Table of Contents
cmacl - list and edit SnapshotCM Access Control Lists (ACLs)
[options] [-eaclPattern] [path ...]
cmacl lists and edits SnapshotCM
access control lists (ACLs). Specify the type of ACL to display with one
of the -A (server administration ACL), -C (account ACL), -P path ... (project
or snapshot path), or -F path ... (file path) options.
Only one type of ACL
can be operated upon at a time, though multiple snapshot or file ACLs can
be displayed or edited with one command.
Use the -e aclPattern option to
edit an ACL. Use the -r option with the -e option to set an ACL to an explicit
value (rather than editing the previous value).
specification is as follows:
aclPattern = <acctEdit>[,<acctEdit>][,...]
acctEdit = ["+" | "-" | "="]<account>[<bitEdit>...]
account = u:<name> | g:<name> | <name>
bitEdit = +[<bits>] | -[<bits>] | =[<bits>]
bits = [vmpcdrwb]...
name = user or group account name (g: or u: forces type)
The account name
can begin with a g: or u: to signify the type of account. If omitted, a
user account will be looked for first. If no user account of that name exists,
then a group account will be looked for. If no user or group account of
that name exists, an error will be reported.
The account name can be preceded
by a plus, minus, equals or nothing, all of which have different meaning.
A plus says to add the account entry to the ACL if not present. If an entry
for that account already exists in the ACL, the edit pattern is ignored
and no action is taken.
A minus says to remove any entry for the specified
account from the ACL.
An equals says to edit any existing entry for the
specified account. If no entry for the specified account exists, the ACL
is not modified.
If none of these symbols precedes the account name, then
the account entry is added to the ACL if not present, and edited if already
The permission bits can be specified in lower or upper
case and may be preceded by a plus, minus, or equals. A plus means to incrementally
add the bits to the account entry, a minus means to incrementally remove
the bits from the account entry, and an equals means to absolutely set
the bits for the account as specified.
The bits have the following meanings:
- View or traverse projects and snapshots; view accounts (Administration,
- Modify project, snapshot or accounts (Administration,
- Edit ACL permissions (All).
- Create child
projects/snapshots (Administration, Project/Snapshot).
- Delete projects,
snapshots or accounts (Administration, Project/Snapshot, Account).
files in snapshot. (Administration, Project/Snapshot, File).
- Write, create,
delete files in snapshot (Administration, Project/Snapshot, File).
backup access (Administration ACL).
Exit status is 0 if the operation succeeded, 1 if there was an error
performing the operation, and 2 if there was a bad option or network error.
To list the Administration ACL on server blue, enter:
- Operate on the Administration
- Operate on the Account ACL.
- Operate on the specified File ACLs.
The snapshot through which to operate must be specified with the -Spath
- Operate on the specified Project, Project Folder or Snapshot
- Specify how to edit the selected ACLs. If omitted,
the selected ACLs will be printed in a format compatible with this option.
- Specify the server to access. The server on the current system is
the default if omitted.
- Suppress normal output.
- Reset the ACL. All elements
will be removed from the target ACL before the aclEditPattern is applied.
Has no effect if the -e option is omitted.
- Operate recursively. Valid
only with the -P option.
- Specify with -F to indicate the snapshot in
which the file paths are valid.
- Print internal command version.
cmacl -A -h
To remove the everyone group from the /Project ACL, enter:
-P -h blue -e-everyone /Project
To grant joe delete permissions on objects
where he already has explicit permissions, enter:
cmacl -P -h blue -e=joe+D
To set the ACL so michelle has all access, and everyone else has
only view and read access:
cmacl -P -h blue -r -e michelle=VMPCDRW,everyone=vr
To grant nathan all access on /file.txt and deny all other access,
cmacl -F -h blue -r -e nathan=PRW -S /proj/Current /file.txt
Table of Contents