• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Configure ACL(Access Control Lists) in Linux FileSystem

by admin

Traditional Linux access permissions for files and directories consist of setting a combination of read, write, and execute permissions for the owner of the file or directory, a member of the group the file or directory is associated with, and everyone else (other). Access control lists (ACLs) provide a finer-grained access control mechanism than these traditional Linux access permissions.

Installing ACL

Before using ACLs for a file or directory, install the acl package:

# yum install acl

Configuring ACL on a file system

The file system containing the file or directory must also be mounted with ACL support. The following is the syntax to mount a local ext3 file system with ACL support:

# mount -t ext3 -o acl [device-name] [mount-point]

For example:

# mount -t ext3 -o acl /dev/mapper/VolGroup00-LogVol00 /data

If the partition is listed in the /etc/fstab file, include the acl option:

# vi /etc/fstab
LABEL=/data    /data    ext3    acl     0    0

ACL Rules

An ACL consists of a set of rules that specify how a user or group can access the file or directory the ACL is associated with. There are two types of ACL rules:

  1. access ACLs: Specify access information for a single file or directory
  2. default ACLs: Pertain to a directory only. It specifies default access information for any file within the directory that does not have an access ACL.

Display ACLs on files

Use the getfacl utility to display a file’s ACL. When a file does not have an ACL, it displays the same information as ‘ls –l’, although in a different format. For example, the file test does not have an ACL:

# ls –l test
-rw-rw-r-- 1 oracle oracle 25 Mar 5 10:10 test

Sample getfacl output of the test file:

# getfacl test 
# file: test
# owner: oracle 
# group: oracle 
user::rw- 
group::rw- 
other::r--

Configuring ACLs on Files

Use the setfacl utility to add or modify one or more rules in a file’s ACL. The syntax is:

# setfacl -m [rules] [files]

The rules are in the following form:

  • u:name:permissions: Sets the access ACL for a user (username or UID)
  • g:name:permissions: Sets the access ACL for the group (group name or GID)
  • m:permissions: Sets the effective rights mask. This is the union of all permissions of the owning group and all of the user and group entries.
  • o:permissions: Sets the access ACL for everyone else (others)

The permissions are the traditional r, w, and x for read, write, and execute, respectively. The following example adds a rule to the ACL for the test file that gives the oracle user read and write permission to that file:

# setfacl -m u:oracle:rwx test

The output of getfacl includes the ACL rule:

# getfacl test 
# file: test
# owner: oracle 
# group: oracle 
user::rw- 
user:oracle:rwx 
group::rw- 
mask::rwx 
other::r--

When a file has an ACL, ‘ls –l’ displays a plus sign (+) following the permissions:

# ls –l test
-rw-rwxr--+ 1 oracle oracle 25 Mar 5 10:10 test

Removing ACLs of Files

Use the –x option without specifying any permissions to remove rules for a user or group.

# setfacl –x u:oracle test

To remove the ACL itself, use the -b option:

# setfacl –b test

Setting the Default ACLs

To set a default ACL, add d: before the rule and specify a directory instead of a file name:

# setfacl -m d:o:rx /share
UNIX/Linux : Access control lists (ACLs) basics

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. How to Create An LVM Snapshot Of The Root Filesystem And Restore To An Earlier State
  2. cut Command Examples in Linux
  3. How To Disable Ksplice Service on OEL
  4. How to use sudo to allow a non-root user run a particular command
  5. How to change the number of commands stored in Bash History
  6. How to Configure rsyslog to Filter/discard Specific IP Address in CentOS/RHEL 6,7
  7. backlight_control Command Examples in Linux
  8. sar Command Examples in Linux
  9. cp: command not found
  10. How to Configure firewalld Logging in CentOS/RHEL 8

You May Also Like

Primary Sidebar

Recent Posts

  • pw-cat Command Examples in Linux
  • pvs: command not found
  • pulseaudio: command not found
  • pulseaudio Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright