ID Number: Q61859
2.00
OS/2
Summary:
The following questions and answers describe the use of access control
lists (ACLs) in OS/2 LAN Manager version 2.0.
More Information:
1. Are ACLs part of the standard OS/2 or do you need a special LAN
Manager version or Windows/386 version?
ACLs are not directly implemented by OS/2, they are a feature of
LAN Manager. For FAT or standard OS/2 HPFS partitions, the ACLs are
kept in a private LAN Manager database (the NET.ACC file). However,
with the LAN Manager 2.0 version of HPFS (HPFS386), the ACLs are
integrated into the file system and stored in a manner similar to
other file-related information (such as extended attributes, disk
space allocations).
2. Can both files and directories have an ACL?
Yes. ACLs protect objects, such as files or directories (both are
considered unique objects).
3. Can a file or directory have both an ACL and an extended attribute
(EA)?
Yes. ACLs have no relationship to EAs.
4. What is the format of an ACL? How large can it be?
The structure of an ACL is proprietary and Microsoft currently does
not publish this information.
A single ACL is not very large. However, the total amount of space
occupied by ACLs for a file or directory will vary with the number
of different permissions set against the object.
5. How are ACLs manipulated (that is, how can you get information out
of them or put information into them)?
Currently, the only programmatic access to ACLs is via the OS/2 LAN
Manager NetAccessxxxx API calls.
6. Is ACL information documented anywhere?
No; again, the structure is proprietary.
7. I need to access both FAT and HPFS files with various versions of
OS/2. Which versions of OS/2 support which features (that is, ACLs
and/or EAs)?
The following table summarizes the differences and similarities:
Enhanced
Product EAs ACLs Dates
------- --- ---- --------
OS/2 1.1 no no no
OS/2 1.2 (and later) FAT yes no* no
OS/2 1.2 (and later) HPFS yes no* yes
LM 2.0 HPFS386 yes yes yes
* ACL support for FAT and standard HPFS is provided by LAN Manager;
however, the ACLs are not integrated into the file system.
"No" means the capability does not exist, and "yes" means that the
capability does exist in that particular file system.
Additional reference words: 2.00 1.10 1.20