Stanford University School of Earth Science
 
Home
News
New Users
Policies
Email
Web Hosting
Get Help
Net Connections
Macintosh
Windows PC
Unix/Linux System
Pangea Server
School Resources
Using Unix
    Overview
   Documentation
   Accounts
   Using the Shell
   Using X-Windows
   File Manipulation
   Net Commands
   Editing Text
   Formatting Text
   Printing
   Filters & Utilities
   Programming

Access control lists

Last revision August 3, 2004

Table of Contents:

  1. The Unix file system
  2. The directory tree
  3. File ownership and permissions
    1. chmod
    2. Access Control Lists
  4. Files as units
  5. Examining file contents
  6. Other commands
  7. Standard Files and Data Pipes
 

Traditional Unix file access controls are based on the simple division shown above between the file's owner, the associated group, and the rest of the world.

Many modern Unix file systems contain a more flexible permission scheme called an access control list or ACL. In this scheme, specific permissions may be granted to specific accounts, rather than just to groups. In addition, default permissions may be assigned to directories that are inherited by all files created in that directory.

The AFS distributed file system used by the campus-wide leland systems here at Stanford uses such an access control list. Pangea also has access control lists available for all files on its disks. They are set or cleared with the setacl command and viewed with the getacl command. ACL settings are not shown by the normal ls command.

On pangea, there are three types of ACLs that can be set with the setacl command:

  1. An access ACL is set for individual files or directories and applies only to that file or directory.
  2. A default directory ACL is set for a directory, and applies as the access ACL for any subdirectory created therein. It also becomes the default directory ACL for that subdirectory. In other words, default directory ACLs are used to set inheritable permissions for all the subdirectories in a directory tree.
  3. A default access ACL is set for a directory, and applies as the access ACL for any file created (linked) into that directory. In addition, if there is no default directory ACL set, the default access ACL is also applied to any subdirectories created within the directory. In any case, the default access ACL is inherited by any subdirectory created. In other words, default access ACLs are used to set inheritable permissions for all files created within a directory tree and for all subdirectories, unless separate inheritable permissions for subdirectories are set with a default directory ACL.

Please see the on-line manual entries on pangea for setacl and getacl to learn how to use them.

<--Previous Overview Next-->

 


Comments?

Stanford University    |