DefaultACLs

DefaultACLs (default access control lists) are predefined or inheritable permission entries that determine the initial access rights assigned to new files, directories, or other securable objects. They supplement or replace traditional permission models (such as Unix owner/group/other bits) by allowing more granular and flexible assignment of read, write, execute, and special permissions to specific users or groups.

In many systems, directories can carry default ACL entries that automatically propagate to newly created child

Administrators manage DefaultACLs using platform tools: setfacl/getfacl on POSIX-like systems, icacls or the security API on

Security considerations include careful use of inheritance to avoid unintentionally exposing sensitive data, auditing of default