AIXC access control list type
The AIXC (AIX® Classic) ACL type provides for the ACL behavior as defined on previous releases of AIX. This ACL type consists of the regular base mode bits and extended permissions (ACEs).
The chmod command in numeric mode (with octal notations) can set base permissions and attributes. The chmod subroutine, which the command calls, disables extended permissions. Extended permissions are disabled if you use the numeric mode of the chmod command on a file that has an ACL. The symbolic mode of the chmod command does not disable extended permissions when the ACL associated is of type AIXC. For more information on numeric and symbolic mode, refer to the chmod command. For information about the chmod command, see chmod.
- Base permissions
- AIXC ACL specific base permissions are the traditional file-access modes assigned to the file owner, file group, and other users. The access modes are read (
r), write (
w), and execute/search (
x).Note: AIXC ACL type Base Permissions will be same as the file mode bits stored in the file system object's inode headers. That is, the information in base mode bits is same as the value returned by file system when stat is performed on the file system object.In an access control list, base permissions are in the following format, with the Mode parameter expressed as
rwx(with a hyphen (-) replacing each unspecified permission):
base permissions: owner(name): Mode group(group): Mode others: Mode
- Three attributes can be added to an access control list:
- setuid (SUID)
- Set-user-ID mode bit. This attribute sets the effective and saved user IDs of the process to the owner ID of the file on execution.
- setgid (SGID)
- Set-group-ID mode bit. This attribute sets the effective and saved group IDs of the process to the group ID of the file on execution.
- savetext (SVTX)
- Saves the text in a text file format.
attributes: SUID, SGID, SVTX
- Extended permissions
AIXC ACL extended permissions allow the owner of a file to more precisely define access to that file. Extended permissions modify the base file permissions (owner, group, others) by permitting, denying, or specifying access modes for specific individuals, groups, or user and group combinations. Permissions are modified through the use of keywords.The permit, deny, and specify keywords are defined as follows:
- Grants the user or group the specified access to the file
- Restricts the user or group from using the specified access to the file
- Precisely defines the file access for the user or group
The enabled keyword must be specified in the ACL for the extended permissions to take effect. The default value is the disabled keyword.In an AIXC ACL, extended permissions are in the following format:
extended permissions: enabled | disabled permit Mode UserInfo...: deny Mode UserInfo...: specify Mode UserInfo...:Use a separate line for each permit, deny, or specify entry. The Mode parameter is expressed as
rwx(with a hyphen (-) replacing each unspecified permission). The UserInfo parameter is expressed as
g:GroupName, or a comma-separated combination of
g:GroupName.Note: If more than one user name is specified in an entry, that entry cannot be used in an access control decision because a process has only one user ID.