Security Management Guide (G06.24+, H06.03+)
OSS System Security
Security Management Guide—522283-008
4-4
Access Control Lists
Figure 4-1 shows the format of a file-permission code.
The first character of the permission code indicates the file type. A dash (-) character in
this position indicates an ordinary file, and the letter d indicates a directory.
The remainder of the permission code consists of three sets of three characters
specifying permissions for the file owner, file group, and all others, respectively. A dash
in any of these positions indicates that the permission is denied. For example, a
permission code of -rwxr-xr-- indicates that the file owner can read, write, and execute
the file; members of the file group can read and execute the file; and all others can
read the file.
For more information about understanding permissions, see the Open System
Services User’s Guide.
Access Control Lists
The access control lists (ACLs) consist of a set of one-line entries associated with a file
that specifies permission. Each entry specifies a set of access permissions for one
user-ID or group-ID, which includes read, write, and execute or search.
ACL Notation
Supported commands that manage ACLs recognize these symbolic representation:
[d[efault]:]u[ser]:[uid]:perm
[d[efault]:]g[roup]:[gid]:perm
[d[efault]:]c[lass]:perm
[d[efault]:]o[ther]:perm
Figure 4-1. OSS File and Directory Permissions
Note. The access control lists are supported only on systems running G06.29 and later
G-series RVUs and H06.08 and later H-series RVUs.
Owner
Group Others
-rwxrwxrwx
Type
Types
- (regular/ordinary file)
d (directory)
b (block)
c (character special file)
p (named-pipe special file)
Permissions
r =read
w= write
x = execute
X for S_IXUSR, S_IXGRP, or S_IXOTH in the
“execute” position
s for set user ID or set group ID, in the owner
or group “execute” position
t for text segment (the sticky bit), in the other
“execute” position
- no permission
VST0401.vsd
s (AF_UNIX socket)