setfacl(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

setfacl(1)

setfacl(1)                       User Commands                      setfacl(1)



NAME
       setfacl - modify the Access Control List (ACL) for a file or files

SYNOPSIS
       setfacl [-r] -s acl_entries file


       setfacl [-r] -md acl_entries file


       setfacl [-r] -f acl_file file


DESCRIPTION
       For  each  file  specified,  setfacl  either  replaces  its entire ACL,
       including the default ACL on a directory,  or  it  adds,  modifies,  or
       deletes  one or more ACL entries, including default entries on directo‐
       ries.


       When the setfacl command is used, it can result in changes to the  file
       permission bits. When the user ACL entry for the file owner is changed,
       the file owner class permission bits are modified. When the  group  ACL
       entry for the file group class is changed, the file group class permis‐
       sion bits are modified. When the other ACL entry is changed,  the  file
       other class permission bits are modified.


       If  you use the chmod(1) command to change the file group owner permis‐
       sions on a file with ACL entries, both the file group owner permissions
       and  the ACL mask are changed to the new permissions. Be aware that the
       new ACL mask permissions can change the effective permissions for addi‐
       tional users and groups who have ACL entries on the file.


       A  directory can contain default ACL entries. If a file or directory is
       created in a directory that contains default  ACL  entries,  the  newly
       created file has permissions generated according to the intersection of
       the default ACL entries and the permissions requested at creation time.
       The  umask(1)  are  not  applied  if the directory contains default ACL
       entries. If a default ACL is specified for a specific user (or  users),
       the  file  has a regular ACL created. Otherwise, only the mode bits are
       initialized according to the intersection described above. The  default
       ACL  should  be  thought of as the maximum discretionary access permis‐
       sions that can be granted.


       Use the setfacl command to set ACLs on files  in  a  UFS  file  system,
       which supports POSIX-draft ACLS (or aclent_t style ACLs). Use the chmod
       command to set ACLs on files in  a  ZFS  file  system,  which  supports
       NFSv4-style ACLS (or ace_t style ACLs).

   acl_entries Syntax
       For  the -m and -s options, acl_entries are one or more comma-separated
       ACL entries.


       An ACL entry consists of the following fields separated by colons:

       entry_type    Type of ACL entry on which to set file  permissions.  For
                     example,  entry_type can be user (the owner of a file) or
                     mask (the ACL mask).


       uid or gid    User name or user identification number. Or,  group  name
                     or group identification number.


       perms         Represents  the  permissions  that are set on entry_type.
                     perms can be indicated by the symbolic characters rwx  or
                     a  number  (the  same  permissions  numbers used with the
                     chmod command).



       The following table shows the valid ACL entries  (default  entries  can
       only be specified for directories):




       tab();   cw(2i)  cw(3.5i)  lw(2i)  lw(3.5i)  ACL  EntryDescription  _
       u[ser]::perms File  owner  permissions.   g[roup]::perms  File  group
       owner  permissions.  o[ther]:perms T{ Permissions for users other than
       the file owner or members of file group owner.  T} m[ask]:perms T{ The
       ACL  mask. The mask entry indicates the maximum permissions allowed for
       users (other than the owner) and for groups. The mask is a quick way to
       change permissions on all the users and groups.  T} u[ser]:uid:permsT{
       Permissions for a specific user. For uid, you can specify either a user
       name  or a numeric UID.  T} g[roup]:gid:permsT{ Permissions for a spe‐
       cific group. For gid, you can specify either a group name or a  numeric
       GID.   T}  d[efault]:u[ser]::perms  Default  file  owner  permissions.
       d[efault]:g[roup]::perms  Default  file   group   owner   permissions.
       d[efault]:o[ther]:perms  T{  Default  permissions for users other than
       the  file  owner  or   members   of   the   file   group   owner.    T}
       d[efault]:m[ask]:perms           Default           ACL           mask.
       d[efault]:u[ser]:uid:permsT{ Default permissions for a specific  user.
       For  uid,  you  can  specify  either  a user name or a numeric UID.  T}
       d[efault]:g[roup]:gid:permsT{  Default  permissions  for  a   specific
       group.  For  gid, you can specify either a group name or a numeric GID.
       T}



       For the -d option, acl_entries are  one  or  more  comma-separated  ACL
       entries  without  permissions.  Notice that the entries for file owner,
       file group owner, ACL mask, and others can not be deleted.

OPTIONS
       The options have the following meaning:

       -d acl_entries    Deletes one  or  more  entries  from  the  file.  The
                         entries for the file owner, the file group owner, and
                         others can not be deleted from the ACL.  Notice  that
                         deleting  an entry does not necessarily have the same
                         effect as removing all permissions from the entry.


