Print this page
12288 getfacl and setfacl could stand improvement
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1/getfacl.1
+++ new/usr/src/man/man1/getfacl.1
1 1 '\" te
2 2 .\" \&.Copyright (c) 2002, Sun Microsystems, Inc. All Rights Reserved
3 +.\" Copyright (c) 2020 Peter Tribble.
3 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 -.TH GETFACL 1 "Nov 5, 1994"
7 +.TH GETFACL 1 "Feb 8, 2020"
7 8 .SH NAME
8 9 getfacl \- display discretionary file information
9 10 .SH SYNOPSIS
10 -.LP
11 11 .nf
12 12 \fBgetfacl\fR [\fB-ad\fR] \fIfile\fR...
13 13 .fi
14 14
15 15 .SH DESCRIPTION
16 -.sp
17 -.LP
18 16 For each argument that is a regular file, special file, or named pipe, the
19 17 \fBgetfacl\fR utility displays the owner, the group, and the Access Control
20 18 List (\fBACL\fR). For each directory argument, \fBgetfacl\fR displays the
21 19 owner, the group, and the \fBACL\fR and/or the default \fBACL\fR. Only
22 20 directories contain default \fBACL\fRs.
23 21 .sp
24 22 .LP
23 +The \fBgetfacl\fR utility will fail if executed on a file system that supports
24 +NFSv4 \fBACL\fRs. See \fBacl\fR(5) for a description of the difference
25 +between the older POSIX-draft \fBACL\fRs and the newer NFSv4 \fBACL\fRs. The
26 +\fBls\fR(1) utility, when used with the \fB-v\fR or \fB-V\fR options, will
27 +display \fBACL\fRs on all types of file system.
28 +.sp
29 +.LP
25 30 The \fBgetfacl\fR utility may be executed on a file system that does not
26 31 support \fBACL\fRs. It reports the \fBACL\fR based on the base permission bits.
27 32 .sp
28 33 .LP
29 34 With no options specified, \fBgetfacl\fR displays the filename, the file owner,
30 35 the file group owner, and both the \fBACL\fR and the default \fBACL\fR, if it
31 36 exists.
32 37 .SH OPTIONS
33 -.sp
34 -.LP
35 38 The following options are supported:
36 39 .sp
37 40 .ne 2
38 41 .na
39 42 \fB\fB-a\fR\fR
40 43 .ad
41 44 .RS 6n
42 45 Displays the filename, the file owner, the file group owner, and the \fBACL\fR
43 46 of the file.
44 47 .RE
45 48
46 49 .sp
|
↓ open down ↓ |
2 lines elided |
↑ open up ↑ |
47 50 .ne 2
48 51 .na
49 52 \fB\fB-d\fR\fR
50 53 .ad
51 54 .RS 6n
52 55 Displays the filename, the file owner, the file group owner, and the default
53 56 \fBACL\fR of the file, if it exists.
54 57 .RE
55 58
56 59 .SH OPERANDS
57 -.sp
58 -.LP
59 60 The following operands are supported:
60 61 .sp
61 62 .ne 2
62 63 .na
63 64 \fB\fIfile\fR\fR
64 65 .ad
65 66 .RS 8n
66 67 The path name of a regular file, special file, or named pipe.
67 68 .RE
68 69
69 70 .SH OUTPUT
70 -.sp
71 -.LP
72 71 The format for \fBACL\fR output is as follows:
73 72 .sp
74 73 .in +2
75 74 .nf
76 -# file: filename
77 -# owner: uid
78 -# group: gid
79 -user::perm
80 -user:uid:perm
81 -group::perm
82 -group:gid:perm
83 -mask:perm
84 -other:perm
85 -default:user::perm
86 -default:user:uid:perm
87 -default:group::perm
88 -default:group:gid:perm
89 -default:mask:perm
75 +# file: filename
76 +# owner: uid
77 +# group: gid
78 +user::perm
79 +user:uid:perm
80 +group::perm
81 +group:gid:perm
82 +mask:perm
83 +other:perm
84 +default:user::perm
85 +default:user:uid:perm
86 +default:group::perm
87 +default:group:gid:perm
88 +default:mask:perm
90 89 default:other:perm
91 90 .fi
92 91 .in -2
93 92 .sp
94 93
95 94 .sp
96 95 .LP
97 96 When multiple files are specified on the command line, a blank line separates
98 97 the \fBACL\fRs for each file.
