بنقرة واحدة
ugacltool
UGREEN utility for editing FACLs
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
UGREEN utility for editing FACLs
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Identify structural problems in a codebase and write them up as technical debt documentation — one file per issue in a subfolder, plus an index. Use this skill when the user asks about structural problems, code smells, maintainability issues, architectural concerns, god classes, tight coupling, or "what's wrong with this code at a high level." Also use it when the user says things like "what should we clean up", "where is this hard to change", "what are the pain points", or "document our tech debt." The skill produces actionable write-ups, not vague observations.
Release a new version of a plugin in this repo. Handles the full release workflow — bumps both plugin.json files, writes the changelog entry, updates the Skills or Agents section of the plugin README when something new was added, and runs the sync scripts. Invoke with /release or whenever the user says "bump version", "release plugin", "add changelog", "run sync", or asks to publish or version a plugin after making any kind of change.
Create or update .agents/OPERATOR.md in the current workspace — a personal profile that tells AI models who you are, your skill levels, and how you like to collaborate. Only invoke when the user explicitly runs /operator-setup. Do not auto-trigger based on context.
Use this skill for systematic scenario analysis — whenever a problem involves multiple variables, states, conditions, or failure modes and the user needs to enumerate the scenario space to find gaps, validate assumptions, or ensure coverage. Activate eagerly when the user asks "what cases should I handle?", "what could go wrong?", "am I missing any scenarios?", "how do I systematically test/model this?", or when they describe a decision table, state machine, input space, feature flag combination, risk matrix, or any artifact where multiple interacting variables might produce unexpected outcomes. Also use for non-testing contexts: config-flag interactions, requirement gap-finding, risk registers, design tradeoffs, business rule validation. This skill selects the right systematic technique, explains its reasoning, confirms with the user, and produces a structured markdown output for gap detection in code, requirements, design docs, or business rules.
Use this skill when the user wants to add test coverage targeting blind spots in a specific method — uncovered branches, edge cases, or unusual inputs. Activate on explicit requests to cover blind spots or when the user asks "what should I test here?" about a particular method. This is not about achieving 100% line coverage, but about ensuring the method behaves correctly in scenarios that are easy to miss.
Reference for adding and ordering Aspire deploy pipeline steps, tagging steps, parameterizing deployment with AddParameter, configuring per-environment values with WithEnvironment, and using PipelineStepContext services. Use when asked to add a pipeline step, order deploy steps, set up infrastructure provisioning, configure deployment, or wire up aspire deploy.
| name | ugacltool |
| description | UGREEN utility for editing FACLs |
ugacltool manages Access Control Lists (ACLs) on UGREEN NASync devices. Standard Linux chown/chmod commands don't work correctly on these devices due to their custom ACL system — use ugacltool instead.
ugacltool add PATH group:NAME:allow:r-x---a-R-c--:-fd-
ugacltool addace PATH group:GID:allow:r-x---a-R-c--:-fd-
ugacltool add PATH group:NAME:allow:rwxpdDaARWc--:-fd-
ugacltool addace PATH group:GID:allow:rwxpdDaARWc--:-fd-
ugacltool get PATH
ugacltool del_one PATH INDEX
del_oneonly works with level 0 ACLs. Useugacltool get PATHto find the index.
ugacltool del_all PATH
ugacltool replace PATH INDEX group:NAME:allow:rwxpdDaARWc--:-fd-
Only works with level 0 (direct) ACLs. Use
ugacltool get PATHto find the index.
ugacltool copy PATH_SRC PATH_DST
ugacltool check PATH rwx
Returns "check success" or "check fail" (checks the current user's effective permissions).
ugacltool get_perms USERNAME PATH
Example output: user[nginx] pwd[/path] perm[r-x-d-a-R-c--]
get_perm PATH USERNAMEalso exists but requires the ability to switch user context (may need root). Preferget_perms.
ugacltool enforce_inherit PATH
Re-applies the parent directory's inheritable ACLs to all children. Useful when inheritance was broken or not applied automatically.
