From 1713ecd31e3a79f743bcd759f19de8de5d30a128 Mon Sep 17 00:00:00 2001 From: Nathan Steel Date: Fri, 20 Sep 2024 17:12:21 +0100 Subject: [PATCH] Add Linux ACL guide --- guides/index.html | 1 + guides/linux-acl.html | 93 ++++++++++++++++++++++++++++++ guides/linux-file-permissions.html | 3 + 3 files changed, 97 insertions(+) create mode 100644 guides/linux-acl.html diff --git a/guides/index.html b/guides/index.html index c970de1..5b8fc5c 100644 --- a/guides/index.html +++ b/guides/index.html @@ -40,6 +40,7 @@

2024

diff --git a/guides/linux-acl.html b/guides/linux-acl.html new file mode 100644 index 0000000..0b7dca4 --- /dev/null +++ b/guides/linux-acl.html @@ -0,0 +1,93 @@ + + + + + + + + + + + + + Linux Access Control Lists (ACL) + + + +
+ Jump directly to main content +

Linux Access Control Lists (ACL)

+ + +
+ +
+
+ +
+
+

Sometime linux filesystem permissions and ownership can only get you so far, for more complicated, or fine-tuned permissions we'll to use need another method, ACLs.

+

If you don't know much about linux file permissions I recommend you check my first guide on Linux File Permissions first, as this guide will only be covering the how-to, and not the why.

+ +

What are ACLs?

+

Access Control Lists, ACL for short are essentially a filter that can be set for files and directories to allow/disallow permissions for multiple users and groups without the need to change ownerships.

+ +

Install ACL

+ 
sudo apt install acl
+ +

Create ACL Entries/Permissions

+ +

Directory ACL

+

Like default linux permissions, the same deal applies for u,g,o/rwx. + The main difference being that alternate users/groups can be defined by name such as u:username:rw, and g:groupname:x.

+ 
setfacl -dm "u:user:rwx" DIRECTORY # New Files
+setfacl --recursive -m "u:user:rwx" DIRECTORY # Existing Files
+

The above will change the permissions for the directory, and any new children created within it to be rwx for the user "user". The second part of the above will then change all existing child files/directories of the directory to those same ACL permissions.

+ +

File ACL

+

Much like directory ACL, except for files. Any standalone files, or those within directories with an ACL set.

+ 
setfacl -m "u:user:rwx" FILENAME
+ + +

View ACL Entries

+

Sometimes you need to check the permissions, and a ls -l will no longer cut it with ACL in use, so getfacl should be used.

+ 
getfacl FILENAME
+

The above will show something along the lines of:

+ 
# file: FILENAME
+# owner: root
+# group: root
+user::rwx
+user:user:rwx
+group::r-x
+mask::rwx
+other::r-x
+ +

The owner, group, user::, group::, and other::, are self-explanitory as they're basic Linux File Permission bits 'n' bobs.

+

mask::rwx sets the maximum permissions that can be used for the other user/groups that aren't the owners. So having rwx allows different user/groups to be able to have all permissions.

+

user:user:rwx shows that the user "user" has rwx permissions for the file.

+ +

Remove ACL Entries

+ +

If you're don't want the ACLs anymore, you can always remove them for a file/directory. Adding -R to the command will recursively remove ACL from any children too.

+ 
setfacl -b FILENAME
+ +

Remove ACL entry for a specific user/group

+ 
setfacl -x "u:user" FILENAME
+ +
+
+ + + + + diff --git a/guides/linux-file-permissions.html b/guides/linux-file-permissions.html index e861d54..f33f637 100644 --- a/guides/linux-file-permissions.html +++ b/guides/linux-file-permissions.html @@ -101,6 +101,9 @@ chmod o+r FILENAME

The chmod command can also be used on directories. The following example will give all permissions to all users for that directory, and all its child files/directories.

chmod a=rwx directoryName -R
+

Extra

+

Access Control Lists (ACL) Permissions for a guide to access control lists.

+