Lion Server Access Control Lists

For any share point in Lion Server, you can also create an access control list (ACL) to define permissions. An ACL is a list of users and groups that have access to a share point and the permissions and inheritance settings that they have. Each entry in the list is an access control entity (ACE). An ACE is a user or group and the associated permissions and inheritance settings.

Here’s a simple ACL with two ACEs you might set for a share point:

Permission Applies To
User: ronmckernan Read/write This folder
Group: students Read This folder

This ACL is similar to a set of POSIX permissions for a folder. There’s one user and one group with read/write permissions. Applies to This Folder means no inheritance, as with POSIX permissions.

A limitation of POSIX permissions is that you can assign only one group and one user (the owner) access to a shared folder. With an ACL, you can continue to add ACEs to the list. Here, a teachers group is added with read/write privileges and a second user with write-only access:

Permission Applies To
User: ronmckernan Read/write This folder
User: Tim Constanten Write This folder
Group: teachers Read/write This folder
Group: students Read This folder

Further deviating from POSIX permissions, you can refine the ACL by setting more specific permissions, in addition to read and write and adding inheritance. Here, that is done for the first user:

Permission Applies To
User: ronmckernan Read/create files/create folders/write extended attributes This folder/child folders/child files/all descendents
User: Tim Constanten Write This folder
Group: teachers Read/write This folder
Group: students Read This folder
blog comments powered by Disqus
Advertisement

Inside Dummies.com

Dummies.com Sweepstakes

Win $500. Easy.