getfacl - Display owner, group, and access control list (ACL) entries
Format
getfacl [-acdfhmoqs] [-e user ] file ...
Description
getfacl displays the comment header, base ACL (access control list) entries, and extended ACL entries, if there are any, for each file that is specified. It also resolves symbolic links. You can specify whether to display access, file default, or directory default. You can also change the default display format. The output can be used as input to setfacl.
For more information about access control list entries, see ACLs and ACL entries in z/OS UNIX System Services Planning.
Options
- -a
- Displays the access ACL entries. This is the default if -a, -d, or -f is not specified.
- -c
- Displays each ACL entry, using commas to separate the ACL entries instead of newlines, which is the default. Does not display the header.
- -d
- Displays the directory default ACL entries. If the file is not a directory, a warning is issued.
- -e user
- Displays only the ACL entries for the specified types of access control lists (-a, -d, -f) which affects the specified user's access. If users look at the output, they may be able to determine why the access is granted or denied. The user can be an UID or user name. The output includes the user's entry, if it exists, as well as entries for any group to which the user is connected.
- -f
- Displays the file default ACL entries. If the file is not a directory, a warning is issued.
- -h
- Does not resolve the symbolic link. (ACLs are not allowed on symbolic links, so the file will not have anything displayed.)
- -m
- Specifies that the comment header (the first three lines of each file's output) is not to be displayed.
- -o
- Displays only the extended ACL entries. Does not display the base ACL entries.
- -q
- Quiet mode. Suppresses the warning messages and gives a successful return code if there are no other errors.
- -s
- Skips files that only have the base ACL entries (such as owner, group, other). Only files that have the extended ACL entries are displayed.
Examples
- To display access ACL information for file file, issue:
Where the following is a sample of the output:getfacl file
#file: file #owner: WELLIE #group: SYS user::rwx <=== The owner's permission bit setting group::rwx <=== The group's permission bit setting other::rw- <=== Permission bit setting if neither user nor group user: WELLIE2: rw- group:SYS1:rwx
- To display access, file default, and directory default ACL information for directory
directory, issue:
Where the following is a sample of the output:getfacl -a -f -d directory
#file: file #owner: WELLIE #group: SYS user::rwx group::rwx other::rw- user: WELLIE2: rw- group:SYS1:rwx fdefault:user: WELLIE2: rw- fdefault:group:SYS1:rwx default:user:WELLIE4:---
- To copy the ACL entries from file foo such that the file
bar will have the same ACL entries:
getfacl foo | setfacl -S - bar
Localization
getfacl uses
the following localization environment variables:
- LANG
- LC_ALL
- LC_CTYPE
- LC_SYNTAX
- NLSPATH
Exit values
0
- Successful completion
>0
- Failure
getfacl displays the
ACL entries in the following order: access, file default, and directory
default. Errors will occur in the following situations:
- If a file is not a directory and the -d or -f option was used, you will get a warning and getfacl will continue to the next file.
- If the user does not have access to a file, you will get a warning and getfacl will continue to the next file.
Portability
An approved POSIX standard does not exist for getfacl.
Related information
find, ls, setfacl