An access control list<\/b> (ACL)<\/b> is a list of permissions attached to a file\/folder. ACL specifies which users or system processes are granted access to files\/folders.<\/p>\n
Setfacl It is a command that allows you to set the ACL information for a file or directory. They are used to allow permissions to be set for individual groups and users and not just the owning user, owning group, and all other users<\/p>\n
$ setfacl -m u:<username>:r <filename><\/p>\n
u- user<\/p>\n
r- read<\/p>\n
<\/p>\n
<\/p>\n
The above command grants a user additional read access to a file.<\/p>\n
Example<\/p>\n
# touch test<\/p>\n
# ls -sl test<\/p>\n
0 -rw-r–r– 1 root root 0 Jul 7 18:52 test<\/p>\n
setfacl -m u:testuser:r test<\/p>\n
# ls -ls test<\/p>\n
4 -rw-r–r–+ 1 root root 0 Jul 7 18:52 test<\/p>\n
The little “+” at the end of access rights column indicates that the file has ACL set.<\/b><\/p>\n
$ setfacl -m m::rx <filename><\/p>\n
The above command revokes write access from all groups and all named users.<\/p>\n
$ setfacl -x g:staff <filename><\/p>\n
The above command removes a named group entry from a files ACL.<\/p>\n
setfacl -b <filename><\/p>\n
The above command deletes ACL set for the file.<\/p>\n
Getfacl<\/p>\n
The getfacl utility displays the owner, the group, and the Access Control List (ACL). For each directory argument, getfacl displays the owner, the group, and the ACL and\/or the default ACL. Only directories contain default ACLs.<\/p>\n
With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it exists.<\/p>\n
getfacl <filename><\/p>\n
example<\/p>\n
getfacl test<\/p>\n
# getfacl test<\/p>\n
# file: test<\/p>\n
# owner: root<\/p>\n
# group: root<\/p>\n
user::rw-<\/p>\n
user:test:rw-<\/p>\n
group::r–<\/p>\n
mask::rw-<\/p>\n
other::r–<\/p>\n
If you require help, contact SupportPRO Server Admin<\/a><\/p>\n
![\"Server](\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\")
<\/a><\/span>