Traditional UNIX file protection provides read, write, and execute permissions for the three user classes: file owner, file group, and other. In a UFS file system, an access control list (ACL) provides better file security by enabling you to do the following:
Define file permissions for the file owner, the group, other, specific users and groups
Define default permissions for each of the preceding categories
For example, if you want everyone in a group to be able to read a file, you can simply grant group read permissions on that file. However, if you want only one person in the group to be able to write to that file, you can use an ACL.
For more information about ACLs on UFS file systems, see System Administration Guide: Security Services for the Oracle Solaris 10 release.