getacl(1) General Commands Manual getacl(1)
getacl - list access control lists (ACLs) for files (JFS File Systems only)
For each argument that is a regular file, special file, or named pipe, displays the owner, group, and the Access Control List (ACL). For
each directory argument, displays the owner, group, and the ACL and/or the default ACL. Only directories contain default ACLs.
With the option specified, the filename, owner, group, and the ACL of the file will be displayed. With the option specified, the filename,
owner, group, and the default ACL of the file, if it exists, will be displayed. With options not specified, the filename, owner, group,
and both the ACL, and the default ACL, if it exists, will be displayed.
This command may be executed on a file system that does not support ACLs. It will report the ACL consisting of only the owning user, own-
ing group, class and other entries, based on the permission bits.
When multiple files are specified on the command line, a blank line will separate the ACL for each file.
The command recognizes the following options:
Displays the filename, owner, group, and the ACL of the specified file.
Displays the the filename, owner, group, and the default
ACL of the file, if it exists.
The command recognizes the following operand:
file The file or directory from which retrieves the access control information.
The format of an ACL is:
The first three lines show the filename, the file owner, and the file owning group. Note that when only the option is specified, and the
file has no default ACL, only these three lines will be displayed.
The entry without a user ID indicates the permissions that will be granted to the owner of the file. One or more additional entries indi-
cate the permissions that will be granted to the specified users. The entry without a group identifier indicates the permissions that will
be granted to the owning group of the file. One or more additional entries indicate the permissions that will be granted to the specified
groups. The entry indicates the permissions that will be granted to others.
The entries and may only exist for directories, and indicate the default user, group, and other entries that will be added to a file cre-
ated within the directory.
The uid is a login name, or a user ID if there is no entry for the uid in the system's password file; gid is a group name, or a group ID if
there is no entry for the gid in the system's group file; and perm is a three character string composed of the letters representing the
separate discretionary access rights: (read), (write), (execute/search), or the placeholder character The perm will be displayed in the
following order: If a permission is not granted by an ACL entry, the placeholder character will appear.
The ACL entries will be displayed in the order in which they will be evaluated when an access check is performed. The default ACL entries
that may exist on a directory have no effect on access checks.
The file owner permission bits represent the access that the owning user ACL entry has. The file group class permission bits represent the
most access that any additional user entry, additional group entry, or the owning group entry may grant. The file other permission bits
represent the access that the other ACL entry has. If a user invokes the command and changes the file group class permission bits, the
access granted by the additional ACL entries may be restricted.
In order to indicate that the file group class permission bits restrict an ACL entry, will display, after each affected entry, text in the
form , where perm will show only the permissions actually granted.
Given file with an ACL six entries long, the command
Given file with an ACL six entries long, after the command was issued, the command
Given directory with an ACL containing default entries, the command
Given directory the command
The output from will be in the correct format for input to the command. If the output from is redirected to a file, the file may be used
as input to In this way, a user may easily assign one file's ACL to another file.
for user IDs
for group IDs
chmod(1), ls(1), setacl(1). acl(2), aclsort(3C).