access control list (acl)

+
This describes POSIX acl.
+

The access control list provides a flexibel permission mechanism next to the +UNIX file permissions. This allows to specify fine grained permissions for +users/groups on filesystems.

Filesystems which support acl typically have an acl option, which must be +specified while mounting when it is not a default option. +Filesystems must be mounted with the acl option if not enabled as default +option.

Files or folder that have an acl defined, can be identified by the + sign +next to the UNIX permissions.

The following shows on example for a zfs filesystem.

# mount | grep tank
+tank on /tank type zfs (rw,xattr,noacl)
+tank/foo on /tank/foo type zfs (rw,xattr,posixacl)
+
+# ls -h /tank
+drwxrwxr-x+ 2 root root 4 11. Jun 14:26 foo/
+

Show acl entries

# List current acl entries.
+getfacl /tank/foo
+

Modify acl entries

# Add acl entry for user "user123".
+setfacl -m "u:user123:rwx" /tank/foo
+
+# Remove entry for user "user123".
+setfacl -x "u:user123" /tank/foo
+
+# Add acl entry for group "group456".
+setfacl -m "g:group456:rx" /tank/foo
+
+# Add acl entry for others.
+setfacl -m "o:rx" /tank/foo
+
+# Remove extended acl entries.
+setfacl -b /tank/foo
+

Masking of acl entries

The mask defines the maximum access rights that can be given to users and +groups.

# Update the mask.
+setfacl -m "m:rx" /tank/foo
+
+# List acl entries.
+getfacl /tank/foo
+# file: tank/foo
+# owner: root
+# group: root
+user::rwx
+user:user123:rwx     # effective:r-x
+group::r-x
+mask::r-x
+other::rwx
+

References

+ +

Notes

access control list (acl)

Show acl entries

Modify acl entries

Masking of acl entries

References