Open System Services Shell and Utilities Reference Manual (G06.28+, H06.05+)
User Commands (s) setacl(1)
If you specify no permissions for an entry (---), the user ID or group ID specified
in the entry is denied access to the file.
The entries need not be in order. The setacl command sorts them before apply-
ing them to the file.
-m Adds one or more new ACL entries to the file, or changes one or more existing
ACL entries on the file. If an entry already exists for a specified user ID or group
ID, the specified permissions replace the current permissions. If an entry does
not exist for the specified user ID or group ID, an entry is created.
-d Deletes one or more existing ACL entries from the file. You cannot delete entries
for the file owner, the owning group, class,orother. Deleting an entry does not
necessarily have the same effect as removing all permissions from the entry.
Specifically, deleting an entry for a specific user causes the permissions for that
user to be determined by the other entry (or other group entries, if the user is in
those groups).
-f Sets the ACL for the specified file using the ACL entries contained in the file
named acl_file. The constraints for entries in the acl_file are the same as the con-
straints for entries you specify using the -s flag. The character # in acl_file indi-
cates a comment. All characters, starting with the #, until the end of the line, are
ignored. If the acl_file has been created as the output of the getacl command,
any effective permissions, which are written with a preceding #, are also ignored.
Using the setacl command can result in changes to the file permission bits. When you change
the user ACL entry for the file owner, the file owner permission bits are modified. When you
change the other ACL entry, the file other permission bits are modified. When you set or
modify additional user ACL entries, any group ACL entries, or both, the class permission bits are
modified to reflect the maximum permissions allowed by the additional user entries and all the
group entries.
If an ACL contains no additional user or additional group entries, the permissions in the group
entry for the object-owning group and the class entry must be the same. Therefore, if specifying
the -d flag results in no additional user entries and no additional group entries, the class entry
permissions are set to the permissions of the owning-group entry, whether or not the -n flag is
specified.
A directory can contain default ACL entries. If a file is created in a directory that contains
default ACL entries, the file inherits those default ACL entries as described in the acl(5) refer-
ence page.
If an ACL contains no additional default:user or additional default:group entries, and you
specify a default:group entry for the owning group, you must also specify a default:class entry
that has the same permissions as the default:group entry.
EXAMPLES
To add one ACL entry to file filea, giving user archer read permission only, use this command:
setacl -m user:archer:r-- filea
If an entry for user archer already exists, this command sets the permissions in that entry to r--.
To replace the entire ACL for file filea and add entries:
• Allowing read/write access for users archer and fletcher
• For the file owner allowing all access
527188-007 Hewlett-Packard Company 8−13