setrichacl (1) - Linux Manuals

setrichacl: Set Rich Access Control Lists

NAME

setrichacl - Set Rich Access Control Lists

SYNOPSIS

setrichacl [option]... [file]...

DESCRIPTION

The setrichacl utility sets or modifies Rich Access Control Lists (RichACLs) of files and directories.

The -m and -s options expect an ACL or parts of an ACL on the command line. The -M and -S options read an ACL or parts of an ACL from a file. In either case, the entry format is described in section Text form of the richacl(7) manual page. The single-letter or long forms of flags and permissions can be mixed arbitrarily. Multiple entries are separated by whitespace, newlines, or commas.

Note that the order of entries in a RichACL is significant, and that reordering entries may change the permissions granted.

The use of deny entries is discouraged. If deny entries are used, they should be placed ahead of allow entries for improved interoperability with Windows where possible.

When the file masks are not specified, they are computed automatically.

When the ACL to be set is simple enough that the traditional file permission bits can express the same permissions, setrichacl sets the file permission bits and removes the ACL. When setrichacl's counterpart utility, getrichacl(1), is used on a file or directory that does not have a RichACL, it displays the access permissions defined by the file permission bits as an ACL. This means that for simple ACLs, getrichacl may display a slightly different ACL which is equivalent to the one that was set with setrichacl.

Permissions

Setting ACLs or changing the file permission bits is allowed to the file owner, to processes which have the write_acl permission, and to processes which have the CAP_FOWNER capability.

OPTIONS

--modify acl, -m acl
Modify the ACL of file by replacing existing entries with the entries in acl, and adding all new entries. When the permissions of an entry are empty, remove the entry.
--modify-file acl_file, -M acl_file
Identical to --modify, but read the ACL from acl_file instead. If the file is "-", read from standard input.
--set acl, -s acl
Set the ACL of file to acl. Any previous ACL is replaced. ACL entries are separated by whitespace, newlines, or commas.
--set-file acl_file, -S acl_file
Identical to --set, but read the ACL from acl_file instead. If the file is "-", read from standard input.
--remove, -b
Remove all extended permissions and revert to the file permission bits only.
--version, -v
Display the version of setrichacl and exit.
--help, -h
Display command-line usage help text.

AUTHOR

Written by Andreas Grünbacher <agruenba [at] redhat.com>.

Please send your bug reports, suggested features and comments to the above address.

CONFORMING TO

Rich Access Control Lists are Linux-specific.

SEE ALSO

getrichacl(1), richacl(7), richaclex(7)