Give individual permission on directories using setfacl in linux

Generally we use chmod and chown to give user wise or group wise permission and ownership on directories and files in linux but again if you want to five some special permission to a particular user or group on any particular directory then both the above commands won’t help you. In such conditions ‘setfacl‘ utility plays its vital role and is very useful. Using ‘setfacl‘ you can give individual permission on the basis of user or group name on any particular directory or files.

Syntax:

To set the permission for any user
# setfacl -m u:username:permission /path/to/directory
To set the permission for any group
# setfacl -m g:groupname:permission /path/to/directory

To view the permission
# getfacl /path/to/directory
To remove individual acl for any user
# setfacl -x username /path/to/directory
To remove all the acl added by setfacl
# setfacl -b /path/to/directory

To remove the default acls on any directory
# setfacl -d /path/to/directory
Examples:
To add an acl for user deepak with read and execute permission on mydata directory
# setfacl -m u:deepak:r-x /mydata
To add an acl for group admin on any directories
# setfacl -m g:admin:rwx /mydata
To add the acl recusively on all the sub directories
# setfacl -Rm -u:deepak:r-x /mydata/
To view the acl entries on mydata
# getfacl /mydata
# file: new
# owner: root
# group: root
user:deepak:r-x
group:admin:rwx
group::r-x
mask::r-x
other::r-x

# ls -l / | grep mydata
drwxr-xr-x+ 2 root root 4096 Oct 3 16:49 mydata
So here you can see ‘+’ sign is added at the last of permission section of the directory which means that acl is active on that directory.

To remove a particular acl from the directory
# setfacl -x u:deepak /mydata
To remove all the acls from any directories
# setfacl -b /mydata
For further examples you can go to man page for setfacl

Leave a Comment

close button