I have no idea what is going on but this looks good. I agree with you guys. Upvoted.
It’s for more granular access permissions for files and folders.
Cool. Does ACL support also depend on the filesystem?
Yeah, but I think all reasonably-modern Unixy filesystems on Linux will support ACLs. ext2/3/4, btrfs, xfs, zfs, jfs, etc.
Yes. Some filesystems straight up do not support ACL of any kind (eg: fat32)
Fat32 doesn’t support regular file permissions either, right? I was under the impression that it was permissionless.
You are entirely correct, it has no permission system to speak of
deleted by creator
Sorry, but this is completely wrong.
Windows has ACLs and they are an important part of Windows administration, and used extensively for managing file permissions.
Windows has supported ACLs on NTFS since Windows NT & NTFS were released in 1993 (
possibly partly influenced by AIX ACLs in the late 80sinfluenced by VMS ACLs introduced the early 80s).ACLs were not introduced to standard POSIX until c.1998, and NFS and Linux filesystems didn’t get them until 2003. In fact, the design of the NFSv4 ACL standard was heavily influenced by the design of NTFS/Windows ACL model – a specific decision by the designers to model it more like NTFS rather than AIX/POSIX.
Technically, at the filesystem level, exFAT also provides support for ACLs, but I am not sure if any implementation actually makes use of this feature (not even Windows AFAIK, certainly not any desktop version).
Windows NT ACLs come from VMS.
The Unix world has traditionally not liked ACLs because Multics had them, and Unix was an ultra-minimalist response to Multics.
Yep, you’re right. I was thinking of an ACL evolution/chain of influence of VMS -> AIX -> NT, but it seems VMS -> NT and VMS -> AIX as two separate histories is much more accurate. Thanks for the correction – I’ve updated my comment accordingly.
My AIX experience is very limited. What was the VMS connection?
VMS implemented ACLs in the early 80s. It’s design influenced the design of ACLs in both AIX and Windows NT.
Bruh, Windows has had ACLs for decades. Before Linux, even. What are you smoking?
I wouldn’t be surprised if the NTFS driver for Linux doesn’t support ACLs though.
deleted by creator
Technically, this is also possible by creating extra groups, but this kind of access control presumably exists because the old-school method can be a pain to administer. Choosing group names can also be an “interesting” secondary challenge.
i.e. Dude’s not going to be best pleased if they
ls -land see the group on the file isxyzgroup-but-not-dudeeven if it is with good reason. (Shouldn’t have deleted the database, dude.)I don’t really think that that’s a realistic goal for ACLs. I mean,
getfaclshowing the user specifically being excluded probably isn’t any more-polite.In a previous life (in the 90s) I was a un*x sysadmin, and ACL is nightmarish in big company, I hated it and avoided it
Cool, I didn’t know ACLs were a widely available thing but the infographic explains pretty well! Sounds really useful when granular controls are needed, but I could also imagine it being a huge pain in environments already built out and scripted around regular permissions. Still as always, options are good and an ounce of planning is worth a pound of troubleshooting.
I do low-key hate seeing a directory named “dir” and a group named “me” though. That’s chaotic neutral shit at the very least.
Does anybody use ACL without regretting it?
Whoaa, are you ACLing sober? Slow down champ!!
ACL Access-Control Lists
Access Control List Access Control Lists?
I mean in this case it’s to show what ACL means, not like RIP in peace
That’s all fine and dandy, but why does it say rxw on the left?
Permissions are listed as “user”, “group”, “other”. I.e. the user who made the file, the group of the user who made the file (usually just their name as a group), and everyone else. In this case the rxw is for the user.
For chmod, you can also represent these as binary numbers: 111 would mean having all 3, 101 would mean having read and write, etc. These binary numbers then get turned back into regular numbers (7 in the first example, since it’s 111) for chmod. Giving a file “chmod 777” means the user, group, and other all have full permissions on the file. “chmod 700” gives the creator full control, but no one else can view, modify, or execute the file.
It’s supposed to be rwx, not rxw.
Oh I completely missed that lol. Oh well, it’s probably still a useful explanation for someone else reading this
I feel bad for you because you were just trying to help.
🤷♂️ They’re just internet points, lemmy doesn’t notify about up/downvotes so I will only see it if people respond. Either way it’s hopefully still useful to someone else looking at the post who isn’t familiar with basic permissions or acl
Read, extend, whitelisted
Read, Write, eXecute.
The guide has w and x switched on the left side
I understand it all less after reading that. I need more coffee.
Sudo
deleted by creator
The only thing you need to know about file acls is not to use them. Similar thing can be said for Network ACLs to be honest.
