filesystem.getacl

Return ACL of a given path. This may return a POSIX1e ACL or a NFSv4 ACL. The ACL type is indicated by the acltype key.

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: path

path

Type: string

Absolute filesystem path to get ACL information for.

Must be at least 1 characters long

Parameter 2: simplified

simplified

Type: boolean Default: true

Whether to return simplified/basic permission sets instead of advanced permissions.

Parameter 3: resolve_ids

resolve_ids

Type: boolean Default: false

Whether to resolve numeric user/group IDs to names in the response.

Result


ACL information for the requested filesystem path.

NFS4ACLResult

Type: object
No Additional Properties

Path

Type: string

Absolute filesystem path this ACL information applies to.

Must be at least 1 characters long

User


Username of the file/directory owner or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Group


Group name of the file/directory group or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Uid


Numeric user ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Gid


Numeric group ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Acltype

Type: const

ACL type identifier for NFS4 access control lists.

Specific value: "NFS4"

Acl

Type: array of object

Array of NFS4 Access Control Entries defining permissions.

No Additional Items
Each item of this array must be:

NFS4ACE

Type: object
No Additional Properties

Tag

Type: enum (of string)

Subject type for this ACE.

  • owner@: File/directory owner
  • group@: File/directory primary group
  • everyone@: All users
  • USER: Specific user account
  • GROUP: Specific group
Must be one of:
  • "owner@"
  • "group@"
  • "everyone@"
  • "USER"
  • "GROUP"

Type

Type: enum (of string)

Access control type.

  • ALLOW: Grant the specified permissions
  • DENY: Explicitly deny the specified permissions
Must be one of:
  • "ALLOW"
  • "DENY"

Perms


Permissions granted or denied by this ACE.

NFS4ACE_AdvancedPerms

Type: object
No Additional Properties

Read Data

Type: boolean Default: false

Permission to read file data or list directory contents.

Write Data

Type: boolean Default: false

Permission to write file data or create files in directory.

Append Data

Type: boolean Default: false

Permission to append data to files or create subdirectories.

Read Named Attrs

Type: boolean Default: false

Permission to read named attributes (extended attributes).

Write Named Attrs

Type: boolean Default: false

Permission to write named attributes (extended attributes).

Execute

Type: boolean Default: false

Permission to execute files or traverse directories.

Delete

Type: boolean Default: false

Permission to delete the file or directory.

Delete Child

Type: boolean Default: false

Permission to delete child files within a directory.

Read Attributes

Type: boolean Default: false

Permission to read basic file attributes (size, timestamps, etc.).

Write Attributes

Type: boolean Default: false

Permission to write basic file attributes.

Read Acl

Type: boolean Default: false

Permission to read the Access Control List.

Write Acl

Type: boolean Default: false

Permission to modify the Access Control List.

Write Owner

Type: boolean Default: false

Permission to change the file owner.

Synchronize

Type: boolean Default: false

Permission to use the file/directory as a synchronization primitive.

NFS4ACE_BasicPerms

Type: object
No Additional Properties

Basic

Type: enum (of string)

Basic permission level for NFS4 ACE.

  • FULL_CONTROL: Full read, write, execute, and administrative permissions
  • MODIFY: Read, write, and execute permissions
  • READ: Read-only permissions
  • TRAVERSE: Execute/traverse permissions only
Must be one of:
  • "FULL_CONTROL"
  • "MODIFY"
  • "READ"
  • "TRAVERSE"

Flags


Inheritance and other behavioral flags for this ACE.

NFS4ACE_AdvancedFlags

Type: object
No Additional Properties

File Inherit

Type: boolean Default: false

Apply this ACE to files within directories.

Directory Inherit

Type: boolean Default: false

Apply this ACE to subdirectories within directories.

No Propagate Inherit

Type: boolean Default: false

Do not propagate inheritance beyond immediate children.

