10.0;edacl (edit_access_control_list), revision 1.0, 88/06/01
edacl (edit_access_control_list) -- Edit or list an acl.
usage:
edacl [ [-c sid rts] [-cf sid rts]
[-a sid rts] [-af sid rts] [-ar sid rts]
[-d sid] [-df sid rts] [-dr sid rts]
[-p [p] rts] [-g [g] rts] [-o [o] rts] [-w rts]
[-setuid [off]] [-setgid [off]] [-setoid [off]]
[-l] [-q]
]
[-i|-p]
[-dir|-file|-if|-id]
[-nolao|Lao]
[-recalc]
[-qw|-qa|-nq] [-ae]
pathname...
DESCRIPTION
Every directory and file has an associated access control list (ACL) that
lists users and their rights to the object. edacl edits or displays the
ACL of the object(s) specified. The structure and usage of an ACL is
described in detail in help protection acls.
ARGUMENTS
pathname (required)
Specify the object whose ACL you wish to edit or display.
Multiple pathnames and wildcarding are permitted.
commands (optional)
Specify the action(s) described below. If you do not
specify a command, edacl enters an interactive editing
mode.
Default if omitted: read commands from standard input; do
not precede commands with a hyphen (-) in this mode.
COMMANDS
Many of the commands described below take arguments called 'sid' and
'rights'. These are summarized in the sections preceding the EXAMPLES.
-l List ACL entries.
-a sid rights Add the specified entry to an ACL. You receive an error
message if the ACL entry exists.
-af sid rights Add force. Add the specified entry to an ACL. You do not
receive an error message if the ACL entry exists.
-ar sid rights Add the specified rights to an ACL. You receive an error
message if the entry does not exist.
-c sid rights Change the access rights in the entry for sid (replaces
current rights). You receive an error message if the
entry does not exist.
-cf sid rights Change force. Change the access rights to an ACL. You do
not receive an error message if the entry does not exist.
-d sid Delete the ACL entry for sid. You receive an error
message if the entry does not exist.
-df sid rights Delete force. Delete the specified rights from the entry
for sid. You do not receive an error message if the ACL
entry does not exist.
-dr sid rights Delete the specified rights from the entry for sid. You
receive an error message if the entry does not exist.
-p p rights Set the required entry for person p.
-g g rights Set the required entry for group g.
-o o rights Set the required entry for organization o.
-w rights Set the required entry for world.
-lao Resrict access to local node.
-nolao Remove restriction to local node.
-recalc Recalculate statrights for an ACL. This command is
provided to allow the Aegis user to undo the effects of
chmod. These rights are recalculated automatically any
time that edacl changes the ACL for an object.
-q Quit without changing the object's ACL. This command is
useful only when you supply edacl commands interactively
(see -inter). To signal successful completion and update
the ACL, use EOF in standard input (usually CTRL/Z).
The following three commands are meaningful primarily for Domain/OS
applications. If the pertinent index is enabled, the process executing
the file assumes the person, group, and/or organization identity of the
file. Each may be set only to the corresponding required entry. For
example, you may only setuid to the owner of the file. (This is the
Domain/OS equivalent of Aegis protected subsystems.) The indexes may be
set for both files and directories, but are meaningful only for files.
-setuid [off | on]
Assign the set person index.
If you specify off, the set person index is deleted.
If you specify on, the set person index is added.
-setgid [off | on]
Assign the set group index.
If you specify off, the set group index is deleted.
If you specify on, the set group index is added.
-setoid [off | on]
Assign the set organization index.
If you specify off, the set organization index is deleted.
If you specify on, the set organization index is added.
OPTIONS
-dir Operate only on directories.
-file
Operate only on files.
-id Edit the default initial ACL for directories (-dir implied).
-if Edit the default initial ACL for files (-dir implied).
The following two options apply only when edacl reads commands from
standard input:
-prog edacl interprets commands when it receives an EOF (usually
CTRL/Z). This is the default when you redirect standard
input (i.e., instructed the program to read commands from
a shell program, here document, file, or pipe).
-inter edacl interprets commands as you enter them. This is the
default when you have not redirected standard input. You
may only specify one pathname (with no wildcards) in this
mode. edacl changes a copy of the ACL; the command does
not assign a new ACL to an object until it reads an EOF.
Thus, edacl -inter does not change an ACL if you terminate
the session with the "q" command.
Description of SIDs
An SID (subject identifier) is the mechanism used to identify users to
the system when they log in. Basically, an SID has three parts: a person
name (p), group name (g), and organization name (o); the combination is
often abbreviated to 'pgo'.
SIDs consist of the p, g and o separated by periods. Thus
joe.sftwr.r_d
might be the name of a software programmer in the R & D organization.
His person name is 'joe'; his group name is 'sftwr'; his organization
name is 'r_d'.
In ACLs, SIDs may contain one or more wildcards, similar in concept to
wildcards used with pathnames. A '%' in the person, group, or
organization part of an SID will match any person, group or organization
(respectively). Thus
joe.%.%
matches user 'joe' regardless of his group or organization names.
Description of Rights
A complete description of the various protection rights is available in
$ help protection rights
The following are the basic kinds of operations that can be performed on
objects, and the rights which allow them when present in an ACL entry.
For all objects:
p Protect rights; allows rights to be changed.
