Hi, this is Sandra Henry-Stocker, author of
the “Unix as a Second Language” blog on NetworkWorld.
In this Linux tip, we’re going to look at the setfacl and getfacl commands. These commands
allow you to establish and report on file permissions that reach beyond the traditional
read, write and execute permissions on Linux systems.
For example, while traditional Linux commands only allow you to associate a single group
with a file, setfacl allows you to give specific permissions to other groups as well. You can
also give permissions to individuals. Say you have a file named myfile and you want
one other user to have full read, write and execute permission to it. It starts out looking
like this: In this setfacl command, -m means “modify”,
the u:jdoe indicates we’re giving a user access, :rwx indicates the permissions being
granted and myfile is, of course, the file name.
Notice that the only differences in the file listing are that the group permissions are
now rwx and that the permissions string is now followed by a + sign (-rw-rwxr–+). This
is meant to indicate that there are permissions beyond the read, write and execute assignments
for the owner, group and others. To see more information on what that + indicates,
use the getfacl command: Notice that this listing includes a separate
line for jdoe’s permissions. The setfacl command also allows you to assign
permissions to a group and to remove permissions as shown in these commands:
That’s your Linux tip for today. If you have questions or would like to suggest a
topic, please add a comment below. And don’t forget to subscribe to the IDG Tech(talk)
channel on YouTube. If you liked this video, please hit the like and share buttons. For
more Linux tips, be sure to follow us on Facebook, YouTube and NetworkWorld.com.