[kwlug-disc] Access rights to file/folder

John Van Ostrand john at netdirect.ca
Thu Jul 29 10:27:14 EDT 2010


----- Original Message -----
> 
> Speaking of LDAP, how do ACL's fit into the Linux LDAP world?
> 

For security LDAP provides two basic things: authentication and user information. In Linux these are two separate configurations that are not dependant on one another. Authentication is handled by the /etc/pam.d configuration files and user information is handled by /etc/nsswitch.conf configuration. The libraries (pam and nss) behind these config files do all the work.

So as far as ACLs go, LDAP provides the user and group names (so the ACLs show names instead of IDs) and it provides the list of group IDs for a user so the kernel can determine what access rights a user has.

There isn't anything really magical about LDAP. For the purpose of ACLs think of it like a shared copy of /etc/passwd, /etc/group and /etc/shadow.

-- 
John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware 




More information about the kwlug-disc_kwlug.org mailing list