Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 697 — #723
i
i
i
i
i
i
i
i
27
Access Control Lists in Linux
Given that Samba supports access control lists, user permissions can be
configured both on the Linux server and in Windows with a graphical user
interface (only Windows NT and later). With winbindd, it is even possi-
ble to assign permissions to users that only exist in the Windows domain
without any account on the Linux server. On the server side, edit the access
control lists using getfacl and setfacl.
27.2 Definitions
user class The conventional POSIX permission concept uses three classes
of users for assigning permissions in the file system: the owner, the
owning group, and other users. Three permission bits can be set for
each user class, giving permission to read (r), write (w), and execute
(x).
access ACL The user and group access permissions for all kinds of file
system objects (files and directories) are determined by means of ac-
cess ACLs.
default ACL Default ACLs can only be applied to directories. They de-
termine the permissions a file system object inherits from its parent
directory when it is created.
ACL entry Each ACL consists of a set of ACL entries. An ACL entry con-
tains a type (see Table 27.1 on the following page), a qualifier for the
user or group to which the entry refers, and a set of permissions. For
some entry types, the qualifier for the group or users is undefined.
27.3 Handling ACLs
This section explains the basic structure of an ACL and its various charac-
teristics. The interrelation between ACLs and the traditional permission
concept in the Linux file system is briefly demonstrated by means of sev-
eral figures. Two examples show how to create your own ACLs using the
correct syntax. In conclusion, find information about the way ACLs are in-
terpreted by the operating system.
697SUSE LINUX Enterprise Server