3 fs_cleanacl - Remove obsolete entries from an ACL
10 B<fs cleanacl> S<<< [B<-path> <I<dir/file path>>+] >>> [B<-help>]
12 B<fs cl> S<<< [B<-p> <I<dir/file path>>+] >>> [B<-h>]
19 The B<fs cleanacl> command removes from the access control list (ACL) of
20 each specified directory or file any entry that refers to a user or group
21 that no longer has a Protection Database entry. Such an entry appears on
22 the ACL as an AFS user ID number (UID) rather than a name, because without
23 a Protection Database entry, the File Server cannot translate the UID into
26 Cleaning access control lists in this way not only keeps them from
27 becoming crowded with irrelevant information, but also prevents the new
28 possessor of a recycled AFS UID from obtaining access intended for the
29 former possessor of the AFS UID. (Note that recycling UIDs is not
30 recommended in any case.)
36 =item B<-path> <I<dir/file path>>+
38 Names each directory for which to clean the ACL (specifying a filename
39 cleans its directory's ACL). If this argument is omitted, the current
40 working directory's ACL is cleaned.
42 Specify the read/write path to each directory, to avoid the failure that
43 results from attempting to change a read-only volume. By convention, the
44 read/write path is indicated by placing a period before the cell name at
45 the pathname's second level (for example, F</afs/.example.com>). For further
46 discussion of the concept of read/write and read-only paths through the
47 filespace, see the B<fs mkmount> reference page.
51 Prints the online help for this command. All other valid options are
58 If there are no obsolete entries on the ACL, the following message
61 Access list for <path> is fine.
63 Otherwise, the output reports the resulting state of the ACL, following the
66 Access list for <path> is now
68 At the same time, the following error message appears for each file in the
71 fs: '<filename>': Not a directory
75 The following example illustrates the cleaning of the ACLs on the current
76 working directory and two of its subdirectories. Only the second
77 subdirectory had obsolete entries on it.
79 % fs cleanacl -path . ./reports ./sources
80 Access list for . is fine.
81 Access list for ./reports is fine.
82 Access list for ./sources is now
87 =head1 PRIVILEGE REQUIRED
89 The issuer must have the C<a> (administer) permission on each directory's
90 ACL (or the ACL of each file's parent directory); the directory's owner
91 and the members of the system:administrators group have the right
92 implicitly, even if it does not appear on the ACL.
101 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
103 This documentation is covered by the IBM Public License Version 1.0. It was
104 converted from HTML to POD by software written by Chas Williams and Russ
105 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.