acl.5 (2010 09)
a
acl(5) acl(5)
wildcard user and group IDs
A user or group name of *
(wildcard) matches the user or group ID in any entry, includ-
ing
% (no specific user or group).
mode bits on, off, or ignored
For operator-form input, the operators
=, +, and -
are applied as follows:
= entry mode value matches this mode value exactly
+ these bits turned on in entry mode value
- these bits turned off in entry mode value
When only
+ and - operators are used, commands ignore the values of unspecified mode
bits.
Short-form patterns treat the mode identically to the
= operator in operator form.
wildcard mode values
A mode of
* (wildcard) in operator or short form input (for example, "ajs.%=*" or
"(ajs.%,*)") matches any mode value, provided no other mode value is given in a
operator-form entry. Also, the mode part of an entry can be omitted altogether for the
same effect.
entries not combined
Entries with matching user and group ID values are not combined. Each entry specified
is applied separately by commands that accept patterns.
ACL Operations Supported
The system calls setacl (2) and getacl (2) allow setting or getting the entire ACL for a file in the form of an
array of acl_entry structures. To check access rights to a file, see access (2) and getaccess (2).
Various library calls are provided to manage ACLs:
acltostr (3C) Convert acl_entry arrays to printable strings.
strtoacl (3C) Parse and convert ACL strings to acl_entry arrays.
strtoaclpat (3C) Parse and convert ACL pattern strings to acl_entry_patt arrays.
setaclentry (3C)
fsetaclentry Add, modify, or delete a single ACL entry in one file’s ACL.
cpacl (3C)
fcpacl Copy an ACL and file miscellaneous mode bits (see chmod(2)) from one file to another,
transfer ownership if needed (see below), and handle remote files correctly.
chownacl (3C) Change the file owner and/or group represented in an ACL, that is, transfer owner-
ship (see below).
The following commands are available to manage ACLs and permissions:
chacl (1) Add, modify, or delete individual entries or all optional entries in ACLs on one or
more files, remove all access to files, or incorporate ACLs into permission bits.
lsacl (1) List ACLs on files.
chmod(1) Change permission bits and other file miscellaneous mode bits.
ls(1) In long form, list permission bits and other file attributes.
find(1) Find files according to their attributes, including ACLs.
getaccess (1) List access rights to file(s).
ACL Interaction with stat, chmod, and chown
stat The st_mode field summarizes the caller’s access rights to the file. It differs from file permission
bits only if the file has one or more optional entries applicable to the caller. The st_basemode
field provides the file’s actual permission bits. The st_acl field indicates the presence of optional
ACL entries in the file’s ACL.
The st_mode field contains a user-dependent summary, so that programs ignorant of ACLs that
use stat (2) and chmod(2) are more likely to produce expected results, and so that stat (2) pro-
vides reasonable information about remote files over NFS. The st_basemode and st_acl fields are
useful only for local files.
HP-UX 11i Version 3: September 2010 − 5 − Hewlett-Packard Company 5