Introduction to ACL

What exactly does the ACL module do?

As we saw in the introduction the ACL module provides an implementation of Access Control Lists. An access control list does exactly what its name would suggest, it controls access to objects. Unlike the standard Linux implementation however it is a list rather than a single entry per file for everyone, user and group.

This allows us to specify a far more granular security policy than would be possible using the standard Linux security model. As an example we could protect all binary and configuration files from being written to by anyone other than the sysadmin account, even root. We could even prevent binary files from being executed from anywhere other than the standard /bin, /usr/bin, etc locations.