2 .\" Copyright (c) 2001 Chris D. Faulhaber
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE VOICES IN HIS HEAD BE
18 .\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
22 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
23 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24 .\" POSSIBILITY OF SUCH DAMAGE.
33 .Nd set ACL information
45 utility sets discretionary access control information on
46 the specified file(s).
47 If no files are specified, or the list consists of the
48 only "-", the file names are taken from the standard input.
50 The following options are available:
51 .Bl -tag -width indent
53 Remove all ACL entries except for the three required entries.
56 entry, the permissions of the
58 entry in the resulting ACL will be set to the permission
59 associated with both the
63 entries of the current ACL.
65 The operations apply to the default ACL entries instead of
67 Currently only directories may have
70 If the target of the operation is a symbolic link, perform the operation
71 on the symbolic link itself, rather than following the link.
73 Delete any default ACL entries on the specified files.
75 is not considered an error if the specified files do not have
76 any default ACL entries.
77 An error will be reported if any of
78 the specified files cannot have a default entry (i.e.\&
81 Modify the ACL entries on the specified files by adding new
82 entries and modifying existing ACL entries with the ACL entries
86 Modify the ACL entries on the specified files by adding new
87 ACL entries and modifying existing ACL entries with the ACL
88 entries specified in the file
94 the input is taken from stdin.
96 Do not recalculate the permissions associated with the ACL
99 Remove the ACL entries specified in
101 from the access or default ACL of the specified files.
103 Remove the ACL entries specified in the file
105 from the access or default ACL of the specified files.
108 The above options are evaluated in the order specified
111 An ACL entry contains three colon-separated fields:
112 an ACL tag, an ACL qualifier, and discretionary access
114 .Bl -tag -width indent
116 The ACL tag specifies the ACL entry type and consists of
117 one of the following:
121 specifying the access
122 granted to the owner of the file or a specified user;
126 specifying the access granted to the file owning group
127 or a specified group;
131 specifying the access
132 granted to any process that does not match any user or group
137 specifying the maximum access
138 granted to any ACL entry except the
140 ACL entry for the file owner and the
143 .It Ar "ACL qualifier"
144 The ACL qualifier field describes the user or group associated with
146 It may consist of one of the following: uid or
147 user name, gid or group name, or empty.
150 ACL entries, an empty field specifies access granted to the
154 ACL entries, an empty field specifies access granted to the
159 ACL entries do not use this field.
160 .It Ar "access permissions"
161 The access permissions field contains up to one of each of
167 to set read, write, and
168 execute permissions, respectively.
169 Each of these may be excluded
172 character to indicate no access.
177 ACL entry is required on a file with any ACL entries other than
186 option is not specified and no
188 ACL entry was specified, the
193 ACL entry consisting of the union of the permissions associated
196 ACL entries in the resulting ACL.
198 Traditional POSIX interfaces acting on file system object modes have
199 modified semantics in the presence of POSIX.1e extended ACLs.
200 When a mask entry is present on the access ACL of an object, the mask
201 entry is substituted for the group bits; this occurs in programs such
206 When the mode is modified on an object that has a mask entry, the
207 changes applied to the group bits will actually be applied to the
209 These semantics provide for greater application compatibility:
210 applications modifying the mode instead of the ACL will see
211 conservative behavior, limiting the effective rights granted by all
212 of the additional user and group entries; this occurs in programs
216 ACL entries applied from a file using the
220 options shall be of the following form: one ACL entry per line, as
221 previously specified; whitespace is ignored; any text after a
223 is ignored (comments).
225 When ACL entries are evaluated, the access check algorithm checks
226 the ACL entries in the following order: file owner,
228 ACL entries, file owning group,
234 Multiple ACL entries specified on the command line are
239 .Dl setfacl -m u::rwx,g:mail:rw file
241 Sets read, write, and execute permissions for the
243 owner's ACL entry and read and write permissions for group mail on
246 .Dl setfacl -M file1 file2
248 Sets/updates the ACL entries contained in
253 .Dl setfacl -x g:mail:rw file
255 Remove the group mail ACL entry containing read/write permissions
263 ACL entries except for the three required from
266 .Dl getfacl file1 | setfacl -b -n -M - file2
268 Copy ACL entries from
282 utility is expected to be
284 Std 1003.2c compliant.
286 Extended Attribute and Access Control List support was developed
289 Project and introduced in
294 utility was written by
295 .An Chris D. Faulhaber Aq jedgar@fxp.org .