       -f acl_file       Sets a file's ACL with the ACL entries  contained  in
                         the  file  named  acl_file.  The  same constraints on
                         specified entries hold as with  the  -s  option.  The
                         entries  are not required to be in any specific order
                         in the file. Also, if you  specify  a  dash  (-)  for
                         acl_file,  standard  input  is used to set the file's
                         ACL.

                         The character # in acl_file can be used to indicate a
                         comment.  All  characters,  starting with the # until
                         the end of the line, are ignored. Notice that if  the
                         acl_file  has  been created as the output of the get‐
                         facl(1) command,  any  effective  permissions,  which
                         follow a #, are ignored.


       -m acl_entries    Adds  one or more new ACL entries to the file, and/or
                         modifies one or more  existing  ACL  entries  on  the
                         file.  If an entry already exists for a specified uid
                         or gid, the specified permissions replace the current
                         permissions. If an entry does not exist for the spec‐
                         ified uid or gid, an entry is created. When using the
                         -m option to modify a default ACL, you must specify a
                         complete default ACL (user, group, other,  mask,  and
                         any additional entries) the first time.


       -r                Recalculates  the permissions for the ACL mask entry.
                         The permissions specified in the ACL mask  entry  are
                         ignored  and replaced by the maximum permissions nec‐
                         essary to grant the access to  all  additional  user,
                         file group owner, and additional group entries in the
                         ACL. The permissions in  the  additional  user,  file
                         group  owner,  and  additional group entries are left
                         unchanged.


       -s acl_entries    Sets a file's ACL. All old ACL  entries  are  removed
                         and  replaced  with  the  newly  specified  ACL.  The
                         entries need not be in any specific order.  They  are
                         sorted  by  the  command  before being applied to the
                         file.

                         Required entries:

                             o      Exactly one user entry specified  for  the
                                    file owner.

                             o      Exactly one group entry for the file group
                                    owner.

                             o      Exactly one other entry specified.
                         If there are additional user and group entries:

                             o      Exactly one mask entry specified  for  the
                                    ACL  mask  that indicates the maximum per‐
                                    missions allowed for users (other than the
                                    owner) and groups.

                             o      Must  not  be  duplicate user entries with
                                    the same uid.

                             o      Must not be duplicate group  entries  with
                                    the same gid.
                         If  file  is  a  directory, the following default ACL
                         entries can be specified:

                             o      Exactly one default  user  entry  for  the
                                    file owner.

                             o      Exactly  one  default  group entry for the
                                    file group owner.

                             o      Exactly one default mask entry for the ACL
                                    mask.

                             o      Exactly one default other entry.
                         There  can  be  additional  default  user entries and
                         additional default group entries specified, but there
                         can  not be duplicate additional default user entries
                         with the same uid, or duplicate default group entries
                         with the same gid.


EXAMPLES
       Example 1 Adding read permission only


       The  following example adds one ACL entry to file abc, which gives user
       shea read permission only.


         setfacl -m user:shea:r−− abc



       Example 2 Replacing a file's entire ACL


       The following example replaces the entire ACL for the file  abc,  which
       gives shea read access, the file owner all access, the file group owner
       read access only, the ACL mask read access only, and others no access.


         setfacl -s user:shea:rwx,user::rwx,group::rw-,mask:r--,other:--- abc




       Notice that after this command, the file permission bits are rwxr-----.
       Even  though  the file group owner was set with read/write permissions,
       the ACL mask entry limits it to have only  read  permission.  The  mask
       entry  also  specifies  the  maximum permissions available to all addi‐
       tional user and group ACL entries. Once again,  even  though  the  user
       shea was set with all access, the mask limits it to have only read per‐
       mission. The ACL mask entry is a quick way to limit or open  access  to
       all  the user and group entries in an ACL. For example, by changing the
       mask entry to read/write, both the file group owner and user shea would
       be given read/write access.


       Example 3 Setting the same ACL on two files


       The following example sets the same ACL on file abc as the file xyz.


         getfacl xyz | setfacl -f − abc



FILES
       /etc/passwd    password file


       /etc/group     group file


ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:




       tab()   box;   cw(2.75i)  |cw(2.75i)  lw(2.75i)  |lw(2.75i)  ATTRIBUTE
       TYPEATTRIBUTE VALUE _ Availabilitysystem/core-os


SEE ALSO
       chmod(1),   getfacl(1),   umask(1),   aclcheck(3SEC),    aclsort(3SEC),
       group(4), passwd(4), attributes(5)



SunOS 5.11                        19 Dec 2006                       setfacl(1)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3