13.2 Advantages of ACLsTraditionally, three permission sets are defined for each file object on a Linux system.These sets include the read (r), write (w), and execute (x) permissions for each of threetypes of users—the file owner, the group, and other users. In addition to that, it is pos-sible to set the set user id, the set group id, and the sticky bit. This lean concept is fullyadequate for most practical cases. However, for more complex scenarios or advancedapplications, system administrators formerly had to use a number of tricks to circumventthe limitations of the traditional permission concept.ACLs can be used as an extension of the traditional file permission concept. They allowassignment of permissions to individual users or groups even if these do not correspondto the original owner or the owning group. Access control lists are a feature of theLinux kernel and are currently supported by ReiserFS, Ext2, Ext3, JFS, and XFS. UsingACLs, complex scenarios can be realized without implementing complex permissionmodels on the application level.The advantages of ACLs are evident if you want to replace a Windows server with aLinux server. Some of the connected workstations may continue to run under Windowseven after the migration. The Linux system offers file and print services to the Windowsclients with Samba. With Samba supporting access control lists, user permissions canbe configured both on the Linux server and in Windows with a graphical user interface(only Windows NT and later). With winbindd, part of the samba suite, it is evenpossible to assign permissions to users only existing in the Windows domain withoutany account on the Linux server.13.3 Definitionsuser classThe conventional POSIX permission concept uses three classes of users for assign-ing permissions in the file system: the owner, the owning group, and other users.Three permission bits can be set for each user class, giving permission to read (r),write (w), and execute (x).access ACLThe user and group access permissions for all kinds of file system objects (filesand directories) are determined by means of access ACLs.Access Control Lists in Linux 319