Operating Systems

FACL (File System Access Control List)

A filesystem ACL is a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programs, processes, or files. These entries are known as access-control entries (ACEs) in the Microsoft Windows NT, OpenVMS, Unix-like, and Mac OS X operating systems.

Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or execute an object. In some implementations, an ACE can control whether or not a user, or group of users, may alter the ACL on an object.

POSIX 1003.1e/1003.2c working group made an effort to standardize ACLs, and POSIX 1003.1e draft 17 ACLs have been available since Linux kernel version 2.5.46 in November 2002.

Most of the Unix and Unix-like operating systems (e.g. Linux, BSD, or Solaris) support POSIX.1e ACLs, based on an early POSIX draft that was withdrawn in 1997. Many of them, for example AIX, FreeBSD, Mac OS X beginning with version 10.4 (“Tiger”), or Solaris with ZFS filesystem, support NFSv4 ACLs, which are part of the NFSv4 standard. There are two experimental implementations of NFSv4 ACLs for Linux: NFSv4 ACLs support for Ext3 filesystem and the more recent Richacls, which brings NFSv4 ACLs support for Ext4 filesystem.

RedHat Enterprise Linux introduced Extended Attributes on ext2/ext3 file systems at least since RHEL 4 in 2005.

PRIMOS featured ACLs at least as early as 1984.

In the 1990s the ACL and RBAC models were extensively tested and used to administer file permissions.

Related Articles