Content-type: text/html

<HTML><HEAD><TITLE>Manpage of cmacl</TITLE>
</HEAD><BODY>
<H1>cmacl</H1>
Section: User Commands  (1)<BR>Updated: SnapshotCM<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>

<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

cmacl - list and edit SnapshotCM Access Control Lists (ACLs)
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>cmacl</B>

[options]
[<B>-e</B>aclPattern]

[path ...]
<P>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION </H2>

<B>cmacl</B>

lists and edits SnapshotCM access control lists (ACLs).
Specify the type of ACL to display with one of the
<B>-A</B>

(server administration ACL),
<B>-C</B>

(account ACL),
<B>-P path ...</B>

(project or snapshot path), or
<B>-F path ...</B>

(file path) options.
<P>
<P>

Only one type of ACL can be operated upon at a time,
though multiple snapshot or file ACLs can be displayed or edited with one command.
<P>
<P>

Use the
<B>-e aclPattern</B>

option to edit an ACL.
Use the
<B>-r</B>

option with the
<B>-e</B>

option to set an ACL to an explicit value (rather than editing the previous value).
<P>
<P>

<A NAME="lbAE">&nbsp;</A>
<H3>AclPattern</H3>

The aclPattern specification is as follows:
<P>

aclPattern = &lt;acctEdit&gt;[,&lt;acctEdit&gt;][,...]
<BR>

acctEdit = [&quot;+&quot; | &quot;-&quot; | &quot;=&quot;]&lt;account&gt;[&lt;bitEdit&gt;...]
<BR>

account = u:&lt;name&gt; | g:&lt;name&gt; | &lt;name&gt;
<BR>

bitEdit = +[&lt;bits&gt;] | -[&lt;bits&gt;] | =[&lt;bits&gt;]
<BR>

bits = [vmpcdrwb]...
<BR>

name = user or group account name (g: or u: forces type)
<P>

The account name can begin with a <B>g:</B> or u: to signify
the type of account.
If omitted, a user account will be looked for first.
If no user account of that name exists, then a group account will be looked for.
If no user or group account of that name exists, an error will be reported.
<P>

The account name can be preceded by a plus, minus, equals or nothing,
all of which have different meaning.
A plus says to add the account entry to the ACL if not present.
If an entry for that account already exists in the ACL,
the edit pattern is ignored and no action is taken.
<P>
A minus says to remove any entry for the specified account from the ACL.
<P>
An equals says to edit any existing entry for the specified account.
If no entry for the specified account exists, the ACL is not modified.
<P>
If none of these symbols precedes the account name,
then the account entry is added to the ACL if not present,
and edited if already present.
<P>

<A NAME="lbAF">&nbsp;</A>
<H3>Permissions</H3>

The permission bits can be specified in lower or upper case and
may be preceded by a plus, minus, or equals.
A plus means to incrementally add the bits to the account entry,
a minus means to incrementally remove the bits from the account entry,
and an equals means to absolutely set the bits for the account as specified.
<P>
The bits have the following meanings:
<DL COMPACT>
<DT><B>v</B>

<DD>
View or traverse projects and snapshots; view accounts
(Administration, Project/Snapshot, Account).
<P>
<DT><B>m</B>

<DD>
Modify project, snapshot or accounts
(Administration, Project/Snapshot, Account).
<P>
<DT><B>p</B>

<DD>
Edit ACL permissions
(All).
<P>
<DT><B>c</B>

<DD>
Create child projects/snapshots
(Administration, Project/Snapshot).
<P>
<DT><B>d</B>

<DD>
Delete projects, snapshots or accounts
(Administration, Project/Snapshot, Account).
<P>
<DT><B>r</B>

<DD>
Read files in snapshot.
(Administration, Project/Snapshot, File).
<P>
<DT><B>w</B>

<DD>
Write, create, delete files in snapshot
(Administration, Project/Snapshot, File).
<P>
<DT><B>b</B>

