The fs copyacl command copies a source directory's ACL to one or more destination directories. It does not affect the source ACL at all, but changes each destination ACL as follows:
If an entry on the source ACL does not exist on the destination ACL, the command copies it to the destination ACL.
If an entry on the destination ACL does not also exist on the source ACL, the command does not remove it unless you include the -clear flag to overwrite the destination ACL completely.
If an entry is on both ACLs, the command changes the permissions on the destination ACL entry to match the source ACL entry.
Note for AFS/DFS Migration Toolkit users: If the machine is configured to enable AFS users to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, then you can use the fs copyacl command to copy ACLs between DFS files and directories also. The command includes -id and -if flags for altering a DFS directory's Initial Container and Initial Object ACLs as well as its regular ACL; see the OpenAFS/DFS Migration Toolkit Administration Guide and Reference. You cannot copy ACLs between AFS and DFS directories, because they use different ACL formats. The fs command interpreter ignores the -id and -if flags if you include them when copying AFS ACLs.
Verify that you have the l (lookup) permission on the source ACL and the a (administer) permission on each destination ACL. To identify the source directory by naming a file in it, you must also have the r (read) permission on the source ACL. If necessary, issue the fs listacl command, which is fully described in Displaying ACLs.
% fs listacl [<
% fs copyacl -fromdir <
source directory> -todir <
destination directory>+ \ [-clear]
Is the shortest acceptable abbreviation for copyacl.
Names the source directory from which to copy the ACL. Partial pathnames are interpreted relative to the current working directory. If this argument names a file, the ACL is copied from its directory.
Names each destination directory to which to copy the source ACL. Partial pathnames are interpreted relative to the current working directory. Filenames are not acceptable.
Specify the read/write path to each directory, to avoid the failure that results when you attempt to change a read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see The Rules of Mount Point Traversal.
Completely overwrites each destination directory's ACL with the source ACL.
The following example copies the ACL from the current working directory's notes subdirectory to the plans subdirectory. The issuer does not include the -clear flag, so the entry for user pat remains on the plans directory's ACL although there is no corresponding entry on the notes directory's ACL.
% fs la notes plans Access list for notes is Normal permissions: terry rlidwka smith rl jones rl Access list for plans is Normal permissions: terry rlidwk pat rlidwk % fs copyacl notes plans % fs la notes plans Access list for notes is Normal permissions: terry rlidwka smith rl jones rl Access list for plans is Normal permissions: terry rlidwka pat rlidwk smith rl jones rl