How to Configure ACL on RHEL 8

Configuration of Access Control List (ACL) on Redhat 7/CentOS 7/Redhat 8/CentOS 8/Redhat 9

ACL stands for Access Control List that is use for to give additional permission on files and directories to specific users and groups. Access Control List (ACL) is very useful to control Linux file system permissions. By use of Access Control List (ACL), system administrator can easily give permissions to normal users on specific directories and files these users have no rights to view, modify and delete files and directories except that they have permission on it.

In Linux base operating system administrator gives the permissions of read, write and execute to user and group through Access Control List (ACL). By default Access Control List (ACL) is not enable when user create new files and directories, only those user have rights on it that create these files and directories. System administrator that is root or have sudo rights to give additional permissions on these files and directories that created by root user or any other user.

The definition of Access Control List (ACL) is to allow or deny the file system permissions. There are two types of Access Control List (ACL), File System Access Control List (ACL) and Networking Access Control List (ACL). Here we will work on File System Access Control List (ACL) on Redhat 7/CentOS 7/Redhat 8/CentOS 8/Redhat 9. It is important for System Administrator to note where to apply Access Control List (ACL) on directories and files for future issue.

To apply the Access Control List (ACL) on directories and files use command “setfacl”, to view the applied Access Control List (ACL) on directories and files use command “getfacl”.

Create a directory “owais” by use of command “mkdir” and also check the only user “root” have permission on it to perform any operations.

mkdir /owais
ls -lrd /owais

how to configure acl on centos 7

Create some text files (owais1, owais2 and owais3) by use of touch commands inside the directory “owais”, type the below mention commands to perform actions. Command "cd" is use to enter in the directory "owais".

cd /owais
touch owais1 owais2 owais3
how to configure acl on centos

Also create the directory "khan" by use of command "mkdir" in the directory "owais". Choose your desire names for the creation of directories and files. 

mkdir khan

access control list

Use command “ll” to list the file and directories inside the directory “owais”. You can also use command "ls" to list the content inside the directories.

ll

acl

To check the default Access Control List “ACL” on directory “/owais” or you can say check default permissions on directory “/owais” before applying Access Control List “ACL”, type the below mention command.

getfacl /owais
or
getfacl -p /owais

understand access control list on redhat

Create users “owais” and “khan” and also created group a “IT” then apply Access Control List “ACL” on directory “/owais” by use of these users "owais and khan" and group "IT".

To create the user “owais” by use of command "useradd" and set it password by use of command "passwd". The format of command is mention below.

useradd owais
passwd owais

understand access control list on centos

To create the user “khan” by use of command "useradd" and set it password by use of command "passwd". The format of command is mention below.

useradd khan
passwd khan

understand access control list on linux

To create the group “IT” by use of command "groupadd", the format of command is mention below.

groupadd IT

understand access control list on linux

Add user “owais” and “khan” as a member of group “IT”, type the below mention command. By use attribute "-aG" user will also member of other groups means its own group and also if the user already member of other supplementary group.

usermod -aG groupname username
usermod -aG IT owais
usermod -aG IT khan

how to configure acl on rhel 8

Give below mention permissions to user “owais”, user “khan” and group “IT” by use of Access Control List “ACL” command “setfacl”.

owais à rw-    (Assign permission to user “owais”, read and write)
khan à r--        (Assign permission to user “khan”, read only)
IT à rwx           (Assign permission to group “IT”, read, write and execute)

ACL User Base:

To give the extended permission of user "owais" and user "khan" as describe above, type the below mention command.

setfacl -m u:owais:rw- /owais
setfacl -m u:khan:r-- /owais

how to configure acl on rhel 7

ACL Group Base:

To give the extended permission of group "IT" as describe above that are read, write and execute, type the below mention command.

setfacl -m g:IT:rwx /owais

how to configure acl on rhel 9

To check the default directory permission by use of command "ls -lrd" and check the Access Control List “ACL” permissions by use of command "getfacl -p", the format of command is mention below.

ls -lrd /owais
getfacl -p /owais

access control list on rhel 8

Remove ACL Permission:

To remove the Access Control List “ACL” permissions of user “owais” on directory “/owais”, type the below mention command. Attribute "-x" is use to remove the permissions.

setfacl -x u:owais /owais

access control list on rhel 7

To verify Access Control List “ACL” permissions of user “owais” has been removed on directory “/owais” successfully, type the below mention command.

getfacl -p /owais

access control list on rhel 9

To remove all extended Access Control List “ACL” permission on directory “/owais”, type the below mention command. Attribute "-b" is use to remove the all the extended permissions means all extended users and group permission will remove.

setfacl -b /owais
how to manage access control list on rhel 8

To verify Access Control List “ACL” extended permissions has removed successfully on directory “/owais”, type the below mention command.

getfacl -p /owais

how to manage access control list on rhel 9

To check the default permission on directory “/owais” after remove Access Control List “ACL” extended permissions, type the below mention command.

ls -lrd /owais

how to manage access control list on rhel 7

Recursive Permission:

Give recursive extend permission “read and write” to user “owais” on directory “/owais”, type the below mention command. Attribute "-Rm" is use to give recursive extend permission means permission will apply on directory "owais" and inside it all content that include files and directories. 

setfacl -Rm u:owais:rw- /owais

how to configure acl on redhat 8

To verify the applied Access Control List “ACL” extended permissions on directory “owais” and it’s inside file and directory, type the below mention command.

getfacl -p /owais
getfacl -p /owais/khan
getfacl -p /owais/owais1

Remove Recursive Permissions:

To remove the extended recursive permission Access Control List “ACL” on directory “owais”, type the below mention command. Here attribute  "-R" is use for recursive permission, attribute "-b" remove all permissions for (user and groups) and attribute "-k" remove default acl (mask).

setfacl -Rbk /owais

how to configure acl on redhat 9

To verify the extended recursive permission Access Control List “ACL” has been removed successfully on directory “owais” and its inside files and directory, type the below mention command.

getfacl -p /owais
getfacl -p /owais/khan
getfacl -p /owais/owais1
Thanks for Read this Article

Comments

Post a Comment