unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



getacl(1)							    getacl(1)



NAME

  getacl - Displays the	specified access control list (ACL) on a file of
  directory

SYNOPSIS

  getacl [-d|-D] [-g group[,group...]] [-n]
	 [-m] [-u user[,user...]] file...

FLAGS

  -d	    Displays the default access	ACL instead of the access ACL.	Valid
	    for	directories only.  The -d and -D options are mutually
	    exclusive.

  -D	    [Tru64 UNIX]  Displays the default directory ACL instead of	the
	    access ACL.	 Valid for directories only.  The -d and -D options
	    are	mutually exclusive.

  -g group  [Tru64 UNIX]  Display the entries for the designated group names
	    or GIDs only.  If a	numeric	group name exists in the group data-
	    base, then the entry for that group	is displayed, not the entry
	    for	the GID.  For example if there is a group name "521" with GID
	    40,	a group	name "mygroup" with GID	521, and you request the
	    entry using	the -g 521 flag	then the entry for the group name
	    "521" is displayed,	not the	entry for the group name "mygroup".
	    The	-g flag	is not defined by POSIX.

  -m	    [Tru64 UNIX]  Display the output in	multicolumns.  The -m flag is
	    not	defined	by POSIX.

  -n	    [Tru64 UNIX]  Display numeric IDs.	The -n flag is not defined by
	    POSIX.

  -u user   [Tru64 UNIX]  Display the entries for the designated user names
	    and	UIDs only.  If a numeric user name exists in the user data-
	    base, then the entry for that user is displayed, not the entry
	    for	the UID.  For example if there is a user name "39456" with
	    UID	420, a user name "fred"	with UID 39456,	and you	request	the
	    entry using	the -u 39456 flag then the entry for user name
	    "39456" is displayed, not the entry	for user name "fred".  The -u
	    flag may be	used multiple times on the command line.

DESCRIPTION

				     Note

       This command is based on	Draft 13 of the	POSIX P1003.6 standard.


  The getacl command displays the selected type	of ACL for each	file or
  directory named on the command line.

  The following	three types of ACLs may	be displayed:

  Access ACL		 Used to control access	to a file or directory.

  Default directory ACL	 Used to specify ACLs inherited	by new subdirectories
			 in a directory.  Valid	on directories only.

  Default access ACL	 Used to specify ACLs inheried by new subdirectories
			 and files in a	directory.  Valid on directories
			 only.

  For more nformation on the types of ACLs see the acl(4) reference page and
  the Security guide.

  If the access	ACL is selected	for display, and there is no access ACL, the
  getacl command displays the permission bits in ACL format.  If a default
  ACL is selected for display, and the selected	default	ACL doesn't exist on
  the specified	directory, only	the ACL	header will be displayed.

  The user readable format of the ACL consists of the ACL header section and
  the entries section.	The ACL	header section contains, at a minimum, the
  following three lines:

       name of the object
       object owner
       group owner

  It may also contain blank comment lines or warning messages.	Each line of
  the ACL header section begins	with a # character.

  The ACL entries section by default consists of one line per entry.  Each
  line contains	three colon-separated fields defined as:

    +  The ACL entry tag type (user/group/other).

    +  The ACL entry tag qualifier.  This is the name or id that this entry
       pertains	to.  If	this field is empty the	entry refers to	the owning
       user, owning group or other.

    +  The access being	granted	by the entry.

  The output display format and	relative ordering of ACL entries is as fol-
  lows:

	    user::perm
	    user:uid1:perm
	    user:uid2:perm
	    group::perm
	    group:gid1:perm
	    group:gid2:perm
	    other::perm

  The following	are some typical getacl	outputs:

  % getacl /ufs/test

       #
       # file: /ufs/test
       # owner:	root
       # group:	system
       #
       user::rwx
       user:fran:-wx
       user:adm:r--
       group::r-x
       other::r-x

  % getacl -g adm /ufs/test

       #
       # file: /ufs/test
       # owner:	root
       # group:	system
       #

  % getacl -u adm /ufs/test

       #
       # file: /ufs/test
       # owner:	root
       # group:	system
       #
       user:adm:r--

  If any ACL entry is wider than the screen, the access	control	list is	con-
  tinued on the	next line, indented to the previous line.  The width of	the
  screen is taken from the COLUMNS environment variable, if the	variable is
  not set, the default width is	80 columns.

  The -m option	may be used to cause the ACL to	be displayed in	a multicolumn
  format.  The user entries defined in the ACL are placed on the screen	in
  the maximum number of	columns	allowed	by the current size of the screen,
  followed by the group	entries.

  The output from the getacl command is	in the correct format for input	to
  the setacl command.  The output may be redirected into a file, then the
  output file can be used as input to the setacl command.  This	technique is
  useful for assigning the ACL on an existing file to one or more new files.
  For example:

       $ getacl	file1 >>	entries_file
       $ setacl	-U entries_file	file2 file3 file4

  The getacl command displays the access control lists of those	files that
  resides in directories that the user has search permissions to.

  ACLs may be set on files and directories if ACLs are disabled	on the sys-
  tem, but ACL access checks and ACL inheritance won't take place.  The
  getacl command will print a warning if ACLs are disabled on the system.

  Not all types	of filesystems support ACLs.  The getacl command will print a
  warning if ACLs are not supported on the filesystem.

EXIT VALUES

  If successful, the getacl command exits with a status	of zero.  Otherwise,
  this command exits with a status of 1	if it aborted because of syntax
  errors, or if	the ACL	of one or more files could not be accessed.

RELATED	INFORMATION

  Commands: setacl(1)

  Files: acl(4).

  Security