Adopt a filesystem with more advanced file permission capabilities

Latest response

Examples: a full ACL (groups and users) for each type of logical permission rather than limiting to one entity only. e.g. multiple groups with rwx access, multiple read users. Permission inheritance from parent folder in NTF'eSque style would also be nice.


The ext3/4 filesystems do support full ACL's already, though it's something that is not exactly obvious.  First a file system must be mounted with ACL's enabled, then from the command line you can use setfacl and getfacl to manage them, even setting default ACL's that will be inherited.  One thing that would be nice is if the ACL's could also be managed or at least viewed via the graphical file management tools in gnome or kde.

I agree ACL's do a very good job for files that need a more granular approach than the traditional UNIX permissions and there is a lot of doco out there. My main complaint with filesystems is I need bigger volume sizes (20TB should not be a huge ask) and there is a limitation in e2fsprogs.


As for RHEL7, it would be a no brainer to add support for Btrfs as that appears to be the future.

XFS is supported up to 100T in RHEL5 and RHEL6 today, if you have a need for large filesystems.  (XFS supports ACLs as well).

As said above, most all supported filesystems in RHEL already support ACLs. Is there something in this support that is missing for you, or is it just not sufficeintly obvious/easy to use?



Is the ACL support for POSIX ACLs only, or are NFSv4/NTFS-style ACLs now supported? (I honestly haven't looked that deeply into RHEL 6.x yet...).  For my purposes, POSIX is good enough, but for interoperability purposes, NFSv4/NTFS ACLs would be ideal.

Hi James - fancy running into you here.


In any case, the native FS support is for POSIX ACLs. With NFSv4, you can display & change the ACLs on the client side with the nfs4-acl-tools package in RHEL 6. The NFS server converts to POSIX acls for storing locally.




Samba has support for storing the NTFS ACL for viewing/querying purposes, but converts to POSIX ACLs underneath for actual FS access.