DartFS does not have standard POSIX permissions, rather it uses Access Control Lists (ACL), which has a more sophisticated and comprehensive rules. An ACL in NFSv4 is a list of rules setting permissions on files or directories. A permission rule, or Access Control Entry (ACE), is of the form type:flags:principle:permissions .
Commonly used entries for these fields are:
- type: A (allow) or D (deny)
- flags: g (group), d (directory-inherit), f (file-inherit), n (no-propagate-inherit), or i (inherit-only)
- principle: a named user (user@msu.edu), a group, or one of three special principles: OWNER@, GROUP@, and EVERYONE@.
- permissions: there are 14 permission characters, as well as the shortcuts R, W, and X.
To see the actual permissions on Dartfs we now need to use nfs4_getfacl
and nfs4_setfacl
. RC has a useful command for getting a quick summary.
listacl -v /some/path
Here is an example for how to give read/write/execute permissions recursively to a
directory tree for a specific group (e.g., rc-DBIC).
nfs4_setfacl -R -a "A:fd:GROUP@:RWX" DIRECTORY_NAME
The ‘RWX’ is alias for ‘rctncy’, which is what ‘listacl’ and ‘nfs4_getfacl’
will show you, and now ‘ls -l’ will show group rwx.