Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

261

262

263

264

265

266

267

268

269

270

privilege

The ability to ignore access restrictions and change restrictions imposed by security policy and

implemented in an access control mechanism. In OSS, the super ID is the only user ID that can

ignore access restrictions. However, the super ID and any member of the Safeguard

SECURITY-OSS-ADMINISTRATOR security group can change the ownership and access

permissions (standard UNIX permissions or ACL entries) of a file.

Access Control List Entries

An ACL consists of a set of one-line entries that specify permissions for a file. Each entry specifies

for one user-ID or group-ID a set of access permissions, including read, write, and execute/search.

To understand the relationship between access control lists and traditional file permissions, consider

the following file and its permissions:

-rwxr-xr-- james admin datafile

For this file:

• The owner is the user james.

• The group is admin.

• The name of the file is datafile.

• The file owner permissions are rwx.

• The file group permissions are r-x.

• The file other permissions are r--.

In an ACL, user and group IDs are represented by names or numbers, as found in the user

authentication database and group database for the system.

ACL Notation

Supported commands that manage ACLs recognize these symbolic representations:

[d[efault]:]u[ser]:[uid]:perm

[d[efault]:]g[roup]:[gid]:perm

[d[efault]:]c[lass]:perm

[d[efault]:]o[ther]:perm

An ACL entry prefixed with d: or default: can occur only in ACLs for directories. The prefix

indicates that the remainder of the entry is not to be used in determining the access rights to the

directory but instead is to be applied to any files or subdirectories created in the directory (see

“ACL Inheritance” (page 263)).

The uid and gid fields contain either numeric user or group IDs, or their corresponding character

strings from the authentication database and group database for the system.

The perm field indicates access permission either in symbolic form, as a combination of r, w, x,

and - (dash), or in numeric form, as an octal value of 0 through 7 representing the sum of 4 for

read permission, 2 for write permission, and 1 for execute permission.

Types of ACL Entries

An ACL can contain several types of entries:

• “Base ACL Entries” (page 262)

• “Class Entry” (page 262)

• “Actual ACL Entries” (page 263)

• “Default ACL Entries” (page 263)

Using OSS Access Control Lists (ACLs) 261