HP-UX Reference (11i v3 07/02) - 5 Miscellaneous Topics (vol 9)
a
aclv(5) aclv(5)
default:user:beta:r--
default:user:gamma:r--
default:group:dos:---
default:group:tres:---
Access Check Algorithm
To determine the permission granted to an accessing process’s effective user ID (EGID) and effective group
ID (EGID), respectively, the following checks are made, in the following order:
If the EUID of the process is the same as the owner of the file, grant the permissions specified in the
user:: entry.
If the EUID matches the UID specified in one of the additional
user:uid: entries, grant the per-
missions specified in that entry, bitwise-ANDed with the permissions specified in the
class entry.
If the EGID of the process is the same as the owning group of the file, grant the permissions specified
in the
group:: entry.
If the EGID matches the UID specified in one of the additional
group:gid: entries, grant the per-
missions specified in that entry, bitwise-ANDed with the permissions specified in the
class entry.
Otherwise, grant the permissions specified in the
other entry.
Once access rights have been determined by one of the above checks, the subsequent checks in the list are
not performed.
ACL Operations Supported
ACLs may be set, retrieved or counted, via the acl(2) system call. ACLs may be set or modified using the
setacl(1) command, and may be retrieved using the getacl(1) command. The permissions granted to a par-
ticular user or group ID may be determined via the getaccess(1) command and the getaccess (2) system call.
Files with certain ACL properties may be located using the
-aclv option of find(1).
ACL Interaction with stat(2), chmod(2), and chown(2)
stat() The st_mode field summarizes the caller’s access rights to the file. It differs from file permission
bits only if the file has one or more optional entries applicable to the caller. The st_basemode
field provides the file’s actual permission bits. The st_aclv field indicates the presence of optional
ACL entries in the file’s ACL.
The st_mode field contains a user-dependent summary, so that programs ignorant of ACLs that
use stat(2) and chmod(2) are more likely to produce expected results, and so that stat(2) provides
reasonable information about remote files over NFS. The st_basemode and st_aclv fields are use-
ful only for local files.
chmod()
Setting the group permission bits via chmod(2) system call affects the file’s
class entry, which
would in turn affect the permissions granted by additional
user:uid: and group:gid
:
entries. In particular, using chmod(2) to set a file’s permission bits to all zeroes removes all
access to the file, regardless of permissions granted by any additional user:uid: or
group:gid: entries.
chown()
When a file’s owner or owning group are changed via chown(2) to a UID or GID that has existing
user:uid: or group:gid: entries, those entries are not removed from the ACL, but they
are rendered moot, because the user:: or group:: entries take precedence.
HEADERS
Header <sys/acl.h>
The <sys/aclv.h> header file defines the following constants to govern the numbers of entries per ACL:
NACLVENTRIES Maximum number of entries per ACL, including base entries
NACLBASE Number of base entries
The ACL structure struct acl is also defined, and includes the following members:
int a_type; /* type of entry */
uid_t a_id; /* group ID */
ushort a_perm; /* see <unistd.h> */
36 Hewlett-Packard Company − 4 − HP-UX 11i Version 3: February 2007