5.0; edacl (edit_acl), revision 5.0, 82/09/17
EDACL (EDIT_ACCESS_CONTROL_LIST) -- Edit or list an ACL.
usage:  EDACL [commands] [-I | -P] [-DIR | -FILE | -IF | -ID] pathname...
        EDACL commands: [-C ppon rts] [-CF ppon rts] [-A ppon rts]
                        [-AF ppon rts] [-AR ppon rts] [-D ppon] [-DF ppon rts]
                        [-DR ppon rts] [-CDN node] [-CN ppon node] [-L] [-Q]


FORMAT

  EDACL [commands] [options] pathname...


  Every directory and file has an associated access control list (ACL) that
  lists users and their rights to the object.  EDACL edits or displays the ACL
  of the object(s) specified.


ARGUMENTS

  pathname
  (required)       Specify the object whose ACL you wish to edit or display.
                   Multiple pathnames and wildcarding are permitted.

  commands
  (optional)       Specify the action(s) described below.  If you do not
                   specify a command, EDACL enters an interactive editing mode.
                   Default if omitted: read commands from standard input; do not
                                       precede commands with a hyphen (-) in
                                       this mode.

COMMANDS

           Note:   PPON stands for Person.Project.Organization.Node
                   "Rights" stands for Access Rights

  -L               List ACL entries.

  -A ppon rights   Add the specified entry to an ACL.  You will receive an
                   error message if the ACL entry exists.

  -AF ppon rights  Add force. Add the specified entry to an ACL.  You will
                   not receive an error message if the ACL entry exists.

  -C ppon rights   Change the access rights in the entry for ppon (replaces
                   current rights).  You will receive an error message
                   if the entry does not exist.

  -CF ppon rights  Change force.  Change the access rights in the entry for
                   ppon (replaces current rights).  You will not receive an
                   error message if the entry does not exist.

  -D  ppon         Delete the ACL entry for ppon.  You will receive an error
                   message if the entry does not exist.

  -DR ppon rights  Delete the specified rights from the entry for ppon.

  -AR ppon rights  Add the specified rights to the entry for ppon.  You will
                   receive an error message if the entry does not exist.

  -CDN node        Change the default node ID.

  -CN ppon node    Change the node ID entry in ppon.

  -Q               Quit without changing the object's ACL.  This command is
                   useful only when you supply EDACL commands interactively
                   (see -I).


OPTIONS

  -DIR             Only operate on directories.

  -FILE            Only operate on files.

  -ID              Edit the default initial ACL for directories (-DIR implied).

  -IF              Edit the default initial ACL for files (-DIR implied).

  The following two options apply only when EDACL reads commands from standard
  input:

  -P               EDACL interprets commands when it receives an EOF (usually
                   CTRL/Z).  This is the default when you have redirected
                   standard input (i.e., instructed the program to read
                   commands from a Shell program, here document, file, or pipe).

  -I               EDACL interprets commands as you enter them.  This is the
                   default when you have not redirected standard input.  You may
                   only specify one pathname (with no wildcards) in this mode.
                   EDACL changes a copy of the ACL; the command does not assign
                   a new ACL to an object until it reads an EOF.  Thus, EDACL -I
                   does not change an ACL if you terminate the session with the
                   "Q" command.

  EDACL uses the command line parser, and so also accepts the standard command
  options listed in HELP CL.


EXAMPLE

  The order of the commands in the following sequence is significant.

  $ edacl -L sales                  List ACL for the file 'sales'.  The
    %.%.%.%     pgndwrx              ppon is all wildcards (%.%.%.%), so
                                     all users have complete rights
  $                                  (pgndwrx) to 'sales'.


  $ edacl sales -cf dan.%  -none    Deny user DAN access to 'sales'.
  $ edacl -L sales                  Other users still have all rights.
    DAN.%.%.%    -------             Note that the system automatically
    %.%.%.%      pgndwrx             places specific entries before
  $                                  general ones.


  $ edacl sales -a joe -owner       Add user JOE to the ACL for 'sales'
  $ edacl -L sales                   with all rights.
    joe.%.%.%    pgndwrx
    dan.%.%.%    -------
    %.%.%.%      pgndwrx
  $


  $ edacl sales -a %.%.mktg wrx     Allow users in the MKTG organization
  $ edacl -L sales                   to change file contents, but do not
    joe.%.%.%     pgndwrx            let them assign rights to others (p
    dan.%.%.%.    -------            and g), change the node ID entry (n),
    %.%.mktg.%    ----wrx            or delete the file (d).
    %.%.%.%       pgndwrx
  $


  $ edacl sales -c % r              Change everyone else's access to read
  $ edacl -L sales                   only.  Note that the more liberal
    joe.%.%.%     pgndwrx            rights (wrx) assigned to the MKTG
    dan.%.%.%     -------            organization in the previous line
    %.%.mktg.%    ----wrx            still apply, since specific entries
    %.%.%.%       ----r--            overide general ones.
  $


RELATED TOPICS

  More information is available.  Type:

    - HELP PROTECTION ACLS
      for a detailed description of ACLS.

    - HELP ACLS
      for a list of commands used to manipulate ACLS.

    - HELP PROTECTION
      for a general discussion of DOMAIN protection mechanisms.

    - HELP PROTECTION SIDS
      for details about subject identifiers (PPON's).

    - HELP PROTECTION RIGHTS
      for details about the various access rights and what they mean.