10 C
Texas

How to create and Mange File System Access Control List (ACL) with Ubuntu 20.04.

Objective:

ACL, or Access Control Lists are special permissions. Linux file system by using standard file permission is User, Group, and Other Level. Further, having permissions in form of Write, Read, and Execute. Of course, it will work in maximum situations, but sometimes users can require additional permissions. Here comes the role of ACL. Consider Bob is from the Sales department, but he wants access to a file from the Finance department. Now, the general file permission structure will not work here. The finance department would no like to expose all files other than the desired one. We can grant special permissions with the help of ACLs. Standard permissions can work for a single user or single group, but to add extra users to any file system from a different group, ACL us required. Today we will learn How to create and Mange File System Access Control List.

Understand ACL in practical:

In this scenario, we would be using Ubuntu 20.04 LTS. Before starting let’s verify whether ACLs are supported at kernel level or not in our OS?

List Kernel level support of ACLs.

ubnt@ubnt:~$ uname -r
 5.4.0-53-genericFirst, check kernel version.
- Advertisement -

Grep ACL supported file systems lists.

ubnt@ubnt:/boot$ grep ACL /boot/config-$(uname -r)

Out put

CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_REISERFS_FS_POSIX_ACL=y
 CONFIG_JFS_POSIX_ACL=y
 CONFIG_XFS_POSIX_ACL=y
 CONFIG_BTRFS_FS_POSIX_ACL=y
 CONFIG_F2FS_FS_POSIX_ACL=y
 CONFIG_FS_POSIX_ACL=y
 CONFIG_SHIFT_FS_POSIX_ACL=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_JFFS2_FS_POSIX_ACL=y
 CONFIG_EROFS_FS_POSIX_ACL=y
 CONFIG_NFS_V3_ACL=y
 CONFIG_NFSD_V2_ACL=y
 CONFIG_NFSD_V3_ACL=y
 CONFIG_NFS_ACL_SUPPORT=m
 CONFIG_CEPH_FS_POSIX_ACL=y
 CONFIG_9P_FS_POSIX_ACL=y

Here, Y means that ACL is directly compiled into the Linux kernel. Whereas, m means a loadable module.

Set default ACL permissions.

Let’s create a directory first.

 root@ubnt:~# mkdir acldemo

Have a look before setting ACL permissions, only single users permissions are visible.

root@ubnt:~# getfacl acldemo/
Get ACL attributes.

Defile ACL rule so that any file created under acldemo will be with no permission at other level.

root@ubnt:~# setfacl -m d:o:--- acldemo

Where, -m stands for modified, d: directory, o: others, and no permission to others is defined for acldemo direct

root@ubnt:~# getfacl acldemo/
ACL changes are made as per requirements.
root@ubnt:~/acldemo# touch test
Create a file and see ACL status.
Hereditary  is sustained. Can see same permisson with file even. 
Here, let's give additonal access permission to a user e.g. 'raj'

root@ubnt:~# setfacl -dm u:raj:rwx acldemo

Have a look if raj user have access or not.

root@ubnt:~# getfacl acldemo/
Amend user and see permission.

Remove ACL entries.

User’s special access can be removed using -x and -b option with setfacl.

Let’s remove ACL permission for user ‘raj’

root@ubnt:~# setfacl -x u:raj acldemo/

Remove ACL records.

root@ubnt:~# setfacl -b  acldemo/

Have a look, original status regained.

Remove all ACL records and have a look.

Conclusion:

Additional permissions are always required in a complex working environment. ACL permissions are always helpful to sustain permission but, without compromising any security issue.

Reference: https://help.ubuntu.com/community/FilePermissionsACLs

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article