getfacl(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

getfacl

Name
     getfacl - display discretionary file information

Synopsis
     getfacl [-ad] file...

Description
     For each argument that is a regular file, special  file,  or
     named  pipe,  the  getfacl  utility  displays the owner, the
     group, and the Access Control List (ACL). For each directory
     argument, getfacl displays the owner, the group, and the ACL
     and/or the default ACL.  Only  directories  contain  default
     ACLs.


     The getfacl utility may be executed on a  file  system  that
     does  not support ACLs. It reports the ACL based on the base
     permission bits.


     With no options specified, getfacl  displays  the  filename,
     the  file  owner, the file group owner, and both the ACL and
     the default ACL, if it exists.

Options
     The following options are supported:

     -a
           Displays the filename, the file owner, the file  group
           owner, and the ACL of the file.


     -d
           Displays the filename, the file owner, the file  group
           owner, and the default ACL of the file, if it exists.

Operands
     The following operands are supported:

     file
             The path name of a regular file,  special  file,  or
             named pipe.

Output
     The format for ACL output is as follows:

       # file: filename
       # owner: uid
       # group: gid
       user::perm
       user:uid:perm
       group::perm
       group:gid:perm
       mask:perm
       other:perm
       default:user::perm
       default:user:uid:perm
       default:group::perm
       default:group:gid:perm
       default:mask:perm
       default:other:perm




     When multiple files are specified on  the  command  line,  a
     blank line separates the ACLs for each file.


     The ACL entries are displayed in the order in which they are
     evaluated when an access check is performed. The default ACL
     entries that may exist on a  directory  have  no  effect  on
     access checks.


     The first three lines display the filename, the file  owner,
     and  the  file  group  owner.  Notice  that when only the -d
     option is specified and the file has no  default  ACL,  only
     these three lines are displayed.


     The user entry without a user ID indicates  the  permissions
     that   are granted to the file owner. One or more additional
     user entries indicate the permissions that  are  granted  to
     the specified users.


     The group entry without a group ID indicates the permissions
     that  are granted to the file group owner. One or more addi-
     tional group entries  indicate  the  permissions  that   are
     granted to the specified groups.


     The mask entry indicates the ACL mask permissions. These are
     the  maximum  permissions allowed to any user entries except
     the file owner, and to any group entries, including the file
     group  owner.  These  permissions  restrict  the permissions
     specified in other entries.


     The other entry indicates the permissions that  are  granted
     to others.

     The default entries may exist only  for  directories.  These
     entries  indicate  the  default  entries that are added to a
     file created within the directory.


     The uid is a login name or a user ID if there  is  no  entry
     for  the  uid  in the system password file, /etc/passwd. The
     gid is a group name or a group ID if there is no  entry  for
     the  gid in the system group file, /etc/group. The perm is a
     three character string composed of the letters  representing
     the  separate  discretionary  access  rights:  r  (read),  w
     (write), x (execute/search), or the place  holder  character
     -.  The  perm is displayed in the following order: rwx. If a
     permission is not granted by an ACL entry, the place  holder
     character appears.


     If  you use the chmod(1) command to change  the  file  group
     owner  permissions on a file with ACL entries, both the file
     group owner permissions and the ACL mask are changed to  the
     new  permissions. Be aware that the new ACL mask permissions
     may change the effective permissions  for  additional  users
     and groups who have ACL entries on the file.


     In order to indicate that the ACL  mask   restricts  an  ACL
     entry,  getfacl  displays an additional tab character, pound
     sign (#), and the actual permissions granted, following  the
     entry.

Examples
     Example 1 Displaying file information


     Given file foo, with an ACL six entries long, the command


       host% getfacl foo




     would print:


       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--
       group::r--
       mask::rw-
       other::---



     Example 2 Displaying information after chmod command


     Continue with the above example, after  chmod  700  foo  was
     issued:


       host% getfacl foo




     would print:


       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--     #effective:---
       group::---
       mask::---
       other::---



     Example 3 Displaying information when ACL  contains  default
     entries


     Given directory doo, with an ACL containing default entries,
     the command


       host% getfacl -d doo




     would print:


       # file: doo
       # owner: shea
       # group: staff
       default:user::rwx
       default:user:spy:---
       default:user:mookie:r--
       default:group::r--
       default:mask::---
       default:other::---

Files
     /etc/passwd
                    system password file


     /etc/group
                    group file

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE  TYPEATTRIBUTE  VALUE  _  Availabilitysystem/core-os  _
     Interface StabilityCommitted

See Also
     chmod(1),   ls(1),   setfacl(1),   acl(2),    aclsort(3SEC),
     group(4), passwd(4), attributes(5)

Notes
     The output from getfacl is in the correct format  for  input
     to  the  setfacl  -f  command. If the output from getfacl is
     redirected to a file, the file may be used as input to  set-
     facl.  In  this way, a user may easily assign one file's ACL
     to another file.
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 1.0 CSS3