Day 6 of #90DaysOfDevOps

File permissions with ACL

What is ACL?

ACL stands for Access Control Lists. Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with Linux file permissions.

Why ACL?

ACLs allow us to apply a more specific set of permissions to a file or directory without (necessarily) changing the base ownership and permissions.

ACL commands

Let's create a file test.txt in /tmp directory using ubuntu user and remove read access from others.

getfacl - Get file ACL. This command shows the permission of the file in detailed manner.

Here, you can check output of the ls and getfacl command before setting permission using ACL in ubuntu user.

Here, you can check output of ls in jack user.

See, jack user not able read the file test.txt.

Let's learn about setfacl command

setfacl - set file permission using ACL.

Here, we are setting read permission for test.txt file for jack user.

setfacl -m u:jack:r-- test.txt

-m - modify, u-user, jack-username, r---read permission, test.txt- file name

getfacl command will show the new permission added to file. "user:jack:r--"

Also, notice '+' sign in the "ls -ltr". It shows that the file permission is added using ACL.

Now, jack is able to read the file.

Let's add read and write permission to jack group.

To remove permission of a file for a user

setfacl -x u:jack:r test.txt

To remove permission for a file from all the user and groups which were added using ACL.

setfacl -b test.txt