The access control list (ACL) lets you grant individual permissions (referred to as ACL entries) to specific users and groups. For example, if you want to grant write permission to your manager, you can create an ACL entry granting him or her write permission.
There are two general categories of ACL entries: access ACL entries and default ACL entries. Access ACL entries define who has access to a specific file or directory. Default access entries define the permissions to be applied to newly created files or folders with a specified folder.
By definition, every access control list has a special entry called a mask (which cannot be deleted). The mask sets the maximum permissions allowed on a file or folder for all groups and any non-owner users. (The mask does not apply to users who fall into the "other" category for basic permissions.) A good use of a mask is to turn off write permission for everyone but yourself when you need to have sole write access to a file.
The ACL entry types are described in the table below.
Table 5-1 ACL Types and Application
Entry Type |
Applies to |
User Category |
---|---|---|
Files or folders |
All users except owner and other. |
|
Files or folders |
Specified user |
|
Files or folders |
Specified group |
|
Files created in selected folder |
Specified user |
|
Files created in selected folder |
Specified group |
|
Files created in selected folder |
Folder's owner |
|
Files created in selected folder |
Owner's group |
|
Files created in selected folder |
Users other than the owner and users in the owner's group |
|
Files created in selected folder |
All users except owner and other |
Whenever you create any default ACL entry, the following entries are required:
default owning user
default owning group
default other
default mask
The File Manager creates these default entries automatically, taking its best guess at their permission settings. If you do not want these default permission settings, you are free to change them.