Short cheat-sheet for Multics ACLs

David Collier-Brown davecb at
Tue Feb 15 18:28:09 GMT 2000

Commands are 
	set_acl	 -- sets acls on existing files or directories
	set_iacl_dir -- sets initial acls for subdirs to be created
	set_iacl_seg -- sets initial acls for files to be created
Permissions are
		r	-- read
		e	-- execute 
		w	-- write
		s	-- status, like Unix read
		m	-- modify, like write
		a	-- append
		Note that there is no equivalent to Unix's
		"execute" meaning "traversal allowed"
Users are
		user 	-- same as unix
		group	-- similar, but non-identical
		tag	-- e.g., foreground or background

Individuals have base groups (I was in .TSDC) and project
groups (.SDE). By setting group to .SDE I could therefor
work on the SDE project. These were usually written DRBrown.TSDC
with the tags left off.  If a permission mentioned
just DRBrown, the system assumed you meant DRBrown.*.*

Anything which can be a memory segment (ie, a file) can
have ACLS, and there are extended acls, which allowed a
developer to re-use the basic data structures and code to
implement special features.  ACLs on files which controlled
physical devices, like tapes, were an example.

The data is stored in what amounts to a table, and which
is traversed in a predictable order before granting access 
to an individual and/or group.

Independent of this, there are two other kinds of protection:
Ring brackets, which separates
	a) privileged code which implement this scheme 
	b) privileged code which doesn't care (;-)), and
	c) untrusted code which just uses it
and Mandatory Access Control, which amounts to a single,
higher level acl- or perm-like structure which blocks
any access to files and directories, and which cannot
just be set to "rwx" by the user.

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at

More information about the samba-technical mailing list