Access Control Lists(ACL) in Linux

What is ACL ?
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.

Use of ACL :
Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.

Basically, ACLs are used to make a flexible permission mechanism in Linux.

From Linux man pages, ACLs are used to define more fine-grained discretionary access rights for files and directories.

setfacl and getfacl are used for setting up ACL and showing ACL respectively.


Examples of using :

Granting an additional user read access

setfacl -m u:user:r file

Revoking write access from all groups and all named users (using the effective rights mask)

setfacl -m m::rx file


Removing a named user entry from a file’s ACL

setfacl -x u:group file


Removing a named group entry from a file’s ACL

setfacl -x g:group file


Copying the ACL of one file to another

getfacl file1 | setfacl --set-file=- file2


Copying the access ACL into the Default ACL

getfacl --access dir | setfacl -d -M- dir


Add default ACL permissions recursively

setfacl -Rm d:u:user:rwx,g:group:rwx directory


Remove defalt ACL

setfacl -k file


Remove all ACL from file

setfacl -b file



Add ping

Trackback URL :

Page top