Introduction

Access Control Lists (ACLs) in Linux are a more flexible and fine-grained way of managing file and directory permissions compared to the standard Linux file permission system. It provide additional access control options beyond the traditional owner, group, and others permissions. It allow you to define permissions for specific users and groups on a per-file or per-directory basis.

Traditional Linux file permissions are represented by a 3x3 matrix (owner, group, others), which can limit access to files and directories based on these three categories. However, this system can be restrictive when you need more granular control.

ACL provides finer-grained file security. ACLs enable you to define the following file permissions:

• Owner file permissions
• Owner's group file permissions
• File permissions for other users who are outside the owner's group
• File permissions for specific users
• File permissions for specific groups
• Default permissions for each of the previous categories

Setting Up ACLs

To use ACLs, you need to ensure that your filesystem supports ACLs and that the ACL utilities are installed on your system. Most modern Linux distributions come with ACL support enabled by default.

To check if your filesystem supports ACLs, you can use the mount command:

$ mount | grep acl

If you see acl in the output, your filesystem supports ACLs.

To install the ACL utilities on Ubuntu, you can use the following command:

$ sudo apt-get install acl

Viewing ACLs

To view the ACLs of a file or directory, you can use the getfacl command:

$ getfacl file.txt

This command will display the ACLs for the specified file or directory.

Setting ACLs

To set ACLs on a file or directory, you can use the setfacl command:

$  setfacl [options] acl-entry-list filename

The acl-entry-list specifies the users or groups and their respective permissions.

$  setfacl [options] user::perms,group::perms,other::perms,mask::perms filename

Where:

• user::perms specifies the permissions for the file owner.
• group::perms specifies the permissions for the file group.
• other::perms specifies the permissions for other users.
• mask::perms specifies the maximum permissions that can be set by the user, group, and other entries.
• filename is the name of the file or directory.
• perms are the permissions that can be granted, such as r (read), w (write), and x (execute). example: rwx
• acl-entry-list is a comma-separated list of user or group entries with their respective permissions. For example u:john:rw,g:admins:r

Options:

• -s : Set the ACL of the file or directory.
• -m: Modify the ACL of the file or directory.

Example:

$ setfacl -m u:john:rw,g:admins:r,o::r myfile.txt

This command sets the following permissions:

• User john has read and write permissions.
• Group admins has read permissions.
• Others have read permissions.

Copying ACLs from One File to Another

Copy a file's ACL to another file by redirecting the getfacl output.

$ getfacl filename1 | setfacl - -set-file= - filename2

Explanation: The getfacl filename1 command retrieves the ACL of filename1, which is then piped to the setfacl command with the - option to set the ACL of filename2. The -set-file=- option tells setfacl to read the ACL from standard input. The final argument filename2 is the file to which the ACL is applied.

Deleting ACL entries

To delete an ACL entry, use the -x option followed by the user or group entry.

$ setfacl -d acl-entry filename

Conclusion

Access Control Lists (ACLs) provide way to manage file and directory permissions in Linux. They allow you to define permissions for specific users and groups on a per-file or per-directory basis, providing finer-grained control over access rights. By using ACLs, you can enhance the security of your files and directories and permit or restrict access as needed.