Linux security

Michael T. Richter ttmrichter at
Sat Apr 29 02:59:36 UTC 2006

On Sat, 2006-29-04 at 02:30 +0000, William Grant wrote:

> > I can go right down into the nitty-gritties, in Windows (NT+), and say
> > "this file is only readable to this one user, only executable by this
> > one other user, can be write-appended (but not read) by this group of
> > users and can be read/write accessed by this other group over here".
> > Nothing in sudo/chroot/et al gives me anywhere near that level of
> > security control unless I include an add-on that's subverted by half
> > the utilities out there. 

> Hmm. I could have sworn that I used such things on my Linux server
> constantly. Or am I imagining getfacl and setfacl?

        michael at isolde:~/my-hello-desc$ getfacl
        bash: getfacl: command not found
        michael at isolde:~/my-hello-desc$ setfacl
        bash: setfacl: command not found
        michael at isolde:~/my-hello-desc$ whereis getfacl
        michael at isolde:~/my-hello-desc$ whereis setfacl
        michael at isolde:~/my-hello-desc$ which getfacl
        michael at isolde:~/my-hello-desc$ which setfacl

You tell me.  Perhaps you want to read that last subordinate clause in
that last sentence there that you quoted?  For your convenience I've
bolded it.  It's also worth noting that the acl package in Ubuntu is not
among the supported packages.  It's in universe.

Michael T. Richter
Email: ttmrichter at, mtr1966 at
MSN: ttmrichter at, mtr1966 at; YIM:
michael_richter_1966; AIM: YanJiahua1966; ICQ: 241960658; Jabber:
mtr1966 at

"My paramount object in this struggle is to save the Union, and is not
either to save or to destroy slavery." --Abraham Lincoln
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the ubuntu-users mailing list