chacl.1 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

chacl(1) chacl(1)

error, continues, and eventually returns non-zero.

-f fromfile tofile

Copy the ACL from fromﬁle to the speciﬁed toﬁle, transferring ownership, if necessary

(see acl (5), chown(2), or chownacl (3C)). fromﬁle can be

- to represent standard input.

This option implies the

-r option. If the owner and group of fromﬁle are identical to

those of toﬁle ,

chacl -f

is identical to:

chacl -r ‘lsacl fromfile‘ tofile ...

To copy an

ACL without transferring ownership, the above command is suggested instead

of chacl -f.

-z Delete (‘‘zap’’) all optional entries in the speciﬁed ﬁle’s

ACL

s, leaving only base entries.

-Z Delete (‘‘zap’’) all optional entries in the speciﬁed ﬁle’s

ACL

s, and set the access modes in

all base entries to zero (no access). This is identical to replacing the old

ACL with a null

ACL:

chacl -r ’’ file ...

or using chmod(1), which deletes optional entries as a side effect:

chmod 0 ﬁle ...

-F Incorporate (‘‘fold’’) optional ACL entries into base ACL entries. The base ACL entry’s per-

mission bits are altered, if necessary, to reﬂect the caller’s effective access rights to the

ﬁle; all optional entries, if any, are deleted.

For ordinary users, only the access mode of the owner base

ACL entry can be altered.

Unlike getaccess, the write bit is not turned off for a ﬁle on a read-only ﬁle system or

a shared-text program being executed (see getaccess (1)).

For super-users, only the execute mode bit in the owner base

ACL entry might be

changed, only if the ﬁle is not an regular ﬁle or if an execute bit is not already set in a

base ACL entry mode, but is set in an optional ACL entry mode.

acl also can be obtained from a string in a ﬁle:

chacl ‘cat file‘ ﬁles ...

Using @ in acl to represent ‘‘ﬁle owner or group’’ can cause

chacl to run more slowly because it must

reparse the

ACL for each ﬁle (except with the -d option).

EXTERNAL INFLUENCES

Environment Variables

LANG determines the language in which messages are displayed.

LANG is not speciﬁed or is set to the empty string, a default of "C" (see lang(5)) is used instead of

LANG. If any internationalization variable contains an invalid setting, chacl behaves as if all interna-

tionalization variables are set to "C". See environ (5).

RETURN VALUE

chacl succeeds, it returns a value of zero.

chacl encounters an error before it changes any ﬁle’s ACL, it prints an error message to standard

error and returns 1. Such errors include invalid invocation, invalid syntax of acl (aclpatt ), a given user

name or group name is unknown, or inability to get an ACL from fromﬁle with the -f option.

chacl cannot execute the requested operation, it prints an error message to standard error, contin-

ues, and later returns 2. This includes cases when a ﬁle does not exist, a ﬁle’s ACL cannot be altered,

more ACL entries would result than are allowed, or an attempt is made to delete a non-existing ACL entry.

EXAMPLES

The following command adds read access for user

jpc in any group, and removes write access for any

user in the ﬁles’s groups, for ﬁles x and y.

chacl "jpc.%+r, %.@-w" x y

This command replaces the ACL on the ﬁle open as standard input and on ﬁle test with one which only

allows the ﬁle owner read and write access.

2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010