Manual Pages


Table of Contents

NAME

na_fsecurity_apply - Creates a security job based on a definition file and applies it to the file system.

SYNOPSIS

fsecurity apply <definition file path> [<options>]

DESCRIPTION

The fsecurity apply command reads a file generated in a valid fsecurity security definition format, each line of which includes a full path to an object in the file system and the desired security for that object (and possibly child objects). Each line represents a task, while the entire contents of the file represent a single job. The tasks within a job are guaranteed to run sequentially. Jobs themselves run asynchronously and will not tie up the node console while they run.

This job is given an ID which can be used with the fsecurity status and fsecurity cancel commands to retrieve the status or cancel the job, respectively. Once the job is complete, the result will be reported to the console.

NOTE: Security jobs may run simultaneously. It is possible to generate two security jobs that conflict with each other by defining common paths or subpaths within the tasks and running both jobs simultaneously. This behavior is no different from an external client changing security settings while a job is running, but this should be taken into account when generating these files and determining when and how they are applied.

OPTIONS

-c = Check job validity without actually applying the contents

-i = Ignore errors and continue job processing

-v = Display each task within the job as it is generated

EXAMPLES

  toaster> fsecurity apply /security.conf
  Added security job 1001.

  fsecurity: Job 1001 (/security.conf) completed successfully.

  toaster> fsecurity apply /security.conf -c
  Definition validated successfully.

  toaster> fsecurity apply /security.conf -v
  Task 1, NTFS, Normal, Propagate, /vol/vol0/secure ... Added.
  Added security job 1001.

  fsecurity: Job 1001 (/security.conf) completed successfully.


Table of Contents