1️⃣ What is ACL?
Access Control List (ACL) is an advanced permission mechanism in Linux that allows fine-grained control over file and directory permissions. It extends the standard user-group-other (UGO) permission model by allowing multiple users or groups to have different levels of access to the same file or directory.
2️⃣ Why Use ACL? (Use Cases)
🔹 Granular Permissions – Assign different permissions to multiple users or groups for the same file/directory.
🔹 Shared Filesystem Control – When multiple users need controlled access without changing ownership.
🔹 Overrides Standard Linux Permissions – Works beyond chmod and chown.
🔹 Role-based Access – Multiple users with different access rights.
3️⃣ How to Use ACL in RHEL 8
🟢 3.1 Check if ACL is Enabled
Most modern RHEL 8 filesystems (e.g., ext4, XFS) support ACL by default. Verify ACL support using:
tune2fs -l /dev/sda1 | grep acl # For ext4
or check mount options:
mount | grep acl
If ACL is not enabled, remount the filesystem with ACL support:
sudo mount -o remount,acl /dev/sda1
🟢 3.2 Install ACL Package
If ACL utilities are missing, install them using:
sudo dnf install acl -y
🟢 3.3 Set ACL Permissions
Syntax:
setfacl -m u:<username>:<permissions> <file/dir>
✅ Example: Give user john read (r) and write (w) permission on file.txt
setfacl -m u:john:rw file.txt
✅ Example: Give group developers execute (x) permission on script.sh
setfacl -m g:developers:x script.sh
✅ Example: Give read permission to everyone else (other)
setfacl -m o::r file.txt
🟢 3.4 View ACL Permissions
To check ACL permissions on a file or directory:
getfacl file.txt
Output example:
# file: file.txt
# owner: root
# group: root
user::rw-
user:john:rw-
group::r--
mask::rw-
other::r--
🟢 3.5 Remove ACL Permissions
To remove ACL from a file:
setfacl -x u:john file.txt
To remove all ACL rules from a file:
setfacl -b file.txt
🟢 3.6 Set Default ACL for Directories
To apply ACL to all files inside a directory:
setfacl -m d:u:john:rwx /shared_folder
🔹 d: → Sets default ACL (for new files inside the folder).
🟢 3.7 Recursive ACL Application
Apply ACL recursively to all files in a directory:
setfacl -R -m u:john:rw /data
4️⃣ Summary of ACL Commands
| Task | Command |
|---|---|
| Check ACL support | `tune2fs -l /dev/sda1 |
| Install ACL package | dnf install acl -y |
| Set ACL for user | setfacl -m u:john:rw file.txt |
| Set ACL for group | setfacl -m g:developers:x script.sh |
| View ACL | getfacl file.txt |
| Remove specific ACL | setfacl -x u:john file.txt |
| Remove all ACLs | setfacl -b file.txt |
| Set default ACL | setfacl -m d:u:john:rwx /folder |
| Recursive ACL | setfacl -R -m u:john:rw /data |
5️⃣ Conclusion
🔹 ACL in Linux provides more flexible permission control compared to traditional rwx-based permissions.
🔹 It is useful for shared environments where multiple users need different levels of access.
🔹 RHEL 8 supports ACL by default, and tools like setfacl and getfacl help manage it easily.
Post a Comment