Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ rights — Apollo

Media Vault

Software Library

Restoration Projects

Artifacts Sought

PROTECTION/RIGHTS -- Access Rights to Objects      83/08/05


  The following are the basic kinds of operations that can be performed on
  objects, and the rights which allow them when present in an ACL entry.

      for all objects:
         p        protect rights; allows rights to be changed
         g        grant rights; allows creation of new entries
                  with a subset of creator's rights
         n        change node list rights; allows CD, CN commands

      for files:
         d        delete rights; allows file to be deleted
         w        write rights; allows file to be written
         r        read rights; allows file to be read
         x        execute rights

      for directories:
         d        delete rights; allows directory to be deleted
         c        change rights; allows names to be changed,
                  and links to be deleted
         a        append rights; allows names to be added to directory
         l        link rights; allows links to be added to directory
         r        read rights; allows directory to be listed

      The following abbreviations exist for sets of rights:

      -OWNER      gives all rights.
                  for files, it means:    pgndwrx
                  for directories:        pgndcalr

      -USER       gives all rights except ability to change ACL.
                  for files, it means:    dwrx
                  for directories:        dcalr

      -READ       for files, allows reading; can't change ACL.
                  precisely, it means:    r

      -EXEC       for files, allows reading, execution; can't change ACL.
                  precisely, it means:    rx

      -LDIR       for directories, allows listing; can't change ACL.
                  precisely, it means:    r

      -ADIR       for directories, allows adding names and links,
                  and listing; can't change ACL.
                  precislely, it means:   alr

      -NONE       gives no rights, for files or directories.
                  Used to explicitly deny rights to specific
                  SIDs that would otherwise be granted righs
                  because they are members of a project or
                  organization.


  More information is available.  Type:

   - HELP ACLS
     for more information on commands which manipulate ACLs

   - HELP PROTECTION
     for more information on protection in general.

   - HELP PROTECTION ACLS
     for detailed information on Access Control Lists

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026