setacl(1)setacl(1)NAMEsetacl - modify access control lists (ACLs) for files (JFS File Systems
only)
SYNOPSIS
acl_entries file...
acl_entries acl_entries]... file...
acl_file file...
DESCRIPTION
For each file specified, will either replace its entire ACL, including
the default ACL on a directory, or it will add, modify, or delete one
or more ACL entries, including default entries on directories.
The option will set the ACL to the entries specified on the command
line. The option will set the ACL to the entries contained within the
file acl_file. The option will delete one or more specified entries
from the file's ACL. The option will add or modify one or more speci‐
fied ACL entries.
One of the options or must be specified. If or are specified, other
options are invalid. The and options may be combined, and multiple and
options may be specified.
For the and options, acl_entries are one or more comma separated ACL
entries selected from the following list. For the option, acl_file
must contain ACL entries, one to a line, selected from the same list.
Default entries may only be specified for directories. indicates that
characters must be typed as specified, brackets denote optional charac‐
ters, and italicized characters are to be specified by the user.
Choices, of which exactly one must be selected, are separated by verti‐
cal bars.
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
operm|perm
For the option, acl_entries are one or more comma separated ACL entries
without permissions, selected from the following list. Note that the
entries for file owner, owning group, and others may not be deleted.
uid
gid
uid
gid
In the above lists, the user specifies the following:
perm is a permissions string composed of the characters (read),
(write), and (execute), each of which may appear at most one
time, in any order. The character may be specified as a place‐
holder.
operm is the octal representation of the above permissions, with 7
representing all permissions, or and 0 representing no permis‐
sions, or
uid is a login name or user ID.
gid is a group name or group ID.
The options have the following meanings:
Normally,
recalculates the group class entry so as to ensure that permis‐
sions granted in the additional ACL entries will actually be
granted, and the value specified in the entry is ignored. If
the option is specified, the recalculation is not performed,
and the value specified in the entry is used.
Set a file's ACL. All old ACL entries are removed, and replaced with
the newly specified
ACL. There must be exactly one entry specified for the owner
of the file, exactly one entry specified for the owning group
of the file, and exactly one entry specified. If the option is
not specified there must also be exactly one entry specified.
There may be additional ACL entries and additional ACL entries
specified, but there may not be duplicate additional ACL
entries with the same uid, or duplicate additional ACL entries
with the same gid.
If the file is a directory, default ACL entries may be speci‐
fied. There may be at most one entry for the owner of the
file, at most one entry for the owning group of the file, at
most one entry for the file group class, and at most one entry
for other users. There may be additional entries and addi‐
tional entries specified, but there may not be duplicate addi‐
tional entries with the same uid, or duplicate additional
entries with the same gid.
never recalculates the entry, regardless of whether or not the
option was specified.
An entry with no permissions will result in the specified uid
or gid being denied access to the file.
The entries need not be in order. They will be sorted by the
command before being applied to the file.
Add one or more new ACL entries to the file, and/or change one or more
existing
ACL entries on the file. If an entry already exists for a
specified uid or gid, the specified permissions will replace
the current permissions. If an entry does not exist for the
specified uid or gid, an entry will be created.
Delete one or more existing
ACL entries from the file. The entries for the file owner, the
owning group, and others may not be deleted from the ACL. Note
that deleting an entry does not necessarily have the same
effect as removing all permissions from the entry. Specifi‐
cally, deleting an entry for a specific user would cause that
user's permissions to be determined by the entry (or the owning
entry, if the user is in that group).
Set a file's ACL with the ACL
entries contained in the file named acl_file. The same con‐
straints on specified entries hold as with the option. The
entries are not required to be in any specific order in the
file specified as acl_file. The character in acl_file may be
used to indicate a comment. All characters, starting with the
until the end of the line, will be ignored. Note that if the
acl_file has been created as the output of the command, any
effective permissions, which will have been written with a pre‐
ceding will also be ignored.
When the command is used, it may result in changes to the file permis‐
sion bits. When the ACL entry for the file owner is changed, the file
owner permission bits will be modified. When the ACL entry is changed,
the file other permission bits will be modified. When additional ACL
entries and/or any ACL entries are set or modified, the file group per‐
mission bits will be modified to reflect the maximum permissions
allowed by the additional user entries and all the group entries.
If an ACL contains no additional or additional entries, the permissions
in the entry for the object owning group and the entry must be the
same. Therefore, if the option is specified and results in no addi‐
tional entries and no additional entries, the entry permissions will be
set equal to the permissions of the owning group entry. This happens
regardless of whether or not the option was specified.
A directory may contain ACL entries. If a file is created in a direc‐
tory which contains ACL entries, the entries will be added to the newly
created file. Note that the default permissions specified for the file
owner, file owning group, and others, will be constrained by the umask
and the mode specified in the file creation call.
If an ACL contains no additional or additional entries and a entry is
specified for the object owning group, then a entry must also be speci‐
fied, and the permissions in the entry for the object owning group and
the permissions for the entry must be the same.
This command may be executed on a file system that does not support
ACLs, to set the permissions for the three base entries for the file
owner, file owning group, and others. Additional entries and entries
will not be allowed in this case.
EXAMPLES
To add one ACL entry to file giving user read permission only, type:
If an entry for user already exists, this command will set the permis‐
sions in that entry to
To replace the entire ACL for file adding entries for users and allow‐
ing read/write access, an entry for the file owner allowing all access,
an entry for the file group allowing read access only, and an entry for
others disallowing all access, type:
Note that following this command, the file permission bits would be set
to Even though the file owning group has only read permission, the max‐
imum permissions available to all additional ACL entries, and all ACL
entries, are read and write, since the two additional entries both
specify these permissions.
To set the same ACL on file as in the above example, using the option,
type:
with file edited to contain:
Because the option was not specified, no entry was needed. If a entry
had been present it would have been ignored.
FILES
user IDs
group IDs
SEE ALSOacl(2), aclsort(3C), chmod(1), getacl(1), ls(1).
setacl(1)