[file ...]
DESCRIPTION
The setfacl utility sets discretionary access control information on the
specified file(s).
The following options are available:
-b Remove all ACL entries except for the three required entries. If
the ACL contains a ``mask'' entry, the permissions of the
``group'' entry in the resulting ACL will be set to the permis-
sion associated with both the ``group'' and ``mask'' entries of
the current ACL.
-d The operations apply to the default ACL entries instead of access
ACL entries. Currently only directories may have default ACL's.
-h If the target of the operation is a symbolic link, perform the
operation on the symbolic link itself, rather than following the
link.
-k Delete any default ACL entries on the specified files. It is not
considered an error if the specified files do not have any
default ACL entries. An error will be reported if any of the
specified files cannot have a default entry (i.e. non-directo-
ries).
-m entries
Modify the ACL entries on the specified files by adding new
entries and modifying existing ACL entries with the ACL entries
specified in entries.
-M file
Modify the ACL entries on the specified files by adding new ACL
entries and modifying existing ACL entries with the ACL entries
specified in the file file. If file is -, the input is taken
from stdin.
-n Do not recalculate the permissions associated with the ACL mask
entry.
-x entries
Remove the ACL entries specified in entries from the access or
default ACL of the specified files.
-X file
Remove the ACL entries specified in the file file from the access
or default ACL of the specified files.
The above options are evaluated in the order specified on the command-
line.
ACL qualifier
The ACL qualifier field describes the user or group associated
with the ACL entry. It may consist of one of the following: uid
or user name, gid or group name, or empty. For ``user'' ACL
entries, an empty field specifies access granted to the file
owner. For ``group'' ACL entries, an empty field specifies
access granted to the file owning group. ``mask'' and ``other''
ACL entries do not use this field.
access permissions
The access permissions field contains up to one of each of the
following: `r', `w', and `x' to set read, write, and execute per-
missions, respectively. Each of these may be excluded or
replaced with a `-' character to indicate no access.
A ``mask'' ACL entry is required on a file with any ACL entries other
than the default ``user'', ``group'', and ``other'' ACL entries. If the
-n option is not specified and no ``mask'' ACL entry was specified, the
setfacl utility will apply a ``mask'' ACL entry consisting of the union
of the permissions associated with all ``group'' ACL entries in the
resulting ACL.
ACL entries applied from a file using the -M or -X options shall be of
the following form: one ACL entry per line, as previously specified;
whitespace is ignored; any text after a `#' is ignored (comments).
When ACL entries are evaluated, the access check algorithm checks the ACL
entries in the following order: file owner, ``user'' ACL entries, file
owning group, ``group'' ACL entries, and ``other'' ACL entry.
Multiple ACL entries specified on the command line are separated by com-
mas.
DIAGNOSTICS
The setfacl utility exits 0 on success, and >0 if an error occurs.
EXAMPLES
setfacl -m u::rwx,g:mail:rw file
Sets read, write, and execute permissions for the file owner's ACL entry
and read and write permissions for group mail on file.
setfacl -M file1 file2
Sets/updates the ACL entries contained in file1 on file2.
setfacl -x g:mail:rw file
Remove the group mail ACL entry containing read/write permissions from
file.
HISTORY
Extended Attribute and Access Control List support was developed as part
of the TrustedBSD Project and introduced in FreeBSD 5.0.
AUTHORS
The setfacl utility was written by Chris D. Faulhaber <jedgar@fxp.org>.
FreeBSD 5.1 January 7, 2001 FreeBSD 5.1
Man(1) output converted with
man2html