Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8 759
The second and third entries in a minimal ACL specify the permission
granted to members of the file’s owning group; the permissions specified
in these entries are exactly equal in a minimal ACL. For example, ACL
entries granting read-only access to the file’s owning group would look
like this:
group::r--
class:r--
The class and group entries will be described at length later in “JFS ACL
Class Entries” on page 760.
The fourth and last entry in a minimal JFS ACL is a catch-all entry that
specifies the permissions for anyone who isn’t granted or denied
permission by any other entry. An other entry that denies access to all
users not the owner of the file nor in the file’s owning group would look
like this:
other:---
The minimal ACL described above would look like this in its entirety:
Example 8-3 Elements in a Minimal JFS ACL
user::rw-
group::r--
class:r--
other:---
The permission bits displayed by ls -l for this file would look like this:
rw-r-----
In the case of a minimal JFS ACL, there is a clear correspondence
between the ACL entries and the permission bits.
The next section describes how additional JFS ACL entries affect file
access and the interpretation of the permission bits.
Additional JFS ACL User and Group Entries
If you want to specifically grant and/or deny access to specific users
and/or groups on the system, you can add up to 13 more user and group
entries to the four minimal entries described in the previous section.
Additional user entries grant and deny access to specific user IDs on
your system.For example, the following entry in the ACL of a file grants
read, write, and execute access to a user logged in as boss: