CHACL Command

HSI Version: 

4.0.1.3+

Purpose: 

To create, update or delete HPSS Access Control Lists.

Aliases: 

Command Format: 

chacl action-option [-A] [-ic] [-io] [-Q] [-R] filelist

action-options: 

-c : clears all access permissions other than standard owner/group/other permissions
-f fname : copy the ACL control list from HPSS file fname to all files in filelist -r aclentry : removes the specified aclentry list
-u aclentry : updates (or adds) the specified aclentry list
-A : display absolute pathnames in messages (default: list relative pathnames)
-ic : if specified, the ACL entry is for the directory's Initial Container ACL
-io : if specified, the ACL entry is for the directory's Initial Object ACL
-Q : quiet mode - do not display normal messages for successful operations
-R : recursively operate on subdirectories

CHACL Description

The CHACL command is used to change the Access Control List for files and/or directories.

An Access Control List is composed of entries of the form:

      typ:usr:perms[,typ:usr:perms…]

where

     

typ is the entry type. The most common entry types are

  • user

  • group

  • user_obj

  • group_obj

  • other_obj


Other less common types, which are described in the Access Control List section of this manual, include "foreign_user", "oreign_group", "foreign_other", "any_other", "mask_obj", "unauthenticated", "user_obj_delegate", "group_obj_delegate", "other_obj_delegate", "user_delegate", "group_delegate", "&foreign_user_delegate", "foreign_group_delegate", "foreign_other_delete", and "any_other_delegate".

Keywords: 

Usage Notes: 

  • The chacl command is only available when communicating with an HPSS server

  • Setting, updating or deleting an ACL can be done by the object's owner without requiring any special permission (other than read if the hashcreate command is used). For all others, it requires either "group"or "other" write permission on the object

Example: 

Create an ACL to give read access to user bob and alice on file fileA

chacl -u user:bob:r,user:alice:r fileA

Remove user joe from the ACL for files whose names end with "NoJoe"

chacl -r user:joe: *.NoJoe

Add an Initial Object ACL to directory OpenDir to allow read/execute access for user mike and group goodguys

chacl -ic -u user:mike:rx,group:goodguys:rx OpenDir

Related Command(s): 

LSACL

[[RAW HTML]]