The two specific checks verify that
the file doesn??™t have an ACL that isn??™t in canonical form and that the ACL lengths are consistent
with ACE counts. The ICACLs utility preserves the canonical order of the ACEs within an ACL.
It follows this form:
? Explicit denials
? Explicit grants
? Inherited denials
? Inherited grants
/Reset Replaces any custom file ACLs with the default inherited ACL. This action resets the
file??™s security to a known state of accessibility.
/Grant[:r] SID:Permission Grants the specified user the rights defined by the combination
of an SID and associated permission. When you include the :r argument, the granted rights
replace those the user currently holds. Otherwise, the new rights are in addition to those that the
user already possesses. The Permission variable is actually a mask that you can specify in one
of two forms: simple and specific. You can??™t mix the types in a single use of the utility. Here??™s the
list of simple rights that you can assign.
? F (full access)
? M (modify access)
? RX (read and execute access)
? R (read-only access)
? W (write-only access)
410 CHAPTER 15 MANAGING FILES AND DIRECTORIES
Here??™s a list of the specific rights that you can assign.
Pages:
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975