Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8766
group::rw-
class:rw-
other:r--
If setacl is used to give read-write permission to user2 and user3 and
read-only permission to group2, getacl would produce the following
output:
Example 8-13 Example getacl Output after Additions to the ACL
$ getacl junk
# file: junk
# owner: user1
# group: group1
user::rw-
user:user2:rw-
user:user3:rw-
group::rw-
group:group2:rwx
class:rwx
other:r--
Note that the class entry changed to include execute permission when
the group2 entry was given execute permission.
getacl shows effective permissions when they are more restricted than
the permissions that specifically granted in the ACL. For example, if we
use chmod to deny execute permissions to the group class, some ACL
entries will show an #effective permission that differs from the ACL
entry:
Example 8-14 Example getacl Output Showing Effective Permissions
$ chmod g-x junk
$ getacl junk
# file: junk
# owner: user1
# group: group1
user::rw-
user:user2:rw-
user:user3:rw-
group::rw-
group:group2:rwx #effective:rw-
class:rw-
other:r--