NFS4 access control list type
JFS2 file system in AIX also supports NFS4 ACL type. This ACL implementation follows the ACL definition as specified in NFS4 version 4 protocol related RFC.
This ACL provides much finer granular control over the access rights and
also provides for features such as inheritance. NFS4 ACL consists of an array
of ACEs. Each ACE defines access rights for an identity. As defined in the
RFC, the main components of NFS4 ACE are as follows:
struct nfsace4 {
acetype4 type;
aceflag4 flag;
acemask4 access_mask;
utf8str_mixed who;
};- type
- Bit mask that defines the type of the ACE. Details such as whether this ACE allows access or denies access are defined here.
- flag
- Bit mask that describes the inheritance aspects of the ACE. Defines whether this ACE is applicable to the file system object, or its children, or both.
- access_mask
- Bit mask that defines various access rights possible. Rights defined include, read, write, execute, create, delete, create child, delete child, etc.
- who
- This null-terminated string defines the identity of the person to which this ACE will apply. Note that per RFC, the size of this string is unlimited, and a loose definition allows for defining domains within NFS version 4 networks to manage access control. Natively (most of the time) AIX does not interpret this string, and each ACE is associated with an AIX-understood identity (such as uid or gid). It is expected that the NFS version 4 file system will interpret these strings as necessary to convert them to OS-understood user or group IDs. AIX only understands some of the special who strings defined in the RFC.
Note: Any type of chmod command will erase the file's
ACL.