Access Control Lists (commonly known as ACLs) are a way of specifying complicated permissions to objects.
They can apply to many situations - Squid uses ACL's to dictate who can access a certain site, iptables(8) rules effectively define access control lists, and they can be implemented in a filesystem. (NTFS uses ACL's natively - ext2/ext3 doesn't.)
Those of you from the UNIX world may remember when you have been in a situation like the following:
Techies need read/write to a directory. Marketing needs read. Joe needs full access.
This is an impossible scenario with classic owner/group/others permissions. You can't have two groups that need two different permissions. With ACLs you can! While other Unices have had their own versions of ACLs (eg solaris has setfacl and getfacl), some of the Linux filesystems (eg reiserfs and ext2) now support them, and the 2.6 series of kernels makes some attempts to standardise the ACL methods.
# apt-get install acl
If you are using an older or a customized distribution, please make sure to check the basic requirements:
to your /etc/apt/sources.list.)
If you use ext2, do the same for `Second extended fs support' a bit lower down. I don't know how this works for other fs' (JFS, XFS) so someone else can wiki that :)
The basic ACL utilities you will want are `getfacl' and `setfacl'. If you havn't already got them, you can get them from http://acl.bestbits.at/ . On Gentoo they are in the package sys-apps/acl in Debian they are in the package acl. Debian also has an `acl-dev' which contains the libraries and headers and such.
cyan /# setfacl -m u:rgh:rwx tmp setfacl: tmp: Operation not supported
/dev/sda7 /tmp ext3 defaults,acl 0 2
setfacl -m g:techies:rwx /techie_folder
You'll get something like this:
The -m just means you are modifying the ACL directly from the command line, as opposed to from stdin later. man setfacl reveals all!