Chapter 4
Controlling access to files with ACLS
getfacl Command
getfacl Commandgetfacl: Displays the Access Control List (ACL) for a file or directory.bashCopy codegetfacl file
setfacl Command
setfacl Commandsetfacl: Modifies the ACL of a file or directory.bashCopy codesetfacl options file
setfacl Examples
setfacl ExamplesSet ACL for a user with read and execute permissions if the file is a directory (otherwise read-only):
bashCopy codesetfacl -m u:name:rX fileu:name: Specify the user.rX: Read and execute permission (execute only if the file is a directory).
Set ACL for a group with read and write permissions:
bashCopy codesetfacl -m g:name:rw fileg:name: Specify the group.rw: Read and write permissions.
Remove all permissions for others:
bashCopy codesetfacl -m o::- fileo::-: No permissions for others.
Set multiple ACL entries for user, group, and others:
bashCopy codesetfacl -m u::rwx,g:consultants:rX,o::- fileu::rwx: User has read, write, and execute permissions.g:consultants:rX: Group 'consultants' has read and execute permissions.o::-: No permissions for others.
Copy ACLs from one file to another:
bashCopy codegetfacl file-A | setfacl --set-file=- file-Bgetfacl file-A: Get ACL offile-A.setfacl --set-file=- file-B: Apply the ACL offile-Atofile-B.
Set the mask for the ACL:
bashCopy codesetfacl -m m::r filem::r: Set the mask to read-only.
Recursively set ACL for a user with read and execute permissions on a directory and its contents:
bashCopy codesetfacl -R -m u:name:rX directory-R: Recursive.u:name:rX: User has read and execute permissions.
Remove ACL entries for a user and a group:
bashCopy codesetfacl -x u:name,g:name file-x u:name,g:name: Remove ACL entries for the specified user and group.
Remove all ACL entries:
bashCopy codesetfacl -b file-b: Remove all ACL entries.
Set default ACL for a user with read and execute permissions on a directory:
bashCopy codesetfacl -m d:u:name:rx directoryd:u:name:rx: Default ACL for the specified user with read and execute permissions.
Remove default ACL for a user:
bashCopy codesetfacl -x d:u:name directory-x d:u:name: Remove default ACL for the specified user.
Recursively set ACL for a group with read, write, and execute permissions on a directory and its contents:
bashCopy codesetfacl -Rm g:consultants:rwX /shares/content-Rm: Recursive with the mask.g:consultants:rwX: Group 'consultants' has read, write, and execute permissions.
Recursively remove ACL for a user:
bashCopy codesetfacl -Rm u:consultant1:- /shares/contentu:consultant1:-: Remove all permissions for 'consultant1'.
Set default ACL for a group with read, write, and execute permissions on a directory:
bashCopy codesetfacl -m d:g:consultants:rwx /shares/contentd:g:consultants:rwx: Default ACL for the group 'consultants' with full permissions.
Set default ACL for a user with no permissions on a directory:
bashCopy codesetfacl -m d:u:consultant1:- /shares/contentd:u:consultant1:-: Default ACL for 'consultant1' with no permissions.
Recursively set ACL for a group with read, write, and execute permissions on a directory and its contents:
bashCopy codesetfacl -Rm g:contractors:rwX /shares/casesg:contractors:rwX: Group 'contractors' has read, write, and execute permissions.
Recursively set ACL for a user with read and execute permissions on a directory and its contents:
bashCopy codesetfacl -Rm u:contractor3:rX /shares/casesu:contractor3:rX: User 'contractor3' has read and execute permissions.
Set default ACL for a group with read, write, and execute permissions on a directory:
bashCopy codesetfacl -m d:g:contractors:rwx /shares/casesd:g:contractors:rwx: Default ACL for 'contractors' with full permissions.
Set default ACL for a user with read and execute permissions on a directory:
bashCopy codesetfacl -m d:u:contractor3:rx /shares/casesd:u:contractor3:rx: Default ACL for 'contractor3' with read and execute permissions
Last updated
Was this helpful?