Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Standard File ACL
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disk resource.
## Show ACL
To show permissions, use:
```code
$ getfacl <file/dir>
```
### Examples
Set all permissions for user john to file named testfile:
```code
$ setfacl -m "u:john:rwx" testfile
```
Check permissions:
```code
$ getfacl testfile
# file: testfile
# owner: someone
# group: someone
user::rw-
user:john:rwx
group::r--
mask::rwx
other::r--
```
Change permissions for user john:
```code
$ setfacl -m "u:john:r-x" testfile
```
Check permissions:
```code
$ getfacl testfile
# file: testfile
# owner: someone
# group: someone
user::rw-
user:john:r-x
group::r--
mask::r-x
other::r--
```
Remove all ACL entries:
```code
$ setfacl -b testfile
```
Check permissions:
```code
$ getfacl testfile
# file: testfile
# owner: someone
# group: someone
user::rw-
group::r--
other::r--
```
## Output of LS Command
You will notice that there is an ACL for a given file because it will exhibit `+` after its Unix permissions in the output of `ls -l`.
```code
$ ls -l testfile
crw-rw----+ 1 someone someone 14, 4 nov. 9 12:49 testfile
```
## Modify ACL
The ACL can be modified using the `setfacl` command.
You can list file/directory permission changes without modifying the permissions (i.e. dry-run) by appending the `--test` flag.
To apply operations to all files and directories recursively, append the `-R/--recursive` argument.
To set permissions for a user (user is either the user name or ID):
```code
$ setfacl -m "u:user:permissions" <file/dir>
```
To set permissions for a group (group is either the group name or ID):
```code
$ setfacl -m "g:group:permissions" <file/dir>
```
To set permissions for others:
```code
$ setfacl -m "other:permissions" <file/dir>
```
To allow all newly created files or directories to inherit entries from the parent directory (this will not affect files which will be copied into the directory):
```code
$ setfacl -dm "entry" <dir>
```
To remove a specific entry:
```code
$ setfacl -x "entry" <file/dir>
```
To remove the default entries:
```code
$ setfacl -k <file/dir>
```
To remove all entries (entries of the owner, group and others are retained):
```code
$ setfacl -b <file/dir>
```
Source: [wiki.archlinux.org][1]
[1]: https://wiki.archlinux.org/title/Access_Control_Lists