Access Control List (ACL)

As a system administrator, we have to protect the files and data from unauthorized access.As we all are very much aware of the permissions we set for files and directories by using chmod,chown,chgrp, however, these permissions have some limitations and may not work as per our needs.We cannot assign different sets of permissions for different users on same directory or files, thus Access control list was implemented.

Before we set the Acl permission we need to check whether ACL is supported by the kernel.

1.Chech Kernel for ACL support.

execute the following command to check ACL support for the filesystem, POSIX_ACL=Y option, if you see ‘N’ instead of ‘Y’ it means kernel doesn’t support ACL, we need to recompile the  kernel

#grep   -i  acl /bootconfig*

Types of ACL

There are two types of ACL available

1.Access ACL Used for allowing permissions on any directory or file

2.Default ACL – Used for granting access control list on a specific directory only.

Note:1 In default, ACL can be used only on directory level, if any subdirectory or file created within that directory will inherit the ACLs from its parent directory.On the other hand, a file inherits the  default ACL’S as its access ACL’s

Note:2 we use “-d” for setting the default ACL’s(default ACL’s are optional only)

Ex:1 To check the ACL details for a directory


#getfacl   <Directory name>
#getfacl   /SAN

Before setting the default ACL the permissions would like above

To set the default ACL’s to a directory we will use the command “setfacl”  command.,In this example setfacl command will set read and write permission for the direcrtory /SAN.

-m indicates Modify

#setfacl  -m  d:o:rw  /SAN

After assigning the default ACL’s the permission would look like this

#getfacl  /SAN

Ex:2 To set a ACL permission for a file or directory use the setfqacl command, here in this example we will assign read and write permission to the user linuxvasanth1

Let me check the default permission set  for the file /mydoc  berfore we assign the  ACL

#getfacl  /mydoc

As you can see from the above output the file has the default permission sets only.

Now set the ACL,

#setfacl  -m u:linuxvasanth1:rw  /mydoc

Now check the ACL permission again

#getfacl /mydoc

From the above output, ACL permission set is successfully assigned to the file

Ex:3 Remove the ACL permission

To remove the ACL’s permissions we will use the option -x and -b with setfacl command

#setfacl   -x ACL file/directory (This will remove only specified ACL from file/directory)
#setfacl  -b  ACL  file/directory (This will remove all ACL from a file/directory)

In this example am going to remove the user linuxvasanth1 from the file /mydoc

#setfacl  -x  u:linuxvasanth1  /mydoc

Now run the getfacl command to check

#getfacl    /mydoc

As you can see from the above output the user has been successfully removed from the ACL set

Never miss any article from this blog ,Kindly do like my FB page Learn Linux in a easier way

If you found this article useful, Kindly Subscribe here 👉👉🏿Click this link to Subscribe











About Author:

Hello readers! Let me introduce my self first. My name is Vasanth Nirmal Singh J S having 9+ years of experience in IT on all flavours of Unix operating systems ,Storage's and many more .. I would like to share my technical experience i have come across - can be help to other people. So in this blog, I'll post my thoughts related to ITIS. I'll share experiences that I've had while working in different environments. You can expect content related to Unix,Solaris,Linux,EMC Storeages,HP-UX and many others. I hope this blog can be useful for you! Your comments will be appreciated!

Leave a Reply

Your email address will not be published. Required fields are marked *