For files:
w Write rights; allows file to be written.
r Read rights; allows file to be read.
x Execute rights: allows file to be executed.
k Keep rights; prevents an object from being
deleted or from having its name changed.
For directories:
w Write rights; allows names to be added,
changed or deleted.
r Read rights; allows directory to be listed.
s Search rights; allows directory to be
searched for subordinate objects.
x Execute rights (synonym for search rights).
k Keep rights; prevents an object from being
deleted or from having its name changed.
For initial file/initial directory ACLs:
i Inherit rights. The SID portion of a required
entry is inherited from the creating process.
This would normally only be used if someone
needs to inherit the SID portion and does not
wish to inherit rights from the current process
(see -inh_all).
The following abbreviations exist for sets of rights:
-owner Gives all rights.
For files, it means: pwrx
For directories: pwrx
-user Gives all rights except ability to change ACL.
For files, it means: wrx
For directories: wrx
-read For files, allows reading; can't change ACL.
Precisely, it means: r
-exec For files, allows reading, execution; can't
change ACL.
Precisely, it means: rx
-ldir For directories, allows listing; can't change ACL.
Precisely, it means: rx
-adir For directories, allows adding names and
links, and listing; can't change ACL.
Precisely, it means: wrx
-none Gives no rights, for files or directories.
Used to explicitly deny rights to specific
SIDs that would otherwise be granted rights
because they are members of a group or
organization.
Delete and rename rights come from directories.
This means that if you set -none rights on
a file, but do not set the same rights for
the directory that contains the file, your
file is NOT protected from being deleted.
You must set k (keep) rights to protect
a file in a non-protected directory.
-ignore For required entries: is used to specify
that the required entry for an object is
not to be used in rights checking.
-inh_rights For directory initial ACLs: specifies rights
are to be inherited from the current process.
-inh_all For directory initial ACLs: specifies both
rights and pgo information is to be inherited
from the current process.
EXAMPLES
The order of the commands in the following sequence is significant.
$ edacl -l sales List ACL for the file 'sales'.
Required entries
none.%.% [ignored] No person listed
%.none.% [ignored] No group listed
%.%.none [ignored] No organization listed
%.%.% prwx- Others have prwx access to file
Extended entry
rights mask: -----
$
$ edacl sales -o r_d -rx -l Give r_d read and execute access.
Required entries
none.%.% [ignored] No person listed
%.none.% [ignored] No group listed
%.%.r_d -r-x- r_d has read and execute access to file
%.%.% prwx- Others have prwx access to file
Extended entry
rights mask: -----
$
$ edacl sales -p mary -owner -l Indicate an owner.
Required entries
mary.%.% prwx- Owner
%.none.% [ignored] No group listed
%.%.r_d -r-x- r_d has read and execute access to file
%.%.% prwx- Others have prwx access to file
Extended entry
rights mask: -----
$ edacl sales -w -none -l Deny access to all others (e.g. world).
Note that the directory must also be
set to -none, otherwise the file
is not protected from deletion or renaming.
Required entries
mary.%.% prwx- Owner
%.none.% [ignored] No group listed
%.%.r_d -r-x- r_d has read and execute access to file
%.%.% ----- No others have access to file
Extended entry
rights mask: -----
$
$ edacl sales -a jill -owner -l Add jill to the ACL for sales with all rights
Required entries
mary.%.% prwx- Owner
%.none.% [ignored] No group listed
%.%.r_d -r-x- r_d has read and execute access to file
%.%.% ----- No others have access to file except for
extended entries listed below
Extended entry
rights mask: prwx-
Extended entries
jill.%.% prwx- Additional rights
$
$ edacl sales -p joe -owner -l Make user joe be the owner instead
of mary
Required entries
joe.%.% prwx- Owner
%.none.% [ignored] No group listed
%.%.r_d -r-x- r_d has read and execute access to file
%.%.% ----- No others have access to file except for
extended entries listed below
Extended entry
rights mask: prwx-
Extended entries
jill.%.% prwx- Additional rights
$
$ edacl sales Interactive mode.
*g osdev wrx Allow users in the osdev group
to change file contents, but do not
let them assign rights to others (no p).
*l
Required entries
joe.%.% prwx-
%.osdev.% -rwx-
%.%.r_d -r-x-
%.%.% -----
Extended entry
rights mask: prwx-
Extended entries
jill.%.% prwx- Additional rights
$
$ edacl sales -w r
$ edacl -l sales
Required entries Change everyone else's access to read
joe.%.% prwx- only. Note that the more liberal
%.osdev.% -rwx- rights (wrx) assigned to osdev, joe
%.%.r_d -rwx- and r_d still apply, since specific
%.%.% -r--- entries override general ones.
Extended entry
rights mask: prwx-
Extended entries
jill.%.% prwx-
$
$ edacl sales -c jill wrx Change jill's rights to remove right to
$ edacl -l sales change ACL.
Required entries
joe.%.% prwx-
%.osdev.% prwx-
%.%.r_d -rwx-
%.%.% -r---
Extended entry
rights mask: -rwx-
Extended entries
jill.%.% -rwx-
$
SEE ALS0
More information is available. Type:
help protection acls
For a detailed description of ACLs.
help acls For a list of commands used to manipulate ACLs.
help protection
For a general discussion of Domain/OS protection
mechanisms.
help protection sids
For details about subject identifiers (pgo's).
help protection rights
For details about the various access rights and what they
mean.