configure access control lists

How to Configure Access Control Lists (ACL) in Linux

Access Control Lists (ACL) is a popular access and permission control mechanism used by businesses and enterprises all over the world. It is mostly used on Windows systems. In this article, we will look at how to configure access control lists in Linux. ACL provides a more comprehensive permission management system than the read-write-execute permissions available in Linux.


How to Configure Access Control Lists (ACL) in Linux

Here are the steps to install & configure access control lists in Linux.


1. Install ACL

Open terminal and run the following command to install ACL.

# yum install acl


2. Configure ACL on File System

Before you set ACL for a file, you need to enable it on the file’s file system. Please note, ACL is supported only on Ext3 and Ext4 filesystems.

Here is the command to check if ACL is enabled on your filesystem while mounting.

# mount
 /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw,noatime,acl)

Here is the command to enable ACL during remounting.

# mount -o remount,acl  /

In both the above commands, mention acl to enable ACL permissions.

If you want to enable ACL default on system bootup, add the following line to /etc/fstab

/dev/VolGroup00/LogVol00    /    ext3  defaults,acl  1 1


3. Configure ACL on File

setfacl utility allows you to set the ACL permissions for files & directories. Here is the command to set ACL on a file. Replace file path in bold as per your requirement.

# setfacl -m u:ubuntu:rwx /home/ubuntu/data.txt

Here is the above command in detail.

 -m - modify ACL.
  u - assign permission to a user
ubuntu - system user
rwx - file permissions.
/home/ubuntu/data.txt- file on which user ubuntu will get access.

There are 2 types of ACL rules associated with files & directories on a Linux system.

  • Access ACLs – access permission for single file or directory
  • Default ACLs – access permission for files in directory that does not have access ACL.

Here are the usual formats for permission rules in setfacl command.

  • u:name:permissions: Set access ACL for user (username or UID)
  • g:name:permissions: Set access ACL for the group (group name or GID)
  • m:permissions: Set effective rights mask. This is the union of all permissions of the owning group and all user and group entries.
  • o:permissions: Sets the access ACL for everyone else (others)

The permissions mentioned above are r, w, and x for read, write, and execute, respectively. 


4. Get ACL on File

getfacl utility allows you to get the ACL permissions for file or directory. Here is the command to get ACL permission on file.

# getfacl /home/ubuntu/data.txt

Here is the output.

# file: /home/ubuntu/data.txt
# owner: root
# group: root
user::rw-
user:ubuntu:rwx
group::r--
mask::rwx
other::r--


5. Remove ACL on file

If you need to remove ACL command in file, run the following command.

# setfacl -x u:ubuntu /home/ubuntu/data.txt

In the above command

-x – option to remove ACL permission
ubuntu – Linux system user
/home/ubuntu/data.txt – file for which ACL permission needs to be removed

In this article, we have looked at different aspects of ACL in Linux.

Also read:

How to Concatenate Multiple Lists in Python
How to Get MD5 Hash of String in Python
How to Split String by Delimiter in Python
How to Read File Line by Line in Python
How to Recover Deleted Files in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *