0% found this document useful (0 votes)

23 views30 pages

Managing ACLs in IBM Notes

This document outlines a course on Access Control Lists (ACLs), detailing their purpose, structure, and how to work with them to manage permissions beyond traditional POSIX limits. It covers the enabling of ACL support, the format of ACL entries, and the commands used to set and retrieve ACLs. The course aims to provide a comprehensive understanding of ACLs for effective permission management in various scenarios.

Uploaded by

tcheuatatcheudjoclotaire

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

23 views30 pages

Managing ACLs in IBM Notes

Uploaded by

tcheuatatcheudjoclotaire

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Access Control Lists

Beyond POSIX permissions

[Link]
Copyright © SUPINFO. All rights reserved
Access Control Lists

Course objectives
By completing this course, you will:

 Know what ACL’s really are.

Fine-grained permissions model.
 Define complex permission
schemes. When POSIX
permissions are helpless.
 Create inherited entries. Using
default ACL’s.
Access Control Lists

Course topics
Course’s plan :

 About ACL's. Overcome POSIX

permissions limitations.
 ACL structure. How do it looks
like?
 Working with ACL's. Create,
Retrieve, Update, Delete.
Access Control Lists

About ACL’s

When POSIX permissions aren’t enough

About ACL’s

Access Control Lists

Extended permission sets.

 POSIX Permissions
 User
 Groups
 Others
 ACL’s
 Same permissions
 Extended control set
 List of “trustees”
 Any group(s)
 Any user(s)
About ACL’s

Why use ACL’s ?

A real-life example:

 “users” group
 Amanda
 Bridget
 John
 John wants to share a
document
 Amanda rw-
 Bridget ---
 POSIX Limitation
 Use ACL’s to
circumvent
About ACL’s

Enable ACL’s
ACL support needs to be enabled.

 Kernel support
 CONFIG_FS_POSIX_
ACL
 Enabled in most (all)
distros
 Filesystem support
 Native support
 Most fs do
 Mount option
About ACL’s

Enable ACL’s
To enable ACL support:

 Install acl and libacl packages

 Mount your filesystem with the acl option

# mount / -o remount,acl
About ACL’s

Stop-and-think

Do you have any questions ?

About ACL's

Stop-and-think
ACLs are actived by default in your filesystem.

True

False
About ACL's

Stop-and-think
ACLs are active by default in your filesystem.

True

False
Access Control Lists

ACL structure

How do it looks like?

ACLs structure

ACL Entries
ACL entries format.
 Regular
 user:user:mode
 user:sarah:rw-
 group:group:mode
 group:uucp:r--
 Default
 “default” Prefix
 default:group:u
ucp:r—
 Mask
 mask::mode
ACLs structure

ACL Entries
Access Control List example:
$ getfacl [Link]
# file: [Link]
# owner: sarah
# group: users
user::rw-
user:john:rw-
user:bill:rw-
group::r—
group:headquarters:rw-
mask::rw-
other::r—
ACLs structure

Stop-and-think

Do you have any questions ?

Access Control Lists

Working with ACL’s

CRUD on ACL’s
Working with ACL’s

Setfacl invocation
Setting ACL’s

[user@linux ~]$ setfacl [options] file or directory

Options Definitions

-m u:user:mode Add a user ACL

-m g:group:mode Add a group ACL

Apply operations to all files and directories

-R
recursively

-b Remove (blank) all ACL entries

-x aclspec Delete a specific entry

Working with ACL’s

Default ACL’s
Inherited ACL’s.

 On directories only
 Inherited
 New files
 New subdirs
 Implement a policy
 Webmasters
 rw- on any file
 Prepend “d:” to ACL spec
Working with ACL’s

Mask
Limitative permission set.

