Mastering ACL (Access Control List) Permissions in Linux

Sonica SonawaneSonica Sonawane
2 min read

Table of contents

In the world of Linux systems, managing file permissions is a daily task. The traditional permission model using owner, group, and others works well—but what happens when you want to grant specific access to a user who isn't part of a file’s group? That’s where Access Control Lists (ACLs) shine.

🔐 What is an ACL?

ACL (Access Control List) provides a more flexible and granular permission mechanism for file systems. With ACLs, you can grant specific users or groups different types of access to a file or directory—without altering the original ownership or group association.

Imagine this:

You have a developer named nina who needs read/write access to a project folder owned by another team. She isn’t part of that team’s Unix group. Adding her to the group could break team boundaries or policies. What’s the workaround?

You guessed it—ACLs.

🔍 Viewing ACLs

To check the existing ACLs on a file or directory:

getfacl <filename or directory>

Example:

getfacl /project_alpha

This shows you the ACL entries set for /project_alpha.

🛠️ Setting ACLs

You can assign ACLs for users or groups using setfacl.

👤 Granting permissions to a user:

setfacl -m u:nina:rwX /project_alpha

This gives user nina read, write, and conditional execute permissions on the /project_alpha directory.

🧹 Removing user permissions:

setfacl -x u:nina /project_alpha

👥 Granting permissions to a group:

setfacl -m g:design_team:rx /project_alpha

This lets group design_team read and execute files in /project_alpha.

🧼 Removing group permissions:

setfacl -x g:design_team /project_alpha

🔄 Resetting all ACLs:

setfacl -b /project_alpha

Removes all ACL entries—like a permission reset button.

🧠 Final Thoughts

ACLs are a fantastic tool for fine-tuning access control. Whether you’re managing cross-functional teams or simply need temporary access for a collaborator, ACLs provide the flexibility that traditional Unix permissions can’t.

Experiment with ACLs on a sandbox folder, and you’ll see just how helpful they can be.

✍️ Have you used ACLs in your workflow? Drop your experience below—I’d love to hear how you’re using them!

1
Subscribe to my newsletter

Read articles from Sonica Sonawane directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxlinux for beginnerslinux-basicsDevopsDevOps JourneyCloudCloud Computingcloudbeginner

Written by

Sonica Sonawane
Sonica Sonawane

Hi, I'm Sonica! 👋 I’m currently diving into the world of DevOps, focusing on AWS, Docker, Kubernetes, Linux, and GitHub. My passion lies in automating systems, building cloud infrastructure, and optimizing workflows. I’m committed to continuous learning, hands-on projects, and sharing my journey with others in the tech community. Before shifting to DevOps, I worked in IT Sales, where I gained valuable skills in client communication, requirement gathering, and problem-solving. This experience taught me how to connect technical solutions to business needs, which has been instrumental as I transition into DevOps, where technical expertise and problem-solving go hand in hand. Now, I’m eager to apply my sales experience alongside my growing technical skills in cloud engineering and DevOps. Join me as I explore the latest trends, challenges, and solutions in the world of cloud computing!