[an error occurred while processing this directive]
[an error occurred while processing this directive]Access Control Lists (ACLs) are a feature of the Unix operating system that controls which user IDs can read and write to files. Most directories used for web publishing on the www.ksu.edu server are controlled with ACLs.
Just as with other schemes of managing permissions, you must flag files
as being readable by the web server before they are accessible on the web.
In the past, most people used the Unix chmod
command to make the
change. Although some formats of the chmod
command work fine with
ACLs, it is simpler to use the setfacl
command, i.e.,
setfacl -m mask:rwx filename
where filename is the name of the file. Wildcards can be used, so most people use "*" as the filename to change all their files:
setfacl -m mask:rwx *
Note that you can only use the setfacl
command on files you own,
i.e., files that were created by you.
Those used to other access control schemes, such as simple file ownership (as used on the www-personal.ksu.edu server) or Unix groups (previously used for the www.ksu.edu server), should notice few differences.
Move into the directory (using the cd
command) and run the command
getfacl .
Using ACLs is a step towards people being able to control read/write access to their web directories. However, we have not yet built the web infrastructure to allow people to make changes in a secure, authenticated, and authorized manner. In the mean time, if you need changes, the web coordinator can mail them to webmaster@k-state.edu. We can generally make changes within a few days.
In theory, using the Unix setfacl
directly would allow people
to control access. In practice, setfacl
has three limitations
that hamper its use.
setfacl
command doesn't have an option to recursively apply
to subdirectories. This means that people with files in separate
directories will have to run the setfacl command in each directory.setfacl
command has an intimidating syntax. To see the
manual page, enter man setfacl
from a Unix prompt.To help work around these limitations, we recommend that you leave the details of the ACLs to us. We can make the changes needed when people are to be added or deleted. Also, periodically we reset the ACLs on all the files. This helps recover from the situation where one authorized author forgets to allow read/write access by others cooperating on the same web site.
If you would prefer to use the setfacl
command directly, let
us know so that we don't accidentally reset your ACLs with the last version
we knew about.