Open System Services System Calls Reference Manual (G06.28+, H06.05+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

1101

Miscellaneous acl(5)

access control list (ACL) entry

An entry in an ACL that speciﬁes access rights for a ﬁle owner, owning group,

group class, additional user, additional group, or all others.

change permission

The right to alter DAC information (permission bits or ACL entries). Change

permission is granted to object (ﬁle) owners and to privileged users.

discretionary access control (DAC)

A means of restricting access to objects based on the identity of subjects, groups

to which they belong, or both. The controls are discretionary because a subject

with a certain access permission is able to pass that permission (perhaps

indirectly) to any other subject.

mode Three bits in each ACL entry that represent read, write, and execute or search

permissions.

privilege The ability to ignore access restrictions and change restrictions imposed by secu-

rity policy and implemented in an access control mechanism. In OSS, the super

ID is the only user ID that can ignore access restrictions. However, the super ID

and any member of the Safeguard SECURITY-OSS-ADMINISTRATOR secu-

rity group can change the ownership and access permissions (standard UNIX

permissions or ACL entries) of a ﬁle.

Access Control List Entries

An ACL consists of a set of one-line entries that specify permissions for a ﬁle. Each entry

speciﬁes for one user-ID or group-ID a set of access permissions, including read, write, and

execute/search.

To understand the relationship between access control lists and traditional ﬁle permissions, con-

sider the following ﬁle and its permissions:

-rwxr-xr-- james admin dataﬁle

For this ﬁle:

• The owner is the user james.

• The group is admin.

• The name of the ﬁle is dataﬁle.

• The ﬁle owner permissions are rwx.

• The ﬁle group permissions are r-x.

• The ﬁle other permissions are r--.

In an ACL, user and group IDs are represented by names or numbers, as found in the user authen-

tication database and group database for the system.

ACL Notation

Supported commands that manage ACLs recognize these symbolic representations:

[d[efault]:]u[ser]:[uid]:perm

[d[efault]:]g[roup]:[gid]:perm

[d[efault]:]c[lass]:perm

[d[efault]:]o[ther]:perm

527186-007 Hewlett-Packard Company 12−3