getacl - Displays the discretionary access control information (ACL)
getacl [-d|-D] [-g group[,group...]] [-n]
[-m] [-u user[,user...]] file...
Displays the default access ACL. The -d and -D options are mutually exclusive. Displays the default directory ACL. The -D flag is not defined by POSIX. The -d and -D options are mutually exclusive. Display the designated group entries only. The -g flag is not defined by POSIX. Display the output in multicolumns. The -m flag is not defined by POSIX. Use numeric IDs. The -n flag is not defined by POSIX. Display the designated user entries. The -u flag may be used multiple times on the command line. The -u flag is not defined by POSIX.
This command is based on Draft 13 of the POSIX P1003.6 standard. The arguments may change as the P1003.6 standard is finalized.
The getacl command displays the selected type of ACL for each file or directory named on the command line.
The following three types of ACLs may be retrieved:
Both the default directory ACL and default access ACL are propagated down through the directory tree as each directory is created.
The user readable format of the ACL consists of the comments section and the entries section. The comments section contains the following three lines:
Each line of the comments section begins with a # character.
The ACL entries section by default consists of one line per entry. Each line contains three colon-separated fields defined as:
The output display format and relative ordering of ACL entries is as follows:
The following are some typical getacl outputs:
% getacl /ufs/test # # file: /ufs/test # owner: root # group: system # user::rwx user:fran:-wx user:adm:r-- group::r-x other::r-x
% getacl -g adm /ufs/test # # file: /ufs/test # owner: root # group: system #
% getacl -u adm /ufs/test # # file: /ufs/test # owner: root # group: system # user:adm:r--
If any ACL entry is wider than the screen, the access control list is continued on the next line, indented to the previous line. The width of the screen is taken from the COLUMNS environment variable, if the variable is not set, the default width is 80 columns.
The -m option may be used to cause the ACL to be displayed in a multicolumn format. The user entries defined in the ACL are placed on the screen in the maximum number of columns allowed by the current size of the screen, followed by the group entries.
The output from the getacl command is in the correct format for input to the setacl command. The output may be redirected into a file, then the output file can be used as input to the setacl command. This technique is useful for assigning the ACL on an existing file to one or more new files. For example: $ getacl file1 > entries_file $ setacl -U entries_file file2 file3 file4
The getacl command displays the access control lists of those files that resides in directories that the user has search permissions to.
If successful, the getacl command exits with a status of zero. Otherwise, this command exits with a status of 1 if it aborted because of syntax errors, or if the ACL of one or more files could not be accessed.
Security delim off