Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 696 — #722
i
i
i
i
i
i
i
i
27.1 Advantages of ACLs
Note
POSIX ACLs
The term POSIX ACL suggests that this is a true POSIX (portable
operating system interface) standard. The respective draft stan-
dards POSIX 1003.1e and POSIX 1003.2c have been withdrawn
for several reasons. Nevertheless, ACLs as found on many sys-
tems belonging to the UNIX family are based on these drafts
and the implementation of file system ACLs as described in this
chapter follows these two standards as well. They can be viewed
at http://wt.xpilot.org/publications/posix.1e/.
Note
Traditionally, three sets of permissions are defined for each file object on
a Linux system. These sets include the read (r), write (w), and execute (x)
permissions for each of three types of users — the file owner, the group,
and other users. In addition to that, it is possible to set the set user id, the set
group id, and the sticky bit.
This lean concept is fully adequate for most practical cases. However, for
more complex scenarios or advanced applications, system administrators
formerly had to use a number of tricks to circumvent the limitations of the
traditional permission concept.
ACLs can be used for situations that require an extension of the traditional
file permission concept. They allow assignment of permissions to individ-
ual users or groups even if these do not correspond to the original owner
or the owning group. Access control lists are a feature of the Linux kernel
and are currently supported by ReiserFS, Ext2, Ext3, JFS, and XFS. Using
ACLs, complex scenarios can be realized without implementing complex
permission models on the application level.
The advantages of ACLs are clearly evident in situations like the replace-
ment of a Windows server by a Linux server. Some of the connected work-
stations may continue to run under Windows even after the migration.
The Linux system offers file and print services to the Windows clients with
Samba.
696 27.1. Advantages of ACLs