Setting Default Permissions Through an Access Control List

When you create a file or folder within a folder, it inherits the basic permissions set by the system administrator. (To determine the current defaults, create a new file or folder and then choose Properties from the Selected menu to view the permissions.)

You can use an Access Control List to set default basic permissions yourself for any file or folder that is created within a folder. The ACL for that folder must contain entries for all four of the following required Default entry types: Default Owning User, Default Owning Group, Default Other, and Default Mask. An ACL can contain only one entry of each required type.

The file or folder inherits the values for Owner, Group, and Other from the person who creates it and inherits the basic permissions from the required ACL Default entry types on the containing folder. ACL entries of these types do not have names associated with them.

You can also set optional Default entry types—Default User and Default Group— for any file or folder that is created within a folder. You can create as many Default User or Default Group ACL entries as you want. You must specify the name of the user or group when you create the ACL entry.

Any ACL in which you want to put a Default User or Default Group entry must also contain one of each required entry type.

Example

Suppose that the values for Owner and Group for a user named Carla are otto and otto_staff, respectively. The value for Other (call it otto_other) is everyone at Carla's company except for Carla and the members of otto_staff. Carla creates these required Default ACLs on her folder named Project1:

• Default Owning User with permissions rwx (read, write, execute)

• Default Owning Group with permissions rx (read, execute)

• Default Other with permissions no-read, no-write, no-execute

• Default Mask with permissions rw (read, write)

Any file or folder subsequently placed in the Project1 folder inherits these basic permissions from Project1:

• The file or folder Owner value is otto and otto has read, write, and execute permission on that file or folder

• The file or folder Group value is otto_staff and otto_staff has read and execute permission on that file or folder

• The file or folder Other value is otto_other and otto_other has no-read, no-write, and no-execute permission on that file or folder

Also, the file or folder has a Mask entry in the Access Control List Permissions scrolling list with the value rw (read, write).

If Carla also adds an optional ACL of type Default User (Default Group) for the Project1 folder, then any file or folder subsequently placed in Project1 will inherit an ACL of type User (Group).