Access Control List (ACL)

What is an Access Control List?

Access Control Lists (ACLs) are a common form of access control used in filesystems, applications, networking and databases. In spoken discussions, the common acronym for Access Control Lists (ACLs) is often read as “ackles”.

While the form and location of ACL data depends entirely on the implementation, the information contained an ACL usually amounts to a map of resources, users and permissions. Here’s an example of a simple ACL displayed in an easily-readable table format.

Resource: Project-Data.doc
UserReadAppendOverwriteDelete
JaneAllowAllowDenyDeny
WillDenyDenyDenyDeny
HopAllowAllowAllowDeny
BrennanAllowAllowAllowAllow

File System ACLs

Unix-like operating systems often employ basic ACLs built right into the file system. The built-in file ACL typically determines whether a particular user may read, write or execute a particular file. The file system ACL usually contains permissions relative to the file’s owner, user group and all other users.

> ls -la
total 396
drwxr-xr-x 24 rhett staff 816 Oct 19 15:49 .
drwxr-xr-x 15 rhett staff 510 Oct 19 15:48 ..
-rw-r--r-- 1 rhett staff 593 Oct 19 15:49 .env
-rw-r--r-- 1 rhett staff 542 Oct 19 15:48 .env.example
-rw-r--r-- 1 rhett staff 111 Oct 19 15:48 .gitattributes
-rw-r--r-- 1 rhett staff 146 Oct 19 15:48 .gitignore
drwxr-xr-x 7 rhett staff 238 Oct 19 15:48 app
-rw-r--r-- 1 rhett staff 1686 Oct 19 15:48 artisan
drwxr-xr-x 4 rhett staff 136 Oct 19 15:48 bootstrap
-rw-r--r-- 1 rhett staff 1416 Oct 19 15:54 composer.json
-rw-r--r-- 1 rhett staff 140708 Oct 19 15:54 composer.lock
drwxr-xr-x 13 rhett staff 442 Oct 19 15:48 config
drwxr-xr-x 6 rhett staff 204 Oct 19 15:48 database
-rw-r--r-- 1 rhett staff 1129 Oct 19 15:48 package.json
-rw-r--r-- 1 rhett staff 1040 Oct 19 15:48 phpunit.xml
drwxr-xr-x 8 rhett staff 272 Oct 19 15:48 public
drwxr-xr-x 5 rhett staff 170 Oct 19 15:48 resources
drwxr-xr-x 6 rhett staff 204 Oct 19 15:48 routes
-rw-r--r-- 1 rhett staff 563 Oct 19 15:48 server.php
drwxr-xr-x 5 rhett staff 170 Oct 19 15:48 storage
drwxr-xr-x 6 rhett staff 204 Oct 19 15:48 tests
drwxr-xr-x 38 rhett staff 1292 Oct 19 15:54 vendor
-rw-r--r-- 1 rhett staff 549 Oct 19 15:48 webpack.mix.js
-rw-r--r-- 1 rhett staff 219092 Oct 19 15:48 yarn.lock

In the example directory listing above, the filesystem ACL permissions are shown with the indicators r (read) w (write) x (execute) for the owner, group and others.

Network & Router ACLs

In a network setting, access control lists are used by switches and routers to allow or deny connections to specific network interfaces.

ACL rules in networking equipment tend to be simple allow/deny tables that control network traffic. ACLs implemented on network routers and switches are a simple but important part of securing a network, preferable as just one part of a larger defense in depth strategy.

Cisco uses a very specific ACL implementation for packet filtering on its networking products and often refers to this simply as “ACLs” in product and Cisco Certified Network Associate (CCNA) training docs.

SQL Database ACLs

Access Controls Lists are a very common feature in SQL-based Relational Database Management Systems (RDMS) like MySQL (now MariaDB in its open source version), SQL Server and PostgreSQL.

SQL GRANT and REVOKE commands are often used for managing RDBMS ACL entries.

Operating System ACLs

Most modern operating systems – including Windows, Linux and MacOS have a security and access control system. In addition to files, access to running programs and system resources can also be managed using built-in Access Control Lists.

Additional Reading

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.