(ACL) Access Control List in Linux
What is ACL ?
ACL (Access Control List) is an advanced permission mechanism in Linux.Unlike the basic and regular way of giving permissions to one user that is the owner of a file and one group that is the group owner of a file using the “chmod” command, if you have to give additional permissions to another user or another group on a file without making the user a member of the group, you will have to use ACL to do it.With ACL, you can give permissions to two or more users and groups that are not owners of the file.
When permission is set on a file or directory using ACL, it displays a “+” sign when a list command is used.
For example, from the screen-shot below, a list command is used on a file that the permission has been set using ACL.
You can see the “+” sign, which indicates that ACL is used on the file.
Important Point
In old linux kernel ACL is by default not supported So it’s good practice to check that ACL is supported on your system or not
How To Install ACL Utilities In Linux
How to Mount a file System with ACL file Permission
In my case I mount the a file system /dev/sdb1 (50G)
First Create a GUID Partition
Then Change it’s file type
Now Mount the file system with tune2fs Utility
What is tune2fs ?
Now To Check It’s Successfully Mounted or Not with ACL permission
What is Getfacl ?
The getfacl is the tool that is used to get an overview of an access control list on a file.
From the screen-shot above, you can see that it is also possible to view the permission on a file by using the “getfacl” command, just as when you use the “ls -l” command.
The getfacl command will display the file permissions set with chmod and the file permissions set with ACL
What is Setfacl ?
The setfacl is the tool that is used to set or change the access control list on a file. ACL’s in Linux are of two types. The access ACL and the default ACL.
First Let’s look into all the switches which setfact provides
Example :
I Created a file
In this command I assign Finance Group to this january_sales file with read & write permission
How to completely Deny Deny Access & remove ACL From a User / Group In Linux
Example : I want to Revoke any permission with a specific user to the file which I created
To Remove all the Entries from the ACL Includes User , Group
For User :
In my case it’s sourabh
Before :
After :
For Group :
Before :
After:
How To Set Permission For a User & Group On a Directory Using ACL
Make a Directory for test
Check permission in the directory using getfacl
Now set the file permission to a specific user with read write permission
setfacl -R -m u:sourabh:rw testacl/
Now To Check if ACL Is used on the file on not there is a method
If you are confuse want to assign the default permission using ACL
You Can use Default Permission with User, Group Both
Example
For User
For Group
How To remove all ACL entries from a file & Directory
To Remove all the entries Recursive mode
Done :)