.fin
.all
     All "segments" and "directories" on Multics contain lists that indicate
who can use them.  These lists are called access control lists (or ACLs for
short).  By adding and erasing users' names from the ACLs of your segments and
directories, you can control who uses them.  This is an important feature of
Multics' security system.

     On segments there are three types of access:
.fif

r -- allows a user to read the segment
w -- allows a user to change or write in the segment
e -- allows a user to execute the segment if it is a program

     On directories there are also three types of access:

s -- allows a user to see the attributes of segments in the directory
m -- allows a user to modify attributes of segments in the directory
a -- allows a user to create, copy, or move segments in the directory
.fin

     In order to use a segment, a user must have appropriate access to both
the segment and the directory it is contained in.

     The names on an ACL have three parts:  the user's name and project (e.g.,
Smith.Mktg) and a component called an instance tag, which is usually denoted
by an asterisk (e.g., Smith.Mktg.*).  The asterisk means that whatever
instance tag a user has will be given access.  An asterisk can also be used in
the name and project components; it means that any name or any project will be
given access.

     The "commands" you use to maintain ACLs are: list_acl, set_acl, and
delete_acl.  To try these out and to see what an ACL looks like, go to
"command level" by pressing function key F2.  Once there type the list_acl
command without arguments to see the ACL on your working directory.  To see
the ACL of a segment, supply the segment's name as the "pathname" "argument"
to list_acl.  Before experimenting with set_acl or delete_acl, use the help
command to see exactly how to invoke them.
