PowerScale OneFS API Reference


Set the ACL for a directory when the directory is created

Sets the access control list for a directory by setting the headers when the directory is created.

Request syntax

PUT /namespace/<access_point>/<container_path>/<container_name> HTTP/1.1
Host: <hostname>[:<port>]
Content-Length: <length>
Date: <date>
Authorization: <signature>
x-isi-ifs-access-control : "private_read" | "private" | "public_read" | "public_read_write" | "public" | "<POSIX mode>"

The attribute x-isi-ifs-access-control can be set to a predefined ACL value or to a POSIX mode in octal string. If this header is not specified, the directory mode is set to 0700 by default when the directory is created.

Predefined ACL value Access rights Access rights displayed
private_read The directory owner has the following rights: list entries, read attributes, read extended attributes, access files in subdirectories, read access control list, and write access control list. Directory owner: "access rights":["dir_gen_read","dir_gen_execute","std_write_dac"],"inherit_flags":[]
private The directory owner has the following rights: list entries, read attributes, read extended attributes, read access control list, create files, create subdirectories, write attributes, write extended attributes, access files in subdirectories, delete children (including read-only files), change owner, write access control list, and delete current directory. Directory owner:"access rights":["dir_gen_all"],"inherit_flags":[]
public_read The directory owner has the following rights: list entries, read attributes, read extended attributes, read access control list, create files, create subdirectories, write attributes, write extended attributes, access files in subdirectories, delete children (including read-only files), change owner, write the access control list, and delete current directory.

All users have the following rights: list entries, read attributes, read extended attributes, read access control lists, and access files in subdirectories.

Directory owner: "access rights":["dir_gen_all"],"inherit_flags":[]

All users: "access rights":["dir_gen_read","dir_gen_execute"],"inherit_flags":[]

public_read_write The directory owner has the following rights: list entries, read attributes, read extended attributes, read access control list, create files, create subdirectories, write attributes, write extended attributes, access files in subdirectories, delete children (including read-only files), change owner, write the access control list, and delete current directory.

All users have the following rights: list entries, read attributes, read extended attributes, read access control lists, create files, create subdirectories, write attributes, write extended attributes, and access files in subdirectories.

Directory owner: "access rights":["dir_gen_all"],"inherit_flags":[]

All users: "access rights":["dir_gen_read","dir_gen_write","dir_gen_execute"],"inherit_flags":[]

public All users have the following rights: list entries, read attributes, read extended attributes, read access control list, create files, create subdirectories, write attributes, write extended attributes, access files in subdirectories, delete children (including read-only files), change owner, write access control list, and delete current directory. All users: "access rights":["dir_gen_all"],"inherit_flags":[]

The POSIX mode is an absolute mode that is constructed from the sum of one or more octal numbers that are listed in the following table.

Octal number Description
4000 The set-user-ID-on-execution bit. Executable files with this bit have their UID set to the UID of the file owner.
2000 The set-group-ID-on-execution bit. Executable files with this bit have their GID set to the GID of the file owner.
1000 The sticky bit.
0400 Allows read by owner.
0200 Allows write by owner.
0100 For files, allows execution by owner. For directories, allows directory queries by owner.
0040 Allows read by group members.
0020 Allows write by group members.
0010 For files, allows execution by group members. For directories, allows directory queries by group members.
0004 Allows read by others.
0002 Allows write by others.
0001 For files, allows execution by others. For directories, allows directory queries by others.

Request query parameters

There are no query parameters for this request.

Request headers

This call sends common request headers.

Response headers

This call returns common response headers.

Response body

There is no message body for this response.

Example request

PUT /namespace/ifs/dir1/dir2/dir HTTP/1.1
Host: my_cluster:8080
Content-Length: <length>
Date: Tue, 22 May 2012 12:00:00 GMT
Authorization: <signature>
x-isi-ifs-access-control: "public_read"

Example response

HTTP/1.1 200 OK
Date: Tue, 22 May 2012 12:00:00 GMT
Content-Length: <length>
Connection: close
Server: Apache2/2.2.19

