Tag Archives: permissions

Linux ACL

An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. ACL allows you to grant or deny permissions for any user or group on a filesystem resource.

Enabling ACL

To enable ACL, edit your /etc/fstab file as such:

/dev/VolGroup00/LogVol00 /                       ext3    defaults,acl        1 1

Note: Moderm Redhat distributions enable ACL by default for the root filesystem.

Set ACL

To modify ACL use setfacl command. To add permissions use setfacl -m.

Add permissions to some user:

# setfacl -m "u:username:permissions"

or

# setfacl -m "u:uid:permissions"

Add permissions to some group:

# setfacl -m "g:groupname:permissions"

or

# setfacl -m "g:gid:permissions"

Add default ACL:

# setfacl -d -m "u:uid:permissions"

Remove all permissions:

# setfacl -b

Remove each entry:

# setfacl -x "entry"

To check permissions use:

# getfacl filename

Examples

Set read,write and execute permissions for user “johndoe” on the file named “abc”.

# setfacl -m "u:johndoe:rwx" abc

Check permissions.

# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
user:johny:rwx
group::r--
mask::rwx
other::r--

Change permissions for user “johndoe”.

# setfacl -m "u:johndoe:rw-" abc

Check permissions.

# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
user:johndoe:rw-
group::r--
mask::r-x
other::r--

Remove all extended ACL entries.

# setfacl -b abc

Check permissions.

# getfacl abc
# file: abc
# owner: someone
# group: someone
user::rw-
group::r--
other::r--

Additional Resources

man getfacl
man setfacl

If you weren’t using these already, you should.

// CrashMAG