Solaris Unix And Linux Invasion School For Nix Courses Call 01018151887 For More Info: How to Set ACL on Redhat LINUX

Saturday, September 20, 2014

How to Set ACL on Redhat LINUX

ACL (Access Control List) is one of the utility which provides flexible permission method. ACL allow us to provide the required permission without changing the default permissions of Files/Folders. In this article we will be addressing how to Check and Configuring and Removing the ACL Permission settings in LINUX servers.

USEFUL ACL COMMANDS :

Two set of commands only we used to do with ACL

# getfacl

# setfacl <options>

Checking the Capabilities of ACL functions
In order to use the ACL, the file system should be mounted with ACL option. However, Most of the time ACL option is set as a default option on our file systems, To check that we can execute below command.

[root@unixrock /]# tune2fs -l /dev/sda1| grep "Default mount options:"
Default mount options:    user_xattr acl
[root@unixrock /]#

If ACL is not set as default, don't be panic, we have other option to set that. we can add the ACL option in /etc/fstab as default one which persist after the reboot or we can change the default mount option with tunefs command.

[root@unixrock /]# tune2fs -o acl /dev/sda1
tune2fs 1.41.12 (17-May-2010)
[root@unixrock /]#

[root@unixrock /]# grep -i acl /etc/fstab
/dev/mapper/vg01-LVOL1 /LVOL1_mnt  ext4    defaults,acl  0   0
[root@unixrock /]#

Checking the ACL Permissions
Syntax :- # getfacl

[root@unixrock /]# getfacl acl_test_file
# file: acl_test_file
# owner: unixrock
# group: root
user::rw-
group::r--
other::r--

[root@unixrock /]#
[root@unixrock /]# ls -ltr |grep -i acl
drwxr-xr-x.   2 unixrock root  4096 Feb 13 09:32 acl_test_dir
-rw-r--r--.   1 unixrock root    51 Feb 13 11:21 acl_test_file
[root@unixrock /]#

Currently "Unixrock" user only having the write access to the file acl_test_file. Below example "raj" user is trying to edit the file acl_test_file, but getting "permission denied" error.

[root@unixrock /]# su - raj
[raj@unixrock ~]$
[raj@unixrock ~]$ cat >>/acl_test_file
-bash: /acl_test_file: Permission denied
[raj@unixrock ~]$

Giving write access to "raj"

Syntax :# setfacl -m u:uid:permissions <FileName>

[root@unixrock /]# setfacl -m u:raj:rwx acl_test_file
[root@unixrock /]#
[root@unixrock /]# getfacl acl_test_file
# file: acl_test_file
# owner: unixrock
# group: root
user::rw-
user:raj:rwx
group::r--
mask::rwx
other::r--

[root@unixrock /]# ls -ltr acl_test_file
-rw-rwxr--+ 1 unixrock root 51 Feb 13 11:21 acl_test_file
[root@unixrock /]#

NOTE: we can see the "+" sign which indicates that ACL has set on that file. Now "raj" user able to edit the file, After setting the ACL permission.

[root@unixrock /]# su - raj
[raj@unixrock ~]$
[raj@unixrock ~]$ cat >>/acl_test_file
this entries made by raj user for testing purpose
[raj@unixrock ~]$ cat /acl_test_file
this is the test tool for Unixrock
testing entries
this entries made by raj user for testing purpose
[raj@unixrock ~]$

Removing the ACL entries

[root@unixrock /]# ls -ltr acl_test_file
-rw-rwxr--+ 1 unixrock root 101 Feb 13 11:36 acl_test_file
[root@unixrock /]#
[root@unixrock /]# setfacl -b acl_test_file
[root@unixrock /]#
[root@unixrock /]# ls -ltr acl_test_file
-rw-r--r--. 1 unixrock root 101 Feb 13 11:36 acl_test_file
[root@unixrock /]#

Setting ACL for inherit folder (folders and its subfolders and files)

[root@unixrock /]# ls -ld acl_test_dir
drwxrwxr-x+ 5 unixrock root 4096 Feb 13 12:24 acl_test_dir
[root@unixrock /]# ls -ltr acl_test_dir
total 12
drwxr-xr-x. 2 root root 4096 Feb 13 12:24 test1
drwxr-xr-x. 2 root root 4096 Feb 13 12:24 test3
drwxr-xr-x. 2 root root 4096 Feb 13 12:24 test2
[root@unixrock /]#
[root@unixrock /]# setfacl -Rm u:raj:rwx acl_test_dir
[root@unixrock /]#
[root@unixrock /]# ls -ltr acl_test_dir
total 24
drwxrwxr-x+ 2 root root 4096 Feb 13 12:24 test1
drwxrwxr-x+ 2 root root 4096 Feb 13 12:24 test3
drwxrwxr-x+ 2 root root 4096 Feb 13 12:24 test2
[root@unixrock /]#

Copying the ACL of one file to another

[root@unixrock /]# ls -tlr acl_test_file*
-rw-rwxr--+ 1 unixrock root 101 Feb 13 11:36 acl_test_file
-rw-r--r--. 1 unixrock root  20 Feb 13 12:53 acl_test_file1
[root@unixrock /]#
[root@unixrock /]# getfacl acl_test_file|setfacl --set-file=-  acl_test_file1
[root@unixrock /]#
[root@unixrock /]# ls -ltr acl_test_file*
-rw-rwxr--+ 1 unixrock root 101 Feb 13 11:36 acl_test_file
-rw-rwxr--+ 1 unixrock root  20 Feb 13 12:53 acl_test_file1
[root@unixrock /]#

Solaris Unix And Linux Invasion School For Nix Courses Call 01018151887 For More Info

Linux menu

Saturday, September 20, 2014

How to Set ACL on Redhat LINUX

No comments:

Linux Unix