Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
51525354555657585960
Solaris 9 Security CX-310-301 59
Setting ACLs
To set
# setfacl -s user::rwx,g::r--,o:---,mask:rw-,u:temptest:r-- testfile
To see the ACL just created, use the getfacl command:
# getfacl testfile
# file: testfile
# owner: john
# group: john
user::rwx
user:temptest:r-- #effective:r--
group::r-- #effective:r--
mask:rw-
other:---
The ACL allows the user temptest to have read access to the file testfile.
Note that if you run setfacl –s on an existing ACL, it will replace the entire ACL, overriding the current
ACL.
Modifying an ACL
If the ACL above were to be modified so that the mask setting was set to ---, then the user temptest would
no longer have access to the file even though the ACL indicates that read access was granted. This is
because the mask setting identifies the maximum access that can be granted, overriding the individual
permissions:
# setfacl –m mask:--- testfile
Now the ACL looks like this:
# getfacl testfile
# file: testfile
# owner: john
# group: john
user::rwx
user:temptest:r-- #effective:---
group::r-- #effective:---
mask:---
other:---