Specifications
Chapter 2 Setting Up File Service Permissions 21
Apple’s ACL model supports 13 permissions for controlling access to les and folders,
as described in the following table.
Permission name Type Description
Change Permissions Administration User can change standard
permissions.
Take Ownership Administration User can change the le’s or
folder’s ownership to himself
or herself.
Read Attributes Read User can view the le’s or
folder’s attributes (for example,
name, date, and size).
Read Extended Attributes Read User can view the le’s or
folder’s attributes added by
third-party developers.
List Folder Contents (Read Data) Read User can list folder contents and
read les.
Traverse Folder (Execute File) Read User can open subfolders and
run a program.
Read Permissions Read User can view the le’s or
folder’s standard permissions
using the Get Info or Terminal
commands.
Write Attributes Write User can change the le’s or
folder’s standard attributes.
Write Extended Attributes Write User can change the le’s or
folder’s other attributes.
Create Files (Write Data) Write User can create les and
change les.
Create Folder (Append Data) Write User can create subfolders and
add data to les.
Delete Write User can delete le or folder.
Delete Subfolders and Files Write User can delete subfolders
and les.
In addition to these permissions, the Apple ACL model denes four types of
inheritance that specify how these permissions are propagated:
 Apply to this folder: Apply (Administration, Read, and Write) permissions to this folder.
 Apply to child folders: Apply permissions to subfolders.
 Apply to child les: Apply permissions to the les in this folder.
 Apply to all descendants: Apply permissions to descendants. To learn how this option
works with the previous two, see “Understanding Inheritance” on page 23.