getfacl(获取文件访问控制列表)_语法_示例_Unix&Linux命令

在类Unix操作系统上，getfacl命令获取文件访问控制列表。文档介绍了getfacl的Linux版本。

查看英文版

Unix&Linux

对于每个文件，getfacl显示文件名、所有者、组和访问控制列表（ACL）。如果目录具有默认ACL，则getfacl还会显示默认ACL。非目录不能具有默认ACL。
如果getfacl用于不支持acl的文件系统，getfacl将显示由传统文件模式权限位定义的访问权限。
getfacl的输出格式如下：

1:  # file: somedir/
2:  # owner: lisa
3:  # group: staff
4:  user::rwx
5:  user:joe:rwx               #effective:r-x
6:  group::rwx                 #effective:r-x
7:  group:cool:r-x
8:  mask:r-x
9:  other:r-x
10:  default:user::rwx
11:  default:user:joe:rwx       #effective:r-x
12:  default:group::r-x
13:  default:mask:r-x
14:  default:other:---

第4、6和9行对应于文件模式权限位的用户、组和其他字段。这三个被称为基本ACL条目。第5行和第7行是命名用户和命名组条目。第8行是有效的权利面具。授予所有指定用户的有效权限。（文件所有者和其他权限不受有效权限掩码的影响；所有其他条目都受此影响。）第10行到第14行显示与此目录关联的默认ACL。目录可能具有默认ACL。常规文件从来没有默认的ACL。
getfacl的默认行为是同时显示ACL和默认ACL，并为条目的权限与有效权限不同的行包含有效权限注释。
如果输出到终端，则有效权限注释与第40列对齐。否则，只有一个制表符分隔ACL条目和有效权限注释。
多个文件的ACL列表用空行分隔。getfacl的输出也可以用作setfacl的输入。
权限
对文件具有搜索访问权限的进程（即对文件的包含目录具有读取权限的进程）也被授予对文件ACL的读取访问权限。这类似于访问文件模式所需的权限。

For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. Non-directories cannot have default ACLs.

If getfacl is used on a file system that does not support ACLs, getfacldisplays the access permissions defined by the traditional file mode permission bits.

The output format of getfacl is as follows:

1:  # file: somedir/
2:  # owner: lisa
3:  # group: staff
4:  user::rwx
5:  user:joe:rwx               #effective:r-x
6:  group::rwx                 #effective:r-x
7:  group:cool:r-x
8:  mask:r-x
9:  other:r-x
10:  default:user::rwx
11:  default:user:joe:rwx       #effective:r-x
12:  default:group::r-x
13:  default:mask:r-x
14:  default:other:---

Lines 4, 6 and 9 correspond to the user, group and other fields of the file mode permission bits. These three are called the base ACL entries. Lines 5 and 7 are named user and named group entries. Line 8 is the effective rights mask. This entry limits the effective rights granted to all groups and to named users. (The file owner and others permissions are not affected by the effective rights mask; all other entries are.) Lines 10through 14 display the default ACL associated with this directory. Directories may have a default ACL. Regular files never have a default ACL.

The default behavior for getfacl is to display both the ACL and the default ACL, and to include an effective rights comment for lines where the rights of the entry differ from the effective rights.

If output is to a terminal, the effective rights comment is aligned to column 40. Otherwise, a single tab character separates the ACL entry and the effective rights comment.

The ACL listings of multiple files are separated by blank lines. The output of getfacl can also be used as input to setfacl.

Permissions

Processes with search access to a file (i.e., processes with read access to the containing directory of a file) are also granted read access to the file's ACLs. This is analogous to the permissions required for accessing the file mode.

查看英文版

getfacl [-dRLPvh] file ...

getfacl [-dRLPvh] -

选项

--access	显示文件访问控制列表。
-d, --default	显示默认访问控制列表。
--omit-header	不显示注释标题(每个文件输出的前三行)。
--all-effective	打印所有有效的权限注释，即使与ACL条目定义的权限相同。
--no-effective	不打印生效的权限注释。
--skip-base	跳过仅具有基本ACL条目(所有者、组、其他)的文件。
-R, --recursive	递归列出所有文件和目录的ACL。
-L, --logical	“Logical walk”(跟随符号链接)。默认行为是跟随符号链接参数，并跳过在子目录中遇到的符号链接。
-P, --physical	“Physical walk”(跳过所有符号链接)。这还会跳过符号链接参数。
--tabular	使用另一种表格输出格式。ACL和默认ACL并排显示。由于ACL掩码项而无效的权限将以大写形式显示。ACL_USER_OBJ和ACL_GROUP_OBJ条目的条目标记名称也以大写字母显示，这有助于识别这些条目。
--absolute-names	不要去掉前导斜杠字符（“/”）。默认行为是去掉前导斜杠字符。
--version	打印getfacl版本并退出。
--help	打印说明命令行选项的帮助。
--	命令行选项的末尾。所有其余参数都被解释为文件名，即使它们以破折号字符开头也是如此。
-	如果文件名参数是单个短划线字符，则getfacl从标准输入读取文件列表。

环境变量

如果定义了环境变量POSIXLY_CORRECT，getfacl的默认行为将以以下方式更改：除非另有指定，否则只打印ACL。只有在给定-d选项时才会打印默认ACL。如果没有给出命令行参数，getfaclbehave就好像它被调用为“getfacl-”。

getfacl [-dRLPvh] file ...

getfacl [-dRLPvh] -

Options

--access	Display the file access control list.
-d, --default	Display the default access control list.
--omit-header	Do not display the comment header (the first three lines of each file's output).
--all-effective	Print all effective rights comments, even if identical to the rights defined by the ACL entry.
--no-effective	Do not print effective rights comments.
--skip-base	Skip files that only have the base ACL entries (owner, group, others).
-R, --recursive	List the ACLs of all files and directories recursively.
-L, --logical	"Logical walk" (follow symbolic links). The default behavior is to follow symbolic link arguments, and to skip symbolic links encountered in subdirectories.
-P, --physical	"Physical walk" (skip all symbolic links). This also skips symbolic link arguments.
--tabular	Use an alternative tabular output format. The ACL and the default ACL are displayed side by side. Permissions that are ineffective due to the ACL mask entry are displayed capitalized. The entry tag names for the ACL_USER_OBJ and ACL_GROUP_OBJ entries are also displayed in capital letters, which helps in spotting those entries.
--absolute-names	Do not strip leading slash characters (‘/’). The default behavior is to strip leading slash characters.
--version	Print the version of getfacl and exit.
--help	Print help explaining the command line options.
--	End of command line options. All remaining parameters are interpreted as file names, even if they start with a dash character.
-	If the file name parameter is a single dash character, getfacl reads a list of files from standard input.

查看英文版

getfacl myfile.txt

显示文件myfile.txt的访问控制列表。输出类似于以下内容：

# file: myfile.txt
# owner: computerhope
# group: users
user::rw-
group::r--
other::r--

getfacl myfile.txt

Displays the access control list for the file myfile.txt. Output resembles the following:

# file: myfile.txt
# owner: computerhope
# group: users
user::rw-
group::r--
other::r--

查看英文版

getfacl

getfacl 运行系统环境

getfacl 描述

getfacl 语法

getfacl 示例