ACL
Inheritance
The purpose of using ACL inheritance is so that a newly created
file or directory can inherit the ACLs they are intended to inherit, but without disregarding the
existing permission bits on the parent directory.
By default, ACLs are not propagated.
If you set a non-trivial ACL on a directory, it is not inherited to any subsequent directory. You
must specify the inheritance of an ACL on a file or
directory.
The optional inheritance flags are described in the following
table.
Note -
Currently, the successful_access, failed_access, and inherited flags apply only to the SMB server.
Table 7-4 ACL Inheritance Flags
|
|
|
|
file_inherit
|
f
|
Only inherit the ACL from the parent directory to the directory's files.
|
|
dir_inherit
|
d
|
Only inherit the ACL from the parent directory to the directory's subdirectories.
|
|
inherit_only
|
i
|
Inherit the ACL from the parent directory but applies only to newly created files or
subdirectories and not the directory itself. This flag requires the file_inherit
flag, the dir_inherit flag, or both, to indicate what to inherit.
|
|
no_propagate
|
n
|
Only inherit the ACL from the parent directory to the first-level contents of the directory,
not the second-level or subsequent contents. This flag requires the file_inherit
flag, the dir_inherit flag, or both, to indicate what to inherit.
|
|
-
|
N/A
|
No permission granted.
|
|
successful_access
|
S
|
Indicates whether an alarm or audit record should be initiated upon a successful access. This
flag is used with audit or alarm ACE types.
|
|
failed_access
|
F
|
Indicates whether an alarm or audit record should be initiated when an access fails. This flag
is used with audit or alarm ACE types.
|
|
inherited
|
I
|
Indicates that an ACE was inherited.
|
|
In addition, you can set a default ACL inheritance policy on the file system that is
more strict or less strict by using the aclinherit file system property. For more
information, see the next section.