HP-UX Reference (11i v1 00/12) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man5/!!!intro.5
________________________________________________________________
___ ___
a
acl(5) acl(5)
NGROUPS_RGID_SUPP process’s real gid plus supp groups
NGROUPS_SGID_SUPP process’s saved gid plus supp groups
Header <acllib.h>
The <acllib.h> header file defines several constants for use with ACL support library calls.
Symbolic forms of ACLs for acltostr():
FORM_SHORT
FORM_LONG
Magic values for various calls:
ACL_FILEOWNER file’s owner ID
ACL_FILEGROUP file’s group ID
ACL_ANYUSER wildcard user ID
ACL_ANYGROUP wildcard group ID
MODE_DEL delete one ACL entry
Mask for valid mode bits in ACL entries:
MODEMASK (R_OK | W_OK | X_OK)
The <acllib.h> header also defines the struct acl_entry_patt ACL pattern entry structure, which
includes the following members:
aclid_t uid; /* user ID */
aclid_t gid; /* group ID */
aclmode_t onmode; /* mode bits that must be on */
aclmode_t offmode; /* mode bits that must be off */
WARNINGS
ACLs are intended for use on ordinary files and directories. Optional ACL entries are not recommended on
files that are manipulated by certain system utilities, such as terminal special files andLP scheduler control
files. These utilities might delete optional entries, including those whose intent is restrictive, without
warning as a consequence of calling chmod(2), thereby increasing access unexpectedly.
Most, but not all, supported utilities are able to handle ACLs correctly. However, only the fbackup(1M) and
frecover(1M) file archive utilities handle access control lists properly. When using programs (such as
archive programs ar(1), cpio(1), ftio(1), tar(1), and dump(1M)) unable to handle ACLs on files with optional
ACL entries, note the Access Control List information included on their respective reference pages, to avoid
loss of data.
If a user name is defined in the /etc/passwd file or a group name is defined in the /etc/group file as % or
@, or for patterns, ∗,
ACL syntax cannot reference that name as itself because the symbols have other
meanings. However, such users or groups can still be referenced by their ID numbers. User and/or group
names must not include the following characters:
. Do not use in user names.
+ Do not use in group names.
- Do not use in group names.
= Do not use for operator form input of group names.
, Do not use for short form or for operator form patterns.
) Do not use for short form patterns.
It is possible to specify an ACL pattern using the @ (file owner or group) or ∗∗ (wildcard) symbols so that it
cannot match certain files, perhaps depending on their ownership, by giving two entries, one with specific
values and the other using @ or ∗∗, which are equivalent for a file but contain different mode values. For
example:
find / -acl ’(ajs.%,r)(@.%,rw)’ -print
cannot match a file owned by ajs.
DEPENDENCIES
NFS NFS does not support ACLs on remote files. Individual manual entries specify the behavior of various
system calls, library calls, and commands under these circumstances. Be careful when transferring a
file with optional entries over a network or when manipulating a remote file because optional entries
may be silently deleted.
HP-UX Release 11i: December 2000 − 8 − Section 5−−9
___
___