|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Security Services Oracle Solaris 11 Express 11/10|
Traditional UNIX file protection provides read, write, and execute permissions for the three user classes: file owner, file group, and other. In a UFS file system, an access control list (ACL) provides better file security by enabling you to do the following:
Define file permissions for the file owner, the group, other, specific users and groups
Define default permissions for each of the preceding categories
Note - For ACLs in the ZFS file system and ACLs on NFSv4 files, see Chapter 8, Using ACLs to Protect Oracle Solaris ZFS Files, in Oracle Solaris ZFS Administration Guide.
For example, if you want everyone in a group to be able to read a file, you can simply grant group read permissions on that file. Now, assume that you want only one person in the group to be able to write to that file. Standard UNIX does not provide that level of file security. However, an ACL provides this level of file security.
On a UFS file system, ACL entries are set on a file through the setfacl command. UFS ACL entries consist of the following fields separated by colons:
Is the type of ACL entry on which to set file permissions. For example, entry-type can be user (the owner of a file) or mask (the ACL mask).
Is the user name or user ID (UID).
Is the group name or group ID (GID).
Represents the permissions that are set on entry-type. perms can be indicated by the symbolic characters rwx or an octal number. These are the same numbers that are used with the chmod command.
In the following example, an ACL entry sets read and write permissions for the user stacey.
Caution - UFS file system attributes such as ACLs are supported in UFS file systems only. Thus, if you restore or copy files with ACL entries into the /tmp directory, which is usually mounted as a TMPFS file system, the ACL entries will be lost. Use the /var/tmp directory for temporary storage of UFS files.
For more information about ACLS on UFS file systems, see System Administration Guide: Security Services for the Oracle Solaris 10 release.