Master Linux ACL Permissions: A Step‑by‑Step Guide to Secure File Access
This article explains Linux ACL permission management, covering what ACLs are, how to check and enable ACL support on partitions, and detailed commands for setting, viewing, masking, deleting, recursive, and default ACLs to securely control file and directory access.
Linux permission management is essential for protecting user data and preventing file chaos; on multi‑user servers, proper ACL (Access Control List) configuration ensures that only authorized users can read, write, or execute specific files and directories.
1. What is ACL Permission?
ACLs allow fine‑grained permission assignment beyond the traditional owner/group/others model, enabling you to grant or restrict access for individual users or groups without altering existing group permissions.
2. Check Whether a Partition Supports ACL
① List partitions
df -h② Show detailed filesystem info
dumpe2fs -h /dev/sdXInspect the output for the "Default mount options" line to see if acl is listed.
3. Enable ACL on a Partition
① Temporary enable
mount -o remount,acl /This remounts the root filesystem with ACL support; the setting is lost after a reboot.
② Permanent enable
Edit /etc/fstab to add the acl option, for example:
UUID=490ed737-f8cf-46a6-ac4b-b7735b79fc63 / ext4 defaults,acl 1 1Then remount or reboot:
mount -o remount /4. Set ACL Permissions (setfacl)
Assign permissions to a user: setfacl -m u:username:rw- filename Assign permissions to a group: setfacl -m g:groupname:r-x filename Note that the effective permission is the logical AND of the ACL entry and the mask (default mask is rwx).
5. View ACL Permissions
getfacl filename6. Effective Permission Mask
The mask limits the maximum permissions that any ACL entry can grant. Modify it with:
setfacl -m m:rwx filename7. Delete ACL Permissions
① Remove a user’s ACL
setfacl -x u:username filename② Remove a group’s ACL
setfacl -x g:groupname filename③ Remove all ACL entries
setfacl -b filename8. Recursive ACL Assignment
Apply ACLs to a directory and all its contents:
setfacl -m u:username:rw- -R /path/to/dir9. Default ACLs
Set a default ACL on a parent directory so that newly created files inherit the permissions:
setfacl -m d:u:username:rw- /path/to/dir10. Summary
This guide introduced Linux ACL permission management, showing how to enable ACL support on filesystems, assign fine‑grained permissions to users and groups, view effective permissions, adjust the mask, and manage ACLs recursively or as defaults, providing a practical tool for secure system administration.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.