DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Understanding file protection

Discretionary access control (DAC): access control lists

Access Control Lists (ACLs) give you a more precise way to control access to files. The ACL contains one-line entries naming specific users and groups and indicating what access is granted to each. The presence of an ACL also changes the meaning of the "group" permission bits displayed using the ls-l command.

There are always at least four entries in an ACL, a user entry, a group entry, a class entry, and an other entry. When an ACL contains only four entries, the permissions it grants are exactly the same as the permissions represented by the permission bits.

While having such an ACL (we will call it a minimal ACL) provides no greater functionality than the permission bits alone, we will start by describing a minimal ACL, and augment it with additional entries to show how the mechanism works.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004