Chapter 12. Managing the Access Control List
Each file and directory can only have one user owner and one group owner at a time. If you want to grant a user permissions to access specific files or directories that belong to a different user or group while keeping other files and directories private, you can utilize Linux Access Control Lists (ACLs).
12.1. Displaying the current Access Control List
You can use the
getfacl utility to display the current ACL.
To display the current ACL for a particular file or directory, use:
$ getfacl file-name
Replace file-name with the name of the file or directory.
12.2. Setting the Access Control List
You can use the
setfacl utility to set the ACL for a file or directory.
- To set the ACL for a file or directory, use:
# setfacl -m u:username:symbolic_value file-name
Replace username with the name of the user, symbolic_value with a symbolic value, and file-name with the name of the file or directory. For more information see the
setfacl man page.
Example 12.1. Modifying permissions for a group project
The following example describes how to modify permissions for the
group-project file owned by the
root user that belongs to the
root group so that this file is:
- Not executable by anyone.
Other users have the
# setfacl -m u:andrew:rw- group-project # setfacl -m u:susan:--- group-project
To verify that the user
rw-permission, the user
---permission, and other users have the
$ getfacl group-project
The output returns:
# file: group-project # owner: root # group: root user:andrew:rw- user:susan:--- group::r-- mask::rw- other::r--