5.0;edacl (edit_access_control_list), revision 5.0, 82/09/17
EDACL (EDIT_ACCESS_CONTROL_LIST) -- Edit or list an ACL.
usage: EDACL [commands] [-I|-P] [-DIR|-FILE|-IF|-ID] pathname...
EDACL commands: [-C ppon rts] [-CF ppon rts] [-A ppon rts] [-AF ppon rts]
[-AR ppon rts] [-D ppon] [-DF ppon rts]
[-DR ppon rts] [-CDN node]
[-CN ppon node] [-L] [-Q]
FORMAT
EDACL [commands] [options] pathname...
Every directory and file has an associated access control list (ACL) that
lists users and their rights to the object. EDACL edits or displays the ACL
of the object(s) specified. The structure and usage of an ACL is described in
detail in HELP PROTECTION ACLS.
ARGUMENTS
pathname
(required) Specify the object whose ACL you wish to edit or display.
Multiple pathnames and wildcarding are permitted.
commands
(optional) Specify the action(s) described below. If you do not
specify a command, EDACL enters an interactive editing
mode.
Default if omitted: read commands from standard input; do
not precede commands with a hyphen (-)
in this mode.
COMMANDS
-L List ACL entries.
-A ppon rights
Add the specified entry to an ACL. You will receive an
error message if the ACL entry exists.
-AF ppon rights
Add force. Add the specified entry to an ACL. You will not
receive an error message if the ACL entry exists.
-C ppon rights
Change the access rights in the entry for ppon (replaces
current rights). You will receive an error message if the
entry does not exist.
-CF ppon rights
Change force. Change the access rights in the entry for
ppon (replaces current rights). You will not receive an
error message if the entry does not exist.
-D ppon Delete the ACL entry for ppon. You will receive an error
message if the entry does not exist.
-DR ppon rights
Delete the specified rights from the entry for ppon.
-AR ppon rights
Add the specified rights to the entry for ppon. You will
receive an error message if the entry does not exist.
-CDN node Change the default node ID.
-CN ppon node
Change the node ID entry in ppon.
-Q Quit without changing the object's ACL. This command is
useful only when you supply EDACL commands interactively
(see -I).
OPTIONS
-DIR Only operate on directories.
-FILE Only operate on files.
-ID Edit the default initial ACL for directories (-DIR
implied).
-IF Edit the default initial ACL for files (-DIR implied).
The following two options apply only when EDACL reads commands from standard
input:
-P EDACL interprets commands when it receives an EOF (usually
CTRL/Z). This is the default when you have redirected
standard input (i.e., instructed the program to read
commands from a Shell program, here document, file, or
pipe).
-I EDACL interprets commands as you enter them. This is the
default when you have not redirected standard input. You
may only specify one pathname (with no wildcards) in this
mode. EDACL changes a copy of the ACL; the command does
not assign a new ACL to an object until it reads an EOF.
Thus, EDACL -I does not change an ACL if you terminate the
session with the "Q" command.
This command uses the command line parser, and so also accepts the standard
command options listed in HELP CL.
EXAMPLES
The order of the commands in the following sequence is significant.
$ edacl -L sales List ACL for the file 'sales'. The
%.%.%.% pgndwrx ppon is all wildcards (%.%.%.%), so
all users have complete rights
$ (pgndwrx) to 'sales'.
$ edacl sales -cf dan.% -none Deny user DAN access to 'sales'.
$ edacl -L sales Other users still have all rights.
DAN.%.%.% ------- Note that the system automatically
%.%.%.% pgndwrx places specific entries before
$ general ones.
$ edacl sales -a joe -owner Add user JOE to the ACL for 'sales'
$ edacl -L sales with all rights.
joe.%.%.% pgndwrx
dan.%.%.% -------
%.%.%.% pgndwrx
$
$ edacl sales -a %.%.mktg wrx Allow users in the MKTG organization
$ edacl -L sales to change file contents, but do not
joe.%.%.% pgndwrx let them assign rights to others (p
dan.%.%.%. ------- and g), change the node ID entry (n),
%.%.mktg.% ----wrx or delete the file (d).
%.%.%.% pgndwrx
$
$ edacl sales -c % r Change everyone else's access to read
$ edacl -L sales only. Note that the more liberal
joe.%.%.% pgndwrx rights (wrx) assigned to the MKTG
dan.%.%.% ------- organization in the previous line
%.%.mktg.% ----wrx still apply, since specific entries
%.%.%.% ----r-- override general ones.
$
RELATED TOPICS
More information is available. Type:
- HELP PROTECTION ACLS
for a detailed description of ACLS.
- HELP ACLS
for a list of commands used to manipulate ACLS.
- HELP PROTECTION
for a general discussion of DOMAIN protection mechanisms.
- HELP PROTECTION SIDS
for details about subject identifiers (PPON's).
- HELP PROTECTION RIGHTS
for details about the various access rights and what they mean.