How to share files by using ACLs?
ACLs (Access Control Lists) provide a means of specifying access rights on files. GPFS access control lists allow the definition of access rights for other users or groups.
Create or change a GPFS access control list
mmeditacl <filename>
which will open the ACL-definition of <filename> with an editor.
Note that for this command to work the EDITOR environment variable must contain a complete path name, for example on JUQUEEN: export EDITOR=/usr/bin/vim
Example:
Set read and execute permission for user user1 and execute permission only for user2 to directory dir1:
mmeditacl dir1
.... (append 3 lines to the displayed lines) ....
mask::r-x-
user:user1:r-x-
user:user2:--x-
Note that mask must have the maximum permission compared to any user permission of this ACL and that access must be granted to every directory in the hierarchy (esp. the home directory). The 4th character stands for the GPFS specific control permission.
When the file is saved, the following has to be answered:
mmeditacl: 6027-967 Should the modified ACL be applied? (yes) or (no)
Which files have an access control list?
The command
ls -l
will show a "+" for every file that has ACL set, eg.
drwx------+ 2 user group 32768 Feb 21 09:25 dir1
Delete a GPFS access control list
mmdelacl <filename>
or remove the added lines by mmeditacl.
Apply a GPFS ACL recursively
Example:
Apply ACL to all subsequent files and directories below dir1, use:
for i in `find dir1`
do
mmgetacl dir1 | mmputacl $i
done
Documentation
Please see the man pages or IBM documentation for further commands:
mmdelacl, mmgetacl, mmputacl