Table of Contents
This chapter provides a brief summary of the background and functions of POSIX ACLs (access control lists) for Linux file systems. ACLs can be used as an expansion of the traditional permission concept for file system objects. With ACLs, permissions can be defined more flexibly than the traditional permission concept allows.
The term POSIX ACL suggests that this is a true POSIX (portable operating system interface) standard. The respective draft standards POSIX 1003.1e and POSIX 1003.2c have been withdrawn for several reasons. Nevertheless, ACLs as found on many systems belonging to the UNIX family are based on these drafts and the implementation of file system ACLs as described in this chapter follows these two standards as well. They can be viewed at http://wt.xpilot.org/publications/posix.1e/.
Traditionally, three sets of permissions are defined for each file object on
a Linux system. These sets include the read (
w), and execute (
x) permissions for
each of three types of users—the file owner, the group, and other
users. In addition to that, it is possible to set the set user
id, the set group id, and the
This lean concept is fully adequate for most practical cases. However,
for more complex scenarios or advanced applications, system administrators
formerly had to use a number of tricks to circumvent the limitations of the
traditional permission concept.
ACLs can be used for situations that require an extension of the traditional file permission concept. They allow assignment of permissions to individual users or groups even if these do not correspond to the original owner or the owning group. Access control lists are a feature of the Linux kernel and are currently supported by ReiserFS, Ext2, Ext3, JFS, and XFS. Using ACLs, complex scenarios can be realized without implementing complex permission models on the application level.
The advantages of ACLs are clearly evident in a situation like replacement of a Windows server with a Linux server. Some of the connected workstations may continue to run under Windows even after the migration. The Linux system offers file and print services to the Windows clients with Samba. Given that Samba supports access control lists, user permissions can be configured both on the Linux server and in Windows with a graphical user interface (only Windows NT and later). With winbindd, it is even possible to assign permissions to users that only exist in the Windows domain without any account on the Linux server.