DEV Community

Murad Bayoun
Murad Bayoun

Posted on

8

Linux Access Control Lists (ACLs): A Simplified Guide with Examples

Access Control Lists (ACLs) are a flexible permission mechanism in Linux that allows you to set granular permissions on a per-user and per-group basis. They are an extension to the standard Unix permissions model and are particularly useful when more than one user or group needs access to a file or directory.

Understanding ACLs

In Linux, each file and directory has an associated ACL. An ACL consists of entries, each of which defines the permissions for a user or a group. There are three types of ACL entries:

  • User entries: Define permissions for a specific user.
  • Group entries: Define permissions for a specific group.
  • Other entries: Define permissions for users not matched by the user and group entries.

Each entry has a set of permissions associated with it, similar to the standard read (r), write (w), and execute (x) permissions.

Viewing ACLs

You can view the ACL of a file or directory using the getfacl command. For example:

$ getfacl myfile.txt
# file: myfile.txt
# owner: alice
# group: staff
user::rw-
user:bob:r--
group::r--
mask::r--
other::---
Enter fullscreen mode Exit fullscreen mode

In this example, the file myfile.txt is owned by alice and the staff group. alice has read and write permissions, bob has read-only permissions, and all other users have no permissions.

Modifying ACLs

You can modify the ACL of a file or directory using the setfacl command. For example, to give bob read and write permissions to myfile.txt, you would use:

$ setfacl -m u:bob:rw myfile.txt
Enter fullscreen mode Exit fullscreen mode

You can also remove an ACL entry using the -x option. For example, to remove bob's permissions, you would use:

$ setfacl -x u:bob myfile.txt
Enter fullscreen mode Exit fullscreen mode

Default ACLs

In addition to access ACLs, directories can also have default ACLs. These are used as a template for the ACL of new files and directories created within the directory.

You can set default ACLs using the d: prefix. For example, to set a default ACL giving bob read and write permissions, you would use:

$ setfacl -m d:u:bob:rw mydir
Enter fullscreen mode Exit fullscreen mode

In conclusion, Linux ACLs provide a powerful and flexible mechanism for managing file and directory permissions. They allow you to set permissions on a per-user and per-group basis, providing more granular control than the standard Unix permissions model.

๐Ÿ‘‹ While you are here

Reinvent your career. Join DEV.

It takes one minute and is worth it for your career.

Get started

Top comments (0)

๐Ÿ‘‹ Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay