CONCEPT
ACL - access controll list
Neues System zur Zugriffskontrolle
BESCHREIBUNG
Dies ist erst ein Entwurf der in Arbeit ist. Im wesentlichen
dient er nur als Gedaechtnisstueze und Ideensammler.
Moegliche Rechte:
l - lookup
list the files and subdirectories in the directory, stat the
directory itself, and examine the directory's ACL
r - read
read the contents of files in the directory; issue the ls -l
command to stat the elements in the directory
w - write
modify the contents of files in the directory
i - insert
add files or subdirectories to the directory by copying, moving
or creating
d - delete
remove files and subdirectories from the directory or move them
to other directories
a - administer
change the entries on the ACL
LPC-Objekt orientierte Rechte:
C - clone
generate clone - includes L
L - load
generate blueprint
R - remove
destruct clone
D - destruct
destruct blueprint
all (rlidwa)
none
read (rl)
write (rlidw)
AFS does not implement per-file ACLs, so for a file the command
displays the ACL on its directory.
An ACL can contain up to about 20 entries for users, groups, or both.
The owner of a directory and system administrators can always
administer an ACL. Users automatically own their home directories and
subdirectories.
Groups: http://www.desy.de/unix/afs/afs_unix_doc/en_US/html/
UserGd/auusg008.htm#HDRWQ60
When you create a subdirectory, it inherits the current ACL of its
parent directory. You can then set the subdirectory's ACL to be
different from its parent's.
However, do not make the ACL on the parent directory more restrictive
than on a subdirectory, because that can prevent users from accessing
the subdirectory even when they have the necessary permissions on its
ACL. Specifically, a user must have the l (lookup) permission
(defined in The AFS ACL Permissions) on the parent directory to reach
its subdirectories.
|
