Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
761762763764765766767768769770
Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8 765
default:user:boss:r--
default:user:jjones:r--
default:group:dev:r--
How the System Generates a JFS ACL
Whenever a file is created on a VxFS version 4 file system, the system
initializes a minimal JFS ACL for the file, containing a user entry for
the owner permissions, a group entry for the owning group permissions,
a class entry for the owning group permissions, and an other entry for
the other group permissions. Additional entries may be added by the
user, or as a result of default entries specified on the parent directory.
Examining a JFS ACL with getacl
The getacl command reports the entries in the ACL. As indicated, each
ACL has at least four entries, one each corresponding to the file mode
permissions for owner, group, class, and other.
File permission bits for user and group are translated into special cases
of these entries:
The bits representing owner permissions are represented by a user
entry without a specified user ID.
The bits representing group permissions are represented by a group
entry without a specified group ID.
In an ACL, there must be one each of these special user and group
entries. There may be any number of additional user entries and group
entries, but these must all contain a user ID or group ID, respectively.
There is only one other entry in an ACL, representing the permission
bits for permissions to be granted to other users.
The following is an example of the output of the getacl command for a
file named junk owned by user1 in group1 whose permission mode bits
are -rw-rw-r--:
Example 8-12 Example getacl Output for a Minimal JFS ACL
$ getacl junk
# file: junk
# owner: user1
# group: group1
user::rw-