Fine-Tuning Linux Administration with ACLs - Page 3
Using ACLs Now
No need to deprive yourself of the pleasure of deploying ACLs now. Simply do a download and install, and away you go.
Well, except it's not exactly simple. Installing it means downloading kernel patches and a number of utilities. Instructions, binaries, and tarballs are available at http://acl.bestbits.at/steps.html. Debian users will find nice debs for everything; use the Debian package search page to find them all. I would limit using ACLs to a test system for now. There are several gotchas, though, including:
- A lack of application support. It is possible to use ACLs to manage access to files, printers, and all your system goodies very nicely, but standard Linux file utilities have not caught up yet and do not support ACLs.
- XFS and JFS performance is bumpy.
- Backups and restores – GNU tar or dump will lose all of your nice ACL bits. But fear not, for the official ACL website, http://acl.bestbits.at/, introduces Star.
Star of the Show
Star (pronounced Ess- tar), the "standard tape archiver," is written by uber-geek Joerg Schilling, author of cdrecord and other fine Unix utilities. Star is one heck of a great program — it's fast, supports all tar formats, allows extraction of selected files from archives, has multi-volume support...its list of tasty goodies goes on and on.
Replace moldy old GNU tar with it; you won't be sorry. And best of all, it supports ACLs. Be sure to use the -acl option, or it won't save ACL bits. To get Star, visit http://acl.bestbits.at/star.html. Study the man page! Don't try to use Star without it; this is not your granny's tar.
NFS support is not yet complete, but is in progress in version 4. Do not use ACLs on NFS mounts until it is completely supported or your file permissions will get all goobered up.
The Samba team, with great foresight, long ago prepared Samba to be ready when ACLs were implemented in Linux. Samba currently maps Windows ACL attributes to standard Unix permissions. When ACLs are fully implemented in Linux, you won't need to do a thing to Samba — it'll be ready to go.
The bottom line is that access control lists in Linux are almost ready for prime-time. Beat the rush and start testing now.