5 Access Control Lists In Linux; Traditional File Permissions - Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION:
- Manual (184 pages) ,
- Supplementary manual (50 pages) ,
- Quick manual (12 pages)
Table of Contents
Advertisement
15
Access Control Lists in Linux
POSIX ACLs (access control lists) can be used as an expansion of the traditional per-
mission concept for file system objects. With ACLs, permissions can be defined more
flexibly than the traditional permission concept allows.
The term POSIX ACL suggests that this is a true POSIX (portable operating system
interface) standard. The respective draft standards POSIX 1003.1e and POSIX 1003.2c
have been withdrawn for several reasons. Nevertheless, ACLs as found on many systems
belonging to the UNIX family are based on these drafts and the implementation of file
system ACLs as described in this chapter follows these two standards as well. They
can be viewed at http://wt.xpilot.org/publications/posix.1e/.
15.1 Traditional File Permissions
The basics of traditional Linux file permissions are explained in Section 18.2, "Users
and Access Permissions" (page 361). More advanced features are the setuid, setgid, and
sticky bit.
15.1.1 The setuid Bit
In certain situations, the access permissions may be too restrictive. Therefore, Linux
has additional settings that enable the temporary change of the current user and group
identity for a specific action. For example, the passwd program normally requires
root permissions to access /etc/passwd. This file contains some important informa-
tion, like the home directories of users and user and group IDs. Thus, a normal user
Access Control Lists in Linux
303
Advertisement
Table of Contents
Troubleshooting
