setfacl man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

SETFACL(1)							    SETFACL(1)

NAME
       setfacl - modify the Access Control List (ACL) for a file or files

SYNOPSIS
       setfacl [-r] -s acl_entries file

       setfacl [-r] -md acl_entries file

       setfacl [-r] -f acl_file file

DESCRIPTION
       For  each  file	specified,  setfacl  either  replaces  its entire ACL,
       including the default ACL on a directory,  or  it  adds,	 modifies,  or
       deletes	one or more ACL entries, including default entries on directo‐
       ries.

       When the setfacl command is used, it can result in changes to the  file
       permission bits. When the user ACL entry for the file owner is changed,
       the file owner class permission bits are modified. When the  group  ACL
       entry for the file group class is changed, the file group class permis‐
       sion bits are modified. When the other ACL entry is changed,  the  file
       other class permission bits are modified.

       If  you use the chmod(1) command to change the file group owner permis‐
       sions on a file with ACL entries, both the file group owner permissions
       and  the ACL mask are changed to the new permissions. Be aware that the
       new ACL mask permissions can change the effective permissions for addi‐
       tional users and groups who have ACL entries on the file.

       A  directory can contain default ACL entries. If a file or directory is
       created in a directory that contains default  ACL  entries,  the	 newly
       created file has permissions generated according to the intersection of
       the default ACL entries and the permissions requested at creation time.
       The  umask(1)  are  not	applied	 if the directory contains default ACL
       entries. If a default ACL is specified for a specific user (or  users),
       the  file  has a regular ACL created. Otherwise, only the mode bits are
       initialized according to the intersection described above. The  default
       ACL  should  be	thought of as the maximum discretionary access permis‐
       sions that can be granted.

       Use the setfacl command to set ACLs on files  in	 a  UFS	 file  system,
       which supports POSIX-draft ACLS (or aclent_t style ACLs). Use the chmod
       command to set ACLs on files in	a  ZFS	file  system,  which  supports
       NFSv4-style ACLS (or ace_t style ACLs).

   acl_entries Syntax
       For  the -m and -s options, acl_entries are one or more comma-separated
       ACL entries.

       An ACL entry consists of the following fields separated by colons:

       entry_type
		     Type of ACL entry on which to set file  permissions.  For
		     example,  entry_type can be user (the owner of a file) or
		     mask (the ACL mask).

       uid or gid
		     User name or user identification number. Or,  group  name
		     or group identification number.

       perms
		     Represents	 the  permissions  that are set on entry_type.
		     perms can be indicated by the symbolic characters rwx  or
		     a	number	(the  same  permissions	 numbers used with the
		     chmod command).

       The following table shows the valid ACL entries	(default  entries  can
       only be specified for directories):

		ACL Entry			  Description
       ────────────────────────────────────────────────────────────────────
       u[ser]::perms		     File owner permissions.
       g[roup]::perms		     File group owner permissions.
       o[ther]:perms		     Permissions  for users other than the
				     file owner or members of  file  group
				     owner.
       m[ask]:perms		     The  ACL  mask.  The mask entry indi‐
				     cates the maximum permissions allowed
				     for  users (other than the owner) and
				     for groups. The mask is a	quick  way
				     to	 change	 permissions  on  all  the
				     users and groups.
       u[ser]:uid:perms		     Permissions for a specific user.  For
				     uid,  you	can  specify either a user
				     name or a numeric UID.
       g[roup]:gid:perms	     Permissions for a specific group. For
				     gid,  you	can specify either a group
				     name or a numeric GID.
       d[efault]:u[ser]::perms	     Default file owner permissions.
       d[efault]:g[roup]::perms	     Default file group owner permissions.
       d[efault]:o[ther]:perms	     Default permissions for  users  other
				     than the file owner or members of the
				     file group owner.
       d[efault]:m[ask]:perms	     Default ACL mask.
       d[efault]:u[ser]:uid:perms    Default permissions  for  a  specific
				     user. For uid, you can specify either
				     a user name or a numeric UID.
       d[efault]:g[roup]:gid:perms   Default permissions  for  a  specific
				     group.   For  gid,	 you  can  specify
				     either a group name or a numeric GID.

       For the -d option, acl_entries are  one	or  more  comma-separated  ACL
       entries	without	 permissions.  Notice that the entries for file owner,
       file group owner, ACL mask, and others can not be deleted.

OPTIONS
       The options have the following meaning:

       -d acl_entries
			 Deletes one  or  more	entries	 from  the  file.  The
			 entries for the file owner, the file group owner, and
			 others can not be deleted from the ACL.  Notice  that
			 deleting  an entry does not necessarily have the same
			 effect as removing all permissions from the entry.

