Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)
acl(5) OSS System Calls Reference Manual
For security reasons, if an ACL contains default ACL entries, all of the default base ACL entries
should be provided. During ACL inheritance, if any default base ACL entries are missing, the
permissions for the missing default base ACL entries are derived as follows:
DEF_USER_OBJ permissions
The complement of the umask user permissions
DEF_GROUP_OBJ permissions
The complement of the umask group permissions
DEF_CLASS_OBJ permissions
The complement of the umask group permissions
DEF_OTHER_OBJ permissions
The complement of the umask other permissions
Examples of ACL Inheritance
Directory /a has the following ACL, as reported by the getacl command:
# file: /a
# owner: alpha
# group: uno
user::rwx
group::rwx
class:rwx
other:rwx
default:user:beta:r--
default:user:gamma:r--
default:group:dos:---
default:group:tres:---
In this example, the ACL for a new file created in the directory /a includes the default ACL
entries for directory /a as actual (nondefault) ACL entries:
# file: /a/newfile
# owner: creator_uid
# group: creator_gid
user::rw-
user:beta:r--
user:gamma:r--
group::r--
group:dos:---
group:tres:---
class:r--
other:r--
In this example, a new directory, dir is created in the /a directory. The default ACL entries of the
parent directory, /a, are added to the ACL of the new subdirectory twice, first as actual (nonde-
fault) ACL entries and second as the default ACL entries. This behavior ensures that default
ACLs propagate downward as trees of directories are created. This example shows the ACL of
the new directory, dir:
# file: /a/dir
# owner: creator_uid
# group: creator_gid
user::rwx
user:beta:r--
12−8 Hewlett-Packard Company 527186-023