SYS: Create and manage Access Control Lists (ACLs).

Share this link

Note: This is an RHCSA 7 exam objective.

Presentation

When basic file permissions are not enough, you can use ACL.

ACL stands for Access Control Lists.

Prerequisites

However, before doing this, you have to check if the partition permits ACLs.
To check that ACLs work, type:

# mount
/dev/mapper/vg_root-lv_root on / type ext4 (rw)

In this case, you have to edit the /etc/fstab file, add “,acl” after the defaults or rw option and, then, remount the partition:

# mount -o remount /

ACL Configuration

To allow read/write access to the user bob on the file called f (-m for modify, u for user, rw- for read/write access), type:

# setfacl -m u:bob:rw- f

To request access control list status on the same file f, type:

# getfacl f
# file: f
# owner: root
# group: root
user::rw-
user:bob:rw-
group::r--
mask::rw-
other::r--

To remove permissions allowed to the user bob (-x for remove, u for user), type:

# setfacl -x u:bob f

To remove all the ACLs on a file called f (-b for remove-all), type:

# setfacl -b f

To allow read/execute permissions to the group called team on a directory dir and all the files inside (-R for recursive, -m for modify, g for group, r-x for read/execute access), type:

# setfacl -R -m g:team:r-x dir

To get the result, type:

# getfacl dir
# file: dir
# owner: root
# group: root
user::rwx
group::r-x
group:team:r-x
mask::r-x
other::r-x

Addition Resources

You can watch Ralph Nyberg‘s video about  Configuring ACLs (18min/2015).
Also, the setfacl man page is a good source of information.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

18 Comments on "SYS: Create and manage Access Control Lists (ACLs)."

Notify of
Sort by:   newest | oldest
algorisms
Member
algorisms
While they aren’t directly considered ACLs, do you think that the RHCSA exam might include questions regarding lsattr and chattr? I haven’t run into much need for them, but Michael Jang’s book covers them and makes it seem like they might be included. Also, if you are using an xfs filesystem, it seems like you don’t need to edit fstab at all for ACLs. I haven’t tested this on RHEL but in Centos 7, I could manipulate ACLs without the flag in /etc/fstab. Just to confirm, I placed the acl after defaults as I have done with ext4 systems before… Read more »
ak340
Member
ak340

Hi CertDepot,

would like to ask if including ,acl after defaults in /etc/fstab is a must, I have set an acl to a directory (ext4 type btw) and the configuration persisted even after reboot

ak340
Member
ak340

Thank you Certdepot!

redhat0329
Member
redhat0329

Hi CertDepot,

Is it okay also to add the ‘d’ right after you set an acl?please see sample below. Thanks

#setfacl -R -m d:g:team:r-x dir

Gjorgi
Member
Gjorgi

ACL is enabled by default on EXT4 if the filesystem is created on an RHEL 7 installation, if I am not mistaken.

twostep
Member
twostep

On RHEL7 the default file system is XFS. For XFS acl option is also default so you do not have to put it in /etc/fstab.

twostep
Member
twostep

Maybe you should warn users against interpreting output from getfacl, especially the line “#effective:”.

wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create two new user accounts "steve" and "oliver".
Create a group "team". Create a directory "shared".
All files put into the "shared" directory by "steve" or "oliver" should belong to the "team" group and be only visible by them.

RHCE7: Task of the day

Allowed time: 3 minutes.
Configure your machine to be a router.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...