Linux - How to setup Access Control List (ACL)
Basic Linux permissions are having following limitations:
1. We cannot set more than one entity as the user or group owner of a file.
2. We cannot set permission on a per file or directory basis.
ACL is one of the system to overcome these limitations.
Important Note:
Have a look into /etc/fstab to make sure acl is enabled for the device is mounted. Content of /etc/fstab looks like below if acl is enabled:
#cat /etc/fstab
/dev/hda1 / reiserfs acl,user_xattr 1 1
/dev/hda2 swap swap defaults 0 0
proc /proc proc defaults 0 0
.
.
.
If acl is not added for the device in /etc/fstab, you have to add this option and remount.
setfacl - Setting File Access Control List
Once acl is set for a device, using setfacl command, we can create Access Control List. To make user alexander as trustee for a file somefile do the following:
setfacl -m u:alexander:rwx somefile
In addition to that, to add the group sales as trustee group for the file somefile.
setfacl -m g:sales:rw somefile
This command does not make any difference in file permissions, but add a '+' sign behind the permissions list
getfacl - Setting File Access Control List
getfacl somefile displays the acl to somefile
For more information on these commands man setfacl and man getfac
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
Basic Linux permissions are having following limitations:
1. We cannot set more than one entity as the user or group owner of a file.
2. We cannot set permission on a per file or directory basis.
ACL is one of the system to overcome these limitations.
Important Note:
Have a look into /etc/fstab to make sure acl is enabled for the device is mounted. Content of /etc/fstab looks like below if acl is enabled:
#cat /etc/fstab
/dev/hda1 / reiserfs acl,user_xattr 1 1
/dev/hda2 swap swap defaults 0 0
proc /proc proc defaults 0 0
.
.
.
If acl is not added for the device in /etc/fstab, you have to add this option and remount.
setfacl - Setting File Access Control List
Once acl is set for a device, using setfacl command, we can create Access Control List. To make user alexander as trustee for a file somefile do the following:
setfacl -m u:alexander:rwx somefile
In addition to that, to add the group sales as trustee group for the file somefile.
setfacl -m g:sales:rw somefile
This command does not make any difference in file permissions, but add a '+' sign behind the permissions list
getfacl - Setting File Access Control List
getfacl somefile displays the acl to somefile
For more information on these commands man setfacl and man getfac
-----------------------------------------------------------------------------------------------------------------
Topics will be covered in this Blog are : Linux System Administrator - Memory Performance Tuning - File System - User Group - Linux / Unix Commands Processes - Virtual Swap Memory - Mail Server - Remote Access - Linux Permissions - Boot procedure system Logging - Network (xinetd) Configuration (ifconfig) - DNS - DHCP - Web Server - Kernel - Shell Script - Tuning Optimization High Availability Heart-BeatClustering-Backup and Recovery - Network Time Protocol - NIS - NFS - RPM Partition - /proc - Scheduling (crontab) - mount unmount - secured shell (ssh) - Remote Access - Virtual Network Computing (VNC) Default Ports - Services
No comments:
Post a Comment