Basic ACLs in Linux

lock

ACL -- Access Control List is a wonderful feature in linux that enables system administrators to add additional permissions on a linux folder or file. These permissions can be assigned to a user or group on a folder or a file.

 

In newer disk partition formats such as xfs, ACLs are enabled by default. However, in older formats such as ext3, etc this feature has to be enabled separately while mounting the partition, weather via the fstab, or the mount command if the mount is not permanent.

Give read and write permissions to user smith:
]# setfacl -m u:smith:rw /project/somefile

Remove all permissions from the user with UID 601:
]# setfacl -x u:601 /project/somefile

To set the default ACL for the /share/ directory to read only for users not in the linux user group (an access ACL for an individual file can override it):
]# setfacl -m d:o:r /share

 

The -d or the default option in setfacl will allow us to set an acl rule to be the default rule. When this ACL is set on a folder, it ensures all new files or folders created within that folder inherits the same ACL rules.
]# setfacl -dm g:testusers:r /folder/sub/

Retrieving ACLs on a file
]# getfacl home/sam/picture.png

Give the testusers group permission to read from the data1
]# setfacl -m g:testusers:r data1/

Command to check if ACLs are assigned to a file. Notice the + symbol at the end ..

]# ls -lA /data/Win/FIN/Test/fgdfgsf.xlsx

  • -rwxrwxr--+ 1 smith domain users 6179 Dec 24 01:06 /data/Win/FIN/Test/fgdfgsf.xlsx

 

Remove all ACLs on a folder

]# setfacl -b /folder1

Remove all ACLs on a folder and its sub-folders. This may take time.

]# setfacl -Rb /folder1