RaveMaker
Overview
A guide to using Access Control Lists (ACL) on Linux to manage fine-grained file and directory permissions beyond the standard owner/group/other model.
Enable ACL on file system
Most likely is that the ACL option is already enabled on your file system but to be sure you can verify using the next command:
#make sure to replace sda2 with the name of your device
tune2fs -l /dev/sda2 | grep options
The output should be:
Default mount options: user_xattr acl
In order to enable ACL on a file system use tune2fs command:
#make sure to replace sda2 with the name of your device
tune2fs -o acl /dev/sda2
View Linux ACL Permissions
ls command
With ls command you can see if there are any ACL permissions on a file, you will see a ‘+’ sign:
ls -l /folder-file
#Output:
-rw-rwxr--+ 1 root root 0 Mar 15 05:27 folder-file
Now we use getfacl command to see the ACL permissions.
getfacl command
You can use getfacl to view the current ACL permissions of a file or folder.
getfacl /folder-file
#Output
# file: folder-file
# owner: root
# group: root
user::rw-
user:nfsnobody:rwx
group::r--
mask::rwx
other::r--
setfacl command
#setfacl -m u:username:permissions /folder-file
setfacl -m u:bob:rwx /folder-file
#setfacl -m u:uid:permissions /folder-file
setfacl -m u:12345:rwx /folder-file
#setfacl -m g:groupname:permissions /folder-file
setfacl -m g:company:rx /folder-file
#setfacl -m g:gid:permissions /folder-file
setfacl -m g:12345:rx /folder-file
Remove all ACL permissions:
setfacl -b
Remove a specific ACL entry by username, uid, group or gid:
setfacl -x "bob"
Enjoy!