3.0;acl (access_control_list), revision 3.0, 83/04/11
ACL (ACCESS_CONTROL_LIST) -- List or copy an ACL.
usage: ACL [target_object [source_object]] [-D|-F] [-I|-ID|-IF|-ALL] [-IS]
[-LINKS] [-L] [-BR] [-QW|-QA|-NQ] [-AE]
{CL}
FORMAT
ACL [target_object [source_object]] [options]
Every directory and file has an associated access control list (ACL) which
lists users and their rights to the object. ACL lets you copy an ACL from one
object to another, or display an ACL. For a detailed discussion of ACL
structure and usage, please refer to HELP EDACL.
ARGUMENTS
target_object
(optional) Specify the object whose ACL you want to set or display.
You may use a wildcard to specify this argument. DO NOT,
HOWEVER, DO $ acl /... (anything) AS THIS MAY RENDER YOUR
NODE UNUSABLE. This wildcard sequence includes files in
the /SYS tree, which require special ACL settings in order
for system software to run.
Default if omitted: use current working directory
source_object
(optional) Specify the file or directory whose ACL(s) is to be used to
set the ACL(s) of the target object(s).
Default if omitted: display target_object's ACL
OPTIONS
The following options confine the ACL command's operation to target objects of
the given type.
-D Set or display ACLs of only those target objects that are
directories. If used with -I, -ID, or -IF options, set or
display initial ACLs for subdirectories.
-F Set or display ACLs of only those target objects that are
files.
The following options control the ACL command's effect on target objects. If
the target object is a directory, they cause ACL to operate only on the
initial ACLs stored within that directory for use on newly created objects,
and not on the ACL of the directory itself. Note that this does NOT imply
that all the target object(s) are directories, however. (That is what -D
specifies.)
-I Set or display initial ACLs. If you are setting the ACLs
of a target directory, the source object's type (file or
directory) determines which initial ACL (the one for files
or the one for directories) of the target directory is set.
-ID Set or display only the initial ACLs inside those target
objects that are directories that apply to new
subdirectories created in those directories.
-IF Set or display only the initial ACLs inside those target
objects that are directories that apply to new files
created in those directories.
(Specifying both -ID and -IF is the same as -I. Neither implies -D.)
The following option specifies that one (or both) of the initial ACLs inside
the source object is to be copied to the target, rather than the ACL of the
source itself. This assumes that the source object is a directory and not a
file, since files cannot contain initial ACLs for subordinate objects.
-IS Copy the initial ACL(s) in the source object (which must be
a directory) to the target. If there is a single target
object (either a file or a directory), then the appropriate
initial ACL inside the source is applied to the target. If
the -I option is also specified, then both initial ACLs in
the source are copied to the initial ACLs inside those
target objects that are directories.
The following option specifies that all the ACLs of the target object(s) are
to be set or displayed.
-ALL Set or display all ACLs of the target object(s). If you
are using wildcards to specify the target, you may qualify
this action by also specifying -D or -F. If the source
object is a directory, then all of its ACLs (both its own
and the two initial ACLs that it applies to newly created
subordinate objects) are used to set the corresponding ACLs
of the target object(s). If -IS is also specified,
however, the ACL of the source object itself will not be
used, although all three ACLs of the target directories are
still set. Thus using -ALL (with or without -IS) may be
used to propagate new ACLs throughout subtrees.
The following options perform miscellaneous tasks:
-LINKS If target_object is a wildcard that specifies link(s),
operate on the link(s). By default ACL does not operate on
links specified with wildcards. ACL always, however,
operates on links you specify explicitly (without
wildcards).
-L List object names as the command sets ACLs.
-BR Display ACLs only, not object names.
ACL uses the command line parser, and so also accepts the standard command
options listed in HELP CL with the exception of the use of hyphen (-) to read
data from standard input.
EXAMPLES
1. $ acl new_file old_file Assign old_file's ACL to new_file.
2. $ acl joe mary -i -is Set the initial ACLs inside JOE using
the initial ACLs inside MARY (which must
be a directory).
3. $ acl abc?* file1 -d -if Set the initial file ACL in all
subdirectories of the current working
directory whose names begin with ABC to
the ACL of FILE1.
4. $ acl abc?* dir2 -f -is Set the ACLs of all files in the current
working directory whose names begin with
ABC to the initial file ACL inside DIR2.
5. $ acl abc?* dir2 -i -is The initial ACLs in all subdirectories
of the current working directory whose
names begin with ABC are set using the
initial ACLs in DIR2, and the ACLs of all
files whose names begin with ABC are set
using the intial file ACL in DIR2.
(Adding -D would confine the operation
to directories.)
6. $ acl abc?* dir2 -all The ACLs of all files matched are set
using the initial file ACL in DIR2. The
ACLs of all directories matched are set
using the ACL of DIR2 itself. The initial
ACLs inside those matched directories are
set using the initial ACLs inside DIR2.
7. $ acl abc?* dir2 -all -is The ACLs of all files matched are set
using the initial file ACL in DIR2. The
ACLs of all directories matched are set
using the initial directory ACL in DIR2.
The initial ACLs inside those matched
directories are set using the initial
ACLs inside DIR2.
RELATED TOPICS
More information is available. Type:
- HELP ACLS
for a list of ACL-related commands.
- HELP PROTECTION
for general information on DOMAIN protection mechanisms.
- HELP PROTECTION ACLS
for detailed information on ACL structure and usage.
- HELP PROTECTION SIDS
for information on SIDs.
- HELP PROTECTION RIGHTS
for information on access rights.