Advantages Of Acls; Definitions - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual

14.2 Advantages of ACLs

Traditionally, three permission sets are defined for each file object on a Linux system.
These sets include the read (r), write (w), and execute (x) permissions for each of three
types of users—the file owner, the group, and other users. In addition to that, it is pos-
sible to set the set user id, the set group id, and the sticky bit. This lean concept is fully
adequate for most practical cases. However, for more complex scenarios or advanced
applications, system administrators formerly had to use a number of tricks to circumvent
the limitations of the traditional permission concept.
ACLs can be used as an extension of the traditional file permission concept. They allow
assignment of permissions to individual users or groups even if these do not correspond
to the original owner or the owning group. Access control lists are a feature of the
Linux kernel and are currently supported by ReiserFS, Ext2, Ext3, JFS, and XFS. Using
ACLs, complex scenarios can be realized without implementing complex permission
models on the application level.
The advantages of ACLs are evident if you want to replace a Windows server with a
Linux server. Some of the connected workstations may continue to run under Windows
even after the migration. The Linux system offers file and print services to the Windows
clients with Samba. With Samba supporting access control lists, user permissions can
be configured both on the Linux server and in Windows with a graphical user interface
(only Windows NT and later). With winbindd, part of the samba suite, it is even
possible to assign permissions to users only existing in the Windows domain without
any account on the Linux server.

14.3 Definitions

user class
The conventional POSIX permission concept uses three classes of users for assign-
ing permissions in the file system: the owner, the owning group, and other users.
Three permission bits can be set for each user class, giving permission to read (r),
write (w), and execute (x).
access ACL
The user and group access permissions for all kinds of file system objects (files
and directories) are determined by means of access ACLs.
Access Control Lists in Linux 283