Administrator's Guide
group:dev:r-x
class:rwx
other:rw-
Next, the chmod command removes write and execute permission from group, and
actually reduces the class permissions to read-only. The owning group permissions,
while unchanged, are effectively reduced to read-only as well.
$ chmod g-wx exfile
$ getacl exfile
# file: exfile
# owner: jsmith
# group: users
user::rw-
user:guest:r--
group::rw- # effective:r--
group:dev:r-x # effective:r--
class:r--
other:rw-
The other permissions are unchanged. The class entry does not limit the access that
can be granted by the first user (owner) entry or the other entry.
Next the ls -l command lists the permissions of exfile. The plus sign (+) at the end
of the permissions string indicates that there is an ACL for the file.
$ ls -l exfile
-rw-r--rw-+ 1 jsmith users 12 Sep 20 15:02 exfile
5.4.9 Default JFS ACLs
You might want all the files created in a directory to have certain ACL entries. For
example, you can allow another person to write to any file in a directory of yours when
the two of you are working on something together.
You can put an ACL entry granting the desired access on every file in the directory, but
every time you create a new file, you have to add that entry again. Using default ACL
entries, you can get the system to do this for you automatically every time you create a
file.
A default ACL entry appears as follows:
default:user:boss:rw-
Default ACLs can only be placed only on a directory and have no influence on what
access to the directory is granted to a user. The default ACL is applied to files created
in the directory.
When the newly created file is a directory, the default ACL entries have two effects:
• The corresponding nondefault ACL entries are created, so that the desired permissions
are granted and denied for the directory, just as for any file created in the directory.
• The default entries themselves are copied, so that the new subdirectory has the same
default ACL as the parent directory.
5.4 Using JFS ACLs 99