filesystem.getacl

Return ACL of a given path. This may return a POSIX1e ACL or a NFSv4 ACL. The acl type is indicated by the acltype key.

simplified - effect of this depends on ACL type on underlying filesystem. In the case of NFSv4 ACLs simplified permissions and flags are returned for ACL entries where applicable. NFSv4 errata below. In the case of POSIX1E ACls, this setting has no impact on returned ACL.

resolve_ids - adds additional who key to each ACL entry, that converts the numeric id to a user name or group name. In the case of owner@ and group@ (NFSv4) or USER_OBJ and GROUP_OBJ (POSIX1E), st_uid or st_gid will be converted from stat() return for file. In the case of MASK (POSIX1E), OTHER (POSIX1E), everyone@ (NFSv4), key who will be included, but set to null. In case of failure to resolve the id to a name, who will be set to null. This option should only be used if resolving ids to names is required.

Errata about ACLType NFSv4:

simplified returns a shortened form of the ACL permset and flags where applicable. If permissions have been simplified, then the perms object will contain only a single BASIC key with a string describing the underlying permissions set.

TRAVERSE sufficient rights to traverse a directory, but not read contents.

READ sufficient rights to traverse a directory, and read file contents.

MODIFIY sufficient rights to traverse, read, write, and modify a file.

FULL_CONTROL all permissions.

If the permisssions do not fit within one of the pre-defined simplified permissions types, then the full ACL entry will be returned.

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: path

path

Type: string

Absolute filesystem path to get ACL information for.

Must be at least 1 characters long

Parameter 2: simplified

simplified

Type: boolean Default: true

Whether to return simplified/basic permission sets instead of advanced permissions.
Parameter 3: resolve_ids

resolve_ids

Type: boolean Default: false

Whether to resolve numeric user/group IDs to names in the response.

Result


ACL information for the requested filesystem path.

NFS4ACLResult

Type: object
No Additional Properties

Path

Type: string

Absolute filesystem path this ACL information applies to.

Must be at least 1 characters long

User


Username of the file/directory owner or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Group


Group name of the file/directory group or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Uid


Numeric user ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Gid


Numeric group ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Acltype

Type: const

ACL type identifier for NFS4 access control lists.

Must be one of:
  • "NFS4"
Specific value: "NFS4"

Acl

Type: array of object

Array of NFS4 Access Control Entries defining permissions.

 No Additional Items
Each item of this array must be:

NFS4ACE

Type: object
No Additional Properties

Tag

Type: enum (of string)

Subject type for this ACE.

  • owner@: File/directory owner
  • group@: File/directory primary group
  • everyone@: All users
  • USER: Specific user account
  • GROUP: Specific group
Must be one of:
  • "owner@"
  • "group@"
  • "everyone@"
  • "USER"
  • "GROUP"

Type

Type: enum (of string)

Access control type.

  • ALLOW: Grant the specified permissions
  • DENY: Explicitly deny the specified permissions
Must be one of:
  • "ALLOW"
  • "DENY"

Perms


Permissions granted or denied by this ACE.

NFS4ACE_AdvancedPerms

Type: object
No Additional Properties

Read Data

Type: boolean Default: false

Permission to read file data or list directory contents.

Write Data

Type: boolean Default: false

Permission to write file data or create files in directory.

Append Data

Type: boolean Default: false

Permission to append data to files or create subdirectories.

Read Named Attrs

Type: boolean Default: false

Permission to read named attributes (extended attributes).

Write Named Attrs

Type: boolean Default: false

Permission to write named attributes (extended attributes).

Execute

Type: boolean Default: false

Permission to execute files or traverse directories.

Delete

Type: boolean Default: false

Permission to delete the file or directory.

Delete Child

Type: boolean Default: false

Permission to delete child files within a directory.

Read Attributes

Type: boolean Default: false

Permission to read basic file attributes (size, timestamps, etc.).

Write Attributes

Type: boolean Default: false

Permission to write basic file attributes.

Read Acl

Type: boolean Default: false

Permission to read the Access Control List.

Write Acl

Type: boolean Default: false

Permission to modify the Access Control List.

Write Owner

Type: boolean Default: false

Permission to change the file owner.

Synchronize

Type: boolean Default: false

Permission to use the file/directory as a synchronization primitive.

NFS4ACE_BasicPerms

Type: object
No Additional Properties

Basic

Type: enum (of string)

Basic permission level for NFS4 ACE.

