Command Reference Manual

fs copyacl

Purpose

Copies an ACL from one directory to one or more other directories

Synopsis

fs copyacl -fromdir <source directory or file>  
           -todir <destination directory or file>+  
           [-clear]  [-id]  [-if]  [-help]
   
fs co -f <source directory or file>  
      -t <destination directory or file>+  
      [-c]  [-id]  [-if]  [-h]

Description

The fs copyacl command copies the access control list (ACL) from a source directory to each specified destination directory. The source directory's ACL is unchanged, and changes to the destination directory's ACL obey the following rules:

• If an entry on the source ACL does not already exist on the destination ACL, it is added.

• If an entry exists on both the source and destination ACLs, the permissions from the source ACL entry replace the current permissions on the destination ACL entry.

• If an entry on the destination ACL has no corresponding entry on the source ACL, it is removed if the -clear flag is included and is unchanged otherwise. In other words, if the -clear flag is provided, the source ACL completely replaces the destination ACL.

When using this command to copy ACLs between objects in DFS filespace accessed via the AFS/DFS Migration Toolkit Protocol Translator, it is possible to specify files, as well as directories, with the -fromdir and -todir arguments. For more information on copying ACLs between DFS directories and files, refer to the AFS/DFS Migration Toolkit Administration Guide and Reference.

Cautions

Do not copy ACLs between AFS and DFS files or directories. The ACL formats are incompatible.

Options

-fromdir

Specifies the source directory from which to copy the ACL. (Specifying an AFS file copies its parent directory's ACL, but specifying a DFS file copies the file's ACL). A partial pathname is interpreted relative to the current working directory.

-todir

Specifies each directory for which to alter the ACL to match the source ACL. (Specifying an AFS file fails with an error, but specifying a DFS file alters the file's ACL). A partial pathname is interpreted relative to the current working directory.

-clear

Replaces the ACL of each destination directory with the source ACL.

-id

Modifies the Initial Container ACL of each DFS directory named by the -todir argument, rather than the regular Object ACL. This argument is supported only when both the source and each destination directory reside in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol Translator.

-if

Modifies the Initial Object ACL of each DFS directory named by the -todir argument, rather than the regular Object ACL. This argument is supported only when both the source and each destination directory reside in DFS and are accessed via the AFS/DFS Migration Toolkit Protocol Translator.

-help

Prints the online help for this command. All other valid options are ignored.

Examples

The following example command copies the current working directory's ACL to its subdirectory called reports. Note that the source directory's ACL is unaffected. Entries on the reports directory's that are not on the source ACL of the current directory remain unaffected as well, because the -clear flag is not used.

% fs listacl . reports
Access list for . is
Normal rights:
   pat rlidwka
   smith rlidwk
Access list for reports is
Normal rights:
   pat rl
   pat:friends rl
Negative rights
   jones rlidwka

% fs copyacl -fromdir . -todir reports
% fs listacl . reports
Access list for . is
Normal rights:
   pat rlidwka
   smith rlidwk
Access list for reports is
Normal rights:
   pat rlidwka
   pat:friends rl
   smith rlidwk
Negative rights
   jones rlidwka

Privilege Required

To copy an ACL between AFS objects, the issuer must have the lookup (l) permission on the source directory's ACL and the administer (a) permission on each destination directory's ACL. If the -fromdir argument names a file rather than a directory, the issuer must have both the lookup (l) and read (r) permissions on the ACL for the file's parent directory.

To copy an ACL between DFS objects, the issuer must have the read (r) permission on the source directory or file's ACL and the control (c) permission on each destination directory or file's ACL.

Related Information

fs listacl

fs setacl

AFS/DFS Migration Toolkit Administration Guide and Reference