acl.5 (2010 09)
a
acl(5) acl(5)
The exact syntax is:
acl ::= [entry[,entry]...]
entry ::= id . id op mode [op mode]...
id ::= name | number |%|@
op ::= =|+|-
mode ::= 0..7 | [char[char]...]
char ::= r|w|x
Short Form of ACLs (input and output)
(user . group, mode) ...
Short form differs from operator form in several ways:
• Entries are surrounded by parentheses rather than being separated by commas.
• Each entry specifies the mode, including all mode bits. It is not possible to change the mode value
with
+ and - operators. However, the comma functions like the
= operator in operator form.
• For clarity, hyphens represent unset permission bits in the output of the mode field and are allowed
in input. This resembles the mode output style used by ls (1).
Multiple entries are concatenated. For consistency with operator form, a dot (.) is used to separate user
and group IDs.
On output, no whitespace is printed except in names (if any). ID numbers are printed if no matching
names are known. Either ID can be printed as
% for "no specific user or group." The mode is represented
as <r|-><w|-><x|->, that is, it always has three characters, padded with hyphens for unset mode bits.
If the ACL is read from the system, entries are ordered by specificity, then by numeric values of ID parts.
On input, the entire ACL must be a single argument, and thus should be quoted to the shell if it contains
whitespace or special characters. Whitespace is ignored except within names. A null ACL is legitimate,
and means either "no access" or "no changes", depending on context.
User and group IDs are represented as in operator form.
The mode is represented by an octal value of
0 through 7; or any combination of
r, w, x and - (ignored)
can be given in any order (see EXAMPLES below). A null mode denies access.
Redundancy does not result in error; the last entry for any user-ID/group-ID combination takes effect.
Entries need not appear in any particular order.
The exact syntax is:
acl ::= [entry[entry]...]
entry ::= (id.id,mode)
id ::= name | number |%|@
mode ::= 0..7 | [char[char]...]
char ::= r|w|x|-
Long Form of ACLs (output only)
mode user . group
Each entry occupies a single line of output. The mode appears first in a fixed-width field, using hyphens
(for unset mode bits) for easy vertical scanning. Each user and group ID is shown as a name if known, a
number if unknown, or
% for "no specific user or group." Entries are ordered from most to least specific,
then by numeric values of ID parts.
Note that every ACL printed has at least three entries, the base ACL entries (that is, uid.%, %.gid, and
%.%).
The exact syntax is:
acl ::= entry[<newline>entry]...
entry ::= mode<space>id.id
mode ::= <r|-><w|-><x|->
id ::= name | number |%
ACL Patterns
Some library calls and commands recognize and use ACL patterns instead of exact ACLs to allow opera-
tions on all entries that match the patterns. ACL syntax is extended in the following ways:
4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010