Contents
Overview
“Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems.
It is designed to assist with UNIX file permissions.
ACL allows you to give permissions for any user or group to any disc resource.” (Wikipedia)
Enable ACL on file system
Most likely is that the ACL option is already enabled on your file system but to be sure you can verify using the next command:
#make sure to replace sda2 with the name of your device tune2fs -l /dev/sda2 | grep options
The output should be:
Default mount options: user_xattr acl
In order to enable ACL on a file system use tune2fs command:
#make sure to replace sda2 with the name of your device tune2fs -o acl /dev/sda2
View Linux ACL Permissions
ls command
With ls command you can see if there are any ACL permissions on a file, you will see a ‘+’ sign:
ls -l /folder-file #Output: -rw-rwxr--+ 1 root root 0 Mar 15 05:27 folder-file
Now we use getfacl command to see the ACL permissions.
getfacl command
You can use getfacl to view the current ACL permissions of a file or folder.
getfacl /folder-file #Output # file: folder-file # owner: root # group: root user::rw- user:nfsnobody:rwx group::r-- mask::rwx other::r--
setfacl command
#setfacl -m u:username:permissions /folder-file setfacl -m u:bob:rwx /folder-file #setfacl -m u:uid:permissions /folder-file setfacl -m u:12345:rwx /folder-file #setfacl -m g:groupname:permissions /folder-file setfacl -m g:company:rx /folder-file #setfacl -m g:gid:permissions /folder-file setfacl -m g:12345:rx /folder-file
Remove all ACL permissions:
setfacl -b
Remove a specific ACL entry by username, uid, group or gid:
setfacl -x "bob"
Enjoy!
DevOps/IT Specialist, Musician.
IT Manager – Faculty of Exact Sciences, Bar-Ilan University
Personal Website