There's a nice summary and brief tutorial on O'Reilly Net that discusses FreeBSD 5.x Filesystem ACLs.

Access Control Lists (ACLs) solve these problems. They allow more flexibility than the standard Unix user/group/other set of permissions. ACLs have been available in commercial UNIXes such as IRIX and Solaris (and in Windows NT) for years. Now, thanks to the TrustedBSD project's work, ACLs are available in FreeBSD 5.0-RELEASE and beyond. Much of the information below applies, at least in part, to ACL implementations on other platforms; however, you will want to look at specific documentation to avoid being tripped up by differences in syntax. There shouldn't be many, as FreeBSD attempts to conform to the latest POSIX.1e draft.

Cool stuff. Check it out.

Posted by jzawodn at August 17, 2003 09:11 PM

Reader Comments
# david said:

This might be stupid, but how can you tell if you are running UFS1 or 2. I installed a box with 5.2 from scratch, and it claims that it is the default fs, looking in fstab it labels all my partitions as UFS... Maybe I didn't spend enough time on google.

on August 17, 2003 11:45 PM
# david said:

Doh! I meant I installed 5.1 from scratch. My bad.

on August 17, 2003 11:47 PM
# Gordon said:

David, if you really installed FreeBSD 5.1 from scratch including 'newfs'ed the slices (partitions) you allready have ufs2.

You can check this manually with `dumpfs / | grep -i ufs`.

on August 18, 2003 03:28 AM
# BDKR said:

Does this mean SCO is going to come after FreeBSD now?

on August 18, 2003 11:17 PM
# Vacation Time said:

That is cool stuff. Of course, now I have to go find -exec setfacl all the files under the doc root for my web server to remove world readable and convert it to read-by-web-process-owner.

Where's the -R option when you need it?

on August 23, 2003 07:17 PM
Disclaimer: The opinions expressed here are mine and mine alone. My current, past, or previous employers are not responsible for what I write here, the comments left by others, or the photos I may share. If you have questions, please contact me. Also, I am not a journalist or reporter. Don't "pitch" me.


Privacy: I do not share or publish the email addresses or IP addresses of anyone posting a comment here without consent. However, I do reserve the right to remove comments that are spammy, off-topic, or otherwise unsuitable based on my comment policy. In a few cases, I may leave spammy comments but remove any URLs they contain.