PreviousNext

acl show

Returns a list of the ACL entries for the specified object. The syntax is:

acl show acl_name_list [-ic | -io | -entry] [-type manager_type_name]
[-cell | -manager] [-local]

acl show [-ic | -io ] [type ] [cell | -managers] [-local]

Options

-ic
Specifies that the command is to operate on the initial container ACL of the named object.

-io
Specifies that the command is to operate on the initial object ACL of the named object.

-entry
Specifies that the command is to operate on the ACL of the namespace entry of the object.

-type manager_type_name
Specifies that the command uses a particular ACL manager. This option is needed only for objects that have more than one purpose such as principal names that also act as directories (see Description).

-cell
Returns the default cellname for the ACL.

-managers
Returns a list of ACL managers available for the named ACL.

-local
Specifies that the command is to operate on the ACL of a dced object while the dced on the local machine is in partial service mode.

Description
The acl show operation returns a list of the ACL entries for the specified object. The argument is a list of names of names of objects whose ACLs are to be operated on. If more than one is given, the output is concatenated and a blank line is inserted between objects. If they exist, the mask_obj and unauthenticated ACL entries are displayed first.

Note that since UUIDs and not names are stored in ACLs, dcecp may not be able to determine the name associated with an ACL entry. In this case, the UUID is returned as the key instead of the name. The dcecp program may be unable to determine the name associated with an ACL entry if the default cell stored in the ACL is incorrect, or if the users and groups specified in the user and group entries are not registered in the default cell.

If a UUID replaces a name of a user and group, you can recover by adopting the orphaned UUID> To do this, create a new user of group using the UUID found in the ACL. The name of the new user of group is then available.

Privileges Required
The permissions required are defined by the object's ACL Manager. Use the permissions operation to display the currently available tokens and their meanings. See the documentation for the DCE component you are using to obtain a more detailed description of its specific permissions.

Examples

dcecp> acl show /.:/hosts
{unauthenticated r--t---}
{user cell_admin rwdtcia}
{user hosts/absolut/cds-server rwdtcia}
{user hosts/absolut/self rwdtcia}
{user root rwdtcia}
{group subsys/dce/cds-admin rwdtcia}
{group subsys/dce/cds-server rwdtcia}
{any_other r--t---}
dcecp>