👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

OpenSolaris 2009.06 - man page for setfacl (opensolaris section 1)

setfacl(1)				  User Commands 			       setfacl(1)

NAME
       setfacl - modify the Access Control List (ACL) for a file or files

SYNOPSIS
       setfacl [-r] -s acl_entries file

       setfacl [-r] -md acl_entries file

       setfacl [-r] -f acl_file file

DESCRIPTION
       For each file specified, setfacl either replaces its entire ACL, including the default ACL
       on a directory, or it adds, modifies, or  deletes  one  or  more  ACL  entries,	including
       default entries on directories.

       When  the  setfacl  command is used, it can result in changes to the file permission bits.
       When the user ACL entry for the file owner is changed, the  file  owner	class  permission
       bits  are modified. When the group ACL entry for the file group class is changed, the file
       group class permission bits are modified. When the other ACL entry is  changed,	the  file
       other class permission bits are modified.

       If  you use the chmod(1) command to change the file group owner permissions on a file with
       ACL entries, both the file group owner permissions and the ACL mask are changed to the new
       permissions.  Be  aware that the new ACL mask permissions can change the effective permis-
       sions for additional users and groups who have ACL entries on the file.

       A directory can contain default ACL entries. If a file or directory is created in a direc-
       tory  that  contains default ACL entries, the newly created file has permissions generated
       according to the intersection of the default ACL entries and the permissions requested  at
       creation time. The umask(1) are not applied if the directory contains default ACL entries.
       If a default ACL is specified for a specific user (or users), the file has a  regular  ACL
       created.  Otherwise,  only  the	mode  bits  are initialized according to the intersection
       described above. The default ACL should be thought of as the maximum discretionary  access
       permissions that can be granted.

       Use  the  setfacl command to set ACLs on files in a UFS file system, which supports POSIX-
       draft ACLS (or aclent_t style ACLs). Use the chmod command to set ACLs on files in  a  ZFS
       file system, which supports NFSv4-style ACLS (or ace_t style ACLs).

   acl_entries Syntax
       For the -m and -s options, acl_entries are one or more comma-separated ACL entries.

       An ACL entry consists of the following fields separated by colons:

       entry_type    Type  of ACL entry on which to set file permissions. For example, entry_type
		     can be user (the owner of a file) or mask (the ACL mask).

       uid or gid    User name or user identification number. Or, group name or group identifica-
		     tion number.

       perms	     Represents  the  permissions  that are set on entry_type. perms can be indi-
		     cated by the symbolic characters rwx or a number (the same permissions  num-
		     bers used with the chmod command).

       The following table shows the valid ACL entries (default entries can only be specified for
       directories):

		ACL Entry			  Description
       --------------------------------------------------------------------
       u[ser]::perms		     File owner permissions.
       g[roup]::perms		     File group owner permissions.
       o[ther]:perms		     Permissions for users other than  the
				     file  owner  or members of file group
				     owner.
       m[ask]:perms		     The ACL mask. The	mask  entry  indi-
				     cates the maximum permissions allowed
				     for users (other than the owner)  and
				     for  groups.  The mask is a quick way
				     to  change  permissions  on  all  the
				     users and groups.
       u[ser]:uid:perms 	     Permissions  for a specific user. For
				     uid, you can specify  either  a  user
				     name or a numeric UID.
       g[roup]:gid:perms	     Permissions for a specific group. For
				     gid, you can specify either  a  group
				     name or a numeric GID.
       d[efault]:u[ser]::perms	     Default file owner permissions.
       d[efault]:g[roup]::perms      Default file group owner permissions.
       d[efault]:o[ther]:perms	     Default  permissions  for users other
				     than the file owner or members of the
				     file group owner.
       d[efault]:m[ask]:perms	     Default ACL mask.
       d[efault]:u[ser]:uid:perms    Default  permissions  for	a specific
				     user. For uid, you can specify either
				     a user name or a numeric UID.
       d[efault]:g[roup]:gid:perms   Default  permissions  for	a specific
				     group.  For  gid,	you  can   specify
				     either a group name or a numeric GID.

       For the -d option, acl_entries are one or more comma-separated ACL entries without permis-
       sions. Notice that the entries for file owner, file group owner, ACL mask, and others  can
       not be deleted.

