ACLEntry¶

An ACL Entry object represents an individual file ACL Entry. The entry specifies permissions - read, write - for a given user or group.

Depending on the filesystem configuration, ACLs may be of type PosixAcl or NfsAcl

Description¶

arcapix.fs.gpfs.aclentry.setIgnoreInheritedFlag(stripInherited=True)¶

If set, this pragma will cause the “Inherited” flag to be ignored when reading ACL entries The “Inherited” flag is added by GPFS when an ACLEntry has been created because of a FileInherit or DirInherit setting on the parent directory.

If this flag is set, the API cannot distinguish between entries which have the flag set and do not, and the latest entry in the file will dominate.

However, in certain circumstances, this can be useful, when for example replacing ACL entries, since the ID’s will be more stable particularly for example when updating an entry to replace

class arcapix.fs.gpfs.aclentry.PosixAclEntry(type, name=None, **kwargs)¶

A POSIX-formatted ACL.

toString()¶: Return the ACL as a POSIX-formatted string.

change(read=None, write=None, execute=None, writeAcl=None)¶

Change one or more permissions on the ACL.

The changes are immediately applied to the target file

execute¶

Returns the ACL execute permission.

For files, this is the permission to call the file as an executable. For directories, this is the permission to ‘move into’ the directory.

Return type:	bool

id¶

Returns the ACL Entry id.

Do not rely on the structure of this ID, instead access the name and type via the relevant properties

Returns:	The ACL ID object (Presently a tuple of (type, name))

name¶

Returns the name of who the ACL Entry applies to.

E.g. if type='user' then this is the user name, if type='special' then this might be owner@.

Return type:	str

read¶

Returns the ACL read permission.

Return type:	bool

type¶

Returns the type of the ACL.

One of [user, group, other, mask, special]

‘other’ and ‘mask’ only apply to POSIX, ‘special’ only applies to NFS

Return type:	str

write¶

Returns the ACL write permission.

Return type:	bool

writeAcl¶

Returns the ACL permission for changing ACLs.

Return type:	bool

class arcapix.fs.gpfs.aclentry.NfsAclEntry(type, name, **kwargs)¶

An NFSv4 -formatted ACL.

NFS ACLs provide more granular, nuanced control over the permissions on a file.

Note

When looking at the permissions on a file, you have to take into account the allow/deny setting.

e.g. if ‘write’ is True, but ‘allow’ is False that means the ACL does not provide write permission

>>> read_allowed = acl.read if acl.allow else not acl.read

id¶

Returns the ACL id.

Do not rely on the structure of this ID, instead access the name and type via the relevant properties

Returns:	The ACL ID object (Presently a tuple of (type, name, inherit)),

where type can be “deny_group”

toString()¶: Return the ACL as an NFSv4-formatted string.

change(**kwargs)¶

Change one or more permissions on the ACL.

The changes are immediately applied to the target file.

Any change to the ACL will result in the “Inherited” property being removed if the setIngoreInheritedFlag pragma is set.

allow¶

Returns whether or not this in an ‘allow’ ACE.

See also: NfsAclEntry.ace_type

Return type:	bool

deny¶

Returns whether or not this is a ‘deny’ ACE.

Inverse of allow

See also: NfsAclEntry.ace_type

If True, then all the permissions are inverted, e.g. if deny is True and write is True, that means the ACL does not allow write permission on the file

Return type:	bool

audit¶

Returns whether this is an ‘audit’ ACE.

AUDIT type ACEs are valid NFSv4 ACE types, but are effectively non-functional in GPFS.

See also: NfsAclEntry.ace_type

Return type:	bool

alarm¶

Returns whether this is an ‘alarm’ ACE.

ALARM type ACEs are valid NFSv4 ACE types, but are effectively non-functional in GPFS.

See also: NfsAclEntry.ace_type

Return type:	bool

ace_type¶

Returns the ACE type.

One of (allow, deny, audit, alarm)

If type is allow or deny, the corresponding property will be True i.e. ace.ace_type == 'allow' --> ace.allow == True

audit and alarm are valid NFSv4 types, but GPFS does not evaluate them.

dirInherit¶

Returns whether child directories should inherit these ACL Entries

Return type:	bool

fileInherit¶

Returns whether child files should inherit these ACL Entries

Return type:	bool

inherited¶

Returns whether this ACL Entry was inherited from a parent directory

Return type:	bool

inheritOnly¶

Returns whether this ACL doesn’t applies to the directory itself.

Return type:	bool

noPropagateInherit¶

Returns whether this ACL applies to only immediate children.

Return type:	bool

inheritence¶

Returns the collection of inheritence states for this ACL.

Returns:	A tuple containing zero of more of “DirInherit”,”FileInherit”,”Inherited”,”InheritOnly”,”NoPropagateInherit”
Return type:	tuple

This cannot be changed after creation

list¶

Returns the list permission for a directory.

Equivalent to read permission

Return type:	bool

create¶

Returns the create permission for a directory.

Equivalent to write permission

Return type:	bool

append¶

Returns the append permission for the file.

Return type:	bool

mkdir¶

Returns the mkdir permission for a directory.

Equivalent to append permission

Return type:	bool

synchronise¶

Returns the synchronise permission for the file.

Return type:	bool

synchronize¶

Returns the synchronise permission for the file.

Return type:	bool

readAcl¶

Returns the read ACL permission for the file.

Return type:	bool

readAttr¶

Returns the read attr permission for the file.

Return type:	bool

readNamed¶

Returns the read named permission for the file.

Return type:	bool

delete¶

Returns the delete permission for the file.

Return type:	bool

deleteChild¶

Returns the delete child permission for the file.

Return type:	bool

chown¶

Returns the chown permission for the file.

Return type:	bool

search¶

Returns the search permission for a directory.

Return type:	bool

writeAcl¶

Returns the write ACL permission for the file.

Return type:	bool

writeAttr¶

Returns the write attr permission for the file.

Return type:	bool

execute¶

Returns the ACL execute permission.

For files, this is the permission to call the file as an executable. For directories, this is the permission to ‘move into’ the directory.

Return type:	bool

name¶

Returns the name of who the ACL Entry applies to.

E.g. if type='user' then this is the user name, if type='special' then this might be owner@.

Return type:	str

read¶

Returns the ACL read permission.

Return type:	bool

type¶

Returns the type of the ACL.

One of [user, group, other, mask, special]

‘other’ and ‘mask’ only apply to POSIX, ‘special’ only applies to NFS

Return type:	str

write¶

Returns the ACL write permission.

Return type:	bool

writeNamed¶

Returns the write named permission for the file.

Return type:	bool

Examples¶

Check owner permissions on a directory¶

>>> from arcapix.fs.gpfs.file import File
>>>
>>> # create a File object
... f = File('/mmfs1/data/sample_data/cats')
>>>
>>> # get the ACL for the file owner
... entry = f.acl.ownerAcl
>>>
>>> print("read: {}, write: {}, exec: {}".format(entry.read, entry.write, entry.execute)
read: True, write: True, exec: False

Enable execute permission for a file’s owner¶

>>> from arcapix.fs.gpfs.file import File
>>>
>>> # create a file object
... f = File('/mmfs1/scripts/example.sh')
>>>
>>> # update execute permission for file owner
... f.acl.ownerAcl.change(execute=True)
>>> # update execute permission for file group
... f.acl.ownerGroupAcl.change(execute=True)