Access Control Lists (ACL)
ACLs offer a more flexible way to control file and directory rights than the usual owner-group-other schema in Unix. We use them on the Astro SAN for example. In a nutshell, with ACLs you can set separate permissions for every single user.
Please use ACLs only if really necessary. By design, groupshares are meant to be accessible by the whole group, as the research data should remain accessible, even if individual members leave the group.
Note that the following commands should be executed on one of our managed Linux workstations, for instance
How to detect ACLs
ls -l looks something like this
drwxrws---+ 4 daduke ast 4.0K 2011-10-28 10:41 test
+ sign at the end), then the directory in question has ACL rules applied. You can display them by running
which will show
# file: test # owner: daduke # group: ast # flags: -s- user::rwx user:schmid:rwx user:kovac:rwx user:amaraa:rwx user:geersv:rwx group::--- mask::rwx other::---
How to modify ACLs
Usually you just need something like
setfacl -m u:daduke:rw test
write permission on file
test to user
setfacl -x u:daduke test
to remove these permissions again. If you need more,
is your friend.
There is also a nice GUI that we have installed on our Linux workstations:
eiciel. Start it, open the file or directory you'd like to modify and then edit the users' permissions.