Access Control List (ACL)
Introduction
Access control lists are used to give a specific user or group read, write, or execution permission on a specific file.
The command setfacl is used to set the access control list, while getfacl is used to find the permissions of a file's
access control list.
If you are using emacs as your text editor, you will first need to change your .emacs
file to prevent it from creating backups. Otherwise, when the backup file is created, the access control list for that
file will be destroyed. To prevent emacs from creating backup files, insert the following line into your .emacs file:
(setq make-backup-files nil)
Using setfacl
To give a single user read-only permission to the file, you can use the following syntax:
setfacl -r -m user:username:r-- myfile
where username is the username of the user to whom you are granting permission, and myfile is the name of the file.
The r-- entry gives the read-only permission. r is used for read
permission, w is used for write permission, and x
for executable permission. A - character is used as a placeholder. Any
combination of the three can be used to provide various permissions on
the file.
To give an entire group permission to the file, type in the following:
setfacl -r -m group:groupname:r-- myfile
which would give the group groupname read-only permission to myfile.
To remove a group or user's permissions to the file, you can use the -d option. For example,
to remove the previous example's permissions, you would use the following:
setfacl -d group:groupname myfile
Using getfacl
To view the permissions on a file, you may use the getfacl command. For example, to view the
permissions on filename.txt, you would type in the following:
getfacl filename.txt
Further information
For further information on access control lists, please see the man pages by typing the following at the UNIX prompt:
man setfacl
man getfacl
Last updated:
February 03, 2011