OPTIONS
       The options have the following meaning:

       -d acl_entries	 Deletes  one  or  more  entries  from the file. The entries for the file
			 owner, the file group owner, and others can not be deleted from the ACL.
			 Notice  that deleting an entry does not necessarily have the same effect
			 as removing all permissions from the entry.

       -f acl_file	 Sets a file's ACL with the ACL  entries  contained  in  the  file  named
			 acl_file.  The same constraints on specified entries hold as with the -s
			 option. The entries are not required to be in any specific order in  the
			 file.	Also,  if  you specify a dash (-) for acl_file, standard input is
			 used to set the file's ACL.

			 The character # in acl_file can be used to indicate a comment. All char-
			 acters,  starting  with  the  #  until the end of the line, are ignored.
			 Notice that if the acl_file has been created as the output of	the  get-
			 facl(1)  command,  any  effective  permissions,  which  follow  a #, are
			 ignored.

       -m acl_entries	 Adds one or more new ACL entries to the file,	and/or	modifies  one  or
			 more  existing ACL entries on the file. If an entry already exists for a
			 specified uid or gid, the specified permissions replace the current per-
			 missions.  If	an  entry does not exist for the specified uid or gid, an
			 entry is created. When using the -m option to modify a default ACL,  you
			 must  specify	a complete default ACL (user, group, other, mask, and any
			 additional entries) the first time.

       -r		 Recalculates the permissions for the ACL  mask  entry.  The  permissions
			 specified  in the ACL mask entry are ignored and replaced by the maximum
			 permissions necessary to grant the access to all additional  user,  file
			 group owner, and additional group entries in the ACL. The permissions in
			 the additional user, file group owner, and additional group entries  are
			 left unchanged.

       -s acl_entries	 Sets a file's ACL. All old ACL entries are removed and replaced with the
			 newly specified ACL. The entries need not be in any specific order. They
			 are sorted by the command before being applied to the file.

			 Required entries:

			     o	    Exactly one user entry specified for the file owner.

			     o	    Exactly one group entry for the file group owner.

			     o	    Exactly one other entry specified.
			 If there are additional user and group entries:

			     o	    Exactly  one mask entry specified for the ACL mask that indi-
				    cates the maximum permissions allowed for users  (other  than
				    the owner) and groups.

			     o	    Must not be duplicate user entries with the same uid.

			     o	    Must not be duplicate group entries with the same gid.
			 If  file is a directory, the following default ACL entries can be speci-
			 fied:

			     o	    Exactly one default user entry for the file owner.

			     o	    Exactly one default group entry for the file group owner.

			     o	    Exactly one default mask entry for the ACL mask.

			     o	    Exactly one default other entry.
			 There can be additional default  user	entries  and  additional  default
			 group	entries  specified,  but  there  can  not be duplicate additional
			 default user entries with the	same  uid,  or	duplicate  default  group
			 entries with the same gid.

EXAMPLES
       Example 1 Adding read permission only

       The  following  example adds one ACL entry to file abc, which gives user shea read permis-
       sion only.

	 setfacl -m user:shea:r-- abc

       Example 2 Replacing a file's entire ACL

       The following example replaces the entire ACL for the file  abc,  which	gives  shea  read
       access,	the  file  owner  all access, the file group owner read access only, the ACL mask
       read access only, and others no access.

	 setfacl -s user:shea:rwx,user::rwx,group::rw-,mask:r--,other:--- abc

       Notice that after this command, the file permission bits are rwxr-----.	Even  though  the
       file group owner was set with read/write permissions, the ACL mask entry limits it to have
       only read permission. The mask entry also specifies the maximum permissions  available  to
       all  additional	user and group ACL entries. Once again, even though the user shea was set
       with all access, the mask limits it to have only read permission. The ACL mask entry is	a
       quick  way  to limit or open access to all the user and group entries in an ACL. For exam-
       ple, by changing the mask entry to read/write, both the file group  owner  and  user  shea
       would be given read/write access.

       Example 3 Setting the same ACL on two files

       The following example sets the same ACL on file abc as the file xyz.

	 getfacl xyz | setfacl -f - abc

FILES
       /etc/passwd    password file

       /etc/group     group file

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       chmod(1),   getfacl(1),	umask(1),  aclcheck(3SEC),  aclsort(3SEC),  group(4),  passwd(4),
       attributes(5)

SunOS 5.11				   19 Dec 2006				       setfacl(1)


All times are GMT -4. The time now is 06:54 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?