In Linux, permissions are an important mechanism to govern who has access to files. If a file doesn't grant permission to a user or a group, that user and group cannot access that file. There are three types of permissions: read (r), write (w), and execute (x). They are distributed across user, group, and "other" identities.
[ For more insight, see Linux file permissions explained. ]
You can view the permissions assigned to a file using the ls
command and the -l
option:
$ ls -l sample
drwxrwxr-x. 2 user1 group1 6 Nov 11 20:16 sample
What is an ACL?
An access control list (ACL) lets you assign permissions for each unique user or group. Suppose you have user1, user2, and user3 on a system.
Users user2 and user3 are part of a demo group. You must assign this permission scheme to the sample
directory:
- user1: read and write permission
- user2: read permission
You can use the setfacl
and getfacl
command utilities to assign and verify the ACL of a file or directory. To set an ACL, use the setfacl
command with the --modify
(-m
for short) option:
$ setfacl --modify user1:rw sample
$ setfactl –modify user2:r sample
To verify an ACL, use getfacl
:
$ getfacl sample
# file: sample
# owner: tux
# group: tux
user::rwx
user:user2:r--
user:user1:rw-
group::rwx
mask::rwx
other::r-x
Looks good!
[ Download now: A sysadmin's guide to Bash scripting. ]
Try an exercise
Suppose you have users called user1, user2, and user3, and the groups demo1 and demo2.
The demo1 group contains user1 and user2, and demo2 contains user2 and user3.
You need to set these permissions for a shared directory:
- user1: read and write
- user2: read
- user3: read and write and execute
- demo1: read and write
- demo2: read and write and execute
- other: read
To create this ACL, use setfacl
:
$ setfacl -m u:user1:rw \
-m u:user2:r \
-m u:user3:rwx \
-m g:demo1:rw \
-m g:demo2:rwx \
-m o:r sample
[ Learn how to manage your Linux environment for success. ]
Check your work
View the ACLs using the getfacl
command:
$ getfacl sample
# file: sample
# owner: tux
# group: tux
user::rwx
user:user1:rw-
user:user2:r--
user:user3:rwx
group::r-x
group:demo1:rw-
group:demo2:rwx
mask::rwx
other::r--
All user and group permissions are listed and set correctly.
Delete an ACL
Use the -x
option to delete an ACL:
$ setfacl -x u:user1 sample
Better permissions
An ACL is useful for setting highly specific permissions on files. Using ACLs makes any system administrator's life easier, so don't restrict yourself to traditional permissions.
About the author
Shiwani Biradar is an Associate Technical support Engineer in Red Hat. She loves contributing to open source projects and communities. Shiwani never stops exploring new technologies. If you don't find her exploring technologies then you will find her exploring food. She is familiar with Linux, Cloud, and DevOps tools and enjoys technical writing, watching TV series, and spending time with family.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit