Jesin's Blog

Welcome to the Portal of Technology

Linux ACL Tutorial

Linux ACL Tutorial

Linux 2 Comments

linux category thumbnail

Access Control Lists( (ACLs) are a way to assign fine tuned permissions in Linux apart from using the chmod command. When the chmod command is used only one owner and one group can be assigned permissions on a file or directory. If multiple users need access to a resource we need to place them in a group and then give that group the necessary permissions. But with File ACLs in Linux we can assign fine grained permissions to each user and group on a file and even deny access to a particular user even if the file has world permissions. This tutorial on Linux File ACL will explain the usage of the commands getfacl and setfacl.

First let us understand the purpose of each permission on files and directories

Files –

r (read) – The contents of the file can be viewed
w (write) – The file can be edited and new content can be inserted
x (execute) – The file can be executed. This permission is assigned to shell scripts and CGI scripts.

Directories –

r (read) – The contents of the directory can be viewed with the “ls” command
w (write) – New file can be created inside the directory and existing files can be deleted
x (execute) – The user with this permission can change directory (cd) into this directory

If you get a command not found error for getfacl and setfacl it means the acl package is not installed, so use yum or apt-get according to your operating system to install the package

yum install acl
apt-get install acl

To view the access control list of a file/directory, use the getfacl command

getfacl /home/file1
# file: home/file1
# owner: root
# group: root
user::rw-
user:root:rw-
group::r--
mask::rw-
other::r--

Before using the setfacl command, acl has to be enabled on the filesystem, else you’ll receive the following error.

setfacl: /path/to/file: Operation not supported

So the /etc/fstab file has to be edited and the word acl has to be added near the word “defaults” a sample fstab entry is shown below

/dev/sda3          /        ext3          defaults,<strong>acl</strong>         0 0

To set the ACL for a file/directory use the setfacl command

setfacl -m u:username:rw /etc/fstab

In this command “u” is for user, followed by the username and “rw” for read and write permission. For giving all the permissions use “rwx” for denying all permissions use minus (-). For example, to deny all rights to user1 on /path/to/file even if the file has 777 permissions

setfacl -m:user1:- /path/to/file

To grant all permissions to a group

setfacl -m g:groupname:rwx /path/to/filename

To recursively set ACLs to all files inside a directory use the -R option

setfacl -R -m u:username:rwx /path/to/directory

To delete an entry from the access list

setfacl -x u:username /path/to/file

Related posts:

linux category thumbnailHow to make undeletable files and directories in Linux linux category thumbnailFix serial port permission denied errors on Linux linux category thumbnailMount an ISO file in Linux linux category thumbnailChange Home Directory in Linux linux category thumbnailHow to create a swap file in Linux

Comments

  1. Sohrab Monfared says

    Thanks for your tutorial
    Just as a notice: It’s a good idea to remove the from /etc/fstab entry, since it will confuse the beginners and making their system stuck at mounting.

    peace

    Reply

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

Vultr SSD VPS