Skip to main content

What are ACLs in Linux?



ACL stands for Access Control List, which is a set of rules that define who can access or modify a file or a directory in Linux. Unlike the regular permissions, which only allow you to specify the access rights for the owner, the group, and the others, the ACLs allow you to specify the access rights for any user or group, as well as the default permissions for new files and directories.

What is the getfacl command?

The getfacl command is used to display the ACLs of a file or a directory. The syntax of the getfacl command is:

getfacl [options] file

The output of the getfacl command shows the following information:

  • The file name
  • The owner of the file
  • The group of the file
  • The regular permissions of the file (same as the output of ls -l)
  • The ACL entries of the file, which consist of the following fields:
    • The type of the entry, which can be one of the following:
      • u for user
      • g for group
      • o for others
      • m for mask
      • d for default
    • The name or ID of the user or group, or empty for others or mask
    • The permissions of the entry, which can be one of the following:
      • r for read
      • w for write
      • x for execute
        • for no permission

For example, the output of getfacl file1 may look like this:

# file: file1
# owner: root
# group: root
user::rw-
user:alice:rwx
group::r--
mask::rwx
other::r--

This means that the file1 has the following ACLs:

  • The owner (root) has read and write permissions
  • The user alice has read, write, and execute permissions
  • The group (root) has read permission
  • The mask, which determines the maximum permissions for the user and group entries, has read, write, and execute permissions
  • The others have read permission

What is the setfacl command?

The setfacl command is used to set or modify the ACLs of a file or a directory. The syntax of the setfacl command is:

setfacl [options] -m entry file

The -m option specifies the entry to be added or modified, which has the same format as the output of the getfacl command. For example, to grant the user bob read and write permissions on file1, you can use the following command:

setfacl -m u:bob:rw file1

To remove an entry from the ACL of a file or a directory, you can use the -x option, followed by the entry to be removed. For example, to revoke the permissions of the user alice on file1, you can use the following command:

setfacl -x u:alice file1

To remove all the ACL entries from a file or a directory, you can use the -b option, which restores the regular permissions. For example, to remove all the ACLs from file1, you can use the following command:

setfacl -b file1

To set the default ACLs for a directory, which will be inherited by the new files and subdirectories created inside it, you can use the -d option, followed by the entry to be added or modified. For example, to set the default permissions for the group staff to read and write on the directory dir1, you can use the following command:

setfacl -d -m g:staff:rw dir1

To apply the ACLs recursively to all the files and subdirectories in a directory, you can use the -R option. For example, to grant the user alice read and execute permissions on all the files and subdirectories in dir1, you can use the following command:

setfacl -R -m u:alice:rx dir1

For more options and details, you can check the setfacl manual page by typing man setfacl in your terminal.

Additional Information

You can also use the getfacl command to copy the ACLs of one file or directory to another, by using the --set-file option. For example, to copy the ACLs of file1 to file2, you can use the following command:

getfacl file1 | setfacl --set-file=- file2

The - symbol indicates that the input is taken from the standard input, which is the output of the getfacl command.

You can also use the setfacl command to restore the ACLs from a backup file, by using the --restore option. For example, if you have saved the ACLs of file1 in a file named backup.acl, you can restore them by using the following command:

setfacl --restore=backup.acl

The backup file must have the same format as the output of the getfacl command.

I

Labels:

Popular posts from this blog

Cockpit vs. Webmin: A Detailed Comparison for Linux Administration

  Introduction In the realm of Linux system administration, having efficient tools for managing and monitoring servers is crucial. Two popular tools that system administrators often use are  Cockpit  and  Webmin . Both of these tools provide a graphical interface accessible via a web browser, simplifying the management of Linux systems. This blog post will explore what Cockpit and Webmin are, their purposes, a comparison table, and additional information to help you choose the right tool for your needs. What is Cockpit? Overview Cockpit is a web-based graphical interface for managing Linux systems. It is designed to be easy to use, enabling both experienced and novice administrators to manage their systems effectively. Cockpit integrates seamlessly with the system’s existing infrastructure, providing real-time monitoring and management capabilities. Purpose Cockpit is primarily used for: Monitoring system performance and resource usage Managing system services Handli...
Post a Comment
Read more

How to Set Up Custom Screen Resolution on Fedora 38 Permanently

  If you are using Fedora 38 as your operating system, you may have encountered some issues with the screen resolution. The default resolution may not be suitable for your monitor or your preferences, and you may want to change it to a higher or lower value. However, changing the resolution from the Settings menu may not work properly, or it may not persist after a reboot. In this blog post, I will show you how to set up a custom screen resolution on Fedora 38 permanently using some simple commands and configuration files. The first step is to disable the Wayland display server, which is the default display server for Fedora 38. Wayland is a modern and secure display server, but it may not support some custom resolutions or drivers. To disable Wayland, you need to edit the /etc/gdm/custom.conf file as root. You can use any text editor of your choice, such as nano, vim, or gedit. To open the file with nano, for example, you can type the following command in the terminal: sudo nano ...
Post a Comment
Read more

Key Concepts and Tools for a Linux System Administrator

  A Linux System Administrator needs to have a comprehensive understanding of various concepts and tools to manage, configure, and maintain Linux systems effectively. Below is a categorized list of essential skills and tools with brief descriptions. Category Key Concepts & Tools Description Operating System Linux Distributions (e.g., Fedora, Ubuntu, CentOS) Knowledge of different Linux distributions, their package management systems, and unique features. Kernel Configuration and Management Understanding how to configure and optimize the Linux kernel for different workloads. System Boot Process (GRUB, systemd) Familiarity with the boot process, bootloaders, and system initialization processes. Command Line Skills Bash Shell Scripting Ability to write and debug shell scripts for automation of tasks. Core Commands (ls, cp, mv, rm, find, grep, awk, sed) Proficiency in using basic and advanced command-line utilities for system management. File System File System Hierarchy Standard (...
Post a Comment
Read more