nixCraft
FreeBSD setup ACL or Access control list tutorial part # 1
This is a discussion on FreeBSD setup ACL or Access control list tutorial part # 1 within the Getting started tutorials forums, part of the Linux Getting Started category; The access control list (ACL) is used to enforce privilege separation. It is a means of determining the appropriate access ...
|
|||||||
| Register | FAQ | Members List | Calendar | Forgotten your password? | Mark Forums Read |
12-20-2006, 01:59 AM
|
||||
|
||||
FreeBSD setup ACL or Access control list tutorial part # 1
The access control list (ACL) is used to enforce privilege separation. It is a means of determining the appropriate access rights to a given object (such as files ) depending on certain aspects of the process that is making the request.
On file systems the process's user identifier (effective UID) is the principal means of control. Why ACL required? Usually UNIX read, write, execute permission are more than sufficient but in many cases you need to setup a complex permission for accessing files. ACL makes managing permissions quite easy under FreeBSD (and Linux). Prepare filesystem to use ACL To use ACLs under FreeBSD, remount filesystem with acls option: Code:
# mount -o acls -u /usr Code:
vi /etc/fstab Code:
/dev/ad0s1f /usr ufs rw,acls 2 2 Code:
# sync;sync # reboot Code:
# mount  Task: Set ACL using setfacl The setfacl utility or command sets or modifies discretionary access control information on the specified file. Each ACL is made of 3 tags. It contains colon-separated fields as follows: tag:qualifier:access-permissions => tag field is use to setup user, group or other permission. It can consists of one of the following
=> access-permissions field contains up to one of each of the following:
Each of these may be excluded or placed with a '-' character to indicate no access. In short use following syntax for each group of users to setup ACL: To setup user/owner ACL Code:
u:user-name:mode Code:
g:group-name:mode Code:
o:mode Use getfacl command to display ACL information. Code:
$ getfacl file.txt #owner:1001 #group:1001 user::rw- group::r-- other::r-- Task: set new ACL for user/owner Sets read only permissions for the file called file.txt for owner: Code:
setfacl -m u::r file.txt Code:
getfacl file.txt #owner:1001 #group:1001 user::r-- group::r-- mask::r-- other::r-- Now Sets read, write, and execute permissions for the file called file.txt for owner: Code:
setfacl -m u::rwx file.txt getfacl file.txt Code:
touch file2.txt getfacl file2.txt getfacl file.txt Code:
getfacl file.txt | setfacl -b -n -M - file2.txt getfacl file2.txt 
|
| Sponsored Links | ||
|
|
|
12-20-2006, 02:14 AM
|
|||
|
|||
|
Re: FreeBSD setup ACL or Access control list tutorial part #
Quote:
 Really a very nice tut. good work nixCraft 
__________________
LivE Free 0r DiE L!nux rul3z aLL
|
|
12-20-2006, 02:55 AM
|
||||
|
||||
|
thanks, part # 2 and 3 will be added soon and yes for linux too
|
 |
| Bookmarks |
«
Run the chkrootkit program to check signs of a rootkit
|
Secure vsftpd FTP permissions on anonymous user uploads
»
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Remote setup tutorial | satimis | Getting started tutorials | 3 | 03-28-2008 11:02 AM |
| Searching Tutorial for setup Postfix SMTP-AUTH | satimis | Mail Servers | 0 | 01-25-2008 09:10 PM |
| Script to extract some part of files: | satish1482 | Shell scripting | 0 | 03-13-2007 06:30 PM |
| how to setup ssh on firewall freebsd | raj1 | All about FreeBSD/OpenBSD/NetBSD | 1 | 02-23-2006 05:23 PM |
| Debian recovery mode read only access make it write access | Donavit | Linux software | 1 | 12-30-2005 01:49 AM |
All times are GMT +5.5. The time now is 01:39 AM.
