The Urban Penguin

The Urban Penguin - Linux Training

You are here: Home / Books / Managing POSIX ACLS in Linux

Managing POSIX ACLS in Linux

£0.99

This eBook from The Urban Penguin steps you through the POSIX ACLs in Linux so you are able to successfully secure your filesystems. The book is aimed at system administrators in Linux or those learning Linux system administrators and those seeking certification in Linux Administration

Category:

Description

As a system administrator in Linux, it will not take you long to realize that permissions managed only using the file mode become very limiting. The mode of a file allows for a single user, one group and everyone else, that is it. Many Linux systems are single-user systems acting as a service appliance so it does not have to be all bad, however, if you are using the system as some form a shared server or file-server it is likely that you will need to expand the mode using POSIX ACLs, or Access Control Lists.

Reading this 18 A4 page document you will learn:

  • The limitations of the file mode
  • ACLs available in Linux
  • Determining support for POSIX ACLs
  • Listing ACLs using getfacl
  • Setting default ACLs in directories using setfacl
  • Setting  ACLs on files
  • The ACL Mask and the File Mode
  • The Group nogroup/nobody
  • Removing individual ACEs or the complete ACL
  • Securing a Web Server DocumentRoot Using POSIX ACLs

The UNIX file mode dates back to the beginnings of UNIX and was never designed for Enterprise file sharing. The mode only allows for a single user, a single group, and everyone else. To work around this you can just keep creating groups to meet new needs within the file-system. Even so, this does not cater for when one group requires read access and another group requires read-write access to the same file or directory. All in all, if you are trying to share file-systems with many users on Linux, the mode is a problem. ACLs overcome these limitations allowing for more users and more groups to be added as principals.

We are talking about Linux, so there is never going to be just a single ACL to choose from => we have at least 3 🙂 In this module we look at POSIX ACLs.

POSIX ACL
The POSIX ACLs requires Kernel Modules to work with both the ACL and the target file-system. ACLs support also needs be be enabled when the file-system is mounted. The mount option is built-in to the XFS file-system and is a default mount option in EXT4, so is not a major issue. POSIX Access Control Lists allow for more than one user or group to have the same or different permissions to a file resource. We can also set default permissions allowing new files or directories to inherit from the parent. These features make the ACL very powerful and a useful tool.

NFSv4 ACL
NFSv4 ACLs are not part of the file-system and are independent of it. They work on exported NFS directories, or shares. If you are not accessing the file-system using the NFSv4 protocol the ACL is not applied. That said, it is designed for the NFS Server and exported file-systems so should not be surprising or an issue.

CIFS ACL
Like the NFSv4 ACLS the CIFS ACLs do NOT apply to a local file-system but are used when you are accessing the file-system via a SAMBA share.

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.