HP-UX Reference (11i v1 05/09) - 1 User Commands A-M (vol 1)
g
getacl(1) getacl(1)
NAME
getacl - list access control lists (ACLs) for files (JFS File Systems only)
SYNOPSIS
/usr/bin/getacl
[-ad] file...
DESCRIPTION
For each argument that is a regular file, special file, or named pipe,
getacl displays the owner, group,
and the Access Control List (ACL). For each directory argument,
getacl displays the owner, group, and
the ACL and/or the default ACL. Only directories contain default ACLs.
With the
-a option specified, the filename, owner, group, and the ACL of the file will be displayed. With
the -d option specified, the filename, owner, group, and the default ACL of the file, if it exists, will be
displayed. With options not specified, the filename, owner, group, and both the ACL, and the default ACL,
if it exists, will be displayed.
This command may be executed on a file system that does not support ACLs. It will report the ACL con-
sisting of only the owning user, owning group, class and other entries, based on the permission bits.
When multiple files are specified on the command line, a blank line will separate the ACL for each file. The
format of an ACL is:
# file: filename
# owner: uid
# group: gid
user::perm
user:uid:perm
group::perm
group:gid:perm
class:perm
other:perm
default:user::perm
default:user: uid:perm
default:group::perm
default:group:gid:
perm
default:class:perm
default:other:perm
The first three lines show the filename, the file owner, and the file owning group. Note that when only the
-d option is specified, and the file has no default ACL, only these three lines will be displayed.
The user entry without a user ID indicates the permissions that will be granted to the owner of the file.
One or more additional user entries indicate the permissions that will be granted to the specified users.
The group entry without a group identifier indicates the permissions that will be granted to the owning
group of the file. One or more additional group entries indicate the permissions that will be granted to
the specified groups. The other entry indicates the permissions that will be granted to others.
The default entries (default:user , default:group
, and default:other) may only exist for
directories, and indicate the default user, group, and other entries that will be added to a file created within
the directory.
The uid is a login name, or a user ID if there is no entry for the uid in the system’s password file; gid is a
group name, or a group ID if there is no entry for the gid in the system’s group file; and perm is a three
character string composed of the letters representing the separate discretionary access rights:
r (read), w
(write), x (execute/search), or the placeholder character -.The perm will be displayed in the following
order: rwx. If a permission is not granted by an ACL entry, the placeholder character will appear.
The ACL entries will be displayed in the order in which they will be evaluated when an access check is per-
formed. The default ACL entries which may exist on a directory have no effect on access checks.
The file owner permission bits represent the access that the owning user ACL entry has. The file group
class permission bits represent the most access that any additional user entry, additional group entry, or
the owning group entry may grant. The file other permission bits represent the access that the other ACL
entry has. If a user invokes the chmod command and changes the file group class permission bits, the
access granted by the additional ACL entries may be restricted.
In order to indicate that the file group class permission bits restrict an ACL entry, getacl will display,
after each affected entry, text in the form #effective: perm, where perm will show only the
Section 1−−336 Hewlett-Packard Company − 1 − HP-UX 11i Version 1: September 2005