Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > Anatomy of a cross-platform file permission
On a PowerScale cluster, each ACE in a file permission is presented as a single line prefaced by an index number, which starts at 0, and is followed by these parts:
The identity can be one of three types: user (listed as “user:”), group (listed as “group:”), or the special identity, everyone. For directories, it can also be one of two special template identities: creator_owner or creator_group. When present in the ACL of a containing directory, these template identities are replaced in the ACL of a newly created file system object with the specific user and group of the respective creator.
An ACE can optionally contain flags that specify whether it is inherited by subdirectories and files. Inheritance takes place when files and subdirectories are created; modifying an inherited rule affects only new files and subdirectories, not existing ones. The following flags specify the types of inheritance for permissions in the ACE:
The following file permission shows some of these components. The listing was obtained by running the ls command with an option (le) that PowerScale added to show the ACL. The option is available only on the PowerScale cluster, not on a UNIX client that has mounted an export. See the OneFS man page for the ls command. The plus sign that follows the POSIX mode bits indicates that the file contains an actual ACL, not a synthetic ACL.
ls -le bar.txt
-rw-r--r-- + 1 root wheel 0 Apr 22 17:23 bar.txt
OWNER: user:root
GROUP: group:wheel
0: group:Administrators allow
std_read_dac,std_synchronize,file_read_ext_attr,file_read_attr
1: user:root allow file_gen_read,file_gen_write,std_write_dac
2: group:wheel allow file_gen_read
3: everyone allow file_gen_read