  • FULL_CONTROL: Full read, write, execute, and administrative permissions
  • MODIFY: Read, write, and execute permissions
  • READ: Read-only permissions
  • TRAVERSE: Execute/traverse permissions only
Must be one of:
  • "FULL_CONTROL"
  • "MODIFY"
  • "READ"
  • "TRAVERSE"

Flags


Inheritance and other behavioral flags for this ACE.

NFS4ACE_AdvancedFlags

Type: object
No Additional Properties

File Inherit

Type: boolean Default: false

Apply this ACE to files within directories.

Directory Inherit

Type: boolean Default: false

Apply this ACE to subdirectories within directories.

No Propagate Inherit

Type: boolean Default: false

Do not propagate inheritance beyond immediate children.

Inherit Only

Type: boolean Default: false

This ACE only affects inheritance, not the object itself.

Inherited

Type: boolean Default: false

This ACE was inherited from a parent directory.

NFS4ACE_BasicFlags

Type: object
No Additional Properties

Basic

Type: enum (of string)

Basic inheritance behavior for NFS4 ACE.

  • INHERIT: Apply to child files and directories
  • NOINHERIT: Do not apply to child objects
Must be one of:
  • "INHERIT"
  • "NOINHERIT"

Id

Default: null

UID or GID when tag is "USER" or "GROUP". null for special entries.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Who

Default: null

Username or group name when tag is "USER" or "GROUP". null for special entries.

Type: string
Type: string

Must be at least 1 characters long

Type: null

NFS4ACL_Flags

Type: object

NFS4 ACL behavioral flags for inheritance and protection.

 No Additional Properties

Autoinherit

Type: boolean Default: false

Whether inheritance is automatically applied from parent directories.

Protected

Type: boolean Default: false

Whether the ACL is protected from inheritance modifications.

Defaulted

Type: boolean Default: false

Whether this ACL was created by default rules rather than explicit configuration.

Trivial

Type: boolean

Whether this ACL is a simple/trivial ACL equivalent to POSIX permissions.

POSIXACLResult

Type: object
No Additional Properties

Path

Type: string

Absolute filesystem path this ACL information applies to.

Must be at least 1 characters long

User


Username of the file/directory owner or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Group


Group name of the file/directory group or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Uid


Numeric user ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Gid


Numeric group ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Acltype

Type: const

ACL type identifier for POSIX.1e access control lists.

Must be one of:
  • "POSIX1E"
Specific value: "POSIX1E"

Acl

Type: array of object

Array of POSIX Access Control Entries defining permissions.

 No Additional Items
Each item of this array must be:

POSIXACE

Type: object
No Additional Properties

Tag

Type: enum (of string)

Subject type for this POSIX ACE.

  • USER_OBJ: File/directory owner
  • GROUP_OBJ: File/directory primary group
  • OTHER: All other users
  • MASK: Maximum permissions for named users and groups
  • USER: Specific user account
  • GROUP: Specific group
Must be one of:
  • "USER_OBJ"
  • "GROUP_OBJ"
  • "OTHER"
  • "MASK"
  • "USER"
  • "GROUP"

POSIXACE_Perms

Type: object

Read, write, and execute permissions for this ACE.

 No Additional Properties

Read

Type: boolean

Permission to read file contents or list directory contents.

Write

Type: boolean

Permission to write file contents or create/delete files in directory.

Execute

Type: boolean

Permission to execute files or traverse directories.

Default

Type: boolean

Whether this is a default ACE that applies to newly created child objects.

Id

Default: null

Numeric user or group ID when tag is USER or GROUP. null for object entries.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Who

Default: null

Username or group name when tag is USER or GROUP. null for object entries.

Type: string
Type: string

Must be at least 1 characters long

Type: null

Trivial

Type: boolean

Whether this ACL is a simple/trivial ACL equivalent to standard POSIX permissions.

DISABLED_ACLResult

Type: object
No Additional Properties

Path

Type: string

Absolute filesystem path this ACL information applies to.

Must be at least 1 characters long

User


Username of the file/directory owner or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Group


Group name of the file/directory group or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Uid


Numeric user ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Gid


Numeric group ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Acltype

Type: const

ACL type identifier indicating access control lists are disabled.

Must be one of:
  • "DISABLED"
Specific value: "DISABLED"

Acl

Type: const

Always null when ACLs are disabled on the filesystem.

Must be one of:
  • null
Specific value: { "description": "😅 ERROR in schema generation, a referenced schema could not be loaded, no documentation here unfortunately 🏜️" }

Trivial

Type: const

Always true when ACLs are disabled - only basic POSIX permissions apply.

Must be one of:
  • true
Specific value: true


Required roles: FILESYSTEM_ATTRS_READ