Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

761

762

763

764

765

766

767

768

769

770

Administering a System: Managing System Security

Managing Access to Files and Directories

Chapter 8768

Using setacl -f If you are adding or changing several entries, you will

probably want to use a different procedure. You can save the ACL to a

ﬁle, edit it, adding, changing, or deleting entries to produce whatever

ACL you want, and then apply this new ACL to the ﬁle. For example, you

could save the ACL to a ﬁle with this command:

getacl junk > junk.acl

Then you could edit it so that it appeared as below.

Example 8-15 A Complex JFS ACL

$ cat junk.acl

# file: junk

# owner: user1

# group: group1

user::rw-

user:user2:rw-

user:user3:rw-

user:user4:---

user:user5:r--

group::rw-

group:group2:rw-

group:group3:r--

group:group4:---

group:group5:rw-

class:rw-

other:r--

This ACL can now be applied to the ﬁle by using the -f option of the

setacl command as follows:

setacl -f junk.acl junk

In this example, several changes have been made. While before the ACL

entries only granted access to people, now they are used to deny access

as well. Note speciﬁcally the entries for user user4 and group group4.

Effective Permissions and setacl -n Normally, setacl recalculates

the class entry so as to ensure that permissions granted in the

additional ACL entries will actually be granted.If the -n option is

speciﬁed, the class entry is not recalculated; the existing value is used.

This means that some permissions granted by the ACL entries will not