NFS ACL Support

Access control list (ACL) provides a mechanism to set file access permissions instead of using the standard UNIX file permissions. NFS ACL support provides a method of changing and viewing ACL entries from an Oracle Solaris NFS client to an Oracle Solaris NFS server.

The NFS Version 2 and Version 3 implementations support the old POSIX-draft style ACLs. POSIX-draft ACLs are natively supported by UFS. For more information about POSIX-draft ACLs, see Using Access Control Lists to Protect UFS Files in Securing Files and Verifying File Integrity in Oracle Solaris 11.4.

The NFS Version 4 protocol supports NFS Version 4 style ACLs. NFS Version 4 ACLs are natively supported by Oracle Solaris ZFS. You must use ZFS as the underlying file system on the NFS Version 4 server for full featured NFS Version 4 ACL functionality. NFS Version 4 ACLs have a rich set of inheritance properties, as well as a set of permission bits beyond the standard read, write, and execute. For more information about using ACLs to protect ZFS files, see Setting ACLs on ZFS Files in Securing Files and Verifying File Integrity in Oracle Solaris 11.4. For more information about support for ACLs in NFS Version 4, see ACLs and nfsmapid in NFS Version 4.

Administrators with appropriate privileges can set ACL entries to audit access attempts to specific files. For more information about auditing events related to specific files, see New Feature – Per-Object Logging of Audit Events in Managing Auditing in Oracle Solaris 11.4. For information about how to specify files that must be audited, see Specifying Files or Directories to Be Audited in Managing Auditing in Oracle Solaris 11.4.