OSF DCE Administration Guide--Core Components
Using Access Control Lists
To copy an extended entry type from the domain of one ACL manager to the domain of
another ACL manager, use the output of the dcecp acl show command as the input to an
acl replace command. To copy extended entries this way, both ACL managers must
support the extended entry type.
28.5 Generating ACLs from Files
A convenient way to create an ACL is to create and edit a text file so that it contains the
desired ACL entries, and then generate the ACL from it by using an acl replace
operation.
For example, assume the file std_acl contains the following entries:
mask_obj:crwxid-
user_obj:crwxid-
group_obj:crwx---
other_obj:-r-----
user:lizt:crwx---
group:composers:-r-----
user:bach:crwx---
user:mozart:crwx---
The following acl replace operation adds the entries in std_acl to an ACL named
/.../dresden.com/my_filesystem/opus:
dcecp> acl replace /.../dresden.com/my_filesystem/opus -acl [cat std_acl]
The acl replace operation overwrites all ACL entries with the ones from the file
std_acl. Regardless of what they were before, the ACLs for opus now look like this:
mask_obj:crwxid-
user_obj:crwxid-
user:lizt:crwx---
user:bach:crwx---
user:mozart:crwx---
group_obj:crwx---
group:composers:-r-----
other_obj:-r-----
28.6 Container ACLs
The Object ACL controls access to the object itself. A container object has, in addition
to its Object ACL, an Initial Container ACL and an Initial Object ACL. These two
ACLs are not used for access control as such, but instead for cloning initial ACLs for
124243 Tandem Computers Incorporated 28− 17