Access Control Lists



next up previous contents
Next: Privilege Up: Protection and Control Previous: Protection and Control

Access Control Lists

There are two utilities specified to access ACL information: getacl and setacl. The getacl displays permission information of ACL entries contained in the ACL of a specified file. This information includes: the file name, the file owner, the file owning group, the permissions of the file owner (the file owner entry), the permissions of the file owning group (the owning group entry), the permissions of named groups (all named group entries), the permissions of all named users (all named user entries), the permissions of ``other'' users (the ``other'' entry), and the permissions of any other implementation-defined entries. The entries are displayed in the order that they are evaluated for access decisions.

The setacl utility changes the discretionary access control information associated with a specified file. The options provided by this utility allow a user to: remove all entries except the three base entries (the permission bit mechanism entries), delete entries that are specified from the command line, delete entries that are specified in a named file, update the entries that are specified from the command line, and update entries that are specified in a named file. An entry in an ACL is considered to match a specified ACL entry if the two have equal tag types (ACL_OWNER _OBJ, ACL_USER, ACL_GROUP, etc.) and have equal qualifiers (i.e., the userids or groupids). When using these utilities, the user must specify the file that has the discretionary file information associated with it.



John Barkley
Fri Oct 7 16:17:21 EDT 1994