mmputacl command
Sets the GPFS™ access control list for the specified file or directory.
Synopsis
mmputacl [-d] [-i InFilename] FilenameAvailability
Available on all IBM Spectrum Scale™ editions. Available on AIX® and Linux.
Description
Use the mmputacl command to set the ACL of a file or directory.
If the -i option is not used, the command expects the input to be supplied through standard input, and waits for your response to the prompt.
For information about NFS V4 ACLs, see Managing GPFS access control lists.
Any output from the mmgetacl command can be used as input to mmputacl. The command is extended to support NFS V4 ACLs. In the case of NFS V4 ACLs, there is no concept of a default ACL. Instead, there is a single ACL and the individual access control entries can be flagged as being inherited (either by files, directories, both, or neither). Consequently, specifying the -d flag for an NFS V4 ACL is an error. By its nature, storing an NFS V4 ACL implies changing the inheritable entries (the GPFS default ACL) as well.
Command POSIX ACL NFS V4 ACL
----------- ---------------------------- ------------------------
mmputacl Access ACL (Error if default Stores the ACL (implies
ACL is NFS V4 [1]) default as well)
mmputacl -d Default ACL (Error if access Error: NFS V4 ACL (has
ACL is NFS V4 [1] no default ACL)
---------------------------------------------------------------------
[1] The default and access ACLs are not permitted to be mixed types
because NFS V4 ACLs include inherited entries, which are the
equivalent of a default ACL. An mmdelacl of the NFS V4 ACL is
required before an ACL is converted back to POSIX.
---------------------------------------------------------------------
Depending on the file system's -k setting (posix, nfs4, or all), mmputacl may be restricted. The mmputacl command is not allowed to store an NFS V4 ACL if -k posix is in effect. The mmputacl command is not allowed to store a POSIX ACL if -k nfs4 is in effect. For more information, see the description of the -k flag for the mmchfs, mmcrfs, and mmlsfs commands.
Note that the test to see if the given ACL is acceptable based on the file system's -k setting cannot be done until after the ACL is provided. For example, if mmputacl file1 is issued (no -i flag specified) the user then has to input the ACL before the command can verify that it is an appropriate ACL given the file system settings. Likewise, the command mmputacl -d dir1 (again the ACL was not given with the -i flag) requires that the ACL be entered before file system ACL settings can be tested. In this situation, the -i flag may be preferable to manually entering a long ACL, only to find out it is not allowed by the file system.
Parameters
- Filename
- The path name of the file or directory for which the ACL is to be set. If the -d option is specified, Filename must be the name of a directory.
Options
- -d
- Specifies that the default ACL of a directory is to be set. This flag cannot be used on an NFS V4 ACL.
- -i InFilename
- The path name of a source file from which the ACL is to be read.
Exit status
- 0
- Successful completion.
- nonzero
- A failure has occurred.
Security
You may issue the mmputacl command only from a node in the GPFS cluster where the file system is mounted.
You must be the file or directory owner, the root user, or someone with control permission in the ACL, to run the mmputacl command.
Examples
mmputacl -i standard.acl project2.historyuser::rwxc
group::rwx-
other::--x-
mask::rw-c
user:alpha:rwxc
group:audit:rwx-
group:system:-w--mmgetacl project.history#owner:paul
#group:design
user::rwxc
group::rwx-
other::--x-
mask::rw-c
user:alpha:rwxc
group:audit:rwx-
group:system:-w--