OSF DCE Administration Guide--Core Components
Using Access Control Lists
28.2.1 ACL Syntax
The DCE control program uses the command syntax that is supported by the Tcl
language. Within Tcl, the list that represents an ACL entry contains either two or three
elements, depending on the ACL entry type, and is in the following form:
{type[ key] permissions}
The three sample ACL entries in Figure 28-2 are in the format that Tcl accepts for input.
Figure 28-2. Sample ACL Entries
ACL Permissions
Key
identifying the
specific principal
Type
Entry
{user bach rwxid}
Entry
Type
ACL
identifying the
{any-other r-xid}
Permissions
{group composers rwxid}
ACL
Entry
Type
Key
Permissions
specific group
The first sample ACL entry sets permissions for a principal in the local cell, named
bach. The ACL entry type is user, the key is bach, and the permissions are rwxid. The
entry components are separated by the space character.
The second sample ACL entry sets permissions for a group in the local cell, named
composers. The ACL entry type is group, the key is composers, and the permissions
are rwxid.
The third sample ACL entry sets permissions for all other principals in the local cell or
foreign cells (unless they match a more specific entry). The ACL entry type is any-
other, there is no key, and the permissions are r-xid. Not all types of ACL entries
require a key.
On output, the Tcl format for ACL permissions contains either a permission character or
a - (dash) for each possible permission. Two examples are
{user mozart crwx---}
{user brahms -------}
For input, the output format is acceptable, or you can use a relaxed form that omits the
dashes. For input, the same examples can be shortened to
{user mozart crwx}
{user brahms -}
The single dash is retained to show that user brahms is denied all permissions.
124243 Tandem Computers Incorporated 28−5