acl.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

acl(5) acl(5)

NGROUPS_SGID_SUPP

process’s saved gid plus supp groups

Header <acllib.h>

The

<acllib.h> header ﬁle deﬁnes several constants for use with ACL support library calls.

Symbolic forms of ACLs for acltostr() :

FORM_SHORT

FORM_LONG

Magic values for various calls:

ACL_FILEOWNER file’s owner ID

ACL_FILEGROUP file’s group ID

ACL_ANYUSER wildcard user ID

ACL_ANYGROUP wildcard group ID

MODE_DEL delete one ACL entry

Mask for valid mode bits in ACL entries:

MODEMASK (R_OK | W_OK | X_OK)

The <acllib.h> header also deﬁnes the

struct acl_entry_patt ACL pattern entry structure,

which includes the following members:

aclid_t uid; /* user ID */

aclid_t gid; /* group ID */

aclmode_t onmode; /* mode bits that must be on */

aclmode_t offmode; /* mode bits that must be off */

WARNINGS

ACLs are intended for use on ordinary ﬁles and directories. Optional ACL entries are not recommended

on ﬁles that are manipulated by certain system utilities, such as terminal special ﬁles and LP scheduler

control ﬁles. These utilities might delete optional entries, including those whose intent is restrictive,

without warning as a consequence of calling chmod(2), thereby increasing access unexpectedly.

Most, but not all, supported utilities are able to handle ACLs correctly. However, only the fbackup (1M)

and frecover (1M) ﬁle archive utilities handle access control lists properly. When using programs (such as

archive programs ar(1), cpio (1), ftio (1), tar(1), and dump(1M)) unable to handle ACLs on ﬁles with

optional ACL entries, note the Access Control List information included on their respective reference

pages, to avoid loss of data.

If a user name is deﬁned in the

/etc/passwd ﬁle or a group name is deﬁned in the

/etc/group ﬁle

% or @, or for patterns, ∗, ACL syntax cannot reference that name as itself because the symbols have

other meanings. However, such users or groups can still be referenced by their ID numbers. User and/or

group names must not include the following characters:

. Do not use in user names.

+ Do not use in group names.

- Do not use in group names.

= Do not use for operator form input of group names.

, Do not use for short form or for operator form patterns.

) Do not use for short form patterns.

It is possible to specify an ACL pattern using the @ (ﬁle owner or group) or

* (wildcard) symbols so that it

cannot match certain ﬁles, perhaps depending on their ownership, by giving two entries, one with speciﬁc

values and the other using @ or *, which are equivalent for a ﬁle but contain different mode values. For

example:

find / -acl ’(ajs.%,r)(@.%,rw)’ -print

cannot match a ﬁle owned by ajs.

DEPENDENCIES

NFS NFS does not support ACLs on remote ﬁles. Individual manual entries specify the behavior of vari-

ous system calls, library calls, and commands under these circumstances. Be careful when transfer-

ring a ﬁle with optional entries over a network or when manipulating a remote ﬁle because optional

entries may be silently deleted.

8 Hewlett-Packard Company − 8 − HP-UX 11i Version 3: September 2010