chacl is an IRIX-compatibility command, and is maintained for
those users who are familiar with its use from either XFS or
IRIX. Refer to the SEE ALSO section below for a description of
tools which conform more closely to the (withdrawn draft) POSIX
1003.1e standard which describes Access Control Lists (ACLs).
chacl changes the ACL(s) for a file or directory. The ACL(s)
specified are applied to each file in the pathnamearguments.
Each ACL is a string which is interpreted using the
acl_from_text(3) routine. These strings are made up of comma
separated clauses each of which is of the form, tag:name:perm.
Where tagcan be:
"user" (or "u")
indicating that the entry is a user ACL entry.
"group" (or "g")
indicating that the entry is a group ACL entry.
"other" (or "o")
indicating that the entry is an other ACL entry.
"mask" (or "m")
indicating that the entry is a mask ACL entry.
nameis a string which is the user or group name for the ACL
entry. A null namein a user or group ACL entry indicates the
file's owner or file's group. permis the string "rwx" where
each of the entries may be replaced by a "-" indicating no access
of that type, e.g. "r-x", "--x", "---".
-b Indicates that there are two ACLs to change, the first is
the file access ACL and the second the directory default
-d Used to set only the default ACL of a directory.
-R Removes the file access ACL only.
-D Removes directory default ACL only.
-B Remove all ACLs.
-l Lists the access ACL and possibly the default ACL
associated with the specified files or directories. This
option was added during the Linux port of XFS, and is not
-r Set the access ACL recursively for each subtree rooted at
pathname(s). This option was also added during the Linux
port of XFS, and is not compatible with IRIX.
A minimum ACL:
chacl u::rwx,g::r-x,o::r-- file
The file ACL is set so that the file's owner has "rwx", the
file's group has read and execute, and others have read only
access to the file.
An ACL that is not a minimum ACL, that is, one that specifies a
user or group other than the file's owner or owner's group, must
contain a mask entry:
chacl u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x file1 file2
To set the default and access ACLs on newdirto be the same as on
olddir, you could type:
chacl -b `chacl -l olddir | \sed -e 's/.*\[//' -e 's#/# #' -e 's/]$//'` newdir
chacl can replace the existing ACL. To add or delete entries,
you must first do chacl -lto get the existing ACL, and use the
output to form the arguments to chacl.
Changing the permission bits of a file will change the file
access ACL settings (see chmod(1)). However, file creation mode
masks (see umask(1)) will not affect the access ACL settings of
files created using directory default ACLs.
ACLs are filesystem extended attributes and hence are not
typically archived or restored using the conventional archiving
utilities. See attr(5) for more information about extended
attributes and see xfsdump(8) for a method of backing them up
This page is part of the acl (manipulating access control lists)
project. Information about the project can be found at
⟨http://savannah.nongnu.org/projects/acl⟩. If you have a bug
report for this manual page, see
⟨http://savannah.nongnu.org/bugs/?group=acl⟩. This page was
obtained from the project's upstream Git repository
⟨git://git.savannah.nongnu.org/acl.git⟩ on 2020-12-18. (At that
time, the date of the most recent commit that was found in the
repository was 2020-09-03.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
September 2001 ACL File Utilities CHACL(1)