You assign ACDs using the ALTSEC command. In addition, files created in hierarchical directories and hierarchical directories themselves are automatically assigned ACDs.
Following is an example of an ACD that could be assigned to a text file:
NONE:JIM.DOE,@.ACCTING;R,W,X,L:@.PAYROLL;R:@.@
|
The ACD pairs in this example set up the following access controls on the text file:
Deny JIM.DOE and all users in the ACCTING account access to the file.
Allow read, write, execute, and lock access to users in the PAYROLL account.
Allow read access to everyone else.
Notice that in cases of contradictions, the most specific ACD pair is assigned. So even though all users are assigned read access (R:@.@), JIM.DOE cannot access the file because he is specifically assigned no access (NONE:JIM.DOE).
If the ACD in the above example had a $GROUP_MASK entry (for example, rx:$GROUP_MASK), then the users in the PAYROLL account would only have read and execute access. The entire ACD would read as follows:
NONE:JIM.DOE,@.ACCTING;R,W,X,L:@.PAYROLL;R:@.@;rx:$GROUP_MASK
|
An example of an ACD for an HFS directory (dir1) follows:
CD,DD,RD,TD,RACD:@.ACCT;TD:@.@
|
The ACD pairs in this example set up the following access controls on dir1:
Allow all users in the ACCT account the ability to create, delete, and read directory entries in dir1, to traverse dir1, and to read the ACDs
Allow everyone else the ability to traverse dir1 only.