As a system administrator, you often need to provide some advanced control access to the end users. We know about providing access to reading, writing, and executing permission to the users but there is something more than that, we need to do some more to control the advanced level of file permissions. In this blog, we will be comparing how we can implement ACL in both Linux and Windows and we will try to highlight the basic differences and similarities.
Linux ACL
For any file or directory, you will be able to provide specific permissions to individual users and groups. Sometimes we need to provide access to multiple users to access different resources, then this is very useful to allow users to use ACL.
Setting Up Linux ACL
Create Directories and Files
Here we will create a directory and two files (tutorial and profile):
mkdir /linuxY/lesson07 -p
cd /linuxY/lesson07/
touch tutorial profile
ls -l
Initial Permissions:
We will check the initial permissions of the tutorial file:
getfacl tutorial
Adding Users:
We will add 3 users jack, rose, tomy:
useradd jack
useradd rose
useradd tomy
Assigning ACLs to Users:
Use the following commands to set access permissions for the users:
setfacl -m u:rose:rw,u:jack:rw profile
setfacl -m u:rose:r--,u:jack:rw,u:tomy:-w- tutorial
Verifying ACLs:
Check and verify the access permissions:
getfacl profile
getfacl tutorial
Testing Permissions as Different Users:
Let’s test the given permissions:
su jack
cat tutorial
echo hello > tutorial
cat tutorial
exit
su rose
cat tutorial
echo hi > tutorial
exit
Setting Group ACL:
Create a group named as staff and set access permissions to access the tutorial file:
groupadd staff
setfacl -m g:staff:rw- tutorial
Recursive ACLs for Directories:
Here we will create a directory and 2 files and set access permissions recursively for directories.
mkdir acldir
touch acldir/file1
touch acldir/file2
setfacl -R -m u:rose:rwx acldir
getfacl acldir
Removing ACLs:
Follow the below commands to remove the ACL from the user rose and group staff.
setfacl -x u:rose profile
setfacl -x g:staff tutorial
setfacl -b tutorial
Windows ACL
In Windows, we will get similar controlling systems, where you will be able to define permissions for individual users and groups from a graphical interface. You will be able to do it from the Security tab in file or folder properties.
Setting Up Windows ACL
Create Directories and Files
Right-click in Windows Explorer to create new folders and files.
Initial Permissions
Right-click the file/folder > Properties > Security tab to view current permissions.
Adding Users:
Add users through the Control Panel or using net user command.
Assigning ACLs to Users
Right-click the file/folder > Properties > Security tab > Edit > Add. Specify the user and set the desired permissions.
Testing Permissions as Different Users
Switch users using the user switch feature in Windows, or log in as different users.
Setting Group ACL:
Similar to user ACLs, add groups in the Security tab and set permissions.
Recursive ACLs for Directories:
Apply permissions to a parent directory and choose to propagate them to all child objects.
Removing ACLs:
In the Security tab, select the user or group and click Remove.
Comparing Linux and Windows ACL
Similarities
Both Linux and Windows share a lot in common in regard to the extent of permissions that can be allowed for files and directories, in that the users are able to set even tiny distinctions. Likewise, it becomes possible to allocate permissions via user and group names in them. Both Linux and Windows systems support applying permissions to subdirectories in a hierarchical manner. In Linux, there are read, write, and execute permissions for instance while in the Windows operating system, there are read, write, change, and execute permissions.
Differences
The approach to managing ACLs in Linux is through command-line tools (setfacl, getfacl), while Windows has a graphical interface which is provided through the Security tab. Windows has made the NTFS file system incorporate ACLs as well as being the default for file permissions on it whereas for Linux it is an extension of the traditional permission system. Windows ACLs support various permissions such as deleting, reading attributes, and owning in mind as well as deleting, reading, and writing inside files. In the aspect of file management, windows uses inherited permissions supporting for deeper control which enables users to freely dwell on their previous setting whenever the requirement arises, unlike Linux which demands constant use of explicit commands where need be.
Conclusion
ACLs allow for managing file permissions through powerful tools on both Linux and Windows. Although their implementation and interface are different, their main features are similar. This enables system administrators to regulate access based on their specific needs. You can improve management in your multi-user environments when you take the time to grasp each system’s subtleties.