glite-eds-chmod

glite-eds-chmod — Change the basic permissions of an encryption key and optionall encypted files.

Synopsis

glite-eds-chmod [ -q ] [ -v ] [ -s SERVICE ] [ -b NUM ] MODE ID...

DESCRIPTION

glite-eds-chmod is a command-line tool for changing basic permissions on encryption keys in the Key Store.

MODE is a list of permission modification descriptions, separated by commas. Each modification description consists of three components: the subject specifier, the operation specifier and the list of permission bits to change.

The subject specifier controls whose access to the file or directory will be changed. It is a combination of the letters 'ugoa' meaning the user who owns the file (u), any user in the file's group (g), any other users (o) or everyone (a). Specifying no letters is the same as giving 'a' (everyone).

The operation specifier controls how the permission is changed. Exactly one of the symbols '+', '-' or '=' should be specified. Operator '+' causes the permission bits following the operator to be added to the existing permissions. Operator '-' causes the specified permission bits to be cleared. Operator '=' sets the permission to the specified value regardless of the previous permissions on the file.

The last part of MODE contains the new permissions for the affected users:

  • p - allow to change the permissions

  • d - delete the entry

  • r - read the file

  • w - write to the file

  • l - list contents

  • x - execute

  • g - get the meta data of the file

  • s - set the meta data of the file

The client needs to have 'allow to change permission' permission on the ID to perform this operation.

OPTIONS

-q

Quiet operation.

-v

Increases the verbosity level.

-s SERVICE

Specifies the service endpoint to use. If SERVICE starts with http://, https:// or httpg://, then it is taken as a direct service endpoint URL. Otherwise SERVICE is taken as a service instance name and Service Discovery is invoked to look up the endpoint.

If this option is not specified, Service Discovery will be invoked and the first available catalog will be used. If the Service Discovery fails, the program will exit with an error.

Note

If this option is not specified, only services with a known good status will be returned by Service Discovery. However if you explicitely specify a service name or an endpoint, the tool will try to use it regardless of its registered status.

-b NUM

Set the number of modifications that will be sent in a single batch operation.

MODE

Permissions to change.

ID

Name of the keys (and files) to list.

ENVIRONMENT VARIABLES

GLITE_SD_METADATA_TYPE

Specifies the type of the Hydra KeyStore service to use during service discovery. The default value is org.glite.Metadata.

SEE ALSO

glite-eds-setacl(1)

EXAMPLES

glite-eds-chmod a+r /foo/bar
glite-eds-chmod go-pdwxs,u+ws /foo/bar