In Linux systems, Access Control Lists (ACL) are a powerful tool for managing file and directory permissions with finer granularity. Traditional permission management uses a combination of user, group, and other with r (read), w (write), and x (execute). However, as system complexity increases, this method no longer meets the needs for complex permission control. ACL allows detailed access permissions to be set for specific users and groups, providing a more flexible permission management mechanism.
1. Installing ACL Tools
Most modern Linux distributions have the ACL toolkit installed by default. If it is not installed, you can use the following commands to install it:
For Debian-based systems (like Ubuntu):
sudo apt-get install aclFor Red Hat-based systems (like CentOS):
sudo yum install acl2. Checking if the File System Supports ACL
Before setting ACL, ensure that the file system supports it. You can check by using the following command:
sudo tune2fs -l /dev/sda1 | grep "Default mount options"If the output contains acl, it means the file system supports ACL. If not, you can add the acl option in the /etc/fstab file and then remount the file system:
sudo mount -o remount,acl /dev/sda13. Basic Usage
Viewing ACL
Use the getfacl command to view the ACL of a file or directory:
getfacl file_or_directory_nameExample:
getfacl example.txtSetting ACL
Use the setfacl command to set the ACL of a file or directory. For instance, to give user john read and write permissions:
setfacl -m u:john:rw file_or_directory_nameExample:
setfacl -m u:john:rw example.txtRemoving ACL
Use the setfacl command to remove an ACL. For example, to remove user john’s permissions:
setfacl -x u:john file_or_directory_nameExample:
setfacl -x u:john example.txtRecursively Setting ACL
Use the -R option to recursively set the ACL for a directory and all its subfiles and subdirectories:
setfacl -Rm u:john:rw directory_name4. Case Analysis
Setting Different Permissions for Multiple Users
Suppose there is a file project.txt, and you need to set read permissions for user alice and read-write permissions for user bob:
setfacl -m u:alice:r project.txtsetfacl -m u:bob:rw project.txtSetting Group Permissions
To set read and write permissions for the group developers:
setfacl -m g:developers:rw example.txt5. Conclusion
By using ACL, Linux system administrators can manage file and directory permissions more flexibly. ACL provides a fine-grained permission control mechanism that allows detailed access permissions to be set for specific users and groups. This is very useful in scenarios that require precise control over file access permissions.