Managing ACLs

Rules: You need to be aware of the following rules when managing ACLs for files or directories.
  • You must either be the file owner or have superuser authority (UID=0 or READ access to SUPERUSER.FILESYS.CHANGEPERMS in the UNIXPRIV class).
  • You must activate the FSSEC class before ACLs can be used in access decisions.
    Example: The following RACF® command activates the FSSEC class:
    SETROPTS CLASSACT(FSSEC)
    You can define ACLs prior to activating the FSSEC class. If you define default ACLs, they can be inherited by new objects when the FSSEC class is inactive. If the FSSEC class is not active, the standard POSIX permission bit checks are done, even if an access ACL exists. You can still display ACL information.

If files are deleted, ACLs are automatically deleted.

Parent topic: Using access control lists (ACLs)