43960f159d
from files and directories, and setfacl sets ACLs on files and directories. Submitted by: jedgar Obtained from: TrustedBSD Project
230 lines
6.4 KiB
Groff
230 lines
6.4 KiB
Groff
.\"
|
|
.\" Copyright (c) 2001 Chris D. Faulhaber
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
|
|
.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd January 7, 2001
|
|
.Dt SETFACL 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm setfacl
|
|
.Nd Set ACL Information
|
|
.Sh SYNOPSIS
|
|
.Nm setfacl
|
|
.Op Fl bdkn
|
|
.Op Fl m Ar entries
|
|
.Op Fl M Ar file1
|
|
.Op Fl x Ar entries
|
|
.Op Fl X Ar file1
|
|
.Op Ar file ...
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
utility sets discretionary access control information on
|
|
the specified file(s).
|
|
.Pp
|
|
The following options are available:
|
|
.Bl -tag -width indent
|
|
.It Fl b
|
|
Remove all ACL entries except for the three required entries.
|
|
.It Fl d
|
|
The operations apply to the default ACL entries instead of
|
|
access ACL entries. Currently only directories may have
|
|
default ACL's.
|
|
.It Fl k
|
|
Delete any default ACL entries on the specified files. It
|
|
is not considered an error if the specified files do not have
|
|
any default ACL entries. An error will be reported if any of
|
|
the specified files cannot have a default entry (i.e.
|
|
non-directories).
|
|
.It Fl m Ar entries
|
|
Modify the ACL entries on the specified files by adding new
|
|
entries and modifying existing ACL entries with the ACL entries
|
|
specified in
|
|
.Ar entries .
|
|
.It Fl M Ar file
|
|
Modify the ACL entries on the specified files by adding new
|
|
ACL entries and modifying existing ACL entries with the ACL
|
|
entries specified in the file
|
|
.Ar file .
|
|
If
|
|
.Ar file
|
|
is "-", the input is taken from stdin.
|
|
.It Fl n
|
|
Do not recalculate the permissions associated with the ACL
|
|
mask entry.
|
|
.It Fl x Ar entries
|
|
Remove the ACL entries specified in
|
|
.Ar entries
|
|
from the access or default ACL of the specified files.
|
|
.It Fl X Ar file
|
|
Remove the ACL entries specified in the file
|
|
.Ar file
|
|
from the access or default ACL of the specified files.
|
|
.El
|
|
.Pp
|
|
The above options are evaluated in the order specified
|
|
on the command-line.
|
|
.Pp
|
|
Multiple ACL entries specified on the command line shall be
|
|
separated by commas.
|
|
.Sh ACL ENTRIES
|
|
An ACL entry shall contain three colon-separated fields:
|
|
an ACL tag, an ACL qualifier, and discretionary access
|
|
permissions:
|
|
.Pp
|
|
.Bl -tag -width indent
|
|
.It Ar ACL tag
|
|
The ACL tag specifies the ACL entry type and shall consist of
|
|
one of the following: ``user'' or ``u'' specifying the access
|
|
granted to the owner of the file or a specified user; ``group''
|
|
or ``g'' specifying the access granted to the file owning group
|
|
or a specified group; ``other'' or ``o'' specifying the access
|
|
granted to any process that does not match any user or group
|
|
ACL entry; ``mask'' or ``m'' specifying the maximum access
|
|
granted to any ACL entry except the
|
|
.Ar user
|
|
ACL entry for the file owner and the
|
|
.Ar other
|
|
ACL entry.
|
|
.Pp
|
|
.It Ar ACL qualifier
|
|
The ACL qualifier field describes the user or group associated with
|
|
the ACL entry. It may consist of one of the following: uid or
|
|
user name, gid or group name, or empty. For
|
|
.Ar user
|
|
ACL entries, an empty field shall specify access granted to the
|
|
file owner. For
|
|
.Ar group
|
|
ACL entries, an empty field shall specify access granted to the
|
|
file owning group.
