Chacl - change the access control list of a file or directory

DESCRIPTION

       Chacl  is  an  IRIX-compatibility  command,  and  is maintained for those users who are familiar with its use from either XFS or IRIX.
       Refer to the SEE ALSO section below for a description of tools which conform more closely to the (withdrawn draft) POSIX 1003.1e standard which describes Access Control Lists (ACLs).

Example 1   -l     Lists the access ACL and possibly the default ACL associated with the specified files or directories.

  This  option  was  added during the Linux port of XFS, and is not IRIX compatible.

$ chacl -l acltest
acltest [u::rwx,g::r-x,o::r-x]

Compare with the output format of getfacl

$ getfacl acltest
# file: acltest
# owner: trteam
# group: trteam
user::rwx
group::r-x
other::r-x

Example 2, Set ACLs

To set minimal ACL

chacl u::rwx,g::r-x,o::r-- file

An  ACL that is not a minimum ACL, that is, one that specifies a user or group other than the file’s owner or owner’s group, must contain a mask entry:

$ chacl u::rwx,g::r-x,o::r-x,u:john:rwx,m::rwx acltest
$ chacl -l acltest
acltest [u::rwx,u:john:rwx,g::r-x,m::rwx,o::r-x]

Example 3,-B clear all ACLs

$ id
uid=18944(john) gid=3373(test1) groups=3373(test1)
$ chacl -B timtest
chacl: error removing access acl on "timtest": Operation not permitted
chacl: error removing default acl on "timtest": Operation not permitted
$ chacl -l timtest
timtest [u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x/u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x]

Note: john is not the owner of directory timtest

$ mkdir newtest
$ chacl -l newtest
newtest [u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x/u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x]
$ chacl -B newtest
$ chacl -l newtest
newtest [u::rwx,g::r-x,o::r-x]
       -R     Removes the file access ACL only.
       -D     Removes directory default ACL only.
       -B     Remove all ACLs.

Example 4, add ACLs

Not like setfacl, to add or delete entries, you must first do chacl -l to get the existing ACL, and use the  output to form the arguments to chacl. Another word, a full ACL list is needed.

continue to use the directory newtest, for its ACLs were cleared out in last example

$ chacl u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x newtest
$ chacl -l newtest
newtest [u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x]

Example 5, -d Set defaul ACLs, inheritance    

$ chacl -l newtest
newtest [u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x]
$ chacl -d u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x newtest
$ chacl -l newtest
newtest [u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x/u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x

Example 6, copy other directories ACL , and set to new file/directory

$ chacl -b `chacl -l johntest3 | sed -e 's/.*\[//' -e 's/\// /' -e 's/]//'` newtest
$ chacl -l newtest
newtest [u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x/u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x]

Example 7, -r set ACL Recursively

This option only set access ACL, not for default. So can not be combined with other options, even -R, I have no idea how to remove access ACL recursively within chacl.

chacl -r u::rwx,u:john:rwx,u:Tim:rwx,g::r-x,m::rwx,o::r-x newtest
   -r  Set  the  access  ACL  recursively for each subtree rooted at pathname(s). 
This option was also added during the Linux port of XFS, and is not compatible with IRIX.