HP Sentry User Manual
Page 58
Section 2 - 28
SENTRY User’s Guide
Fitzgerald & Long
ACLs Maintenance
Access Control Lists (ACLs) are an extension the standard UNIX file permissions. If you have attempted
to provide database protection through the use of UNIX file permissions you will have experienced the
limitation that each file may have only one owner and one owning group with all other users receiving what
is called the “other” category of access rights.
UNIX provides three “permissions” with regard to a file. These are permission to read, write and execute.
Read and write permissions are obvious but permission to execute applies to UNIX scripts and programs.
Additionally, permission to execute allows the use of a directory in a pathname. For example, if the user
wished to “cd” (change directories) to a path such as /data1/subdir/mydirectory. The user could not use
this pathname if he did not have “x” rights to subdir.
Access Control Lists augment the standard UNIX file permissions by allowing more than one “owner” and
more than one “owning group”. With ACLs you can create a list of users and a list of groups in addition to
the owner and the owning group (i.e. UID and GID) for each file and directory. Each user and each group
is assigned file permissions to allow or deny read, write and execute privileges. ACLs are unique to the file
for which they were created. There are not defaults (as there were with ACL implementation on the
Prime).
Sentry provides a data entry screen to allow you to create and modify ACLs. To access this data entry
screen, invoke the second selection from the Main Menu, “2. Database Maintenance Menu”. For the
Database Maintenance Menu select number four "4. File System”. Navigate to the desired file and use
“FD” (file detail) to display the existing permissions for that file.
ACL.MAINT ACL Maintenance 08/14/00
File Pathname
: /users/sentry/VOC
1. Owner
: 0 (fastcs,root)
2. Owning Group : 3 (sys)
3. Permissions
: rwx rwx ---
=============================================================
4. Additional Users
5. Rights
01) 900 (fred)
ALL
02) 111 (jeff)
ALL
=============================================================
6. Additional Groups
7. Rights
01) 20 (users)
ALL
Enter field number, "F"ile to save changes or "<ESC>" to exit :