Access Control List (ACL)
Improve the security of applications by limiting access using an ACL or Access Control List. Learn how to implement them in common applications and file systems.
Using xattrs or Extended Attributes on Linux
Linux supports extended attributes (xattr) on most file systems. Learn how they work and allow security features like access control lists and more.
Summary
An introduction into extended attributes (xattrs) on Linux
Plus sign in ls output
When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.
Summary
Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.
Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.
Using File ACLs on Linux for Additional Security
Access control lists (file ACLs) can increase security due to its granular structure. In this article we have a look at file ACLs and the use of getfacl
Summary
File ACLs can increase security due to the more granular permission structure. Still the use of ACLs is often not known to system administrators, resulting in directories and files having inappropriate file permissions.
When to use (example)
A directory could be configured with very tight permissions, including a proper owner and group. Normally the “Other” (everyone) group would have to be used to open up the file for people outside the owner group. This has a serious downside to open up a directory or file contents for all users.