|
|
The getacl command reports the entries in the ACL. As indicated, each ACL has at least four entries, one each corresponding to the file mode permissions for owner, group, class, and other.
File permission bits for user and group are translated into special cases of these entries:
junk
owned by
user_1
in
group_1
whose permission mode bits are
-rw-r--r--:
If
user_2
and
user_3
and
group_2
are added to the ACL by using the
setacl
command,
getacl
would produce the following output:
$ getacl junk
# file: junk
# owner: user_1
# group: group_1
user::rw-
user:user_2:r--
user:user_3:r--
group::r--
group:group_2:r--
class:r--
other:r--
The mode bits on the ACL class entry are significant. The class entry mode bits are determined by the group mode bits for the file. Therefore, the group entry for the owning group and the class entry in the basic ACL are identical. When only a basic ACL exists for the file, you can think of the group and class bits as being the same. Once additional users and groups are added to the ACL, the owning group bits take on a separate identity from the class bits. If the chmod command is invoked to modify DAC permission bits when additional ACL entries exist, it effectively modifies the owner, class, and other mode bits. Please note that in the case of the DAC group permission bits, it is the class bits that are modified and not the owning group bits in the ACL entry. The only way to change ACL entries (except for the ones representing owner and other) is by using the setacl command.