Open System Services System Calls Reference Manual (G06.28+, H06.05+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

1101

acl(5) OSS System Calls Reference Manual

An ACL entry preﬁxed with d: or default: can only occur in ACLs for directories. The preﬁx

indicates that the remainder of the entry is not to be used in determining the access rights to the

directory but is instead to be applied to any ﬁles or subdirectories created in the directory (see

"ACL Inheritance" later in this reference page).

The uid and gid ﬁelds contain either numeric user or group IDs, or their corresponding character

strings from the authentication database and group database for the system.

The perm ﬁeld indicates access permission either in symbolic form, as a combination of r, w, x,

and - (dash), or in numeric form, as an octal value of 0 through 7 representing the sum of 4 for

read permission, 2 for write permission, and 1 for execute permission.

Types of ACL Entries

An ACL can contain several types of entries:

Base ACL Entries

The base ACL entries grant permissions equivalent to standard UNIX permis-

sions. When an ACL consists of the four base ACL entries only, it is called a

minimal ACL, and the permissions for the class and other ACL entries are

equal. The chmod() and acl() functions can change base ACL entries. Base

ACL entries are:

____________________________________________________________________________

Notation Entry Type Description

____________________________________________________________________________

user::perm USER_OBJ Permissions for the owner of the object

group::perm GROUP_OBJ Permissions for the owning group of the object

class:perm CLASS_OBJ The maximum permissions granted to the ﬁle group class

other:perm OTHER_OBJ Permissions for other users

____________________________________________________________________________

Class Entry The class entry, which is one of the base ACL entries, acts as an upper bound for

ﬁle permissions. In an ACL that contains optional group entries or optional user

entries, the class entry speciﬁes the maximum permissions that can be granted

to:

• Members of the owning group

• Any additional user entries (optional users)

• Any additional group entries (members of any optional groups)

The class entry is useful because it allows you to restrict the permissions for all

of the other ACL entries by changing only one ACL entry. If optional user or

optional group ACL entries are present, the chmod command changes the per-

missions of the class ACL entry instead of the permissions of the owning group.

This behavior allows programs that use the chmod command to support ﬁles or

directories that have permissions for additional users and groups.

Optional ACL Entries

Optional ACL entries are ACL entries other than the base ACL entries. Optional

ACL entries grant permissions beyond the standard UNIX permissions and can

be used to further allow or deny access to the ﬁle. A ﬁle or directory is con-

sidered to "have an ACL" only if optional ACLs are present. In OSS, you can

specify up to 146 optional ACL entries in an ACL. You use the setacl command

or the acl() system call to set ACL entries. Nondefault optional ACL entries

include:

12−4 Hewlett-Packard Company 527186-007