Access control lists are used to grant or deny permissions to users or groups in addition to those specified with traditional UNIX file access permissions. This mechanism is also called discretionary access control (DAC) and is supported under the older HFS file system but not under the modern JFS file system. To grant or deny specific file accesses to a user or group , users are specified as shown in Table 7-3.
Pattern | Description |
---|---|
user.group | ACL for a specific user and a specific group |
user.% | ACL for a specific user and all groups |
%.group | ACL for all users and a specific group |
%.% | ACL for all users and all groups |
Access Control Lists can be listed using the lsacl command.
$ lsacl myfile (boota.%, rwx) (jim.%,rwx) (%.users,r-x) (%.%,r--) myfile $
This command shows that users boota and jim , belonging to any group, have all read, write, and execute permissions, all users of the users group have read and execute permissions, and all other users have only read permissions.
The chacl command is used for changing ACLs. You can grant another user mary read, write, and execute ( rwx ) permissions to myfile .
$ chacl "mary.%=rwx" myfile $ lsacl myfile (boota.%, rwx) (jim.%,rwx) (mary.%,rwx) (%.users,r-x) (%.%,r--) myfile $
Top |