20.2. Setting Access ACLs
- Per user
- Per group
- Via the effective rights mask
- For users not in the user group for the file
setfaclutility sets ACLs for files and directories. Use the
-moption to add or modify the ACL of a file or directory:
# setfacl -m rules files
- Sets the access ACL for a user. The user name or UID may be specified. The user may be any valid user on the system.
- Sets the access ACL for a group. The group name or GID may be specified. The group may be any valid group on the system.
- Sets the effective rights mask. The mask is the union of all permissions of the owning group and all of the user and group entries.
- Sets the access ACL for users other than the ones in the group for the file.
xfor read, write, and execute.
setfaclcommand is used, the additional rules are added to the existing ACL or the existing rule is modified.
Example 20.1. Give read and write permissions
# setfacl -m u:andrius:rw /project/somefile
-xoption and do not specify any permissions:
# setfacl -x rules files
Example 20.2. Remove all permissions
# setfacl -x u:500 /project/somefile