ACL Syntax

The DCE control program uses the command syntax that is supported by the Tcl language. Within Tcl, the list that represents an ACL entry contains either two or three elements, depending on the ACL entry type, and is in the following form:

{type[ key] permissions}

The three sample ACL entries in the following figure are in the format that Tcl accepts for input.

Sample ACL Entries

The first sample ACL entry sets permissions for a principal in the local cell, named bach. The ACL entry type is user, the key is bach, and the permissions are rwxid. The entry components are separated by the space character.

The second sample ACL entry sets permissions for a group in the local cell, named composers. The ACL entry type is group, the key is composers, and the permissions are rwxid.

The third sample ACL entry sets permissions for all other principals in the local cell or foreign cells (unless they match a more specific entry). The ACL entry type is any-other, there is no key, and the permissions are r-xid. Not all types of ACL entries require a key.

On output, the Tcl format for ACL permissions contains either a permission character or a - (dash) for each possible permission. Two examples are

{user mozart crwx - -}

{user brahms -------}

For input, the output format is acceptable, or you can use a relaxed form that omits the dashes. For input, the same examples can be shortened to

{user mozart crwx}

{user brahms -}

The single dash is retained to show that user brahms is denied all permissions.