• Home
  • About Us
  • Contact
  • Privacy Policy

LinuxAdmin.io

  • Home
  • Tutorials
    • System Administration
    • Linux Tutorials
    • Web Hosting
    • WordPress
    • Virtualization
    • Troubleshooting
    • OpenStack

Linux Access Control Lists

Linux Access Control Lists

ACLs (Access control lists) are a security feature which can expand or restrict permissions on files and directories in a linux file system.

Redhat/CentOS 7 use xfs by default and are automatically configured with ACLs however if you are using 6 or below or a different filesystem format you will need to mount the file system with the acl setting

Mount File System with Access Control Lists

To temporarily remount a file system with ACLs do the following(switch /home with the partition you want to mount with acls):

# mount -o remount -o acl /home

To permanently mount a file system, edit /etc/fstab and change

/dev/sda3     /home     ext4     defaults     1,2

To:

/dev/sda3     /home    ext4     defaults,acl     1,2

This will make the setting persist through a reboot

Manage Access Control Lists

getfacl will show the acl settings on a file or directory

# getfacl test.txt
 # file: test.txt
 # owner: root
 # group: root
 user::rw-
 group::r--
 other::r--

setfacl will grant or remove additional permissions to a file

# setfacl -m u:admin:rwx test.txt
-m indicates to modify the file.
:u – specifies a user, then its declared as the  ‘admin’ user.
:rwx – are the permissions granted to that user.

doing another getfacl will show the permissions have been updated:

# getfacl test.txt
 # file: test.txt
 # owner: root
 # group: root
 user::rw-
 user:admin:rwx
 group::r--
 mask::rwx
 other::r--

To remove permissions do the following:

# setfacl -x u:admin test.txt

 

setfacl switches

-b (--remove-all)  - Removes all ACL entries
-k - Deletes default ACL entries
-m - Modifies a ACL of a file
-n - Omits the recalcuation of the mask 
-R - Recursively applies the change
-x - Removes a specific ACL change

Configure a Directory for ACLs:

To give a user access to a directory:

setfacl -m u:admin:x /home/dir

To give a user recursive access to a directory

setfacl -R -m u:admin:rx /home/dir

 

 

 

Apr 26, 2017LinuxAdmin.io
0 0 vote
Article Rating
Bridged Networking Setup For KVM VirtualizationCreating A New Virtual Machine with KVM
You Might Also Like
 
How To Configure A Default Gateway on CentOS
 
PHP-FPM With PHP7 From Source
Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments
6 years ago Security 484
Recent Posts
  • Laravel Installation Guide For CentOS
  • Openstack Services Explanation And Overview
  • OSSEC Intrusion Detection Installation On Centos 7
  • Configure ProFTPd for SFTP on CentOS
  • How To Check And Repair MyISAM Tables In MySQL
Most Commented
Hot Clone Linux Server with Rsync
Hot Clone A CentOS Server With Rsync
14 Comments
ngx_cache_purge module
Install The ngx_cache_purge Module In Nginx
8 Comments
piwik-nginx
Piwik Analytics on Nginx
8 Comments
Tags
linuxcentosLinux Performance Tuningsysadminkvmnetworkingmemcachedanalyticssystemd
About

We love Linux and are dedicated to creating Linux administration tutorials for System Administrators since 2016.

Most Viewed
Default Gateway
How To Configure A Default Gateway on CentOS
63,002 views
Zend Opcache
Setup and Optimize Zend OpCache
46,714 views
Install ffmpeg
FFMpeg Install On CentOS 7
20,912 views
Archives
Email subscription

Sign up for our newsletter to receive the latest news and event postings.

2018 © LinuxAdmin.io
wpDiscuz