acl.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

acl(5) acl(5)

NAME

acl - introduction to HFS access control lists

DESCRIPTION

Access control lists are a key enforcement mechanism of discretionary access control (see Deﬁnitions

below), for specifying access to ﬁles by users and groups more selectively than traditional HP-UX

mechanisms allow.

HP-UX already enables nonprivileged users or processes, such as ﬁle owners, to allow or deny other users

access to ﬁles and other objects on a "need to know" basis, as determined by their user and/or group iden-

tity (see passwd (4) and group(4)). This level of control is accomplished by setting or manipulating a ﬁle’s

permission bits to grant or restrict access by owner, group, and others (see chmod(2)).

ACLs offer a greater degree of selectivity than permission bits. ACLs allow the ﬁle owner or superuser to

permit or deny access to a list of users, groups, or combinations thereof.

ACLs are supported as a superset of the UNIX operating system discretionary access control (DAC)

mechanism for ﬁles, but not for other objects such as inter-process communication (IPC) objects.

This manual page describes ACLs as implemented on HFS ﬁle systems only. See aclv (5) for a description

of ACLs in JFS ﬁle systems.

Deﬁnitions

Because control of access to data is a key concern of computer security, we provide the following

deﬁnitions, based on those of the Department of Defense Trusted Computer System Evaluation Criteria ,

to explain further both the concepts of access control and its relevance to HP-UX security features:

access "A speciﬁc type of interaction between a subject and an object that results in the

ﬂow of information from one to the other." Subjects include "persons, processes, or

devices that cause information to ﬂow among objects or change the system state."

Objects include ﬁles (ordinary ﬁles, directories, special ﬁles, FIFOs, etc.) and inter-

process communication (IPC) features (shared memory, message queues, sema-

phores, sockets).

access control list (ACL)

An access control list is a set of (user.group, mode) entries associated with a ﬁle that

specify permissions for all possible user-ID/group-ID combinations.

access control list (ACL) entry

An entry in an ACL that speciﬁes access rights for one user and group ID combina-

tion.

change permission

The right to alter DAC information (permission bits or ACL entries). Change per-

mission is granted to object (ﬁle) owners and to privileged users.

discretionary access control (DAC)

"A means of restricting access to objects based on the identity of subjects and/or

groups to which they belong. The controls are discretionary in the sense that a sub-

ject with a certain access permission is capable of passing that permission (perhaps

indirectly) to any other subject."

mode Three bits in each ACL entry which represent read, write, and execute/search per-

missions. These bits may exist in addition to the 16 mode bits associated with every

ﬁle in the ﬁle system (see glossary (9)).

privilege The ability to ignore access restrictions and change restrictions imposed by security

policy and implemented in an access control mechanism. In HP-UX, superusers

and members of certain groups (see privgrp (4)) are the only privileged users.

restrictive versus permissive

An individual ACL entry is considered restrictive or permissive, depending on con-

text. Restrictive entries deny a user and/or group access that would otherwise be

granted by less-speciﬁc base or optional ACL entries (see below). Permissive entries

grant a user and/or group access that would otherwise be denied by less-speciﬁc

base or optional ACL entries.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (10 pages)

PAGE 1
acl(5) acl(5) NAME acl - introduction to HFS access control lists DESCRIPTION Access control lists are a key enforcement mechanism of discretionary access control (see Definitions below), for specifying access to files by users and groups more selectively than traditional HP-UX mechanisms allow.
PAGE 2
acl(5) acl(5) Access Control List Entries An access control list (ACL) consists of sets of (user.group, mode) entries associated with a file that specify permissions. Each entry specifies for one user-ID/group-ID combination a set of access permissions, including read, write, and execute/search.
PAGE 3
acl(5) acl(5) ACL Uniqueness Entries are unique in each ACL. There can only be one (u.g, mode) entry for any pair of u and g values; one (u.%, mode) entry for a given value of u; one (%.g, mode) entry for a given value of g; and one (%.%, mode) entry for each file. For example, an ACL can have a (23.14, mode) entry and a (23.%, mode) entry, but not two (23.14, mode) entries or two (23.%, mode) entries. Access Check Algorithm ACL entries can be categorized by four levels of specificity.
PAGE 4
acl(5) acl(5) The exact syntax is: acl ::= [entry[,entry]...] entry ::= id . id op mode [op mode]... id ::= name | number | % | @ op ::= = | + | mode ::= 0..7 | [char[char]...] char ::= r | w | x A Short Form of ACLs (input and output) (user . group, mode) ... aA Short form differs from operator form in several ways: • Entries are surrounded by parentheses rather than being separated by commas. • Each entry specifies the mode, including all mode bits.
PAGE 5
acl(5) acl(5) wildcard user and group IDs A user or group name of * (wildcard) matches the user or group ID in any entry, including % (no specific user or group). mode bits on, off, or ignored For operator-form input, the operators =, +, and - are applied as follows: = + - entry mode value matches this mode value exactly these bits turned on in entry mode value these bits turned off in entry mode value When only + and - operators are used, commands ignore the values of unspecified mode bits.
PAGE 6
acl(5) acl(5) chmod For conformance with IEEE Standard POSIX 1003.1-1988, chmod(2) deletes any optional entries in a file’s ACL. Unfortunately, since chmod(2) is used to set file miscellaneous mode bits as well as permission bits, extra effort is required in some cases to preserve a file’s ACL. chown If the new owner and/or group of a file does not already have an optional (u.%, mode) and/or (%.
PAGE 7
acl(5) acl(5) The following sets the base ACL entry for the file’s owner to allow both read and execute, and sets write and execute capabilities for "other" users (the "%.%" entry). chacl ’(@.%, 5) (%.%, xwx)’ myfile Long Form Here is the same ACL as in an earlier example, printed in long form. r-x --r-r-x r-- jpc.adm ajs.trux jpc.% %.bin %.% A ACL Patterns The following command locates files whose ACLs contain an entry that allows read access and denies write access to some user/group combination.
PAGE 8
acl(5) acl(5) NGROUPS_SGID_SUPP process’s saved gid plus supp groups Header The header file defines several constants for use with ACL support library calls.
PAGE 9
acl(5) acl(5) AUTHOR The access control list design described here was developed by HP. FILES /etc/passwd /etc/group Header file that supports setacl (2) and getacl (2). Header file that supports getaccess (2). Header file that supports ACL library calls. Defines user names and user and group ID values. Defines group names.
PAGE 10
(Notes) A (Notes) aA 10 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010