Difference between revisions of "Linux: Access Control Lists"

From Define Wiki
Jump to navigation Jump to search
(Created page with "== Access Control Lists == Access control lists provide a more fine grained level of file permissions. They allow access to a file or folder for a specific user. == Defau...")
 
(No difference)

Latest revision as of 16:57, 17 August 2013

Access Control Lists

Access control lists provide a more fine grained level of file permissions. They allow access to a file or folder for a specific user.

Default ACL

By default all files have an ACL associated with it. When looking at the default ACL the output is the same as the 'ls -l' command. It shows the basic ugo/rwx permissions. The ACL for the anaconda-ks.cfg is shown below. The permissions show that the file owner 'root' has read and write permissions on the file. 

[root@compute009 ~]# getfacl anaconda-ks.cfg
# file: anaconda-ks.cfg
# owner: root
# group: root
user::rw-
group::---
other::---

Checking the ACL

The ACL can be be checked withe the getfacl command. The output is shown above.

Modifying the ACL

The ACL can be modified with the setfacl command.

To add an entry to the ACL: 

setfacl -m u:<user>:rx <file>  #add/modify user with read and write permissions
setfacl -m g:<group>:w <file>  #add/modify group with write permissions

To remove an entry from the ACL: 

setfacl -x u:<user> <file>  #remove user
setfacl -x g:<group> <file>  #remove group

To revert the ACL: 

setfacl -b <file>  #remove all ACL entries


ACL Directory

Setting the ACL on a file is not enough. The directory in which the folder is stored must also have the ACL modifed.

Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Linux:_Access_Control_Lists&oldid=3104"