Sometimes, normal permissions may lack the level of control needed for certain files or directories. In this example, members of the root group will have rwx (read, write, execute) permission to the /var/www/html directory.
drwxrwxr-x root root /var/www/html
Let's say the webadmins groups should have rwx (read write execute) permission and the users group should have r-- (read only) permission to /var/www/html. The getfacl command can be used to get the ACL (access control list) permissions of the /var/www/html directory. In this example, the getfacl permissions are exactly the same as the normal permissions.
[root@server1 ~]# getfacl /var/www/html
# file: /var/www/html
#owner: root
#group: root
user:: rwx
group:: rwx
other: r-x
The setfacl command can be used to make changes to the Access Control Entries (ACE). Lets say the setfacl command is used to give webadmins rwx and users r-x permissions:
setfacl --modify g:webadmins:rwx /var/www/html
setfacl --default --modify g:webadmins:rwx /var/www/html
setfacl --modify g:users:r-x /var/www/html
setfacl --default --modify g:users:r-x /var/www/html
The getfacl command will now show that the webadmins group has rwx (read write execute) and the users group has r-- (read only).
[root@server1 ~]# getfacl /var/www/html
# file: /var/www/html
#owner: root
#group: root
user:: rwx
group:: rwx
group: webadmins: rwx
group: users: r-x
other: r-x
default:users:: rwx
default:group:: rwx
default:group:webadmins: rwx
default:group:users: r-x
default:other:: r-x
Did you find this article helpful?
If so, consider buying me a coffee over at 