Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 698 — #724
i
i
i
i
i
i
i
i
27.3.1 Structure of ACL Entries
There are two basic classes of ACLs: A minimum ACL merely comprises the
entries for the types owner, owning group, and other, which correspond
to the conventional permission bits for files and directories. An extended
ACL goes beyond this. It must contain a mask entry and may contain sev-
eral entries of the named user and named group types. Table 27.1 provides a
summary of the various types of ACL entries that are possible.
Table 27.1: ACL Entry Types
Type Text Form
owner user::rwx
named user user:name:rwx
owning group group::rwx
named group group:name:rwx
mask mask::rwx
other other::rwx
The permissions defined in the entries owner and other are always effective.
Except for the mask entry, all other entries (named user, owning group, and
named group) can be either effective or masked. If permissions exist in one
of the above-mentioned entries as well as in the mask, they are effective.
Permissions contained only in the mask or only in the actual entry are not
effective. The example in Table 27.2 demonstrates this mechanism.
Table 27.2: Masking Access Permissions
Entry Type Text Form Permissions
named
user
user:jane:r-x r-x
mask mask::rw- rw-
effective permissions: r--
698 27.3. Handling ACLs