ACCESS CONTROL LISTS(ACLs)
Mayank Pandey
Access Control Lists (ACLs) are a fundamental method used in computer systems, networking, and file management to define who or what is allowed to access resources and what operations are permitted on those resources.
π What Is an Access Control List?
An Access Control List (ACL) is a list of rules that define permissions attached to an object (like a file, directory, or network resource). Each rule in the list typically specifies:
Subject: who the rule applies to (a user, group, or system).
Object: the resource being protected.
Permission: the allowed or denied actions (e.g., read, write, execute, delete).
π ACLs in Different Contexts
1. File System ACLs (e.g., Windows, Linux)
ACLs define who can access or manipulate a file or folder.
Example (Linux with POSIX ACLs):
setfacl -m u:john:r-- file.txt
β‘οΈ Grants user "john" read-only permission to file.txt.
Permissions might include:
Read (
r)Write (
w)Execute (
x)
2. Network ACLs (e.g., Routers, Firewalls)
Used to permit or deny traffic based on IP addresses, protocols, or ports.
Example (Cisco-style):
access-list 100 permit tcp any host 192.168.1.10 eq 80
β‘οΈ Allows TCP traffic to IP 192.168.1.10 on port 80 (HTTP).
Rules can be:
Permit: allow traffic
Deny: block traffic
ACLs are typically processed top-down β first match wins.
3. Operating Systems or Applications
ACLs are also used in databases, cloud storage (like AWS S3), and services (like Active Directory) to control access to resources.
The getfacl command in Linux is used to view Access Control Lists (ACLs) for files and directories.
π Syntax
getfacl [options] <file_or_directory>
π What It Shows
Standard permissions (user/group/other)
Extended ACL entries, if they exist
Default ACLs (for directories)
β Example 1: Basic Usage
getfacl file.txt
Output:
# file: file.txt
# owner: alice
# group: developers
user::rw-
user:bob:r--
group::r--
mask::r--
other::---
𧩠Explanation:
user::rw-β Owner permissionsuser:bob:r--β Specific user "bob" has read accessgroup::r--β Group has read accessmask::r--β Max allowed permissions for named users and groupsother::---β No access for others
β Example 2: Default ACLs (for directories)
getfacl mydir/
Output might include:
default:user:charlie:rw-
β‘οΈ This means new files inside mydir/ will give user "charlie" read/write access.
π§ Tips
Use with
-Rto recurse into directories:getfacl -R mydir/Combine with
setfaclto manage ACLs.
β How ACLs Work: Step-by-Step
Request: A user or system attempts to access a resource.
Match: The system checks the ACL for rules that match the requester.
Evaluate: The system checks whether the rule allows or denies the requested operation.
Enforce: Access is either granted or denied based on the first matching rule (in many systems).
π ACL vs. Role-Based Access Control (RBAC)
| Feature | ACL | RBAC |
| Focus | Object-based permissions | Role-based permissions |
| Flexibility | Fine-grained | Easier to manage for orgs |
| Complexity | Can get complex with scale | Scales better with roles |
π§ Summary
ACLs are lists of permissions applied to resources.
They define who can do what with a resource.
Used in file systems, networks, apps, and more.
Theyβre processed in order, and the first matching rule often determines access.
Good for fine-grained control, but can become hard to manage at scale.
Subscribe to my newsletter
Read articles from Mayank Pandey directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by