Chapter 14. Access Control Lists
Files and directories have permission sets for the owner of the
file, the group associated with the file, and all other users for
the system. However, these permission sets have limitations. For
example, different permissions cannot be configured for different
users. Thus, Access Control Lists (ACLs)
were implemented.
The Red Hat Enterprise Linux 4 kernel provides ACL support for
the ext3 file system and NFS-exported file systems. ACLs are also
recognized on ext3 file systems accessed via Samba.
Along with support in the kernel, the acl package is required to implement ACLs. It
contains the utilities used to add, modify, remove, and retrieve
ACL information.
The cp and mv
commands copy or move any ACLs associated with files and
directories.
Before using ACLs for a file or directory, the partition for the
file or directory must be mounted with ACL support. If it is a
local ext3 file system, it can mounted with the following
command:
mount -t ext3 -o acl <device-name> <partition>
|
For example:
mount -t ext3 -o acl /dev/VolGroup00/LogVol02 /work
|
Alternatively, if the partition is listed in the /etc/fstab file, the entry for the partition can
include the acl option:
LABEL=/work /work ext3 acl 1 2
|
If an ext3 file system is accessed via Samba and ACLs have been
enabled for it, the ACLs are recognized because Samba has been
compiled with the --with-acl-support
option. No special flags are required when accessing or mounting a
Samba share.
By default, if the file system being exported by an NFS server
supports ACLs and the NFS client can read ACLs, ACLs are utilized
by the client system.
To disable ACLs on NFS shares when configuring the server,
include the no_acl option in
the /etc/exports file. To disable ACLs on
an NFS share when mounting it on a client, mount it with the
no_acl option via the command
line or the /etc/fstab file.
