Search

link to homepage

Institute for Advanced Simulation (IAS)

Navigation and service


How to share files by using ACLs?

ACLs (Access Control Lists) provide a means of specifying access rights on files. GPFS access control lists allow the definition of access rights for other users or groups.

Create or change a GPFS access control list

mmeditacl <filename>

which will open the ACL-definition of <filename> with an editor.


Note that for this command to work the EDITOR environment variable must contain a complete path name, for example on JUQUEEN: export EDITOR=/usr/bin/vim

Example:
Set read and execute permission for user user1 and execute permission only for user2 to directory dir1:

mmeditacl dir1
.... (append 3 lines to the displayed lines) ....
mask::r-x-
user:user1:r-x-
user:user2:--x-

Note that mask must have the maximum permission compared to any user permission of this ACL and that access must be granted to every directory in the hierarchy (esp. the home directory). The 4th character stands for the GPFS specific control permission.

When the file is saved, the following has to be answered:

mmeditacl: 6027-967 Should the modified ACL be applied? (yes) or (no)

Which files have an access control list?

The command

ls -l

will show a "+" for every file that has ACL set, eg.

drwx------+ 2 user group 32768 Feb 21 09:25 dir1

Delete a GPFS access control list

mmdelacl <filename>

or remove the added lines by mmeditacl.

Apply a GPFS ACL recursively

Example:
Apply ACL to all subsequent files and directories below dir1, use:

for i in `find dir1`
do
mmgetacl dir1 | mmputacl $i
done

Documentation

Please see the man pages or IBM documentation for further commands:

mmdelacl, mmgetacl, mmputacl


Servicemeu

Homepage