ACL is
used to set some special permissions on files or directories.
As we know every
file or directory have permissions for owner,
group and other users but if you want to provide access to any other user
without modifying current permissions of file or directory, in that case we can
use the ACL.
Before
applying ACL we have to perform some initial check.
1. Check
if acl package is installed or not.
2. Check
ACL support for mounted file system.
1. Check if acl package is installed or
not.
[root@vidya
~]# yum list acl
Installed
Packages
acl.x86_64 2.2.49-7.el6_9.1 @updates
|
2. Check
ACL support for mounted file system
Suppose
we want to set acl on /home/vidya directory, so make sure that acl is enabled
on file system where /home/vidya directory is present.
[root@vidya
~]# df -h /home/vidya
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_94762034-lv_root 29G
6.3G 21G 24% /
|
Here, we
can say that /home/vidya directory is present under mount /.
Now,
check if acl is enabled for / mount point.
[root@vidya
~]# cat /etc/fstab
#
#
/etc/fstab
#
Created by anaconda on Thu May 10 16:43:17 2012
#
#
Accessible filesystems, by reference, are maintained under '/dev/disk'
#
See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_94762034-lv_root / ext4 defaults,acl 1 1
UUID=0eb7c5d4-1797-4b77-84de-14983906633d /boot ext4 defaults 1 2
/dev/mapper/vg_94762034-lv_swap swap swap
defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/xvde1 /top ext4 defaults 0 0
/dev/xvde2 swap swap defaults 0 0
|
Now, we
have added acl for / mount point. Once you add the acl remount the partition or
reboot the system.
[root@vidya
~]# mount -o remount /
[root@vidya
~]#
|
Now
enable ACL on files and directories.
There
are two commands for ACL
1.
getfacl : getfacl
command is used to check the currently set permissions.
2.
setfacl : setfacl command is used to set the special permissions on files and directories.
For example:
[root@vidya
~]# ls -ld /home/vidya
drwx------.
3 vidya vidya 4096 Oct 5 16:47
/home/vidya
[root@vidya
~]# getfacl /home/vidya
getfacl:
Removing leading '/' from absolute path names
#
file: home/vidya
#
owner: vidya
#
group: vidya
user::rwx
group::---
other::---
[root@vidya
~]#
|
Here, we
see user vidya have rwx permissions on
/home/vidya directory but group and others don’t have any permission.
Now, we
want to provide access to swati user
without modifying the actual permissions of directory /home/vidya
[root@vidya
~]# setfacl -m u:swati:rwx /home/vidya
[root@vidya
~]#
[root@vidya
~]# getfacl /home/vidya
getfacl:
Removing leading '/' from absolute path names
#
file: home/vidya
#
owner: vidya
#
group: vidya
user::rwx
user:swati:rwx
group::---
mask::rwx
other::---
|
Here, we
will see swati user have now rwx permissions for directory /home/vidya.
Now,
fire ls –ld /home/vidya and observe the permissions.
[root@vidya
~]# ls –ld /home/vidya
drwx------+ 2
vidya vidya 4096 Oct 18 23:57 /home/vidya
|
Note: ACL enabled directory contains + after permissions.
To
Remove all ACL
Use
below command to remove all ACL.
[root@vidya ~]#
setfacl -b /home/vidya
[root@vidya ~]#
|
To
remove acl for particular user use below command
[root@vidya
~]# setfacl -x u:swati /home/vidya
[root@vidya
~]#
|