Access control lists (ACLs) Linux

-


Introduction to the management of ACLs (Access Control List) on Linux




Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.

Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.

Basically, ACLs are used to make a flexible permission mechanism in Linux.




Installing ACL:

Before using ACLs for a file or directory, install the acl package:

Redhat: yum install acl
SUSE: zypper install acl
ubuntu: apt-get install acl





Know when a file has ACL attached to it:

It is very easy to know when a file has attached ACL to it. ls -ld command would produce a output as shown below.


Note the + sign at the end of the permissions. This confirms that the file has an ACL attached to it.



getfacl : Display ACL information details of a file.

# getfacl /meetdarji

The mask field here only applies to the additional permissions we have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/groups. If the mask is set to r-x, the write permission will not be granted to additional user/groups.In general, DO NOT set mask to anything other than rwx. The mask value doe not affect the standard UNIX user/group/others permissions.

File with no ACLs

If you run the getfacl command on a file with no ACLs the additional “user:” lines and “mask” line will not be shown and standard file permissions will be shown.





The setfacl command is used to set ACL on the given file. To give a rwx access to user "meet" on the file /meetdarji :

# setfacl -m u:meet:rwx /meetdarji


The -m option tells setfacl to modify ACLs on the file(s) mentioned in command line.To give a rwx access to group "darji" on the file /meetdarji :

# setfacl -m g:darji:rwx /meetdarji



ACLs for multiple user and groups can also be set with single command :

# setfacl -m u:meet:rwx,g:darji:r-x /meetdarji




Removing ACLs

To remove ACL, use the setfacl command with -x option :

# setfacl -x u:meet /meetdarji


The above command removes the ACL for the user john on the file /meetdarji. The ACLs for other user/groups if any remains unaffected.

To remove all ACLs associated to a file use the -b option with setfacl :

# setfacl -b /meetdarji





Backup and Restore ACLs permission

# cd (/meetdarji -> (backup of file path) 
# getfacl -R * > bkp_acl.txt  ( -R -> recursive )


Restoring the ACLs

When you restore the files in /meetdarji directory, you would have to restore the ACLs associated with the files in that direcotry. TO do that use the ACL backup file bkp_acl.txt along with the –restore option :

# setfacl --restore=bkp_acl.txt



Lastly, I hope it's helpful. So, let me know your suggestions and feedback using the comment section.







Comments

Post a Comment

Contact Form

Name

Email *

Message *

Popular posts from this blog

Red Hat Certified Systems Administrator – RHCSA (EX200) Ex@m practice 2022

-
Image
Red Hat Certified Systems Administrator – RHCSA (EX200) Ex@m practice 2022 Course Details RHCSA is an entry-level certification that focuses on actual competencies at system administration, including installation and configuration of a Red Hat Enterprise Linux system and attach it to a live network running network services. To achieve the RHCSA certification the student must pass  EX200 , a 2.5-hour hands-on lab exam. The minimum passing score for the exam is 21 0 out of 300 possible points (70%). There is no prerequisite for the exam, but Red Hat recommends preparing for the exam by taking courses in Red Hat System Administration (RH124 or RH134) if o ne does not have previous experienc e. RHCSA was launched in 2002 as Red Hat Certified Technician (RHCT). As of July 2009 there were 30,000 RHCTs. In November 2010 it was renamed to RHCSA. RHCSA E@AM Questions & Answers ********************************************** RHCSA-VM configuration: *you h
Read more

Step-by-Step Install and Configure OpenLDAP on RHEL7/CentOS 7 Linux

-
Image
OpenLDAP Server Configuration on RHEL7/Centos7 Lightweight Directory Access Protocol  ( LDAP  in short) is an industry-standard, lightweight, widely used set of protocols for accessing directory services. A directory service is a shared information infrastructure for accessing, managing, organizing, and updating everyday items and network resources, such as users, groups, devices, email addresses, telephone numbers, volumes, and many other objects. The  LDAP  information model is based on entries. An entry in a LDAP directory represents a single unit or information and is uniquely identified by what is called a  Distinguished Name  ( DN ). Each of the entry’s attributes has a type and one or more values. An attribute is a piece of information associated with an entry. The types are typically mnemonic strings, such as “ cn ” for common name, or “ mail ” for the email address. Each attribute is assigned one or more values consisting in a space-separated lis
Read more

Creating RAID-0 (Stripe) in Linux

-
Image
Creating RAID-0 (Stripe) on ‘Two Devices’ Using ‘mdadm’ Tool in Linux About RAID-0   RAID-0 is usually referred to as “striping.” This means that data in a RAID-0 region is evenly distributed and interleaved on all the child objects. For example, when writing 16 KB of data to a RAID-0 region with three child objects and a chunk-size of 4 KB, the data would be written as follows: 4 KB to object 0 4 KB to object 1 4 KB to object 2 4 KB to object 0 RAID 0 has High Performance. Zero Capacity Loss in RAID 0. No Space will be wasted. Zero Fault Tolerance ( Can’t get back the data if anyone of disk fails). Write and Reading will be Excellent. Requirements The minimum number of disks is allowed to create RAID 0 is  2 , but you can add more disk but the order should be twice as 2, 4, 6, 8. If you have a Physical RAID card with enough ports, you can add more disks. Install ‘ mdadm ‘ package: The mdadm is a small program, which will allow
Read more