<DD>
Allow backup access
(Administration ACL).
<P>
</DL>
<P>

<A NAME="lbAG">&nbsp;</A>
<H3>Options</H3>

<P>
<DL COMPACT>
<DT><B>-A</B>

<DD>
Operate on the Administration ACL.
<P>
<DT><B>-C</B>

<DD>
Operate on the Account ACL.
<P>
<DT><B>-F</B>

<DD>
Operate on the specified File ACLs.
The snapshot through which to operate must be specified with
the <B>-S</B>path option.
<P>
<DT><B>-P</B>

<DD>
Operate on the specified Project, Project Folder or Snapshot ACLs.
<P>
<DT><B>-e</B>aclEditPattern

<DD>
Specify how to edit the selected ACLs.
If omitted, the selected ACLs will be printed in a format compatible
with this option.
<P>
<DT><B>-h</B>host

<DD>
Specify the server to access.
The server on the current system is the default if omitted.
<P>
<DT><B>-q</B>

<DD>
Suppress normal output.
<P>
<DT><B>-r</B>

<DD>
Reset the ACL.
All elements will be removed from the target ACL before the
aclEditPattern is applied.
Has no effect if the <B>-e</B> option is omitted.
<P>
<DT><B>-R</B>

<DD>
Operate recursively.  Valid only with the <B>-P</B> option.
<P>
<DT><B>-S</B>path

<DD>
Specify with <B>-F</B> to indicate the snapshot in which the file paths
are valid.
<P>
<DT><B>-V</B>

<DD>
Print internal command version.
<P>
</DL>
<A NAME="lbAH">&nbsp;</A>
<H2>RETURN VALUE</H2>

Exit status is 0 if the operation succeeded, 1 if there was an error
performing the operation, and 2 if there was a bad option or network error.
<A NAME="lbAI">&nbsp;</A>
<H2>EXAMPLES</H2>

To list the Administration ACL on server blue, enter:
<P>
<DL COMPACT><DT><DD>
<B>cmacl -A -h blue </B>

</DL>

<P>

To remove the everyone group from the /Project ACL, enter:
<P>
<DL COMPACT><DT><DD>
<B>cmacl -P -h blue -e-everyone /Project</B>

</DL>

<P>

To grant joe delete permissions on objects where he already has explicit
permissions, enter:
<P>
<DL COMPACT><DT><DD>
<B>cmacl -P -h blue -e=joe+D /Project</B>

</DL>

<P>

To set the ACL so michelle has all access, and everyone else has only view and read access:
<P>
<DL COMPACT><DT><DD>
<B>cmacl -P -h blue -r -e michelle=VMPCDRW,everyone=vr /Project</B>

</DL>

<P>

To grant nathan all access on /file.txt and deny all other access, enter:
<P>
<DL COMPACT><DT><DD>
<B>cmacl -F -h blue -r -e nathan=PRW -S /proj/Current /file.txt</B>

</DL>

<P>
<A NAME="lbAJ">&nbsp;</A>
<H2>SEE ALSO</H2>

<A HREF="http://localhost/cgi-bin/man/man2html?1+cmaccount">cmaccount</A>(1), <A HREF="http://localhost/cgi-bin/man/man2html?1+cmadmin">cmadmin</A>(1), <A HREF="http://localhost/cgi-bin/man/man2html?1+cmconfig">cmconfig</A>(1)
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION </A><DD>
<DL>
<DT><A HREF="#lbAE">AclPattern</A><DD>
<DT><A HREF="#lbAF">Permissions</A><DD>
<DT><A HREF="#lbAG">Options</A><DD>
</DL>
<DT><A HREF="#lbAH">RETURN VALUE</A><DD>
<DT><A HREF="#lbAI">EXAMPLES</A><DD>
<DT><A HREF="#lbAJ">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 22:22:17 GMT, March 22, 2010
</BODY>
</HTML>