Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
919293949596979899100
For example, if you want any files created in the directory projectdir to be readable
by certain users, you can create the appropriate default entries, as follows:
$ setacl -m d:u:boss:r,d:u:jjones:r,d:u:dev:r projectdir
$ getacl projectdir
# file: projectdir
# owner: jsmith
# group: users
user::rw-
user:boss:rw-
user:jjones:rw-
user:jdoe:---
group::rw-
group:dev:rw-
class:rw-
other:---
default:user:boss:r---
default:user:jjones:r--
default:group:dev:r--
If the newly created file is a directory, the same ACL entries are generated. In addition,
the default entries themselves are also placed in the ACL.
With these entries in place, any new file created in the directory projectdir will have
an ACL like that shown previously without the default entries.
5.4.10 Changing JFS ACL with the setacl Command
This section presents more examples of using the setacl command.
5.4.10.1 Using the Modify and Delete Options
The following setacl command uses the -m (modify) option to give read-only access
to the user boss for the junk file:
$ setacl -m u:boss:r-- junk
To grant read and write access to everyone in the group dev, use the group (g:)
parameter with the setacl -m command:
$ setacl -m g:dev:rw- junk
The -d option deletes an entry. With -d, do not specify any permissions in the ACL
entry. For example, the following command deletes the entry for the group dev:
$ setacl -d g:dev junk
5.4.10.2 Using the -f Option
If you are adding or changing several entries, you can use a different procedure. You
can save the ACL to a file, edit the file, and then apply this new ACL to the file. For
example, save the ACL to a file with this command:
$ getacl junk > junk.acl
100 File System Security