ACL Inheritance

ACL inheritance means that a newly created file or directory can inherit the ACLs that they are intended to inherit without disregarding the existing permission bits on the parent directory.

By default, ACLs are not propagated. If you set a non-trivial ACL on a directory, it is not inherited to any subsequent directory. You must specify the inheritance of an ACL on a file or directory.

The following table describes the optional inheritance flags.

Table 2-4 ACL Inheritance Flags

Inheritance Flag	Compact Inheritance Flag	Description
`file_inherit`	`f`	Only inherit the ACL from the parent directory to the directory's files.
`dir_inherit`	`d`	Only inherit the ACL from the parent directory to the directory's subdirectories.
`inherit_only`	`i`	Inherit the ACL from the parent directory. Applies only to newly created files or subdirectories and not the directory itself. This flag requires the `file_inherit` flag, the `dir_inherit` flag, or both, to indicate what to inherit.
`no_propagate`	`n`	Only inherit the ACL from the parent directory to the first-level contents of the directory, not the second-level or subsequent contents. This flag requires the `file_inherit` flag, the `dir_inherit` flag, or both, to indicate what to inherit.
`-`	N/A	No permission granted.
`successful_access`	`S`	Indicates whether an alarm or audit record should be initiated upon a successful access. This flag is used with audit or alarm ACE types.
`failed_access`	`F`	Indicates whether an alarm or audit record should be initiated when an access fails. This flag is used with audit or alarm ACE types.
`inherited`	`I`	Indicates that an ACE was inherited.

In addition, you can set a default ACL inheritance policy on the file system that is more strict or less strict by using the aclinherit file system property. For more information about this property, see ACL Properties.

For more information about setting ACL inheritance on ZFS files, see Setting ACL Inheritance on ZFS Files.