• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Configure ACL(Access Control Lists) in Linux FileSystem

by admin

Traditional Linux access permissions for files and directories consist of setting a combination of read, write, and execute permissions for the owner of the file or directory, a member of the group the file or directory is associated with, and everyone else (other). Access control lists (ACLs) provide a finer-grained access control mechanism than these traditional Linux access permissions.

Installing ACL

Before using ACLs for a file or directory, install the acl package:

# yum install acl

Configuring ACL on a file system

The file system containing the file or directory must also be mounted with ACL support. The following is the syntax to mount a local ext3 file system with ACL support:

# mount -t ext3 -o acl [device-name] [mount-point]

For example:

# mount -t ext3 -o acl /dev/mapper/VolGroup00-LogVol00 /data

If the partition is listed in the /etc/fstab file, include the acl option:

# vi /etc/fstab
LABEL=/data    /data    ext3    acl     0    0

ACL Rules

An ACL consists of a set of rules that specify how a user or group can access the file or directory the ACL is associated with. There are two types of ACL rules:

  1. access ACLs: Specify access information for a single file or directory
  2. default ACLs: Pertain to a directory only. It specifies default access information for any file within the directory that does not have an access ACL.

Display ACLs on files

Use the getfacl utility to display a file’s ACL. When a file does not have an ACL, it displays the same information as ‘ls –l’, although in a different format. For example, the file test does not have an ACL:

# ls –l test
-rw-rw-r-- 1 oracle oracle 25 Mar 5 10:10 test

Sample getfacl output of the test file:

# getfacl test 
# file: test
# owner: oracle 
# group: oracle 
user::rw- 
group::rw- 
other::r--

Configuring ACLs on Files

Use the setfacl utility to add or modify one or more rules in a file’s ACL. The syntax is:

# setfacl -m [rules] [files]

The rules are in the following form:

  • u:name:permissions: Sets the access ACL for a user (username or UID)
  • g:name:permissions: Sets the access ACL for the group (group name or GID)
  • m:permissions: Sets the effective rights mask. This is the union of all permissions of the owning group and all of the user and group entries.
  • o:permissions: Sets the access ACL for everyone else (others)

The permissions are the traditional r, w, and x for read, write, and execute, respectively. The following example adds a rule to the ACL for the test file that gives the oracle user read and write permission to that file:

# setfacl -m u:oracle:rwx test

The output of getfacl includes the ACL rule:

# getfacl test 
# file: test
# owner: oracle 
# group: oracle 
user::rw- 
user:oracle:rwx 
group::rw- 
mask::rwx 
other::r--

When a file has an ACL, ‘ls –l’ displays a plus sign (+) following the permissions:

# ls –l test
-rw-rwxr--+ 1 oracle oracle 25 Mar 5 10:10 test

Removing ACLs of Files

Use the –x option without specifying any permissions to remove rules for a user or group.

# setfacl –x u:oracle test

To remove the ACL itself, use the -b option:

# setfacl –b test

Setting the Default ACLs

To set a default ACL, add d: before the rule and specify a directory instead of a file name:

# setfacl -m d:o:rx /share
UNIX/Linux : Access control lists (ACLs) basics

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. RPM : package installation Error : cpio: read failed
  2. How to Disable IPv6 in CentOS/RHEL 8
  3. CentOS / RHEL 7 : How to switch to iptables from firewalld
  4. CentOS / RHEL : How to determine which SNMP version is being used
  5. CentOS / RHEL LVM : Backing Up Volume Group Metadata
  6. CentOS / RHEL 5 : How to Configure kdump
  7. How to Identify NIS Authenticated Users
  8. vshadowmount: command not found
  9. CentOS / RHEL : How to delete a volume group in LVM
  10. How to configure postifx smtp relay in CentOS/RHEL 5 and 6

You May Also Like

Primary Sidebar

Recent Posts

  • qemu-system-x86_64: command not found
  • timedatectl: command not found
  • mpirun.openmpi: command not found
  • startkde: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright