Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
919293949596979899100
other entry for the other group permissions. Additional entries can be added by the
user, or as a result of default entries specified on the parent directory.
5.4.3 Minimal JFS ACL
An ACL with the four basic entries defined previously is called a minimal JFS ACL. An
example minimal ACL looks like this:
user::rw-
group::r--
class:r--
other:---
The user entry indicates the permissions of the owner of the file and maps directly
to the owner permission bits. Because the first entry applies to the owner of the file,
no user name needs to be indicated. This example ACL entry grants read and write
access to the file's owner.
The group and class entries specify the permission granted to members of the
file's owning group. The example ACL entry grants read-only access to the file's
owning group. The group and class entries are described more in Section 5.4.5.
The other entry is a catch-all entry that specifies permissions for anyone who is
not granted or denied permission by any other entry. The example other entry
denies access to all users who are not the owner of the file nor in the file's owning
group.
The permission bits displayed by ls -l for this file would look like this:
rw-r-----
The next section describes how additional JFS ACL entries affect file access and the
interpretation of the permission bits.
5.4.4 Additional JFS ACL user and group Entries
If you want to grant or deny access to specific users and groups on the system, you can
add up to 13 more user and group entries to the four minimal entries described in the
previous section.
For example, the following entry in the ACL of a file grants read, write, and execute
access to a user logged in as boss:
user:boss:rwx
In the next example, an ACL with the following entry denies access to a user in the group
spies:
group:spies:---
5.4.5 JFS ACL group and class Entries
In a file with a minimal ACL, the owning group and class ACL entries are identical.
However, in a file with additional entries, the owning group and class ACL entries
96 File System Security