Usage of Access Control Lists (ACL) in Linux
dhanmeetkaur95
46 views
45 slides
Aug 15, 2024
Slide 1 of 45
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
About This Presentation
This documents enlists access control lists
Slide Content
LinuxAccess Control List(ACL)
1
1
Managing ACLs in Linux
Access Control Lists
Linux Advanced Directory and File Permission
Access Control List (ACL) provides an additional, more flexible
permission mechanism for file systems. It is designed to assist
with UNIX/Linux file permissions.
2
Access Control Lists
Linux Advanced Directory and File Permission
Access Control List (ACL) provides an additional, more flexible
permission mechanism for file systems. It is designed to assist
with UNIX/Linux file permissions.
2
Why Access Control Lists (ACL) ?
-Linux advanced permissions does not allow to give
permissions to more than one user or one group on the
same file
-Access control lists do offer this feature
-It allows administrators to set default permissions in a
sophisticated way where the permissions that are set can
differ on different directories
3
-Linux advanced permissions does not allow to give
permissions to more than one user or one group on the
same file
-Access control lists do offer this feature
-It allows administrators to set default permissions in a
sophisticated way where the permissions that are set can
differ on different directories
3
Understanding ACLs
Although the ACL subsystem adds great functionality to
your server, there is one drawback
-Not all utilities support it
-Therefore, you might lose ACL settings when copying or
moving files, and your backup software might not be able
to back up ACL settings
4
Although the ACL subsystem adds great functionality to
your server, there is one drawback
-Not all utilities support it
-Therefore, you might lose ACL settings when copying or
moving files, and your backup software might not be able
to back up ACL settings
4
SETTING ACCESS ACLS
There are two types of ACLs
Access ACLsand
Default ACLs
Access ACL is the access control list for a specific file or
directory.
Default ACL can only be associated with a directory; if a
file within the directory does not have an access ACL, it
uses the rules of the default ACL for the directory
Default ACLs are optional
5
There are two types of ACLs
Access ACLsand
Default ACLs
Access ACL is the access control list for a specific file or
directory.
Default ACL can only be associated with a directory; if a
file within the directory does not have an access ACL, it
uses the rules of the default ACL for the directory
Default ACLs are optional
5
ACLs can be configured
ACLs can be configured
1. Per user
2. Per group
3. Via the effective rights mask
4. For users not in the user group for the file
6
ACLs can be configured
1. Per user
2. Per group
3. Via the effective rights mask
4. For users not in the user group for the file
6
ACLs can be configured
The setfaclutility sets ACLs for files and
directories.
Use the -moption to add or modify the ACL of a
file or directory
# setfacl-mrules files
7
The setfaclutility sets ACLs for files and
directories.
Use the -moption to add or modify the ACL of a
file or directory
# setfacl-mrules files
7
ACLs can be configured
Rules (rules) must be specified in the following
formats. Multiple rules can be specified in the
same command if they are separated by commas.
u:uid:perms
Sets the access ACL for a user. The user name or
UID may be specified. The user may be any valid
user on the system.
8
Rules (rules) must be specified in the following
formats. Multiple rules can be specified in the
same command if they are separated by commas.
u:uid:perms
Sets the access ACL for a user. The user name or
UID may be specified. The user may be any valid
user on the system.
8
ACLs can be configured
g:gid:perms
Sets the access ACL for a group.
The group name or GID may be specified. The group
may be any valid group on the system.
m:perms
Sets the effective rights mask. The mask is the union of
all permissions of the owning group and all of the user
and group entries.
9
g:gid:perms
Sets the access ACL for a group.
The group name or GID may be specified. The group
may be any valid group on the system.
m:perms
Sets the effective rights mask. The mask is the union of
all permissions of the owning group and all of the user
and group entries.
9
ACLs can be configured
o:perms
Sets the access ACL for users other than the ones
in the group for the file.
Permissions (perms) must be a combination of the
characters r, w, and xfor read, write, and execute.
10
o:perms
Sets the access ACL for users other than the ones
in the group for the file.
Permissions (perms) must be a combination of the
characters r, w, and xfor read, write, and execute.
10
ACLs can be configured
If a file or directory already has an ACL, and the
setfaclcommand
is used the additional rules are added to the
existing ACL or the existing rule is modified.
11
If a file or directory already has an ACL, and the
setfaclcommand
is used the additional rules are added to the
existing ACL or the existing rule is modified.
11
Changing and Viewing ACL Settings
Changing and Viewing ACL Settings with
setfacland
getfacl
To set ACLs, you need the setfacl command
To see current ACL settings, you need getfacl
command
12
Changing and Viewing ACL Settings with
setfacland
getfacl
To set ACLs, you need the setfacl command
To see current ACL settings, you need getfacl
command
12
Changing and Viewing ACL Settings
The ls -lcommand does not show any existing
ACLs
It just shows a +after the listing of the permissions
which indicates that ACLs apply to the file as well
Before setting ACLs
It is always a good idea to show current ACL
settings using getfacl
13
The ls -lcommand does not show any existing
ACLs
It just shows a +after the listing of the permissions
which indicates that ACLs apply to the file as well
Before setting ACLs
It is always a good idea to show current ACL
settings using getfacl
13
Changing and Viewing ACL Settings
ls -land also as shown with getfacl. If you look
closely enough, you can see that the information
shown is exactly the same.
14
ls -land also as shown with getfacl. If you look
closely enough, you can see that the information
shown is exactly the same.
