Ugacomp

How to set up Access Control Lists (ACL) in Linux

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article.  You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

Table of Contents

Cloud VPS S

$5.50 Monthly
  • 4 vCPU Cores | 8GB RAM

CLOUD VPS M

$15.50 Monthly
  • 6 vCPU Cores | 16GB RAM

CLOUD VPS L

$17.50 Monthly
  • 8 vCPU Cores | 24GB RAM

Access Control Lists (ACLs) in Linux provide a more granular level of control over file and directory permissions. They extend the traditional Unix permissions, allowing you to define access rights for specific users or groups. This article will guide you through the process of setting up ACLs in Linux, using practical command examples.

Checking ACL Support

Before diving into ACL configuration, ensure that your filesystem and kernel support ACLs. You can check this using the getfacl command. If it’s not installed, you can install it using:

  • For Debian/Ubuntu Linux, use the following command to install:
sudo apt-get install acl   # For Debian/Ubuntu

  • Fr Red Hat/ Fedora Linux, use the following:
sudo yum install acl       # For Red Hat/Fedora

Use the following command to check if the getfacl command is available:

getfacl --version

Alternatively, you can check if the acl package is installed. The package name may vary depending on your Linux distribution. Use the appropriate package manager for your system:

  • For Debian/Ubuntu:
   dpkg -l | grep acl
  • For Red Hat/Fedora:
   rpm -qa | grep acl

If the acl package is installed, you’ll see relevant information about it.

Why Access Control Lists (ACLs)

In Linux, security is a critical aspect, and managing access to files and directories is an essential part of it. Linux employs a robust permission system to control who can do what with files and directories. However, in certain scenarios, the traditional permission model may fall short. This is where Access Control Lists (ACLs) come into play, offering a more flexible approach to fine-tuning access control.

Linux Permissions

Linux permissions are primarily based on three levels: user, group, and others. Each file and directory has associated permission bits for these three categories, denoted as read (r), write (w), and execute (x). The permission bits determine the actions each category can perform on a file or directory.

Let’s look at some basic examples of using chmod to set permissions:

# Grant read and write permissions to the owner
chmod u+rw file.txt

# Revoke write permissions from the group
chmod g-w file.txt

# Allow others to execute a script
chmod o+x script.sh

In these examples, we modify the permissions for the user (owner), group, and others using the chmod command.

Extending beyond traditional Unix permissions

While the traditional permission model is powerful, it has limitations. For instance, it doesn’t allow for specifying multiple users or groups with different access levels to a file or directory. This is where ACLs come in handy.

ACLs extend the basic permission model by enabling more fine-grained control over access rights. With ACLs, you can assign specific permissions to individual users and groups beyond the traditional owner, group, and others.

Let’s explore some ACL commands using the setfacl tool:

# Grant read and write permissions to a specific user
setfacl -m u:jane:rw file.txt

# Allow a group to execute a directory
setfacl -m g:developers:x directory/

# View ACLs for a file
getfacl file.txt

In these examples, we use setfacl to modify and view ACLs. The syntax includes the entity type (user or group), the entity name (username or group name), and the permissions (read, write, execute).

Relationship Between Linux Permissions and ACLs

Linux permissions and ACLs work together to define access control for files and directories. When a file or directory has ACLs, they complement the traditional permissions. If an ACL is not present, the standard permissions apply.

It’s crucial to understand that ACLs do not replace the traditional permission model but enhance it. They provide a way to address specific use cases where additional control is necessary, offering a more versatile and nuanced approach to access management.

ACL Options and Parameters

Here is a table summarizing common options and parameters used with ACLs in Linux:

Option/ParameterDescriptionExample
-m or --modifyModify ACL entries for a file or directory.setfacl -m u:user1:rw file.txt
-x or --removeRemove specific ACL entries.setfacl -x u:user1 file.txt
-R or --recursiveApply ACLs recursively to files and directories.setfacl -Rm g:group1:rwx directory/
-d or --defaultSet default ACLs for newly created files/directories within a directory.setfacl -dm u:user1:rw directory/
-b or --remove-allRemove all ACL entries for a file or directory.setfacl -b file.txt
-k or --remove-defaultRemove default ACL entries for a directory.setfacl -k directory/
-n or --no-maskDisable the effective rights mask.setfacl -n u:user1:rw file.txt
-s or --setSet ACLs using a comma-separated list of entries.setfacl -s u:user1:rw,g:group1:r directory/
-l or --listDisplay the ACL for a file or directory.getfacl file.txt
-R or --recursiveApply an ACL operation recursively.setfacl -Rm u:user1:rw directory/

Remember, these options and parameters are used with commands like setfacl and getfacl for managing ACLs in Linux. The examples provided demonstrate the usage of each option or parameter in a typical scenario. Adjust them based on your specific requirements and permissions.

Setting Up ACLs on a File

Let’s say you have a file named example.txt and you want to grant read and write permissions to a specific user, ‘user1’. Use the following command:

setfacl -m u:user1:rw example.txt

This command sets the ACL for ‘user1’ on example.txt to read and write permissions.

Setting Up ACLs on a Directory

When working with directories, you might want to grant permissions recursively. For instance, allowing ‘user1’ to read and write to all files and subdirectories under ‘documents’:

setfacl -Rm u:user1:rw documents

The -R flag ensures the ACL is applied recursively.

Viewing ACL Information

To check the ACLs applied to a file or directory, use the getfacl command:

getfacl example.txt

This will display the ACL information for example.txt.

Removing ACLs

If you need to remove specific ACL entries, use the setfacl command with the -x option:

setfacl -x u:user1 example.txt

This removes the ACL entry for ‘user1’ on example.txt.

Default ACLs

Default ACLs can be set to define default permissions for newly created files and directories within a directory. For example:

setfacl -dm u:user1:rw documents

This sets a default ACL for ‘user1’ in the ‘documents’ directory.

RECOMMENDED READING:

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

  • Website migration, troubleshooting, and maintenance.
  • Server & application deployment, scaling, troubleshooting, and maintenance
  • Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx,  OpenVPN, cPanel, WHMCS, WordPress, and more
  • Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.
 

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.