Getfacl

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. An additional character shows up (plus sign) to indicate the usage of these access control lists.

Summary of Plus sign in ls output

Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

Read the full article…

Using File ACLs on Linux for Additional Security

Access control lists (file ACLs) can increase security due to its granular structure. In this article we have a look at file ACLs and the use of getfacl

Summary of Using File ACLs on Linux for Additional Security

File ACLs can increase security due to the more granular permission structure. Still the use of ACLs is often not known to system administrators, resulting in directories and files having inappropriate file permissions. When to use Example: a directory could be configured with very tight permissions, including a proper owner and group. Normally the “Other” (everyone) group would have to be used to open up the file for people outside the owner group.

Read the full article…

Using xattrs or Extended Attributes on Linux

Linux supports extended attributes (xattr) on most file systems. Learn how they work and allow security features like access control lists and more.

Summary of Using xattrs or Extended Attributes on Linux

What are extended attributes? Extended attributes or xattrs, are an extensible mechanism to store metadata on a filesystem. Metadata is a collection of information or data points about a particular object. If we would compare this article, the metadata contains the title, author, description, language, Twitter image, etc. Normally the file system can only store a limited set of information about files. Typically this is the filename, ownership, file permissions, and dates.

Read the full article…