Access Control List (ACL)
Access control lists are used to give a specific user or group read, write, or execution permission on a specific file.
setfacl is used to set the access control list, while
getfacl is used to find the permissions of a file's
access control list.
If you are using emacs as your text editor, you will first need to change your
file to prevent it from creating backups. Otherwise, when the backup file is created, the access control list for that
file will be destroyed. To prevent emacs from creating backup files, insert the following line into your
(setq make-backup-files nil)
To give a single user read-only permission to the file, you can use the following syntax:
setfacl -r -m user:username
where username is the username of the user to whom you are granting permission, and
myfile is the name of the file.
r-- entry gives the read-only permission.
r is used for read
w is used for write permission, and
for executable permission. A - character is used as a placeholder. Any
combination of the three can be used to provide various permissions on
To give an entire group permission to the file, type in the following:
setfacl -r -m group:groupname
which would give the group groupname read-only permission to
To remove a group or user's permissions to the file, you can use the
-d option. For example,
to remove the previous example's permissions, you would use the following:
setfacl -d group:groupname myfile
To view the permissions on a file, you may use the
getfacl command. For example, to view the
filename.txt, you would type in the following:
For further information on access control lists, please see the man pages by typing the following at the UNIX prompt: