Mastering Linux Permissions: An Introduction to ACL, setfacl, and getfacl

Access Control List (ACL)

An Access Control List (ACL) is a set of rules attached to files or directories in Linux that allows administrators to specify permissions for individual users or groups beyond the traditional Owner, Group, and Others permissions. ACLs provide fine-grained access control, allowing you to assign custom permissions to specific users or groups.

setfacl

The setfacl command in Linux is used to set or modify ACL entries on files and directories. It allows administrators to add or remove specific access permissions for users or groups.

Example:

setfacl -m u:username:permissions filename

Here, -m modifies the ACL, u:username:permissions specifies the user and access rights, and filename is the target file or directory.

getfacl

The getfacl command in Linux displays the ACL entries associated with a file or directory. It provides a detailed view of both standard and ACL-based permissions.

Example:

getfacl filename

This command shows the permissions for all users and groups associated with the specified file or directory.

Adding permission to user:

To add ACL permissions for a specific user, use the setfacl command.

Syntax to add ACL for a user

setfacl -m u:<username>:<permissions> <file/directory>

and check with the command getfacl testfile

Adding Permissions for a Specific Group

To add ACL permissions for a group, you can use the setfacl command similarly, specifying g:<groupname>.

Syntax to add ACL for a group

setfacl -m g:<groupname>:<permissions> <file/directory>

Removing a Specific User or Group Entry

To remove ACL permissions for a specific user , use the -x option with setfacl.

Syntax to remove ACL for a user

setfacl -x u:<username> <file/directory>

Removing All ACL Entries

To clear all ACL entries and revert to default permissions, use the -b option with setfacl.

Remove all ACL entries from a file or directory

setfacl -b <file/directory>