Access Control List

From ICT science
Revision as of 11:33, 10 February 2017 by Penni101 (talk | contribs) (→‎Examples)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

An Access Control List (or ACL) is a list of permissions attached to a filesystem object (file, directory). ACLs are manipulated with the commands getfacl and setfacl. Using setfacl, you can set the access-rights for individual users and groups on files and directories. On a directory you can set a default ACL ; every object (file, directory) created in the directory inherrits the default ACL.

See the manual pages for more details.

ACL Examples

Personal Storage

See the Personal_storage page for more info. ACL personal storage

Working with others

Suppose you (solis101) want to work together with users solis102 and solis103 on some project proj. You probably should use a tool like git or subversion, but if you must, you can create a directory :

% mkdir ~/proj

and make it (and everything below it) writable for you and your partners :

% setfacl -m user:solis102:rwx ~/proj/
% setfacl -m user:solis103:rwx ~/proj/
% setfacl -m default:user:solis101:rwx ~/proj/
% setfacl -m default:user:solis102:rwx ~/proj/
% setfacl -m default:user:solis103:rwx ~/proj/

Also, allow users solis102 and solis103 traverse rights on your $HOME :

 % setfacl -m user:solis102:x ~
 % setfacl -m user:solis103:x ~

Note that these settings imply that users solis102 and solis103 can now access data in your $HOME that is accessible for others, which is usually a lot.