|
Home > Archive > Linux/Unix > August 2001 > ACL for Linux File System
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ACL for Linux File System
|
|
| kwoksir 2001-08-10, 8:59 pm |
| Hi,
Recently I study hard for my SCSA exam, from that I learned Access Control List of a file system. It is in some sense similar to the ACL of NTFS.
I would like to ask whether there is/are distribution(s) BY DEFAULT enable the ACL features or not?
Yes, I know there are some Linux project work for this. | |
| ccieToBe 2001-08-10, 9:41 pm |
| If you have access to a Linux box try typing in the following commands:
man chown
man chmod
These two commands are used to provide what I assume you're refering to. The functionality is very simular to NTFS ACLs. Every Linux, and every modern Unix provides this functionality. If you share files over the network through an app like Samba or Apache you can usually asign permission through the app as well. | |
| kwoksir 2001-08-10, 10:19 pm |
| Hi, ccietobe,
I think I need to explain a little bit more what I have mentioned for.
For every Linux distribution, you can as an user to set the file/directory permission like something -rwxrwx--- or drwx------, however, this can only restrict to 3 kinds of parties (owner, group, other).
In Solaris (some what similar to Linux or Linux similar to Solaris/Unix), you can set further extra permission which you can't set using traditional. Simple question:
How to deny only user1 to read my file while allow all other user? Using ACL can do this. In Solaris, command is:
setfacl -m u:user1:--- filename
Hope this information interest you.
Regards, | |
| ccieToBe 2001-08-10, 10:53 pm |
| Oh, I misunderstood your question. There are a few small projects out there to provide ACLs on the level you're talking about, but AFAIK none of them are widely used, so use them at your own risk. Really, if you need that level of controll over a system's security it would probably be best to use an OS that provides native support for it or set this through the app that's sharing the files (assuming that app supports this). Solaris is very nice if you have a Sparc. | |
|
| HP-UX has an acl system by default so that you can allow access to your files on a per-user basis. To give access to someone you could use:
chacl randy.%=rwx topsecretpentagoncodes
This will give user 'randy' access to your top secrets file regardless of what group I am in. The '%' glob stands for all users or all groups depending on where it is located (before the priod or after). You can add or deny specific users access to your files in this way. Am not too familiar with SOlaris, but there is a good guide located here: http://www.securityfocus.com/focus/...es/solacls.html
Hope this helps some. |
|
|
|
|