Fine-Tuning Linux Administration with ACLs

Access control lists in Linux are almost ready for prime-time. Beat the rush and start testing now.

By Carla Schroder | Posted Sep 16, 2003
Page 1 of 3
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Linux's venerable file and user permissions system is solid and dependable, but not very flexible, unfortunately. For users to share access to a particular document or resource, they must all be in the same group. It's an all-or-nothing deal, as all users within a group have all the same rights, which is most inconvenient when you wish to exclude someone, or include someone only on a limited basis.

Plus it's tedious to create a new group simply to share a document, printer, or directory. In time, you can end up with zillions of groups and no idea of what is going on, which, as many admins can attest to, inevitably results in turning to drink and life quickly going to heck in a handbasket.

ACLs – An Alternative to Alcohol

All hope is not lost, though, as help is on the way in the form of access control lists, which Linux finally supports. This is not a trivial undertaking, as it is fundamental to kernel and filesystem architectures. ACLs have been a part of Windows and Novell Netware since forever. (Netware's implementation is by far the best; Novell admins have extremely flexible and fine-grained control of users and resources. If money is no object, Netware is easily the network operating system of choice.)

Once again our valiant Linux programmers come through, hurrah. ACLs are supported in all the major Linux filesystems — ext2, ext3, XFS, ReiserFS, and JFS (begin ritual debate over which filesystem is best). ACLs on Linux are still bleeding-edge, though, with the major distributions just beginning to include them.

As far as I know, only SuSE is currently shipping with ACLs enabled, but things move quickly in Linux-land, so expect your favorite distribution to include them soon. ACL support has been included in the 2.5 kernel development tree; the time is not far off when it will be a standard feature. Best of all, ACLs and traditional Linux permissions can live together nicely on the same system. No need to worry about conflicts; instead sit back and enjoy the additional flexibility.

Page 2: Terminology

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter