount\fR reference page. .IP \fB\-help\fR 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH OUTPUT .IX Header "OUTPUT" If there are no obsolete entries on the ACL, the following message appears: .PP .Vb 1 \& Access list for is fine. .Ve .PP Otherwise, the output reports the resulting state of the ACL, following the header .PP .Vb 1 \& Access list for is now .Ve .PP At the same time, the following error message appears for each file in the cleaned directories: .PP .Vb 1 \& fs: \*(Aq\*(Aq: Not a directory .Ve .SH EXAMPLES .IX Header "EXAMPLES" The following example illustrates the cleaning of the ACLs on the current working directory and two of its subdirectories. Only the second subdirectory had obsolete entries on it. .PP .Vb 7 \& % fs cleanacl \-path . ./reports ./sources \& Access list for . is fine. \& Access list for ./reports is fine. \& Access list for ./sources is now \& Normal rights: \& system:authuser rl \& pat rlidwka .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The issuer must have the \f(CW\*(C`a\*(C'\fR (administer) permission on each directory's ACL (or the ACL of each file's parent directory); the directory's owner and the members of the system:administrators group have the right implicitly, even if it does not appear on the ACL. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBfs_listacl\fR\|(1), \&\fBfs_mkmount\fR\|(1) .SH COPYRIGHT .IX Header "COPYRIGHT" IBM Corporation 2000. All Rights Reserved. .PP This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.