Filesystem/Access Control List Guide

Extended Access Control Lists (ACLs) are Article description::one of the more important security control features on multiuser Linux systems. They facilitate more control over files than do the basic POSIX user, group, and other permissions.

POSIX basic ACL
For instance:

For example:

drwxr-xr-x 2 apache  apache       135 Dec 11 17:48 apache2

What is missing?


 * 1) What happens if more than one user needs control of this directory?  One solution is to add these users to the "apache" group.  However, these users would then have access to everything the "apache" group has access.  This is not what we want.
 * 2) What happens if we need another group to have read/write access to this directory but no other users?  In the same way, we can add all the other group users and the "apache" user to another group and let them have access to said group.

But what happens if you want to allow this group to read but not to write?

POSIX basic ACL has its limitations. "Extended ACL" fixes many of these issues.

Kernel
Enable POSIX Access Control Lists for each filesystem that is used on the system.

Btrfs
Save the changes, recompile the kernel, and reboot the system.

Emerge
Install the utilities for manipulating ACLs:

Configuration
Filesystems such as XFS and ext4 enable extended ACLs by default when mounted. Other filesystems may require extra mount options to enable extended ACLs. Just add the  mount option in :

Now remount the partition with the  option to finish.

Set/modify ACL
To set ACLs the command must be invoked. You can read the man page for for more options

To add username to have read, write and execute on :

To add username to have +write access on :

To add default user access right to read and write on folder:

To add groupname to have read, write and execute on :

To add groupname to have recursive +execute on :

To add default group access right to read and write on folder

Get/read ACL
To get ACL we need to run the command. Read 's man page for more options.

To get ACL on :

Remove ACL
Removing ACL is simple.

Remove ACL on

Remove default ACL on testfolder:

Which files/folders are under ACL control?
How do you know that your files are under ACL without running on all files?

The command will show a   sign if it uses ACL.

Notice the  sign on  and also named.