Command Reference Guide
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man1/!!!intro.1
________________________________________________________________
___ ___
c
chacl(1) chacl(1)
continues, and eventually returns non-zero.
-f fromfile tofile
Copy the ACL from fromfile to the specified tofile, transferring ownership, if necessary (see
acl(5), chown(2), or chownacl(3C)). fromfile can be - to represent standard input.
This option implies the -r option. If the owner and group of fromfile are identical to those
of tofile, chacl -f is identical to:
chacl -r ‘lsacl fromfile‘ tofile ...
To copy anACL without transferring ownership, the above command is suggested instead of
chacl -f.
-z Delete (‘‘zap’’) all optional entries in the specified file’s ACLs, leaving only base entries.
-Z Delete (‘‘zap’’) all optional entries in the specified file’s ACLs, and set the access modes in all
base entries to zero (no access). This is identical to replacing the old ACL with a nullACL:
chacl -r ’’ file ...
or using chmod(1), which deletes optional entries as a side effect:
chmod 0 file ...
-F Incorporate (‘‘fold’’) optional ACL entries into base ACL entries. The base ACL entry’s per-
mission bits are altered, if necessary, to reflect the caller’s effective access rights to the file;
all optional entries, if any, are deleted.
For ordinary users, only the access mode of the owner base ACL entry can be altered.
Unlike
getaccess, the write bit is not turned off for a file on a read-only file system or a
shared-text program being executed (see getaccess(1)).
For super-users, only the execute mode bit in the owner base ACL entry might be changed,
only if the file is not an regular file or if an execute bit is not already set in a base
ACL entry
mode, but is set in an optional
ACL entry mode.
acl also can be obtained from a string in a file:
chacl ‘cat file‘ files ...
Using @ in acl to represent ‘‘file owner or group’’ can cause
chacl to run more slowly because it must
reparse the
ACL for each file (except with the -d option).
EXTERNAL INFLUENCES
Environment Variables
LANG determines the language in which messages are displayed.
If LANG is not specified or is set to the empty string, a default of "C" (see lang(5)) is used instead of
LANG.
If any internationalization variable contains an invalid setting,
chacl behaves as if all internationaliza-
tion variables are set to "C". See environ(5).
RETURN VALUE
If chacl succeeds, it returns a value of zero.
If chacl encounters an error before it changes any file’s ACL, it prints an error message to standard error
and returns 1. Such errors include invalid invocation, invalid syntax of acl (aclpatt), a given user name or
group name is unknown, or inability to get an
ACL from fromfile with the -f
option.
If
chacl cannot execute the requested operation, it prints an error message to standard error, continues,
and later returns 2. This includes cases when a file does not exist, a file’s ACL cannot be altered, more ACL
entries would result than are allowed, or an attempt is made to delete a non-existingACL entry.
EXAMPLES
The following command adds read access for user jpc in any group, and removes write access for any user
in the files’s groups, for files x and y.
chacl "jpc.%+r, %.@-w" x y
This command replaces the ACL on the file open as standard input and on file
test with one which only
allows the file owner read and write access.
HP-UX Release 11i: December 2000 − 2 − Section 1−−71
___
___