An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. ACL allows you to grant or deny permissions for any user or group on a filesystem resource.
Enabling ACL
To enable ACL, edit your /etc/fstab file as such:
/dev/VolGroup00/LogVol00 / ext3 defaults,acl 1 1
Note: Moderm Redhat distributions enable ACL by default for the root filesystem.
Set ACL
To modify ACL use setfacl command. To add permissions use setfacl -m.
Add permissions to some user:
# setfacl -m "u:username:permissions"
or
# setfacl -m "u:uid:permissions"
Add permissions to some group:
# setfacl -m "g:groupname:permissions"
or
# setfacl -m "g:gid:permissions"
Add default ACL:
# setfacl -d -m "u:uid:permissions"
Remove all permissions:
# setfacl -b
Remove each entry:
# setfacl -x "entry"
To check permissions use:
# getfacl filename
Examples
Set read,write and execute permissions for user “johndoe” on the file named “abc”.
# setfacl -m "u:johndoe:rwx" abc
Check permissions.
# getfacl abc
# file: abc # owner: someone # group: someone user::rw- user:johny:rwx group::r-- mask::rwx other::r--
Change permissions for user “johndoe”.
# setfacl -m "u:johndoe:rw-" abc
Check permissions.
# getfacl abc
# file: abc # owner: someone # group: someone user::rw- user:johndoe:rw- group::r-- mask::r-x other::r--
Remove all extended ACL entries.
# setfacl -b abc
Check permissions.
# getfacl abc
# file: abc # owner: someone # group: someone user::rw- group::r-- other::r--
Additional Resources
man getfacl
man setfacl
Recent Comments