Account Links: Cart | Register

Skip to content

Red Hat Knowledgebase
Advanced Search, Search Tips
Currently Being Moderated

How do I implement Access Controls Lists (ACLs) in Red Hat Enterprise Linux 5?

Article ID: 9977 - Created on: Jul 17, 2007 6:00 PM - Last Modified:  Nov 15, 2007 6:00 PM

Access Control Lists or ACLs provide an additional security measure beyond permissions to files and directories. In order to use ACLs on a filesystem, the filesystem must be mounted with the acl option:

 



mount -o acl /home

 

To set ACLs for a user, group or directory, use the setfacl -m command.

 

To set an ACL for a user, use the following:

 



setfacl -m u:[user name]:[permissions] /directory/file

Example:
setfacl -m u:ray:rx /home/foo.txt

 

This gives the user ray read and execute access to the /home/foo.txt file.

 

To set an ACL for a group, use the following:

 



setfacl -m g:[group name]:[permissions] /directory/file

Example:
setfacl -m g:accounting:rwx /finance/foo.txt

 

This gives the group accounting read, write, and execute access to /finance/foo.txt.

 

To set an ACL for a directory (and any future contents in it), use the following:

 



setfacl -m d:u:[directory name]:[permissions] /directory

Example:
setfacl -m d:u:marketing:rwx /brochures

 

This gives the users of marketing group read, write, and execute access to the brochures directory.

 

To remove an ACL, use the following:

 



setfacl -x u:[user name]:[permissions] /directory/file

Example:
setfacl -x u:ray:rx /home/foo.txt

 

This removes the user ray's read and execute permissions from the /home/foo.txt file.

 

To check the ACLs associated with a particular group, use the following:

 



getfacl /directory/file

Example:
getfacl /home/foo.txt

 

This will get the ACL information about /home/foo.txt. The output will look something like this:

 



# getfacl /home/foo.txt

getfacl: Removing leading '/' from absolute path names
# file: home/foo.txt
# owner: root
# group: root
user::rw-
user:ray:rx
group::r--
group:marketing:rwx
mask::rwx
other::r--

 

More information about Access Control Lists can be found on the setfacl and getfacl man pages.

Tags: rhel5
Leave some feedback about this article.
There was an error generating the form. Please contact the administrator.

More Like This

  • Retrieving data ...