To display the ACL associated with a file or directory, issue the fs listacl command.
Note for AFS/DFS Migration Toolkit users: If the machine on which you issue the fs listacl command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, you can use the command to display the ACL on DFS files and directories. To display a DFS directory's Initial Container or Initial Object ACL instead of the regular one, include the fs listacl command's -id or -if flag. For more information, ask your system administrator. The fs command interpreter ignores the -id and -if flags if you include them when displaying an AFS ACL.
% fs listacl [<
Is an acceptable alias for listacl (and lista is the shortest acceptable abbreviation).
Names one or more files or directories for which to display the ACL. For a file, the output displays the ACL on its directory. If you omit this argument, the output is for the current working directory. Partial pathnames are interpreted relative to the current working directory. You can also use the following notation on its own or as part of a pathname:
(A single period). Specifies the current working directory.
(Two periods). Specifies the current working directory's parent directory.
(The asterisk). Specifies each file and subdirectory in the current working directory. The ACL displayed for a file is always the same as for its directory, but the ACL for each subdirectory can differ.
The output for each file or directory specified as
dir/file path begins with the following
header to identify it:
Access list for
Normal rights header appears on the next line, followed by lines that each pair a
user or group name and a set of permissions. The permissions appear as the single letters defined in The AFS ACL Permissions, and always in the order rlidwka. If there
are any negative permissions, the
Negative rights header appears next, followed by pairs of
If the following error message appears instead of an ACL, you do not have the permissions needed to display an ACL. To
specify a directory name as the
dir/file path argument, you must have the l (lookup) permission on the ACL. To specify a filename, you must also
have the r (read) permission on its directory's ACL.
fs: You don't have the required access permissions on '
The following example displays the ACL on user terry's home directory in the ABC Corporation cell:
% fs la /afs/abc.com/usr/terry Access list for /afs/abc.com/usr/terry is Normal rights: system:authuser rl pat rlw terry rlidwka Negative rights: terry:other-dept rl jones rl
where pat, terry, and jones are individual users, system:authuser is a system group, and terry:other-dept is a group that terry owns. The list of normal permissions grants all permissions to terry, the rlw permissions to pat, and the rl permissions to the members of the system:authuser group.
The list of negative permissions denies the rl permissions to jones and the members of the terry:other-dept group. These entries effectively prevent them from accessing terry's home directory in any way; they cancel out the rl permissions extended to the system:authuser group, which is the only entry on the normal permissions section of the ACL that possibly applies to them.
The following example illustrates how you can specify pathnames in different ways, and the appearance of the output for multiple directories. It displays the ACL for three directories: the current working directory (which is a subdirectory of user terry's home directory), the home directory for user pat, and another subdirectory of terry's home directory called plans.
% fs listacl . /afs/abc.com/usr/pat ../plans Access list for . is Normal rights: system:anyuser rl pat:dept rliw Access list for /afs/abc.com/usr/pat is Normal rights: system:anyuser rl pat rlidwka terry rliw Access list for ../plans is Normal rights: terry rlidwka pat rlidw