|HP-UX Reference > S
HP-UX 11i Version 3: February 2007
setacl — modify access control lists (ACLs) for files (JFS File Systems only)
setacl [-n] -s acl_entries file...
setacl [-n] -m|-d acl_entries [-m|-d acl_entries]... file...
setacl [-n] -f acl_file file...
For each file specified, setacl will either replace its entire ACL, including the default ACL on a directory, or it will add, modify, or delete one or more ACL entries, including default entries on directories.
The -s option will set the ACL to the entries specified on the command line. The -f option will set the ACL to the entries contained within the file acl_file. The -d option will delete one or more specified entries from the file's ACL. The -m option will add or modify one or more specified ACL entries.
One of the options -s, -m, -d, or -f must be specified. If -s or -f are specified, other options are invalid. The -m and -d options may be combined, and multiple -m and -d options may be specified.
For the -m and -s options, acl_entries are one or more comma separated ACL entries selected from the following list. For the -f option, acl_file must contain ACL entries, one to a line, selected from the same list. Default entries may only be specified for directories. Bold face' indicates that characters must be typed as specified, brackets denote optional characters, and italicized characters are to be specified by the user. Choices, of which exactly one must be selected, are separated by vertical bars.
For the -d option, acl_entries are one or more comma separated ACL entries without permissions, selected from the following list. Note that the entries for file owner, owning group, and others may not be deleted.
In the above lists, the user specifies the following:
The options have the following meanings:
When the setacl command is used, it may result in changes to the file permission bits. When the user ACL entry for the file owner is changed, the file owner permission bits will be modified. When the other ACL entry is changed, the file other permission bits will be modified. When additional user ACL entries and/or any group ACL entries are set or modified, the file group permission bits will be modified to reflect the maximum permissions allowed by the additional user entries and all the group entries.
If an ACL contains no additional user or additional group entries, the permissions in the group entry for the object owning group and the class entry must be the same. Therefore, if the -d option is specified and results in no additional user entries and no additional group entries, the class entry permissions will be set equal to the permissions of the owning group entry. This happens regardless of whether or not the -n option was specified.
A directory may contain default ACL entries. If a file is created in a directory which contains default ACL entries, the entries will be added to the newly created file. Note that the default permissions specified for the file owner, file owning group, and others, will be constrained by the umask and the mode specified in the file creation call.
If an ACL contains no additional default:user or additional default:group entries and a default:group entry is specified for the object owning group, then a default:class entry must also be specified, and the permissions in the default:group entry for the object owning group and the permissions for the default:class entry must be the same.
This command may be executed on a file system that does not support ACLs, to set the permissions for the three base entries for the file owner, file owning group, and others. Additional entries and default entries will not be allowed in this case.
To add one ACL entry to file filea, giving user archer read permission only, type:
setacl -m user:archer:r-- filea
If an entry for user archer already exists, this command will set the permissions in that entry to r--.
To replace the entire ACL for file filea, adding entries for users archer and fletcher, allowing read/write access, an entry for the file owner allowing all access, an entry for the file group allowing read access only, and an entry for others disallowing all access, type:
Note that following this command, the file permission bits would be set to -rwxrw----. Even though the file owning group has only read permission, the maximum permissions available to all additional user ACL entries, and all group ACL entries, are read and write, since the two additional user entries both specify these permissions.
To set the same ACL on file filea as in the above example, using the -f option, type:
setacl -f filea.acl filea
with file filea.acl edited to contain:
user::rwx user:archer:rw- user:fletcher:rw- group::r-- other:---
Because the -n option was not specified, no class entry was needed. If a class entry had been present it would have been ignored.