{"id":2499,"date":"2024-01-18T13:27:06","date_gmt":"2024-01-18T07:57:06","guid":{"rendered":"https:\/\/www.veeble.org\/kb\/?p=2499"},"modified":"2025-03-11T10:06:41","modified_gmt":"2025-03-11T04:36:41","slug":"modify-access-control-lists-acls-in-linux","status":"publish","type":"post","link":"https:\/\/www.veeble.com\/kb\/modify-access-control-lists-acls-in-linux\/","title":{"rendered":"How to Modify Access Control Lists (ACLs) in Linux"},"content":{"rendered":"\n
\"Access<\/a><\/figure>\n\n\n\n

Access Control Lists (ACLs) plays a crucial role in managing permissions and enhancing security in a Linux environment<\/a>. Access Control Lists (ACLs) is a powerful mechanism that enhances the traditional file and directory permissions<\/a>. They provide a way to grant or deny specific permissions to users or groups beyond the basic owner-group-others<\/a> model. As a Linux enthusiast, exploring ACLs has enlightened me, offering granular control over file and directory access.<\/p>\n\n\n\n

Earlier, the only individuals requiring access to Linux filesystems<\/a> could be broadly categorized through the lens of traditional Linux file system permissions. In those simpler days, access control was delineated primarily among users, groups, and others, with read, write, and execute privileges serving as the limited spectrum of access rights. Finally, growing demands for precise file access led to a new era with Access Control Lists offering detailed permissions. ACLs enable precise permission customization, offering a sophisticated and adaptable approach to managing access in Linux environments. This marked the beginning of a transformative journey from the simplicity of standard permissions to the versatility and precision offered by ACLs. However this added granularity empowers administrators to fine-tune access control, ensuring that specific users or groups have tailored permissions on a file or directory.<\/p>\n\n\n

Modifying Specific ACL Entries<\/h2>\n\n\n

Syntax:<\/strong><\/p>\n\n\n\n

\/\/For user;\nsetfacl   -m   u:username:permissions  <file_or_directory>\n\/\/For Group;\nsetfacl   -m   g:groupname:permissions  <file_or_directory><\/code><\/pre>\n\n\n\n
Example:<\/strong><\/p>\n\n\n\n
setfacl -m u:username:rw \/path\/to\/file<\/code><\/pre>\n\n\n
Let me share a real time example; In a company where the Sales and Finance departments often collaborated on shared data.<\/strong><\/h5>\n\n\n
In the shared directory \/company\/shared, the Sales and Finance departments needed different levels of access to files. The Sales team required read and write access for collaboration, while the Finance team needed read-only access to maintain data integrity.<\/p>\n\n\n\n
Before configuring ACLs, make sure to install the acl<\/code> package<\/a> using your package manager:<\/p>\n\n\n\n
[root@ervintest ~]# yum install -y acl  <\/code><\/pre>\n\n\n\n
Set Default ACLs:\n
Grant read and write permissions to Sales group, read-only to Finance group\n
<\/p>\n\n\n\n
[root@ervintest ~]# setfacl -m g:sales:rwx \/company\/shared\n[root@ervintest ~]# setfacl -m g:finance:rx \/company\/shared\n<\/code><\/pre>\n\n\n\n
Sales should have read and write permission to a file sales_report.xlsx in shared directory. Then finance should have read only permission for  financial_summary.pdf in the shared directory.<\/p>\n\n\n\n
For this specific files, customize ACLs based on department needs:<\/p>\n\n\n\n
[root@ervintest ~]# setfacl -m g:sales:rw \/company\/shared\/sales_report.xlsx\n[root@ervintest ~]# setfacl -m g:finance:r \/company\/shared\/financial_summary.pdf\n<\/code><\/pre>\n\n\n\n
To confirm the intended ACLs<\/p>\n\n\n\n
[root@ervintest ~]# getfacl \/company\/shared<\/code><\/pre>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
[root@ervintest ~]# getfacl \/company\/shared\/sales_report.xlsx<\/code><\/pre>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
[root@ervintest ~]# getfacl \/company\/shared\/financial_summary.pdf<\/code><\/pre>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n