99 98 .sp
100 99 .LP
101 100 The \fBACL\fR entries are displayed in the order in which they are evaluated
102 101 when an access check is performed. The default \fBACL\fR entries that may exist
103 102 on a directory have no effect on access checks.
104 103 .sp
105 104 .LP
106 105 The first three lines display the filename, the file owner, and the file group
107 106 owner. Notice that when only the \fB-d\fR option is specified and the file has
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
108 107 no default \fBACL\fR, only these three lines are displayed.
109 108 .sp
110 109 .LP
111 110 The \fBuser\fR entry without a user \fBID\fR indicates the permissions that
112 111 are granted to the file owner. One or more additional user entries indicate the
113 112 permissions that are granted to the specified users.
114 113 .sp
115 114 .LP
116 115 The \fBgroup\fR entry without a group \fBID\fR indicates the permissions that
117 116 are granted to the file group owner. One or more additional group entries
118 -indicate the permissions that are granted to the specified groups.
117 +indicate the permissions that are granted to the specified groups.
119 118 .sp
120 119 .LP
121 120 The \fBmask\fR entry indicates the \fBACL\fR mask permissions. These are the
122 121 maximum permissions allowed to any user entries except the file owner, and to
123 122 any group entries, including the file group owner. These permissions restrict
124 123 the permissions specified in other entries.
125 124 .sp
126 125 .LP
127 126 The \fBother\fR entry indicates the permissions that are granted to others.
128 127 .sp
129 128 .LP
130 129 The \fBdefault\fR entries may exist only for directories. These entries
131 130 indicate the default entries that are added to a file created within the
132 131 directory.
133 132 .sp
134 133 .LP
135 134 The \fBuid\fR is a login name or a user \fBID\fR if there is no entry for the
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
136 135 \fBuid\fR in the system password file, \fB/etc/passwd\fR. The \fBgid\fR is a
137 136 group name or a group \fBID\fR if there is no entry for the \fBgid\fR in the
138 137 system group file, \fB/etc/group\fR. The \fBperm\fR is a three character string
139 138 composed of the letters representing the separate discretionary access rights:
140 139 \fBr\fR (read), \fBw\fR (write), \fBx\fR (execute/search), or the place holder
141 140 character \fB\(mi\fR\&. The \fBperm\fR is displayed in the following order:
142 141 \fBrwx\fR. If a permission is not granted by an \fBACL\fR entry, the place
143 142 holder character appears.
144 143 .sp
145 144 .LP
146 -If you use the \fBchmod\fR(1) command to change the file group owner
145 +If you use the \fBchmod\fR(1) command to change the file group owner
147 146 permissions on a file with \fBACL\fR entries, both the file group owner
148 147 permissions and the \fBACL\fR mask are changed to the new permissions. Be aware
149 148 that the new \fBACL\fR mask permissions may change the effective permissions
150 149 for additional users and groups who have \fBACL\fR entries on the file.
151 150 .sp
152 151 .LP
153 -In order to indicate that the \fBACL\fR mask restricts an \fBACL\fR entry,
152 +In order to indicate that the \fBACL\fR mask restricts an \fBACL\fR entry,
154 153 \fBgetfacl\fR displays an additional tab character, pound sign (\fB#\fR), and
155 154 the actual permissions granted, following the entry.
