glite-eds-setacl — Modify the ACL of encryption key and optionally encrypted files.
glite-eds-setacl
[ -q
] [ -v
] [ -s
] [ SERVICE
-b
] { NUM
-d
...} { PRINCIPAL
-m
...} ACL
... ID
glite-eds-setacl
[ -q
] [ -v
] [ -s
] [ SERVICE
-b
] { NUM
-x
...} ACL
... ID
glite-eds-setacl
[ -q
] [ -v
] [ -s
] [ SERVICE
-b
] [ NUM
-r
] { -D
| FILE
-M
| FILE
-X
} FILE
... ID
glite-eds-setacl is a command-line tool for modifying the ACL of encryption keys (and files).
The client needs to have 'change permission' (see glite-eds-chmod)
permission on the ID
to perform this operation.
-q
Quiet operation.
-v
Increases the verbosity level.
-s SERVICE
Specifies the service endpoint to use.
If
starts
with SERVICE
http://
, https://
or
httpg://
,
then it is taken as a direct service endpoint URL.
Otherwise
is taken as
a service instance name and Service Discovery is invoked to look up the
endpoint.
SERVICE
If this option is not specified, Service Discovery will be invoked and the first available catalog will be used. If the Service Discovery fails, the program will exit with an error.
If this option is not specified, only services with a known good status will be returned by Service Discovery. However if you explicitely specify a service name or an endpoint, the tool will try to use it regardless of its registered status.
-b NUM
Set the number of modifications that will be sent in a single batch operation.
-d PRINCIPAL
Delete the ACL entry for the specified PRINCIPAL
.
If there was no previous ACL entry for PRINCIPAL
,
the command does nothing.
The same PRINCIPAL
must not appear in
a -m
option.
May not be used together with the -x
option.
-m ACL
Add or modify an existing ACL entry. ACL entries have the form
of PRINCIPAL:PERMISSION
, as described
by the glite-eds-getacl(1) command. If there ID has no previous
ACL entry for PRINCIPAL
, a new entry will be added,
otherwise the existing ACL entry will be modified.
The same PRINCIPAL
must not appear in
a -d
option.
May not be used together with the -x
option.
-x ACL
Set the list of ACL entries to exactly the set specified at the
command line. Any other previous ACL entries will be discarded.
ACL
may be NONE
, which
will cause all existing ACL entries to be deleted and no new ACL entries to
be added.
May not be used together with the -d
and -m
options.
-D FILE
Delete the ACLs listed in FILE
.
FILE
must contain one ACL specification per line.
Lines starting with #
(hash sign) are treated as comments and
ignored. Reading of the file stops at the first empty line. When deleting ACLs,
only the principal name is used, the permissions listed in the file are not checked.
If FILE
is -
(dash), the ACLs are
read from the standard input.
The output of the glite-eds-getacl(1) command is suitable as input for this option.
-M FILE
Add or modify the ACLs listed in FILE
.
-X FILE
Set the list of ACLs to exactly what is listed in FILE
.
ID
Name of the keys (and files) to list.