unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 getacl(1)                                                         getacl(1)




 NAME
      getacl - list access control lists (ACLs) for files (JFS File Systems
      only)

 SYNOPSIS
      /usr/bin/getacl [-ad] file...

 DESCRIPTION
      For each argument that is a regular file, special file, or named pipe,
      getacl displays the owner, group, and the Access Control List (ACL).
      For each directory argument, getacl displays the owner, group, and the
      ACL and/or the default ACL.  Only directories contain default ACLs.

      With the -a option specified, the filename, owner, group, and the ACL
      of the file will be displayed.  With the -d option specified, the
      filename, owner, group, and the default ACL of the file, if it exists,
      will be displayed.  With options not specified, the filename, owner,
      group, and both the ACL, and the default ACL, if it exists, will be
      displayed.

      This command may be executed on a file system that does not support
      ACLs.  It will report the ACL consisting of only the owning user,
      owning group, class and other entries, based on the permission bits.

      When multiple files are specified on the command line, a blank line
      will separate the ACL for each file.  The format of an ACL is:

           # file: filename
           # owner: uid
           # group: gid
           user::perm
           user:uid:perm
           group::perm
           group:gid:perm
           class:perm
           other:perm
           default:user::perm
           default:user:uid:perm
           default:group::perm
           default:group:gid:perm
           default:class:perm
           default:other:perm

      The first three lines show the filename, the file owner, and the file
      owning group.  Note that when only the -d option is specified, and the
      file has no default ACL, only these three lines will be displayed.

      The user entry without a user ID indicates the permissions that will
      be granted to the owner of the file.  One or more additional user
      entries indicate the permissions that will be granted to the specified
      users.  The group entry without a group identifier indicates the



 Hewlett-Packard Company            - 1 -   HP-UX Release 11i: November 2000






 getacl(1)                                                         getacl(1)




      permissions that will be granted to the owning group of the file.  One
      or more additional group entries indicate the permissions that will be
      granted to the specified groups.  The other entry indicates the
      permissions that will be granted to others.

      The default entries (default:user, default:group, and default:other)
      may only exist for directories, and indicate the default user, group,
      and other entries that will be added to a file created within the
      directory.

      The uid is a login name, or a user ID if there is no entry for the uid
      in the system's password file; gid is a group name, or a group ID if
      there is no entry for the gid in the system's group file; and perm is
      a three character string composed of the letters representing the
      separate discretionary access rights: r (read), w (write), x
      (execute/search), or the placeholder character -.The perm will be
      displayed in the following order: rwx.Ifapermissionisnot ACL entry,
      the placeholder character will appear.

      The ACL entries will be displayed in the order in which they will be
      evaluated when an access check is performed.  The default ACL entries
      which may exist on a directory have no effect on access checks.

      The file owner permission bits represent the access that the owning
      user ACL entry has.  The file group class permission bits represent
      the most access that any additional user entry, additional group
      entry, or the owning group entry may grant.  The file other permission
      bits represent the access that the other ACL entry has.  If a user
      invokes the chmod command and changes the file group class permission
      bits, the access granted by the additional ACL entries may be
      restricted.

      In order to indicate that the file group class permission bits
      restrict an ACL entry, getacl will display, after each affected entry,
      text in the form #effective:perm, where perm will show only the
      permissions actually granted.

 EXAMPLES
      Given file filea, with an ACL six entries long, the command

           $ getacl filea

      would print:

           # file: filea
           # owner: fletcher
           # group: us
           user::rwx
           user:spy:---
           user:archer:rw-
           group::r--



 Hewlett-Packard Company            - 2 -   HP-UX Release 11i: November 2000






 getacl(1)                                                         getacl(1)




           class:rw-
           other:---

      Given file filea, with an ACL six entries long, after the command
      chmod 700 filea was issued, the command

           $ getacl filea

      would print:

           # file: filea
           # owner: fletcher
           # group: us
           user::rwx
           user:spy:---
           user:archer:rw- #effective:---
           group::r-- #effective:---
           class:---
           other:---

      Given directory fileb, with an ACL containing default entries, the
      command

           $ getacl -d fileb

      would print:

           # file: fileb
           # owner: fletcher
           # group: us
           default:user::rwx
           default:user:spy:---
           default:group::r--
           default:other:---

      Given directory fileb, the command

           $ getacl fileb

      would print:

           # file: fileb
           # owner: fletcher
           # group: us
           user::rwx
           user:spy:---
           user:archer:rw-
           group::r--
           other:---
           default:user::rwx
           default:user:spy:---



 Hewlett-Packard Company            - 3 -   HP-UX Release 11i: November 2000






 getacl(1)                                                         getacl(1)




           default:group::r--
           default:other:---

 NOTICES
      The output from getacl will be in the correct format for input to the
      setacl command.  If the output from getacl is redirected to a file,
      the file may be used as input to setacl.  In this way, a user may
      easily assign one file's ACL to another file.

 FILES
      /etc/passwd                                     for user IDs
      /etc/group                                      for group IDs

 SEE ALSO
      acl(2), aclsort(3C), chmod(1), ls(1), setacl(1).







































 Hewlett-Packard Company            - 4 -   HP-UX Release 11i: November 2000