PreviousNext

Description

The acl_edit command is a client program that, when invoked, binds to the specified objects ACL manager (which is implemented in the objects server), and allows the user to manipulate the objects ACL through the standard DCE ACL interface. This interface is the sec_acl_...(~) interface documented in the OSF DCE Application Development Reference.

The acl_edit command automatically binds to the server of the object specified, and then communicates (through the standard DCE ACL interface) with that servers ACL manager in response to user input.

The object specified depends partly on whether the -e option is specified. Specifying -e means that you want to operate on the Directory Service ACL - in other words, you want acl_edit to bind to the CDS server and allow you to operate on the ACL maintained by that server on the objects directory entry. If, on the ACL on the object to which the directory entry refers, then omit the -e option, so that acl_edit binds to that objects server (the server must, of course, implement an ACL manager), giving you access to the objects ACL.

All acl_edit subcommands act on the object specified by pathname when you invoke acl_edit. You can invoke acl_edit in either command-line or interactive mode:

To invoke acl_edit in command-line mode, enter the command, the objects pathname, options, and the command-line subcommand on them that invokes acl_edit. Only one command-line subcommand can be entered per acl_edit invocation.

To invoke acl_edit in interactive mode, enter only acl_edit, the objects path name, and options. The acl_edit prompt is then displayed. In this mode, you enter interactive subcommands that let you edit and view entries in the objects ACL and view help information about the acl_edit command itself.

Changes you make in command-line mode are saved when you enter the command. In interactive mode, you must explicitly save your changes. To do so, use the commit subcommand to save the changes without exiting acl_edit or the exit subcommand to save the changes and exit acl_edit. Use the abort subcommand to exit acl_edit and save none of the changes you have made.

Note
When you invoke acl_edit for a specific objects ACL, that ACL is not locked. This means that it is possible for multiple users to edit the ACL simultaneously, with each change overwriting the previous changes. For this reason, the number of users assigned rights to change a particular ACL should be tightly controlled and limited to one user if possible.