Page History

...

The most scalable way to use ACLs is to apply groups an we will start learning with an example. A tutorial approach will be used to illustrate the commands.

The scenario is we want to provide website hosting for two different clients who we will start by categorizing into two different groups,

We do not want employees from different companies access or even have awareness of each other's others web directory. At the same time, the Apache Server running as user www-data belonging to group www-data also needs access to the directories. We also want to grant users of the staff group read access for support purposes.

The utility setfacl is used to add the groups to the ACL for the respective directories,

sudo /home/
sudo setfacl -m g:wgdailyplanet:rwx ./www.dailyplanet.com/
sudo setfacl -m g:www-data:r ./www.dailyplanet.com/
sudo setfacl -m g:staff:r ./www.dailyplanet.com/

Once we are happy with the permissions, change the default ACLs so any files or folders created underneath the parent directories are maintained,

getfacl --access ./www.dailyplanet.com/ | setfacl -d -M- ./www.dailyplanet.com/
getfacl --access ./www.lexcorp.com/ | setfacl -d -M- ./www.lexcorp.com/

getfacl --access generates the details of the permissions we applied to the directory and the setfacl with the -d and -M parameters changes the default ACL for new files and directories.

References

Good introduction from the Ubuntu docs - https://help.ubuntu.com/community/FilePermissionsACLs

Slightly Skeptical view on ACLs - http://www.softpanorama.org/Articles/slightly_skeptical_view_on_unix_acl.shtml

/home/www.dailyplanet.com/
/home/www.lexcorp.com/