Title: Linux filesystem - Access Control Lists

KBTAG: kben10000073
URL: http://www.securityportal.com/lskb/10000050/kben10000073.html
Date created: 17/07/2000
Date modified: 28/08/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Linux filesystem - Access Control Lists
Keywords: Filesystem/ACLS

Summary:

One major missing component in Linux is a filesystem with Access Control Lists (ACL’s) instead of the standard User, Group, Other with it’s dozen or so permissions. ACL’s enable you to control access to the filesystem in a much more fine grained fashion, for example on a file you may want to grant the user “bob” full access, “mary” read, the groups sales “change”, the accounting group “read”, and nothing for everyone else . Under existing Linux permissions

More information:

POSIX ACL's for Linux

http://acl.bestbits.at/

You will need to patch some sutff

ftp://download.sourceforge.net/pub/sourceforge/e2fsprogs/

ftp://ftp.gnu.org/pub/gnu/fileutils

 

Linux trustees (ACL) project

The Linux trustees (ACL) project is a series of kernel patches and utilities to configure ACL access to the filesystem. This solution is still a bit clunky as it keeps the permissions in a file, and acts as a filtering layer between the file and the users, it is not actually a proper ACL enabled filesystem (but it is a start). You can get it at: http://www.braysystems.com/linux/trustees.html.

RSBAC

Rule Set Based Access Control is a comprehensive set of patches and utilities to control various aspects of the system, from filesystem ACL's and up. You can get it from: http://www.rsbac.de/rsbac/.