156 155 .SH EXAMPLES
157 -.LP
158 156 \fBExample 1 \fRDisplaying file information
159 157 .sp
160 158 .LP
161 159 Given file \fBfoo\fR, with an \fBACL\fR six entries long, the command
162 160
163 161 .sp
164 162 .in +2
165 163 .nf
166 164 host% \fBgetfacl foo\fR
167 165 .fi
168 166 .in -2
169 167 .sp
170 168
171 169 .sp
172 170 .LP
173 171 would print:
174 172
175 173 .sp
176 174 .in +2
177 175 .nf
178 176 # file: foo
179 177 # owner: shea
180 178 # group: staff
181 179 user::rwx
182 180 user:spy:\|\(mi\|\(mi\|\(mi
183 181 user:mookie:r\|\(mi\|\(mi
184 182 group::r\|\(mi\|\(mi
185 183 mask::rw\|\(mi
186 184 other::\|\(mi\|\(mi\|\(mi
187 185 .fi
188 186 .in -2
189 187 .sp
190 188
191 189 .LP
192 190 \fBExample 2 \fRDisplaying information after chmod command
193 191 .sp
194 192 .LP
195 193 Continue with the above example, after \fBchmod\fR \fB700 foo\fR was issued:
196 194
197 195 .sp
198 196 .in +2
199 197 .nf
200 198 host% \fBgetfacl foo\fR
201 199 .fi
202 200 .in -2
203 201 .sp
204 202
205 203 .sp
206 204 .LP
207 205 would print:
208 206
209 207 .sp
210 208 .in +2
211 209 .nf
212 210 # file: foo
213 211 # owner: shea
214 212 # group: staff
215 213 user::rwx
216 214 user:spy:\|\(mi\|\(mi\|\(mi
217 215 user:mookie:r\|\(mi\|\(mi #effective:\|\(mi\|\(mi\|\(mi
218 216 group::\|\(mi\|\(mi\|\(mi
219 217 mask::\|\(mi\|\(mi\|\(mi
220 218 other::\|\(mi\|\(mi\|\(mi
221 219 .fi
222 220 .in -2
223 221 .sp
224 222
225 223 .LP
226 224 \fBExample 3 \fRDisplaying information when ACL contains default entries
227 225 .sp
228 226 .LP
229 227 Given directory \fBdoo\fR, with an \fBACL\fR containing default entries, the
230 228 command
231 229
232 230 .sp
233 231 .in +2
234 232 .nf
235 233 host% \fBgetfacl -d doo\fR
236 234 .fi
237 235 .in -2
238 236 .sp
239 237
240 238 .sp
241 239 .LP
242 240 would print:
243 241
244 242 .sp
245 243 .in +2
246 244 .nf
247 245 # file: doo
248 246 # owner: shea
249 247 # group: staff
250 248 default:user::rwx
|
↓ open down ↓ |
83 lines elided |
↑ open up ↑ |
251 249 default:user:spy:\|\(mi\|\(mi\|\(mi
252 250 default:user:mookie:r\|\(mi\|\(mi
253 251 default:group::r\|\(mi\|\(mi
254 252 default:mask::\|\(mi\|\(mi\|\(mi
255 253 default:other::\|\(mi\|\(mi\|\(mi
256 254 .fi
257 255 .in -2
258 256 .sp
259 257
260 258 .SH FILES
261 -.sp
262 259 .ne 2
263 260 .na
264 261 \fB\fB/etc/passwd\fR\fR
265 262 .ad
266 263 .RS 15n
267 264 system password file
268 265 .RE
269 266
270 267 .sp
271 268 .ne 2
272 269 .na
273 270 \fB\fB/etc/group\fR\fR
274 271 .ad
275 272 .RS 15n
276 273 group file
277 274 .RE
278 275
279 276 .SH ATTRIBUTES
280 -.sp
281 -.LP
282 277 See \fBattributes\fR(5) for descriptions of the following attributes:
283 278 .sp
284 279
285 280 .sp
286 281 .TS
287 282 box;
288 283 c | c
289 284 l | l .
290 285 ATTRIBUTE TYPE ATTRIBUTE VALUE
291 286 _
292 287 Interface Stability Evolving
293 288 .TE
294 289
295 290 .SH SEE ALSO
296 -.sp
297 -.LP
298 291 \fBchmod\fR(1), \fBls\fR(1), \fBsetfacl\fR(1), \fBacl\fR(2),
299 -\fBaclsort\fR(3SEC), \fBgroup\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5)
292 +\fBaclsort\fR(3SEC), \fBgroup\fR(4), \fBpasswd\fR(4), \fBacl\fR(5),
293 +\fBattributes\fR(5)
300 294 .SH NOTES
301 -.sp
302 -.LP
303 295 The output from \fBgetfacl\fR is in the correct format for input to the
304 296 \fBsetfacl\fR \fB-f\fR command. If the output from \fBgetfacl\fR is redirected
305 297 to a file, the file may be used as input to \fBsetfacl\fR. In this way, a user
306 298 may easily assign one file's \fBACL\fR to another file.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX