Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

14.2. Setting Access ACLs

There are two types of ACLs: access ACLs and default ACLs. An access ACL is the access control list for a specific file or directory. A default ACL can only be associated with a directory; if a file within the directory does not have an access ACL, it uses the rules of the default ACL for the directory. Default ACLs are optional.

ACLs can be configured:

  1. Per user

  2. Per group

  3. Via the effective rights mask

  4. For users not in the user group for the file

The setfacl utility sets ACLs for files and directories. Use the -m option to add or modify the ACL of a file or directory:

setfacl -m <rules> <files>

Rules (<rules>) must be specified in the following formats. Multiple rules can be specified in the same command if they are separated by commas.

u:<uid>:<perms>

Sets the access ACL for a user. The user name or UID may be specified. The user may be any valid user on the system.

g:<gid>:<perms>

Sets the access ACL for a group. The group name or GID may be specified. The group may be any valid group on the system.

m:<perms>

Sets the effective rights mask. The mask is the union of all permissions of the owning group and all of the user and group entries.

o:<perms>

Sets the access ACL for users other than the ones in the group for the file.

White space is ignored. Permissions (<perms>) must be a combination of the characters r, w, and x for read, write, and execute.

If a file or directory already has an ACL, and the setfacl command is used, the additional rules are added to the existing ACL or the existing rule is modified.

For example, to give read and write permissions to user andrius:

setfacl -m u:andrius:rw /project/somefile

To remove all the permissions for a user, group, or others, use the -x option and do not specify any permissions:

setfacl -x <rules> <files>

For example, to remove all permissions from the user with UID 500:

setfacl -x u:500 /project/somefile

 
 
  Published under the terms of the GNU General Public License Design by Interspire