Open System Services System Calls Reference Manual (G06.28+, H06.05+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

1111

Miscellaneous acl(5)

permissions speciﬁed in the class entry bitwise-ANDed with the result of bitwise-ORing

together all of the permissions in all matching group entries. Otherwise, continue to the

next check.

4. Grant the permissions speciﬁed in the other: ACL entry.

Because the checks are performed in this order and the ID match checking stops when a match is

found, you can use optional user or group ACL entries with restrictive permissions to deny

access to certain users or groups.

If the EGID, the supplementary GIDs of the process, or both match the GIDs of multiple group

ACL entries for a ﬁle, the process is granted the permissions of all of the matching group entries,

restricted by the permissions in the class entry. For example, assume that the effective user ID for

a process represents the user beta, and the group IDs for that process represent group member-

ship only in the dos and tres groups. In this example, that process is allowed to open the ﬁle

/a/ﬁle with read/write access, because the group:dos: entry granted read access, the group:tres:

entry granted write access, and the class: entry allowed read and write access.

# ﬁle: /a/ﬁle

# owner: creator_uid

# group: creator_gid

user::rw-

group::rw-

group:dos:r--

group:tres:-w-

class:rw-

other:r--

ACL Operations Supported

• The acl() system call sets, retrieves, or counts ACLs.

• The setacl command sets or modiﬁes ACLs.

• The getacl command retrieves ACLs.

• The -acl option of the ﬁnd command locates ﬁles with certain ACL properties.

• The cp, cpio -p, mv, and pax -rw commands copy ACLs with the source ﬁles to the des-

tination ﬁles.

• The Backup and Restore 2 utility backs up ACLs with the ﬁles on tape and restores

ACLs with the ﬁles back to disk.

ACL Interaction with stat(), chmod(), and chown()

stat() The st_mode ﬁeld summarizes the access rights to the ﬁle. It differs from ﬁle per-

mission bits only if the ﬁle has one or more optional ACL entries. If one or more

optional ACL entries are present in the ACL of the ﬁle, the permissions speciﬁed

in the class entry of the ACL are returned as the permissions for group in the

st_mode ﬁeld. Because of this behavior, programs that use the stat() or chmod()

functions and are ignorant of ACLs are more likely to produce expected results.

The st_acl ﬁeld indicates the presence of optional ACL entries in the ACL for

the ﬁle. The st_basemode ﬁeld provides the owning user permissions, owning

group permissions, and other permissions for the ﬁle.

chmod() Using the chmod() function to set the group permission bits affects the class:

entry for the ﬁle, which in turn affects the permissions granted by additional

user:uid: and group:gid: entries. In particular, using chmod() to set ﬁle per-

mission bits to all zeros removes all access to the ﬁle, regardless of permissions

527186-007 Hewlett-Packard Company 12−9