Manualshelf

Open System Services System Calls Reference Manual (G06.28+, H06.05+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
1101110211031104110511061107110811091110
acl(5) OSS System Calls Reference Manual
NAME
acl - Introduction to OSS access control lists (ACLs)
DESCRIPTION
Access control lists (ACLs) are a key enforcement mechanism of discretionary access control
(see "Definitions" later in this reference page). ACLs specify access to files by users and groups
more selectively than traditional UNIX mechanisms.
OSS already enables nonprivileged users or processes, such as file owners, to allow or deny other
users access to files and other objects as determined by their user identity, group identity, or both.
This level of control is accomplished by setting or manipulating a file’s permission bits to grant
or restrict access by owner, group, and others (see the chmod(2) reference page).
ACLs offer a greater degree of selectivity than permission bits. ACLs allow a process whose
effective user ID matches the file owner, super ID, or a member of the Safeguard SECURITY-
OSS-ADMINISTRATOR security group to permit or deny access to a file to a list of specific
users and groups.
ACLs are supported as a superset of the UNIX operating system discretionary access control
(DAC) mechanism for files, but not for other objects such as interprocess communication (IPC)
objects.
All OSS system calls that include pathnames are subject to the ACLs on any directory or file in
the path.
OSS ACLs:
Are supported in Version 3 and later versions of OSS filesets.
Are supported for directories, regular files, first-in, first-out (FIFO) special files, and
bound AF_UNIX sockets.
Support up to 150 ACL entries.
Support separate permissions for up to 146 additional users and groups.
Support default ACL inheritance (see "ACL Inheritance" later in this reference page).
Are based on the POSIX 1003.1e draft standard and the HP-UX implementation of
ACLs.
Are not supported by the OSS Network File System (NFS).
Definitions
Control of access to data is a key concern of computer security. These definitions, based on the
Department of Defense Trusted Computer System Evaluation Criteria, explain the concepts of
access control and its relevance to OSS security features:
access A specic type of interaction between a subject and an object that results in the
flow of information from one to the other. Subjects include persons, processes,
or devices that cause information to flow among objects or change the system
state. Objects include files (ordinary files, directories, special files, FIFOs, and so
on) and IPC features (shared memory, message queues, semaphores, and sock-
ets).
access control list (ACL)
An access control list is a set of user.group, mode entries associated with a file
that specifies permissions for all possible combinations of user IDs and group
IDs.
122 Hewlett-Packard Company 527186-007