Access Control List Concept
Access Control List means permissions restricting access to a file are limited to file owner, members of a single group, or any other. The owner of file can set ACL's on individual files or directories(folder).
How To View ACLs Setting
getfacl command is used to display ACL settings on a file. Before that let me explain what is meaning of getfacl word. facl means File Access Control List. To display ACL settings on a file, use following command.
Syntax: getfacl filename
Example: getfacl mastet.txt
You will see output like as below. Before watching output let me explain meaning of rwx.
r means read permission, w means write permission and x means execute permission.
# file: mastet.txt
# owner: student
# group: unity
user: :rwx
user: robert:---
user: 2900:-wx
group: r-x
group: santra:r--
group: 2120:rwx
Now let me explain above example step by step.
First Three lines that identify the file name(master.txt), owner(student) and group owner name(unity).
Next Three lines in above example student if file owner. student has rwx permission. User robert has No Permission(---). User 2900 has -wx permission.
Next Three lines indicates Group entries. Group-owner permissions: unity has r-x permission. Named group santra has r-- permission. GID 2120 has rwx permission.
How To Changing ACL File Permissions
setfacl command is used to add, modify or remove standard ACLs on files and directories. Let's see which representation of permissions are used on file.
"r" for read, "w" for write and "x" for execute.
How to add or modify a user ACL
setfacl -m u:name:rw file
setfacl means set File Access Control List for file or directory. -m means modify, u means user, name is name of owner, rw means read write permission granted for user and file means name of file on which your want to set permission for particular user.
How to add or modify a group ACL
setfacl -m g:name:rw file
-m means modify, g means group, name is name of group owner, rw means read write permission granted for user and file means name of file on which your want to set permission for particular user.
There are some interview questions for System Administrator which are mostly asked at the time of interview.
There are some interview questions for System Administrator which are mostly asked at the time of interview.
How Delete an ACL
-x symbol is used to delete ACL for particular file or directory.
setfacl -x u:name file
Controlling default ACL file permission
A directory have default ACLs set on it that are automatically accessed by all new files and new sub directories
Example:
setfacl -m d:u:name:rx directory
This adds a default named user d:u:name with read-only permission and execute permission on directories. d symbol indicates default ACLs setting on particular file or directory.
Deleting default ACLs
Deleting a default ACL is also same as deleting a standard ACL, -x used to remove default ACL settings on file.
