acl

2004/09/13 acl

Access Control List. Basically, extended permissions. Some modern Unixes (Linux, UW, and others) have extended the permissions model. This requires new commands beyond chmod, and may be limited to certain types of filesystems. For example, on Red Hat Linux 7, the "chattr +i file" command makes "file" unchangeable and not able to be deleted: "immutable", even by its owner (the owner can, of course, "chattr -i file" to undo this). This can really help in preventing accidental removal of files, but it can be very confusing for users who aren't even aware that such attributes exist. Mac OS X and BSD systems add a "system immutable" bit, which, once set, can only be undone in single user mode. That effectively prevents changes even if the attacker has somehow already gained root (assuming that they are unable to bring the machine to single user mode). On other Unixes, these types of things may be handled by "setacl" commands; check your man pages for details. Sometimes there can be multiple levels: Mac has both chflags and SetFile, which do different things.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER) (NEWEST)

Printer Friendly Version

Home

Misc. Words

-> acl

Increase ad revenue 50-250% with Ezoic

Inexpensive and informative Apple related e-books:

Take control of Apple TV, Second Edition

Photos for Mac: A Take Control Crash Course

Take Control of Apple Mail, Third Edition

Take Control of Upgrading to El Capitan

Take Control of the Mac Command Line with Terminal, Second Edition

More Articles by Tony Lawrence

Find me on Google+

© 2011-07-05 Tony Lawrence

Printer Friendly Version

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Printer Friendly Version