🌐 🇵🇱 Polski · 🇬🇧 EN
Like most operating systems, Linux has a standard file permission configuration. It also has something more. Something that allows for greater control over file access - ACL - access control lists. This topic serves as an introduction to securing file systems, directories, and more.
ACL CONFIGURATION
Step 1 - Installing the ACL package
# yum install -y acl
Step 2 - Verifying the package installation
# rpm -qa | grep acl
libacl-2.2.49-4.el6.x86_64
acl-2.2.49-4.el6.x86_64
In this chapter, we will cover enabling and configuring access control lists (ACLs), which will extend our file and directory access configuration capabilities, allowing for even greater control over system activity.
Step 3 - Before we can use ACLs, we need to check if the ACL file system has been mounted, depending on our requirements.
# mount | grep acl
Since the output returned nothing, it indicates that none of the file systems are using ACLs. This needs to be corrected. We assume that we need to extend file permission management capabilities on the /dev/hdc1 file system (/opt/backup). Let's mount this file system with the ACL option, which we do by unmounting it and mounting it again.
Step 4 - Execute the mount command with ACL
# mount –t ext4 -o acl,remount /dev/hdc1 /opt/backup/
Step 5 - If the file system was not previously mounted, we can use
# mount –t ext4 -o acl /dev/hdc1 /opt/backup
Step 6 - Verification
# mount | grep acl
/dev/hdc1 on /opt/backup type ext4 (rw,acl)
Now you can see that the ACL option is available.
Step 7 - If we want the ACL option to be available permanently, after every system reboot, we must modify the /etc/fstab file accordingly
/dev/hdc1 /opt/backup ext4 defaults,acl 1 2
Step 8 - Save and close the file
Step 9 - Commit and apply the changes
# mount -o remount /opt/backup/
Step 10 - Verify that the ACL option is enabled
# mount | grep -i acl
/dev/hdc1 on /opt/backup type ext3 (rw,acl)
From now on, this file system will work with ACLs. We will see how we can use and configure them.
Step 1 - Let's create a test file to test ACL functionality in /opt/backup
# cd /opt/backup
# touch file1
Now, using the "getfacl" command, we will see the current ACL settings for the file.
getfacl command syntax : # getfacl [options] filename
getfacl command options :
- -d Display default ACLs
- -R Recurse into subdirectories
Step 2 - Display ACL information for the newly created file
# getfacl file1
# file: file1
# owner: root
# group: root
user::rwgetfacl
other::r—
So far, there is nothing special here; we only see the default ACL settings. We will use the "setfacl" command to create additional permissions for this file.
setfacl command syntax : # setfacl [options] file
setfacl command options :
- -m Modify ACL
- -x Remove ACL
- -n Do not recalculate the effective mask
- -R Recurse into subdirectories
Step 3 - Setting ACL for user01
# setfacl -m u:user01:rwx /opt/backup/file1
Step 4 - Re-check ACL settings
# getfacl file1
# file: file1
# owner: root
# group: root
user::rwuser:
user01:rwx
group::r—
mask::rwx
other::r—
Now you can see that read, write, and execute permissions have been added for user01.
Step 5 - Remove ACL permissions for user01
# setfacl -x u:user01 /opt/backup/file1
Step 6 - Verification
# getfacl file1
# file: file1
# owner: root
# group: root
user::rwgroup::
r—
mask::r—
other::r—
Step 7 - To remove all ACLs set on a given file, you can use the "-b" switch instead of removing them one by one
# setfacl -b testfile
ACL settings can become very complicated if not carefully planned. You must ensure that you fully understand basic file access permissions, which is a key element of system administration.
GnuPG
GnuPG is an Open Source solution used for encryption. The first use case for PGP was email encryption, allowing for user identity verification. The same solution also applies to file protection. You can use the "seahorse" package to secure files.
Step 1 - Installing the package
# yum install –y seahorse
Step 2 - Verifying installation
# rpm -qa | grep seahorse
seahorse-2.28.1-4.el6.x86_64
Before we start using file protection, we need to generate the appropriate private key with which we will encrypt documents. You will also need a public key for decryption.
Step 3 - Generating keys
# gpg —key-gen
Once the keys are generated, you can start encrypting files.
Comments