HP-UX Reference (11i v2 07/12) - 5 Miscellaneous (vol 9)
a
aclv(5) aclv(5)
(except for the first user [owner] entry and the
other entry). Any permission can be denied to a particu-
lar user or group. The
class entry acts as a upper bound for file permissions.
When an ACL contains more than one user
and/or group entry, the collection of additional user and
group entries are referred to as the group
class entries, since the effective permission granted by any of
these additional entries is limited by the
class
entry.
If there are additional entries in the ACL, the
class entry will no longer necessarily equal the value of
the permission for the owning group as reported by
ls -l. This feature is useful because it means that
the chmod(1) command can usefully affect the permissions of a file that has additional ACL entries.
ACL Uniqueness
Entries are unique in each ACL. There can only be one of each type of base entry, and one entry for any
given user or group ID. Likewise, there can only be one of each type of default base entry, and one default
entry for any given user or group ID.
ACL Inheritance
When a directory’s ACL contains default entries, those entries are not used in determining access to the
directory itself. Instead, every time a file is created in the directory, the directory’s default ACL entries are
added as non-default ACL entries to the new file.
For example, suppose the directory
/a has the following ACL, as reported by getacl(1):
# file: /a
# owner: alpha
# group: uno
user::rwx
group::rwx
class:rwx
other:rwx
default:user:beta:r--
default:user:gamma:r--
default:group:dos:---
default:group:tres:---
Then, any new file created in /a would have its ACL initialized using a combination of the creator’s umask
(e.g., 022) and /a’s default ACL entries as follows:
# file: /a/file
# owner: creator_uid
# group: creator_gid
user::rw-
user:beta:r--
user:gamma:r--
group::r--
group:dos:---
group:tres:---
class:r--
other:r--
When a new subdirectory is created, the parent directory’s default ACL entries are added to the new sub-
directory twice, first as its non-default ACL entries, and second as the subdirectory’s default ACL entries.
In this way, default ACLs propagate downward as trees of directories are created. If the file created in the
previous example were instead a directory, its ACL would appear as follows:
# file: /a/dir
# owner: creator_uid
# group: creator_gid
user::rwx
user:beta:r--
user:gamma:r--
group::r-x
group:dos:---
group:tres:---
class:r-x
other:r-x
HP-UX 11i Version 2: December 2007 Update − 3 − Hewlett-Packard Company 35