View access control entries using the GETFACL command in Linux

Home > Search > Linux commands
  by

Sometimes, normal permissions may lack the level of control needed for certain folders or files. For example, let's say the /var/www/html directory has the following permissions and ownership. In this example, members of the root group will have r-x (read, execute) permission to the /var/www/html directory.

drwxr-xr-x  root  root  /var/www/html

 

Let's say there are a variety of groups that need access to the files in the /var/www/html directory, and each group needs different permissions. For example, let's say group1 should have rwx (read, write, execute) and group2 should have r-x (read, execute). The getfacl command can be used to get the ACL (access control list) permissions of the /var/www/html directory. In this example, the getfacl permissions are exactly the same as the normal permissions.

[root@server1 ~]# getfacl /var/www/html
# file: /var/www/html
#owner: root
#group: root
user:: rwx
group:: r-x
other: r-x

 

The setfacl command can be used to make changes to the Access Control Entries (ACE). Lets say the setfacl command is used to give group1 rwx and group2 r-x permissions:

[root@server1 ~]# setfacl -m g:group1:rwx /var/www/html
[root@server1 ~]# setfacl -m g:group2:r-x /var/www/html

 

The getfacl command will now show the new entry for group1 and group2. Now, members of group1 will have rwx (read, write, execute).

[root@server1 ~]# getfacl /var/www/html
# file: /var/www/html
#owner: root
#group: root
user:: rwx
group:: r-x
group: group1: rwx
group: group2: r-x
other: r-x

 

The -d option can be used to create a default Access Control List.

[root@server1 ~]# setfacl -d -m g:group1:rwx /var/www/html
[root@server1 ~]# setfacl -d -m g:group2:r-x /var/www/html

 

The getfacl command now lists the default settings.

[root@server1 ~]# getfacl /var/www/html
# file: /var/www/html
#owner: root
#group: root
user:: rwx
group:: r-x
group: group1: rwx
group: group2: r-x
other: r-x
default:users:: rwx
default:group:: r-x
default:group:group1: rwx
default:group:group2: r-x
default:other:: r-x

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments