aclv.5 (2010 09)

a
aclv(5) aclv(5)
ACL entries (except for the first
user [owner] entry and the other entry). Any permission can be
denied to a particular user or group. The
class entry acts as a upper bound for file permissions.
When an ACL contains more than one
user and/or group entry, the collection of additional user and
group entries are referred to as the group
class entries, since the effective permission granted by any of
these additional entries is limited by the
class
entry.
If there are additional entries in the ACL, the
class entry will no longer necessarily equal the value of
the permission for the owning group as reported by
ls -l. This feature is useful because it means that
the chmod(1) command can usefully affect the permissions of a file that has additional ACL entries.
ACL Uniqueness
Entries are unique in each ACL. There can be only one of each type of base entry, and one entry for any
given user or group ID. Likewise, there can be only one of each type of default base entry, and one
default entry for any given user or group ID.
ACL Inheritance
When a directory’s ACL contains default entries, those entries are not used in determining access to the
directory itself. Instead, every time a file is created in the directory, the directory’s default ACL entries
are added as non-default ACL entries to the new file.
For example, suppose the directory
/a has the following ACL, as reported by getacl (1):
# file: /a
# owner: alpha
# group: uno
user::rwx
group::rwx
class:rwx
other:rwx
default:user:beta:r--
default:user:gamma:r--
default:group:dos:---
default:group:tres:---
Then, any new file created in /a would have its ACL initialized using a combination of the creator’s
umask (e.g., 022) and the directory’s default ACL entries as follows:
# file: /a/file
# owner: creator_uid
# group: creator_gid
user::rw-
user:beta:r--
user:gamma:r--
group::r--
group:dos:---
group:tres:---
class:r--
other:r--
When a new subdirectory is created, the parent directory’s default ACL entries are added to the new sub-
directory twice, first as its non-default ACL entries, and second as the subdirectory’s default ACL entries.
In this way, default ACLs propagate downward as trees of directories are created. If the file created in
the previous example were instead a directory, its ACL would appear as follows:
# file: /a/dir
# owner: creator_uid
# group: creator_gid
user::rwx
user:beta:r--
user:gamma:r--
group::r-x
group:dos:---
group:tres:---
class:r-x
other:r-x
HP-UX 11i Version 3: September 2010 3 Hewlett-Packard Company 3