Skip to main content

Security level access control list

Note: To use ACLs, you need to ensure that your file system supports ACLs (most modern Linux file systems do). Additionally, you may need to install the acl package if it's not already installed.

Here's how you can work with ACLs:

  1. Check if ACLs are supported:

    You can verify if your file system supports ACLs using the mount command:

    mount | grep acl

    If you see output with acl in it, ACLs are supported.

  2. Set an ACL for a User:

    Let's create a directory and set an ACL for a specific user:

    mkdir mydir
    setfacl -m u:username:permissions mydir
    • Example:

      mkdir mydir
      setfacl -m u:john:rwx mydir
  3. View ACL for a File or Directory:

    You can use the getfacl command to view the ACL of a file or directory:

    getfacl mydir
    • Example:

      getfacl mydir
    • Output (Example output showing ACL for a directory):

      # file: mydir
      # owner: user
      # group: group
      user::rwx
      user:john:rwx
      group::r-x
      mask::rwx
      other::r-x

    In this example, you can see that user "john" has read, write, and execute permissions on the "mydir" directory.

  4. Modify an Existing ACL:

    You can use setfacl to modify an existing ACL:

    setfacl -m u:username:permissions mydir
    • Example:

      setfacl -m u:john:rx mydir
  5. Remove an ACL Entry:

    To remove an ACL entry for a user:

    setfacl -x u:username mydir
    • Example:

      setfacl -x u:john mydir
  6. Remove All ACL Entries for a User:

    To remove all ACL entries for a user:

    setfacl -b -m u:username mydir
    • Example:

      setfacl -b -m u:john mydir
  7. Default ACLs (Recursively Apply ACLs to New Files and Directories):

    Default ACLs can be used to specify permissions that should be applied to all new files and subdirectories created within a directory.

    setfacl -d -m u:username:permissions mydir
    • Example:

      setfacl -d -m u:john:rw mydir