使用 Azure CLI 管理 Azure Data Lake Storage Gen2 中的目录、文件和 ACLUse Azure CLI to manage directories, files, and ACLs in Azure Data Lake Storage Gen2

本文介绍如何使用 Azure 命令行接口 (CLI) 在具有分层命名空间的存储帐户中创建和管理目录、文件和权限。This article shows you how to use the Azure Command-Line Interface (CLI) to create and manage directories, files, and permissions in storage accounts that have a hierarchical namespace.

示例 | 提高反馈Samples | Give feedback

先决条件Prerequisites

  • Azure 订阅。An Azure subscription. 请参阅获取 Azure 试用版See Get Azure trial.
  • 已启用分层命名空间 (HNS) 的存储帐户。A storage account that has hierarchical namespace (HNS) enabled. 请按照此处的说明创建一个存储帐户。Follow these instructions to create one.
  • Azure CLI 版本 2.6.0 或更高版本。Azure CLI version 2.6.0 or higher.

确保安装正确版本的 Azure CLIEnsure that you have the correct version of Azure CLI installed

  1. 如果在本地安装了 Azure CLI,请打开命令控制台应用程序,例如 Windows PowerShell。If you've installed the Azure CLI locally, open a command console application such as Windows PowerShell.

  2. 使用以下命令验证安装的 Azure CLI 版本是否是 2.6.0 或更高版本。Verify that the version of Azure CLI that have installed is 2.6.0 or higher by using the following command.

     az --version
    

    如果 Azure CLI 版本低于 2.6.0,则安装更高版本。If your version of Azure CLI is lower than 2.6.0, then install a later version. 请参阅安装 Azure CLISee Install the Azure CLI.

连接到帐户Connect to the account

  1. 如果在本地使用 Azure CLI,请运行 login 命令。If you're using Azure CLI locally, run the login command.

    az login
    

    如果 CLI 可以打开默认浏览器,它将这样做并加载 Azure 登录页。If the CLI can open your default browser, it will do so and load an Azure sign-in page.

    否则,请在浏览器中打开 https://aka.ms/deviceloginchina,然后输入终端中显示的授权代码。Otherwise, open a browser page at https://aka.ms/deviceloginchina and enter the authorization code displayed in your terminal. 然后,在浏览器中使用帐户凭据登录。Then, sign in with your account credentials in the browser.

    若要详细了解不同的身份验证方法,请参阅使用 Azure CLI 授权访问 blob 或队列数据To learn more about different authentication methods, see Authorize access to blob or queue data with Azure CLI.

  2. 如果你的标识与多个订阅相关联,请将你的活动订阅设置为将托管静态网站的存储帐户的订阅。If your identity is associated with more than one subscription, then set your active subscription to subscription of the storage account that will host your static website.

    az account set --subscription <subscription-id>
    

    <subscription-id> 占位符值替换为你的订阅 ID。Replace the <subscription-id> placeholder value with the ID of your subscription.

备注

本文中提供的示例演示 Azure Active Directory (AD) 授权。The example presented in this article show Azure Active Directory (AD) authorization. 若要详细了解身份验证方法,请参阅使用 Azure CLI 授权访问 blob 或队列数据To learn more about authorization methods, see Authorize access to blob or queue data with Azure CLI.

创建容器Create a container

容器充当文件的文件系统。A container acts as a file system for your files. 可以使用 az storage fs create 命令创建文件系统。You can create one by using the az storage fs create command.

此示例创建一个名为 my-file-system 的容器。This example creates a container named my-file-system.

az storage fs create -n my-file-system --account-name mystorageaccount --auth-mode login

显示容器属性Show container properties

可使用 az storage fs show 命令将容器的属性输出到控制台。You can print the properties of a container to the console by using the az storage fs show command.

az storage fs show -n my-file-system --account-name mystorageaccount --auth-mode login

列出容器内容List container contents

使用 az storage fs file list 命令列出目录内容。List the contents of a directory by using the az storage fs file list command.

此示例列出名为 my-file-system 的容器的内容。This example lists the contents of a container named my-file-system.

az storage fs file list -f my-file-system --account-name mystorageaccount --auth-mode login

删除容器Delete a container

使用 az storage fs delete 命令删除容器。Delete a container by using the az storage fs delete command.

此示例删除一个名为 my-file-system 的容器。This example deletes a container named my-file-system.

az storage fs delete -n my-file-system --account-name mystorageaccount --auth-mode login

创建目录Create a directory

使用 az storage fs directory create 命令创建目录引用。Create a directory reference by using the az storage fs directory create command.

