Is there a way to create file and folder acls that include select users?
 

I'm only familiar with ext's owner-group-other permissions. In the modern day and age, we need more. If I were to use ntfs, or some other filesystem, could I allow AliceX@ and BobY@ to read a file/folder, but no one else (i.e. add them to the acl for said file/folder)? And no being silly...you know full well I mean without adding Alice and Bob to the group.

If not, do folks address this by creating lots and lots of groups, and joining users to lots and lots of groups?

You can do this by using ACL's on linux.

First remount filesystem with acl parameters and you can also verify using mount and tune2fs command that filesystem is already mounted with "acl" attribute.

after that you need to set and check ACL's on files and directories.

for these setfacl and getfacl

to set a read only permission with group on file you need to use the syntax something like this

whenever you do "ls -l" on file/folder in the permission section of output there will a "+" at the end, that's denote that this file or folder have some acl's configured on it.


to check or get per-configured acl on file or folder

Why don't you use ACLs http://linux.die.net/man/1/setfacl, if that's what you want?

Only because I didn't know it existed. When I saw standard permissions (for lack of a better parlance) I wrongly assumed that, well, there you have it.

Simple enough. Thanks for the info.

For those interested (I was), there was this analysis done on the performance implications of using ACL's. There are a few relevant tables, you may have to scroll up or down a little. In a nutshell, initial access was substantially longer for ACL'd files than no-ACL ones. Not a very substantial hit at all after caching...at least for a 5-member ACL anyway. I suppose this warrants some consideration with respect to the kind of files and their usage, and the amount of cache one has at their disposal.