Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

261

262

263

264

265

266

267

268

269

270

g:writers:rw-

Grant read and write access to all members of the group writers.

Actual ACL Entries

The base ACL entries, optional user ACL entries, and optional group ACL entries are considered

actual ACL entries because they actually control access to the associated file or directory. These

ACL entries are also called nondefault ACL entries.

Default ACL Entries

Default ACL entries are allowed for directories only. Default ACL entries do not determine who can

access the directory. Instead, default ACL entries affect the access permissions for files or directories

created in the directory (see “ACL Inheritance” (page 263)). All default ACL entries are optional

ACL entries.

Table 42 Default ACL Entries

DescriptionEntry TypeNotation

Default permissions for the object ownerDEF_USER_OBJdefault:user::perm

Default permissions for additional users specified

by uid

DEF_USERdefault user:uid:perm

Default permissions for members of the owning

group of the object

DEF_GROUP_OBJdefault:group::perm

Default permissions for members of the additional

group specified by gid

DEF_GROUPdefault:group:gid:perm

Default maximum permissions granted to the file

group class

DEF_CLASS_OBJdefault:class:perm

Default permissions granted to other usersDEF_OTHER_OBJdefault:other:perm

The permissions for these entries in the parent directory, modified by the file-creation mode, the

umask, or both, become the permissions for the base ACL entries for a new file when the new file

inherits ACL entries from the parent directory:

• default:user::perm (DEF_USER_OBJ)

• default:group::perm (DEF_GROUP_OBJ)

• default:class:perm (DEF_CLASS_OBJ)

• default:other:perm (DEF_OTHER_OBJ)

These entries are sometimes referred to as base default ACL entries.

ACL Uniqueness

Entries are unique in each ACL. An ACL can contain only one of each type of base entry, and only

one entry for any given user or group ID. Likewise, an ACL can contain only one of each type of

default base entry and only one default entry for any given user or group ID.

ACL Inheritance

The permissions, including access control list entries, if any, for a newly created file are determined

by:

• Whether the fileset of the created file supports OSS ACLs

• Whether the system on which the process is running supports OSS ACLs

• Whether the parent directory of the created file contains default ACL entries

Using OSS Access Control Lists (ACLs) 263