Differences between version 6 and predecessor to the previous major change of AccessControlLists.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 6 | Last edited on Friday, November 28, 2003 11:19:27 pm | by CraigBox | Revert |
| Older page: | version 5 | Last edited on Saturday, September 6, 2003 2:14:08 pm | by CraigBox | Revert |
@@ -1,5 +1,9 @@
Access Control Lists (commonly known as ACLs) are a way of specifying complicated permissions to objects.
+
+They can apply to many situations - [Squid] uses ACL's to dictate who can access a certain site, iptables(8) rules effectively define access control lists, and they can be implemented in a filesystem. (NTFS uses ACL's natively - ext2/ext3 doesn't.)
+
+!!!Filesystem ACLs
Those of you from the UNIX world may remember when you have been in a situation like the following:
Techies need read/write to a directory. Marketing needs read. Joe needs full access.
@@ -17,12 +21,12 @@
!!Kernel bits
Now!
With the patched kernel, the appropriate options are (in menuconfig):
-File systems->POSIX Access Control Lists
-File systems->Ext3 journalling file system support
-File systems->Ext3 journalling file system support->Ext3 extended attributes
-File systems->Ext3 journalling file system support->Ext3 extended attributes->Ext3 POSIX Access Control Lists
+*
File systems->POSIX Access Control Lists
+*
File systems->Ext3 journalling file system support
+*
File systems->Ext3 journalling file system support->Ext3 extended attributes
+*
File systems->Ext3 journalling file system support->Ext3 extended attributes->Ext3 POSIX Access Control Lists
If you use ext2, do the same for `Second extended fs support' a bit lower down.
I don't know how this works for other fs' (JFS, XFS) so someone else can wiki that :)
@@ -44,4 +48,8 @@
So, to give group `techies' rwx access to /techies, you would type:
setfacl -m g:techies:rwx /techies
The -m just means you are modifying the ACL directly from the command line, as opposed to from stdin later. man setfacl reveals all!
+
+!!!ACL's with Samba
+
+Samba 3 supports using libacl to support full ACL access to Samba shares. You need to ensure it's compiled into Samba (it probably is) and install libacl. Then it seems like you don't have to do anything more. See http://www.bluelightning.org/linux/samba_acl_howto/ for a small howto.
