The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

setfacl (1)
  • setfacl (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • >> setfacl (1) ( FreeBSD man: Команды и прикладные программы пользовательского уровня )
  • setfacl (1) ( Linux man: Команды и прикладные программы пользовательского уровня )

  • BSD mandoc
     

    NAME

    
    
    setfacl
    
     - set ACL information
    
     
    

    SYNOPSIS

    [-bdhkn ] [-m entries ] [-M file ] [-x entries ] [-X file ] [file ... ]  

    DESCRIPTION

    The utility sets discretionary access control information on the specified file(s). If no files are specified, or the list consists of the only `- ' the file names are taken from the standard input.

    The following options are available:

    -b
    Remove all ACL entries except for the three required entries. If the ACL contains a ``mask '' entry, the permissions of the ``group '' entry in the resulting ACL will be set to the permission associated with both the ``group '' and ``mask '' entries of the current ACL.
    -d
    The operations apply to the default ACL entries instead of access ACL entries. Currently only directories may have default ACL's.
    -h
    If the target of the operation is a symbolic link, perform the operation on the symbolic link itself, rather than following the link.
    -k
    Delete any default ACL entries on the specified files. It is not considered an error if the specified files do not have any default ACL entries. An error will be reported if any of the specified files cannot have a default entry (i.e. non-directories).
    -m entries
    Modify the ACL entries on the specified files by adding new entries and modifying existing ACL entries with the ACL entries specified in entries
    -M file
    Modify the ACL entries on the specified files by adding new ACL entries and modifying existing ACL entries with the ACL entries specified in the file file If file is -, the input is taken from stdin.
    -n
    Do not recalculate the permissions associated with the ACL mask entry.
    -x entries
    Remove the ACL entries specified in entries from the access or default ACL of the specified files.
    -X file
    Remove the ACL entries specified in the file file from the access or default ACL of the specified files.

    The above options are evaluated in the order specified on the command-line.  

    ACL ENTRIES

    An ACL entry contains three colon-separated fields: an ACL tag, an ACL qualifier, and discretionary access permissions:

    ACL tag
    The ACL tag specifies the ACL entry type and consists of one of the following: ``user '' or `u' specifying the access granted to the owner of the file or a specified user; ``group '' or `g' specifying the access granted to the file owning group or a specified group; ``other '' or `o' specifying the access granted to any process that does not match any user or group ACL entry; ``mask '' or `m' specifying the maximum access granted to any ACL entry except the ``user '' ACL entry for the file owner and the ``other '' ACL entry.
    ACL qualifier
    The ACL qualifier field describes the user or group associated with the ACL entry. It may consist of one of the following: uid or user name, gid or group name, or empty. For ``user '' ACL entries, an empty field specifies access granted to the file owner. For ``group '' ACL entries, an empty field specifies access granted to the file owning group. ``mask '' and ``other '' ACL entries do not use this field.
    access permissions
    The access permissions field contains up to one of each of the following: `r' , `w' , and `x' to set read, write, and execute permissions, respectively. Each of these may be excluded or replaced with a `-' character to indicate no access.

    A ``mask '' ACL entry is required on a file with any ACL entries other than the default ``user '' ``group '' and ``other '' ACL entries. If the -n option is not specified and no ``mask '' ACL entry was specified, the utility will apply a ``mask '' ACL entry consisting of the union of the permissions associated with all ``group '' ACL entries in the resulting ACL.

    Traditional POSIX interfaces acting on file system object modes have modified semantics in the presence of POSIX.1e extended ACLs. When a mask entry is present on the access ACL of an object, the mask entry is substituted for the group bits; this occurs in programs such as stat(1) or ls(1). When the mode is modified on an object that has a mask entry, the changes applied to the group bits will actually be applied to the mask entry. These semantics provide for greater application compatibility: applications modifying the mode instead of the ACL will see conservative behavior, limiting the effective rights granted by all of the additional user and group entries; this occurs in programs such as chmod(1).

    ACL entries applied from a file using the -M or -X options shall be of the following form: one ACL entry per line, as previously specified; whitespace is ignored; any text after a `#' is ignored (comments).

    When ACL entries are evaluated, the access check algorithm checks the ACL entries in the following order: file owner, ``user '' ACL entries, file owning group, ``group '' ACL entries, and ``other '' ACL entry.

    Multiple ACL entries specified on the command line are separated by commas.  

    EXIT STATUS

    Ex -std  

    EXAMPLES

    setfacl -m u::rwx,g:mail:rw file

    Sets read, write, and execute permissions for the file owner's ACL entry and read and write permissions for group mail on file

    setfacl -M file1 file2

    Sets/updates the ACL entries contained in file1 on file2

    setfacl -x g:mail:rw file

    Remove the group mail ACL entry containing read/write permissions from file

    setfacl -bn file

    Remove all ``access '' ACL entries except for the three required from file

    getfacl file1 | setfacl -b -n -M - file2

    Copy ACL entries from file1 to file2  

    SEE ALSO

    getfacl(1), acl(3), getextattr(8), setextattr(8), acl(9), extattr(9)  

    STANDARDS

    The utility is expected to be IEEE Std 1003.2c compliant.  

    HISTORY

    Extended Attribute and Access Control List support was developed as part of the TrustedBSD Project and introduced in Fx 5.0 .  

    AUTHORS

    The utility was written by An Chris D. Faulhaber Aq jedgar@fxp.org .


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    ACL ENTRIES
    EXIT STATUS
    EXAMPLES
    SEE ALSO
    STANDARDS
    HISTORY
    AUTHORS


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру