HP-UX Reference (11i v2 04/09) - 1 User Commands N-Z (vol 2)
s
setacl(1) setacl(1)
ignored. If the -n option is specified, the recalculation is not performed, and the value specified in
the class entry is used.
-s Set a file’s ACL. All old ACL entries are removed, and replaced with the newly specified ACL.
There must be exactly one user entry specified for the owner of the file, exactly one
group entry
specified for the owning group of the file, and exactly one
other entry specified. If the -n option is
not specified there must also be exactly one
class entry specified. There may be additional user
ACL entries and additional group ACL entries specified, but there may not be duplicate additional
user ACL entries with the same uid, or duplicate additional
group ACL entries with the same
gid.
If the file is a directory, default ACL entries may be specified. There may be at most one
default:user entry for the owner of the file, at most one
default:group
entry for the owning
group of the file, at most one
default:class entry for the file group class, and at most one
default:other entry for other users. There may be additional
default:user entries and
additional
default:group
entries specified, but there may not be duplicate additional
default:user entries with the same uid, or duplicate additional
default:group entries with
the same gid.
setacl never recalculates the default:class
entry, regardless of whether or not the
-n option
was specified.
An entry with no permissions will result in the specified uid or gid being denied access to the file.
The entries need not be in order. They will be sorted by the command before being applied to the
file.
-m Add one or more new ACL entries to the file, and/or change one or more existing ACL entries on the
file. If an entry already exists for a specified uid or gid, the specified permissions will replace the
current permissions. If an entry does not exist for the specified uid or gid, an entry will be created.
-d Delete one or more existing ACL entries from the file. The entries for the file owner, the owning
group, and others may not be deleted from the ACL. Note that deleting an entry does not neces-
sarily have the same effect as removing all permissions from the entry. Specifically, deleting an
entry for a specific user would cause that user’s permissions to be determined by the
other entry
(or the owning
group entry, if the user is in that group).
-f Set a file’s ACL with the ACL entries contained in the file named acl_file. The same constraints on
specified entries hold as with the
-s option. The entries are not required to be in any specific order
in the file specified as acl_file. The character ‘‘#’’ in acl_file may be used to indicate a comment. All
characters, starting with the ‘‘
#’’, until the end of the line, will be ignored. Note that if the acl_file
has been created as the output of the
getacl command, any effective permissions, which will have
been written with a preceding ‘‘#’’, will also be ignored.
When the
setacl command is used, it may result in changes to the file permission bits. When the
user
ACL entry for the file owner is changed, the file owner permission bits will be modified. When the
other
ACL entry is changed, the file other permission bits will be modified. When additional
user ACL entries
and/or any
group ACL entries are set or modified, the file group permission bits will be modified to
reflect the maximum permissions allowed by the additional user entries and all the group entries.
If an ACL contains no additional
user or additional group entries, the permissions in the group entry
for the object owning group and the class entry must be the same. Therefore, if the -d option is
specified and results in no additional user entries and no additional group entries, the class entry
permissions will be set equal to the permissions of the owning group entry. This happens regardless of
whether or not the -n option was specified.
A directory may contain
default ACL entries. If a file is created in a directory which contains
default ACL entries, the entries will be added to the newly created file. Note that the default permis-
sions specified for the file owner, file owning group, and others, will be constrained by the umask and the
mode specified in the file creation call.
If an ACL contains no additional
default:user or additional default:group entries and a
default:group entry is specified for the object owning group, then a default:class entry must
also be specified, and the permissions in the default:group entry for the object owning group and the
permissions for the default:class entry must be the same.
This command may be executed on a file system that does not support ACLs, to set the permissions for
the three base entries for the file owner, file owning group, and others. Additional entries and
default
entries will not be allowed in this case.
HP-UX 11i Version 2: September 2004 − 2 − Hewlett-Packard Company Section 1−−841