Access Control Lists 323
17.3 Long and Short Text Forms for ACLs.............................................................................
When manipulating ACLs using the setfacl and getfacl commands (described in a
moment) or certain ACL library functions, we specify textual representations of
the ACL entries. Two formats are permitted for these textual representations:
z Long text form ACLs contain one ACL entry per line, and may include com-
ments, which are started by a # character and continue to the end-of-line. The
getfacl command displays ACLs in long text form. The setfacl –M acl-file option,
which takes an ACL specification from a file, expects the specification to be in
long text form.
z Short text form ACLs consist of a sequence of ACL entries separated by commas.
In both forms, each ACL entry consists of three parts separated by colons:
tag-type:[tag-qualifier]: permissions
The tag-type is one of the values shown in the first column of Table 17-1. The tag-type
may optionally be followed by a tag-qualifier, which identifies a user or group, either
by name or numeric identifier. The tag-qualifier is present only for ACL_USER and
ACL_GROUP entries.
The following are all short text form ACLs corresponding to a traditional per-
missions mask of 0650:
u::rw-,g::r-x,o::---
u::rw,g::rx,o::-
user::rw,group::rx,other::-
The following short text form ACL includes two named users, a named group, and
a mask entry:
u::rw,u:paulh:rw,u:annabel:rw,g::r,g:teach:rw,m::rwx,o::-
Table 17-1: Interpretation of ACL entry text forms
Tag text
forms
Tag qualifier
present?
Corresponding
tag type
Entry for
u, user N ACL_USER_OBJ File owner (user)
u, user Y ACL_USER Specified user
g, group N ACL_GROUP_OBJ File group
g, group Y ACL_GROUP Specified group
m, mask N ACL_MASK Mask for group class
o, other N ACL_OTHER Other users
