1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Using ACLs and Attributes to Protect Oracle Solaris ZFS Files
  3. Oracle Solaris ACL Model
  4. ACL Formats

ACL Formats

ACLs have two basic formats:

  • Trivial ACL – Contains only entries for traditional UNIX user categories that are represented as owner@, group@, and everyone@.

    For a newly created file, the default ACL has the following entries:

    0:owner@:read_data/write_data/append_data/read_xattr/write_xattr
/read_attributes/write_attributes/read_acl/write_acl/write_owner
/synchronize:allow
1:group@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow
2:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
:allow

    For a newly created directory, the default ACL has the following entries:

    0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/read_xattr/write_xattr/execute/delete_child
/read_attributes/write_attributes/read_acl/write_acl/write_owner
/synchronize:allow
1:group@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow
2:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow

  • Non-Trivial ACL – Contains entries for added user categories. The entries might also include inheritance flags, or are ordered in a non-traditional way.

    A non-trivial entry might look like the following example, where permissions are specifically granted to user Jan.

    0:user:jan:read_data/write_data:file_inherit:allow