| Command | Description |
|---|---|
add PATH [ACL Entry] | Add a UG ACE to a file/directory |
addace PATH [ACL Entry] | Add UG ACEs with uid/gid |
replace PATH [Index] [ACL Entry] | Replace an ACE by index number |
get PATH | Get UG ACL of a file/directory |
getace PATH | Get UG ACEs with uid/gid |
get_perm PATH USERNAME | Extract Windows permission from ACL or Linux permission |
get_perms USERNAME PATHS | Extract Windows permissions for multiple paths |
del_one PATH [Index] | Delete one UG ACL entry by index |
del_all PATH | Delete all UG ACLs from a file/directory |
copy PATH_SRC PATH_DST | Copy ACL from source to destination (ACL must exist) |
check PATH [ACL Perm] | Check ACL permission of a file/directory |
set_eadir_acl PATH | Set ACL for EA directory |
set_archive PATH [Option] | Set ACL archive bit |
get_archive PATH | Get ACL archive bit |
del_archive PATH [Option] | Delete ACL archive bit |
stat PATH | Get stat/archive bit |
lstat PATH | Get stat/archive bit (no symlink follow) |
fstat PATH | Get stat/archive bit |
utime PATH | Set current time on a file |
enforce_inherit PATH | Enforce ACL inheritance |
add vs addaceadd / get — use user/group names (e.g., group:docker:allow:...)addace / getace — use numeric uid/gid (e.g., group:121:allow:...)Use addace when the user/group only exists inside a container or when you only have numeric IDs (e.g., from a .env file).
[type]:name_or_id:[allow|deny]:permissions:inherit_mode
user, group, owner, everyone, authenticated_user, or system
rwxpdDaARWcCo)| Flag | Meaning |
|---|---|
r | read data |
w | write data (create file) |
x | execute |
p | append data (create directory) |
d | delete |
D | Delete child (directories only) |
a | read attribute (SMB read-only/hidden/archive/system) |
A | write Attribute |
R | Read extended attribute |
W | Write extended attribute |
c | read acl |
C | write aCl |
o | get ownership |
fdin)| Flag | Meaning |
|---|---|
f | file inherited |
d | directory inherited |
i | inherit only |
n | no propagate |
Both allow and deny rules are supported. Deny rules take precedence and override matching allow permissions.
# Deny delete permission for nginx (overrides any allow that includes delete)
ugacltool add PATH group:nginx:deny:----d--------:----
| Type | Name field | Description |
|---|---|---|
user | username | A specific user |
group | groupname | A specific group |
owner | * | The file/directory owner |
everyone | (empty) | All users |
authenticated_user | * | Any authenticated user |
system | * | System processes |
# Grant everyone read access
ugacltool add PATH everyone::allow:r-x---a-R-c--:-fd-
# Grant the file owner full control
ugacltool add PATH owner:*:allow:rwxpdDaARWcCo:fd--
user:root:allow:rwx-d---RWc--:fd--
owner:*:allow:rwx-d---RWc--:fd--
group:nginx:allow:r-x---a-R-c--:-fd-
group:nginx:deny:----d--------:----
everyone::allow:r-x---a-R-c--:-fd-
When running Docker containers as unprivileged users on UGREEN NAS:
# 1. Create a dedicated system user
sudo useradd --system --user-group --shell /usr/sbin/nologin myapp
# 2. Find the UID/GID
id myapp
# 3. Grant the group read-only access to mounted volumes
ugacltool add /path/to/volume group:myapp:allow:r-x---a-R-c--:-fd-
# 4. Or grant read+write access if the app needs to write
ugacltool add /path/to/volume group:myapp:allow:rwxpdDaARWc--:-fd-
# 5. Run the container with the matching UID:GID
docker run -d --user UID:GID --name myapp_container myapp_image
Used with set_archive, get_archive, and del_archive:
is_inherit, is_read_only, is_owner_group, has_ACL, is_support_ACL
Exit codes are inconsistent across commands. Do not rely on exit codes alone — always check stdout/stderr.
| Exit Code | Meaning |
|---|---|
0 | Success (but also returned by many commands on failure) |
1 | Wrong number of arguments / unknown command |
255 | Operation error (bad path, invalid index, bad ACL entry) |
| Command | 0 | 255 |
|---|---|---|
add | success | bad path, malformed ACL entry |
addace | success | bad path, malformed ACL entry |
replace | success | bad path, index out of range (only level 0) |
stat | success | bad path |
check | always 0 — parse stdout for "check success" or "check fail" | bad path |
enforce_inherit | success (or prints error on stderr) | bad path |
These commands return exit code 0 even when the operation fails or the path doesn't exist. Check stdout/stderr for error messages like "path not exist", "It's Linux mode", or "Bad parameter".
get, getace, get_perm, get_perms, del_one, del_all, copy, set_eadir_acl, set_archive, get_archive, del_archive
| Message | Meaning |
|---|---|
path not exist | The target path does not exist |
It's Linux mode | The filesystem does not support UGREEN ACLs |
add acl fail: Operation not supported | Filesystem doesn't support ACLs (e.g., /tmp) |
param err. / param fail | Malformed ACL entry |
Index out of range | ACL index doesn't exist or is not level 0 |
change user fail. | get_perm can't switch to target user (use get_perms instead) |
del ace fail: No data available | del_one index doesn't exist |
ug_acl_auto_inherit fail | enforce_inherit couldn't apply inheritance |
Bad parameter: USERNAME | User doesn't exist (get_perms) |
Source: UGREEN Community Guide