Permissions

**yeleek** · 06-05-2011

Hi,

Can someone point me in the direction please of a resource for explaining linux file permissions? I've read and am happy with explaining owner/group/other.

However what I don't seem to be able to find is a decent resource that explains how file permissions can be as granular as they can say on Wintel platforms? With multiple groups having different permissions to the same resource for example....

Thanks

*edit* should say I have found reference to posix acl's which do seem to match more what wintel offers. Is that the best way?

***jayd512*** · 06-05-2011

Is this what you were looking for? Filesystem permissions - Wikipedia, the free encyclopedia

**yeleek** · 06-06-2011

Hi,

Not really I'm afraid. I know what the 'normal' Linux permissions are, but they seem limited in that you cannot apply different permissions to different groups against a resource. As I say I have seen mention of posix acl and indeed have found this

'Eiciel - GNOME File ACL editor'

Which seems more in line with the wintel way, is that the best way on a Linux platform to have more granular control? Or are there other options?

Thanks

***jayd512*** · 06-06-2011

This might be closer to what you're asking about.
There are far more detailed pages available, but I just came across this a few minutes ago.

DistroWatch.com

**HROAdmin26** · 06-06-2011

Google: linux acl tutorial

**yeleek** · 06-07-2011

Thank you for replies.

That ACL method is that the method Linux sys admins would use on network file shares for example? Or do services such as NFS provide their own means of granular access?

**atreyu** · 06-07-2011

No, NFS (or SAMBA/CIFS) provide their own means of permissions and I don't believe that the local filesystem ACL is exported. Somebody correct me if I am wrong. It is an entirely different means, but is sufficiently documented by the respective packages (man exports, man 5 smb.conf)

**HROAdmin26** · 06-07-2011

No, NFS (or SAMBA/CIFS) provide their own means of permissions and I don't believe that the local filesystem ACL is exported

This is incorrect. Besides NFSv4, NFS is commonly joked about as "no f@*&^ security." NFS uses the remote user's UID/GID for authentication, or can be forced to "guest" only. Google for more info.

CIFS has share permissions (just like Windows) but once the share is accessed, the underlying filesystem permissions are also applied (just like Windows.) Google for more info.

Google: linux samba acl howto

**atreyu** · 06-07-2011

All i meant by means of permissions was that, on the NFS server, you could configure which clients are permitted to connect to a given NFS share and also control read-only/read-write access. I didn't know about use of the ACLs via remote clients, though - I wonder how buggy or robust it is.

**yeleek** · 06-07-2011

Originally Posted by HROAdmin26

This is incorrect. Besides NFSv4, NFS is commonly joked about as "no f@*&^ security." NFS uses the remote user's UID/GID for authentication, or can be forced to "guest" only. Google for more info.

CIFS has share permissions (just like Windows) but once the share is accessed, the underlying filesystem permissions are also applied (just like Windows.) Google for more info.

Agreed - Under wintel the most restrictive permission is the effective permission i.e. combination of share + ntfs.

Thank you for the replies. ACL is the way forward.

Ben

Thread Tools

Display

Permissions

Posting Permissions