Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ setprot(1M) — sys5 — Apollo Domain/OS SR10.4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

chacl(1)

chgrp(1)

chmod(1)

chown(1)

cpacl(1)

edrgy(1M)

lprot(1)

lsacl(1)

salacl(1M)

umask(1)

org(4)

passwd(4)

acl(5)

SETPROT(1M)                     Domain/OS SysV                     SETPROT(1M)



NAME
     setprot - modify object protection

SYNOPSIS
     /etc/setprot [ -uv ] pathname ...

DESCRIPTION
     setprot modifies Access Control Lists (ACLs) for objects as described in
     a protection file.  setprot can apply ACLs only to objects resident on
     Domain/OS nodes.

OPTIONS
     -u   Display the command usage.

     -v   Display each line of the protection template before it is executed.

     pathname
          Pathname of optional template file.  If omitted, setprot will take
          commands from standard input.

ACL DEFINITION FILE FORMAT
     The ACL definition file contains a series of single-line records
     introduced by a keyword in the first column that defines the type of
     information on the line.  setprot currently recognizes the following
     keyletters:

     -a spec
          Define the current ACL.

     -[odfR] pathname
          Assign the current ACL to pathname.

     Generally, the ACL definition file first defines a "current ACL" by
     building an ACL with ACL records, then using Object Records to assign the
     current ACL to one or more file system objects, modifying the current ACL
     or creating a new current ACL from scratch as appropriate.

     Object Records

     Records that contain the keyletter '-[odf]' are called "object records"
     because they cause the current ACL to be assigned to an object. The
     path_name field which must follow the command token can be any pathname
     associated with a directory or file object.

     Object records have four options, 'R', 'o', 'd', and 'f', any or all of
     which may follow the '-' keyletter. The meaning of each option is similar
     to the flags for the lsacl and chacl commands:

     o    Assign the current ACL to the object itself.

     d    If the object is a directory, assign the ACL to the initial
          directory ACL for that directory.

     f    If the object is a directory, assign the ACL to the initial file ACL
          for that directory.

     R    If the object is a directory, recursively apply the ACL to all files
          and directories under that object.

     At least one of the three options 'o', 'd', or 'f' must follow the '-'
     keyletter.
     ACL Entry Records

     Records that begin with the keyletter a are called "ACL entry records"
     because they define the current ACL.

     The acl entry record defines all the entries in an object's access
     control list (ACL). The following keyletters are defined:

       -u spec          define the owner required entry
       -g spec          define the group required entry
       -z spec          define the organization required entry
       -o wrgts         define the world rights
       -e sid ergts     define an extended ACL entry
       -n               specify network access permitted
       -l               specify local access only
       -m mgrname       specify the subsystem manager field by manager name
       -d mgrname       specify the subsystem data field by manager name
       -mu high low     specify the subsystem manager field by manager uid
       -du high low     specify the subsystem data field by manager uid

               spec:   <name> <frgts> | P<frgts>
               name:   user | group | org
              frgts:   [prwxks | I | U ]
              wrgts:   [prwxk | I | U ]
                sid:   user[.group[.org]]
              ergts:   [prwxk]

     There are two types of entries in an ACL. The person, group,
     organization, and world entries are required entries because they must be
     present in every ACL on the system.  Required ACL entries are introduced
     by the u, g, z, and o keyletters in the ACL definition file. Each
     required entry associates the name of a person, group, or organization
     with a set of rights.  The user, group, and world entries in an ACL
     correspond to the UNIX model's user, group, and other permissions,
     respectively.  The organization entry corresponds to the rights that can
     be granted to a user if he is in the named organization as defined in the
     /etc/org file; just as the group entry corresponds to the rights that can
     be granted to members of a group as defined in /etc/group.

     An ACL can also contain extended entries.  Extended ACL entries are
     introduced by the 'e' keyletter in the ACL definition file.  Each
     extended entry associates a subject identifier (SID) that specifies a
     person, group, and organization with a set of rights.on_name.

     Each ACL entry has a set of rights associated with it.  The set of rights
     available for use with required entries are:  "pwrxksIUP"; although I is
     incompatible with any subset of "pwrxsU".  Any valid set of the rights
     available for use with required entries may be used for the
     required_rights field.  A u, g, and z field can include the 's' to add
     the set-[user|group|organization]-ID rights to the ACL for an executable
     binary object.  If the 's' right is omitted, the set-user-ID right is
     left off.

     The set of rights available for use with extended entries are:  "pwrxk".
     Any valid set of the rights available for use with extended entries may
     be used for the extended_rights field.

     Application Rules

     setprot applies the ACLs you specify in protection_template according to
     the following rules:

                   setprot [-v] [path] ...

     This command modifies the protections set on the files and directories as
     described in the file path.

     An example protection template can be generated using lprot.

SEE ALSO
     chacl(1), chgrp(1), chmod(1), chown(1), cpacl(1), edrgy(1M), lprot(1),
     lsacl(1), salacl(1M), umask(1), org(4), passwd(4), acl(5).

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026