*** UNIX MANUAL PAGE BROWSER ***

getacl(1) General Commands Manual getacl(1) NAME getacl - Displays the discretionary access control information (ACL) SYNOPSIS getacl [-d|-D] [-g group[,group...]] [-n] [-m] [-u user[,user...]] file... FLAGS Displays the default access ACL. The -d and -D options are mutually exclusive. Displays the default directory ACL. The -D flag is not de- fined by POSIX. The -d and -D options are mutually exclusive. Display the designated group entries only. The -g flag is not defined by POSIX. Display the output in multicolumns. The -m flag is not defined by POSIX. Use numeric IDs. The -n flag is not defined by POSIX. Dis- play the designated user entries. The -u flag may be used multiple times on the command line. The -u flag is not defined by POSIX. DESCRIPTION This command is based on Draft 13 of the POSIX P1003.6 standard. The arguments may change as the P1003.6 standard is finalized. The getacl command displays the selected type of ACL for each file or directory named on the command line. The following three types of ACLs may be retrieved: Access ACL Designates the access to be granted to a given object. Default directory ACL The default directory ACL allows the owner or a privileged user to associate an ACL with a di- rectory that is to be inherited as an access ACL when a subdirectory is created. The default di- rectory ACL will also be inherited as the de- fault directory ACL by the new directory. Default access ACL The default access ACL allows the owner or a privileged user to associate an ACL with a di- rectory that is to be inherited as an access ACL when an object is created within the directory. If the object being created is a directory and a default directory ACL exists on the parent di- rectory, it is inherited as the access ACL and not the default access ACL. The default access ACL is inherited as the default access ACL for any subdirectory created Both the default directory ACL and default access ACL are propagated down through the directory tree as each directory is created. The user readable format of the ACL consists of the comments section and the entries section. The comments section contains the following three lines: name of the object object owner group owner Each line of the comments section begins with a # character. The ACL entries section by default consists of one line per entry. Each line contains three colon-separated fields defined as: Field 1 The ACL entry type (user/group/other). Field 2 The name or id that this entry pertains to. If nothing is present, it refers to the owning user, owning group or other. Field 3 The access being granted by the entry. The output display format and relative ordering of ACL entries is as follows: user::perm user:uid1:perm user:uid2:perm group::perm group:gid1:perm group:gid2:perm other::perm The following are some typical getacl outputs: % getacl /ufs/test # # file: /ufs/test # owner: root # group: system # user::rwx user:fran:-wx user:adm:r-- group::r-x other::r-x % getacl -g adm /ufs/test # # file: /ufs/test # owner: root # group: system # % getacl -u adm /ufs/test # # file: /ufs/test # owner: root # group: system # user:adm:r-- If any ACL entry is wider than the screen, the access control list is continued on the next line, indented to the previous line. The width of the screen is taken from the COLUMNS environment variable, if the variable is not set, the default width is 80 columns. The -m option may be used to cause the ACL to be displayed in a multi- column format. The user entries defined in the ACL are placed on the screen in the maximum number of columns allowed by the current size of the screen, followed by the group entries. The output from the getacl command is in the correct format for input to the setacl command. The output may be redirected into a file, then the output file can be used as input to the setacl command. This tech- nique is useful for assigning the ACL on an existing file to one or more new files. For example: $ getacl file1 > entries_file $ setacl -U entries_file file2 file3 file4 The getacl command displays the access control lists of those files that resides in directories that the user has search permissions to. EXIT VALUES If successful, the getacl command exits with a status of zero. Other- wise, this command exits with a status of 1 if it aborted because of syntax errors, or if the ACL of one or more files could not be ac- cessed. RELATED INFORMATION Commands: setacl(1) Files: acl(4). Security delim off getacl(1)