glite-catalog-setdefacl

glite-catalog-setdefacl — Modify the global or per-principal default ACLs

Synopsis

glite-catalog-setdefacl [ -h ] [ -q ] [ -s SERVICE ] [ -V ] [ -v ] { -d NAME ...} { -m ACL ...} [PRINCIPAL...]

glite-catalog-setdefacl [ -h ] [ -q ] [ -s SERVICE ] [ -V ] [ -v ] { -x ACL ...} [PRINCIPAL]

glite-catalog-setdefacl [ -h ] [ -q ] [ -s SERVICE ] [ -V ] [ -v ] { -D FILE | -M FILE | -X FILE } [PRINCIPAL]

DESCRIPTION

glite-catalog-setdefacl is a command-line tool for modifying the default ACLs of the given principals. If PRINCIPAL is not specified, the global defaults are modified.

Note

If the -d, -m, -D or -M options are used and the PRINCIPAL did not have default ACLs assigned before, it inherits the global defaults first, and the modifications are performed on the inherited permissions.

OPTIONS

-h

Print a short help message on parameters and usage, and exit.

-q

Quiet operation.

-s SERVICE

Specifies the service endpoint to use. If SERVICE starts with http://, https:// or httpg://, then it is taken as a direct service endpoint URL. Otherwise SERVICE is taken as a service instance name and Service Discovery is invoked to look up the endpoint.

If this option is not specified, Service Discovery will be invoked and the first available catalog will be used. If the Service Discovery fails, the program will exit with an error.

Note

If this option is not specified, only services with a known good status will be returned by Service Discovery. However if you explicitely specify a service name or an endpoint, the tool will try to use it regardless of its registered status.

Note

If you specify an HTTP URL with an empty host name, the tool will dump the SOAP requests to the standard output and will read the SOAP reply from stdin.

-v

Increases the verbosity level.

-V

Print the version number and exit.

-d NAME

Delete the ACL entry for the specified NAME. If there was no previous ACL entry for NAME, the command does nothing. The same NAME must not appear in a -m option. May not be used together with the -x option.

-m ACL

Add or modify an existing ACL entry. ACL entries have the form of NAME:PERMISSION, as described by the glite-catalog-getacl(1) command. If PRINCIPAL had no previous ACL entry for NAME, a new entry will be added, otherwise the existing ACL entry will be modified. The same NAME must not appear in a -d option. May not be used together with the -x option.

-x ACL

Set the list of ACL entries to exactly the set specified at the command line. Any other previous ACL entries will be discarded. ACL may be NONE, which will cause all existing ACL entries to be deleted and no new ACL entries to be added. May not be used together with the -d and -m options.

-D FILE

Delete the ACLs listed in FILE. FILE must contain one ACL specification per line. Lines starting with # (hash sign) are treated as comments and ignored. Reading of the file stops at the first empty line. When deleting ACLs, only the principal name is used, the permissions listed in the file are not checked. If FILE is - (dash), the ACLs are read from the standard input.

Note

The output of the glite-catalog-getdefacl(1) command is suitable as input for this option.

-M FILE

Add or modify the ACLs listed in FILE.

-X FILE

Set the list of ACLs to exactly what is listed in FILE.

PRINCIPAL

Name of the principal whose defaults to modify. If not specified, the global defaults are updated.

ENVIRONMENT VARIABLES

GLITE_SD_FIREMAN_TYPE

Specifies the type of the Fireman catlog service to use during service discovery. The default value is org.glite.FiremanCatalog.

GLITE_SD_SEINDEX_TYPE

Specifies the type of the Storage Element Index service to use during service discovery. The default value is org.glite.SEIndex.

GLITE_SD_METADATA_TYPE

Specifies the type of the Metadata service to use during service discovery. The default value is org.glite.Metadata.

SEE ALSO

glite-catalog-getdefacl(1), glite-catalog-setacl(1)