Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
919293949596979899100
are distinct. The owning group entry grants permissions to a specific group: the owning
group.
The class entry is more general; it specifies the maximum permissions that can be
granted by any of the additional user and group entries.
If a particular permission is not granted in the class entry, it cannot be granted by any
ACL entries except for the first user (owner) entry and the other entry. Any permission
can be denied to a particular user or group. The class entry functions as an upper
bound for file permissions.
When an ACL contains more than one group or user entry, the additional user and
group entries are referred to as the group class entries, because the effective
permission granted by any of these additional entries is limited by the class entry.
5.4.6 Using the setacl and getacl Commands
Use the setacl and getacl commands to change and view ACLs.
Use the setacl command to change the ACL in one of the following ways:
Replace a file's entire ACL, including the default ACL on a directory.
Add, modify, or delete one or more entries, including default entries on directories.
The getacl command displays the entries in the ACL. File permission bits for user and
group are translated into special cases of these entries:
The bits representing owner permissions are represented by a user entry without
a specified user ID.
The bits representing group permissions are represented by a group entry without
a specified group ID.
An ACL must contain one each of these special user and group entries. The ACL
can have any number of additional user entries and group entries, but these must
all contain a user ID or group ID, respectively. An ACL has only one other entry,
representing the permission bits for permissions to be granted to other users.
See setacl(1) and getacl(1) for command descriptions.
5.4.7 Effect of chmod on class Entries
When a file has a minimal ACL, the owning group and class ACL entries are identical,
and chmod affects both of them. However, when a file contains additional, optional
entries in the ACL, the following consequences occur:
The class ACL entry no longer necessarily equals the owning group ACL entry.
The chmod command affects the class ACL entry, not the owning group entry.
You must use the setacl command to change the owning group entry.
5.4 Using JFS ACLs 97