HP-UX Reference (11i v1 00/12) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man5/!!!intro.5
________________________________________________________________
___ ___
a
acl(5) acl(5)
chacl ’(@.%, 5) (%.%, xwx)’ myfile
Long Form
Here is the same ACL as in an earlier example, printed in long form.
r-x jpc.adm
--- ajs.trux
r-- jpc.%
r-x %.bin
r-- %.%
ACL Patterns
The following command locates files whose ACLs contain an entry that allows read access and denies write
access to some user/group combination.
find / -acl ’∗∗.∗∗+r-w’ -print
The following matches entries for any user in group bin and for user tammy in any group, regardless of
the entries’ mode values. Matching optional ACL entries are deleted and mode values in matching base
ACL entries are set to zero:
chacl -d ’%.bin, tammy.∗∗=∗∗’myfile
The following matches all entries, deleting optional entries and setting mode values of base ACL entries to
zero:
chacl -d ’(∗∗.∗∗,∗∗)’ myfile
HEADERS
Header <sys/acl.h>
The <sys/acl.h> header file defines the following constants to govern the numbers of entries per ACL:
NACLENTRIES maximum number of entries per ACL, including base entries
NBASEENTRIES number of base entries
NOPTENTRIES number of optional entries
The ACL entry structure struct acl_entry is also defined, and includes the following members:
aclid_t uid; /* user ID */
aclid_t gid; /* group ID */
aclmode_t mode; /* see <unistd.h> */
The <sys/acl.h> header also defines the types aclid_t and aclmode_t.
Non-specific user and group ID values:
ACL_NSUSER non-specific user ID
ACL_NSGROUP non-specific group ID
A special nentries value ACL_DELOPT is used with setacl(2) to delete optional entries.
Header <sys/getaccess.h>
The <sys/getaccess.h> header defines constants for use with getaccess(2).
Special parameter values for uid:
UID_EUID use effective user ID
UID_RUID use real user ID
UID_SUID use saved user ID
Special parameter values for ngroups:
NGROUPS_EGID process’s effective gid
NGROUPS_RGID process’s real gid
NGROUPS_SGID process’s saved gid
NGROUPS_SUPP process’s supplementary groups only
NGROUPS_EGID_SUPP process’s eff gid plus supp groups
Section 5−−8 − 7 − HP-UX Release 11i: December 2000
___
___