.\" Copyright (C) 2001, 2002, 2004  Silicon Graphics, Inc.  All rights reserved.

.\"

.\" This is free documentation; you can redistribute it and/or

.\" modify it under the terms of the GNU General Public License as

.\" published by the Free Software Foundation; either version 2 of

.\" the License, or (at your option) any later version.

.\"

.\" The GNU General Public License's references to "object code"

.\" and "executables" are to be interpreted as the output of any

.\" document formatting or typesetting system, including

.\" intermediate and printed output.

.\"

.\" This manual is distributed in the hope that it will be useful,

.\" but WITHOUT ANY WARRANTY; without even the implied warranty of

.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

.\" GNU General Public License for more details.

.\"

.\" You should have received a copy of the GNU General Public

.\" License along with this manual.  If not, see

.\" <http://www.gnu.org/licenses/>.

.\"

.TH CHACL 1 "ACL File Utilities" "September 2001" "Access Control Lists"

.SH NAME

chacl \- change the access control list of a file or directory

.SH SYNOPSIS

.B chacl acl pathname...

.br

.B chacl \-b acl dacl pathname...

.br

.B chacl \-d dacl pathname...

.br

.B chacl \-R pathname...

.br

.B chacl \-D pathname...

.br

.B chacl \-B pathname...

.br

.B chacl \-l pathname...

.br

.B chacl \-r pathname...

.br

.SH DESCRIPTION

.I chacl

is an IRIX-compatibility command, and is maintained for those

users who are familiar with its use from either XFS or IRIX.

Refer to the

.B "SEE ALSO"

section below for a description of tools

which conform more closely to the (withdrawn draft) POSIX 1003.1e

standard which describes Access Control Lists (ACLs).

.PP

.I chacl

changes the ACL(s) for a file or directory.

The ACL(s) specified are applied to each file in the \f4pathname\f1 arguments.

.P

Each ACL is a string which is interpreted using the

.IR acl_from_text (3)

routine.

These strings are made up of comma separated clauses each of which

is of the form, tag:name:perm.  Where \f4tag\fP can be:

.TP

"user" (or "u")

indicating that the entry is a user ACL entry.

.TP

"group" (or "g")

indicating that the entry is a group ACL entry.

.TP

"other" (or "o")

indicating that the entry is an other ACL entry.

.TP

"mask" (or "m")

indicating that the entry is a mask ACL entry.

.P

\f4name\fP is a string which is the user or group name for the ACL entry.

A null \f4name\fP in a user or group ACL entry indicates the file's

owner or file's group.

\f4perm\fP is the string "rwx" where each of the entries may be replaced

by a "\-" indicating no access of that type, e.g. "r\-x", "\-\-x", "\-\-\-".

.SH OPTIONS

.TP

.B \-b

Indicates that there are two ACLs to change, the first is the

file access ACL and the second the directory default ACL.

.TP

.B \-d

Used to set only the default ACL of a directory.  

.TP

.B \-R

Removes the file access ACL only.

.TP

.B \-D

Removes directory default ACL only.

.TP

.B \-B

Remove all ACLs. 

.TP

.B \-l

Lists the access ACL and possibly the default ACL associated

with the specified files or directories.  This option was added

during the Linux port of XFS, and is not IRIX compatible.

.TP

.B \-r

Set the access ACL recursively for each subtree rooted at \f4pathname\f1(s).

This option was also added during the Linux port of XFS, and is not

compatible with IRIX.

.SH EXAMPLES

A minimum ACL:

.PP

.nf

  \f3chacl u::rwx,g::r-x,o::r-- file\fP

.fi

.PP

The file ACL is set so that the file's owner has "rwx", the file's

group has read and execute, and others have read only access to the file.

.P

An ACL that is not a minimum ACL, that is, one that specifies

a user or group other than the file's owner or owner's group,

must contain a mask entry:

.PP

.nf

  \f4chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2\fP

.fi

.PP

To set the default and access ACLs on \f4newdir\f1 to be the 

same as on \f4olddir\f1, you could type:

.PP

.nf

  \f4chacl \-b `chacl \-l olddir | \\

      sed \-e 's/.*\\[//' \-e 's#/# #' \-e 's/]$//'` newdir

\fP

.fi

.SH CAUTIONS

.I chacl

can replace the existing ACL.  To add or delete entries, you

must first do \f4chacl \-l\fP to get the existing ACL, and use the output

to form the arguments to

.IR chacl .

.P

Changing the permission bits of a file will change the file access

ACL settings (see

.IR chmod (1)).

However, file creation mode masks (see

.IR umask (1))

will not affect the access ACL settings of files created using directory 

default ACLs. 

.P

ACLs are filesystem extended attributes and hence are not typically

archived or restored using the conventional archiving utilities.

See

.IR attr (5)

for more information about extended attributes and see

.IR xfsdump (8) 

for a method of backing them up under XFS.

.SH SEE ALSO

.BR getfacl "(1), " setfacl "(1), " chmod "(1), " umask "(1), " acl_from_text "(3), " acl "(5), " xfsdump (8)