O'Reilly logo

OS X Mountain Lion Server For Dummies by John Rizzo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Working with Access Control Lists

For more advanced, more flexible permissions, you can create an access control list (ACL). Windows clients and servers also use ACLs, which can give you compatibility in mixed-platform networks.

An ACL is a list of users and groups that have access to a share point and its permissions and inheritance settings. Each entry in the list is an access control entity (ACE), which consists of a user or group and its associated permissions and inheritance settings.

Here’s a simple ACL with two ACEs you might set for a share point:

Permission

Applies To

User: ronmckernan

Read/write

This folder

Group: students

Read

This folder

Look familiar? That’s because this ACL reproduces the standard POSIX permissions for a folder. One user (like the owner) has read/write permissions, and one group has read permissions. “Applies to this Folder” means no inheritance, as with POSIX permissions.

A limitation of POSIX permissions is that you can assign only one group and one user (the owner) access to a shared folder. With an ACL, however, you can continue to add users and groups to the list. In the following, I added a teachers group with read/write privileges and a second user with write-only access:

Permission

Applies To

User: ronmckernan

Read/write

This folder

User: Tim Constanten

Write

This folder

Group: teachers

Read/write

This folder

Group: students

Read

This folder

Further deviating from POSIX ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required