This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Author Message
Joined: Jun 30, 2008
Posts: 148
Other Topics
Posted Dec 27, 2008 at 12:55:56 AM
Subject: ACLs on *nix systems
I'm writing this Perl program for *nix systems that interacts a lot with the filesystem. A lot of permission checking will go on, with some decisions being made on the combination of permissions available to the effective user for regular files and directory files. From what I had read online, it seemed like ACL systems for Linux at least were pretty transparent to the program. That is, they enhance the traditional unix permission system, but don't negate it. I've got a pretty good understanding of how traditional unix permissions work, but I haven't really worked with ACLs at all. Can I just assume traditional unix permissions and continue coding (as long as I always do permission checks for the effective user), or are there special ACL systems I need to be aware of? Basically I'll be checking the permissions of directory files to 1) see if privileges are available to list contents of the directory, and 2) see if privileges are available to create/modify files in the directory.

PerlCoder (http://indicium.us)

Back to top Profile Email Website
Shashank Sharma
Joined Jan 01, 1970
Posts: 1657
Location:New Delhi, India

Other Topics
Posted: Dec 29, 2008 10:47:11 AM
Subject: ACLs on *nix systems
Maybe this will help: http://www.linux.com/feature/138169

Coauthor of Beginning Fedora: From Novice to Professional published by Apress.

Please follow the Forum Guidelines

Back to top Profile Email Website Yahoo!
PerlCoder
Joined Jun 30, 2008
Posts: 148

Other Topics
Posted: Dec 29, 2008 8:24:17 PM
Subject: ACLs on *nix systems
Thank you for your help. However, I still need to clarify some points about *nix ACLs: - From what I understood reading online, some ACL systems allow for permissions to be inherited, while others require individual files and directories. Am I understanding this correctly? - If an ACL system allows permissions to be inherited, then is it accurate to determine whether or not files can be renamed/created in a directory by coding a program to look at the effective user permissions for that directory file? In my program, I wrote code that checks a directory file's permission for the effective user first before attempting to create/rename files in that directory. This is an attempt to save the program some time, so that it would know before-hand whether or not it could create/rename files in a directory, rather than trying individual file operations and failing. But I'm wondering, if an ACL involved, whether such a check is even going to be accurate.

PerlCoder (http://indicium.us)

Back to top Profile Email Website
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya