c
chacl(1) | chacl(1) |
NAME
chacl - add, modify, delete, copy, or summarize access control lists (ACLs) of ®les
SYNOPSIS
/usr/bin/chacl acl ®le ...
chacl
chacl
chacl
chacl - [ z ⏐ Z ⏐ F ] ®le...
DESCRIPTION
chacl extends the capabilities of chmod(1), by enabling the user to grant or restrict ®le access to additional speci®c users and/or groups. Traditional ®le access permissions, set when a ®le is created, grant or restrict access to the ®le's owner, group, and other users. These ®le access permissions (eg.,
chacl enables a user to designate up to thirteen additional sets of permissions (called optional access control list (ACL) entries) which are stored in the access control list of the ®le.
To use chacl, the owner (or superuser) constructs an acl, a set of (user.group, mode) mappings to associate with one or more ®les. A speci®c user and group can be referred to by either name or number; any user (u), group (g), or both can be referred to with a % symbol, representing any user or group. The @ symbol speci®es the ®le's owner or group.
Read, write, and execute/search (rwx) modes are identical to those used by chmod; symbolic operators (op) add (+), remove
entry [, entry ] ...
where the syntax for an entry is
u.g op mode[ op mode ] ...
By default, chacl modi®es existing ACLs. It adds ACL entries or modi®es access rights in existing ACL entries. If acl contains an ACL entry already associated with a ®le, the entry's mode bits are changed to the new value given, or are modi®ed by the speci®ed operators. If the ®le's ACL does not already contain the speci®ed entry, that ACL entry is added. chacl can also remove all access to ®les. Giving it a null acl argument means either ``no access'' (when using the
For a summary of the syntax, run chacl without arguments.
If ®le is speci®ed as
Options
chacl recognizes the following options:
Replace old ACLs with the given ACL. All optional ACL entries are ®rst deleted from the | |||
| speci®ed ®les's ACLs, their base permissions are set to zero, and the new ACL is applied. If | ||
| acl does not contain an entry for the owner (u.%), the group (%.g), or other (%.%) users of | ||
| a ®le, that base ACL entry's mode is set to zero (no access). The command affects all of the | ||
| ®le's ACL entries, but does not change the ®le's owner or group ID. | ||
| In chmod(1), the ``modify'' and ``replace'' operations are distinguished by the syntax (string | ||
| or octal value). | There is no corollary for ACLs because they have a variable number of | |
| entries. Hence | chacl modi®es speci®c entries by default, and optionally replaces all | |
| entries. |
|
|
Delete the speci®ed entries from the ACLs on all speci®ed ®les. The aclpatt argument can | |||
| be an exact ACL or an ACL pattern (see acl(5)). | chacl | |
| entries are deleted from it. |
| |
| If you attempt to delete a base ACL entry from any ®le, the entry remains but its access | ||
| mode is set to zero (no access). If you attempt to delete a | ||
| (that is, if an ACL entry pattern matches no ACL entry), chacl informs you of the error, | ||
Section 1−70 |
| − 1 − | |