Access Control Lists (ACL) provides flexible permission mechanism for file system. ACL assists with file permission, it allows to give permissions for any user or group to any directory or file.
Using ACL you can also give required access to a user which is not a member of a group. Basically we can ACL to make a flexible permission mechanism in linux.
setfacl and getfacl are used for Setting up ACL and showing ACL respectively.
Now we will demonstrate some examples of ACL.
Lets suppose you have a file named test.acl in root directory and you want to check the ACL details of that file. just simply run the following command:
as you can see from the output the file belong to user and group “root”. user has read permission and group and other have only read permission.
You can also change the ACL conditions of the file.
Following are the basic commands to use while setting ACL or changing ACL.
1) To add permission for user setfacl -m "u:user:permissions" /path/to/file 2) To add permissions for a group setfacl -m "g:group:permissions" /path/to/file 3) To allow all files or directories to inherit ACL entries from the directory it is within setfacl -dm "entry" /path/to/dir 4) To remove a specific entry setfacl -x "entry" /path/to/file 5) To remove all entries setfacl -b path/to/file
Now suppose you want to give read and write permission to “test.acl” file placed in root, you will run the following command:
setfacl -m "u:root:rwx" test.acl
As you can see in the above mentioned output we have changed the permission to read and write for user root.
Now suppose that you want to remove added entries of test.acl file. You simply have to run the following command:
setfacl -b test.acl
In above output you can clearly see that permission for user root that was added by me has been removed.
Similarly you can change the permission using ACL according to your need.