Natarajan's blog
Saturday, September 25, 2004
Access Control Lists in Linux
Access Control Lists (ACL from now on) is a mechanism by which you can have fine grained file access permissions.
To revoke all ACL permissions given, you can use
Hope you found it useful.
Natarajan
A scenario to explain the utility of ACL
How many times you wanted two users to have access over a particular file, and you had to create a group with the concerned users as members? ACL comes to your rescue in such a situation. You can just give the multiple users permissions for the file without having to create a group.Pre-requisites for ACL
- Your filesystem has to support ACL extensions. Kernels configurations that come with latest distros have the ACLs enabled by default. If not, you would need to have the CONFIG_EXT2_FS_POSIX_ACL, CONFIG_EXT3_FS_POSIX_ACL, CONFIG_REISERFS_FS_POSIX_ACL (in the filesystem configuration section of your kernel) selected depending on which filesystem you use. Mandrake 10 official on which I tried using ACL had these configurations turned on by default. But I had to remount my filesystem with the acl option
- You filesystem must be mounted with the acl option.
- # mount / -o remount,acl
- You could set this option on in fstab to have it turned on at boot. For this add acl to the option section in the fstab line
Example
I have a directory natty_kumar for which users natty and kumar need to be given read/write/execute access.To see the current access control list for the directory natty_kumar use the following command
total 8
drwxr-xr-x 2 natty natty 4096 Sep 25 23:27 natty_kumar
-rw-r--r-- 1 natty natty 1406 Sep 25 23:28 acl.html
Now I need to give permissions to user kumar for this directory
[natty@localhost linux]$ getfacl natty_kumar/
# file: natty_kumar
# owner: natty
# group: natty
user::rwx
group::r-x
other::r-x
You can see the new access permissions for the directory with
[natty@localhost linux]$ setfacl -m u:kumar:rwx natty_kumar/
Now user kumar has read/write/execute permissions on the natty_kumar directory.
[natty@localhost linux]$ getfacl natty_kumar/
# file: natty_kumar
# owner: natty
# group: natty
user::rwx
user:kumar:rwx
group::r-x
mask::rwx
other::r-x
To revoke all ACL permissions given, you can use
This is a small intro to ACLs. For further reading:
[natty@localhost linux]$ setfacl -b natty_kumar
- $ man acl
- $ man setfacl
- $ man getfacl
- The Linux ACLs pages, at http://acl.bestbits.at
Hope you found it useful.
Natarajan
Archives
March 2004 April 2004 May 2004 June 2004 August 2004 September 2004 November 2004 February 2005 May 2005
