1. Exascale User's Guide
  2. Using XSH
  3. XSH Command Reference
  4. chacl

7.2.2 chacl

Modify the access control list (ACL) for a file or vault.

Syntax

chacl [{ -w | --wallet } wallet-location ] [ -D | --debug ]
        { file-name | vault-name } acl-string

Command Options

The options for the chacl command are:

  • { file-name | vault-name }: Specifies the name of the file or vault that is the subject of the operation.

  • acl-string: Specifies an ACL string having the following format. 

    [+]userID1:acl-priv[;userID2:acl-priv] ...

    In the ACL string:

    • The optional plus sign (+) at the beginning of the ACL string indicates that the specified ACL string is merged into the existing ACL for the file or vault. In this case, users previously listed in the ACL are updated, and new users are added. Without the optional plus sign, the previous ACL is overwritten.

    • userIDn: Specifies an Exascale user ID.

      Depending on the user creation method, the user ID may be a system-generated value (for example, 96a68014-5762-4579-86ee-29eb743decbd) or a user-specified value (for example, scott).

    • acl-priv: Specifies an ACL privilege, which can be one of the following:

      • I | inspect: Specifies that the user can view attributes of the file or vault but not its contents.
      • R | read: Specifies that the user can read contents of the file, or list files in the vault. Also confers the inspect permission.
      • U | use: Specifies that the user can write to the file, and use the vault. Also confers all preceding permissions.
      • M | manage: Specifies that the user can manage the file or vault. Also confers all preceding permissions.
      • 0 | none: Specifies that the user loses all existing permissions.

  • -w, --wallet: Optionally specifies the path to the Exascale wallet directory.

  • -D, --debug: Optionally enables debug mode.

Examples

Example 7-2 Replace a File ACL

In this example, the ACL string for the file is replaced with the new ACL string. Under the new ACL, scott is permitted to read and inspect the file. No other user can access this file unless permitted by the vault ACL. 

$ xsh chacl @VAULT/file scott:R

Example 7-3 Change a File ACL

In this example, the plus sign (+) at the beginning of the ACL string indicates that the specified ACL string is merged into the existing file ACL. In this case, any pre-existing permissions for jason are overwritten, and jason is now permitted to inspect, read, write, and manage the file. No other user permissions are changed. 

$ xsh chacl @VAULT/file +jason:M

Example 7-4 Replace a File ACL using an ACL String that Specifies Multiple Users

In this example, the ACL string for the file is replaced with the new ACL string that specifies permissions for multiple users. Under the new ACL, scott can inspect the file, and jason can read and inspect the file. No other user can access this file unless permitted by the vault ACL. 

$ xsh chacl @VAULT/file scott:inspect;jason:read

Parent topic: XSH Command Reference