Give individual permission on directories in linux

Generally we use chmod and chown to give user wise or group wise permission and ownership on directories and files in linux but again if you want to five some special permission to a particular user or group on any particular directory then both the above commands won't help you. In such conditions 'setfacl' utility plays its vital role and is very useful. Using 'setfacl' you can give individual permission on the basis of user or group name on any particular directory or files.

Syntax:

To set the permission for any user

 # setfacl -m u:username:permission /path/to/directory

To set the permission for any group

 # setfacl -m g:groupname:permission /path/to/directory

To view the permission

 # getfacl /path/to/directory

To remove individual acl for any user

 # setfacl -x username /path/to/directory

To remove all the acl added by setfacl

 # setfacl -b /path/to/directory

To remove the default acls on any directory

 # setfacl -d /path/to/directory

Examples:

To add an acl for user deepak with read and execute permission on mydata directory

 # setfacl -m u:deepak:r-x /mydata

To add an acl for group admin on any directories

 # setfacl -m g:admin:rwx /mydata

To add the acl recusively on all the sub directories

 # setfacl -Rm -u:deepak:r-x /mydata/

To view the acl entries on mydata

 # getfacl /mydata
 # file: new
 # owner: root
 # group: root
 user:deepak:r-x
 group:admin:rwx
 group::r-x
 mask::r-x
 other::r-x

 # ls -l / | grep mydata

 drwxr-xr-x+ 2 root root 4096 Oct 3 16:49 mydata

So here you can see '+' sign is added at the last of permission section of the directory which means that acl is active on that directory.

To remove a particular acl from the directory

 # setfacl -x u:deepak /mydata

To remove all the acls from any directories

 # setfacl -b /mydata

For further examples you can go to man page for setfacl