Open System Services System Calls Reference Manual (G06.28+, H06.05+)
Miscellaneous acl(5)
If both the fileset for the created file and the system in which the process is running support OSS
ACLs, and the parent directory for the created file does not have default ACL entries, the permis-
sions of the created file are the mode bitwise-ANDed with the complement of the umask.
If both the fileset for the created file and the system in which the process is running support OSS
ACLs, and the parent directory of the created file contains default ACL entries:
• The permissions for the base ACL entries of the created file or directory are determined
by a combination of the file-creation mode and the default base ACL entries of the parent
directory as follows:
USER_OBJ permissions
The DEF_USER_OBJ permissions bitwise-ANDed with the mode user
permissions
GROUP_OBJ permissions
The DEF_GROUP_OBJ permissions
CLASS_OBJ permissions
The DEF_CLASS_OBJ permissions bitwise-ANDed with the mode
group permissions
OTHER_OBJ permissions
The DEF_OTHER_OBJ permissions bitwise-ANDed with the mode
other permissions
• The default optional ACL entries for the parent directory of the created file are added to
the ACL of the created file as actual (nondefault) optional ACL entries.
• If the created file is a directory, all of the default ACL entries of the parent directory are
copied to the ACL of the new directory. This behavior allows default ACL entries to be
inherited by files and directories created under this new directory.
For security reasons, if an ACL contains default ACL entries, all of the default base ACL entries
should be provided. During ACL inheritance, if any default base ACL entries are missing, the
permissions for the missing default base ACL entries are derived as follows:
DEF_USER_OBJ permissions
The complement of the umask user permissions
DEF_GROUP_OBJ permissions
The complement of the umask group permissions
DEF_CLASS_OBJ permissions
The complement of the umask group permissions
DEF_OTHER_OBJ permissions
The complement of the umask other permissions
Examples of ACL Inheritance
Directory /a has the following ACL, as reported by the getacl command:
# file: /a
# owner: alpha
# group: uno
user::rwx
group::rwx
class:rwx
527186-007 Hewlett-Packard Company 12−7