Controlling File permissions in server environments holds the immense importance for system administrators. Everything in Linux is an object and object has an owner. Generally you own the object that you create. In Linux there’s a super-user, which is called root. Root user can access every owner and their files that exist on the system. In this article, we are going to look at the setfacl and get getfacl commands. setfacl command allow you to establish and manage file permissions, likewise getfacl allows you to report on file permissions that reach beyond the traditional read, rewrite and execute permissions on Linux systems. For example, while traditional Linux commands only allow you to associate a single group with a file, setfacl allows you to give specific permissions to other groups as well. You can also give permissions to individuals.
Know More about Linux File permissions here: Linux File Permissions
Say you have a file named myfile and you want one other user to have full read, write and execute permissions to it.
It starts out looking like this:
setfacl -m u:username:rwx file-name
#setfacl -m u:jdoe:rwx myfile
In this setfacl command,
-m means “modify”, the “
u:jode” indicates that we are giving access to an user named jdoe,
:rwx indicates the permissions being granted and myfile is the actual file we are using in this example. Now notice that the only differences in the file listing are that the group permissions are now
rwx(read write and execute) and that the permissions string is now followed by + sign(
-rw-rwxr--+). This is meant to indicate that there are permissions beyond the read, write and execute assignments for the owner, group and others.
To see more information on what that + sign indicates, use the get getfacl command:
Notice that this listing includes a separate line for jdoe’s permissions.
The setfacl command also allows you to assign and remove permissions from group as shown in these commands.
To give read and execute permissions to group
setfacl -m g:fish:r-x myfile
To remove permissions from group
setfacl -x g:fish: myfile