Access Control List (ACL) is a list of permissions attached to a file or directory.
Pre-Requisite:
To set ACL for any file or directory, the underlying filesystem should be ACL enabled which you have to mention while mounting the filesystem.
To make it permanent, you need to edit /etc/fstab and add "acl" under options field for the specific filesystem.
Ex:
LABEL=/data /data ext3 defaults,acl 1 2
After modifying the /etc/fstab file, you have to remount the filesystem.
# mount -o remount /data
Now we can start setting the ACL on any file or directory located under /data filesystem.
To set full permission for a user on /data,
# setfacl -m u:user1:rwx /data
To set only read/execute permission for a user on /data/file1,
# setfacl -m u:user1:r-x /data/file1
To set full permission for dba group on /data/oracle directory,
# setfacl -m g:dba:rwx /data/oracle
To set full permission to user1 and group1 on /data directory,
# setfacl -m u:user1:rwx,g:group1:rwx /data
To revoke the ACL for a user on /data,
# setfacl -x u:user1 /data
To view the current ACL values on /data,
# getfacl /data
To revoke write access for all users and groups on a file,
# setfacl -m m::rx /data/file1
Above command will set the mask value as "r-x".
To copy the acl of one file to another,
# getfacl file1 | setfacl --set-file=- file2
You can also use the below method to copy the acl rights between files.
$ getfacl /data/file1 > acls.txt
$ setfacl -f acls.txt /data/file2