此示例将名为 my-directory 的目录添加到名为 my-file-system 的容器中,该容器位于名为 mystorageaccount 的帐户下。This example adds a directory named my-directory to a container named my-file-system that is located in an account named mystorageaccount.

az storage fs directory create -n my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

显示目录属性Show directory properties

可以使用 az storage fs directory show 命令将目录属性打印到控制台。You can print the properties of a directory to the console by using the az storage fs directory show command.

az storage fs directory show -n my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

重命名或移动目录Rename or move a directory

使用 az storage fs directory move 命令重命名或移动目录。Rename or move a directory by using the az storage fs directory move command.

此示例在同一容器中将目录的名称 my-directory 重命名为 my-new-directoryThis example renames a directory from the name my-directory to the name my-new-directory in the same container.

az storage fs directory move -n my-directory -f my-file-system --new-directory "my-file-system/my-new-directory" --account-name mystorageaccount --auth-mode login

此示例将目录移到名为 my-second-file-system 的容器。This example moves a directory to a container named my-second-file-system.

az storage fs directory move -n my-directory -f my-file-system --new-directory "my-second-file-system/my-new-directory" --account-name mystorageaccount --auth-mode login

删除目录Delete a directory

使用 az storage fs directory delete 命令删除目录。Delete a directory by using the az storage fs directory delete command.

下面的示例删除名为 my-directory 的目录。This example deletes a directory named my-directory.

az storage fs directory delete -n my-directory -f my-file-system  --account-name mystorageaccount --auth-mode login 

检查目录是否存在Check if a directory exists

使用 az storage fs directory exists 命令确定容器中是否存在特定的目录。Determine if a specific directory exists in the container by using the az storage fs directory exists command.

此示例显示 my-file-system 容器中是否存在名为 my-directory 的目录。This example reveals whether a directory named my-directory exists in the my-file-system container.

az storage fs directory exists -n my-directory -f my-file-system --account-name mystorageaccount --auth-mode login 

从目录下载Download from a directory

使用 az storage fs file download 命令从目录下载文件。Download a file from a directory by using the az storage fs file download command.

下面的示例从名为 my-directory 的目录中下载名为 upload.txt 的文件。This example downloads a file named upload.txt from a directory named my-directory.

az storage fs file download -p my-directory/upload.txt -f my-file-system -d "C:\myFolder\download.txt" --account-name mystorageaccount --auth-mode login

列出目录内容List directory contents

使用 az storage fs file list 命令列出目录内容。List the contents of a directory by using the az storage fs file list command.

此示例列出名为 my-directory 的目录的内容,该目录位于名为 mystorageaccount 的存储帐户的 my-file-system 容器中。This example lists the contents of a directory named my-directory that is located in the my-file-system container of a storage account named mystorageaccount.

az storage fs file list -f my-file-system --path my-directory --account-name mystorageaccount --auth-mode login

将文件上传到目录Upload a file to a directory

使用 az storage fs directory upload 命令将文件上传到目录。Upload a file to a directory by using the az storage fs directory upload command.

下面的示例将名为 upload.txt 的文件上传到名为 my-directory 的目录。This example uploads a file named upload.txt to a directory named my-directory.

az storage fs file upload -s "C:\myFolder\upload.txt" -p my-directory/upload.txt  -f my-file-system --account-name mystorageaccount --auth-mode login

显示文件属性Show file properties

可以使用 az storage fs file show 命令将文件属性打印到控制台。You can print the properties of a file to the console by using the az storage fs file show command.

az storage fs file show -p my-file.txt -f my-file-system --account-name mystorageaccount --auth-mode login

重命名或移动文件Rename or move a file

使用 az storage fs file move 命令重命名或移动文件。Rename or move a file by using the az storage fs file move command.

下面的示例将文件从名称 my-file.txt 重命名为名称 my-file-renamed.txtThis example renames a file from the name my-file.txt to the name my-file-renamed.txt.

az storage fs file move -p my-file.txt -f my-file-system --new-path my-file-system/my-file-renamed.txt --account-name mystorageaccount --auth-mode login

删除文件Delete a file

使用 az storage fs file delete 命令删除文件。Delete a file by using the az storage fs file delete command.

下面的示例删除名为 my-file.txt 的文件This example deletes a file named my-file.txt

az storage fs file delete -p my-directory/my-file.txt -f my-file-system  --account-name mystorageaccount --auth-mode login 

管理权限Manage permissions

可以获取、设置和更新目录和文件的访问权限。You can get, set, and update access permissions of directories and files.

