 |
Index for
Section 1 |
|
 |
Alphabetical
listing for G |
|
 |
Bottom of
page |
|
getacl(1)
NAME
getacl - Displays the specified access control list (ACL) on a file of
directory
SYNOPSIS
getacl [-d|-D] [-g group[,group...]] [-n]
[-m] [-u user[,user...]] file...
FLAGS
-d Displays the default access ACL instead of the access ACL. Valid
for directories only. The -d and -D options are mutually
exclusive.
-D [Tru64 UNIX] Displays the default directory ACL instead of the
access ACL. Valid for directories only. The -d and -D options
are mutually exclusive.
-g group [Tru64 UNIX] Display the entries for the designated group names
only. The -g flag is not defined by POSIX.
-m [Tru64 UNIX] Display the output in multicolumns. The -m flag is
not defined by POSIX.
-n [Tru64 UNIX] Display numeric IDs. The -n flag is not defined by
POSIX.
-u user [Tru64 UNIX] Display the entries for the designated user names
only. The -u flag may be used multiple times on the command
line.
DESCRIPTION
Note
This command is based on Draft 13 of the POSIX P1003.6 standard.
The getacl command displays the selected type of ACL for each file or
directory named on the command line.
The following three types of ACLs may be displayed:
Access ACL Used to control access to a file or directory.
Default directory ACL Used to specify ACLs inherited by new subdirectories
in a directory. Valid on directories only.
Default access ACL Used to specify ACLs inheried by new subdirectories
and files in a directory. Valid on directories
only.
For more nformation on the types of ACLs see the acl(4) reference page and
the Security guide.
If the access ACL is selected for display, and there is no access ACL, the
getacl command displays the permission bits in ACL format. If a default
ACL is selected for display, and the selected default ACL doesn't exist on
the specified directory, only the ACL header will be displayed.
The user readable format of the ACL consists of the ACL header section and
the entries section. The ACL header section contains, at a minimum, the
following three lines:
name of the object
object owner
group owner
It may also contain blank comment lines or warning messages. Each line of
the ACL header section begins with a # character.
The ACL entries section by default consists of one line per entry. Each
line contains three colon-separated fields defined as:
· The ACL entry tag type (user/group/other).
· The ACL entry tag qualifier. This is the name or id that this entry
pertains to. If this field is empty the entry refers to the owning
user, owning group or other.
· The access being granted by the entry.
The output display format and relative ordering of ACL entries is as
follows:
user::perm
user:uid1:perm
user:uid2:perm
group::perm
group:gid1:perm
group:gid2:perm
other::perm
The following are some typical getacl outputs:
% getacl /ufs/test
#
# file: /ufs/test
# owner: root
# group: system
#
user::rwx
user:fran:-wx
user:adm:r--
group::r-x
other::r-x
% getacl -g adm /ufs/test
#
# file: /ufs/test
# owner: root
# group: system
#
% getacl -u adm /ufs/test
#
# file: /ufs/test
# owner: root
# group: system
#
user:adm:r--
If any ACL entry is wider than the screen, the access control list is
continued on the next line, indented to the previous line. The width of
the screen is taken from the COLUMNS environment variable, if the variable
is not set, the default width is 80 columns.
The -m option may be used to cause the ACL to be displayed in a multicolumn
format. The user entries defined in the ACL are placed on the screen in
the maximum number of columns allowed by the current size of the screen,
followed by the group entries.
The output from the getacl command is in the correct format for input to
the setacl command. The output may be redirected into a file, then the
output file can be used as input to the setacl command. This technique is
useful for assigning the ACL on an existing file to one or more new files.
For example:
$ getacl file1 > entries_file
$ setacl -U entries_file file2 file3 file4
The getacl command displays the access control lists of those files that
resides in directories that the user has search permissions to.
ACLs may be set on files and directories if ACLs are disabled on the
system, but ACL access checks and ACL inheritance won't take place. The
getacl command will print a warning if ACLs are disabled on the system.
Not all types of filesystems support ACLs. The getacl command will print a
warning if ACLs are not supported on the filesystem.
EXIT VALUES
If successful, the getacl command exits with a status of zero. Otherwise,
this command exits with a status of 1 if it aborted because of syntax
errors, or if the ACL of one or more files could not be accessed.
RELATED INFORMATION
Commands: setacl(1)
Files: acl(4).
Security
|
Index for
Section 1 |
|
|
Alphabetical
listing for G |
|
 |
Top of
page |
|