Scribd
Upload
16 views5 pages

File/Directory Access Control List (FACL)

The document discusses File/Directory Access Control Lists (FACL) as a solution to the limitations of basic UNIX permissions, allowing for more granular access control for multiple users and groups. It explains the benefits of ACLs, how to set and manage them using commands like setfacl, and the requirements for file systems to support ACLs. Additionally, it covers the inheritance of ACLs for new files and the option to use a configuration file for frequently used ACLs.

Uploaded by

ahmed mohamed ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views5 pages

File/Directory Access Control List (FACL)

The document discusses File/Directory Access Control Lists (FACL) as a solution to the limitations of basic UNIX permissions, allowing for more granular access control for multiple users and groups. It explains the benefits of ACLs, how to set and manage them using commands like setfacl, and the requirements for file systems to support ACLs. Additionally, it covers the inheritance of ACLs for new files and the option to use a configuration file for frequently used ACLs.

Uploaded by

ahmed mohamed ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

File/Directory Access Control List (FACL):

Limitation of the basic UNIX permission:


provide read, write and execute permission for the three user classes: file owner,
file group and others only. However, some use cases require that files are accessed
with different file permission sets by multiple named users and groups.

ACL Benefits:

With ACLs, you can grant permissions to multiple users and groups, identified by
user name, group name, UID, or GID, using the same permission flags used with
regular file permissions: read, write, and execute.

It is used by the owner of a file or a directory to grant or deny specific user access.
Linux capability, can set ACLs on any file or directory. New files and
subdirectories automatically inherit ACL settings from the parent directory's
default ACL.

Note: it is recommended that we make changes on basic permissions than make


ACL.

For Example:

Ali needs to give read permission to Samir which is in marketing group to file1.txt

Before using ACL for a file or directory, the partition for a file or a directory must
be mounted with ACL and support the ACL. By default XFS file system support
the ACL.

If the File System did not support ACL, you can use this command:

[root@srv1 ~]# mount -t ext3 -o remount,acl /home

Then add the mount point to the /etc/fstab with the option defaults,acl

Note: the . in file1.txt means that there is no acl applied here, but selinux takes the
control of the file.
The command that is used to show details of ACL in file or directory:

If the ACL applied so it will be shown like the following + sign which means this
file have ACL.

To set ACL:
We set ACL entry on a file or directory by using setfacl command:

See Manual:
To remove the user entries from the file:

Note: The default behavior of setfacl is to recalculate the ACL mask entry, unless
a mask entry was explicitly given.

Note: If the uid or gid for a user or group name changes, the ACLs are not changed
to reflect the new uid or gid.

To remove all entries in ACL:

We can use multiple entries to file or directory as shown:

To make the acl applied to all old files in the directory or the subdirectories, not
only to file1.txt, we use the recursive option:
To set the acl to any newly created file in the directory (inheritance), we use the
default permission:

NOTE: The umask has no effect if a default ACL exists.

We can combine the Recursive and Default in one line:


Using ACL Entries from a File:
What if you have a lengthy ACL that needs to be used frequently? Rather than
typing it over and over again on the command line, you can save the ACL as a text
file and use it to apply ACLs to other files.

For example, we will create the ACL configuration file /home/ali/myacl

You might also like