(ACL) Access Control List in Linux

Access Control List

What is ACL ?

ACL (Access Control List) is an advanced permission mechanism in Linux.Unlike the basic and regular way of giving permissions to one user that is the owner of a file and one group that is the group owner of a file using the “chmod” command, if you have to give additional permissions to another user or another group on a file without making the user a member of the group, you will have to use ACL to do it.With ACL, you can give permissions to two or more users and groups that are not owners of the file.

When permission is set on a file or directory using ACL, it displays a “+” sign when a list command is used.

For example, from the screen-shot below, a list command is used on a file that the permission has been set using ACL.

You can see the “+” sign, which indicates that ACL is used on the file.

Important Point

In old linux kernel ACL is by default not supported So it’s good practice to check that ACL is supported on your system or not

You Can See ACL=Y means ACL is supported on your system

How To Install ACL Utilities In Linux

For RedHat/Cent OS

For Debian / Ubuntu OS

How to Mount a file System with ACL file Permission

In my case I mount the a file system /dev/sdb1 (50G)

First Create a GUID Partition

Then Change it’s file type

Now Mount the file system with tune2fs Utility

What is tune2fs ?

Now To Check It’s Successfully Mounted or Not with ACL permission

What is Getfacl ?

The getfacl is the tool that is used to get an overview of an access control list on a file.

From the screen-shot above, you can see that it is also possible to view the permission on a file by using the “getfacl” command, just as when you use the “ls -l” command.

The getfacl command will display the file permissions set with chmod and the file permissions set with ACL

What is Setfacl ?

The setfacl is the tool that is used to set or change the access control list on a file. ACL’s in Linux are of two types. The access ACL and the default ACL.

First Let’s look into all the switches which setfact provides

There are some important switches which I highlighted

Example :

I Created a file

And I want to specify this file to some specific group For that I am going to use setfacl utility

-m:Modify g:Group

In this command I assign Finance Group to this january_sales file with read & write permission

How to completely Deny Deny Access & remove ACL From a User / Group In Linux

Example : I want to Revoke any permission with a specific user to the file which I created

As you can see any file permission with that specific user has been revoked

To Remove all the Entries from the ACL Includes User , Group

For User :

In my case it’s sourabh

Before :

After :

For Group :

Before :

After:

How To Set Permission For a User & Group On a Directory Using ACL

Make a Directory for test

Check permission in the directory using getfacl

Now set the file permission to a specific user with read write permission

setfacl -R -m u:sourabh:rw testacl/

As you can see User and Group both are sourabh with rwx Permission

Now To Check if ACL Is used on the file on not there is a method

+ Sign shows that ACL used in the directory/files

If you are confuse want to assign the default permission using ACL

d : For Default U:user -m:Modify

You Can use Default Permission with User, Group Both

Example

For User

For User

For Group

For Group

How To remove all ACL entries from a file & Directory

-b : For Remove all ACL entries

To Remove all the entries Recursive mode

As you can see + icon is gone scroll up for refrence

Done :)