 Set an arbitrary limit

 “No one can have
more than r-x”
 Even if trustee has
explicit entry
 Effective permission
set: trustee mode
AND mask
 Doesn't apply to owner
(as well as ACL’s)
 Set: m::mode
Access Control Lists

Effective = Mask & Mode

Permissions
Objects Read Write Execute

User/Group
X X
Mask
X X
Effective X
Access Control Lists

Setfacl examples

root@localhost:~# setfacl -m u:supinfo:rw \

/var/www/[Link]
root@localhost:~# setfacl -m g:labmembers:rw \
/var/www/[Link]
root@localhost:~# setfacl -x u:supinfo \
/var/www/[Link]
root@localhost:~# setfacl -b /var/www/[Link]
root@localhost:~# setfacl -m d:g:webmaster:rw \
/var/www
root@localhost:~# setfacl -m m::rw- /var/www
Working with ACL’s

Getfacl invocation
Using getfacl

[user@linux ~]$ getfacl [options] file or directory

Options Definitions

-a Display the file Access Control List only (no default)

-d Display the default Access Control List only

-R List the ACL of all files and directories recursively

Access Control Listss

Getfacl examples

 List the whole ACLs recursively from user’s home:

# getfacl -R /home/user/

 Display the file ACL of /var/www:

# getfacl -a /var/www

 Display the default ACL of /var/www:

# getfacl -d /var/www
Working with ACL’s

Stop-and-think

Do you have any questions ?

Working with ACL’s

Stop-and-think
Setfacl options: Match options and their definition.

-m Apply recursivly

-b Add ACL entrie

-R Delete all ACLs

Working with ACL’s

Stop-and-think
Setfacl options: Match options and their definition.

-m Apply recursivly

-b Add ACL entrie

-R Delete all ACLs

Access Control Lists

Course summary

Mask
Default ACL’s What are
ACL?

Extended ACL structure

permission
model
Access Control Lists

For more
If you want to go into these subjects more deeply, …

Publications Courses
Linux Technologies: Edge
Computing

Linux system administration

The end

 ACL don’t work without ‘acl’ mount option

 Some filesystems don’t have ACL support (vfat,…)