14
Changing and Viewing ACL Settings
Checking Permissions withls -land getfacl
-d, --directory
list directories themselves, not their
contents
-l use a long listing format
15
Checking Permissions withls -land getfacl
-d, --directory
list directories themselves, not their
contents
-l use a long listing format
15
Changing and Viewing ACL Settings
Checking Permissions withls -land getfacl
16
Checking Permissions withls -land getfacl
16
Changing and Viewing ACL Settings
Checking Permissions withls -land getfacl
17
Checking Permissions withls -land getfacl
17
Examples-Access Control Lists (ACLs)
For example, to give read and writepermissions to user Nila
18
For example, to give read and writepermissions to user Nila
18
Examples-Access Control Lists (ACLs)
For example, to give read, writeand executepermissions to user Nila
19
For example, to give read, writeand executepermissions to user Nila
19
Examples-Access Control Lists (ACLs)
For example, to give read and executepermissions to user Rovi
20
For example, to give read and executepermissions to user Rovi
20
Examples-Access Control Lists (ACLs)
For example, to give read, write, and executepermissions to user Rovi
-Using user ID
21
For example, to give read, write, and executepermissions to user Rovi
-Using user ID
21
Examples-Access Control Lists (ACLs)
Changing GroupACLs Using setfacl
For example, add an ACL to give readand writepermissions to the
group Engineer
22
Changing GroupACLs Using setfacl
For example, add an ACL to give readand writepermissions to the
group Engineer
22
Examples-Access Control Lists (ACLs)
Changing GroupACLs Using setfacl
For example, add an ACL to give read, write,and executepermissions
to the group networking
23
Changing GroupACLs Using setfacl
For example, add an ACL to give read, write,and executepermissions
to the group networking
23
Examples-Access Control Lists (ACLs)
After permissions +sign indicates that ACLs
applied
24
After permissions +sign indicates that ACLs
applied
24
Examples-Access Control Lists (ACLs)
Aclfor multiple users
25
Aclfor multiple users
25
Examples-Access Control Lists (ACLs)
Aclfor multiple users
26
Aclfor multiple users
26
Examples-Access Control Lists (ACLs)
Aclfor multiple users using userid
27
Aclfor multiple users using userid
27
Examples-Access Control Lists (ACLs)
Aclfor multiple users using userid
28
Aclfor multiple users using userid
28
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
29
Setting up ACL for user and group
29
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
30
d
Setting up ACL for user and group
30
d
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
31
Setting up ACL for user and group
31
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
32
Setting up ACL for user and group
32
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
33
Setting up ACL for user and group
33
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
34
Setting up ACL for user and group
34
Examples-Access Control Lists (ACLs)
Setting up ACL for user and group
35
Setting up ACL for user and group
35
Working with Default ACLs
-One benefit of using ACLs is that you can give permissions
to more than one user or group at a directory
-Another benefit is that you can enable inheritance by
working with default ACLs
-By setting a default ACL, you’ll determine the permissions
that will be set for all new items that are created in the
directory
36
-One benefit of using ACLs is that you can give permissions
to more than one user or group at a directory
-Another benefit is that you can enable inheritance by
working with default ACLs
-By setting a default ACL, you’ll determine the permissions
that will be set for all new items that are created in the
directory
36
Working with Default ACLs
To set a default ACL, you just have to add the option d after
the option -m.
Here, use setfacl-m d:g:newg:rx pen if you want group pen
to have read and execute on everything that will ever be
created in the pen directory
37
To set a default ACL, you just have to add the option d after
the option -m.
Here, use setfacl-m d:g:newg:rx pen if you want group pen
to have read and execute on everything that will ever be
created in the pen directory
37
Working with Default ACLs
38
38
Removing ACLs
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x u:john /tmp/test
The above command removes the ACL for the user john on the file
/tmp/test. The ACLs for other user/groups if any remains unaffected.
39
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x u:john /tmp/test
The above command removes the ACL for the user john on the file
/tmp/test. The ACLs for other user/groups if any remains unaffected.
39
Removing ACLs
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x u:Fuser Ffile
The above command removes the ACL for the user Fuser on the file
Ffile. The ACLs for other user/groups if any remains unaffected.
40
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x u:Fuser Ffile
The above command removes the ACL for the user Fuser on the file
Ffile. The ACLs for other user/groups if any remains unaffected.
40
Removing ACLs
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x u:Fuser Ffile
The above command removes the ACL for the user Fuser on the file
Ffile. The ACLs for other user/groups if any remains unaffected.
41
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x u:Fuser Ffile
The above command removes the ACL for the user Fuser on the file
Ffile. The ACLs for other user/groups if any remains unaffected.
41
Removing ACLs
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x g:Fgroup Ffile
The above command removes the ACL for the group Fgroupon the file
Ffile. The ACLs for other user/groups if any remains unaffected.
42
To remove ACL, use the setfaclcommand with -x option :
# setfacl-x g:Fgroup Ffile
The above command removes the ACL for the group Fgroupon the file
Ffile. The ACLs for other user/groups if any remains unaffected.
42
Removing ACLs
To remove all ACLs associated to a file use the -boption with setfacl
# setfacl-b Hfile
43
To remove all ACLs associated to a file use the -boption with setfacl
# setfacl-b Hfile
43
Removing ACLs
To remove all ACLs associated to a file use the -boption with setfacl
# setfacl-b Hfile
44
To remove all ACLs associated to a file use the -boption with setfacl
# setfacl-b Hfile
44
Resources
-Linux+ Guide to Linux Certification, 2e and PPT Slides
-Red Hat RHCSA/RHCE 7 Cert Guide
-Internet
-https://en.wikipedia.org
-https://en.wikipedia.org/wiki/CentOS
45
-Linux+ Guide to Linux Certification, 2e and PPT Slides
-Red Hat RHCSA/RHCE 7 Cert Guide
-Internet
-https://en.wikipedia.org
-https://en.wikipedia.org/wiki/CentOS
45
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 46
- Slides 45
- Age 473 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views