Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Managing Access to Files and Directories
Chapter 8 769
be granted in practice. For example, returning to our exfile example,
when it was a minimal ACL with read-write permissions across the
board:
$ getacl exfile
# file: exfile
# owner: jsmith
# group: users
user::rw-
group::rw-
class:rw-
other:rw-
Suppose we use setacl -n to add read-execute permissions to group dev
as follows:
Example 8-16 Effect of setacl -n, Showing Effective Permissions
$ setacl -n -m group:dev:r-x exfile
$ getacl exfile
# file: exfile
# owner: jsmith
# group: users
user::rw-
group::rw-
group:dev:r-x #effective r--
class:rw-
other:rw-
The group dev ACL entry is added as specified, but execute permission
will not actually be granted. Execute permission is denied by the class
entry, and the class entry was not recalculated because -n was
specified. If -n was not used, class would have been reset to class:rwx,
and the effective comment would not be there.
Comparison of JFS and HFS ACLs
JFS ACLs adhere to the POSIX ACL standard.
JFS ACLs differ from HFS ACLs in both format (internal and external)
and functionality.
Functional Differences Between JFS and HFS ACLs
Functional differences between JFS and HFS ACLs include: