Multiple SINGLE users can access a file without requiring them to be in some group.
The traditional Unix access permissions scheme was the
read-write-execute bits for user-group-others mask. To make a file available
to, say, three single users, you would either have to go a very open way (à la
chmod 777) or create a new group with those three users in it. If
you had a lot of cross-references, you would soon end up with hundreds of
groups. And by default, a user can only be a member in at most 32 supplementary
(also called "secondary") groups.
The soultion to this problem are ACLs which, as the already imply, use lists to say who can do what. Just look at this:
$ getfacl project2501
# file: project2501
# owner: root
# group: root
user::rw-
user:daemon:rw-
user:jengelh:rw-
group::r--
mask::rw-
other::r--
Aside from that you may not know what this means, I can say
that the users root, daemon and jengelh
can read and write to this file. Group members and others may also read, BTW
(with the standard Unix access permission algorithm). You could not realize
this three-user-access without a group with the traditional Unix way. So here
goes: How do I make ACLs available?
Requirements
ACLs should be enabled by default on all filesystems so that there is no need to recompile the kernel. (In the past it was deactivated.)
Make sure you have the latest packages of: acl,
attr, libacl and libattr, as well as (of
course) coreutils.
fstab adjustments
After booting the new kernel, edit /etc/fstab and
add the "acl" parameter to the options field:
/dev/hdc1 /home jfs
defaults,usrquota,grpquota,acl 0 0
It may happen that filesystems do not accept the
acl option, either because they do not support ACLs at all, or
because ACLs are always enabled (as is the case with xfs). Save
fstab, exit the editor and remount the filesystem to enable
ACLs:
# mount /home -o remount
You can now begin on using ACLs. For more information see the
setfacl and getfacl manpages.