getacl(1) C2 Trusted DG/UX 5.4.2T getacl(1)
NAME
getacl - display the access control list (ACL) information of file
objects
SYNOPSIS
getacl [-d] [-alpqr] [-o objecttype] [object ...]
where:
objecttype is the object type of the specified objects.
object is the name of the file object(s) whose ACL(s) getacl
displays.
DESCRIPTION
The getacl command displays the specified file objects' ACLs. The
ACL of an object specifies the object's discretionary access control
permissions. Directories may also have default ACLs. For a complete
discussion of ACLs, please see the Security Features User's Guide for
the C2 Trusted DG/UX System.
Options are:
-a causes getacl to display ACLs for files beginning with a "."
when used with the -r option.
-d causes getacl to display the default ACL of the specified
directory file objects. Only directory file objects can have
default ACLs. This option used on a non-directory object will
generate a usage error.
-l causes getacl not to follow symbolic links, i.e., no action is
taken for symbolic links.
-o objecttype
objecttype specifies the type of the object arguments. If -o
objecttype is specified but an object is not, getacl uses the
default objects listed below. The values for objecttype, the
objects associated with them, and the specification format for
the objects are also listed below.
Value Object Specification Format and Defaults
f file filename (defaults to the current
working directory, that is, ".")
Note that UNIX®-domain sockets are
file objects.
-p causes getacl to display absolute pathnames of file objects.
-q stops getacl from writing diagnostic messages. The usage
error message is always written.
-r causes getacl to recursively descend through directory file
objects, displaying the ACL of each file object.
Licensed material--property of copyright holder(s) 1
getacl(1) C2 Trusted DG/UX 5.4.2T getacl(1)
The format of the ACL displayed by getacl is in the specific format
required by the setacl(1) command, and is described in the setacl man
page. Therefore, the output of the getacl command (with only a
single file object argument) may be used to copy an ACL from one file
object to one or more file objects. The -I option of the setacl
command can be used to read the ACL from either a file or by directly
piping the standard out of getacl into the standard in of setacl -I
.....
EXAMPLES
Directory dirabc has two files in it; alpha and beta. The recursion
option of the getacl command is used to list the ACLs of all files in
the file tree rooted by dirabc.
getacl -r dirabc
# directory file: dirabc
# owner: abcuser
# group: abcgroup
user::rwx
group::r-x
other::---
# file: dirabc/alpha
# owner: alphauser
# group: alphagroup
user::rw-
mask::rw-
user:buser:-w-
group::r--
other::---
# file: dirabc/beta
# owner: betauser
# group: betagroup
user::rw-
mask::rw-
user:auser:-w-
group::r--
other::---
Note that this output could not be used as input to setacl -I ...,
because it contains more than a single ACL specification.
DIAGNOSTICS
getacl writes all diagnostic messages to stderr.
getacl exits with one of the following values:
0 getacl executed correctly and displayed the ACLs of all
objects.
1 getacl was run on a system that does not support ACLs.
Licensed material--property of copyright holder(s) 2
getacl(1) C2 Trusted DG/UX 5.4.2T getacl(1)
2 getacl could not display the ACL of at least one object.
3 getacl usage is wrong.
SEE ALSO
setacl(1), ls(1), chmod(1), dggetoacl(2), acllibrary(3),
Security Features User's Guide for the C2 Trusted DG/UX System.
Licensed material--property of copyright holder(s) 3