Managing Systems and Workgroups: A Guide for HP-UX System Administrators

Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8754
Using HFS Access Control Lists (ACLs)
HFS ACL permissions are set with the chacl command and displayed
with the lsacl command. (See chacl (1) and lsacl (1).)
IMPORTANT You must use chmod with its -A option when working with files that have
HFS ACL permissions assigned. Without the -A option, chmod will delete
the ACL permissions from the file. The syntax is:
chmod -A
mode file
...
The chacl command is a superset of the chmod command. Any specific
permissions you assign with the chacl command are added to the more
general permissions assigned with the chmod command.
The simple form of the chacl command is:
chacl '
user
.
group operator mode
'
filename
...
where:
user
is the user’s login name; a percent sign (%) means all
users.
group
is the user’s group; a percent sign (%) means all groups.
operator
is one of:
+ Add to the current permissions.
- Delete from the current permissions.
= Change the permissions to those
given.
mode
is zero or more permissions: read (r), write (w), and
execute/search (x).
The apostrophes (') are used to protect spaces and any special shell
characters.
When a file has ACLs, the ll command displays a + after the permission
string.
If a
user
.
group
matches more than one HFS ACL entry, the more
specific entry takes precedence. See Example 8-2 on page 755.