C.1 Examples of the setfacl and getfacl commands The -m option modifies ACL entries, or adds them if they do not exist. The command to grant read/write permissions to user ID PKISTU and group PKIADM to file /web/pki1/httpd.conf is: setfacl -m user:PKISTU:rw-,group:PKIADM:rw- /web/pki1/httpd.conf Figure C-1 shows the result of the getfacl command. ANTOFF:/u/antoff: >getfacl /web/pki1/httpd.conf #file: /web/pki1/httpd.conf #owner: HAIMO #group: SYS1 user::rwx group::r-x other::r-x user:PKISTU:rw- group:PKIADM:rw- Figure C-1 Output from the getfacl command for file httpd.conf The output from the ls -al command, shown in Figure C-2, shows file httpd.conf having a plus (+) sign following the permission bits, which indicates that an extended ACL exists. ANTOFF:/u/antoff: >ls -la /web/pki1/ total 768 drwxr-xr-x 8 HAIMO SYS1 8192 drwxr-xr-x 14 HAIMO SYS1 8192 -rw-r--r-- 1 HAIMO IMWEB 9 Apr Apr Apr 16 21 21 15:37 13:45 13:26 . .. httpd-pid