BSDCan2017 - 0722

BSDCan 2017
The Technical BSD Conference

John Hixson
Day Talks #2 - 10 June - 2017-06-10
Room DMS 1140
Start time 14:45
Duration 01:00
ID 845
Event type Lecture
Track System Administration
Language used for presentation English

Understanding NFSv4 ACL's

NFSv4 Access Control Lists are hard. Many people have a hard time understanding them let alone how to utilize them. The purpose of this talk is to explain in detail how they work and to demonstrate this in action. Demonstrations will be given and questions will be answered so everyone learns.

Traditional UNIX permissions are very limited in the security they can provide. UNIX permissions can only be set for the owner, group and everyone else (other). NFSv4 access control lists can give a lot more flexibility in the security and access that can be provided. In the NFSv4 security model, owner, group, specific users, specific groups, everyone, etc can be configured. Complete control over the type of access you want is possible. This paper assumes you are running FreeBSD or FreeNAS. The object of this paper is to demonstrate how NFSv4 access control lists work by example with some explanation. It is assumed the reader is familiar with traditional UNIX permissions.