Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

251

252

253

254

255

256

257

258

259

260

Conﬁguring a System

Controlling Access to a System

Chapter 3 251

You can assign special privileges to a group of users using the

/usr/sbin/setprivgrp command. For information, refer to setprivgrp

(1M), setprivgrp (2), getprivgrp (2), rtprio (2), plock (2), shmctl (2), chown

(1), chown (2), getprivgrp (1), plock (2), shmctl (2),lockf (2), setuid (2),

setgid (2), and setgid (2).

Setting File Access Permissions

The /usr/bin/chmod command changes the type of access (read, write,

and execute privileges) for the ﬁle’s owner, group members, or all others.

Only the owner of a ﬁle (or the superuser) can change its read, write, and

execute privileges. For details, see chmod (1).

By default, new ﬁles have read/write permission for everyone

(-rw-rw-rw-) and new directories have read/write/execute permission

for everyone (drwxrwxrwx). Default ﬁle permissions can be changed

using the /usr/bin/umask command. For details, see umask (1). The

default for trusted systems is different; see “Setting Up Your Trusted

System” on page 790.

Setting Ownership for Files

The /usr/bin/chown command changes ﬁle ownership. To change the

owner, you must own the ﬁle or have superuser privileges.

The /usr/bin/chgrp command changes ﬁle group ownership. To change

the group, you must own the ﬁle or have superuser privileges.

For more information, refer to chown (1) and chgrp (1).

Setting Access Control Lists

Access control lists (ACLs) offer a ﬁner degree of ﬁle protection than

traditional ﬁle access permissions. You can use ACLs to allow or restrict

ﬁle access to individual users unrelated to what group the users belong.

Only the owner of a ﬁle (or the superuser) can create ACLs.

ACLs are supported on both JFS and HFS ﬁle systems, but the

commands and some of the semantics differ. On a JFS ﬁle system, use

setacl(1) to set ACLs and use getacl(1) to view them. On an HFS ﬁle

system, use chacl(1) to set ACLs and use lsacl(1) to view them. For a

discussion of both JFS and HFS ACLs, see “Managing Access to Files

and Directories” on page 753. For additional JFS ACL information see

setacl (1), getacl (1), and aclv (5). For additional HFS ACL information,

see lsacl (1), chacl (1), and acl (5).