Child pages
  • How to set up ACL on Linux platforms
Skip to end of metadata
Go to start of metadata

There is an utility with GUI interface called eiciel that will help you set up the ACL to your taste easily. On a terminal window, type eiciel and it will pop up a window that looks like:

Click on the "Open" button and select the directory or file you want to modify its ACL. (Here I will use /tmp/test as an example). At this point there is no ACL set up for this directory and it looks like:

and the getfacl output is:

$ getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: shei
# group: staff
user::rwx
group::---
other::---

If I click on the "Default ACL" button, it will set up the default ACL for /tmp/test and now it looks like:

Notice the added ACL line with there and the output of getfacl becomes:

$ getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: shei
# group: staff
user::rwx
group::---
other::---
default:user::rwx
default:group::---
default:mask::rwx
default:other::---

If I want to give another user, robh, some permission, I can

The getfacl output becomes:

$ getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: shei
# group: staff
user::rwx
user:robh:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:group::---
default:mask::rwx
default:other::---

At this point you can modify the right you want to give that user such as taking away the write permission:

$ getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: shei
# group: staff
user::rwx
user:robh:r-x
group::---
mask::rwx
other::---
default:user::rwx
default:group::---
default:mask::rwx
default:other::---

You can also add a group with the permissions you desire as shown here (by adding the group staff):

$ getfacl /tmp/test
getfacl: Removing leading '/' from absolute path names
# file: tmp/test
# owner: shei
# group: staff
user::rwx
user:robh:r-x
group::---
group:staff:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:mask::rwx
default:other::---