|
|
.Ar mask
|
|
and
|
|
.Ar other
|
|
ACL entries do not use this field.
|
|
.Pp
|
|
.It Ar access permissions
|
|
The access permissions field shall contain up to one of each of
|
|
the following: ``r'', ``w'', and ``x'' to set read, write, and
|
|
execute permissions, respectively. Each of these may be excluded
|
|
or replaced with a ``-'' character to indicate no access.
|
|
.El
|
|
.Pp
|
|
A
|
|
.Ar mask
|
|
ACL entry is required on a file with any ACL entries other than
|
|
the default
|
|
.Ar user ,
|
|
.Ar group ,
|
|
and
|
|
.Ar other
|
|
ACL entries. If the
|
|
.Fl n
|
|
option is not specified and no
|
|
.Ar mask
|
|
ACL entry was specified, the
|
|
.Nm
|
|
utility
|
|
will apply a
|
|
.Ar mask
|
|
ACL entry consisting of the union of the permissions associated
|
|
with all
|
|
.Ar group
|
|
ACL entries in the resulting ACL.
|
|
.Pp
|
|
ACL entries applied from a file using the
|
|
.Fl M
|
|
or
|
|
.Fl X
|
|
options shall be of the following form: one ACL entry per line, as
|
|
previously specified; whitespace is ignored; any text after a # is
|
|
ignored (comments).
|
|
.Pp
|
|
When ACL entries are evaluated, the access check algorithm checks
|
|
the ACL entries in the following order: file owner,
|
|
.Ar user
|
|
ACL entries, file owning group,
|
|
.Ar group
|
|
ACL entries, and
|
|
.Ar other
|
|
ACL entry.
|
|
.Sh RETURN VALUES
|
|
The
|
|
.Nm
|
|
utility returns 0 on success and > 0 if an error occurs.
|
|
.Sh EXAMPLES
|
|
.Dl setfacl -m u::rwx,g:mail:rw file
|
|
.Pp
|
|
Sets read, write, and execute permissions for the
|
|
.Pa file
|
|
owner's ACL entry and read and write permissions for group mail on
|
|
.Pa file .
|
|
.Pp
|
|
.Dl setfacl -M file1 file2
|
|
.Pp
|
|
Sets/updates the ACL entries contained in
|
|
.Pa file1
|
|
on
|
|
.Pa file2 .
|
|
.Pp
|
|
.Dl setfacl -x g:mail:rw file
|
|
.Pp
|
|
Remove the group mail ACL entry containing read/write permissions
|
|
from
|
|
.Pa file.
|
|
.Pp
|
|
.Dl setfacl -b file
|
|
.Pp
|
|
Remove all ACL entries except for the three required
|
|
entries from
|
|
.Pa file .
|
|
.Pp
|
|
.Dl getfacl file1 | setfacl -b -n -M - file2
|
|
.Pp
|
|
Copy ACL entries from
|
|
.Pa file1
|
|
to
|
|
.Pa file2 .
|
|
.Sh SEE ALSO
|
|
.Xr getfacl 1 ,
|
|
.Xr acl 3 ,
|
|
.Xr getextattr 8 ,
|
|
.Xr setextattr 8 ,
|
|
.Xr acl 9 ,
|
|
.Xr extattr 9 .
|
|
.Sh STANDARDS
|
|
The
|
|
.Nm
|
|
utility is expected to be IEEE Std 1003.2c compliant.
|
|
.Sh HISTORY
|
|
Extended Attribute and Access Control List support was developed
|
|
as part of the TrustedBSD Project and introduced in
|
|
.Fx 5.0 .
|
|
.Sh AUTHORS
|
|
The
|
|
.Nm
|
|
utility was written by
|
|
.An Chris D. Faulhaber Aq jedgar@fxp.org .
|