Access Control Lists (commonly known as ACLs) are a way of specifying complicated permissions to objects.

Those of you from the UNIX world may remember when you have been in a situation like the following:

Techies need read/write to a directory. Marketing needs read. Joe needs full access.

This is an impossible scenario with classic owner/group/others permissions. You can't have two groups that need two different permissions. With ACLs you can!

Requirements

The basics for using ACLs on ext2/3 partitions is:

• Having a patched kernel to allow it
• Having the ACL utilities
• Having a slightly modified version of fileutils.

It is also important to have a recent version of e2fsck otherwise it'll screw up your ACLs.

Kernel bits

Now! With the patched kernel, the appropriate options are (in menuconfig): File systems->POSIX Access Control Lists File systems->Ext3 journalling file system support File systems->Ext3 journalling file system support->Ext3 extended attributes File systems->Ext3 journalling file system support->Ext3 extended attributes->Ext3 POSIX Access Control Lists

If you use ext2, do the same for `Second extended fs support' a bit lower down. I don't know how this works for other fs' (JFS, XFS) so someone else can wiki that :)

ACL utilities

The basic ACL utilities you will want are `getfacl' and `setfacl'. If you havn't already got them, you can get them from http://acl.bestbits.at/ . On Gentoo they are in the package `sys-apps/acl'. I think it is in package `acl' on Debian. Debian also has an `acl-dev' which contains the libraries and headers and such.

How to use this stuff

Right! Onto the juicy stuff. First off, you need to make sure your ext2/3 partitions are mounted with the `acl' option. If they aren't, you will get this

cyan /# setfacl -m u:rgh:rwx tmp setfacl: tmp: Operation not supported

So, make sure (acl) is in the options list.