Difference between chmod vs ACL

linux permissions chmod acl
26,285

Solution 1

One is not better than the other, they are just different methods and way of thinking.

You can use both permissions system on the same path without problems.

They interfere with each other when modifying owner's, owning group and other permissions: when setting current value for these from setfacl, it will actually set the posix permission, not the ACL one.

Posix permissions only allows an owner, owning group and "everyone" permission while ACL allows multiple "owning" users and group. ACL also allows setting default permissions for new files in a folder.

You can add more permission management on top of both with apparmor or selinux for stricter control.

Solution 2

The classic Unix permissions set by chmod (read/write/execute, user/group/other) have existed for a lot longer than ACL. If ACL had existed from the start then there wouldn't be a chmod as we know it. However, since chmod has existed for a very long time, many applications call it, many archive formats support the classic permissions, etc. You can express chmod permissions with ACL; they act as a sort of starting point for the ACL.

See Precedence of user and group owner in file permissions and Precedence of ACLS when a user belongs to multiple groups for a more detailed treatment of how access control works in the presence of ACL.

The chmod command also controls some flags which aren't really permissions, but are often called permissions nonetheless: setuid, setgid and the sticky bit. These aren't really permissions since they don't affect which accesses are authorized on the file, but how certain operations on the file work after they have been authorized. There's nothing like this with ACL.

Share:
26,285

Related videos on Youtube

mFeinstein
Author by

mFeinstein

Computer Engineer and once a part of Team Riobotz Interested in all aspects of software, electronics, robotics and creative stuff in general. For the curious ones, here's one of the coolest projects I ever made: https://www.youtube.com/watch?v=RQsRtQoXyVA If I helped you somehow, consider buying me a coffee at: buymeacoffee.com/Pb0mu6k :)

Updated on September 18, 2022

Comments

  • mFeinstein
    mFeinstein over 1 year

    I understand chmod and chown and how the permission bits work, but there is another permission system inside Linux, ACL with setfacl and getfacl, so this makes me wonder.

    What's the difference between those two permission control systems? Do they interfere with each other?

  • mFeinstein
    mFeinstein about 7 years
    Am I correct in assuming that when I run ls -l I am only going to see posix permissions and ACL ones that limit the file further won't be shown? Or will the posix permissions be respected regardless?
  • Gilles 'SO- stop being evil'
    Gilles 'SO- stop being evil' about 7 years
    @mFeinstein Depends. Under Linux, ls -l puts a + at the end of the permissions characters to indicate that ACL are present. If ACL are present then the basic permissions do not tell the full story: ACL override POSIX permissions.
  • mFeinstein
    mFeinstein about 7 years
    So in order to truly understand a file's permission I have to check both the ACL and ls -l?
  • mFeinstein
    mFeinstein about 7 years
    Is it there a way to see if there is any ACL specific permissions on a file/directory?
  • mFeinstein
    mFeinstein about 7 years
    Oh great! That + at least stops me from getting myself off guard
  • Gilles 'SO- stop being evil'
    Gilles 'SO- stop being evil' about 7 years
    @mFeinstein See if the permissions displayed by ls have an extra + at the end, or run the getfacl command to display all the permissions including ACL.
  • mFeinstein
    mFeinstein about 7 years
    Just getfacl myFile?
  • Zulgrib
    Zulgrib about 7 years
    Yes, getfacl on the path you wish to check.
  • pgoetz
    pgoetz over 2 years
    ACL override POSIX permissions This is exactly backwards. There is a principle of "least surprise" which dictates that effective ACLs will reduce permissions to match the POSIX permissions. So, for example if your primary group has r-x permission, you can set an ACL for another group with rwx, but this new group will effectively only have r-x permissions.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting differing ACLs on directories and files
chmod 777 in php
Is NTFS under linux able to save a linux file, with its chown and chmod settings?
setfacl default --x on directories and r-- on files for user
cannot create directory. permission denied. but i have permission
Recursive write permissions on files and folders: Prestashop installation
Can I use `chmod` to change the permission from -rwsr-xr-x to -rwsr-sr-x?
How to setup nfs share for users with write permissions
chmod throws missing operand on 764, OK on 664
Restore default permissions to "/var" to CentOS installation