acl modify

acl modify acl_name_list [-ic | -io | -entry] [-type manager_type_name]
[-cell new_cell_name] {-add acl_entry_list_with_permissions [-mask {calc | nocalc}] |
-change acl_entry_list_with_permissions [-mask {calc | nocalc}] |
-remove acl_entry_list_without_permissions | -purge} [-local]

Options

-cell new_cell_name
Changes the value of the cell attribute by specifying the new default cell. It must be one value, not a list. The -cell option may be combined with the other options. Note that changing the default cell of an ACL that has user or group ACL entries, or their delegate counterparts, can be dangerous. The principal and groups mentioned in these ACL entries must be in the default cell. If the default cell changes, these ACL entries must change as well.

-add acl_entry_list_with_permissions
Adds the ACL Entries to the ACL. The value of this option is a list of ACL entries with permissions filled in. You can use the -mask option to force or prevent mask recalculation.

-change acl_entry_list_with_permissions
Changes existing ACL entries in the ACL. The value of this option is a list of ACL entries with permissions filled in. The permissions are the new permissions placed on the specified ACL entries. The ACL entries must exist in the ACL or an error occurs. You can use the -mask option to force or prevent mask recalculation.

-remove acl_entry_list_without_permissions
Removes existing ACL entries from the ACL. The value of this option is a list of ACL entries with no permissions. The ACL entries must exist in the ACL or an error occurs. You can use the -mask option to force or prevent mask recalculation.

-purge
Purges all masked permissions (before any other modifications are made), in all ACL entries except: user_obj, other_obj, mask_obj, user_obj_delegate, other_obj_delegate, and unauthenticated if they exist. This option is useful only for ACLs that contain an entry of type mask_obj.

-mask {calc | nocalc}
If a modify operation causes a mask recalculation that unintentionally adds permissions to an existing acl entry, the modify operation aborts with an error unless you specify the -mask option with a value of either calc or nocalc, or a unique abbreviation of one of these values.

Specifying calc creates or modifies the object's mask_obj type entry with permissions equal to the union of all entries other than type user_obj, other_obj, mask_obj and unauthenticated. This creation or modification is done after all other modifications to the ACL are performed. The new mask is set even if it grants permissions previously masked out. It is recommended that you use this option only if not specifying it results in an error. If you specify the calc option for an ACL that does not support mask_obj entry type, an error is returned.

Specifying nocalc means that a new mask should not be calculated.

The -mask option can only be used if the -add or -change option is also used and only if the object's ACL Managers support the mask_obj ACL type. In addition, you cannot use the -mask option if you specifiy a mask_obj ACL entry in the command (by using the -add or -change options).

-ic
Specifies that the command is to operate on the initial container ACL of the named object.

-io
Specifies that the command is to operate on the initial object ACL of the named object.

-entry
Specifies that the command is to operate on the ACL of the namespace entry of the object.

-local
Specifies that the command is to operate on the ACL of a dced object while the dced on the local machine is in partial service mode.

-type manager_type_name
Specifies that the command uses a particular ACL manager. This option is needed only for objects that have more than one purpose such as principal names that also act as directories (see Description). List available ACL managers using the acl show -manager command.

Description
The acl modify operation changes one or more individual ACL entries. The argument is a list of names of ACLs to be modified. They are processed in the order they are entered. The specific operation to perform is described by using options.

Multiple actions can be specified on the command line, they are processed in a fixed order to guarantee proper processing of the ACLs. See [POSIX.6] for a description of this processing order. Either all the changes specified in the oepration are made or none are. The operation returns an empty string on success.

Privileges Required
The permissions required are defined by the object's ACL Manager. Use the permissions operation to display the currently available tokens and their meanings. See the documentation for the DCE component you are using to obtain a more detailed description of its specific permissions.

Examples

dcecp> acl modify /.:/hosts -add {user mahler rwcia}
dcecp> acl modify /.:/hosts -change {user mahler rwdtcia}
dcecp>
dcecp> acl modify /.:/hosts -add {group dce rwdtcia} -remove {user mahler}
dcecp>