Extended Attributes

Extended attributes are arbitrary name/value pairs which are associated with files or directories. They can be used to store system objects like capabilities of executables and access control lists, as well as user objects. The attr(5) manual page describes which kinds of extended attributes are defined.

Access Control Lists

On UNIX and UNIX-like systems, file permissions are defined by the file mode. The file mode contains nine bits that determine access permissions of a file, plus three special bits. This mechanism allows to define access permissions for three classes of users: the file owner, the file group, and others. This mechanism is very simple. With a couple of bits, many permission scenarios can be modeled.

Some applications require more control over permissions than this model offers. Access control lists implement a more fine-grained permission model: In addition to the file owner, the file group, and others, additional users and groups can be granted or denied access.

More information

Copyright (C) 2010 Andreas Grünbacher, a.gruenbacher@bestbits.at.