Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ setacl(1) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

acl(2)

aclsort(3C)

chmod(1)

getacl(1)

ls(1)






       setacl(1)                                                  setacl(1)


       NAME
             setacl - modify the Access Control List (ACL) for a file(s)

       SYNOPSIS
             setacl [-r] -s acl_entries file . . .
             setacl [-r] [-m acl_entries] -d acl_entries file . . .
             setacl [-r] -f acl_file file . . .

       DESCRIPTION
             For each file specified, setacl will either replace its entire
             ACL, including the default ACL on a directory, or it will add,
             modify, or delete one or more ACL entries, including default
             entries on directories.

             The -s option will set the ACL to the entries specified on the
             command line.  The -f option will set the ACL the entries
             contained within the file acl_file.  The -d option will delete
             one or more specified entries from the file's ACL.  The -m
             option will add or modify one or more specified ACL entries.

             One of the options -s, -m, -d, or -f must be specified.  If -s
             or -f are specified, other options are invalid.  The -m and -d
             options may be combined.

             For the -m and -s options, acl_entries are one or more comma
             separated ACL entries selected from the following list.  For
             the -f option, acl_file must contain ACL entries, one to a
             line, selected from the same list.  Default entries may only
             be specified for directories.  Bold face indicates that
             characters must be typed as specified, brackets denote
             optional characters, and italicized characters are to be
             specified by the user.

                   u[ser]::operm | perm
                   u[ser]:uid:operm | perm
                   g[roup]::operm | perm
                   g[roup]:gid:operm | perm
                   c[lass]:operm | perm
                   o[ther]:operm | perm
                   d[efault]:u[ser]::operm | perm
                   d[efault]:u[ser]:uid:operm | perm
                   d[efault]:g[roup]::operm | perm
                   d[efault]:g[roup]:gid:operm | perm
                   d[efault]:c[lass]:operm | perm
                   d[efault]:o[ther]:operm | perm



                           Copyright 1994 Novell, Inc.               Page 1













      setacl(1)                                                  setacl(1)


            For the -d option, acl_entries are one or more comma separated
            ACL entries without permissions, selected from the following
            list.  Note that the entries for file owner, owning group, and
            others may not be deleted.

                  u[ser]:uid
                  g[roup]:gid
                  d[efault]:u[ser]:
                  d[efault]:u[ser]:uid
                  d[efault]:g[roup]:
                  d[efault]:g[roup]:gid
                  d[efault]:c[lass]:
                  d[efault]:o[ther]:

            In the above lists, the user specifies the following:

            perm  is a permissions string composed of the characters r
                  (read), w (write), and x (execute), each of which may
                  appear at most one time, in any order.  The character -
                  may be specified as a placeholder.

            operm is the octal representation of the above permissions,
                  with 7 representing all permissions, or rwx, and 0
                  representing no permissions, or ---.

            uid   is a login name or user ID.

            gid   is a group name or group ID.

            The options have the following meanings:

            -r    Recalculate the group class entry so as to ensure that
                  permissions granted in the additional ACL entries will
                  actually be granted.  If the -r option is specified, the
                  value specified in the class entry is ignored.

            -s    Set a file's ACL.  All old ACL entries are removed, and
                  replaced with the newly specified ACL.  There must be
                  exactly one user entry specified for the owner of the
                  file, exactly one group entry specified for the owning
                  group of the file, exactly one class entry specified for
                  the file group class, and exactly one other entry
                  specified.  There may be additional user ACL entries and
                  additional group ACL entries specified, but there may
                  not be duplicate additional user ACL entries with the
                  same uid, or duplicate additional group ACL entries with


                          Copyright 1994 Novell, Inc.               Page 2













       setacl(1)                                                  setacl(1)


                   the same gid.  If the file is a directory, default ACL
                   entries may be specified.  There may be at most one
                   default user entry for the owner of the file, at most
                   one default group entry for the owning group of the
                   file, atmost one default class entry for the file group
                   class, and at most one default other entry for other.
                   There may be additional default user entries and
                   additional default group entries specified, but there
                   may not be duplicate additional default user entries
                   with the same uid, or duplicate additional default group
                   entries with the same gid.  An entry with no permissions
                   will result in the specified uid or gid being denied
                   access to the file.  The entries need not be in order.
                   They will be sorted by the command before being applied
                   to the file.

