SYS: Create and manage Access Control Lists (ACLs).

Share this link

Note: This is an RHCSA 7 exam objective.


When basic file permissions are not enough, you can use ACL.

ACL stands for Access Control Lists.


However, before doing this, you have to check if the partition permits ACLs.
To check that ACLs work, type:

# mount
/dev/mapper/vg_root-lv_root on / type ext4 (rw)

In this case, you have to edit the /etc/fstab file, add “,acl” after the defaults or rw option and, then, remount the partition:

# mount -o remount /

ACL Configuration

To allow read/write access to the user bob on the file called f (-m for modify, u for user, rw- for read/write access), type:

# setfacl -m u:bob:rw- f

To request access control list status on the same file f, type:

# getfacl f
# file: f
# owner: root
# group: root

To remove permissions allowed to the user bob (-x for remove, u for user), type:

# setfacl -x u:bob f

To remove all the ACLs on a file called f (-b for remove-all), type:

# setfacl -b f

To allow read/execute permissions to the group called team on a directory dir and all the files inside (-R for recursive, -m for modify, g for group, r-x for read/execute access), type:

# setfacl -R -m g:team:r-x dir

To get the result, type:

# getfacl dir
# file: dir
# owner: root
# group: root

Addition Resources

You can watch Ralph Nyberg‘s video about  Configuring ACLs (18min/2015).
Also, the setfacl man page is a good source of information.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
21 comments on “SYS: Create and manage Access Control Lists (ACLs).
  1. algorisms says:

    While they aren’t directly considered ACLs, do you think that the RHCSA exam might include questions regarding lsattr and chattr? I haven’t run into much need for them, but Michael Jang’s book covers them and makes it seem like they might be included.

    Also, if you are using an xfs filesystem, it seems like you don’t need to edit fstab at all for ACLs. I haven’t tested this on RHEL but in Centos 7, I could manipulate ACLs without the flag in /etc/fstab.

    Just to confirm, I placed the acl after defaults as I have done with ext4 systems before and then ran:

    > mount | grep /dev/sda1 # it returned this:
    > /dev/sda1 on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)

    It seems like XFS doesn’t mount with the ACL option at all despite me mounting it in fstab and telling it to do that. Any thoughts?

    • CertDepot says:

      Concerning the lsattr et chattr commands, you can spend several minutes to learn how to use them and if a question occurs during an exam, display the related man pages.
      Concerning the acl option, I have seen the same situation with the ext4 file system: it seems that this option is a default. If acls work without specifying them, I don’t think you need to waste your time to set it.

  2. ak340 says:

    Hi CertDepot,

    would like to ask if including ,acl after defaults in /etc/fstab is a must, I have set an acl to a directory (ext4 type btw) and the configuration persisted even after reboot

  3. ak340 says:

    Thank you Certdepot!

  4. Gjorgi says:

    ACL is enabled by default on EXT4 if the filesystem is created on an RHEL 7 installation, if I am not mistaken.

  5. twostep says:

    Maybe you should warn users against interpreting output from getfacl, especially the line “#effective:”.

  6. ercole1977 says:

    Hi guys.
    One question: I set an ACL on a directory with the -R option so all the files contained receive the same setting. Then if I create a new file inside this dir, it has no ACL. How does inherit work with folders, talking about ACLs?

Leave a Reply

RHCSA7: Task of the day

Allowed time: 10 minutes.
Boot and change the root password before the end of the boot process.

RHCE7: Task of the day

Allowed time: 10 minutes.
Change the SSH process configuration to only listen on the 443 port.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...