Tweet
Linux ACL
Standard file/directories security permissions are set in order to control the access to the file/directory based on the file owner 'user', group owner 'group' and the rest of the users 'others'. Specific file/directory rights for an user/group in particular can be provided by the file owner using ACL (Access Control List).
ACL Configuration
These are the steps that must be followed in order to create ACL permissions on a file/directory. As an example lets configure read-write permission to user 'kate' on /home/john/file.txt file without changing the standard permissions on /home/john/file.txt :
1.- Verify that user kate can not write on /home/john/file.txt :
2.- As root, remount the partition that contains /home/john with 'acl' flag :
3.- Set 'others' execution permission on the directory where ACLs are going to be applied : /home/john :
4.- Check the ACL default permission on file /home/john/file.txt :
Only user john has rw access to file.txt
4.- Allow via ACLs execution permissions to specific user (kate) on the directory that contains the file (/home/john). It allows access to kate on /home/john :
5.- Allow rw access to specific user (kate) via ACL to the file (/home/john/file.txt) :
6.- Verify the result :
User kate has read-write access to file.txt. Note the use of a 'mask' in order to restrict the ACLs that can be applied on file/directory, it can be changed with 'setfacl -m mask' command.
For more info about what can be done with ACLs use 'man getfact' and 'man setfacl'
Standard file/directories security permissions are set in order to control the access to the file/directory based on the file owner 'user', group owner 'group' and the rest of the users 'others'. Specific file/directory rights for an user/group in particular can be provided by the file owner using ACL (Access Control List).
ACL Configuration
These are the steps that must be followed in order to create ACL permissions on a file/directory. As an example lets configure read-write permission to user 'kate' on /home/john/file.txt file without changing the standard permissions on /home/john/file.txt :
1.- Verify that user kate can not write on /home/john/file.txt :
Code:
$ su - john john-$ chmod 700 /home/john/file.txt Makes sure that only 'john' can access to file.txt john-$ cat /home/john/file.txt john $ su - kate kate-$ cat /home/john/file.txt cat: /home/john/file.txt: Permission denied
Code:
$ su - root Change line in /etc/fstab -> '/dev/VolGroup01/VolGroup01Home /home ext4 defaults,acl 1 2' $ mount -o remount /home
Code:
$ chmod 701 /home/john
Code:
$ getfacl /home/john/file.txt getfacl: Removing leading '/' from absolute path names # file: home/john/file.txt # owner: john # group: john user::rwx group::--- other::---
4.- Allow via ACLs execution permissions to specific user (kate) on the directory that contains the file (/home/john). It allows access to kate on /home/john :
Code:
$ setfacl -m user:kate:r-x /home/john $ setfacl -m mask:r-x /home/john
Code:
$ setfacl -m user:kate:rw- /home/john/file.txt
Code:
$ getfacl /home/john/file.txt getfacl: Removing leading '/' from absolute path names # file: home/john/file.txt # owner: john # group: john user::rwx user:kate:rw- group::--- mask::rw- other::---
Code:
$ su - kate kate-$ vi /home/john/file.txt add --> kate :wq! kate-$ cat /home/john/file.txt john kate