Linux 101 : Access Control Lists ( ACL )

Access control lists:

Access control lists (ACL) can be viewed as an extension to the
conventional Linux discretionary access control (DAC).

When displaying the ACL attributes of a file, we get for example
the below output:

We could see for the above results that the ACL is not set for the
file "file".

Depending on the system, ACL is either set by default or not.

ACL-enabled partitions:

We can check if the ACL is set on a partition "sda1" for example, using the below command, then we check the mount option in the output:

We can set ACL on a partition using :

-o : to introduce then mount options for the partition.

"/etc/fstab" and ACL:

We can set the ACL option in the "/etc/fstab" file as below:

For the changes to take effect, we use the below command to remount the partition with ACL enabled:

An example of ACL:

We can see that the user "debian" has "read" and "write"
rights.

Member of the group "debian-group" can only read the file.

The owner "debian" can give rights for example to "Albert" to "read", "write" and "execute" the file "file_acl" using the below command:

-m: means 'm'odify

We can check the changes using the below command:

We would also need to set the right access permissions for Albert for the directory containing the "file_acl" file, so that he could see the "file_acl" in the "debian" directory:

To apply the same rights for a user across a whole directory, we use
the "-R" option as below:

Removing ACL rights:

We could use the below command to remove ACL rights:

The above command deletes the "read" rights of the user Albert on the "file_acl".

We could remove all rights from user Albert using the
below command:

Or we could use the below command to remove all ACL of the file "file_acl" for the user Albert:

Groups and rights:

We could also give "read" and "write" rights to the members of the group "debian-group" for the file "/home/debian/file_acl" for example using the below command: