Access control lists

Access control lists

Linux -3

Ibrahim S's photo
Ibrahim S
·

3 min read

Access control lists (ACLs) in Linux are a set of permissions that can be applied to a file or directory to grant or restrict access to it for specific users or groups. While traditional Linux file permissions (user, group, and other) only allow for basic access control, ACLs provide more granular control over file access.

ACLs are implemented using a set of rules that are associated with each file or directory. These rules specify which users or groups have what level of access to the file or directory. There are two types of ACLs in Linux:

  1. Basic ACLs: These are the traditional UNIX-style permissions (read, write, execute) that are associated with each file or directory.

  2. Extended ACLs: These provide additional permissions beyond the basic permissions. These permissions include things like setting file attributes, setting file ownership, and setting the maximum size of a file.

getfacl

getfacl: This command is used to display the ACLs associated with a file or directory. Here's an example:

setfacl

setfacl: This command is used to modify or remove the ACLs associated with a file or directory.

  • -m: modify ACLs

  • -x: remove ACLs

  • -b: remove all ACLs

  • -R: Recursive all ACLs

Example:

setfacl -m: This command is used to modify the ACLs associated with a file or directory. Here's an example:

setfacl -m u:username:permissions filename

setfacl -m g:group_name:permissions filename

setfacl -R -m u:username:permissions filename

To remove all the entries in one shot:

setfacl -b filename

UMASK (User Mask or User file creation MASK)

umask acts as a set of permissions that applications.

It will decide what will be the default permission for the file & directory when it is created on the server.

The default value of UMASK is 0002.

Umask Value --> 0002

Inode (index node)

  1. The inode (index node) is a data structure in a Unix-style file system that describes a file-system object such as a file or a directory.

  2. Each inode stores the attributes and disk block location of the object's data. Inode contains information (metadata) about a file or a directory.

Stores the following information about a file :

  • Inode number

  • Access Control List (ACL)

  • Number of blocks

  • Size of file

  • Type of file

  • Device ID

  • User ID of the file

  • Group ID of the file

  • The file mode information and access privileges for the owner, group and others

  • File protection flags

  • The timestamps for file creation, modification etc

  • link counter to determine the number of hard links

  • Pointers to the blocks storing the file’s contents

Usage check in the home directory

Thank you for reading...!

Hope you find this article helpful.

Ibbus#90daysofdevopsaclumask