Pawan Sharma | September 8, 2012 | | 19 Comments so far

Set Access Control List (ACL) in RHEL 6

In this post we will discuss about Access Control List in Redhat Enterprise Linux 6 to give permissions to different users and groups on file or directory. As discussed in the previous posts file/directory permissions can be set for the owner, group and other users. But what, if in a case, when we have to give different permissions to different users on the same file/directory. In such situation we can set ACL on file/directory to give different permissions to different users.

Before applying ACLs, you have to mount the partition, in which you want to set ACL, with “acl” option. We can mount the partition using mount command or can add “acl” option in /etc/fstab for that partition.

[root@PawanS1 ~]# mount -o remount,acl /appl


As shown in above picture we have added option “acl” in /etc/fstab file.
We can set ACLs on per user and per group basis, also we can modify acl mask.
To set ACL on a file or directory use command “setfacl” with -m option to add or modify current ACLs.

[root@PawanS1 ~]# setfacl -m acl_rule files


ACL RULES:

u:uid:permission :- This rule will set ACL for user with mentioned uid or user name of valid user.
g:gid:permission :- This rule will set ACL for group with mentioned gid or grou pname of valid group.
m:permission :- This will update the umask of ACL.

Note: “permission” mentioned above in rule can be combination of read(r), write(w) and execute(x).

Let’s take some examples of ACL:

Give read and execute permission to user usaid on file test.txt

[root@PawanS1 ~]# setfacl -m u:usaid:r-x test.txt

Give read, write and execute permissions to group admin on directory /servers recursively.

[root@PawanS1 ~]# setfacl -Rm g:admin:rwx /servers


Note: If possible use uid/gid to add/change acl, as username starting with a numeric character will have problem while adding access control list.

Some of the options used with setfacl command.

-b : Remove all extended ACL entries.
-d : Grant default ACL.
-m : Modify and Add ACLs.
-R : Apply ACL recursively on subdirectories.
-x : Remove particular ACL entry.

Remove all permissions of user siddharth on file test.txt

[root@PawanS1 ~]# setfacl -x u:siddharth /servers

A file on which ACL is set have “+” in last of permission column in “ls -l” output.

[root@PawanS1 ~]# ls -l shared_file.txt
-rw-rwxr--+ 1 root root 43 Aug 29 12:20 shared_file.txt

To view the current ACLs on a file or directory we can use “getfacl” command. Below example shows acl applied on a file named shared_file.txt

[root@PawanS1 ~]# getfacl shared_file.txt

# file: shared_file.txt
# owner: root
# group: root
user::rw-
user:siddharth:r--
user:usaid:rw-
user:ramswaroop:r-x
group::r--
mask::rwx
other::r--

In the above example you can see that owner and group of the file is root and user “siddharth” have read access, user “usaid” have read and write permission and user “ramswaroop” have read and execute permission on the file shared_file.txt.

For any queries please post comments. 

19 comments:

  1. Cool stuff you have got and you keep update all of us. access card system

    ReplyDelete
  2. i never know the use of adobe shadow until i saw this post. thank you for this! this is very helpful. get more info about access control system

    ReplyDelete
  3. Schools across the globe are going through a growth spurt of sorts, which is both painful and unavoidable. I'm talking, of course, about technology integration. Maybe your class is using a COW (Computer on Wheels) cart once a week or maybe every student in your school is suddenly holding an iPad and administrators are throwing around the dreaded phrase "going paperless." access card system singapore

    ReplyDelete
  4. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks access control singapore

    ReplyDelete
  5. Wow i can say that this is another great article as expected of this blog.Bookmarked this site.. https://secom15.livejournal.com/460.html

    ReplyDelete
  6. Positive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. https://accesscontrolsystems11.tumblr.com/

    ReplyDelete
  7. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. https://penzu.com/p/82215bb3

    ReplyDelete
  8. Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. http://61f3b1239fd23.site123.me/

    ReplyDelete
  9. A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. door access control system

    ReplyDelete
  10. I was reading your article and wondered if you had considered creating an ebook on this subject. Your writing would sell it fast. You have a lot of writing talent. best card access system

    ReplyDelete
  11. I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. access control system singapore

    ReplyDelete
  12. Positive site, where did u come up with the information on this posting?I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work. online price of

    ReplyDelete
  13. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. biometric access control system

    ReplyDelete
  14. You there, this is really good post here. Thanks for taking the time to post such valuable information. Quality content is what always gets the visitors coming. https://fastdooraccesssystem.weebly.com/

    ReplyDelete
  15. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. https://biometric-access-control-systems-site.yolasite.com/

    ReplyDelete
  16. I would like to say that this blog really convinced me to do it! Thanks, very good post. https://accesscontrolsystems01.simplesite.com

    ReplyDelete
  17. I would like to say that this blog really convinced me to do it! Thanks, very good post. http://alarm973.website2.me/

    ReplyDelete