An access control list (ACL) is a list of permissions attached to a file/folder. ACL specifies which users or system processes are granted access to files/folders.

Setfacl It is a command that allows you to set the ACL information for a file or directory. They are used to allow permissions to be set for individual groups and users and not just the owning user, owning group, and all other users

$ setfacl -m u:<username>:r <filename>

u- user

r- read

The above command grants a user additional read access to a file.

Example

# touch test

# ls -sl test

0 -rw-r–r– 1 root root 0 Jul 7 18:52 test

setfacl -m u:testuser:r test

# ls -ls test

4 -rw-r–r–+ 1 root root 0 Jul 7 18:52 test

The little “+” at the end of access rights column indicates that the file has ACL set.

$ setfacl -m m::rx <filename>

The above command revokes write access from all groups and all named users.

$ setfacl -x g:staff <filename>

The above command removes a named group entry from a files ACL.

setfacl -b <filename>

The above command deletes ACL set for the file.

Getfacl

The getfacl utility displays the owner, the group, and the Access Control List (ACL). For each directory argument, getfacl displays the owner, the group, and the ACL and/or the default ACL. Only directories contain default ACLs.

With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it exists.

getfacl <filename>

example

getfacl test

# getfacl test

# file: test

# owner: root

# group: root

user::rw-

user:test:rw-

group::r–

mask::rw-

other::r–

If you require help, contact SupportPRO Server Admin