KBTAG: kben10000073
URL: http://www.securityportal.com/lskb/10000050/kben10000073.html
Date created: 17/07/2000
Date modified: 28/08/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Linux filesystem - Access Control Lists
Keywords: Filesystem/ACLS
One major missing component in Linux is a filesystem with Access Control Lists (ACLs) instead of the standard User, Group, Other with its dozen or so permissions. ACLs enable you to control access to the filesystem in a much more fine grained fashion, for example on a file you may want to grant the user bob full access, mary read, the groups sales change, the accounting group read, and nothing for everyone else . Under existing Linux permissions
POSIX ACL's for Linux
You will need to patch some sutff
ftp://download.sourceforge.net/pub/sourceforge/e2fsprogs/
ftp://ftp.gnu.org/pub/gnu/fileutils
Linux trustees (ACL) project
The Linux trustees (ACL) project is a series of kernel patches and utilities to configure ACL access to the filesystem. This solution is still a bit clunky as it keeps the permissions in a file, and acts as a filtering layer between the file and the users, it is not actually a proper ACL enabled filesystem (but it is a start). You can get it at: http://www.braysystems.com/linux/trustees.html.
RSBAC
Rule Set Based Access Control is a comprehensive set of patches and utilities to control various aspects of the system, from filesystem ACL's and up. You can get it from: http://www.rsbac.de/rsbac/.