Last modified 12 years ago Last modified on 08/11/09 16:59:33


ACE flags

The ACEFlags is a bit mask which includes the following fields:

ACEFlags entriesValueDescriptionAbbreviation
FILE_INHERIT0x00000001Can be placed on a directory and indicates that this ACE should be added to each new non-directory file created. f
DIRECTORY_INHERIT0x00000002Can be placed on a directory and indicates that this ACE should be added to each new directory created. d
INHERIT_ONLY0x00000008Can be placed on a directory but does not apply to the directory; ALLOW and DENY ACEs with this bit set do not affect access to the directory. Such ACEs only take effect once they are applied (with this bit cleared) to newly created files and directories as specified by the above two flags. o

Access Mask

The following access permissions are foreseen:

Access Mask entriesValueDescriptionAbbreviation
READ_DATA 0x00000001Permission to read the data of a filer
LIST_DIRECTORY 0x00000001 Permission to list the contents of a directory. l
WRITE_DATA 0x00000002 Permission to modify a file’s data anywhere in the file’s offset range. This includes the ability to write to any arbitrary offset and as a result to grow the file.w
ADD_FILE 0x00000002 Permission to add a new file in a directory. f
APPEND_DATA 0x00000004 The ability to modify a file’s data, but only starting at EOF. a
ADD_SUBDIRECTORY 0x00000004 Permission to create a subdirectory in a directory. s
READ_NAMED_ATTRS 0x00000008 Permission to read the named attributes of a file or to lookup the named attributes directory. n
WRITE_NAMED_ATTRS 0x00000010 Permission to write the named attributes of a file or to create a named attribute directory. N
EXECUTE 0x00000020 Permission to execute a file or traverse/search a directory. x
DELETE_CHILD 0x00000040 Permission to delete a file or directory within a directory. D
READ_ATTRIBUTES 0x00000080 The ability to read basic attributes (non-ACLs) of a file. t
WRITE_ATTRIBUTES 0x00000100 Permission to change the times associated with a file or directory to an arbitrary value. T
DELETE 0x00010000 Permission to delete the file or directory. d
READ_ACL 0x00020000 Permission to read the ACL. c
WRITE_ACL 0x00040000 Permission to write the acl and mode attributes. C
WRITE_OWNER 0x00080000 Permission to write the owner and owner group attributes. o


The enumeration Who allows to identify different kind of subjects:

USER0x00000000The user identified by the virtual user ID.USER
GROUP0x00000001The group identified by the virtual group ID.GROUP
OWNER0x00000002The user who owns the resource.OWNER@
OWNER_GROUP0x00000003The group that owns the resource.GROUP@
EVERYONE0x00000004The world, including the owner and owning group.EVERYONE@
ANONYMOUS0x00000005Accessed without any authentication.ANONYMOUS@
AUTHENTICATED0x00000006Any authenticated user (opposite of ANONYMOUS).AUTHENTICATED@

Back to Start Page ACLs with Chimera in dCache.
Back to Start Page ACLs with PNFS in dCache.