Access Control Lists (commonly known as ACLs) are a way of specifying complicated permissions to objects.
Those of you from the UNIX world may remember when you have been in a situation like the following:
Techies need read/write to a directory. Marketing needs read. Joe needs full access.
This is an impossible scenario with classic owner/group/others permissions. You can't have two groups that need two different permissions. With ACLs you can!
!!Requirements
The basics for using ACLs on ext2/3 partitions are: * Having a patched kernel to allow it * Having the ACL utilities * Having a slightly modified version of fileutils.
It is also important to have a recent version of e2fsck otherwise it'll screw up your ACLs.
!!Kernel bits Now! With the patched kernel, the appropriate options are (in menuconfig): File systems->POSIX Access Control Lists File systems->Ext3 journalling file system support File systems->Ext3 journalling file system support->Ext3 extended attributes File systems->Ext3 journalling file system support->Ext3 extended attributes->Ext3 POSIX Access Control Lists
If you use ext2, do the same for `Second extended fs support' a bit lower down. I don't know how this works for other fs' (JFS, XFS) so someone else can wiki that 
!!ACL utilities
The basic ACL utilities you will want are getfacl' and setfacl'. If you havn't already got them, you can get them from http://acl.bestbits.at/ . On Gentoo they are in the package sys-apps/acl'. I think it is in package acl' on Debian. Debian also has an `acl-dev' which contains the libraries and headers and such.
!!How to use this stuff
Right! Onto the juicy stuff. First off, you need to make sure your ext2/3 partitions are mounted with the `acl' option. If they aren't, you will get this:
- cyan /# setfacl -m u:rgh:rwx tmp setfacl: tmp: Operation not supported
So, make sure (acl) is in the options list.
!!!ACL Basics
An ACL for use with the command line looks like [[gu]:<group|user>:perms. So, to give group `techies' rwx access to /techies, you would type:
- setfacl -m g:techies:rwx /techies
The -m just means you are modifying the ACL directly from the command line, as opposed to from stdin later. man setfacl reveals all!
Source: http://www.wlug.org.nz/AccessControlLists