Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

1411

acl(5) OSS System Calls Reference Manual

NAME

acl - Introduction to OSS access control lists (ACLs)

DESCRIPTION

Access control lists (ACLs) are a key enforcement mechanism of discretionary access control

(see "Deﬁnitions" later in this reference page). ACLs specify access to ﬁles by users and groups

more selectively than traditional UNIX mechanisms.

OSS already enables nonprivileged users or processes, such as ﬁle owners, to allow or deny other

users access to ﬁles and other objects as determined by their user identity, group identity, or both.

This level of control is accomplished by setting or manipulating a ﬁle’s permission bits to grant

or restrict access by owner, group, and others (see the chmod(2) reference page).

ACLs offer a greater degree of selectivity than permission bits. ACLs allow a process whose

effective user ID matches the ﬁle owner, super ID, or a member of the Safeguard SECURITY-

OSS-ADMINISTRATOR security group to permit or deny access to a ﬁle to a list of speciﬁc

users and groups.

ACLs are supported as a superset of the UNIX operating system discretionary access control

(DAC) mechanism for ﬁles, but not for other objects such as interprocess communication (IPC)

objects.

All OSS system calls that include pathnames are subject to the ACLs on any directory or ﬁle in

the path.

OSS ACLs:

• Are supported in Version 3 catalog OSS ﬁlesets on J-series RVUs, on H06.08 and later

H-series RVUs, and G06.29 and later G-series RVUs.

• Are supported for directories, regular ﬁles, ﬁrst-in, ﬁrst-out (FIFO) special ﬁles, and

bound AF_UNIX sockets.

• Support up to 150 ACL entries.

• Support separate permissions for up to 146 additional users and groups.

• Support default ACL inheritance (see "ACL Inheritance" later in this reference page).

• Are based on the POSIX 1003.1e draft standard and the HP-UX implementation of

ACLs.

• Are not supported by the OSS Network File System (NFS) for J06.08 and earlier J-series

RVUs, H06.19 and earlier H-series RVUs, or G-series RVUs. All attempts by NFS

clients to access OSS objects protected by ACLs that contain optional ACL entries are

denied.

• Are supported by the OSS NFS for J06.09 and later J-series RVUs and H06.20 and later

H-series RVUs as follows:

— Access by OSS NFS clients to OSS objects protected by optional ACL entries

can be allowed, depending upon the NFSPERMMAP attribute value for the OSS

ﬁleset that contains the object.

— The NFSPERMMAP attribute value speciﬁes the algorithm used to map the OSS

ACL permissions for the object to the standard permissions bits (rwxrwxrwx)

expected for the object by NFS V2 clients.

12−2 Hewlett-Packard Company 527186-023