Securing a Filesystem with ACLs

Linux, like Unix in general, has traditionally used file ownership and permissions to control access to files and directories. Some of the tools for handling these features are described in Chapter 5, "Doing Real Work in Text Mode." Another way to control access to files is by using access control lists (ACLs). ACLs provide finer-grained access control than do ownership and permissions. ACLs work by attaching additional information—a list of users or groups and the permissions to be granted to each—to the file. For instance, suppose you have a file that contains confidential data. This data must be readable and writeable by you and readable by a particular group (say, readers). You give the file ownership and permissions such that only you can read or write the file and that anybody in readers can read it (0640, or-rw-r—). You need to share this file with just one other user, though, and for purposes of security for other files, this user should not be a member of the readers group. ACLs enable you to do this by giving read permission to this one user, independently of the readers group. Without ACLs, you would need to create a new group (say, readers2) that contains all of the members of readers plus the one extra user. You'd then need to maintain this extra group. Also, ordinary users can manipulate ACLs, but this isn't usually the case for groups, so ACLs can greatly simplify matters if users should be able to give each other access to specific files while still maintaining restricted access to those files for others.

Few Linux-native filesystems support ACLs directly; this honor belongs only to XFS. If you need ACLs, though, you can obtain add-on packages for ext2fs, ext3fs, and JFS. Check http://acl.bestbits.at for pointers to these patches, instructions, and more. No matter what filesystem you use, you'll also need support utilities, which are available from the same site. These tools enable you to define and modify ACLs. For instance, getfacl displays a file's ACLs, and setfacl changes a file's ACLs.

ACLs are still quite new in Linux. As such, you may run into peculiar problems with specific programs or filesystems. Chances are you don't need ACLs on a typical workstation or a small server. If you're administering a multiuser system with a complex group structure, though, you might want to investigate ACLs further. You might be able to simplify your overall permissions structure by switching to a filesystem that supports ACLs.

Team LiB

1 previous

0 0

Post a comment