z/OS UNIX System Services Planning
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


ACLs and ACL entries

z/OS UNIX System Services Planning
GA32-0884-00

There are three kinds of ACLs:
  • Access ACLs are ACLs that are used to provide protection for a file system object.
  • File default ACLs are default ACLs that are inherited by files created within the parent directory. The file inherits the default ACL as its access ACL. Directories also inherit the file default ACL as their file default ACL.
  • Directory default ACLs are default ACLs that are inherited by subdirectories created within the parent directory. The directory inherits the default ACL as its directory default ACL and as its access ACL.

Inheritance is the act of automatically associating an ACL with a newly created object. Administrative action is not needed. See Working with default ACLs for more information.

There are two kinds of ACL entries:
  • Base ACL entries are the same as permission bits (owner, group, other). You can change the permissions using chmod or setfacl. They are not physically part of the ACL although you can use setfacl to change them and getfacl to display them.
  • Extended ACL entries are ACL entries for individual users or groups; like the permission bits, they are stored with the file, not in RACF® profiles. Each ACL type (access, file default, directory default) can contain up to 1024 extended ACL entries. Each extended ACL entry specifies a qualifier to indicate whether the entry pertains to a user or a group, the actual UID or GID itself, and the permissions being granted or denied by this entry. The allowable permissions are read, write, and execute. As with other UNIX commands, setfacl allows the use of either names or numbers when referring to users and groups.
Parent topic: Using access control lists (ACLs)

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014