Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
919293949596979899100
Example 5-1 Creating an HFS ACL
In this example, the chmod command restricts write permissions for myfile to only the
user, allan. The chmod command also deletes any previous HFS ACLs.
$ chmod 644 myfile
$ ll myfile
-rw-r--r-- 1 allan users 0 Sep 21 16:56 myfile
$ lsacl myfile
(allan.%,rw-)(%.users,r--)(%.%,r--) myfile
The lsacl command displays just the default (no ACL) values, corresponding to the
basic owner, group, and other permissions.
The chacl command gives read and write access to myfile to another user.
$ chacl 'naomi.users=rw' myfile
$ ll myfile
-rw-r--r--+ 1 allan users 0 Sep 21 16:56 myfile
$ lsacl myfile
(naomi.users,rw-)(allan.%,rw-)(%.users,r--)(%.%,r--) myfile
Notice two things: the ll permissions display has a + appended, indicating that ACLs
exist and that the ll permissions string did not change. The additional entry in the lsacl
display specifies that user naomi in group users has read and write access to myfile.
Example 5-2 Multiple HFS ACL Matches
If a user's user.group combination matches more than one ACL entry, the most specific
entry takes precedence. In this example, first set the file permissions.
$ chmod 644 myfile
Use the chacl command on myfile to add a write-only entry for user naomi:
$ chacl naomi.%=w myfile
$ lsacl myfile
(naomi.%,-w-)(allan.%,rw-)(%.users,r--)(%.%,r--) myfile
Now, user naomi has write access to file myfile, using the ACL defined for naomi.%,
but does not have read access to the file because naomi.% takes precedence over the
ACLs defined for %.users and %.%.
The lsaclcommand displays the HFS ACLs in decreasing order of specificity. That is,
permission matches are attempted from left to right.
5.3.1 HFS ACLs and HP-UX Commands and Calls
The following commands and system calls work with ACLs on HFS file systems:
5.3 Using HFS ACLs 93