acl show
Returns a list of the ACL entries for the specified object. The syntax is:
acl show acl_name_list [-ic | -io | -entry] [-type manager_type_name] [-cell | -manager] [-local]
acl show [-ic | -io ] [type ] [cell | -managers] [-local]
Options
-ic Specifies that the command is to operate on the initial container ACL of the named object.
-io Specifies that the command is to operate on the initial object ACL of the named object.
-entry Specifies that the command is to operate on the ACL of the namespace entry of the object.
-type manager_type_name Specifies that the command uses a particular ACL manager. This option is needed only for objects that have more than one purpose such
as principal names that also act as directories (see Description).
-cell Returns the default cellname for the ACL.
-managers Returns a list of ACL managers available for the named ACL.
-local Specifies that the command is to operate on the ACL of a dced object while the dced on the local machine is in partial service mode.
Description The acl show operation returns a list of the ACL entries for the specified object. The argument is a list of names of names of objects whose ACLs are to be
operated on. If more than one is given, the output is concatenated and a blank line is inserted between objects. If they exist, the mask_obj and unauthenticated ACL entries are
displayed first.
Note that since UUIDs and not names are stored in ACLs, dcecp may not be able to determine the name associated with an ACL entry. In this case, the UUID is returned as the key instead of
the name. The dcecp program may be unable to determine the name associated with an ACL entry if the default cell stored in the ACL is incorrect, or if the users and groups specified in the
user and group entries are not registered in the default cell.
If a UUID replaces a name of a user and group, you can recover by adopting the orphaned UUID> To do this, create a new user of group using the UUID found in the ACL. The name of the new user of
group is then available.
Privileges Required The permissions required are defined by the object's ACL Manager. Use the permissions operation to display the currently available tokens and their
meanings. See the documentation for the DCE component you are using to obtain a more detailed description of its specific permissions.
Examples
dcecp> acl show /.:/hosts {unauthenticated r--t---} {user cell_admin rwdtcia} {user hosts/absolut/cds-server rwdtcia} {user
hosts/absolut/self rwdtcia} {user root rwdtcia} {group subsys/dce/cds-admin rwdtcia} {group subsys/dce/cds-server rwdtcia} {any_other r--t---}
dcecp>
|