ACLEntry¶
An ACL Entry object represents an individual file ACL Entry. The entry specifies permissions - read, write - for a given user or group.
Depending on the filesystem configuration, ACLs may be of type PosixAcl
or NfsAcl
Description¶
-
arcapix.fs.gpfs.aclentry.
setIgnoreInheritedFlag
(stripInherited=True)¶ If set, this pragma will cause the “Inherited” flag to be ignored when reading ACL entries The “Inherited” flag is added by GPFS when an ACLEntry has been created because of a FileInherit or DirInherit setting on the parent directory.
If this flag is set, the API cannot distinguish between entries which have the flag set and do not, and the latest entry in the file will dominate.
However, in certain circumstances, this can be useful, when for example replacing ACL entries, since the ID’s will be more stable particularly for example when updating an entry to replace
-
class
arcapix.fs.gpfs.aclentry.
PosixAclEntry
(type, name=None, **kwargs)¶ A POSIX-formatted ACL.
-
toString
()¶ Return the ACL as a POSIX-formatted string.
-
change
(read=None, write=None, execute=None, writeAcl=None)¶ Change one or more permissions on the ACL.
The changes are immediately applied to the target file
-
execute
¶ Returns the ACL execute permission.
For files, this is the permission to call the file as an executable. For directories, this is the permission to ‘move into’ the directory.
Return type: bool
-
id
¶ Returns the ACL Entry id.
Do not rely on the structure of this ID, instead access the name and type via the relevant properties
Returns: The ACL ID object (Presently a tuple of (type, name))
-
name
¶ Returns the name of who the ACL Entry applies to.
E.g. if
type='user'
then this is the user name, iftype='special'
then this might beowner@
.Return type: str
-
-
class
arcapix.fs.gpfs.aclentry.
NfsAclEntry
(type, name, **kwargs)¶ An NFSv4 -formatted ACL.
NFS ACLs provide more granular, nuanced control over the permissions on a file.
Note
When looking at the permissions on a file, you have to take into account the allow/deny setting.
e.g. if ‘write’ is True, but ‘allow’ is False that means the ACL does not provide write permission
>>> read_allowed = acl.read if acl.allow else not acl.read
-
id
¶ Returns the ACL id.
Do not rely on the structure of this ID, instead access the name and type via the relevant properties
Returns: The ACL ID object (Presently a tuple of (type, name, inherit)), where type can be “deny_group”
-
toString
()¶ Return the ACL as an NFSv4-formatted string.
-
change
(**kwargs)¶ Change one or more permissions on the ACL.
The changes are immediately applied to the target file.
Any change to the ACL will result in the “Inherited” property being removed if the setIngoreInheritedFlag pragma is set.
-
allow
¶ Returns whether or not this in an ‘allow’ ACE.
See also:
NfsAclEntry.ace_type
Return type: bool
-
deny
¶ Returns whether or not this is a ‘deny’ ACE.
Inverse of
allow
See also:
NfsAclEntry.ace_type
If True, then all the permissions are inverted, e.g. if deny is True and write is True, that means the ACL does not allow write permission on the file
Return type: bool
-
audit
¶ Returns whether this is an ‘audit’ ACE.
AUDIT type ACEs are valid NFSv4 ACE types, but are effectively non-functional in GPFS.
See also:
NfsAclEntry.ace_type
Return type: bool
-
alarm
¶ Returns whether this is an ‘alarm’ ACE.
ALARM type ACEs are valid NFSv4 ACE types, but are effectively non-functional in GPFS.
See also:
NfsAclEntry.ace_type
Return type: bool
-
ace_type
¶ Returns the ACE type.
One of (allow, deny, audit, alarm)
If type is
allow
ordeny
, the corresponding property will be True i.e.ace.ace_type == 'allow' --> ace.allow == True
audit
andalarm
are valid NFSv4 types, but GPFS does not evaluate them.
-
inheritence
¶ Returns the collection of inheritence states for this ACL.
Returns: A tuple containing zero of more of “DirInherit”,”FileInherit”,”Inherited”,”InheritOnly”,”NoPropagateInherit” Return type: tuple This cannot be changed after creation
-
create
¶ Returns the create permission for a directory.
Equivalent to
write
permissionReturn type: bool
-
mkdir
¶ Returns the mkdir permission for a directory.
Equivalent to
append
permissionReturn type: bool
-
execute
¶ Returns the ACL execute permission.
For files, this is the permission to call the file as an executable. For directories, this is the permission to ‘move into’ the directory.
Return type: bool
-
name
¶ Returns the name of who the ACL Entry applies to.
E.g. if
type='user'
then this is the user name, iftype='special'
then this might beowner@
.Return type: str
-
Examples¶
Check owner permissions on a directory¶
>>> from arcapix.fs.gpfs.file import File
>>>
>>> # create a File object
... f = File('/mmfs1/data/sample_data/cats')
>>>
>>> # get the ACL for the file owner
... entry = f.acl.ownerAcl
>>>
>>> print("read: {}, write: {}, exec: {}".format(entry.read, entry.write, entry.execute)
read: True, write: True, exec: False
Enable execute permission for a file’s owner¶
>>> from arcapix.fs.gpfs.file import File
>>>
>>> # create a file object
... f = File('/mmfs1/scripts/example.sh')
>>>
>>> # update execute permission for file owner
... f.acl.ownerAcl.change(execute=True)
>>> # update execute permission for file group
... f.acl.ownerGroupAcl.change(execute=True)