Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8 763
Example 8-8 ls -l Output for exfile with JFS ACL
$ ls -l exfile
-rw-r--rw-+ 1 jsmith users 12 Sep 20 15:02 exfile
Default JFS Access Control Lists
Often, you will want all the files created in a directory to have certain
ACL entries. For example, you might want to allow another person to
write to any file in a directory of yours where the two of you are working
on something together.
You can put an ACL entry granting the desired access on every file in the
directory, but every time you create a new file you will have to add that
entry again. Using default ACL entries, you can get the system to do this
for you automatically every time a file is created.
A default ACL entry looks like this:
default:user:boss:rw-
It can be placed only on a directory, never on an ordinary file. It never
has any influence on what access is granted to a user for the directory it
is placed on. All it does is cause the specified entry to be included in the
ACL of any file created in the directory.
If the newly created file is a directory, the default ACL entries have two
effects. First, the corresponding non-default ACL entries are created, so
that the desired permissions are granted and denied for the directory,
just as for any file created in the directory. Second, the default entries
themselves are copied, so that the new subdirectory has the same default
ACL as the parent directory.
For example, if you want any files created in the directory projectdir to
be readable by certain users, you could create the appropriate default
entries as shown below.
Example 8-9 A JFS ACL with Default Entries
$ getacl projectdir
# file: projectdir
# owner: jsmith
# group: users
user::rw-
user:boss:rw-
user:jjones:rw-
user:jdoe:---