2004/09/13 acl
© September 2004 Tony Lawrence
Access Control List. Basically, extended permissions. Some modern Unixes (Linux, UW, and others) have extended the permissions model. This requires new commands beyond chmod, and may be limited to certain types of filesystems. For example, on Red Hat Linux 7, the "chattr +i file" command makes "file" unchangeable and not able to be deleted: "immutable", even by its owner (the owner can, of course, "chattr -i file" to undo this). This can really help in preventing accidental removal of files, but it can be very confusing for users who aren't even aware that such attributes exist. Mac OS X and BSD systems add a "system immutable" bit, which, once set, can only be undone in single user mode. That effectively prevents changes even if the attacker has somehow already gained root (assuming that they are unable to bring the machine to single user mode). On other Unixes, these types of things may be handled by "setacl" commands; check your man pages for details. Sometimes there can be multiple levels: Mac has both chflags and SetFile, which do different things.
Got something to add? Send me email.
Inexpensive and informative Apple related e-books:
Take Control of Preview
Take Control of Numbers
Photos: A Take Control Crash Course
Take Control of Parallels Desktop 12
Take Control of High Sierra
More Articles by Tony Lawrence © 2011-07-05 Tony Lawrence
An editor is a person who knows precisely what he wants, but isn't quite sure. (Walter Davenport)
This post tagged:
Skills Tests
Unix/Linux Book Reviews
My Unix/Linux Troubleshooting Book
This site runs on Linode
Printer Friendly Version
acl: Tech Words of the Day Copyright © September 2004 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version