Open System Services Shell and Utilities Reference Manual (G06.28+, H06.05+)
User Commands (g - j) getacl(1)
The getacl command displays ACL entries in the order in which the entries are evaluated when
an access check is performed. Any default ACL entries for a directory have no effect on access
checks.
The file owner (user::) permission bits represent the access that the owner of the file has. The file
class permission bits represent the most access that any additional user entry, additional group
entry, or the owning group entry can grant. The file other permission bits represent the access
that the other ACL entry has. If a user invokes the chmod command or the setacl command and
changes the file class permission bits, the access granted by the additional ACL entries might be
restricted. For detailed information about ACLs, see the acl(5) reference page.
To indicate that the file group class permission bits restrict an ACL entry, getacl displays, after
each affected entry, text in the form #effective:perm, where perm shows only the permissions
actually granted.
EXAMPLES
Given file filea, with an ACL six entries long, the command getacl filea displays:
# file: filea
# owner: fletcher
# group: us
user::rwx
user:spy:---
user:archer:rw-
group::r--
class:rw-
other:---
Given file filea, with an ACL six entries long, after the command chmod 700 filea was issued,
the command getacl filea displays:
# file: filea
# owner: fletcher
# group: us
user::rwx
user:spy:---
user:archer:rw- #effective:---
group::r-- #effective:---
class:---
other:---
Given directory fileb, with an ACL containing default entries, the command getacl -d fileb
displays:
# file: fileb
# owner: fletcher
# group: us
default:user::rwx
default:user:spy:---
default:group::r--
default:other:---
Given directory fileb, the command getacl fileb displays:
# file: fileb
# owner: fletcher
# group: us
user::rwx
527188-007 Hewlett-Packard Company 4−11