mfsfacl(1) This is part of MooseFS mfsfacl(1)

mfsfacl - MooseFS file access control lists (extended attributes) management tools

mfsgetfacl [-?] [-adceEspn] OBJECT [OBJECT ...]

mfssetfacl [-?] [-bKknd] [{-s|-m|-x} ACL_SPEC] [{-S|-M|-X} ACL_FILE] OBJECT [OBJECT ...]

These tools operate on object's access control list (ACL) value. ACL's in MooseFS are compatible with Linux, so in Linux you may use setfacl and getfacl commands.

mfsgetfacl prints current ACL value of given object(s).

mfssetfacl sets/changes/removes current ACL value of given object(s).

mfsgetfacl options:


-a - display the file access control list only


-d - display the default access control list only


-c - do not display the comment header


-e - print all effective rights


-E - print no effective rights


-s - skip files that only have the base entries


-p - don't strip leading '/' in pathnames


-n - print numeric user/group identifiers

mfssetfacl options:


-b - remove all extended ACL entries


-K - remove the access ACL


-k - remove the default ACL


-n - don't recalculate the effective rights mask


-d - operations apply to the default ACL


-s - set the ACL of file(s), replacing the current ACL


-S - read ACL entries to set from file


-m - modify the current ACL(s) of file(s)


-M - read ACL entries to modify from file


-x - remove entries from the ACL(s) of file(s)


-X - read ACL entries to remove from file

common options:


-? - display short usage message

For -S, -M and -X option the parameter ACL_FILE should be a path to a file containing ACL value specifications as described below (one definition per line, multiple lines possible, content after # sign is ignored, output from mfsgetfacl command is always a valid file content).

ACL_SPEC should be one of the following:

[d[efault]:][u[ser]:]uid[:perms]

[d[efault]:]g[roup]:gid[:perms]

[d[efault]:]m[ask][:][:perms]

[d[efault]:]o[ther][:][:perms]

d means work on default ACL values instead of access values. Next part indicates whether user's, group's or other's permissions or mask should be set. If that part is ommited and only identifier is provided, it is assumed to be user indentifier. If user or group is indicated, if there is no identifier, default user's or group's permissions are modified. Identifier can be a string or a number. Permissions can be in the form of letters, any subset of rwx or number. Zero, empty string or dash means no permissions for -s and -m. For -x, permissions must be ommited. Multiple specification can be supplied, divided by comma.

Report bugs to <bugs@moosefs.com>.

Copyright (C) 2024 Jakub Kruszona-Zawadzki, Saglabs SA

This file is part of MooseFS.

MooseFS is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2 (only).

MooseFS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with MooseFS; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA or visit http://www.gnu.org/licenses/gpl-2.0.html

mfsmount(8), mfstools(1),

September 2024 MooseFS 4.56.6-1