HP-UX Reference (11i v1 00/12) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

__________________________________________________________________________________________________________________________________________________________________________________________________

STANDARD Printed by: Nora Chuang [nchuang] STANDARD

/build/1111/BRICK/man5/!!!intro.5

________________________________________________________________

___ ___

aclv(5) aclv(5)

default:user:beta:r--

default:user:gamma:r--

default:group:dos:---

default:group:tres:---

Access Check Algorithm

To determine the permission granted to an accessing process’s effective user ID (EGID) and effective group

ID (EGID), respectively, the following checks are made, in the following order:

If the EUID of the process is the same as the owner of the ﬁle, grant the permissions speciﬁed in the

user:: entry.

If the EUID matches the UID speciﬁed in one of the additional user:uid: entries, grant the per-

missions speciﬁed in that entry, bitwise-ANDed with the permissions speciﬁed in the class entry.

If the EGID of the process is the same as the owning group of the ﬁle, grant the permissions speciﬁed

in the group:: entry.

If the EGID matches the UID speciﬁed in one of the additional group:gid: entries, grant the per-

missions speciﬁed in that entry, bitwise-ANDed with the permissions speciﬁed in the

class entry.

Otherwise, grant the permissions speciﬁed in the

other entry.

Once access rights have been determined by one of the above checks, the subsequent checks in the list are

not performed.

ACL Operations Supported

ACLs may be set, retrieved or counted, via the acl(2) system call. ACLs may be set or modiﬁed using the

setacl(1) command, and may be retrieved using the getacl(1) command. The permissions granted to a par-

ticular user or group ID may be determined via the getaccess(1) command and the getaccess(2) system call.

Files with certain ACL properties may be located using the

-aclv option of ﬁnd(1).

ACL Interaction with stat(2), chmod(2), and chown(2)

stat The st_mode ﬁeld summarizes the caller’s access rights to the ﬁle. It differs from ﬁle permission

bits only if the ﬁle has one or more optional entries applicable to the caller. The st_basemode ﬁeld

provides the ﬁle’s actual permission bits. The st_aclv ﬁeld indicates the presence of optional ACL

entries in the ﬁle’s ACL.

The st_mode ﬁeld contains a user-dependent summary, so that programs ignorant of ACLs that use

stat(2) and chmod(2) are more likely to produce expected results, and so that stat(2) provides rea-

sonable information about remote ﬁles over NFS. The st_basemode and st_aclv ﬁelds are useful

only for local ﬁles.

chmod Setting the group permission bits via chmod(2) system call affects the ﬁle’s

class entry, which

would in turn affect the permissions granted by additional

user:uid: and group:gid:

entries.

In particular, using chmod(2) to set a ﬁle’s permission bits to all zeroes removes all access to the

ﬁle, regardless of permissions granted by any additional

user:uid: or group:gid: entries.

chown When a ﬁle’s owner or owning group are changed via chown(2) to a UID or GID which have exist-

ing user:uid: or group:gid: entries, those entries are not removed from the ACL, but they

are rendered moot, because the user:: or group:: entries take precedence.

HEADERS

Header <sys/acl.h>

The <sys/aclv.h> header ﬁle deﬁnes the following constants to govern the numbers of entries per ACL:

NACLVENTRIES maximum number of entries per ACL, including base entries

NACLBASE number of base entries

The ACL structure struct acl is also deﬁned, and includes the following members:

int a_type; /* type of entry */

uid_t a_id; /* group ID */

ushort a_perm; /* see <unistd.h> */

The <sys/aclv.h > header also deﬁnes the set of valid values for the a_type ﬁeld, as well as the valid

values for the cmd argument to the acl(2) system call.

Section 5−−14 − 4 − HP-UX Release 11i: December 2000

___