In the previous chapter, we reviewed the basics of Discretionary Access Control. In this chapter, we'll take our discussion of DAC a step further. We'll look at some more advanced techniques that you can use to make DAC do exactly what you want it to do.
Topics in this chapter include:
- Creating an access control list (ACL) for either a user or a group
- Creating an inherited ACL for a directory
- Removing a specific permission by using an ACL mask
- Using the tar --acls option to prevent loss of ACLs during a backup
- Creating a user group and adding members to it
- Creating a shared directory for a group, and setting the proper permissions on it
- Setting the SGID bit and the sticky bit on the shared directory
- Using ACLs to allow only certain members of the group to access a file in the shared directory
