Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Deployment Guide: Permission Slips

By default, Linux inherited the conventional file-ownership and access-permission model used for years in Unix operating systems, but for many tasks, controlling access to files and directories using standard Unix file permissions is cumbersome and restrictive. Each file and directory has three access classes, and each access class has associated read (r), write (w), and execute (x) permission bits. If they are the owner of the file, they use permissions set for the user access class; if they belong to the same group owning the file, they use permissions set for the group; all other users fall into the other or world access class.

This model prevents administrators from having fine-grained control over file and directory access. Unix groups normally consist of tens of users--hundreds in large deployments--which doesn't leave you many options if you want to limit access. However, you can use file access control lists (ACLs) to overcome this model's limitations, which gives you the ability to control exactly which permissions are given to each user or group.

Using Linux ACLs lets you define read, write and execute permissions for specific users and groups that are not the respective owners of the file. You can control access rights to a limited group of people for all files and directories. Directories allow an additional type of ACL--called the default ACL--and when enforced, are automatically inherited by all files inside that directory. Multiple ACLs per file or directory are not allowed; each file has one ACL, which must be configured on a file-by-file basis.

Real-World Examples

  • 1