The dcecp acl command is used to list and modify the ACLs of DCE LFS objects. In most respects, the operation of the dcecp acl command with DCE LFS objects parallels its use with other types of DCE objects, as follows:
· To list the entries on an ACL for a file or directory, use the dcecp acl show command. To list an object's ACL, you must have the x (execute) permission on the directory in which the object resides, as well as on all directories that lead to that directory.
· To modify an entry on an ACL for a file or directory, use the dcecp acl modify command with one of the following options: -add, -change, -remove, or -purge. You can also use the dcecp acl delete and dcecp acl replace commands to modify an ACL. To modify an object's ACL, you must have the c (control) permission for the object, as well as the x (execute) permission on each directory that leads to the object.
Because the user_obj entry always has the control permission, you can always modify the ACL of an object that you own (an object for which the user_obj entry applies to you). To determine if you have the control permission for an object that you do not own, use the dcecp acl show command to display the object's ACL. You can also use the dcecp acl check command to display your permissions for an object.
The following topics provide information about modifying ACLs on DCE LFS objects, including brief examples of using the dcecp acl command to list and modify a directory's ACL. (See the Security Service portion of the OSF DCE Administration Guide - Core Components for complete details about using the command to set and examine an object's ACLs.)
More:
Examples of Listing and Modifying an ACL