Linux ACLs: Advanced File Permissions Guide
No ratings yet
Linux ACLs: Advanced File Permissions Guide
11 pages
Configuring ACLs in Ubuntu Filesystems
No ratings yet
Configuring ACLs in Ubuntu Filesystems
4 pages
Managing File Access with ACL in Linux
No ratings yet
Managing File Access with ACL in Linux
4 pages
Access Control Lists2
No ratings yet
Access Control Lists2
56 pages
ACLs (Access Control List)
No ratings yet
ACLs (Access Control List)
3 pages
Access Control Lists
No ratings yet
Access Control Lists
9 pages
Access Control Lists (ACL)
No ratings yet
Access Control Lists (ACL)
7 pages
Understanding Access Control Mechanisms
No ratings yet
Understanding Access Control Mechanisms
26 pages
Lab 12 - ACL
No ratings yet
Lab 12 - ACL
19 pages
Implementing ACLs for Linux File Security
No ratings yet
Implementing ACLs for Linux File Security
3 pages
Linux Access Control Lists Explained
No ratings yet
Linux Access Control Lists Explained
12 pages
Setting Filesystem ACL on Samba Server
No ratings yet
Setting Filesystem ACL on Samba Server
3 pages
Understanding Access Control Lists (ACLs)
No ratings yet
Understanding Access Control Lists (ACLs)
10 pages
Access Control Lists in Operating Systems
No ratings yet
Access Control Lists in Operating Systems
28 pages
Ubuntu Filesystem Navigation Guide
No ratings yet
Ubuntu Filesystem Navigation Guide
19 pages
Linux ACLs: Setup and Management Guide
No ratings yet
Linux ACLs: Setup and Management Guide
3 pages
Linux Access Control Lists (Acls) : 4.1 Review Existing File Permissions
No ratings yet
Linux Access Control Lists (Acls) : 4.1 Review Existing File Permissions
3 pages
Managing SELinux and User Accounts in RHEL 7
100% (2)
Managing SELinux and User Accounts in RHEL 7
17 pages
Understanding Linux ACLs and Permissions
No ratings yet
Understanding Linux ACLs and Permissions
13 pages
Linux File Permissions and ACL Guide
No ratings yet
Linux File Permissions and ACL Guide
4 pages
Linux Admin Recovery & Security Notes
No ratings yet
Linux Admin Recovery & Security Notes
7 pages
Universidad Tecnológica de México
No ratings yet
Universidad Tecnológica de México
7 pages
Configuring ACLs on Linux Systems
No ratings yet
Configuring ACLs on Linux Systems
8 pages
POSIX Access Control Lists Explained
No ratings yet
POSIX Access Control Lists Explained
5 pages
Samba-3: Windows File and Directory Acls: Enterprise Linux Tips
No ratings yet
Samba-3: Windows File and Directory Acls: Enterprise Linux Tips
12 pages
Managing ACLs in Linux Systems
No ratings yet
Managing ACLs in Linux Systems
2 pages
Understanding Linux File Permissions
No ratings yet
Understanding Linux File Permissions
12 pages
Managing File Access with ACL Commands
No ratings yet
Managing File Access with ACL Commands
10 pages
ACL Permissions Setup for UNIX Files
No ratings yet
ACL Permissions Setup for UNIX Files
3 pages
Linux Security Essentials Overview
No ratings yet
Linux Security Essentials Overview
107 pages
ACL Management Guide for Linux Systems
No ratings yet
ACL Management Guide for Linux Systems
2 pages
Linux Security Basics: Users, Permissions, Authentication
No ratings yet
Linux Security Basics: Users, Permissions, Authentication
32 pages
Advanced File Permissions for Security
No ratings yet
Advanced File Permissions for Security
12 pages
Linux File Security Strategies Guide
No ratings yet
Linux File Security Strategies Guide
9 pages
Access Control Mechanisms Explained
No ratings yet
Access Control Mechanisms Explained
49 pages
User and Permission Management Overview
No ratings yet
User and Permission Management Overview
9 pages
Configuring Linux Permissions Guide
No ratings yet
Configuring Linux Permissions Guide
42 pages
Linux vs Windows File Management Guide
No ratings yet
Linux vs Windows File Management Guide
8 pages
Linux Security and System Administration
No ratings yet
Linux Security and System Administration
42 pages
Linux Security Basics: Users, Permissions, Authentication
No ratings yet
Linux Security Basics: Users, Permissions, Authentication
32 pages
RHEL - Session 11 - 3rd Dec 2022 - Summary
No ratings yet
RHEL - Session 11 - 3rd Dec 2022 - Summary
12 pages
07 - SELinux
No ratings yet
07 - SELinux
46 pages
Linux File Permissions Commands Guide
No ratings yet
Linux File Permissions Commands Guide
8 pages
Understanding Access Control Lists (ACL)
No ratings yet
Understanding Access Control Lists (ACL)
9 pages
Access Control Principles in OS Security
No ratings yet
Access Control Principles in OS Security
47 pages
Managing POSIX File ACLs
No ratings yet
Managing POSIX File ACLs
2 pages
Lab 03: Access Control Techniques
No ratings yet
Lab 03: Access Control Techniques
4 pages
Chap Acl
No ratings yet
Chap Acl
36 pages
Login vs Non-Login Shell Overview
No ratings yet
Login vs Non-Login Shell Overview
29 pages
Access Control Lists in Linux & Windows
No ratings yet
Access Control Lists in Linux & Windows
3 pages
RHCSA Part 1 Sander Van Vugt
No ratings yet
RHCSA Part 1 Sander Van Vugt
59 pages
User - Group Ownership and Permission
No ratings yet
User - Group Ownership and Permission
8 pages
Implementing Access Control Lists in PHP
No ratings yet
Implementing Access Control Lists in PHP
31 pages
Linux Security and Access Control Overview
No ratings yet
Linux Security and Access Control Overview
40 pages
Linux File Permissions Explained
No ratings yet
Linux File Permissions Explained
8 pages
Understanding File Access Control Lists
No ratings yet
Understanding File Access Control Lists
5 pages
Access Control Principles Overview
No ratings yet
Access Control Principles Overview
21 pages
Comprehensive Linux Command Guide
No ratings yet
Comprehensive Linux Command Guide
18 pages
Understanding Directory Permissions in Linux
No ratings yet
Understanding Directory Permissions in Linux
4 pages
Computer Fundamentals Quiz Overview
No ratings yet
Computer Fundamentals Quiz Overview
3 pages
Farm Seek and Find
No ratings yet
Farm Seek and Find
4 pages
Complete Course Catalogue 2009
No ratings yet
Complete Course Catalogue 2009
183 pages
Learn Visual Basic .NET Programming
No ratings yet
Learn Visual Basic .NET Programming
19 pages
Oracle Procurement Cloud Supplier Management
100% (1)
Oracle Procurement Cloud Supplier Management
355 pages
Automate Global Secure Access With Prisma Access and Cortex XSOAR
No ratings yet
Automate Global Secure Access With Prisma Access and Cortex XSOAR
4 pages
Employee Attendance Management System Plan
No ratings yet
Employee Attendance Management System Plan
8 pages
Power Apps Canvas Interview Insights
No ratings yet
Power Apps Canvas Interview Insights
3 pages
BenQ GV31 Projector Specifications
No ratings yet
BenQ GV31 Projector Specifications
2 pages
Formatting Techniques in Computers
No ratings yet
Formatting Techniques in Computers
2 pages
MA5800 OLT Configuration Guide
No ratings yet
MA5800 OLT Configuration Guide
1 page
Configure ASA 5506-X Basic Firewall
No ratings yet
Configure ASA 5506-X Basic Firewall
13 pages
Step-by-Step Guide for Practical Projects
No ratings yet
Step-by-Step Guide for Practical Projects
10 pages
MS Word 2010 User Guide
No ratings yet
MS Word 2010 User Guide
40 pages
Digital Video Archiving Benefits Guide
No ratings yet
Digital Video Archiving Benefits Guide
5 pages
Cka V14.65
100% (1)
Cka V14.65
25 pages
Dark Web Market Security Mechanisms Analysis
No ratings yet
Dark Web Market Security Mechanisms Analysis
8 pages
Java Placement Prep Course Guide
No ratings yet
Java Placement Prep Course Guide
3 pages
JSON and REST API Concepts Explained
No ratings yet
JSON and REST API Concepts Explained
12 pages
Understanding Lookaside Lists in Heaps
No ratings yet
Understanding Lookaside Lists in Heaps
66 pages
ASK-300 Service Application Guide
No ratings yet
ASK-300 Service Application Guide
7 pages
FAT and SAT in Pharmaceutical Validation
100% (1)
FAT and SAT in Pharmaceutical Validation
31 pages
Tech Support Specialist Job at Cybele Software
No ratings yet
Tech Support Specialist Job at Cybele Software
2 pages
Ren'Py 8.1.1 Android Save Process
No ratings yet
Ren'Py 8.1.1 Android Save Process
2 pages
Retail Device Branding Overview
No ratings yet
Retail Device Branding Overview
804 pages
PCMFlash Dongle Activation Guide
No ratings yet
PCMFlash Dongle Activation Guide
6 pages
SCADA Faceplate Functionalities Overview
No ratings yet
SCADA Faceplate Functionalities Overview
35 pages
SAP QM Delivery Control Guide
100% (1)
SAP QM Delivery Control Guide
22 pages
LLaMa Firewall: Securing AI Agents
No ratings yet
LLaMa Firewall: Securing AI Agents
6 pages
Api Rest
No ratings yet
Api Rest
363 pages

