1getfacl(1)                       User Commands                      getfacl(1)
2
3
4

NAME

6       getfacl - display discretionary file information
7

SYNOPSIS

9       getfacl [-ad] file...
10
11

DESCRIPTION

13       For  each argument that is a regular file, special file, or named pipe,
14       the getfacl utility displays the owner, the group, and the Access  Con‐
15       trol  List  (ACL).  For  each  directory argument, getfacl displays the
16       owner, the group, and the ACL and/or the default ACL. Only  directories
17       contain default ACLs.
18
19
20       The getfacl utility may be executed on a file system that does not sup‐
21       port ACLs. It reports the ACL based on the base permission bits.
22
23
24       With no options specified, getfacl  displays  the  filename,  the  file
25       owner,  the  file group owner, and both the ACL and the default ACL, if
26       it exists.
27

OPTIONS

29       The following options are supported:
30
31       -a    Displays the filename, the file owner, the file group owner,  and
32             the ACL of the file.
33
34
35       -d    Displays  the filename, the file owner, the file group owner, and
36             the default ACL of the file, if it exists.
37
38

OPERANDS

40       The following operands are supported:
41
42       file    The path name of a regular file, special file, or named pipe.
43
44

OUTPUT

46       The format for ACL output is as follows:
47
48         # file: filename
49         # owner: uid
50         # group: gid
51         user::perm
52         user:uid:perm
53         group::perm
54         group:gid:perm
55         mask:perm
56         other:perm
57         default:user::perm
58         default:user:uid:perm
59         default:group::perm
60         default:group:gid:perm
61         default:mask:perm
62         default:other:perm
63
64
65
66
67       When multiple files are specified on the command  line,  a  blank  line
68       separates the ACLs for each file.
69
70
71       The  ACL entries are displayed in the order in which they are evaluated
72       when an access check is performed. The default  ACL  entries  that  may
73       exist on a directory have no effect on access checks.
74
75
76       The  first  three  lines  display the filename, the file owner, and the
77       file group owner. Notice that when only the -d option is specified  and
78       the file has no default ACL, only these three lines are displayed.
79
80
81       The  user  entry  without a user ID indicates the permissions that  are
82       granted to the file owner. One or more additional user entries indicate
83       the permissions that are granted to the specified users.
84
85
86       The  group entry without a group ID indicates the permissions that  are
87       granted to the file group owner. One or more additional  group  entries
88       indicate the permissions that  are granted to the specified groups.
89
90
91       The  mask entry indicates the ACL mask permissions. These are the maxi‐
92       mum permissions allowed to any user entries except the file owner,  and
93       to any group entries, including the file group owner. These permissions
94       restrict the permissions specified in other entries.
95
96
97       The other entry indicates the permissions that are granted to others.
98
99
100       The default entries may exist only for directories. These entries indi‐
101       cate  the  default  entries that are added to a file created within the
102       directory.
103
104
105       The uid is a login name or a user ID if there is no entry for  the  uid
106       in  the system password file, /etc/passwd. The gid is a group name or a
107       group ID if there is no entry for the gid in  the  system  group  file,
108       /etc/group.  The  perm is a three character string composed of the let‐
109       ters representing the separate discretionary access rights: r (read), w
110       (write),  x (execute/search), or the place holder character . The perm
111       is displayed in the following  order:  rwx.  If  a  permission  is  not
112       granted by an ACL entry, the place holder character appears.
113
114
115       If  you use the chmod(1) command to change the file group owner permis‐
116       sions on a file with ACL entries, both the file group owner permissions
117       and  the ACL mask are changed to the new permissions. Be aware that the
118       new ACL mask permissions may change the effective permissions for addi‐
119       tional users and groups who have ACL entries on the file.
120
121
122       In order to indicate that the ACL mask  restricts an ACL entry, getfacl
123       displays an additional tab character, pound sign (#),  and  the  actual
124       permissions granted, following the entry.
125

EXAMPLES

127       Example 1 Displaying file information
128
129
130       Given file foo, with an ACL six entries long, the command
131
132
133         host% getfacl foo
134
135
136
137
138       would print:
139
140
141         # file: foo
142         # owner: shea
143         # group: staff
144         user::rwx
145         user:spy:−−−
146         user:mookie:r−−
147         group::r−−
148         mask::rw−
149         other::−−−
150
151
152
153       Example 2 Displaying information after chmod command
154
155
156       Continue with the above example, after chmod 700 foo was issued:
157
158
159         host% getfacl foo
160
161
162
163
164       would print:
165
166
167         # file: foo
168         # owner: shea
169         # group: staff
170         user::rwx
171         user:spy:−−−
172         user:mookie:r−−     #effective:−−−
173         group::−−−
174         mask::−−−
175         other::−−−
176
177
178
179       Example 3 Displaying information when ACL contains default entries
180
181
182       Given  directory  doo, with an ACL containing default entries, the com‐
183       mand
184
185
186         host% getfacl -d doo
187
188
189
190
191       would print:
192
193
194         # file: doo
195         # owner: shea
196         # group: staff
197         default:user::rwx
198         default:user:spy:−−−
199         default:user:mookie:r−−
200         default:group::r−−
201         default:mask::−−−
202         default:other::−−−
203
204
205

FILES

207       /etc/passwd    system password file
208
209
210       /etc/group     group file
211
212

ATTRIBUTES

214       See attributes(5) for descriptions of the following attributes:
215
216
217
218
219       ┌─────────────────────────────┬─────────────────────────────┐
220       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
221       ├─────────────────────────────┼─────────────────────────────┤
222       │Availability                 │SUNWcsu                      │
223       ├─────────────────────────────┼─────────────────────────────┤
224       │Interface Stability          │Evolving                     │
225       └─────────────────────────────┴─────────────────────────────┘
226

SEE ALSO

228       chmod(1),   ls(1),   setfacl(1),   acl(2),   aclsort(3SEC),   group(4),
229       passwd(4), attributes(5)
230

NOTES

232       The  output from getfacl is in the correct format for input to the set‐
233       facl -f command. If the output from getfacl is redirected  to  a  file,
234       the  file may be used as input to setfacl. In this way, a user may eas‐
235       ily assign one file's ACL to another file.
236
237
238
239SunOS 5.11                        5 Nov 1994                        getfacl(1)
Impressum