Difference between revisions of "Creator ACE"
(Created page with "A '''creator ACE''' adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following c...") |
|||
Line 1: | Line 1: | ||
− | A '''creator ACE''' adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist: | + | A '''creator ACE''' in an [[ACE|Access Control Entry]] that adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist: |
* The file being created is not owned by the user identification code (UIC) of the process creating the file. | * The file being created is not owned by the user identification code (UIC) of the process creating the file. |
Revision as of 05:32, 23 August 2018
A creator ACE in an Access Control Entry that adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist:
- The file being created is not owned by the user identification code (UIC) of the process creating the file.
- The process creating the file does not have system privileges.
For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.
The Creator ACE applies to directory files only.
Format
(CREATOR [,OPTIONS=attribute[+attribute...]],ACCESS=access-type[+access-type...])
options
Specify any of the following options:
Protected | Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE. By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs. The following commands do not delete protected ACEs: SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT |
Nopropagate | Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. |
None | Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. |
access
Specify access types that are valid for files:
- READ
- WRITE
- EXECUTE
- DELETE
- CONTROL