In our pervious articles you learnt that how to set read, write, and execute permissions for the owner of the file, the group associated with the file, and for everyone else who has access to the filesystem. These files are visible with the ls -l command. These standard file permissions are all that an administrator needs to grant file privileges to users and to prevent unauthorized users from accessing important files.
However, when these basic file permissions are not enough, access control lists, or ACLs, can be used on an ext3 file system. ACLs expand the basic read, write, and execute permissions to more categories of users and groups.
In addition to permissions for the owner and group for the file, ACLs allow for permissions to be set for any user, any user group, and the group of all users not in the group for the user.
Consider a situation where you want to grant write permission only to two users from a group of ten users. If you set permission from chmod all other users from group will get write access on file. In such a situation ACLs works.
Now make them the member of goswami groups
Now create a /example directory and change the ownership to Shweta
Now logon form Shweta on other terminals and create a folder
Now Shweta want to grant write permission only to Vinita. Niddhi will also get writes access on directory if Shewta sets write permission on groups as she is also the member of goswami group. So Shweta will use acl to grant write access to Vinita.
To verify execute getfacl commands on accounts folder
As in output you can see that user Shweta and Vinita have full permission over accounts folder. All other user except Shweta and Vinita have no permission over accounts folder. To verify this acl login form Vinita on other terminal and change directory to example.
Now make a test directory in account folder it should be successful as Vinita user have full permission over account folder.
Now go other terminals and login form user Niddhi and change directory to example
Try to change directory to account she will denied as she have no permission over accounts
However, when these basic file permissions are not enough, access control lists, or ACLs, can be used on an ext3 file system. ACLs expand the basic read, write, and execute permissions to more categories of users and groups.
In addition to permissions for the owner and group for the file, ACLs allow for permissions to be set for any user, any user group, and the group of all users not in the group for the user.
Consider a situation where you want to grant write permission only to two users from a group of ten users. If you set permission from chmod all other users from group will get write access on file. In such a situation ACLs works.
Categories of ACLs
There are four categories of ACLs per file:- For an individual user,
- For a user group,
- Via the effective rights mask
- For users not in the user group associated with the file.
If ACLs are enabled, the output should look similar
getfacl <file>
# file: accounts
# owner: Shweta
# group: Shweta
user::rwx
group::r-x
mask::rwx
other::---
To understand acl more clearly let’s take a simple example of acl.
Create three users named Shweta Vinita and Niddhi
#for USER in Shweta Vinita Niddhi
> do
>useradd $USER
>passwd –d $USER
>done
#groupadd goswami
#usermod –G goswami Shweta
#usermod –G goswami Vinita
#usermod –G goswami Niddhi
#mkdir /example
#chown Shweta /example
$cd /example
$mkdir /accounts
$setfacl –m u:Shweta:rwx accounts
$setfacl –m u:Vinita:rwx accounts
$setfacl –m other:--- accounts
$getfacl accounts
0 Comment:
Post a Comment