156 lines
4.7 KiB
Groff
156 lines
4.7 KiB
Groff
.\" Copyright (C) 2001, 2002, 2004 Silicon Graphics, Inc. All rights reserved.
|
|
.\"
|
|
.\" This is free documentation; you can redistribute it and/or
|
|
.\" modify it under the terms of the GNU General Public License as
|
|
.\" published by the Free Software Foundation; either version 2 of
|
|
.\" the License, or (at your option) any later version.
|
|
.\"
|
|
.\" The GNU General Public License's references to "object code"
|
|
.\" and "executables" are to be interpreted as the output of any
|
|
.\" document formatting or typesetting system, including
|
|
.\" intermediate and printed output.
|
|
.\"
|
|
.\" This manual is distributed in the hope that it will be useful,
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
.\" GNU General Public License for more details.
|
|
.\"
|
|
.\" You should have received a copy of the GNU General Public
|
|
.\" License along with this manual. If not, see
|
|
.\" <http://www.gnu.org/licenses/>.
|
|
.\"
|
|
.TH CHACL 1 "ACL File Utilities" "September 2001" "Access Control Lists"
|
|
.SH NAME
|
|
chacl \- change the access control list of a file or directory
|
|
.SH SYNOPSIS
|
|
.B chacl acl pathname...
|
|
.br
|
|
.B chacl \-b acl dacl pathname...
|
|
.br
|
|
.B chacl \-d dacl pathname...
|
|
.br
|
|
.B chacl \-R pathname...
|
|
.br
|
|
.B chacl \-D pathname...
|
|
.br
|
|
.B chacl \-B pathname...
|
|
.br
|
|
.B chacl \-l pathname...
|
|
.br
|
|
.B chacl \-r pathname...
|
|
.br
|
|
.SH DESCRIPTION
|
|
.I chacl
|
|
is an IRIX-compatibility command, and is maintained for those
|
|
users who are familiar with its use from either XFS or IRIX.
|
|
Refer to the
|
|
.B "SEE ALSO"
|
|
section below for a description of tools
|
|
which conform more closely to the (withdrawn draft) POSIX 1003.1e
|
|
standard which describes Access Control Lists (ACLs).
|
|
.PP
|
|
.I chacl
|
|
changes the ACL(s) for a file or directory.
|
|
The ACL(s) specified are applied to each file in the \f4pathname\f1 arguments.
|
|
.P
|
|
Each ACL is a string which is interpreted using the
|
|
.IR acl_from_text (3)
|
|
routine.
|
|
These strings are made up of comma separated clauses each of which
|
|
is of the form, tag:name:perm. Where \f4tag\fP can be:
|
|
.TP
|
|
"user" (or "u")
|
|
indicating that the entry is a user ACL entry.
|
|
.TP
|
|
"group" (or "g")
|
|
indicating that the entry is a group ACL entry.
|
|
.TP
|
|
"other" (or "o")
|
|
indicating that the entry is an other ACL entry.
|
|
.TP
|
|
"mask" (or "m")
|
|
indicating that the entry is a mask ACL entry.
|
|
.P
|
|
\f4name\fP is a string which is the user or group name for the ACL entry.
|
|
A null \f4name\fP in a user or group ACL entry indicates the file's
|
|
owner or file's group.
|
|
\f4perm\fP is the string "rwx" where each of the entries may be replaced
|
|
by a "\-" indicating no access of that type, e.g. "r\-x", "\-\-x", "\-\-\-".
|
|
.SH OPTIONS
|
|
.TP
|
|
.B \-b
|
|
Indicates that there are two ACLs to change, the first is the
|
|
file access ACL and the second the directory default ACL.
|
|
.TP
|
|
.B \-d
|
|
Used to set only the default ACL of a directory.
|
|
.TP
|
|
.B \-R
|
|
Removes the file access ACL only.
|
|
.TP
|
|
.B \-D
|
|
Removes directory default ACL only.
|
|
.TP
|
|
.B \-B
|
|
Remove all ACLs.
|
|
.TP
|
|
.B \-l
|
|
Lists the access ACL and possibly the default ACL associated
|
|
with the specified files or directories. This option was added
|
|
during the Linux port of XFS, and is not IRIX compatible.
|
|
.TP
|
|
.B \-r
|
|
Set the access ACL recursively for each subtree rooted at \f4pathname\f1(s).
|
|
This option was also added during the Linux port of XFS, and is not
|
|
compatible with IRIX.
|
|
.SH EXAMPLES
|
|
A minimum ACL:
|
|
.PP
|
|
.nf
|
|
\f3chacl u::rwx,g::r-x,o::r-- file\fP
|
|
.fi
|
|
.PP
|
|
The file ACL is set so that the file's owner has "rwx", the file's
|
|
group has read and execute, and others have read only access to the file.
|
|
.P
|
|
An ACL that is not a minimum ACL, that is, one that specifies
|
|
a user or group other than the file's owner or owner's group,
|
|
must contain a mask entry:
|
|
.PP
|
|
.nf
|
|
\f4chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2\fP
|
|
.fi
|
|
.PP
|
|
To set the default and access ACLs on \f4newdir\f1 to be the
|
|
same as on \f4olddir\f1, you could type:
|
|
.PP
|
|
.nf
|
|
\f4chacl \-b `chacl \-l olddir | \\
|
|
sed \-e 's/.*\\[//' \-e 's#/# #' \-e 's/]$//'` newdir
|
|
\fP
|
|
.fi
|
|
.SH CAUTIONS
|
|
.I chacl
|
|
can replace the existing ACL. To add or delete entries, you
|
|
must first do \f4chacl \-l\fP to get the existing ACL, and use the output
|
|
to form the arguments to
|
|
.IR chacl .
|
|
.P
|
|
Changing the permission bits of a file will change the file access
|
|
ACL settings (see
|
|
.IR chmod (1)).
|
|
However, file creation mode masks (see
|
|
.IR umask (1))
|
|
will not affect the access ACL settings of files created using directory
|
|
default ACLs.
|
|
.P
|
|
ACLs are filesystem extended attributes and hence are not typically
|
|
archived or restored using the conventional archiving utilities.
|
|
See
|
|
.IR attr (5)
|
|
for more information about extended attributes and see
|
|
.IR xfsdump (8)
|
|
for a method of backing them up under XFS.
|
|
.SH SEE ALSO
|
|
.BR getfacl "(1), " setfacl "(1), " chmod "(1), " umask "(1), " acl_from_text "(3), " acl "(5), " xfsdump (8)
|