2004/09/13 acl

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.

Some material is very old and may be incorrect today

© September 2004 Tony Lawrence

Access Control List. Basically, extended permissions. Some modern Unixes (Linux, UW, and others) have extended the permissions model. This requires new commands beyond chmod, and may be limited to certain types of filesystems. For example, on Red Hat Linux 7, the "chattr +i file" command makes "file" unchangeable and not able to be deleted: "immutable", even by its owner (the owner can, of course, "chattr -i file" to undo this). This can really help in preventing accidental removal of files, but it can be very confusing for users who aren't even aware that such attributes exist. Mac OS X and BSD systems add a "system immutable" bit, which, once set, can only be undone in single user mode. That effectively prevents changes even if the attacker has somehow already gained root (assuming that they are unable to bring the machine to single user mode). On other Unixes, these types of things may be handled by "setacl" commands; check your man pages for details. Sometimes there can be multiple levels: Mac has both chflags and SetFile, which do different things.

If you found something useful today, please consider a small donation.

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us