[kwlug-disc] Access rights to file/folder
John Van Ostrand
john at netdirect.ca
Thu Jul 29 10:27:14 EDT 2010
----- Original Message -----
>
> Speaking of LDAP, how do ACL's fit into the Linux LDAP world?
>
For security LDAP provides two basic things: authentication and user information. In Linux these are two separate configurations that are not dependant on one another. Authentication is handled by the /etc/pam.d configuration files and user information is handled by /etc/nsswitch.conf configuration. The libraries (pam and nss) behind these config files do all the work.
So as far as ACLs go, LDAP provides the user and group names (so the ACLs show names instead of IDs) and it provides the list of group IDs for a user so the kernel can determine what access rights a user has.
There isn't anything really magical about LDAP. For the purpose of ACLs think of it like a shared copy of /etc/passwd, /etc/group and /etc/shadow.
--
John Van Ostrand
CTO, co-CEO
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Fx: 519-883-8533
Linux Solutions / IBM Hardware
More information about the kwlug-disc
mailing list