Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Print Service Administration For Version 10.4 or Later
11121314151617181920
Chapter 1 Overview of File Services 19
ACLs
When standard POSIX permissions are not enough, you can use access control lists
(ACLs). An ACL is a list of access control entries (ACEs), each specifying the permissions
to be granted or denied to a group or user, and how these permissions are propagated
throughout a folder hierarchy.
ACLs in Mac OS X Server let you set file and folder access permissions to multiple users
and groups, in addition to the standard POSIX permissions. This makes it easy to set up
collaborative environments with smooth file sharing and uninterrupted workflows,
without compromising security.
ACLs provide an extended set of permissions for a file or directory that allows you more
granularity when assigning privileges than standard permissions would provide. For
example, rather than giving a user full writing permissions, you can restrict him or her
to creation of only folders and not files.
Apples ACL model supports 13 permissions for controlling access to files and folders:
Administration
Change Permissions: User can change standard permissions
Take Ownership: User can change the file’s or folders ownership to him or herself
Read
Read Attributes: User can view the files or folder’s attributes (for example, name,
date, and size)
Read Extended Attributes: User can view the file’s or folders attributes added by
third-party developers
List Folder Contents (Read Data): User can list folder contents and read files
Traverse Folder (Execute File): User can open subfolders and execute a program
Read Permissions: User can view the file’s or folder’s standard permissions using the
Get Info or Terminal commands
Write
Write Attributes: User can change the file’s or folder’s standard attributes
Write Extended Attributes: User can change the files or folder’s other attributes
Create Files (Write Data): User can create files and modify files
Create Folder (Append Data): User can create subfolders and add new data to files
Delete: User can delete file or folder
Delete Subfolders and Files: User can delete subfolders and files
In addition to these permissions, the Apple ACL model defines four types of inheritance
that specify how these permissions are propagated:
Apply to this folder: Apply (Administration, Read, and Write) permissions to this folder
Apply to child folders: Apply permissions to subfolders
Apply to child files: Apply permissions to the files in this folder
Apply to all descendants: Apply permissions to all descendants (see “Understanding
Inheritance” on page 21 to learn how this option works with the previous two)