Administrator's Guide
Edit the file so that it appears as follows:
$ cat junk.acl
# file: junk
# owner: user1
# group: group1
user::rw-
user:user2:rw-
user:user3:rw-
user:user4:---
user:user5:r--
group::rw-
group:group2:rw-
group:group3:r--
group:group4:---
group:group5:rw-
class:rw-
other:r--
Apply the ACL to the file using the setacl -f command:
$ setacl -f junk.acl junk
5.4.10.3 Effective Permissions and setacl -n
Normally, setacl recalculates the class entry to ensure that permissions granted in
the additional ACL entries are granted. If you specify the -n option, the class entry is
not recalculated; the existing value is used. This means that some permissions granted
by the ACL entries will not be granted in practice.
For example, this ACL is modified with the setacl -n command to add read and
execute permissions to group dev as follows:
$ getacl exfile
# file: exfile
# owner: jsmith
# group: users
user::rw-
group::rw-
class:rw-
other:rw-
$ setacl -n -m group:dev:r-x exfile
$ getacl exfile
# file: exfile
# owner: jsmith
# group: users
user::rw-
group::rw-
group:dev:r-x #effective r--
class:rw-
other:rw-
The group dev ACL entry is added as specified, but execute permission is not actually
granted. Execute permission is denied by the class entry, and the class entry was
5.4 Using JFS ACLs 101