getacl(1) DG/UX B2 Security R4.12MU02 getacl(1)
NAME
getacl - display access control list (ACL)
SYNOPSIS
getacl [-d] [-alpqr] {-o objecttype [object ...]}|{object ...}
where:
objecttype Object type of the specified objects.
object Name of file object whose ACL is to be displayed.
DESCRIPTION
The getacl command displays the specified file object's ACL. The ACL
of an object specifies the object's discretionary access control
permissions. Directories may also have default ACLs.
Options
-a Display ACLs for all files, including those beginning with a
".," when used with the -r option.
-d Display the default ACL of the specified directory file
objects. Only directory file objects can have default ACLs.
Using -d on non-directory objects generates usage errors.
-l If target is a symbolic link, operate on the link. The
default behavior is to operate on the object referenced by the
link.
-o Specify the type of the object arguments. Using -o
objecttype and omitting object causes getacl to uses the
default object. Values for objecttype, the objects
associated with them, the specification format for the
objects, and the default objects are listed below.
Value Object Format Default
f file file name Working directory (.)
p process PID number Invoking process ID (0)
m shared memory shared memory ID 0
s semaphore semaphore set ID 0
q message queue message queue ID 0
If you omit -o objecttype and specify objects, the default
object type is f (file).
Note that UNIX-domain sockets are file objects.
-p Display absolute path names of file objects.
-q Do not write diagnostic messages. The usage error message is
always written.
-r Recursively descend through directory file objects, displaying
the ACL of each file object.
Format of ACL
The format of the ACL displayed by getacl is in the specific format
required by the setacl command and is described in the setacl(1)
online manual page. Therefore, you can use the output of the getacl
command (with only a single file object argument) to copy an ACL from
one file object to one or more file objects.
You can use the -I option of the setacl command to read the ACL from
either a file or by directly piping the standard output of getacl
into the standard input of setacl -I.
EXAMPLES
Directory dirabc has two files in it; alpha and beta. The recursion
option of the getacl command is used to list the ACLs of all files in
the file tree rooted by dirabc.
getacl -r dirabc
# directory file: dir_abc
# owner: abc_user
# group: abc_group
user::rwx
group::r-x
other::---
# file: dir_abc/alpha
# owner: alpha_user
# group: alpha_group
user::rw-
mask::rw-
user:b_user:-w-
group::r--
other::---
# file: dir_abc/beta
# owner: beta_user
# group: beta_group
user::rw-
mask::rw-
user:a_user:-w-
group::r--
other::---
Note that this output could not be used as input to setacl -I because
it contains more than a single ACL specification.
DIAGNOSTICS
The getacl command writes all diagnostic messages to stderr. The
getacl command exits with one of the following values:
0 Executed correctly and displayed the ACLs of all objects.
1 Run on a system that does not support ACLs.
2 Could not display the ACL of at least one object.
3 Usage is incorrect.
SEE ALSO
setacl(1), ls(1), chmod(1), dggetoacl(2), acllibrary(3).
Licensed material--property of copyright holder(s)