AFS::ACL(3) Class to handle the AFS Access Control Lists

SYNOPSIS


use AFS::ACL;
my $acl = AFS::ACL->new({'foobar' => 'none'}, {'anyuser' => 'write'});
$acl->set('rjs' => 'write');
$acl->nset('opusl' => 'write');
$acl->remove('rjsnfs' => 'write');
$acl->clear;
foreach my $user ($acl->get_users) {
print " $user ", $acl->get_rights($user), "\n";
}
foreach my $user ($acl->nget_users) {
print " $user ", $acl->nget_rights($user), "\n";
}
my $ok = $acl->apply('/afs/mpa/home/guest');
my $copy = $acl->copy;
my $rights = AFS::ACL->crights('read');
my $new_acl = AFS::ACL->retrieve('/afs/mpa/home/nog');
$ok = $new_acl->modifyacl('/afs/mpa/home/guest');

DESCRIPTION

This class provides methods to handle the AFS Access Control Lists (ACL). It is used to create, modify, delete, and reset ACL instances. It has methods to retrieve and to set the ACL list for directories and its files.

These methods have the optional argument FOLLOW. FOLLOW determines which file should be used should PATH be a symbolic link. If FOLLOW be set to 1, then the symbolic link is followed to its target. If FOLLOW is set to 0, then the method applies to the symbolic link itself. If not specified FOLLOW defaults to 1.

COMPATIBILITY

This release does NOT support any features and interfaces from version 1.

METHODS

CONSTRUCTOR
$acl = AFS::ACL->new([\%POS [, \%NEG]]);
Creates a new object of the class AFS::ACL. The constructor takes two optional arguments. %POS and %NEG are lists of positive and negative ACL entries given in the form of user-rights pairs, just like a hash table.
COPY CONSTRUCTOR
$new_acl = $acl->copy;
Returns a copy of an existing ACL object.
CLASS METHODS
$acl = AFS::ACL->retrieve(PATH [, FOLLOW]);
Retrieves the ACL list for the given PATH and stores it in the object $acl.
$ok = AFS::ACL->copyacl(FROMDIR, TODIR [, FOLLOW]);
Copies the ACL list from a source directory FROMDIR to the specified destination directory TODIR. The source directory''s ACL is unchanged.
$ok = AFS::ACL->cleanacl(PATH [, FOLLOW]);
Removes from the ACL list of the specified PATH any entry that refers to a user or group that no longer has a Protection Database entry.
$crights = AFS::ACL->crights(RIGHTS);
Canonicalizes the RIGHTS string. Duplicate rights will be removed. It recognizes the following special strings:
  read  => rl
  write => rlidwk
  all   => rlidwka
  mail  => lik
$flags = AFS::ACL->ascii2rights(RIGHTS);
Converts RIGHTS as expressed in a character string to its internal value (an integer with the appropriate bits set). Returns -1 if RIGHTS are not valid (rlidwka, read, write, all, none) or returns the internal value (int32 with bits set).
$rights = AFS::ACL->rights2ascii(FLAGS);
Converts the internal value FLAGS to its corresponding character string.
ATTRIBUTES ACCESS
$rights = $acl->get_rights(USER);
$nrights = $acl->nget_rights(USER);
Returns the access rights for the given USER in the positive(->get_rights) or negative(->nget_rights) ACL list.
$acl->set(USER, RIGHTS);
$acl->nset(USER, RIGHTS);
Adds the given USER and its access RIGHTS to the positive(->set) or negative(->nset) ACL list.
$acl->remove(USER);
$acl->nremove(USER);
Removes the given USER and its access rights from the positive(->remove) or negative(->nremove) ACL list.
$acl->empty;
Removes all users and their access rights from the positive and negative ACL list.
$acl->clear;
$acl->nclear;
Removes all users and their access rights from the positive(->clear) or negative(->nclear) ACL list.
@users = $acl->get_users;
@nusers = $acl->nget_users;
Returns users from the positive(->get_users) or negative(->nget_users) ACL list.
$pos = $acl->length;
$npos = $acl->nlength;
Returns the number of users in the positive(->length) or negative(->nlength) ACL list.
$acl->exists(USER);
$acl->nexists(USER);
Returns 1 if the given USER exists in the positive(->exists) or negative(->nexists) ACL list.
INSTANCE METHODS
$acl->add(NEWACL);
Adds all entries of the ACL list NEWACL to the ACL list $acl.
$ok = $acl->apply(PATH [, FOLLOW]);
Sets the ACL list for the given PATH. This call replaces the existing ACL list with the new ACL list $acl.
$ok = $acl->modifyacl(PATH, [, FOLLOW]);
Sets the ACL to the union of the given $acl list and the current ACL of the PATH. An access right of none or an empty string will cause an entry to be removed from the ACL.

CURRENT AUTHOR

Norbert E. Gruener  <[email protected]>.

AUTHOR EMERITUS

Roland Schemers  <[email protected]>.

COPYRIGHT AND DISCLAIMER

 X 2001-2008 Norbert E. Gruener <[email protected]>.
 All rights reserved.
 X 1994 Board of Trustees, Leland Stanford Jr. University.
 All rights reserved.
 Most of the explanations in this document are taken from the original
 AFS documentation.
 AFS-3 Programmer's Reference:
 File Server/Cache Manager Interface
 Edward R. Zayas
 X 1991 Transarc Corporation.
 All rights reserved.
 IBM AFS Administration Reference
 X IBM Corporation 2000.
 All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The original module is covered by the following copyright:
Copyright (c) 1994 Board of Trustees, Leland Stanford Jr. University

Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by Stanford University. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

DOCUMENT VERSION

Revision $Rev: 859 $