DEV Community

Murad Bayoun
Murad Bayoun

Posted on

Linux Access Control Lists (ACLs): A Simplified Guide with Examples

Access Control Lists (ACLs) are a flexible permission mechanism in Linux that allows you to set granular permissions on a per-user and per-group basis. They are an extension to the standard Unix permissions model and are particularly useful when more than one user or group needs access to a file or directory.

Understanding ACLs

In Linux, each file and directory has an associated ACL. An ACL consists of entries, each of which defines the permissions for a user or a group. There are three types of ACL entries:

  • User entries: Define permissions for a specific user.
  • Group entries: Define permissions for a specific group.
  • Other entries: Define permissions for users not matched by the user and group entries.

Each entry has a set of permissions associated with it, similar to the standard read (r), write (w), and execute (x) permissions.

Viewing ACLs

You can view the ACL of a file or directory using the getfacl command. For example:

$ getfacl myfile.txt
# file: myfile.txt
# owner: alice
# group: staff
user::rw-
user:bob:r--
group::r--
mask::r--
other::---
Enter fullscreen mode Exit fullscreen mode

In this example, the file myfile.txt is owned by alice and the staff group. alice has read and write permissions, bob has read-only permissions, and all other users have no permissions.

Modifying ACLs

You can modify the ACL of a file or directory using the setfacl command. For example, to give bob read and write permissions to myfile.txt, you would use:

$ setfacl -m u:bob:rw myfile.txt
Enter fullscreen mode Exit fullscreen mode

You can also remove an ACL entry using the -x option. For example, to remove bob's permissions, you would use:

$ setfacl -x u:bob myfile.txt
Enter fullscreen mode Exit fullscreen mode

Default ACLs

In addition to access ACLs, directories can also have default ACLs. These are used as a template for the ACL of new files and directories created within the directory.

You can set default ACLs using the d: prefix. For example, to set a default ACL giving bob read and write permissions, you would use:

$ setfacl -m d:u:bob:rw mydir
Enter fullscreen mode Exit fullscreen mode

In conclusion, Linux ACLs provide a powerful and flexible mechanism for managing file and directory permissions. They allow you to set permissions on a per-user and per-group basis, providing more granular control than the standard Unix permissions model.

Top comments (0)