Access Control Lists (ACL) is a popular access and permission control mechanism used by businesses and enterprises all over the world. It is mostly used on Windows systems. In this article, we will look at how to configure access control lists in Linux. ACL provides a more comprehensive permission management system than the read-write-execute permissions available in Linux.
How to Configure Access Control Lists (ACL) in Linux
Here are the steps to install & configure access control lists in Linux.
1. Install ACL
Open terminal and run the following command to install ACL.
# yum install acl
2. Configure ACL on File System
Before you set ACL for a file, you need to enable it on the file’s file system. Please note, ACL is supported only on Ext3 and Ext4 filesystems.
Here is the command to check if ACL is enabled on your filesystem while mounting.
# mount /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw,noatime,acl)
Here is the command to enable ACL during remounting.
# mount -o remount,acl /
In both the above commands, mention acl to enable ACL permissions.
If you want to enable ACL default on system bootup, add the following line to /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,acl 1 1
3. Configure ACL on File
setfacl utility allows you to set the ACL permissions for files & directories. Here is the command to set ACL on a file. Replace file path in bold as per your requirement.
# setfacl -m u:ubuntu:rwx /home/ubuntu/data.txt
Here is the above command in detail.
-m - modify ACL. u - assign permission to a user ubuntu - system user rwx - file permissions. /home/ubuntu/data.txt- file on which user ubuntu will get access.
There are 2 types of ACL rules associated with files & directories on a Linux system.
- Access ACLs – access permission for single file or directory
- Default ACLs – access permission for files in directory that does not have access ACL.
Here are the usual formats for permission rules in setfacl command.
- u:name:permissions: Set access ACL for user (username or UID)
- g:name:permissions: Set access ACL for the group (group name or GID)
- m:permissions: Set effective rights mask. This is the union of all permissions of the owning group and all user and group entries.
- o:permissions: Sets the access ACL for everyone else (others)
The permissions mentioned above are r, w, and x for read, write, and execute, respectively.
4. Get ACL on File
getfacl utility allows you to get the ACL permissions for file or directory. Here is the command to get ACL permission on file.
# getfacl /home/ubuntu/data.txt
Here is the output.
# file: /home/ubuntu/data.txt # owner: root # group: root user::rw- user:ubuntu:rwx group::r-- mask::rwx other::r--
5. Remove ACL on file
If you need to remove ACL command in file, run the following command.
# setfacl -x u:ubuntu /home/ubuntu/data.txt
In the above command
-x – option to remove ACL permission
ubuntu – Linux system user
/home/ubuntu/data.txt – file for which ACL permission needs to be removed
In this article, we have looked at different aspects of ACL in Linux.
How to Concatenate Multiple Lists in Python
How to Get MD5 Hash of String in Python
How to Split String by Delimiter in Python
How to Read File Line by Line in Python
How to Recover Deleted Files in Linux