Access control list.

ACLs are basically lists of who is allowed to access what. This can apply to files or some other parts of the system (devices, etc), but usually files (well, in UNIX, the files would cover the devices too...).


UNIX filesystem usually specifies only three kinds of access limitation options: Read/Write/Execute access for file's owner, for file's owner group, and for everyone else. You can change this with chmod, you can see the attributes with ls -l. Simple enough.

While this is enough for a lot of things, and is simple and beautiful and easy enough for everyone to learn, it's pain in certain situations. For example, in Linux, if I want to read /var/log/adm, I need to add the user to adm group, which is something that's OK for me, but probably too broad for someone else. If I had a filesystem that'd support ACLs (such as XFS, which is not yet part of the Linux kernel and I'm too damn lazy to get the patches, whack me silly for using this ReiserFS thingy), I'd say "wwwwolf has read access to /var/log/adm" (or rather setfacl -m u:wwwwolf:r /var/log/adm), and be done with it.


Some OSes (Windows NT, I believe) implement ACLs, and it's probably coming to POSIX standards too (There was a Posix 1003.1e / 1003.2c Draft Standard 17 from year 1997, but that was apparently abandoned? No idea about the standardization). Some Linux filesystems, at least SGI's XFS journaling filesystem, does support ACLs, extended attributes and the getfacl/setfacl tools. Same is probably true for the BSD world, but I have no idea how they're doing. Some commercial UNIXes (Solaris at least) also support ACLs.

There are some problems when moving files to places with/without acls, of course - since the thing isn't that standardified, you need to make sure your tools also support your particular implementation. It might be noted that tar (even the GNU one) doesn't support ACLs, but the new UNIX archiver format ustar (implemented in the new pax tool) does - but only through OS-specific extensions! If you're backing up files, and absolutely have to use tar format (or are otherwise extremely paranoid), you can use getfacl tool to save the ACLs to file (recursing through the directory tree) and restore the ACL with setfacl when restoring.

(Sources: The Linux ACL page at

Log in or register to write something here or to contact authors.