Using Access Control Lists
Unix/Linux permission modes are very simple; they don’t cover all security needs. But, because they are simple, they are actually used, which is more than can be said for many other access control technologies.
But sometimes permissions just don’t cut it, and a better system of discretionary access control is needed. Access control lists (ACLs) enable you to specify exactly which users and groups can access a file and in what ways.
How Do I Do That?
In order to use ACLs on a filesystem, that filesystem must be mounted with the acl
mount option. To check whether this option is active, use the
mount command:
$ mount
/dev/mapper/main-root on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hdc2 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
/dev/mapper/main-home on /home type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
automount(pid10695) on /net type autofs (rw,fd=4,pgrp=10695,minproto=2,maxproto=4)
Tip
If you kept the default volume group and logical volume names during installation, you may see device paths such as /dev/mapper/VolGroup00-LogVol01.
The mount options are shown in parentheses; none of these filesystems were mounted with the acl
option.
To add the acl
mount option to a filesystem that is already mounted, use the
mount command with the remount
option:
#mount -o remount,acl
/home ...
Get Fedora Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.