search

Chapter 4

Controlling access to files with ACLS

hashtag
getfacl Command

  • getfacl: Displays the Access Control List (ACL) for a file or directory.

    bashCopy codegetfacl file

hashtag
setfacl Command

  • setfacl: Modifies the ACL of a file or directory.

    bashCopy codesetfacl options file

hashtag
setfacl Examples

  1. Set ACL for a user with read and execute permissions if the file is a directory (otherwise read-only):

    bashCopy codesetfacl -m u:name:rX file

    • u:name: Specify the user.

    • rX: Read and execute permission (execute only if the file is a directory).

  2. Set ACL for a group with read and write permissions:

    bashCopy codesetfacl -m g:name:rw file

    • g:name: Specify the group.

    • rw: Read and write permissions.

  3. Remove all permissions for others:

    bashCopy codesetfacl -m o::- file

    • o::-: No permissions for others.

  4. Set multiple ACL entries for user, group, and others:

    bashCopy codesetfacl -m u::rwx,g:consultants:rX,o::- file

    • u::rwx: User has read, write, and execute permissions.

    • g:consultants:rX: Group 'consultants' has read and execute permissions.

    • o::-: No permissions for others.

  5. Copy ACLs from one file to another:

    bashCopy codegetfacl file-A | setfacl --set-file=- file-B

    • getfacl file-A: Get ACL of file-A.

    • setfacl --set-file=- file-B: Apply the ACL of file-A to file-B.

  6. Set the mask for the ACL:

    bashCopy codesetfacl -m m::r file

    • m::r: Set the mask to read-only.

  7. Recursively set ACL for a user with read and execute permissions on a directory and its contents:

    bashCopy codesetfacl -R -m u:name:rX directory

    • -R: Recursive.

    • u:name:rX: User has read and execute permissions.

  8. Remove ACL entries for a user and a group:

    bashCopy codesetfacl -x u:name,g:name file

    • -x u:name,g:name: Remove ACL entries for the specified user and group.

  9. Remove all ACL entries:

    bashCopy codesetfacl -b file

    • -b: Remove all ACL entries.

  10. Set default ACL for a user with read and execute permissions on a directory:

    bashCopy codesetfacl -m d:u:name:rx directory

    • d:u:name:rx: Default ACL for the specified user with read and execute permissions.

  11. Remove default ACL for a user:

    bashCopy codesetfacl -x d:u:name directory

    • -x d:u:name: Remove default ACL for the specified user.

  12. Recursively set ACL for a group with read, write, and execute permissions on a directory and its contents:

    bashCopy codesetfacl -Rm g:consultants:rwX /shares/content

    • -Rm: Recursive with the mask.

    • g:consultants:rwX: Group 'consultants' has read, write, and execute permissions.

  13. Recursively remove ACL for a user:

    bashCopy codesetfacl -Rm u:consultant1:- /shares/content

    • u:consultant1:-: Remove all permissions for 'consultant1'.

  14. Set default ACL for a group with read, write, and execute permissions on a directory:

    bashCopy codesetfacl -m d:g:consultants:rwx /shares/content

    • d:g:consultants:rwx: Default ACL for the group 'consultants' with full permissions.

  15. Set default ACL for a user with no permissions on a directory:

    bashCopy codesetfacl -m d:u:consultant1:- /shares/content

    • d:u:consultant1:-: Default ACL for 'consultant1' with no permissions.

  16. Recursively set ACL for a group with read, write, and execute permissions on a directory and its contents:

    bashCopy codesetfacl -Rm g:contractors:rwX /shares/cases

    • g:contractors:rwX: Group 'contractors' has read, write, and execute permissions.

  17. Recursively set ACL for a user with read and execute permissions on a directory and its contents:

    bashCopy codesetfacl -Rm u:contractor3:rX /shares/cases

    • u:contractor3:rX: User 'contractor3' has read and execute permissions.

  18. Set default ACL for a group with read, write, and execute permissions on a directory:

    bashCopy codesetfacl -m d:g:contractors:rwx /shares/cases

    • d:g:contractors:rwx: Default ACL for 'contractors' with full permissions.

  19. Set default ACL for a user with read and execute permissions on a directory:

    bashCopy codesetfacl -m d:u:contractor3:rx /shares/cases

    • d:u:contractor3:rx: Default ACL for 'contractor3' with read and execute permissions

PreviousChapter 3NextChapter 5

Last updated