Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Access-control list
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Filesystem ACLs === A [[filesystem]] ACL is a [[data structure]] (usually a table) containing entries that specify individual user or [[Group (computing)|group]] rights to specific system objects such as programs, [[Process (computing)|processes]], or files. These entries are known as access-control entries (ACEs) in the Microsoft [[Windows NT]],<ref>{{cite web |url= https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457115(v=technet.10) |title=Managing Authorization and Access Control |date= 2009-09-11 |publisher= [[Microsoft Learn]] |access-date= 2024-05-15}}</ref> [[OpenVMS]], and [[Unix-like]] [[operating system]]s such as [[Linux]], [[macOS]], and [[Solaris (operating system)|Solaris]]. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or [[execution (computing)|execute]] an object. In some implementations, an ACE can control whether or not a user, or group of users, may alter the ACL on an object. One of the first operating systems to provide filesystem ACLs was Multics. [[PRIMOS]] featured ACLs at least as early as 1984.<ref>{{cite news |date = 1984-05-21 |title= P.S.I. Pacer Software, Inc. Gnet-II revision 3.0 |url = https://books.google.com/books?id=KAUpSdv4AO4C | department = Communications |work = Computerworld |volume= 18 |issue= 21 |page = 54 |issn = 0010-4841 |access-date= 2017-06-30 |quote= The new version of Gnet-II (revision 3.0) has added a line-security mechanism which is implemented under the Primos ACL subsystem.}}</ref> In the 1990s the ACL and [[role-based access control]] (RBAC) models were extensively tested{{by whom|date=June 2017}} and used to administer file permissions. ==== POSIX ACL ==== [[POSIX]] 1003.1e/1003.2c working group made an effort to standardize ACLs, resulting in what is now known as "POSIX.1e ACL" or simply "POSIX ACL".<ref>{{cite web |last1=Grünbacher |first1=Andreas |title=POSIX Access Control Lists on Linux |url=https://www.usenix.org/legacy/publications/library/proceedings/usenix03/tech/freenix03/full_papers/gruenbacher/gruenbacher_html/main.html |website=Usenix |access-date=12 December 2019}}</ref> The POSIX.1e/POSIX.2c drafts were withdrawn in 1997 due to participants losing interest for funding the project and turning to more powerful alternatives such as NFSv4 ACL.<ref>{{cite web |last1=wurtzkurdle |title=Why was POSIX.1e withdrawn? |url=https://unix.stackexchange.com/a/506641 |website=Unix StackExchange |access-date=12 December 2019}}</ref> {{As of|2019|12}}, no live sources of the draft could be found on the Internet, but it can still be found in the [[Internet Archive]].<ref>{{cite web |last1=Trümper |first1=Winfried |title=Summary about Posix.1e |url=https://wt.xpilot.org/publications/posix.1e/ |archive-url=https://web.archive.org/web/20080723061358/https://wt.xpilot.org/publications/posix.1e/ |archive-date=2008-07-23 |date=February 28, 1999}}</ref> Most of the Unix and Unix-like operating systems (e.g. [[Linux]] since 2.5.46 or November 2002,<ref>{{cite web |url= https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Release_Notes/as-x86/index.html |title= Red Hat Enterprise Linux AS 3 Release Notes (x86 Edition) |quote= EA (Extended Attributes) and ACL (Access Control Lists) functionality is now available for ext3 file systems. In addition, ACL functionality is available for NFS. |year= 2003 |publisher= [[Red Hat]] |access-date= 2013-04-08 |archive-url=https://web.archive.org/web/20131202221514/https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Release_Notes/as-x86/index.html |archive-date=2013-12-02 |url-status=dead}}</ref> [[FreeBSD]], or Solaris) support POSIX.1e ACLs (not necessarily draft 17). ACLs are usually stored in the extended attributes of a file on these systems. ==== NFSv4 ACL ==== [[NFSv4]] ACLs are much more powerful than POSIX draft ACLs. Unlike draft POSIX ACLs, NFSv4 ACLs are defined by an actually published standard, as part of the [[Network File System]]. NFSv4 ACLs are supported by many Unix and Unix-like operating systems. Examples include [[AIX]], [[FreeBSD]],<ref>{{cite web |url= https://wiki.freebsd.org/NFSv4_ACLs |title= NFSv4 ACLs |date= 2011-09-12 |publisher= [[FreeBSD]] |access-date= 2013-04-08}}</ref> [[Mac OS X]] beginning with version 10.4 ("[[Mac OS X Tiger|Tiger]]"), or Solaris with [[ZFS]] filesystem,<ref>{{cite web |url= https://docs.oracle.com/cd/E19082-01/817-2271/ftyxi/index.html |title= Chapter 8 Using ACLs and Attributes to Protect ZFS Files |publisher= [[Oracle Corporation]] |date= 2009-10-01 |access-date= 2013-04-08}}</ref> support NFSv4 ACLs, which are part of the NFSv4 standard. There are two experimental implementations of NFSv4 ACLs for Linux: NFSv4 ACLs support for [[Ext3]] filesystem<ref>{{cite web |url= http://users.suse.com/~agruen/nfs4acl/ |title= Native NFSv4 ACLs on Linux |first= Andreas |last= Grünbacher |date= May 2008 |publisher= [[SUSE S.A.|SUSE]] |archive-url= https://web.archive.org/web/20130620012339/http://users.suse.com/~agruen/nfs4acl/ |archive-date= 2013-06-20 |url-status= dead |access-date= 2013-04-08}}</ref> and the more recent [[Richacls]], which brings NFSv4 ACLs support for [[Ext4]] filesystem.<ref>{{cite web |url=http://www.bestbits.at/richacl/| title=Richacls – Native NFSv4 ACLs on Linux |first=Andreas |last=Grünbacher |date=July–September 2010 |publisher=bestbits.at |access-date=2013-04-08 |archive-url=https://web.archive.org/web/20130320080142/http://www.bestbits.at/richacl/ |archive-date=2013-03-20 |url-status=dead}}</ref> As with POSIX ACLs, NFSv4 ACLs are usually stored as extended attributes on Unix-like systems. NFSv4 ACLs are organized nearly identically to the Windows NT ACLs used in [[NTFS]].<ref>{{cite web |url=https://wiki.linux-nfs.org/wiki/index.php/ACLs#NFSv4_and_Windows_ACLs |title=ACLs |website=Linux NFS}}</ref> NFSv4.1 ACLs are a superset of both NT ACLs and POSIX draft ACLs.<ref>{{cite web |title=Mapping Between NFSv4 and Posix Draft ACLs |url=https://tools.ietf.org/id/draft-ietf-nfsv4-acl-mapping-05.txt}}</ref> [[Samba (software)|Samba]] supports saving the NT ACLs of SMB-shared files in many ways, one of which is as NFSv4-encoded ACLs.<ref>{{cite web |title=vfs_nfs4acl_xattr(8) |url=https://www.samba.org/samba/docs/current/man-html/vfs_nfs4acl_xattr.8.html |website=Samba Manual}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)