|
|
The first entry in a minimal ACL indicates the permissions that the owner of the file gets, and maps directly to the owner permission bits. Because it applies to the owner of the file, no indication of the user's name is needed. An ACL entry that grants read and write access to the file's owner would look like this:
user::rw-The second and third entries in a minimal ACL specify the permission granted to members of the file's owning group; the permissions specified in these entries are exactly equal. For example, ACL entries granting read-only access to the file's owning group would look like this:
group::r-- class::r--The fourth and last entry in a minimal ACL is a catch-all entry that specifies the permissions for anyone who isn't granted or denied permission by any other entry. An other entry that denies access to all users not the owner of the file nor in the file's owning group would look like this:
other:---The minimal ACL described above would look like this in its entirety:
user::rw- group::r-- class::r-- other:---The permission bits displayed by ls -l for this file would look like this:
rw-r-----In the case of a minimal ACL, there is a clear correspondence between the ACL entries and the permission bits.
The next section describes how additional ACL entries affect file access and the interpretation of the permission bits.