• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

RHEL 7 – RHCSA Notes – Create and manage Access Control Lists (ACLs)

by admin

RHEL 7 – RHCSA Notes (Cheat Sheets)

The file access control lists (FACLs) or simply ACLs are the list of additional user/groups and their permission to the file. Although the default file permissions does their jobs perfectly, it does not allow you to give permissions to more than one user or one group on the same file.

How to know when a file has ACL attached to it

ls -l command would produce a output as show below. Note the + sign at the end of the permissions. This confirms that the file has an ACL attached to it.

# ls -l
-rw-r--r-+ 1   root   root  0  Sep  19  14:41  file

Viewing ACLs

To display details ACL information of a file use the getfacl command. If you see carefully, the users sam and john have some extra permissions (shown highlighted). The default user/group permissions are specified using “user::permission” and “group::

# getfacl /tmp/test
# file: test
# owner: root
# group: root
user::rw-
user:john:rw-
user:sam:rwx
group::r--
mask::rwx
other:---

In contrast, if you check the ACLs on a a file with “no ACLs” the additional “user:” lines and “mask” line will not be shown and standard file permissions will be shown. :

# getfacl test
# file: test
# owner: root
# group: root
user::rw-
group::r--
other::r--

Creating and Managing FACLs

The setfacl command is used to set ACL on the given file. To give a rw access to user john on the file /tmp/test :

# setfacl -m u:john:rw /tmp/test

The -m option tells setfacl to modify ACLs on the file(s) mentioned in command line. Instead of user john we can have a group to have a specific permission on the file :

# setfacl -m g:accounts:rw /tmp/test

FACLs for multiple user and groups can also be set with single command :

# setfacl -m u:john:rw,g:accounts:rwx /tmp/test

Default ACLs

By setting a default ACL, you’ll determine the permissions that will be set for all new items that are created in the directory. But the permissions of existing files and subdirectories remains same.

To create a default FACL on a directory :

# setfacl -m default:u:john:rw /accounts

Notice the default permissions in the getfacl command :

# getfacl accounts/
# file: accounts/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:john:rw-
default:group::r-x
default:mask::rwx
default:other::r-x

Removing FACLs

To remove ACLs, use the setfacl command with -x option :

# setfacl -x u:john /tmp/test

The above command removes the ACL for the user john on the file /tmp/test. The ACLs for other user/groups if any remains unaffected. To remove all ACLs associated to a file use the -b option with setfacl :

# setfacl -b /tmp/test
You can also create a backup of ACLs using getfacl, and restore ACLs using setfacl command. To create the backup, use getfacl -R /dir > file.acls. To restore the settings from the backup file, use setfacl –restore=file.acl

Filed Under: CentOS/RHEL 7, RHCSA notes

Some more articles you might also be interested in …

  1. Passwordless SSH not working for local users on LDAP servers – CentOS/RHEL 7
  2. SSH Login Stuck At : “debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP” CentOS/RHEL 7
  3. How to install and Configure VNC (TigerVNC) server in CentOS / RHEL 7
  4. How to add Source, Services and Ports to Firewall Zone in CentOS/RHEL 7 and 8
  5. How to configure and Manage Network Connections using nmcli
  6. How To Disable Or Extend System Logging Rate-limit on CentOS/RHEL 7
  7. How to Change Timezone from CST To EST in CentOS/RHEL 7 Server
  8. Why Does “/var/log/messages” Report Martian Packets
  9. How to Reinstall Corrupted Library with yum
  10. Audit Rule Configuration not Reflected – How to troubleshoot

You May Also Like

Primary Sidebar

Recent Posts

  • pw-cat Command Examples in Linux
  • pvs: command not found
  • pulseaudio: command not found
  • pulseaudio Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright