Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ edacl — Apollo

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

PROTECTION ACLS

ACLS

PROTECTION

PROTECTION SIDS

PROTECTION RIGHTS

6.0;edacl (edit_access_control_list), revision 6.0, 85/03/21
EDACL (EDIT_ACCESS_CONTROL_LIST) -- Edit or list an ACL.
usage:  EDACL [commands] [-I|-P] [-DIR|-FILE|-IF|-ID] [-UNIX] pathname...

EDACL commands: [-C ppon rts] [-CF ppon rts] [-A ppon rts] [-AF ppon rts]
                                        [-AR ppon rts] [-D ppon] [-DF ppon rts]
                                        [-DR ppon rts] [-CDN node]
                                        [-CN ppon node] [-L] [-Q]


FORMAT

  EDACL [commands] [options] pathname...


  Every  directory  and  file  has  an associated access control list (ACL) that
  lists users and their rights to the object.  EDACL edits or displays  the  ACL
  of  the  object(s) specified.   The structure and usage of an ACL is described
  in detail in HELP PROTECTION ACLS.


ARGUMENTS

  pathname
  (required)         Specify the object whose ACL you wish to edit  or  display.
                     Multiple pathnames and wildcarding are permitted.

  commands
  (optional)          Specify  the  action(s)  described  below.   If you do not
                     specify a command,  EDACL  enters  an  interactive  editing
                     mode.

                     Default if omitted:  read commands from standard input; do
                                          not precede commands with a hyphen (-)
                                          in this mode.

  COMMANDS

  -L                 List ACL entries.

  -A ppon rights
                     Add the specified entry to an ACL.   You  will  receive  an
                     error message if the ACL entry exists.

  -AF ppon rights
                     Add force. Add the specified entry to an ACL.  You will not
                     receive an error message if the ACL entry exists.

  -AR ppon rights
                     Add the specified rights to an ACL.  You  will  receive  an
                     error message if the entry does not exist.

  -C ppon rights
                     Change the access rights in the entry  for  ppon  (replaces
                     current  rights).  You will receive an error message if the
                     entry does not exist.

  -CF ppon rights
                     Change  force.    Change the access rights in the entry for
                     ppon (replaces current rights).  You will  not  receive  an
                     error message if the entry does not exist.

  -D ppon             Delete  the ACL entry for ppon.  You will receive an error
                     message if the entry does not exist.    If  the  'ppon'  is
                     '%.%.%.%', then EDACL will leave the entry with 'S' and 'E'
                     rights to maintain DOMIAN/IX compatibility.

  -DF ppon rights
                     Delete  force.   Delete the specified rights from the entry
                     for ppon.  You will not receive an error message if the ACL
                     entry does not exist.

  -DR ppon rights
                     Delete the specified rights from the entry for ppon.    You
                     will receive an error message if the entry does not exist.

  -CDN node          Change the default node ID.

  -CN ppon node
                     Change the node ID entry in ppon.

  -Q                 Quit without changing the object's ACL.   This  command  is
                     useful  only  when  you supply EDACL commands interactively
                     (see -I).


OPTIONS

  -DIR               Only operate on directories.

  -FILE              Only operate on files.

  -ID                 Edit  the  default  initial  ACL  for  directories   (-DIR
                     implied).

  -IF                Edit the default initial ACL for files (-DIR implied).

  -UNIX               Enable  editing  of  'S'  and  'E' rights for directories;
                     disable the setting of these rights by default.

  The following two options apply only when EDACL reads commands  from  standard
  input:

  -P                  EDACL interprets commands when it receives an EOF (usually
                     CTRL/Z).  This is the  default  when  you  have  redirected
                     standard  input  (i.e.,  instructed  the  program  to  read
                     commands from a Shell  program,  here  document,  file,  or
                     pipe).

  -I                  EDACL  interprets commands as you enter them.  This is the
                     default when you have not redirected standard input.    You
                     may  only  specify one pathname (with no wildcards) in this
                     mode.  EDACL changes a copy of the ACL;  the  command  does
                     not  assign  a  new ACL to an object until it reads an EOF.
                     Thus, EDACL -I does not change an ACL if you terminate  the
                     session with the "Q" command.

  This  command  uses  the command line parser, and so also accepts the standard
  command options listed in HELP CL.


EXAMPLES

  1. The order of the commands in the following sequence is significant.

     $ edacl -L sales                  List ACL for the file 'sales'.  The
       %.%.%.%     pgndwrx              ppon is all wildcards (%.%.%.%), so
                                        all users have complete rights
     $                                  (pgndwrx) to 'sales'.


     $ edacl sales -cf dan.%  -none    Deny user DAN access to 'sales'.
     $ edacl -L sales                  Other users still have all rights.
       DAN.%.%.%    -------             Note that the system automatically
       %.%.%.%      pgndwrx             places specific entries before
     $                                  general ones.


     $ edacl sales -a joe -owner       Add user JOE to the ACL for 'sales'
     $ edacl -L sales                   with all rights.
       joe.%.%.%    pgndwrx
       dan.%.%.%    -------
       %.%.%.%      pgndwrx
     $


     $ edacl sales -a %.%.mktg wrx     Allow users in the MKTG organization
     $ edacl -L sales                   to change file contents, but do not
       joe.%.%.%     pgndwrx            let them assign rights to others (p
       dan.%.%.%.    -------            and g), change the node ID entry (n),
       %.%.mktg.%    ----wrx            or delete the file (d).
       %.%.%.%       pgndwrx
     $


     $ edacl sales -c % r              Change everyone else's access to read
     $ edacl -L sales                   only.  Note that the more liberal
       joe.%.%.%     pgndwrx            rights (wrx) assigned to the MKTG
       dan.%.%.%     -------            organization in the previous line
       %.%.mktg.%    ----wrx            still apply, since specific entries
       %.%.%.%       ----r--            override general ones.
     $

  2. The following examples illustrate the effect of the -UNIX option.

     $ edacl dir
     dir
     * l
      %.%.%.%                          pgndcalrse
     * a jim -none
      jim.%.%.%                        --------se
     * a ers -r
      ers.%.%.%                        -------rse
     * l
      jim.%.%.%                        --------se
      ers.%.%.%                        -------rse
      %.%.%.%                          pgndcalrse

     Now specify -UNIX ...

     $ edacl dir -unix
     dir
     * l
      %.%.%.%                          pgndcalrse
     * a jim -none
      jim.%.%.%                        ----------
     * a ers -r
      ers.%.%.%                        -------r--
     * l
      rees.%.%.%                       ----------
      ers.%.%.%                        -------r--
      %.%.%.%                          pgndcalrse


RELATED TOPICS

  More information is available.  Type:

  - HELP PROTECTION ACLS
   for a detailed description of ACLS.

  - HELP ACLS
   for a list of commands used to manipulate ACLS.

  - HELP PROTECTION
   for a general discussion of DOMAIN protection mechanisms.

  - HELP PROTECTION SIDS
   for details about subject identifiers (PPON's).

  - HELP PROTECTION RIGHTS
   for details about the various access rights and what they mean.

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026