Account Links: Cart | Register | Log In

Skip to content

Red Hat Knowledgebase
Red Hat Knowledgebase Search
Article translations:
Currently Being Moderated

How do I implement Access Controls Lists (ACLs) in Red Hat Enterprise Linux?

Article ID: 9977 - Created on: Jul 17, 2007 6:00 PM - Last Modified:  Jul 15, 2009 7:23 AM

Access Control Lists, or ACLs, provide an extension to the standand Linux file permissions. In order to use ACLs on a filesystem, the filesystem must be mounted with the acl option:

 



mount -o acl /home

 

You can set this option in /etc/fstab:

 



/dev/volume/home  /home   ext3  acl 1 2

 

or use tune2fs to set it as a default mount option:

 



tune2fs -o acl /dev/volume/home

 

 

To set ACLs for a file or directory, use the setfacl -m command.

 

To set an ACL for a user, use the following:

 



setfacl -m u:[user name]:[permissions] /directory/file

Example:
setfacl -m u:ray:rx /home/foo.txt

 

This gives the user ray read and execute access to the /home/foo.txt file.

 

To set an ACL for a group, use the following:

 



setfacl -m g:[group name]:[permissions] /directory/file

Example:
setfacl -m g:accounting:rwx /finance/foo.txt

 

This gives the group accounting read, write, and execute access to /finance/foo.txt.

 

To remove an ACL, use the following:

 



setfacl -x u:[user name] /directory/file

Example:
setfacl -x u:ray /home/foo.txt

 

This removes the user ray's read and execute permissions from the /home/foo.txt file.

 

To check the ACLs associated with a particular file, use the following:

 



getfacl /directory/file

Example:
getfacl /home/foo.txt

 

This will get the ACL information about /home/foo.txt. The output will look something like this:

 



# getfacl /home/foo.txt

getfacl: Removing leading '/' from absolute path names
# file: home/foo.txt
# owner: root
# group: root
user::rw-
user:ray:rx
group::r--
group:marketing:rwx
mask::rwx
other::r--

 

More information about Access Control Lists can be found on the setfacl and getfacl man pages.

 

Feedback from users like yourself is a critical factor in helping us make the Red Hat Knowledgebase as useful as possible.

More Like This

  • Retrieving data ...