1 .fin
 2 .all
 3      All "segments" and "directories" on Multics contain lists that indicate
 4 who can use them.  These lists are called access control lists (or ACLs for
 5 short).  By adding and erasing users' names from the ACLs of your segments and
 6 directories, you can control who uses them.  This is an important feature of
 7 Multics' security system.
 8 
 9      On segments there are three types of access:
10 .fif
11 
12 r -- allows a user to read the segment
13 w -- allows a user to change or write in the segment
14 e -- allows a user to execute the segment if it is a program
15 
16      On directories there are also three types of access:
17 
18 s -- allows a user to see the attributes of segments in the directory
19 m -- allows a user to modify attributes of segments in the directory
20 a -- allows a user to create, copy, or move segments in the directory
21 .fin
22 
23      In order to use a segment, a user must have appropriate access to both
24 the segment and the directory it is contained in.
25 
26      The names on an ACL have three parts:  the user's name and project (e.g.,
27 Smith.Mktg) and a component called an instance tag, which is usually denoted
28 by an asterisk (e.g., Smith.Mktg.*).  The asterisk means that whatever
29 instance tag a user has will be given access.  An asterisk can also be used in
30 the name and project components; it means that any name or any project will be
31 given access.
32 
33      The "commands" you use to maintain ACLs are: list_acl, set_acl, and
34 delete_acl.  To try these out and to see what an ACL looks like, go to
35 "command level" by pressing function key F2.  Once there type the list_acl
36 command without arguments to see the ACL on your working directory.  To see
37 the ACL of a segment, supply the segment's name as the "pathname" "argument"
38 to list_acl.  Before experimenting with set_acl or delete_acl, use the help
39 command to see exactly how to invoke them.