nfs4_setfacl command examples

nfs4_setfacl, nfs4_editfacl – manipulate NFSv4 file/directory access control lists

Assume that the file `foo’ has the following NFSv4 ACL for the following examples:

A::OWNER@:rwatTnNcCy
D::OWNER@:x
A:g:GROUP@:rtncy
D:g:GROUP@:waxTC
A::EVERYONE@:rtncy
D::EVERYONE@:waxTC

 

– add ACE granting `alice@nfsdomain.org’ generic “read” and “execute” access (defaults to prepending ACE to ACL):

$ nfs4_setfacl -a A::alice@nfsdomain.org:rxtncy foo

– add the same ACE as above, but using aliases:

$ nfs4_setfacl -a A::alice@nfsdomain.org:RX foo

– edit existing ACL in a text editor and set modified ACL on clean save/exit:

$ nfs4_setfacl -e foo

– set ACL (overwrites original) to contents of a spec_file named `newacl.txt’:

$ nfs4_setfacl -S newacl.txt foo

– recursively set the ACLs of all files and subdirectories in the current directory, skipping all symlinks encountered, to the ACL contained in the spec_file named `newacl.txt’:

$ nfs4_setfacl -R -P -S newacl.txt *

– delete the first ACE, but only print the resulting ACL (does not save changes):

$ nfs4_setfacl --test -x 1 foo

– delete the last two ACEs above:

$ nfs4_setfacl -x A::EVERYONE@rtncy,D::EVERYONE@:waxTC foo

– modify (in-place) the second ACE above:

$ nfs4_setfacl -m D::OWNER@:x D::OWNER@:xo foo

– set ACLs of `bar’ and `frobaz’ to ACL of `foo’:

$ nfs4_getfacl foo | nfs4_setfacl -S - bar frobaz