Manualshelf

Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
271272273274275276277278279280
SD-UX Security
How ACLs are Matched to the User
Chapter 9272
How ACLs are Matched to the User
ACL permissions are determined by a match to a single ACL entry, not to
an accumulation of matching entries. Checking is done from the most
restrictive entry types to the broadest.
If a match is found in a user entry type, no further checking is done, and
the permissions for that user are fully defined by the permissions field of
the matched entry. A matched user may be a member of a group with
broader permissions; this has no consequence.
NOTE The local superuser has access to all local SD-UX objects irrespective of
ACLs.
The ACL matching algorithm is:
1. If user is local superuser, then grant all permissions.
2. If user is owner of the object, then grant object_owner permissions.
3. If user matches a user entry, then grant user permissions.
4. If any group entries match, then accumulate the permissions
granted by all group entries that match the users primary and
supplementary groups.
5. If an appropriate other entry matches, then grant other permissions.
6. If an any_other entry, then grant any_other permissions.
7. Grant no permissions.