Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ACLS

PROTECTION

PROTECTION ACLS

PROTECTION/RIGHTS -- Access Rights to Objects      85/03/19


  The following are the basic kinds of operations that can be performed on
  objects, and the rights which allow them when present in an ACL entry.

      for all objects:
         p        protect rights; allows rights to be changed
         g        grant rights; allows creation of new entries
                  with a subset of creator's rights
         n        change node list rights; allows CD, CN commands

      for files:
         d        delete rights; allows file to be deleted
         w        write rights; allows file to be written
         r        read rights; allows file to be read
         x        execute rights

      for directories:
         d        delete rights; allows directory to be deleted
         c        change rights; allows names to be changed,
                  and links to be deleted
         a        append rights; allows names to be added to directory
         l        link rights; allows links to be added to directory
         r        read rights; allows directory to be listed
         s        search rights; allows directory to be searched for
                  subordinate objects (for DOMAIN/IX)
         e        expunge rights; allows subordinate objects to be
                  deleted provided delete rights are also available
                  for the subordinate object (for DOMAIN/IX)

      The following abbreviations exist for sets of rights:
      (Note that search and expunge rights are always set.)

      -OWNER      gives all rights.
                  for files, it means:    pgndwrx
                  for directories:        pgndcalrse

      -USER       gives all rights except ability to change ACL.
                  for files, it means:    dwrx
                  for directories:        dcalrse

      -READ       for files, allows reading; can't change ACL.
                  precisely, it means:    r

      -EXEC       for files, allows reading, execution; can't change ACL.
                  precisely, it means:    rx

      -LDIR       for directories, allows listing; can't change ACL.
                  precisely, it means:    rse

      -ADIR       for directories, allows adding names and links,
                  and listing; can't change ACL.
                  precislely, it means:   alrse

      -NONE       gives no rights, for files or directories.
                  Used to explicitly deny rights to specific
                  SIDs that would otherwise be granted righs
                  because they are members of a project or
                  organization.
                  for directories it means: se (unless -UNIX was
                      specified when EDACL was invoked, in which
                      case all rights are revoked.)


RELATED TOPICS

  More information is available.  Type:

  - HELP ACLS
   for  more  information  on  commands  which  manipulate  access control lists
    (ACLs).

  - HELP PROTECTION
   for more information on protection in general.

  - HELP PROTECTION ACLS
   for detailed information on ACLs.

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026