ATAD #3 - linux Access Control Lists (ACLs)

File permissions on linux are traditionally Read (r), Write (w), and Execute (x) permissions associated with users and groups. Providing appropriate permissions, especially as an ordinary user, is more often complicated than we think.

Let me illustrate this with an example. User "tom" creates a file named "hoohaha" and wants to give "dick" and "harry" permissions to read and execute it. Ofc this is fairly simple if dick and harry were exclusively part on one group. What if that group dosent exist? tom will have to ask the "already overloaded" system administrator to create a group consisting of just dick and harry. This, like you can see dosent sound too good.

To overcome this limitation, Linux has implemented support for Access Control Lists (ACLs). ACLs serve as an extension to traditional Unix permissions, giving end-users the ability to specify special access rights to a file and provide desired users and groups with appropriate permissions. To use ACLs you should have at least kernel version 2.6.x (some manual steps are required with older kernel versions), a filesystem that supports ACL, and additional user tools to create, view and modify ACLs. ext3 filesystems natively support ACLs, and support can be added to ext2 filesystem by performing some additional steps. ACL support is native on RHEL5, Fedora 9, Ubuntu Fiesty and SuSE 8.1 (there would be more).

The setfacl utility sets ACLs for files and directories, and getfacl can be used to determine the existing ACLs for a file or directory. The cp and mv commands do preserve the ACLs. tar and dump dont, so use star instead.

tom $ getfacl hoohaha
# file: hoohaha
# owner: tom
# group: tom
user::rwx
group::r--
other::r--

The requirement is realized when tom sets ACLs for the file hoohaha
tom $ setfacl -m user:dick:rx hoohaha
tom $ setfacl -m user:harry:rx hoohaha

__tipped__