Access Control Lists

As of Digital Unix version 4.0, access control lists are available, and Alcor users may take advantage of this facility. Access control lists are an additional method to control which users may read, write, or execute your files. The setacl manpage shows how to set an ACL for a file or directory, while the getacl manpage shows how to view this ACL.

Here's a crash course by example, though. Let's say I (anne) have a file "secretfile" which I wish to make available to Steven (smw) only, and I wish him to be able to read and execute but not write my file. First, using the regular Unix file permissions, I remove all privileges for group and world:

% chmod 700 secretfile % ls -l secretfile -rwx------ 1 anne system 16 Mar 5 14:00 secretfile

Viewing the file's attributes with "getacl" reveals:

% getacl secretfile # # file: secretfile # owner: anne # group: system # user::rwx group::--- other::---

Now, using "setacl" with the "update" (-u) parameter, I give the user Steven (smw) permission to read (r) and execute (x), but not (-) to write, my file secretfile:

% setacl -u user:smw:r-x secretfile

And I check the results with "getacl"

% getacl secretfile # # file: secretfile # owner: anne # group: system # user::rwx user:smw:r-x <<< Note this line. group::--- other::---

As you can see, now user "smw" may read and execute my file!

Warning

One warning: access control lists are quite new, and cannot yet be backed up. Therefore, if we ever have to restore your files from backup, the ACLs on them will be lost.

Copyright, © 2003, Concordia University, (IITS). Author: Anne Bennett Credits: (none) Maintained by: webdoc@alcor.concordia.ca Last update: 1997/03/05 -- Anne Bennett