acl.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

acl(5) acl(5)

The following sets the base ACL entry for the ﬁle’s owner to allow both read and execute, and sets write

and execute capabilities for "other" users (the "%.%" entry).

chacl ’(@.%, 5) (%.%, xwx)’ myfile

Long Form

Here is the same ACL as in an earlier example, printed in long form.

r-x jpc.adm

--- ajs.trux

r-- jpc.%

r-x %.bin

r-- %.%

ACL Patterns

The following command locates ﬁles whose ACLs contain an entry that allows read access and denies

write access to some user/group combination.

find / -acl ’*.*+r-w’ -print

The following matches entries for any user in group

bin and for user tammy in any group, regardless of

the entries’ mode values. Matching optional ACL entries are deleted and mode values in matching base

ACL entries are set to zero:

chacl -d ’%.bin, tammy.*=*’ myfile

The following matches all entries, deleting optional entries and setting mode values of base ACL entries

to zero:

chacl -d ’(*.*,*)’ myfile

HEADERS

Header <sys/acl.h>

The <sys/acl.h> header ﬁle deﬁnes the following constants to govern the numbers of entries per ACL:

NACLENTRIES maximum number of entries per ACL, including base entries

NBASEENTRIES number of base entries

NOPTENTRIES number of optional entries

The ACL entry structure

structacl_entry is also deﬁned, and includes the following members:

aclid_t uid; /* user ID */

aclid_t gid; /* group ID */

aclmode_t mode; /* see <unistd.h> */

The

<sys/acl.h> header also deﬁnes the types aclid_t and aclmode_t.

Non-speciﬁc user and group ID values:

ACL_NSUSER non-speciﬁc user ID

ACL_NSGROUP non-speciﬁc group ID

A special nentries value

ACL_DELOPT is used with setacl (2) to delete optional entries.

Header <sys/getaccess.h>

The

<sys/getaccess.h> header deﬁnes constants for use with getaccess (2).

Special parameter values for uid:

UID_EUID use effective user ID

UID_RUID use real user ID

UID_SUID use saved user ID

Special parameter values for ngroups:

NGROUPS_EGID process’s effective gid

NGROUPS_RGID process’s real gid

NGROUPS_SGID process’s saved gid

NGROUPS_SUPP process’s supplementary groups only

NGROUPS_EGID_SUPP process’s eff gid plus supp groups

NGROUPS_RGID_SUPP process’s real gid plus supp groups

HP-UX 11i Version 3: September 2010 − 7 − Hewlett-Packard Company 7