Access Control List (ACL) in Red Hat Linux | RHCSA 8 on RHEL 8 | CentOs 8 | Linux Administrator
Learn how to write Access Control List (ACL) in Red Hat Linux 8 or CentOs 8.
In this video tutorial of Red Hat Certified System Administrator (RHCSA) on RHEL 8, I am going to explain what is Access Control List (ACL) and demonstrate how to use ACL in Linux.
First of all, let’ understand what is an ACL or the Access Control List and in which case we apply ACL in Linux? In short, its special permission assigned to a user or a group over a file or directory. Let’s take an example, I have a directory share in the root directory of this server. Checking the current permission and ownership with ls –ld /share, we can see the owner user root has the permission to read, write and execute and also owner group has the same level of permission but other users have only read only permission.
To verify, I create a file named testfile.txt in the /share directory. As we can see permission denied.
I want, the student user to have write and execute access so that it can create or modify and execute files. The user student is treated as other user in this scenario. If I modify the permission with write access to other users, not only to student user but also all the other users (current and future) will have write access in the directory. From the security perspective, this practice would be the worst.
So, in this case, we need special permission. We can provide write access in the directory only to a specific user using the Access Control List. There is a utility in Linux called facl which stands for File Access Control List. This utility sets special permission to files and directories on the command line.
To check, what special permission is given, run getfacl and the directory name that is /share. Here we can see, the owner user, owner group, owner user permission, owner group permission, other users’ permission and special permission to the user student.
Now, let’s learn how to remove this special permission, from this directory. For this, run the command as setfacl -bn /share. It will clear all the ACL entries for the directory or the file.
To know more about the commands, read their man page. Okay friends, that’s all for now, I hope this video was useful to you, thanks for watching this video, see you in the next, until then have a nice time good bye !
redhat linux