Managing ACLs in IBM Notes

Uploaded by

Managing ACLs in IBM Notes

Uploaded by

Access Control Lists

Beyond POSIX permissions

 Know what ACL’s really are.

 About ACL's. Overcome POSIX

When POSIX permissions aren’t enough

Access Control Lists

Why use ACL’s ?

 Install acl and libacl packages

Do you have any questions ?

How do it looks like?

Do you have any questions ?

Working with ACL’s

[user@linux ~]$ setfacl [options] file or directory

-m u:user:mode Add a user ACL

-m g:group:mode Add a group ACL

Apply operations to all files and directories

-b Remove (blank) all ACL entries

-x aclspec Delete a specific entry

 Set an arbitrary limit

Effective = Mask & Mode

root@localhost:~# setfacl -m u:supinfo:rw \

[user@linux ~]$ getfacl [options] file or directory

-a Display the file Access Control List only (no default)

-d Display the default Access Control List only

-R List the ACL of all files and directories recursively

 List the whole ACLs recursively from user’s home:

 Display the file ACL of /var/www:

 Display the default ACL of /var/www:

Do you have any questions ?

-b Add ACL entrie

-R Delete all ACLs

-b Add ACL entrie

-R Delete all ACLs

Extended ACL structure

Linux system administration

Web sites Conferences

 ACL don’t work without ‘acl’ mount option

You might also like