3.0;acl (set/show_acl),revision 3.0, 83/04/11
ACL (ACCESS_CONTROL_LIST)-- List or copy an ACL.
usage: ACL [target_obj [src_obj]] [-D|-F] [-I|-ID|-IF|-ALL] [-IS] [-LINKS]
[-L] [-BR] [-QW|-QA|-NQ] [-AE] {CL}
FORMAT
ACL [target_object [source_object]] [options]
Every directory and file has an associated access control list (ACL) which
lists users and their rights to the object. In addition, each directory
contains two additional ACLs (called initial ACLs): one for new files and
another for new subdirectories created within that directory. ACL lets
you copy an ACL from one object to another, or display an ACL. To make
changes to an existing ACL, use the EDACL command (see HELP EDACL).
ARGUMENTS
target_obj Specify the file or directory whose ACL(s) you want to set or
(optional) display. Wildcarding is permitted.
Default if omitted: use current working directory.
src_obj Specify the file or directory whose ACL(s) is to be used to set
(optional) the ACL(s) of the target object(s).
Default if omitted: display target_object's ACL
OPTIONS
The following options are used to qualify the target objects:
-D Set or display ACLs of only those target objects that are
directories. If used with -I, -ID, or -IF options, set or
display initial ACLs for subdirectories.
-F Set or display those target objects that are files.
These options are used to specify directories' initial ACLs as targets:
-I Set or display initial ACLs. If you are setting the ACLs of a
target directory, the source object determines which initial
ACL (file or subdirectory) of the target directory is set.
-ID Set or display initial ACLs of new subdirectories in target
directories.
-IF Set or display initial ACLs for new files in target object
directories.
(Specifying both -ID and -IF is the same as -I. Neither implies -D.)
This option specifies that one or both of the initial ACLs in the source
object be copied to the target. (This assumes that the source object is a
directory.):
-IS Copy the initial ACL(s) in the source object to the target.
If -I and -IS are both specified, both initial ACLs of target
directory will be set, using the corresponding initial ACLs
of the source object.
This option specifies that all ACLs of the target object(s) be set or
displayed.
-ALL Set or display all ACLs of target object(s). Use -D or -F to
qualify wildcards. If source object is specified, it must be
a directory. (Note that if -IS is also specified, the ACL of
the source object itself will not be used, but all three ACLs
of the target directories are still set). -ALL (with or
without -IS) may be used to propagate new ACLs throughout
subtrees.
The following options perform miscellaneous tasks:
-LINKS Operate on links specified as wildcards.
-L List the object names as the ACLs are set.
-BR Display ACLs only, not object names.
ACL uses the command line parser and so also accepts the standard command
options listed in HELP CL.
EXAMPLES
1. $ acl new_file old_file Assign old_file's ACL to new_file.
2. $ acl joe mary -i -is Set the initial ACLs inside JOE using
the initial ACLs inside MARY (which must
be a directory).
3. $ acl abc?* file1 -d -if Set the initial file ACL in all subdirectories
of the current working directory whose
names begin with ABC to the ACL of FILE1.
4. $ acl abc?* dir2 -f -is Set the ACLs of all files in the current
working directory whose names begin with
ABC to the initial file ACL inside DIR2.
5. $ acl abc?* dir2 -i -is The initial ACLs inside all subdirectories
of the current working directory whose names
begin with ABC are set using the initial
ACLs in DIR2, and the ACLs of all files
whose names begin with ABC are set using
the intial file ACL in DIR2. (Adding -D
would confine the operation to directories.)
6. $ acl abc?* dir2 -all The ACLs of all files matched are set using
the initial file ACL in DIR2. The ACLs of
all directories matched are set using the
ACL of DIR2 itself. The initial ACLs inside
those matched directories are set using the
initial ACLs inside DIR2.
7. $ acl abc?* dir2 -all -is The ACLs of all files matched are set using
the initial file ACL in DIR2. The ACLs of
all directories matched are set using the
initial directory ACL in DIR2. The initial
ACLs inside those matched directories are
set using the initial ACLs inside DIR2.
RELATED TOPICS
More information is available. Type:
- HELP ACLS
for a list of ACL-related commands
- HELP PROTECTION
for general information on DOMAIN protection mechanisms
- HELP PROTECTION ACLS
for detailed information on ACL structure and usage
- HELP PROTECTION SIDS
for information on SIDs.
- HELP PROTECTION RIGHTS
for information on access rights.