What is ACL?
Due to the limitations of permission/ownership setup with the files/folder in Linux (for example we cannot setup different permission for different users to access the same file). To overcome this problem ACL (Access Control Lists) are introduced. We can use the setfacl & getfacl command to setup the acl for folder and files.
Setting up ACL’s using setfacl
In the below example, i have created two separate users called user1 and user2 and i am going to setup full access and partial access to the /root directory for this two users (which is the home directory for root). The first user user1 will have full access and the second user2 have only the read and execute permissions.
- # setfacl -m u:user1:rwx /root
# setfacl -m u:user2:rx /root
You can verify the permission setup using the getfacl command (you will also see a special + sign at the end of the folder permission which shows the ACL has been setup for the directory).
drwxrwx—+ 4 root root 4096 May 4 00:19 root
Screen-caps below.
- Output of Getfacl
Removing ACL’s using setfacl
We can also remove the ACL using the setfacl. For example.
- # setfacl -x u:user1 /root
# setfacl -x u:user2 /root
Will remove all the acls for both the users (user1 & user2) on the /root directory. You can also verify it using the getfacl /root command.
Setfacl Man page : http://linux.die.net/man/1/setfacl