glite-eds-getacl

glite-eds-getacl — List the ACLs of encryption key and optionally of encrypted file.

Synopsis

glite-eds-getacl [ -h ] [ -q ] [ -s SERVICE ] [ -V ] [ -v ] ID...

DESCRIPTION

glite-eds-getacl is a command-line tool for listing the ACLs on a set of encryption keys. The output contains the following:

  • A line stating with # ID: followed by the ID whose ACLs are being listed.

  • A line stating with # User: followed by the owner of the file.

  • A line stating with # Group: followed by the group the file belongs to.

  • A line stating with # Base perms: followed by the basic permissions of the key (and file).

  • For every ACL the key (and file) has, a line in the form PRINCIPAL:PERMISSION. The format of PERMISSION is a set of letters, which are replaced by '-', when it is not enabled:

    • r - read the key (and file)

    • w - modify the key (and file)

    • x - execute

  • A blank line separating output for different IDs if more than one were specified on the command line.

OPTIONS

-h

Print a short help message on parameters and usage, and exit.

-q

Quiet operation.

-s SERVICE

Specifies the service endpoint to use. If SERVICE starts with http://, https:// or httpg://, then it is taken as a direct service endpoint URL. Otherwise SERVICE is taken as a service instance name and Service Discovery is invoked to look up the endpoint.

If this option is not specified, Service Discovery will be invoked and the first available catalog will be used. If the Service Discovery fails, the program will exit with an error.

Note

If this option is not specified, only services with a known good status will be returned by Service Discovery. However if you explicitely specify a service name or an endpoint, the tool will try to use it regardless of its registered status.

Note

If you specify an HTTP URL with an empty host name, the tool will dump the SOAP requests to the standard output and will read the SOAP reply from stdin.

-v

Increases the verbosity level.

-V

Print the version number and exit.

ID

Name of the keys (and files) to list.

ENVIRONMENT VARIABLES

GLITE_SD_METADATA_TYPE

Specifies the type of the Hydra KeyStore service to use during service discovery. The default value is org.glite.Metadata.

EXAMPLE

Listing the ACL of an entry:

$ glite-eds-getacl GUID:7f12f1e1-9e50-4893-83f1-7d3e2f61aff9
# ID: GUID:7f12f1e1-9e50-4893-83f1-7d3e2f61aff
# User: /C=Utopia/CN=John Smith
# Group: /vo.grid
# Base perms: rwxrw-r--

SEE ALSO

glite-eds-setacl(1)