备注

如果使用 Azure Active Directory (Azure AD) 来授权命令,请确保已为安全主体分配了存储 Blob 数据所有者角色If you're using Azure Active Directory (Azure AD) to authorize commands, then make sure that your security principal has been assigned the Storage Blob Data Owner role. 若要详细了解如何应用 ACL 权限以及更改这些权限的影响,请参阅 Azure Data Lake Storage Gen2 中的访问控制To learn more about how ACL permissions are applied and the effects of changing them, see Access control in Azure Data Lake Storage Gen2.

获取 ACLGet an ACL

使用 az storage fs access show 命令获取目录的 ACL。Get the ACL of a directory by using the az storage fs access show command.

下面的示例获取目录的 ACL,然后将 ACL 打印到控制台。This example gets the ACL of a directory, and then prints the ACL to the console.

az storage fs access show -p my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

使用 az storage fs access show 命令获取文件的访问权限。Get the access permissions of a file by using the az storage fs access show command.

下面的示例获取文件的 ACL,然后将 ACL 打印到控制台。This example gets the ACL of a file and then prints the ACL to the console.

az storage fs access show -p my-directory/upload.txt -f my-file-system --account-name mystorageaccount --auth-mode login

下图显示了获取目录 ACL 后的输出。The following image shows the output after getting the ACL of a directory.

获取 ACL 输出

在本示例中,负责人用户具有读取、写入和执行权限。In this example, the owning user has read, write, and execute permissions. 负责人组仅具有读取和执行权限。The owning group has only read and execute permissions. 有关访问控制列表的详细信息,请参阅 Azure Data Lake Storage Gen2 中的访问控制For more information about access control lists, see Access control in Azure Data Lake Storage Gen2.

设置 ACLSet an ACL

使用 az storage fs access set 命令设置目录的 ACL。Use the az storage fs access set command to set the ACL of a directory.

下面的示例在目录中为负责人用户、负责人组或其他用户设置 ACL,然后将 ACL 打印到控制台。This example sets the ACL on a directory for the owning user, owning group, or other users, and then prints the ACL to the console.

az storage fs access set --acl "user::rw-,group::rw-,other::-wx" -p my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

下面的示例在目录中为负责人用户、负责人组或其他用户设置默认 ACL,然后将 ACL 打印到控制台。This example sets the default ACL on a directory for the owning user, owning group, or other users, and then prints the ACL to the console.

az storage fs access set --acl "default:user::rw-,group::rw-,other::-wx" -p my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

使用 az storage fs access set 命令设置文件的 ACL。Use the az storage fs access set command to set the acl of a file.

下面的示例在文件中为负责人用户、负责人组或其他用户设置 ACL,然后将 ACL 打印到控制台。This example sets the ACL on a file for the owning user, owning group, or other users, and then prints the ACL to the console.

az storage fs access set --acl "user::rw-,group::rw-,other::-wx" -p my-directory/upload.txt -f my-file-system --account-name mystorageaccount --auth-mode login

下图显示了设置文件 ACL 后的输出。The following image shows the output after setting the ACL of a file.

获取 ACL 输出

在本示例中,负责人用户和负责人组只有读取和写入权限。In this example, the owning user and owning group have only read and write permissions. 所有其他用户都具有写入和执行权限。All other users have write and execute permissions. 有关访问控制列表的详细信息,请参阅 Azure Data Lake Storage Gen2 中的访问控制For more information about access control lists, see Access control in Azure Data Lake Storage Gen2.

更新 ACLUpdate an ACL

设置此权限的另一种方法是使用 az storage fs access set 命令。Another way to set this permission is to use the az storage fs access set command.

通过将 -permissions 参数设置为 ACL 的简短形式,来更新目录或文件的 ACL。Update the ACL of a directory or file by setting the -permissions parameter to the short form of an ACL.

下面的示例更新目录的 ACL。This example updates the ACL of a directory.

az storage fs access set --permissions rwxrwxrwx -p my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

下面的示例更新文件的 ACL。This example updates the ACL of a file.

az storage fs access set --permissions rwxrwxrwx -p my-directory/upload.txt -f my-file-system --account-name mystorageaccount --auth-mode login

另外,还可以通过将 --ownergroup 参数设置为用户的实体 ID 或用户主体名称 (UPN),更新目录或文件的负责人用户和组。You can also update the owning user and group of a directory or file by setting the --owner or group parameters to the entity ID or User Principal Name (UPN) of a user.

下面的示例更改目录所有者。This example changes the owner of a directory.

az storage fs access set --owner xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -p my-directory -f my-file-system --account-name mystorageaccount --auth-mode login

下面的示例更改文件所有者。This example changes the owner of a file.

az storage fs access set --owner xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -p my-directory/upload.txt -f my-file-system --account-name mystorageaccount --auth-mode login

另请参阅See also