getacl(1)

getacl(1)

NAME

getacl - list access control lists (ACLs) for ®les (JFS File Systems only)

SYNOPSIS

/usr/bin/getacl [-ad]®le...

DESCRIPTION

For each argument that is a regular ®le, special ®le, or named pipe, getacl displays the owner, group, and the Access Control List (ACL). For each directory argument, getacl displays the owner, group, and the ACL and/or the default ACL. Only directories contain default ACLs.

With the -aoption speci®ed, the ®lename, owner, group, and the ACL of the ®le will be displayed. With the -doption speci®ed, the ®lename, owner, group, and the default ACL of the ®le, if it exists, will be displayed. With options not speci®ed, the ®lename, owner, group, and both the ACL, and the default ACL, if it exists, will be displayed.

This command may be executed on a ®le system that does not support ACLs. It will report the ACL consisting of only the owning user, owning group, class and other entries, based on the permission bits.

When multiple ®les are speci®ed on the command line, a blank line will separate the ACL for each ®le. The format of an ACL is:

#file: ®lename

#owner: uid

#group: gid user::perm user:uid:perm group::perm group:gid:perm class:perm other:perm default:user::perm default:user: uid:perm default:group::perm default:group:gid:perm default:class:perm default:other:perm

The ®rst three lines show the ®lename, the ®le owner, and the ®le owning group. Note that when only the -doption is speci®ed, and the ®le has no default ACL, only these three lines will be displayed.

The user entry without a user ID indicates the permissions that will be granted to the owner of the ®le. One or more additional user entries indicate the permissions that will be granted to the speci®ed users. The group entry without a group identi®er indicates the permissions that will be granted to the owning group of the ®le. One or more additional group entries indicate the permissions that will be granted to the speci®ed groups. The other entry indicates the permissions that will be granted to others.

The default entries (default:user , default:group, and default:other) may only exist for directories, and indicate the default user, group, and other entries that will be added to a ®le created within the directory.

The uid is a login name, or a user ID if there is no entry for the uid in the system's password ®le; gid is a group name, or a group ID if there is no entry for the gid in the system's group ®le; and perm is a three character string composed of the letters representing the separate discretionary access rights: r (read), w (write), x (execute/search), or the placeholder character -.The perm will be displayed in the following order: rwx.Ifapermissionisnot ACL entry, the placeholder character will appear.

The ACL entries will be displayed in the order in which they will be evaluated when an access check is per- formed. The default ACL entries which may exist on a directory have no effect on access checks.

The ®le owner permission bits represent the access that the owning user ACL entry has. The ®le group class permission bits represent the most access that any additional user entry, additional group entry, or the owning group entry may grant. The ®le other permission bits represent the access that the other ACL entry has. If a user invokes the chmod command and changes the ®le group class permission bits, the access granted by the additional ACL entries may be restricted.

In order to indicate that the ®le group class permission bits restrict an ACL entry, getacl will display, after each affected entry, text in the form #effective: perm, where perm will show only the

HP-UX Release 11i: December 2000

− 1 −

Section 1325

g