3.0;acl (set/show_acl), revision 3.0, 83/04/11
ACL (ACCESS_CONTROL_LIST) -- List or copy an ACL.
usage: ACL [target_obj [src_obj]] [-D|-F] [-I|-ID|-IF|-ALL] [-IS] [-LINKS] [-L]
[-BR] [-QW|-QA|-NQ] [-AE] {CL}
FORMAT
ACL [target_object [source_object]] [options]
Every directory and file has an associated access control list (ACL) which
lists users and their rights to the object. In addition, each directory
contains two additional ACLs (called initial ACLs): one for new files and
another for new subdirectories created within that directory. ACL lets you
copy an ACL from one object to another, or display an ACL. To make changes to
an existing ACL, use the EDACL command (see HELP EDACL).
ARGUMENTS
target_obj
(optional) Specify the file or directory whose ACL(s) you want to set
or display. Wildcarding is permitted.
Default if omitted: use current working directory.
src_obj
(optional) Specify the file or directory whose ACL(s) is to be used to
set the ACL(s) of the target object(s).
Default if omitted: display target_object's ACL
OPTIONS
The following options are used to qualify the target objects:
-D Set or display ACLs of only those target objects that are
directories. If used with -I, -ID, or -IF options, set or
display initial ACLs for subdirectories.
-F Set or display ACLs of only those target objects that are
files.
These options are used to specify directories' initial ACLs as targets:
-I Set or display initial ACLs. If you are setting the ACLs
of a target directory, the source object determines which
initial ACL (file or subdirectory) of the target directory
is set.
-ID Set or display initial ACLs of new subdirectories in target
directories.
-IF Set or display initial ACLs for new files in target object
directories.
(Specifying both -ID and -IF is the same as -I. Neither implies -D.)
This option specifies that one or both of the initial ACLs in the source
object be copied to the target. (This assumes that the source object is a
directory.):
-IS Copy the initial ACL(s) in the source object to the target.
If -I and -IS are both specified, both initial ACLs of
target directory will be set, using the corresponding
initial ACLs of the source object.
This option specifies that all ACLs of the target object(s) be set or
displayed.
-ALL Set or display all ACLs of target object(s). Use -D or -F
to qualify wildcards. If source object is specified, it
must be a directory. (Note that if -IS is also specified,
the ACL of the source object itself will not be used, but
all three ACLs of the target directories are still set).
-ALL (with or without -IS) may be used to propagate new
ACLs throughout subtrees.
The following options perform miscellaneous tasks:
-LINKS Operate on links specified as wildcards. -L List
the object names as the ACLs are set. -BR Display ACLs
only, not object names.
ACL uses the command line parser and so also accepts the standard command
options listed in HELP CL.
EXAMPLES
1. $ acl new_file old_file Assign old_file's ACL to new_file.
2. $ acl joe mary -i -is Set the initial ACLs inside JOE using
the initial ACLs inside MARY (which must
be a directory).
3. $ acl abc?* file1 -d -if Set the initial file ACL in all
subdirectories of the current working
directory whose names begin with ABC to
the ACL of FILE1.
4. $ acl abc?* dir2 -f -is Set the ACLs of all files in the current
working directory whose names begin with
ABC to the initial file ACL inside DIR2.
5. $ acl abc?* dir2 -i -is The initial ACLs in all subdirectories
of the current working directory whose
names begin with ABC are set using the
initial ACLs in DIR2, and the ACLs of all
files whose names begin with ABC are set
using the intial file ACL in DIR2.
(Adding -D would confine the operation
to directories.)
6. $ acl abc?* dir2 -all The ACLs of all files matched are set
using the initial file ACL in DIR2. The
ACLs of all directories matched are set
using the ACL of DIR2 itself. The initial
ACLs inside those matched directories are
set using the initial ACLs inside DIR2.
7. $ acl abc?* dir2 -all -is The ACLs of all files matched are set
using the initial file ACL in DIR2. The
ACLs of all directories matched are set
using the initial directory ACL in DIR2.
The initial ACLs inside those matched
directories are set using the initial
ACLs inside DIR2.
RELATED TOPICS
More information is available. Type:
- HELP ACLS
for a list of ACL-related commands
- HELP PROTECTION
for general information on DOMAIN protection mechanisms
- HELP PROTECTIONACLS
for detailed information on ACL structure and usage
- HELP PROTECTIONSIDS
for information on SIDs.
- HELP PROTECTIONRIGHTS
for information on access rights.