VAST Cluster supports the NFSv4 Access Control List (ACL) permissions system to restrict access to a file or directory by a user or a group. NFSv4 ACLs are defined by a published standard for this version of the Network File System.
The ACL attribute has an array of Access Control Entries (ACEs) that are associated with a file system object. The server uses ACEs in the ACL to perform access control. NFSv4 access options are more specific than the typical read, write and execute permissions in other systems.
ACE options include the following:
The ACE type "A" denotes "Allow" to give the user or the group access to actions on this file system object that require permissions. Any action that is not explicitly given permission is denied permission by default.
The ACE "d" is an inheritance flag so that any new subdirectories will automatically have the same ACL set as the current directory.
The ACE principal can be a named user, a special principal (such as 'owner' or 'everyone'), or a group.
The ACE permissions are denoted by combinations of thirteen letters. The aliases 'R', 'W', and 'X' can also be used as permissions in place of appropriate ACE letter combinations.
ACL attributes can be set, modified and viewed.
In this example, the ACE principal is given an inheritance flag and a list of permissions.