Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8758
Using JFS Access Control Lists (ACLs)
This section describes JFS Access Control Lists and how to use them.
NOTE JFS supports ACLs beginning with JFS 3.3. JFS is available for HP-UX
11.0 from the HP Software Depot, http://software.hp.com and
included in the operating environments for HP-UX 11i. See the HP JFS
documentation on http://docs.hp.com for more information about
installing JFS on HP-UX systems.
NOTE To use JFS ACLs you must have a VxFS file system using disk layout
version 4. See vxupgrade(1M) to upgrade a file system to version 4.
Definition of a JFS ACL
A JFS ACL contains one-line entries naming specific users and groups
and indicating what access is granted to each. The presence of a JFS
ACL also changes the meaning of the group permission bits displayed
using the ls -l command.
There are always at least four entries in a JFS ACL: a user entry, a
group entry, a class entry, and an other entry. When a JFS ACL
contains only these four entries, the permissions it grants are exactly the
same as the permissions represented by the standard UNIX system
permission bits.
While having such an ACL (we will call it a minimal JFS ACL) provides
no greater functionality than the permission bits alone, we will start by
describing a minimal JFS ACL, and augment it with additional entries
to show how the mechanism works.
The Minimal JFS ACL
The first entry in a minimal JFS ACL indicates the permissions that the
owner of the file gets, and maps directly to the owner permission bits.
Because it applies to the owner of the file, no indication of the user’s
name is needed. An ACL entry that grants read and write access to the
file’s owner would look like this:
user::rw-