getacl - Displays the specified access control list (ACL)
on a file of directory
getacl [-d | -D] [-g group[,group...]] [-n] [-m] [-u
user[,user...]] file...
Displays the default access ACL instead of the access ACL.
Valid for directories only. The -d and -D options are
mutually exclusive. [Tru64 UNIX] Displays the default
directory ACL instead of the access ACL. Valid for directories
only. The -d and -D options are mutually exclusive.
[Tru64 UNIX] Display the entries for the designated group
names or GIDs only. If a numeric group name exists in the
group database, then the entry for that group is displayed,
not the entry for the GID. For example if there is
a group name "521" with GID 40, a group name "mygroup"
with GID 521, and you request the entry using the -g 521
option then the entry for the group name "521" is displayed,
not the entry for the group name "mygroup". The -g
option is not defined by POSIX. [Tru64 UNIX] Display the
output in multicolumns. The -m option is not defined by
POSIX. [Tru64 UNIX] Display numeric IDs. The -n option
is not defined by POSIX. [Tru64 UNIX] Display the
entries for the designated user names and UIDs only. If a
numeric user name exists in the user database, then the
entry for that user is displayed, not the entry for the
UID. For example if there is a user name "39456" with UID
420, a user name "fred" with UID 39456, and you request
the entry using the -u 39456 option then the entry for
user name "39456" is displayed, not the entry for user
name "fred". The -u option may be used multiple times on
the command line.
Note
This command is based on Draft 13 of the POSIX P1003.6
standard.
The getacl command displays the selected type of ACL for
each file or directory named on the command line.
The following three types of ACLs may be displayed:
Access ACL Used to control access to a file or directory.
Default directory ACL Used to specify ACLs inherited by new subdirectories
in a directory. Valid on directories only.
Default access ACL Used to specify ACLs inheried by new subdirectories
and files in a directory. Valid on directories
only.
For more information on the types of ACLs see the acl(4)
reference page and the Security guide.
If the access ACL is selected for display, and there is no
access ACL, the getacl command displays the permission
bits in ACL format. If a default ACL is selected for display,
and the selected default ACL doesn't exist on the
specified directory, only the ACL header will be displayed.
The user readable format of the ACL consists of the ACL
header section and the entries section. The ACL header
section contains, at a minimum, the following three lines:
name of the object
object owner
group owner
It may also contain blank comment lines or warning messages.
Each line of the ACL header section begins with a #
character.
The ACL entries section by default consists of one line
per entry. Each line contains three colon-separated fields
defined as: The ACL entry tag type (user/group/other).
The ACL entry tag qualifier. This is the name or id that
this entry pertains to. If this field is empty the entry
refers to the owning user, owning group or other. The
access being granted by the entry.
The output display format and relative ordering of ACL
entries is as follows:
user::perm
user:uid1:perm
user:uid2:perm
group::perm
group:gid1:perm
group:gid2:perm
other::perm
The following are some typical getacl outputs: % getacl
/ufs/test
# # file: /ufs/test # owner: root # group: system #
user::rwx user:fran:-wx user:adm:r-- group::r-x other::r-x
% getacl -g adm /ufs/test
# # file: /ufs/test # owner: root # group: system #
% getacl -u adm /ufs/test
# # file: /ufs/test # owner: root # group: system #
user:adm:r--
If any ACL entry is wider than the screen, the access control
list is continued on the next line, indented to the
previous line. The width of the screen is taken from the
COLUMNS environment variable, if the variable is not set,
the default width is 80 columns.
The -m option may be used to cause the ACL to be displayed
in a multicolumn format. The user entries defined in the
ACL are placed on the screen in the maximum number of
columns allowed by the current size of the screen, followed
by the group entries.
The output from the getacl command is in the correct format
for input to the setacl command. The output may be
redirected into a file, then the output file can be used
as input to the setacl command. This technique is useful
for assigning the ACL on an existing file to one or more
new files. For example: $ getacl file1 > entries_file $
setacl -U entries_file file2 file3 file4
The getacl command displays the access control lists of
those files that resides in directories that the user has
search permissions to.
ACLs may be set on files and directories if ACLs are disabled
on the system, but ACL access checks and ACL inheritance
won't take place. The getacl command will print a
warning if ACLs are disabled on the system.
Not all types of filesystems support ACLs. The getacl
command will print a warning if ACLs are not supported on
the filesystem.
If successful, the getacl command exits with a status of
zero. Otherwise, this command exits with a status of 1 if
it aborted because of syntax errors, or if the ACL of one
or more files could not be accessed.
Commands: setacl(1)
Files: acl(4)
Security
getacl(1)
[ Back ] |
