getacl.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

getacl(1) getacl(1)

NAME

getacl - list access control lists (ACLs) for ﬁles (JFS File Systems only)

SYNOPSIS

/usr/bin/getacl

[-ad] ﬁle...

DESCRIPTION

For each argument that is a regular ﬁle, special ﬁle, or named pipe,

getacl displays the owner, group,

and the Access Control List (ACL). For each directory argument,

getacl displays the owner, group, and

the ACL and/or the default ACL. Only directories contain default ACLs.

With the

-a option speciﬁed, the ﬁlename, owner, group, and the ACL of the ﬁle will be displayed. With

the -d option speciﬁed, the ﬁlename, owner, group, and the default ACL of the ﬁle, if it exists, will be

displayed. With options not speciﬁed, the ﬁlename, owner, group, and both the ACL, and the default

ACL, if it exists, will be displayed.

This command may be executed on a ﬁle system that does not support ACLs. It will report the ACL con-

sisting of only the owning user, owning group, class and other entries, based on the permission bits.

When multiple ﬁles are speciﬁed on the command line, a blank line will separate the ACL for each ﬁle.

Options

The

getacl command recognizes the following options:

-a Displays the ﬁlename, owner, group, and the ACL of the speciﬁed ﬁle.

-d Displays the the ﬁlename, owner, group, and the default ACL of the ﬁle, if it exists.

Operands

The

getacl command recognizes the following operand:

file The ﬁle or directory from which

getacl retrieves the access control information.

ACL Format

The format of an ACL is:

# file: ﬁlename

# owner: uid

# group: gid

user::perm

user:uid:perm

group::perm

group:gid:perm

class:perm

other:perm

default:user::perm

default:user:uid:perm

default:group::perm

default:group:gid:perm

default:class:perm

default:other:perm

The ﬁrst three lines show the ﬁlename, the ﬁle owner, and the ﬁle owning group. Note that when only

the

-d option is speciﬁed, and the ﬁle has no default ACL, only these three lines will be displayed.

The

user entry without a user ID indicates the permissions that will be granted to the owner of the ﬁle.

One or more additional user entries indicate the permissions that will be granted to the speciﬁed users.

The group entry without a group identiﬁer indicates the permissions that will be granted to the owning

group of the ﬁle. One or more additional group entries indicate the permissions that will be granted to

the speciﬁed groups. The other entry indicates the permissions that will be granted to others.

The

default entries (default:user, default:group, and default:other) may only exist for

directories, and indicate the default user, group, and other entries that will be added to a ﬁle created

within the directory.

The uid is a login name, or a user ID if there is no entry for the uid in the system’s password ﬁle; gid is a

group name, or a group ID if there is no entry for the gid in the system’s group ﬁle; and perm is a three

character string composed of the letters representing the separate discretionary access rights:

r (read), w

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
getacl(1) getacl(1) NAME getacl - list access control lists (ACLs) for files (JFS File Systems only) SYNOPSIS /usr/bin/getacl [-ad] file... DESCRIPTION For each argument that is a regular file, special file, or named pipe, getacl displays the owner, group, and the Access Control List (ACL). For each directory argument, getacl displays the owner, group, and the ACL and/or the default ACL. Only directories contain default ACLs.
PAGE 2
getacl(1) getacl(1) (write), x (execute/search), or the placeholder character -. The perm will be displayed in the following order: rwx. If a permission is not granted by an ACL entry, the placeholder character will appear. The ACL entries will be displayed in the order in which they will be evaluated when an access check is performed. The default ACL entries that may exist on a directory have no effect on access checks.
PAGE 3
getacl(1) getacl(1) # file: fileb # owner: fletcher # group: us user::rwx user:spy:--user:archer:rwgroup::r-other:--default:user::rwx default:user:spy:--default:group::r-default:other:--NOTICES The output from getacl will be in the correct format for input to the setacl command. If the output from getacl is redirected to a file, the file may be used as input to setacl. In this way, a user may easily assign one file’s ACL to another file.
PAGE 4
(Notes) A (Notes) gA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010