Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
Software Distributor Administration Guide: HP-UX 11i v1, 11i v2, and 11i v3 > Chapter 9 SD-UX Security

How ACLs are Matched to the User

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

ACL permissions are determined by a match to a single ACL entry, not to an accumulation of matching entries. Checking is done from the most restrictive entry types to the broadest.

If a match is found in a user entry type, no further checking is done, and the permissions for that user are fully defined by the permissions field of the matched entry. A matched user may be a member of a group with broader permissions; this has no consequence.

NOTE: The local superuser has access to all local SD-UX objects irrespective of ACLs.

The ACL matching algorithm is:

  1. If user is local superuser, then grant all permissions.

  2. If user is owner of the object, then grant object_owner permissions.

  3. If user matches a user entry, then grant user permissions.

  4. If any group entries match, then accumulate the permissions granted by all group entries that match the user’s primary and supplementary groups.

  5. If an appropriate other entry matches, then grant other permissions.

  6. If an any_other entry, then grant any_other permissions.

  7. Grant no permissions.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997, 2000-2003, 2006, 2007, 2008 Hewlett-Packard Development Company, L.P.