Ticket #3531: chacl.1

File chacl.1, 4.7 KB (added by egmont, 5 years ago)
Line 
1.\" Copyright (C) 2001, 2002, 2004  Silicon Graphics, Inc.  All rights reserved.
2.\"
3.\" This is free documentation; you can redistribute it and/or
4.\" modify it under the terms of the GNU General Public License as
5.\" published by the Free Software Foundation; either version 2 of
6.\" the License, or (at your option) any later version.
7.\"
8.\" The GNU General Public License's references to "object code"
9.\" and "executables" are to be interpreted as the output of any
10.\" document formatting or typesetting system, including
11.\" intermediate and printed output.
12.\"
13.\" This manual is distributed in the hope that it will be useful,
14.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
15.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16.\" GNU General Public License for more details.
17.\"
18.\" You should have received a copy of the GNU General Public
19.\" License along with this manual.  If not, see
20.\" <http://www.gnu.org/licenses/>.
21.\"
22.TH CHACL 1 "ACL File Utilities" "September 2001" "Access Control Lists"
23.SH NAME
24chacl \- change the access control list of a file or directory
25.SH SYNOPSIS
26.B chacl acl pathname...
27.br
28.B chacl \-b acl dacl pathname...
29.br
30.B chacl \-d dacl pathname...
31.br
32.B chacl \-R pathname...
33.br
34.B chacl \-D pathname...
35.br
36.B chacl \-B pathname...
37.br
38.B chacl \-l pathname...
39.br
40.B chacl \-r pathname...
41.br
42.SH DESCRIPTION
43.I chacl
44is an IRIX-compatibility command, and is maintained for those
45users who are familiar with its use from either XFS or IRIX.
46Refer to the
47.B "SEE ALSO"
48section below for a description of tools
49which conform more closely to the (withdrawn draft) POSIX 1003.1e
50standard which describes Access Control Lists (ACLs).
51.PP
52.I chacl
53changes the ACL(s) for a file or directory.
54The ACL(s) specified are applied to each file in the \f4pathname\f1 arguments.
55.P
56Each ACL is a string which is interpreted using the
57.IR acl_from_text (3)
58routine.
59These strings are made up of comma separated clauses each of which
60is of the form, tag:name:perm.  Where \f4tag\fP can be:
61.TP
62"user" (or "u")
63indicating that the entry is a user ACL entry.
64.TP
65"group" (or "g")
66indicating that the entry is a group ACL entry.
67.TP
68"other" (or "o")
69indicating that the entry is an other ACL entry.
70.TP
71"mask" (or "m")
72indicating that the entry is a mask ACL entry.
73.P
74\f4name\fP is a string which is the user or group name for the ACL entry.
75A null \f4name\fP in a user or group ACL entry indicates the file's
76owner or file's group.
77\f4perm\fP is the string "rwx" where each of the entries may be replaced
78by a "\-" indicating no access of that type, e.g. "r\-x", "\-\-x", "\-\-\-".
79.SH OPTIONS
80.TP
81.B \-b
82Indicates that there are two ACLs to change, the first is the
83file access ACL and the second the directory default ACL.
84.TP
85.B \-d
86Used to set only the default ACL of a directory. 
87.TP
88.B \-R
89Removes the file access ACL only.
90.TP
91.B \-D
92Removes directory default ACL only.
93.TP
94.B \-B
95Remove all ACLs.
96.TP
97.B \-l
98Lists the access ACL and possibly the default ACL associated
99with the specified files or directories.  This option was added
100during the Linux port of XFS, and is not IRIX compatible.
101.TP
102.B \-r
103Set the access ACL recursively for each subtree rooted at \f4pathname\f1(s).
104This option was also added during the Linux port of XFS, and is not
105compatible with IRIX.
106.SH EXAMPLES
107A minimum ACL:
108.PP
109.nf
110  \f3chacl u::rwx,g::r-x,o::r-- file\fP
111.fi
112.PP
113The file ACL is set so that the file's owner has "rwx", the file's
114group has read and execute, and others have read only access to the file.
115.P
116An ACL that is not a minimum ACL, that is, one that specifies
117a user or group other than the file's owner or owner's group,
118must contain a mask entry:
119.PP
120.nf
121  \f4chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2\fP
122.fi
123.PP
124To set the default and access ACLs on \f4newdir\f1 to be the
125same as on \f4olddir\f1, you could type:
126.PP
127.nf
128  \f4chacl \-b `chacl \-l olddir | \\
129      sed \-e 's/.*\\[//' \-e 's#/# #' \-e 's/]$//'` newdir
130\fP
131.fi
132.SH CAUTIONS
133.I chacl
134can replace the existing ACL.  To add or delete entries, you
135must first do \f4chacl \-l\fP to get the existing ACL, and use the output
136to form the arguments to
137.IR chacl .
138.P
139Changing the permission bits of a file will change the file access
140ACL settings (see
141.IR chmod (1)).
142However, file creation mode masks (see
143.IR umask (1))
144will not affect the access ACL settings of files created using directory
145default ACLs.
146.P
147ACLs are filesystem extended attributes and hence are not typically
148archived or restored using the conventional archiving utilities.
149See
150.IR attr (5)
151for more information about extended attributes and see
152.IR xfsdump (8)
153for a method of backing them up under XFS.
154.SH SEE ALSO
155.BR getfacl "(1), " setfacl "(1), " chmod "(1), " umask "(1), " acl_from_text "(3), " acl "(5), " xfsdump (8)