If you’ve used Linux for a long time, you’re probably quite familiar with file permissions. Indeed, managing permissions is a critical part of managing a Linux system. In general, you should provide minimal access whenever possible. Every user (or group) should have just enough permissions and no more.
Access Control Lists
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Hopefully they will integrate this in KDE and Gnome someday. Windows and others have had this for years so it’s about time to catch up
No
Posix ACL in linux are bad!
You should use RSBAC/SeLinux/grsec to manage this kind of ACL’s instead. (its btw, FAR more powerfull than that or windows)
eg: http://rsbac.org/documentation/models.php#acl
Uhmmm, what exactly has a desktop environment, like KDE, do with ACL ? Why do you wish a filesystem-related feature integrated into a graphical desktop environment ?
I just find a bit awkward that XFS is only mentioned once in that linked article, and only to say it has ACL support. I use XFS for many years now, _very_ pleased with it, and while I also like reiserfs, I wouldn’t touch ext3 with or without a stick no time.
The only use I can see ACL’s for is if you use NFS. But NFS is insecure anyway, so I’d personally use something else.
OpenAFS, for instance, supports ACL’s that are more like Netware’s trustees. They’re more fine grained that POSIX ones and they automatically propogate down, unless a subfolder has explicit ones set. POSIX ACL’s are complex and seem rather hacky anyway.
>Uhmmm, what exactly has a desktop environment, like KDE, do
>with ACL ? Why do you wish a filesystem-related feature
>integrated into a graphical desktop environment ?
Uhmmm, cause you want to point’n’click to manage them ?
KDE/Gnome already have an interface to set the group/owner/other bits, would be nice to extend that to ACLs as well.
well….duh
My biggest need for ACLs (and an easy to use management interface) is for Samba. I would love to be able to change my Windows file servers to Samba, but I need to have both Share and File/Directory permissions that are easy to manage.
I only played a little bit with it on SuSE 9.0 and didn’t get it working – (probably doesn’t have the patches for kernel and/or ReiserFS by default). Anyone know if 9.2 supports them oob?
Uhmmm, what exactly has a desktop environment, like KDE, do with ACL ? Why do you wish a filesystem-related feature integrated into a graphical desktop environment ?
Are you implying users should open a shell to set ACLs on the filesystem? Dude, get a grip.
In Windows regular users have enough problems managing ACLs with the intuitive graphical manager, and yes, they do need to set ACLs themselves.
If a group of users need a directory for a special project that no one else should access, they fix it themselves instead of calling support.
Open Enterprise Server will have the NetWare ACLs on NSS volumes.
for home users the existing user and group is all that is needed, and for the rest you have SElinux.
Uhmmm, what exactly has a desktop environment, like KDE, do with ACL ? Why do you wish a filesystem-related feature integrated into a graphical desktop environment ?
For one thing it would be nice if the admin running unix could see what permissions is given to a file. It feels kind of awkward that a windows user attached through samba have better control than the admin, if he uses the GUI. So not having them or at least being able to see them is a potential security risk.
ACLs seem like a great idea and they can be — but only if they are used properly. I’m sure that everyone has seen situations with utterly obtuse and nonsensical ACLs schemes being deployed. In the worst case, they can undermine security if poorly managed.
POSIX ACLs on Linux seem clunky to me. I prefer Linux Trustees:
http://www.aeruder.net/trustees/index.php
Modeled after NetWare permissions and MUCH easier to manage than POSIX ACLs.
Is anyone aware of which opensource ACL technology that is going to be included in Tiger OS X? Samba is almost there, so close to being enterprise ready on OS X, I hope Linux and OSX end up using the same project.