DEV Community

Cover image for Access Control Lists (ACLs)
Aryan Vaishnani
Aryan Vaishnani

Posted on

Access Control Lists (ACLs)

#ubuntu #linux #devops #learning

ACL means Access Control List.

ACL gives extra permissions on files and folders.

Normally Linux permissions are only:

  1. Owner
  2. Group
  3. Others

ACL lets you give permission to a specific user or group without changing owner/group.

Very useful in real servers.

Why ACL?

Normal permission example:

  • rw-r-----

Owner:

aryan

Group:

developers

Now another user:

devuser

needs access.

Without ACL:

  • change owner, or
  • change group

With ACL:

  • directly give access

Much easier.

Check ACL Support

Most Linux systems support ACL.

Check mount:

mount | grep acl

Commands Used

Command Purpose
getfacl view ACL
setfacl set ACL
  1. View ACL

Example:

getfacl file.txt

Output:

user::rw-

group::r--

other::r--

1. Give user permission

Example:

setfacl -m u:devuser:rwx file.txt

Meaning:

  • u = user
  • devuser = username
  • rwx = permission
  • m = modify

Now only that user gets access.

Example

setfacl -m u:aryan:r file.txt

Aryan can read.

2. Give group permission

setfacl -m g:developers:rw file.txt

Group gets read/write.

3. Check ACL Again

getfacl file.txt

Example:

user::rw-

user:devuser:rwx

group::r--

group:developers:rw-

other::r--

4. Remove ACL for user

setfacl -x u:devuser file.txt

5. Remove all ACL

setfacl -b file.txt

ACL on Directories

Example:

setfacl -m u:devuser:rwx project/

User can access folder.

Default ACL

New files inside folder inherit ACL.

Example:

setfacl -d -m u:devuser:rwx project/

  • d = default

Very useful for team folders.

Check with ls -l

Example:

ls -l

Output:

  • rw-r--r--+

Notice:

+

  • means ACL exists.

Real-World Example

Shared DevOps folder:

mkdir /srv/project

Give developer access:

sudo setfacl -m u:devuser:rwx /srv/project

Now:

  • owner unchanged
  • group unchanged
  • devuser gets access

Easy Difference

Normal Linux permission:

owner / group / others

ACL:

extra user or extra group permission

Best Use Cases

  1. Shared project folder
  2. Web server access
  3. Backup scripts
  4. Team-based access
  5. DevOps shared files

Quick Summary

Command Purpose
getfacl file view ACL
setfacl -m u:user:rwx file add user ACL
setfacl -m g:group:rw file add group ACL
setfacl -x u:user file remove user ACL
setfacl -b file remove all ACL

Conclusion

  • ACL gives extra permissions.
  • More flexible than normal Linux permissions.
  • Useful when one specific user/group needs access.
  • Common in Linux administration and DevOps.

Top comments (0)