Introduction
What are ACLs?
ACLs versus Traditional Permissions
ACLs though powerful add additional complexity to the system and do have some limitations discussed further down this article. You will notice throughout the Bonsai Framework we add ACLs only when absolutely necessary.
Limitations
Support in Utilities - For example, the version of GNU tar packaged with the OS may not back up or restore ACLs.
Standardizing Across Operating Systems - Moving files with ACLs between operating systems that both support ACLs may not work.
ACLs and Groups
The most scalable way to use ACLs is to apply groups an we will start learning with an example.
The scenario is we want to provide website hosting for two different clients who we will start by categorizing into two different groups,
User | Group | Web Directory | File Access | Directory Access |
---|---|---|---|---|
Daily Planet Employees | dailyplanetwg | /home/www.dailyplanet.com/ | Read, Write and Execute | Read, Write and Execute |
LexCorp Employees | lexcorpwg | /hom/www.lexcorp.com/ | Read, Write and Execute | Read, Write and Execute |
Apache Server | www-data | /home/www.dailyplanet.com/ /home/www.lexcorp.com/ | Read | Read and Execute (required to transverse directories) |
We do not want employees from different companies access or even have awareness of each other's web directory.
References
Good introduction from the Ubuntu docs - https://help.ubuntu.com/community/FilePermissionsACLs
Slightly Skeptical view on ACLs - http://www.softpanorama.org/Articles/slightly_skeptical_view_on_unix_acl.shtml