       -f acl_file
			 Sets a file's ACL with the ACL entries	 contained  in
			 the  file  named  acl_file.  The  same constraints on
			 specified entries hold as with	 the  -s  option.  The
			 entries  are not required to be in any specific order
			 in the file. Also, if you  specify  a	dash  (-)  for
			 acl_file,  standard  input  is used to set the file's
			 ACL.

			 The character # in acl_file can be used to indicate a
			 comment.  All	characters,  starting with the # until
			 the end of the line, are ignored.  Notice that if the
			 acl_file  has	been created as the output of the get‐
			 facl(1) command,  any	effective  permissions,	 which
			 follow a #, are ignored.

       -m acl_entries
			 Adds  one or more new ACL entries to the file, and/or
			 modifies one or more  existing	 ACL  entries  on  the
			 file.	If an entry already exists for a specified uid
			 or gid, the specified permissions replace the current
			 permissions. If an entry does not exist for the spec‐
			 ified uid or gid, an entry is created. When using the
			 -m option to modify a default ACL, you must specify a
			 complete default ACL (user, group, other,  mask,  and
			 any additional entries) the first time.

       -r
			 Recalculates  the permissions for the ACL mask entry.
			 The permissions specified in the ACL mask  entry  are
			 ignored  and replaced by the maximum permissions nec‐
			 essary to grant the access to	all  additional	 user,
			 file group owner, and additional group entries in the
			 ACL. The permissions in  the  additional  user,  file
			 group	owner,	and  additional group entries are left
			 unchanged.

       -s acl_entries
			 Sets a file's ACL. All old ACL	 entries  are  removed
			 and  replaced	with  the  newly  specified  ACL.  The
			 entries need not be in any specific order.  They  are
			 sorted	 by  the  command  before being applied to the
			 file.

			 Required entries:

			     o	    Exactly one user entry specified  for  the
				    file owner.

			     o	    Exactly one group entry for the file group
				    owner.

			     o	    Exactly one other entry specified.
			 If there are additional user and group entries:

			     o	    Exactly one mask entry specified  for  the
				    ACL	 mask  that indicates the maximum per‐
				    missions allowed for users (other than the
				    owner) and groups.

			     o	    Must  not  be  duplicate user entries with
				    the same uid.

			     o	    Must not be duplicate group	 entries  with
				    the same gid.
			 If  file  is  a  directory, the following default ACL
			 entries can be specified:

			     o	    Exactly one default	 user  entry  for  the
				    file owner.

			     o	    Exactly  one  default  group entry for the
				    file group owner.

			     o	    Exactly one default mask entry for the ACL
				    mask.

			     o	    Exactly one default other entry.
			 There	can  be	 additional  default  user entries and
			 additional default group entries specified, but there
			 can  not be duplicate additional default user entries
			 with the same uid, or duplicate default group entries
			 with the same gid.

EXAMPLES
       Example 1 Adding read permission only

       The  following example adds one ACL entry to file abc, which gives user
       shea read permission only.

	 setfacl -m user:shea:r−− abc

       Example 2 Replacing a file's entire ACL

       The following example replaces the entire ACL for the file  abc,	 which
       gives shea read access, the file owner all access, the file group owner
       read access only, the ACL mask read access only, and others no access.

	 setfacl -s user:shea:rwx,user::rwx,group::rw-,mask:r--,other:--- abc

       Notice that after this command, the file permission bits are rwxr-----.
       Even  though  the file group owner was set with read/write permissions,
       the ACL mask entry limits it to have only  read	permission.  The  mask
       entry  also  specifies  the  maximum permissions available to all addi‐
       tional user and group ACL entries. Once again,  even  though  the  user
       shea was set with all access, the mask limits it to have only read per‐
       mission. The ACL mask entry is a quick way to limit or open  access  to
       all  the user and group entries in an ACL. For example, by changing the
       mask entry to read/write, both the file group owner and user shea would
       be given read/write access.

       Example 3 Setting the same ACL on two files

       The following example sets the same ACL on file abc as the file xyz.

	 getfacl xyz | setfacl -f − abc

FILES
       /etc/passwd
		      password file

       /etc/group
		      group file

SEE ALSO
       chmod(1),    getfacl(1),	  umask(1),   aclcheck(3SEC),	aclsort(3SEC),
       group(4), passwd(4), attributes(5)

				 Dec 19, 2006			    SETFACL(1)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net