Linux : Set Access Control List Using Setfacl And Getfacl Commands

November 7, 2012 | By
| 3 Replies More

The Linux command setfacl allows users to set extensive Access Control Lists on files and directories. Normally, using chmod command, you will be able to set permissions for the owner/group/others. But, in case you may need to provide file permissions for some other users too, that can’t be done using chmod. setfacl will assist you to get rid of such troubles. You can view the current “acl” set on files and directories using getfacl command.

In order to use setfacl on a file/directory, the residing filesystem should have acl support enabled. If the filesystem doesn’t support acl, you will get “operation not supported” error. In that case, you need to add acl support to the filesystem in “/etc/fstab” as follows and then remount the filesystem.

fstab mount

We can now go through the various usage of “setfacl” command. First, we can create a folder called “test_folder” as root.

Acl Linux

1. Providing ACL for an individual User

Suppose, you want to give full access to the user “test” on the directory “test_folder”. This can be done using setfacl as follows.

setfacl and getfacl commands

Acl Linux

2. Providing ACL for all users of a group

If you want to provide write access for all the users of the group “testg” to the folder “test_folder”, you can do it as follows.

setfacl and getfacl commands

Acl Linux

3. Revoking acl of a user/group

If you want to revoke the permissions that we’ve given for the user test and the group testg, you can use setfacl command as follows.

setfacl and getfacl commands

Acl Linux

4. Copying ACL of one file/directory to another

Suppose, you want to have the same ACL set of test_folder on test_folder1 too, you can set it by copying the ACL as follows.

setfacl and getfacl commands

Acl Linux


Tagged With :

Free Linux Ebook to Download

Comments (3)

Trackback URL | Comments RSS Feed

  1. What about file specifics? Looks like all your examples are for folders. Do you set defaults for files too?

  2. this works great for setting file or directory specific permissions recursively. just change the type option to d for directories.

    ***this example removes acl from all files below the path
    find /path/to/start/from -type f -exec setfacl -b {} +

Leave a Reply

All comments are subject to moderation.