Inherit Only

Type: boolean Default: false

This ACE only affects inheritance, not the object itself.

Inherited

Type: boolean Default: false

This ACE was inherited from a parent directory.

NFS4ACE_BasicFlags

Type: object
No Additional Properties

Basic

Type: enum (of string)

Basic inheritance behavior for NFS4 ACE.

  • INHERIT: Apply to child files and directories
  • NOINHERIT: Do not apply to child objects
Must be one of:
  • "INHERIT"
  • "NOINHERIT"

Id

Default: null

UID or GID when tag is "USER" or "GROUP". null for special entries.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Who

Default: null

Username or group name when tag is "USER" or "GROUP". null for special entries.

Type: string
Type: string

Must be at least 1 characters long

Type: null

NFS4ACL_Flags

Type: object

NFS4 ACL behavioral flags for inheritance and protection.

No Additional Properties

Autoinherit

Type: boolean Default: false

Whether inheritance is automatically applied from parent directories.

Protected

Type: boolean Default: false

Whether the ACL is protected from inheritance modifications.

Defaulted

Type: boolean Default: false

Whether this ACL was created by default rules rather than explicit configuration.

Trivial

Type: boolean

Whether this ACL is a simple/trivial ACL equivalent to POSIX permissions.

POSIXACLResult

Type: object
No Additional Properties

Path

Type: string

Absolute filesystem path this ACL information applies to.

Must be at least 1 characters long

User


Username of the file/directory owner or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Group


Group name of the file/directory group or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Uid


Numeric user ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Gid


Numeric group ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Acltype

Type: const

ACL type identifier for POSIX.1e access control lists.

Specific value: "POSIX1E"

Acl

Type: array of object

Array of POSIX Access Control Entries defining permissions.

No Additional Items
Each item of this array must be:

POSIXACE

Type: object
No Additional Properties

Tag

Type: enum (of string)

Subject type for this POSIX ACE.

  • USER_OBJ: File/directory owner
  • GROUP_OBJ: File/directory primary group
  • OTHER: All other users
  • MASK: Maximum permissions for named users and groups
  • USER: Specific user account
  • GROUP: Specific group
Must be one of:
  • "USER_OBJ"
  • "GROUP_OBJ"
  • "OTHER"
  • "MASK"
  • "USER"
  • "GROUP"

POSIXACE_Perms

Type: object

Read, write, and execute permissions for this ACE.

No Additional Properties

Read

Type: boolean

Permission to read file contents or list directory contents.

Write

Type: boolean

Permission to write file contents or create/delete files in directory.

Execute

Type: boolean

Permission to execute files or traverse directories.

Default

Type: boolean

Whether this is a default ACE that applies to newly created child objects.

Id

Default: null

Numeric user or group ID when tag is USER or GROUP. null for object entries.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Who

Default: null

Username or group name when tag is USER or GROUP. null for object entries.

Type: string
Type: string

Must be at least 1 characters long

Type: null

Trivial

Type: boolean

Whether this ACL is a simple/trivial ACL equivalent to standard POSIX permissions.

DISABLED_ACLResult

Type: object
No Additional Properties

Path

Type: string

Absolute filesystem path this ACL information applies to.

Must be at least 1 characters long

User


Username of the file/directory owner or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Group


Group name of the file/directory group or null if unresolved.

Type: string

Must be at least 1 characters long

Type: null

Uid


Numeric user ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Gid


Numeric group ID for file/directory ownership or null to preserve existing.

Type: integer

Value must be greater or equal to -1 and lesser or equal to 2147483647

Type: null

Acltype

Type: const

ACL type identifier indicating access control lists are disabled.

Specific value: "DISABLED"

Acl

Type: null

Always null when ACLs are disabled on the filesystem.

Trivial

Type: const

Always true when ACLs are disabled - only basic POSIX permissions apply.

Specific value: true


Required roles: FILESYSTEM_ATTRS_READ