HP-UX Reference (11i v1 00/12) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man5/!!!intro.5
________________________________________________________________
___ ___
a
aclv(5) aclv(5)
(except for the first user [owner] entry and the other entry). Any permission can be denied to a particu-
lar user or group. The class entry acts as a upper bound for file permissions.
When an ACL contains more than one user and/or group entry, the collection of additional user and
group entries are referred to as the groupclass entries, since the effective permission granted by any of
these additional entries is limited by the class entry.
If there are additional entries in the ACL, the class entry will no longer necessarily equal the value of
the permission for the owning group as reported by ls -l. This feature is useful because it means that
the chmod(1) command can usefully affect the permissions of a file that has additional ACL entries.
ACL Uniqueness
Entries are unique in each ACL. There can only be one of each type of base entry, and one entry for any
given user or group ID. Likewise, there can only be one of each type of default base entry, and one default
entry for any given user or group ID.
ACL Inheritance
When a directory’s ACL contains default entries, those entries are not used in determining access to the
directory itself. Instead, every time a file is created in the directory, the directory’s default ACL entries are
added as non-default ACL entries to the new file.
For example, suppose the directory /a has the following ACL, as reported by getacl(1):
# file: /a
# owner: alpha
# group: uno
user::rwx
group::rwx
class:rwx
other:rwx
default:user:beta:r--
default:user:gamma:r--
default:group:dos:---
default:group:tres:---
Then, any new file created in /a would have its ACL initialized using a combination of the creator’s umask
(e.g., 022) and /a’s default ACL entries as follows:
# file: /a/file
# owner: creator_uid
# group: creator_gid
user::rw-
user:beta:r--
user:gamma:r--
group::r--
group:dos:---
group:tres:---
class:r--
other:r--
When a new subdirectory is created, the parent directory’s default ACL entries are added to the new sub-
directory twice, first as its non-default ACL entries, and second as the subdirectory’s default ACL entries.
In this way, default ACLs propagate downward as trees of directories are created. If the file created in the
previous example were instead a directory, its ACL would appear as follows:
# file: /a/dir
# owner: creator_uid
# group: creator_gid
user::rwx
user:beta:r--
user:gamma:r--
group::r-x
group:dos:---
group:tres:---
class:r-x
other:r-x
HP-UX Release 11i: December 2000 − 3 − Section 5−−13
___
___