test

Trusted Solaris User's Guide

Access Control Lists

The access control list (ACL) lets you grant individual permissions (referred to as ACL entries) to specific users and groups. For example, if you want to grant write permission to your manager, you can create an ACL entry granting him or her write permission.

There are two general categories of ACL entries: access ACL entries and default ACL entries. Access ACL entries define who has access to a specific file or directory. Default access entries define the permissions to be applied to newly created files or folders with a specified folder.

By definition, every access control list has a special entry called a mask (which cannot be deleted). The mask sets the maximum permissions allowed on a file or folder for all groups and any non-owner users. (The mask does not apply to users who fall into the "other" category for basic permissions.) A good use of a mask is to turn off write permission for everyone but yourself when you need to have sole write access to a file.

The ACL entry types are described in the table below.

Table 5-1 ACL Types and Application

Entry Type 

Applies to 

User Category 

mask

Files or folders 

All users except owner and other.  

user

Files or folders 

Specified user  

group

Files or folders 

Specified group 

default user

Files created in selected folder 

Specified user  

default group

Files created in selected folder 

Specified group 

default owning user

Files created in selected folder 

Folder's owner 

default owning group

Files created in selected folder 

Owner's group 

default other

Files created in selected folder 

Users other than the owner and users in the owner's group 

default mask

Files created in selected folder 

All users except owner and other 

Whenever you create any default ACL entry, the following entries are required:

The File Manager creates these default entries automatically, taking its best guess at their permission settings. If you do not want these default permission settings, you are free to change them.