Master Linux ACL Permissions: A Step‑by‑Step Guide to Secure File Access
This article explains Linux ACL permission management, covering the concepts, how to check and enable ACL support on partitions, and detailed commands for setting, viewing, masking, deleting, recursive, and default ACLs to securely control file and directory access for users and groups.
Linux permission management is crucial for protecting user data and preventing file chaos; without proper controls, multiple users on a server can cause security breaches or system failures.
Access Control Lists (ACLs) provide fine‑grained permissions beyond the traditional owner/group/others model, allowing specific users or groups to have distinct rights on files and directories.
1. What is an ACL?
Consider a shared /project directory where the owner and group have full rwx rights, while outsiders have no access. To grant a guest read‑only access ( r-x) without giving write permission to the whole group, ACLs let you assign permissions to individual users.
2. Check if a partition supports ACL
First verify the filesystem type and ACL support: df -h Then view detailed filesystem information:
dumpe2fs -h /dev/sdX3. Enable ACL on a partition
Temporary enable
mount -o remount,acl /This remounts the root filesystem with ACL support; the setting is lost after a reboot.
Permanent enable
Edit /etc/fstab and add the acl option to the desired entry, for example:
UUID=490ed737-f8cf-46a6-ac4b-b7735b79fc63 / ext4 defaults,acl 1 1Then remount or reboot to apply the change.
4. Set ACL permissions
Use setfacl to assign rights:
setfacl -m u:username:rw- /path/to/filesetfacl -m g:groupname:r-x /path/to/fileNote that the effective permission is the logical AND of the specified rights and the mask ( m) value, which defaults to rwx.
5. View ACL permissions
getfacl /path/to/file6. Effective permission mask
The mask defines the maximum permissions that can be granted to users and groups; it is combined with each entry’s rights. Adjust it with:
setfacl -m m:rwx /path/to/file7. Delete ACL entries
setfacl -x u:username /path/to/filesetfacl -x g:groupname /path/to/filesetfacl -b /path/to/file8. Apply ACLs recursively
setfacl -R -m u:username:rw- /path/to/directory9. Default ACLs for new files
Set a default ACL on a directory so that newly created files inherit these permissions:
setfacl -m d:u:username:rw- /path/to/directory10. Summary
By using Linux ACLs, administrators can assign precise access rights to individual users or groups, enhancing security and flexibility in multi‑user environments.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.