 |
Index for
Section 1 |
|
 |
Alphabetical
listing for G |
|
 |
Bottom of
page |
|
getacl(1)
NAME
getacl - Displays the specified access control list (ACL) on a file of
directory
SYNOPSIS
getacl [-d | -D] [-g group[,group...]] [-n] [-m] [-u user[,user...]]
file...
OPTIONS
-d Displays the default access ACL instead of the access ACL. Valid for
directories only. The -d and -D options are mutually exclusive.
-D [Tru64 UNIX] Displays the default directory ACL instead of the access
ACL. Valid for directories only. The -d and -D options are mutually
exclusive.
-g group
[Tru64 UNIX] Display the entries for the designated group names or
GIDs only. If a numeric group name exists in the group database, then
the entry for that group is displayed, not the entry for the GID. For
example if there is a group name "521" with GID 40, a group name
"mygroup" with GID 521, and you request the entry using the -g 521
option then the entry for the group name "521" is displayed, not the
entry for the group name "mygroup". The -g option is not defined by
POSIX.
-m [Tru64 UNIX] Display the output in multicolumns. The -m option is not
defined by POSIX.
-n [Tru64 UNIX] Display numeric IDs. The -n option is not defined by
POSIX.
-u user
[Tru64 UNIX] Display the entries for the designated user names and
UIDs only. If a numeric user name exists in the user database, then the
entry for that user is displayed, not the entry for the UID. For
example if there is a user name "39456" with UID 420, a user name
"fred" with UID 39456, and you request the entry using the -u 39456
option then the entry for user name "39456" is displayed, not the entry
for user name "fred". The -u option may be used multiple times on the
command line.
DESCRIPTION
Note
This command is based on Draft 13 of the POSIX P1003.6 standard.
The getacl command displays the selected type of ACL for each file or
directory named on the command line.
The following three types of ACLs may be displayed:
Access ACL Used to control access to a file or directory.
Default directory ACL
Used to specify ACLs inherited by new
subdirectories in a directory. Valid on
directories only.
Default access ACL
Used to specify ACLs inheried by new
subdirectories and files in a directory. Valid on
directories only.
For more information on the types of ACLs see the acl(4) reference page and
the Security guide.
If the access ACL is selected for display, and there is no access ACL, the
getacl command displays the permission bits in ACL format. If a default ACL
is selected for display, and the selected default ACL doesn't exist on the
specified directory, only the ACL header will be displayed.
The user readable format of the ACL consists of the ACL header section and
the entries section. The ACL header section contains, at a minimum, the
following three lines:
name of the object
object owner
group owner
It may also contain blank comment lines or warning messages. Each line of
the ACL header section begins with a # character.
The ACL entries section by default consists of one line per entry. Each
line contains three colon-separated fields defined as:
· The ACL entry tag type (user/group/other).
· The ACL entry tag qualifier. This is the name or id that this entry
pertains to. If this field is empty the entry refers to the owning
user, owning group or other.
· The access being granted by the entry.
The output display format and relative ordering of ACL entries is as
follows:
user::perm
user:uid1:perm
user:uid2:perm
group::perm
group:gid1:perm
group:gid2:perm
other::perm
The following are some typical getacl outputs:
% getacl /ufs/test
#
# file: /ufs/test
# owner: root
# group: system
#
user::rwx
user:fran:-wx
user:adm:r--
group::r-x
other::r-x
% getacl -g adm /ufs/test
#
# file: /ufs/test
# owner: root
# group: system
#
% getacl -u adm /ufs/test
#
# file: /ufs/test
# owner: root
# group: system
#
user:adm:r--
If any ACL entry is wider than the screen, the access control list is
continued on the next line, indented to the previous line. The width of
the screen is taken from the COLUMNS environment variable, if the variable
is not set, the default width is 80 columns.
The -m option may be used to cause the ACL to be displayed in a multicolumn
format. The user entries defined in the ACL are placed on the screen in the
maximum number of columns allowed by the current size of the screen,
followed by the group entries.
The output from the getacl command is in the correct format for input to
the setacl command. The output may be redirected into a file, then the
output file can be used as input to the setacl command. This technique is
useful for assigning the ACL on an existing file to one or more new files.
For example:
$ getacl file1 > entries_file
$ setacl -U entries_file file2 file3 file4
The getacl command displays the access control lists of those files that
resides in directories that the user has search permissions to.
ACLs may be set on files and directories if ACLs are disabled on the
system, but ACL access checks and ACL inheritance won't take place. The
getacl command will print a warning if ACLs are disabled on the system.
Not all types of filesystems support ACLs. The getacl command will print a
warning if ACLs are not supported on the filesystem.
EXIT STATUS
If successful, the getacl command exits with a status of zero. Otherwise,
this command exits with a status of 1 if it aborted because of syntax
errors, or if the ACL of one or more files could not be accessed.
SEE ALSO
Commands: setacl(1)
Files: acl(4)
Security
|
Index for
Section 1 |
|
|
Alphabetical
listing for G |
|
 |
Top of
page |
|