             -m    Add one or more new ACL entries to the file, and/or
                   change one or more existing ACL entries on the file.  If
                   an entry already exists for a specified uid or gid the
                   specified permissions will replace the current
                   permissions.  If an entry does not exist for the
                   specified uid or gid, an entry will be created.

             -d    Delete one or more existing ACL entries from the file.
                   The entries for the file owner, the owning group, and
                   others may not be deleted from the ACL.  Note that
                   deleting an entry does not necessarily have the same
                   effect as removing all permissions from the entry.
                   Specifically, deleting an entry for a specific user
                   would cause that user's permissions to be determined by
                   the other entry (or the owning group entry, if the user
                   is in that group).

             -f    Set a file's ACL with the ACL entries contained in the
                   file named acl_file.  The same constraints on specified
                   entries hold as with the -s option.  The entries are not
                   required to be in any specific order in the file
                   specified as acl_file.  The character "#" in acl_file
                   may be used to indicate a comment.  All characters,
                   starting with the "#", until the end of the line, will
                   be ignored.  Note that if the acl_file has been created
                   as the output of the getacl command, any effective
                   permissions, which will have been written with a
                   preceding "#", will also be ignored.




                           Copyright 1994 Novell, Inc.               Page 3













      setacl(1)                                                  setacl(1)


            When the setacl command is used, it may result in changes to
            the file permission bits.  When the user ACL entry for the
            file owner is changed, the file owner permission bits will be
            modified.  When the other ACL entry is changed, the file other
            permission bits will be modified.  When additional user ACL
            entries and/or any group ACL entries are set or modified, the
            file group class permission bits will be modified to reflect
            the maximum permissions allowed by the additional user entries
            and all the group entries.

            If an ACL does not contain additional user and additional
            group entries, the permissions in the group entry for the
            object owning group and the class entry must be the same.
            Therefore, if the -d option is specified and results in no
            additional user entries and no additional group entries, the
            class entry permissions will be set equal to the permissions
            of the owning group entry (note: this is equivalent to using
            the -r option).

            A directory may contain default ACL entries.  If a file is
            created in a directory which contains default ACL entries, the
            entries will be added to the newly created file.  Note that
            the default permissions specified for the file owner, file
            owning group, and others, will be constrained by the umask and
            the mode specified in the file creation call.

            If an ACL does not contain additional default:user and
            additional default:group entries and a default:group entry is
            specified for the object owning group, then a default:class
            entry must also be specified, and the permissions in the
            default:group entry for the object owning group and the
            permissions for the default:class entry must be the same.

            This command may be executed on a file system that does not
            support ACLs, to set the permissions for the three base
            entries for the file owner, file owning group, and others.
            Additional entries and default entries will not be allowed in
            this case.

      EXAMPLES
            To add one ACL entry to file filea , giving user archer read
            permission only, type:

                  setacl -m user:archer:r-- filea




                          Copyright 1994 Novell, Inc.               Page 4













       setacl(1)                                                  setacl(1)


             If an entry for user archer already exists, this command will
             set the permissions in that entry to r--.

             To replace the entire ACL for file filea, adding entries for
             users archer, and fletcher, allowing read/write access, an
             entry for the file owner allowing all access, an entry for the
             file group allowing read access only, and an entry for others
             disallowing all access, type:

                   setacl -r -s user::rwx,user:archer:rw-,user:fletcher:rw-,\
                         group::r--,class:---,other:--- filea

             Note that following this command, the file permission bits
             would be set to -rwxrw---- Even though the file owning group
             has only read permission, the maximum permissions available to
             all additional user ACL entries, and all group ACL entries,
             are read and write, since the two additional user entries both
             specify these permissions.

             To set the same ACL on file filea as in the above example,
             using the -f option, type:

                   setacl -r -f filea.acl filea

             with file filea.acl edited to contain:

                   user::rwx
                   user:archer:rw-
                   user:fletcher:rw-
                   group::r--
                   other:---

             Because the -r option was specified, no class entry was
             needed.  If a class entry had been present it would have been
             ignored.

       FILES
             /etc/passwd              user IDs
             /etc/group               group IDs

       REFERENCES
             acl(2), aclsort(3C), chmod(1), getacl(1), ls(1)






                           Copyright 1994 Novell, Inc.               Page 5








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026