PROTECTION/RIGHTS -- Access Rights to Objects 83/08/05
The following are the basic kinds of operations that can be performed on
objects, and the rights which allow them when present in an ACL entry.
for all objects:
p protect rights; allows rights to be changed
g grant rights; allows creation of new entries
with a subset of creator's rights
n change node list rights; allows CD, CN commands
for files:
d delete rights; allows file to be deleted
w write rights; allows file to be written
r read rights; allows file to be read
x execute rights
for directories:
d delete rights; allows directory to be deleted
c change rights; allows names to be changed,
and links to be deleted
a append rights; allows names to be added to directory
l link rights; allows links to be added to directory
r read rights; allows directory to be listed
The following abbreviations exist for sets of rights:
-OWNER gives all rights.
for files, it means: pgndwrx
for directories: pgndcalr
-USER gives all rights except ability to change ACL.
for files, it means: dwrx
for directories: dcalr
-READ for files, allows reading; can't change ACL.
precisely, it means: r
-EXEC for files, allows reading, execution; can't change ACL.
precisely, it means: rx
-LDIR for directories, allows listing; can't change ACL.
precisely, it means: r
-ADIR for directories, allows adding names and links,
and listing; can't change ACL.
precislely, it means: alr
-NONE gives no rights, for files or directories.
Used to explicitly deny rights to specific
SIDs that would otherwise be granted righs
because they are members of a project or
organization.
RELATED TOPICS
More information is available. Type:
- HELP ACLS
for more information on commands which manipulate access control lists
(ACLs).
- HELP PROTECTION
for more information on protection in general.
- HELP PROTECTION ACLS
for detailed information on ACLs.