Is it possible to set up role based security filesystem on linux kernel
Is there any way to currently set up a role based access control (RBAC) for filesystem on any OS that is based on linux kernel, or this would require a special filesystem or modifications of linux kernel?
By RBAC I mean something like what is available under NTFS. Linux kernel by default support only DAC, compliant with POSIX, but I think it would be interesting to have a possibility to define unlimited number of access entries for any number of roles per file on linux kernel, so that for example for a file /var/blah
- user Bob can read and write to that file
- user John can only read that file
- group admins can read, write and execute it
- group backup can only read it
- group system can read and execute it
and so on...
If you use ACLs, it is possible as well.
man getfacl man setfacl
You can look into SeLinux which implements MAC on linux. This is another security mechanism under linux apart from DAC. I don't have any handly link right now but simple google search for RBAC Selinux may give you results which you are looking for.