Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ acl — Apollo

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ACLS

PROTECTION

PROTECTION ACLS

PROTECTION SIDS

PROTECTION RIGHTS

3.0;acl (access_control_list), revision 3.0, 87/03/20
ACL (ACCESS_CONTROL_LIST) -- List or copy an ACL.
usage:  ACL [target_object [source_object]] [-D|-F] [-I|-ID|-IF|-ALL] [-IS]
                                        [-LINKS] [-L] [-BR] [-QW|-QA|-NQ] [-AE]
                                        {CL}


FORMAT

  ACL [target_object [source_object]] [options]


  Every  directory  and  file  has an associated access control list (ACL) which
  lists users and their rights to the object.  ACL lets you copy an ACL from one
  object  to  another,  or  display  an  ACL.   For a detailed discussion of ACL
  structure and usage, please refer to HELP EDACL.


ARGUMENTS

  target_object
  (optional)         Specify the object whose ACL you want to  set  or  display.
                     You  may  use a wildcard to specify this argument.  DO NOT,
                     HOWEVER, DO $ acl /... (anything) AS THIS MAY  RENDER  YOUR
                     NODE  UNUSABLE.    This wildcard sequence includes files in
                     the /SYS tree, which require special ACL settings in  order
                     for system software to run.

                     Default if omitted:  use current working directory

  source_object
  (optional)         Specify the file or directory whose ACL(s) is to be used to
                     set the ACL(s) of the target object(s).

                     Default if omitted:  display target_object's ACL


OPTIONS

  The following options confine the ACL command's operation to target objects of
  the given type.

  -D                  Set  or display ACLs of only those target objects that are
                     directories.  If used with -I, -ID, or -IF options, set  or
                     display initial ACLs for subdirectories.

  -F                  Set  or display ACLs of only those target objects that are
                     files.

  The following options control the ACL command's effect on target objects.   If
  the  target  object  is  a  directory,  they  cause ACL to operate only on the
  initial ACLs stored within that directory for use on  newly  created  objects,
  and  not  on  the  ACL of the directory itself.  Note that this does NOT imply
  that all the target object(s) are directories, however.    (That  is  what  -D
  specifies.)

  -I                  Set  or display initial ACLs.  If you are setting the ACLs
                     of a target directory, the source object's  type  (file  or
                     directory)  determines which initial ACL (the one for files
                     or the one for directories) of the target directory is set.

  -ID                 Set  or  display only the initial ACLs inside those target
                     objects  that   are   directories   that   apply   to   new
                     subdirectories created in those directories.

  -IF                 Set  or  display only the initial ACLs inside those target
                     objects that  are  directories  that  apply  to  new  files
                     created in those directories.

  (Specifying both -ID and -IF is the same as -I. Neither implies -D.)

  The  following  option specifies that one (or both) of the initial ACLs inside
  the source object is to be copied to the target, rather than the  ACL  of  the
  source  itself.   This assumes that the source object is a directory and not a
  file, since files cannot contain initial ACLs for subordinate objects.

  -IS                Copy the initial ACL(s) in the source object (which must be
                     a  directory)  to  the target.  If there is a single target
                     object (either a file or a directory), then the appropriate
                     initial ACL inside the source is applied to the target.  If
                     the -I option is also specified, then both initial ACLs  in
                     the  source  are  copied  to  the initial ACLs inside those
                     target objects that are directories.

  The following option specifies that all the ACLs of the target  object(s)  are
  to be set or displayed.

  -ALL                Set  or  display all ACLs of the target object(s).  If you
                     are using wildcards to specify the target, you may  qualify
                     this  action  by  also  specifying -D or -F.  If the source
                     object is a directory, then all of its ACLs (both  its  own
                     and  the  two initial ACLs that it applies to newly created
                     subordinate objects) are used to set the corresponding ACLs
                     of  the  target  object(s).    If  -IS  is  also specified,
                     however, the ACL of the source object itself  will  not  be
                     used, although all three ACLs of the target directories are
                     still set.  Thus using -ALL (with or without  -IS)  may  be
                     used to propagate new ACLs throughout subtrees.

  The following options perform miscellaneous tasks:

  -LINKS              If  target_object  is  a  wildcard that specifies link(s),
                     operate on the link(s).  By default ACL does not operate on
                     links  specified  with  wildcards.    ACL  always, however,
                     operates  on  links   you   specify   explicitly   (without
                     wildcards).  This option does NOT apply to Unix hard links,
                     which   are   always   operated   on   since    they    are
                     indistinguishable from the original directory entry .

  -L                 List object names as the command sets ACLs.

  -BR                Display ACLs only, not object names.

  ACL  uses  the  command  line parser, and so also accepts the standard command
  options listed in HELP CL with the exception of the use of hyphen (-) to  read
  data from standard input.


EXAMPLES

  1. $ acl new_file old_file       Assign old_file's ACL to new_file.

  2. $ acl joe mary -i -is         Set the initial ACLs inside JOE using
                                   the initial ACLs inside MARY (which must
                                   be a directory).

  3. $ acl abc?* file1 -d -if      Set the initial file ACL in all
                                   subdirectories of the current working
                                   directory whose names begin with ABC to
                                   the ACL of FILE1.

  4. $ acl abc?* dir2 -f -is       Set the ACLs of all files in the current
                                   working directory whose names begin with
                                   ABC to the initial file ACL inside DIR2.

  5. $ acl abc?* dir2 -i -is       The initial ACLs in all subdirectories
                                   of the current working directory whose
                                   names begin with ABC are set using the
                                   initial ACLs in DIR2, and the ACLs of all
                                   files whose names begin with ABC are set
                                   using the intial file ACL in DIR2.
                                   (Adding -D would confine the operation
                                   to directories.)

  6. $ acl abc?* dir2 -all         The ACLs of all files matched are set
                                   using the initial file ACL in DIR2.  The
                                   ACLs of all directories matched are set
                                   using the ACL of DIR2 itself. The initial
                                   ACLs inside those matched directories are
                                   set using the initial ACLs inside DIR2.

  7. $ acl abc?* dir2 -all -is     The ACLs of all files matched are set
                                   using the initial file ACL in DIR2.  The
                                   ACLs of all directories matched are set
                                   using the initial directory ACL in DIR2.
                                   The initial ACLs inside those matched
                                   directories are set using the initial
                                   ACLs inside DIR2.


RELATED TOPICS

  More information is available.  Type:

  - HELP ACLS
   for a list of ACL-related commands.

  - HELP PROTECTION
   for general information on DOMAIN protection mechanisms.

  - HELP PROTECTION ACLS
   for detailed information on ACL structure and usage.

  - HELP PROTECTION SIDS
   for information on SIDs.

  - HELP PROTECTION RIGHTS
   for information on access rights.

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026