Format
getfacl [–acdfhmoqs] [-e user ] file ...
Description
getfacl displays
the comment header, base ACL (access control list) entries, and extended
ACL entries, if there are any, for each file that is specified. It
also resolves symbolic links. You can specify whether to display access,
file default, or directory default. You can also change the default
display format. The output can be used as input to setfacl.
A
description of access control list entries can
be found in z/OS UNIX System Services Planning.
Options
- –a
- Displays the access ACL entries. This is the default if -a, -d,
or -f is not specified.
- –c
- Displays each ACL entry, using commas to separate the ACL entries
instead of newlines, which is the default. Does not display the header.
- –d
- Displays the directory default ACL entries. If the file is not
a directory, a warning is issued.
- –e user
- Displays only the ACL entries for the specified types of access
control lists (-a, -d, -f)
which affects the specified user's access. If users look at the output,
they may be able to determine why the access is granted or denied.
The user can be an UID or user name. The output includes the user's
entry, if it exists, as well as entries for any group to which the
user is connected.
- –f
- Displays the file default ACL entries. If the file is not a directory,
a warning is issued.
- –h
- Does not resolve the symbolic link. (ACLs are not allowed on symbolic
links, so the file will not have anything displayed.)
- –m
- Specifies that the comment header (the first three lines of each
file's output) is not to be displayed.
- –o
- Displays only the extended ACL entries. Does not display the base
ACL entries.
- –q
- Quiet mode. Suppresses the warning messages and gives a successful
return code if there are no other errors.
- –s
- Skips files that only have the base ACL entries (such as owner,
group, other). Only files that have the extended ACL entries are displayed.
Examples
- To display access ACL information for file file, issue:
getfacl file
Where
the following is a sample of the output: #file: file
#owner: WELLIE
#group: SYS
user::rwx <=== The owner's permission bit setting
group::rwx <=== The group's permission bit setting
other::rw- <=== Permission bit setting if neither user nor group
user: WELLIE2: rw-
group:SYS1:rwx
- To display access, file default, and directory default ACL information
for directory directory, issue:
getfacl -a -f -d directory
Where
the following is a sample of the output: #file: file
#owner: WELLIE
#group: SYS
user::rwx
group::rwx
other::rw-
user: WELLIE2: rw-
group:SYS1:rwx
fdefault:user: WELLIE2: rw-
fdefault:group:SYS1:rwx
default:user:WELLIE4:---
- To copy the ACL entries from file foo such that the file bar will
have the same ACL entries:
getfacl foo | setfacl -S - bar
Localization
getfacl uses
the following localization environment variables:
- LANG
- LC_ALL
- LC_CTYPE
- LC_SYNTAX
- NLSPATH
See Localization for more
information.
Exit values
- 0
- Successful completion
- >0
- Failure
getfacl displays the
ACL entries in the following order: access, file default, and directory
default. Errors will occur in the following situations:
- If a file is not a directory and the -d or -f option
was used, you will get a warning and getfacl will
continue to the next file.
- If the user does not have access to a file, you will get a warning
and getfacl will continue to the next file.
Portability
An approved POSIX standard
does not exist for getfacl.
Related information
find, ls, setfacl