Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 28. Managing the Access Control List

Each file and directory can only have one user owner and one group owner at a time. If you want to grant a user permissions to access specific files or directories that belong to a different user or group while keeping other files and directories private, you can utilize Linux Access Control Lists (ACLs).

28.1. Displaying the current Access Control List

You can use the getfacl utility to display the current ACL.

Procedure

  • To display the current ACL for a particular file or directory, use:

    $ getfacl file-name

    Replace file-name with the name of the file or directory.

28.2. Setting the Access Control List

You can use the setfacl utility to set the ACL for a file or directory.

Prerequisites

  • root access.

Procedure

  • To set the ACL for a file or directory, use:
# setfacl -m u:username:symbolic_value file-name

Replace username with the name of the user, symbolic_value with a symbolic value, and file-name with the name of the file or directory. For more information see the setfacl man page.

Example 28.1. Modifying permissions for a group project

The following example describes how to modify permissions for the group-project file owned by the root user that belongs to the root group so that this file is:

  • Not executable by anyone.
  • The user andrew has the rw- permissions.
  • The user susan has the --- permissions.
  • Other users have the r-- permissions.

Procedure

# setfacl -m u:andrew:rw- group-project
# setfacl -m u:susan:--- group-project

Verification steps

  • To verify that the user andrew has the rw- permission, the user susan has the --- permission, and other users have the r-- permission, use:

    $ getfacl group-project

    The output returns:

    # file: group-project
    # owner: root
    # group: root
    user:andrew:rw-
    user:susan:---
    group::r--
    mask::rw-
    other::r--