Managing ACLs
Rules: You need to be aware of the following rules when
managing ACLs for files or directories.
- You must either be the file owner or have superuser authority (UID=0 or READ access to SUPERUSER.FILESYS.CHANGEPERMS in the UNIXPRIV class).
- You must activate the FSSEC class before ACLs can be used in access
decisions.Example: The following RACF® command activates the FSSEC class:
You can define ACLs prior to activating the FSSEC class. If you define default ACLs, they can be inherited by new objects when the FSSEC class is inactive. If the FSSEC class is not active, the standard POSIX permission bit checks are done, even if an access ACL exists. You can still display ACL information.SETROPTS CLASSACT(FSSEC)
If files are deleted, ACLs are automatically deleted.