OnWorks favicon

fs_cleanacl - Online in the Cloud

Run fs_cleanacl in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command fs_cleanacl that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



fs_cleanacl - Remove obsolete entries from an ACL


fs cleanacl [-path <dir/file path>+] [-help]

fs cl [-p <dir/file path>+] [-h]


The fs cleanacl command removes from the access control list (ACL) of each specified
directory or file any entry that refers to a user or group that no longer has a Protection
Database entry. Such an entry appears on the ACL as an AFS user ID number (UID) rather
than a name, because without a Protection Database entry, the File Server cannot translate
the UID into a name.

Cleaning access control lists in this way not only keeps them from becoming crowded with
irrelevant information, but also prevents the new possessor of a recycled AFS UID from
obtaining access intended for the former possessor of the AFS UID. (Note that recycling
UIDs is not recommended in any case.)


-path <dir/file path>+
Names each directory for which to clean the ACL (specifying a filename cleans its
directory's ACL). If this argument is omitted, the current working directory's ACL is

Specify the read/write path to each directory, to avoid the failure that results from
attempting to change a read-only volume. By convention, the read/write path is
indicated by placing a period before the cell name at the pathname's second level (for
example, /afs/.abc.com). For further discussion of the concept of read/write and read-
only paths through the filespace, see the fs mkmount reference page.

Prints the online help for this command. All other valid options are ignored.


If there are no obsolete entries on the ACL, the following message appears:

Access list for <path> is fine.

Otherwise, the output reports the resulting state of the ACL, following the header

Access list for <path> is now

At the same time, the following error message appears for each file in the cleaned

fs: '<filename>': Not a directory


The following example illustrates the cleaning of the ACLs on the current working
directory and two of its subdirectories. Only the second subdirectory had obsolete entries
on it.

% fs cleanacl -path . ./reports ./sources
Access list for . is fine.
Access list for ./reports is fine.
Access list for ./sources is now
Normal rights:
system:authuser rl
pat rlidwka


The issuer must have the "a" (administer) permission on each directory's ACL (or the ACL
of each file's parent directory); the directory's owner and the members of the
system:administrators group have the right implicitly, even if it does not appear on the

Use fs_cleanacl online using onworks.net services