PreviousNext

Interactive Subcommands

The following subcommands are available when acl_edit is invoked in interactive mode. All the commands act on the ACL associated with the object specified by pathname when acl_edit was invoked.

?
Displays the available acl_edit subcommands.

ab[ort]
Exits acl_edit without saving the changes to the objects ACL.

as[sign] filename
Applies the ACL entries in filename to the specified object. This subcommand removes existing entries and replaces them with the entries in the file.

c[ell] name
Sets the cell name to be associated with the ACL. This subcommand is used primarily to facilitate copying ACLs to different cells. The default cell name stays in place until you run the subcommand again to change it.

co[mmit]
Saves all changes to the ACL without exiting.

d[elete] acl_entry
Deletes the specified ACL entry.

e[xit]
Exits from acl_edit, saving any changes to the objects ACL.

g[et_access]
Displays the permissions granted in the specified objects ACL to the principal that invoked acl_edit.

h[elp] [command...]
Initiates the help facility. If you enter only the command help, acl_edit displays a list of all commands and their functions. If you enter help and a command (or commands separated by a space), acl_edit displays help information on the specified commands. Entering help sec_acl_entry displays information about ACL entries.

k[ill_entries]
Removes all ACL entries except the user_obj entry if it exists.

l[ist]
Lists the entries in the objects ACL.

m[odify] acl_entry [-n | -c]
Adds a new ACL entry or replaces an existing ACL entry. This command affects a single ACL entry. To add or replace all of an objects ACL entries, see the su[bstitute] subcommand.

For objects that support the mask_obj entry type and are required to calculate a new mask when their ACLs are modified, the -n option specifies that a new mask should not be calculated; the -c option specifies that the objects mask_obj entry should have permissions equal to the union of all entries other than user_obj, other_obj, and unauthenticated. The mask is calculated after the ACL is modified.

If you use the -c option, the new mask is set even if it grants permissions previously masked out. It is recommended that you use the -c option only if not specifying it results in an error. If the new mask unintentionally grants permissions to an existing entry, the modify operation that causes the mask recalculation aborts with an error unless you specify either the -c or -n option.

p[ermissions]
Lists the available permission tokens and explanations.

pu[rge]
Purges all masked permissions. This option is useful only for ACLs that contain an entry of type mask_obj. Use it to prevent unintentionally granting permissions to an existing entry when a new mask is calculated as a result of adding or modifying an ACL entry.

su[bstitute] acl_entry [acl_entry ...]
Replaces all ACL entries with the one or ones specified. This subcommand removes all existing entries and adds the ones specified by acl_entry. To replace only a single ACL entry, use the m[odify] subcommand.

t[est_access] [permissions...]
Tests whether the permissions specified in the command are granted to the principal under whose DCE identity the acl_edit command was invoked. The option returns Granted if the permissions are granted or Denied if they are not.