Acl Page

ACL (Access Control List)



Access control list (ACL) Access control lists (ACLs) provide an additional layer of access control to files and directories stored in extended attributes on the filesystem. These ACLs are set and verified with the setfacl and getfacl Linux commands.

* Definition: An Access Control List (ACL) is a list of permissions associated with a system resource (such as a file or directory) that specifies which users or system processes are granted access to that resource and what operations they can perform.
* Function: Controls access to system resources by defining which users or groups have permissions to read, write, or execute the resource.
* Components:
* ACL Entries: Individual permissions associated with a resource, typically specifying a user or group and the permitted operations.
* Resource: The system resource to which the ACL is applied, such as a file, directory, or network service.
* Permissions: The operations that can be performed on the resource, such as read, write, execute, delete, etc.
* Features:
* Granular Access Control: Provides fine-grained control over who can access specific resources and what actions they can perform.
* User and Group Permissions: Allows setting permissions for individual users or groups of users.
* Compatibility: Supported by many operating systems and file systems.
* Security: Enhances security by allowing detailed specification of access permissions.
* Usage: Commonly used in file systems, network services, and other environments where precise control over resource access is required.

Examples


* Setting an ACL on a file in Linux using `setfacl`:
```bash
setfacl -m u:username:rwx /path/to/file
```

* Viewing the ACL of a file in Linux using `getfacl`:
```bash
getfacl /path/to/file
```

* Setting an ACL on a file in Windows using `icacls`:
```cmd
icacls "C:\path\to\file" /grant username:(R,W)
```

* Viewing the ACL of a file in Windows using `icacls`:
```cmd
icacls "C:\path\to\file"
```

* Using ACL in a Python script:
```python
import os
import subprocess

def set_acl(path, user, permissions):
subprocess.run(['setfacl', '-m', f'u:{user}:{permissions}', path], check=True)

def get_acl(path):
result = subprocess.run(['getfacl', path], capture_output=True, text=True)
return result.stdout

# Example usage
file_path = '/path/to/file'
set_acl(file_path, 'username', 'rwx')
acl_info = get_acl(file_path)
print(acl_info)
```

* Using ACL in a Java program:
```java
import java.io.IOException;
import java.nio.file.*;
import java.nio.file.attribute.AclEntry;
import java.nio.file.attribute.AclEntryPermission;
import java.nio.file.attribute.AclEntryType;
import java.nio.file.attribute.UserPrincipal;
import java.util.EnumSet;
import java.util.List;

public class AclExample {
public static void setAcl(String filePath, String userName, Set permissions) throws IOException {
Path path = Paths.get(filePath);
UserPrincipal user = FileSystems.getDefault().getUserPrincipalLookupService().lookupPrincipalByName(userName);
AclEntry entry = AclEntry.newBuilder()
.setType(AclEntryType.ALLOW)
.setPrincipal(user)
.setPermissions(permissions)
.build();

List acl = Files.getFileAttributeView(path, AclFileAttributeView.class).getAcl();
acl.add(entry);
Files.getFileAttributeView(path, AclFileAttributeView.class).setAcl(acl);
}

public static List getAcl(String filePath) throws IOException {
Path path = Paths.get(filePath);
return Files.getFileAttributeView(path, AclFileAttributeView.class).getAcl();
}

public static void main(String[] args) throws IOException {
String filePath = "/path/to/file";
String userName = "username";
Set permissions = EnumSet.of(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.EXECUTE);

setAcl(filePath, userName, permissions);
List acl = getAcl(filePath);
for (AclEntry entry : acl) {
System.out.println(entry);
}
}
}
```

Summary


* ACL (Access Control List): A mechanism for defining detailed access permissions for system resources, such as files and directories. ACLs provide granular control over who can access specific resources and what actions they can perform. They are widely used in file systems and network services to enhance security and manage resource access effectively.