Eiciel logo
Eiciel
GNOME File ACL editor
Home
What are ACLs?
What is Eiciel?
Download
Screenshots
Git
Author and acknowledgements
Google+

What are ACL?

Before explaining what ACLs are we have to see how traditional UNIX permissions work.

Traditional UNIX permissions.

Traditionally, in UNIX, files have three kind of permissions associated to them. Those permissions, called UGO (from User, Group and Others) allow you to set whether a user can read, write or execute a file.

The access will be granted or denied depending on which user is accessing the file. The owner has his own permissions (User). If the user is not the owner but belongs to the group owning the file then group permissions are applied (Group). Finally, if the user is not the owner neither belongs to the file's group then Other permissions are applied.

Read permission allow, in a file, to read it. In a directory it permits listing the directory's content. Write permission in files allows to modify their data. In directories it allows creating or deleting their files (or directories). Execution permission in files allow them to run as programs. In directories it allows to enter them.

Permissions can only be changed by the owner (or the superuser). The following figure summarizes UGO permissions.

Figure 1-1 UGO permissions
UGO permissions

ACL, Access Control List

UGO permissions are suitable for most scenarios. However, IEEE POSIX workgroup was conscious that sometimes they are too limiting and defined an interface in POSIX 1003.1e DRAFT 17 intended to manage file ACLs. That proposal was left out from the standard but is implemented in several BSD (Solaris and FreeBSD 5) and GNU/Linux (as of version 2.6 of the kernel).

ACLs allow to set permissions in a per-user or per-group fashion. For instance, it is not feasible in UGO permissions to have two users (bob and alice) where bob can only read, alice can read and write and no other user can access the file.

Figure 1-2 ACL permissions
ACL permissions