How to implement ACL (Access control list) in CentOS / RHEL /Fedora by Babar Zahoor

ACL  is Access Control List

Linux operating system supports ACL option &  if we want to implement ACL option we have to specify in witch partition we
want to implement ACL  i.e. We want to implement ACL in this partition.

First of all open fstab file “Be careful this is file system table file”
root@localhost# vim /etc/fstab

LABEL=/ / ext3 defaults 1 1
LABEL=/usr /usr ext3 defaults 1 2
LABEL=/var /var ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-hda6 swap swap defaults 0 0

add acl option in the line where / partition information is written.
add acl option after defaults option.
e.g. defaults,acl

then save file and exit.

run command on shell
root@localhost# mount -o remount /

getfacl command is used to implement ACL

-m for adding and editing ACL
-x for removing.
u for user or userid
g for group or groupid
root@localhost# setfacl -m u:baber:rwx /data/file

this command will gives rwx permissions to user baber on specified file. “/data/file”
root@localhost# setfacl -m g:baber:rwx /data/file
this command will gives rwx permissions to group baber on specified file.

to check ACL
# getfacl /data/file

To remove ACL

setfacl -x u:baber
setfacl -x g:baber


Files and Directory Permissions in Linux /*Nix / Unix Operating Systems


In Unix / Linux / *Nix Operating Systems we have three types of permissions

read = r
write = w
execute = x

we can change permissions for three categories
owner = u
group = g
others = o

if we run ls -l
we see
-rw——- 1 root root 1648 Mar 13 13:47 anaconda-ks.cfg
drwx—— 11 root root 4096 Mar 20 08:56 Desktop
-rw-r–r– 1 root root 41065 Mar 13 13:46 install.log
-rw-r–r– 1 root root 5891 Mar 13 13:46 install.log.syslog
drwxr-xr-x 3 root root 4096 Mar 18 23:47 ispconfig
drwxr-xr-x 37 root root 4096 Mar 20 08:25 mplayer
-rw-r–r– 1 root root 224 Mar 14 18:48 scsrun.log

please see install.log
-rw-r–r– 1 root root 41065 Mar 13 13:46 install.log
we see here
– 1st dash show this is file (if d then directory, if we see l then indicates
this is link file or shortcut)

rw-   for owner of the file
r–    for the owner’s group
r–    for all others then owner and it’s group

chmod command is used to change the permissions
+ is use to add
– is use to remove

if we consider file for changing permissions.

example: chmod u+rwx,g+rw,o+rw file

We have another method to implement permissions.
Number System
r = 4
w = 2
x = 1
4+2+1 = rwx = 7 for owner or group or others means
777 for all of them

example: chmod 755 file (same for directories)

We have default permissions in the system

umask is the value which can change default permissions.

umask (to see the default permissions)
please subtract 022 from 777 for directories permissions.

please subtract 022 from 666 for files permissions.

these 755, 644 are default permissions for the directories and files as well.