Linux ACL Permissions
Access Control Lists (ACLs) in Linux provide a more flexible permission mechanism for file systems. They allow you to define permissions for specific users or groups beyond the standard owner, group, and others model.
What is ACL?
ACLs allow you to grant or deny access to files and directories for specific users or groups. This is particularly useful in multi-user environments where the traditional permission model is insufficient.
Enabling ACL
To use ACLs, the file system must be mounted with ACL support. Most modern Linux distributions enable this by default. If not, you can remount the file system with the acl option:
sudo mount -o remount,acl /mount/pointBasic Commands
Set ACL
Use the setfacl command to set ACLs. For example:
setfacl -m u:username:rw file.txtThis grants read and write permissions to the user username for the file file.txt.
setfacl -m g:username:rw file.txtThis grants read and write permissions to the group username for the file file.txt.
setfacl -m o:username:rw file.txtThis grants read and write permissions to others for the file file.txt.
View ACL
Use the getfacl command to view ACLs:
getfacl file.txtRemove ACL
To remove an ACL entry, use:
setfacl -x u:username file.txtThis removes the ACL entry for the user username from the file file.txt.
To remove all ACL entries, use:
setfacl -b file.txtThis removes all ACL entries from the file file.txt.
Example
Suppose you have a file example.txt and you want to grant read and write permissions to a user named abhishek without changing the file's group or owner permissions.
- Set the ACL:
setfacl -m u:abhishek:rw example.txt - Verify the ACL:
getfacl example.txt
The output will show an additional entry for abhishek with the specified permissions.
Default ACL
Default ACLs can be set for directories so that new files and subdirectories inherit the ACL. For example:
setfacl -m d:u:username:rw /directory