====== ACL - Access Control List ====== ===== What is ACL? ===== Access Control Lists (ACLs) provide a much more flexible way of specifying permissions on a file or other object than the standard Unix user/group/owner system. Windows NT and above, when running on an NTFS partition, use ACLs to specify permissions on files and directories. This document attempts to show how you can enable ACL support on your Linux box and use Samba to provide an SMB file server for use by machines in a Windows 2000 domain. ACLs are best stored in the actual file system itself. To that end, there are patches available for ext2 and ext3 that enable ACL support using Extended Attributes (EAs). SGI's XFS also has ACL support built in, but XFS is not currently covered in this document. ===== Requirements ===== Fully patched Kernel version 2.4 or 2.6 Having the ACL utilities Having a slightly modified version of file utils. We are going to work with kernel version 2.6 because 2.6 series of kernels makes some attempts to standardise the ACL methods. Verifying Kernel support for ACL Checking log files #cat /boot/config-2.6.15.1-386 | grep _ACL This should give the below results CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_XFS_POSIX_ACL=y ===== Install ACL in Debian ===== #apt-get install acl Activating ACL support in a partition (Ext3) By default kernel version 2.6 supports ext2, ext3, jfs, xfs filesystems for ACL If you have already partition(ex:-hda6) in your hard disk you need to use the following command #mount -o remount,acl /dev/hda6 Now we need to modify the /etc/fstab file and add the ACL options /dev/hda6 / ext3 {{acl}},defaults,errors=remount-ro 0 1 ===== Adding and Modifying ACL ===== In Order to use ACL under linux you need to use two commands setfacl and getfacl Now we will see each one with an example If you want to get the ACL of test.acl file you need to enter the following command #getfacl test.acl If you want to add user(u) ruchi with write(w) access on test.acl file you need to enter the following command #setfacl -m u:ruchi:w test.acl If you want to add group(g) root with read(r) access on test.acl file you need to enter the following command #setfacl -m g:root:w test.acl If you want to add others(o) with read(r) access on test.acl file you need to enter the following command #setfacl -m o::r test.acl If you want more options check man page of setfacl and man page of getfacl ===== Safeguard files with the ACL ===== If you want to configure safeguard with ACL you need to install star package Star supports several tar archive formats (including ustar, GNU tar and new POSIX format). It's faster than other tar implementations due to advanced buffering. Star is also the only tar implementation under Linux capable of archiving Access Control Lists. #apt-get install star ===== ACL utilities ===== The basic ACL utilities you will want are `getfacl' and `setfacl'. If you havn't already got them, you can get them from http://acl.bestbits.at/ . Debian they are in the package acl. Debian also has an `acl-dev' which contains the libraries and headers and such.