Introduction

What are ACLs?

Access Control Lists (ACLs) are kernel-level feature of Fedora's default ext3 file system. ACLs provide important level of flexibility for managing file permissions.

Traditional Linux/UNIX file permissions (read, write, execute) are defined for three classes of users: the file owner, the file group, and others. This means that the same level of access to the particular shared resource (document, directory, printer, etc.) is granted to all members of the group.

In practice, it is often required that some of the group members have limited or no access at all to the shared resource or that the access is granted to other users who are not members of the particular group. In traditional way, this requires creation of numerous new groups, which would quickly become almost unmanagable on large systems.

Extended attributes of the files are arbitrary name/value pairs that describe additional properties of files. They are not data but rather data descriptors. Once implemented, ACLs become extended attributes of file objects that define additional access controls, allowing for additional users and groups to be granted or denied access to files.

Fedora provides ACL support for ext3, NFS-exported ext3 and ext3 file systems accessed via samba.

The most common file manipulation utilities, such as mv, cp and ls also support ACLs. To preserve ACLs when archiving files, star utility should be used instead of tar, which does not support ACLs.