Many Unixes have file systems that implement a permissions model that goes beyond traditional Unix permissions. These have been called acl's (access control lists). Details may vary, but we'll use Linux commands here to demonstrate the usage.
With Linux, the two basic commands are "getfacl" and "setfacl". The underlying file system has to support these commands (because the extended permissions are stored in the file meta-data).
The "ls -l" command shows an extra "+" when acl's have been applied to a file:
-rw-r--r--+ 1 apl serv 3843 Aug 20 06:43 slwide.css -rw-r--r--+ 1 apl serv 2501 Aug 20 06:43 smaller.css -rw-r--r--+ 1 apl serv 2632 Aug 20 06:43 smallest.css
To actually see the extended perms, use "getfacl"
# file: slwide.css # owner: apl # group: serv user::rw- user:pcun:rw- group::r-- mask::r-- other::r-- # file: smaller.css # owner: apl # group: serv user::rw- user:pcun:rw- group::r-- mask::r-- other::r-- # file: smallest.css # owner: apl # group: serv user::rw- user:pcun:rw- group::r-- mask::r-- other::r--
This shows that the user "pcun" has read/write permission on these files. That was set by "setfacl":
# setfacl -m u:pcun:rw *.css
Keep in mind that the same general permission semantics work here: "pcun" would need "r-x" permission on the directory these files are in to do a general "ls -l" and of course would need "w" to create new files.
Got something to add? Send me email.
More Articles by Tony Lawrence © 2009-11-07 Tony Lawrence