acl_entries is a comma separated list of entries. Each entry has colon separated fields: ACL type, id (uid or gid), permission. Only directories can have default ACL entries.
The entries look like:
user::perm user:uid:perm group::perm group:gid:perm mask:perm other:perm default:user::perm default:user:uid:perm default:group::perm default:group:gid:perm default:mask:perm default:other:perm
The ACL type can be abbreviated to the first letter. The first "user" entry gives the permissions granted to the owner of the file. The following "user" entries show the permissions granted to specific users, they are sorted in ascending order of uid. The first "group" entry gives the permissions granted to the group owner of the file. The following "group" entries show the permissions granted to specific groups, they are sorted in ascending order of gid. The "mask" entry is the maximum permission granted to specific users or groups. It does not affect the "owner" and "other" permissions. The "mask" entry must be present if there are specific "user" or "group" entries. "default" entries associated with a directory are inherited as access ACL by the files or sub-directories created in that directory. The umask is not used. Sub-directories also inherit the default ACL as default ACL. As soon as there is one default ACL entry, the 3 default ACL base entries (default user, default group, default other) must be present.
The entry processing conforms to the Posix 1003.1e draft standard 17.
The effective user ID of the process must match the owner of the file or the caller must have ADMIN privilege in the Cupv database.
dpns-mkdir /dpm/dteam/test/file.log/d6and add write permission for user bcouturi:
dpns-setacl -m u:bcouturi:rwx,m:rwx /dpm/dteam/test/file.log/d6Let's create a directory:
dpns-mkdir /dpm/dteam/test/file.log/d7and add default ACLs to it:
dpns-setacl -m d:u::7,d:g::7,d:o:5 /dpm/dteam/test/file.log/d7Let's check the resulting ACLs:
dpns-getacl /dpm/dteam/test/file.log/d7 # file: /dpm/dteam/test/file.log/d7 # owner: baud # group: c3 user::rwx group::r-x #effective:r-x other::r-x default:user::rwx default:group::rwx default:other::r-x
Let's create a sub-directory and check the resulting ACLs:
dpns-mkdir /dpm/dteam/test/file.log/d7/d2 dpns-getacl /dpm/dteam/test/file.log/d7/d2 # file: /dpm/dteam/test/file.log/d7/d2 # owner: baud # group: c3 user::rwx group::rwx #effective:rwx other::r-x default:user::rwx default:group::rwx default:other::r-x
Let's create a file in the same directory and check the resulting ACLs:
dpns-touch /dpm/dteam/test/file.log/d7/f2 dpns-getacl /dpm/dteam/test/file.log/d7/f2 # file: /dpm/dteam/test/file.log/d7/f2 # owner: baud # group: c3 user::rw- group::rw- #effective:rw- other::r--