Access Control Lists (ACL from now on) is a mechanism by which you can have fine grained file access permissions.
A scenario to explain the utility of ACL
How many times you wanted two users to have access over a particular file, and you had to create a group with the concerned users as members? ACL comes to your rescue in such a situation. You can just give the multiple users permissions for the file without having to create a group.
Pre-requisites for ACL
- Your filesystem has to support ACL extensions. Kernels configurations that come with latest distros have the ACLs enabled by default. If not, you would need to have the CONFIG_EXT2_FS_POSIX_ACL, CONFIG_EXT3_FS_POSIX_ACL, CONFIG_REISERFS_FS_POSIX_ACL (in the filesystem configuration section of your kernel) selected depending on which filesystem you use. Mandrake 10 official on which I tried using ACL had these configurations turned on by default. But I had to remount my filesystem with the acl option
- You filesystem must be mounted with the acl option.
- # mount / -o remount,acl
- You could set this option on in fstab to have it turned on at boot. For this add acl to the option section in the fstab line
Example
I have a directory
natty_kumar for which users natty and kumar need to be given read/write/execute access.
total 8
drwxr-xr-x 2 natty natty 4096 Sep 25 23:27 natty_kumar
-rw-r--r-- 1 natty natty 1406 Sep 25 23:28 acl.html
To see the current access control list for the directory
natty_kumar use the following command
[natty@localhost linux]$ getfacl natty_kumar/
# file: natty_kumar
# owner: natty
# group: natty
user::rwx
group::r-x
other::r-x
Now I need to give permissions to user kumar for this directory
[natty@localhost linux]$ setfacl -m u:kumar:rwx natty_kumar/
You can see the new access permissions for the directory with
[natty@localhost linux]$ getfacl natty_kumar/
# file: natty_kumar
# owner: natty
# group: natty
user::rwx
user:kumar:rwx
group::r-x
mask::rwx
other::r-x
Now user kumar has read/write/execute permissions on the natty_kumar directory.
To revoke all ACL permissions given, you can use
[natty@localhost linux]$ setfacl -b natty_kumar
This is a small intro to ACLs. For further reading:
Hope you found it useful.
Natarajan