aclv.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

aclv(5) aclv(5)

default:user:beta:r--

default:user:gamma:r--

default:group:dos:---

default:group:tres:---

Access Check Algorithm

To determine the permission granted to an accessing process’s effective user ID (EGID) and effective

group ID (EGID), respectively, the following checks are made, in the following order:

If the EUID of the process is the same as the owner of the ﬁle, grant the permissions speciﬁed in the

user:: entry.

If the EUID matches the UID speciﬁed in one of the additional

user:uid: entries, grant the per-

missions speciﬁed in that entry, bitwise-ANDed with the permissions speciﬁed in the

class entry.

If the EGID of the process is the same as the owning group of the ﬁle, grant the permissions

speciﬁed in the

group:: entry.

If the EGID matches the UID speciﬁed in one of the additional

group:gid: entries, grant the per-

missions speciﬁed in that entry, bitwise-ANDed with the permissions speciﬁed in the

class entry.

Otherwise, grant the permissions speciﬁed in the

other entry.

Once access rights have been determined by one of the above checks, the subsequent checks in the list are

not performed.

ACL Operations Supported

ACLs may be set, retrieved or counted, via the acl(2) system call. ACLs may be set or modiﬁed using the

setacl (1) command, and may be retrieved using the getacl (1) command. The permissions granted to a

particular user or group ID may be determined via the getaccess (1) command and the getaccess (2) system

call. Files with certain ACL properties may be located using the

-aclv option of ﬁnd(1).

ACL Interaction with stat(2), chmod(2), and chown(2)

stat The st_mode ﬁeld summarizes the caller’s access rights to the ﬁle. It differs from ﬁle permission

bits only if the ﬁle has one or more optional entries applicable to the caller. The st_basemode

ﬁeld provides the ﬁle’s actual permission bits. The st_aclv ﬁeld indicates the presence of optional

ACL entries in the ﬁle’s ACL.

The st_mode ﬁeld contains a user-dependent summary, so that programs ignorant of ACLs that

use stat (2) and chmod(2) are more likely to produce expected results, and so that stat (2) pro-

vides reasonable information about remote ﬁles over NFS. The st_basemode and st_aclv ﬁelds

are useful only for local ﬁles.

chmod Setting the group permission bits via chmod(2) system call affects the ﬁle’s

class entry, which

would in turn affect the permissions granted by additional

user:uid: and group:

gid:

entries. In particular, using chmod(2) to set a ﬁle’s permission bits to all zeroes removes all

access to the ﬁle, regardless of permissions granted by any additional user:uid: or

group:gid: entries.

chown When a ﬁle’s owner or owning group are changed via chown(2) to a UID or GID that has existing

user:uid: or group:gid: entries, those entries are not removed from the ACL, but they are

rendered moot, because the user:: or group:: entries take precedence.

HEADERS

Header <sys/acl.h>

The

<sys/aclv.h> header ﬁle deﬁnes the following constants to govern the numbers of entries per

ACL:

NACLVENTRIES maximum number of entries per ACL, including base entries

NACLBASE number of base entries

The ACL structure

struct acl is also deﬁned, and includes the following members:

int a_type; /* type of entry */

uid_t a_id; /* group ID */

ushort a_perm; /* see <unistd.h> */

The <sys/aclv.h> header also deﬁnes the set of valid values for the a_type ﬁeld, as well as the valid

values for the cmd argument to the acl (2) system call.

4 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: September 2010