getfacl and setfacl – Unix Access Control (acl) Tool

Today’s topic is all about Access List… For Unix and Unix-like system, the usual command to set the file permission is the ‘chmod’ command. However there are instances that we need more flexibility in giving access and control for files and folders. Get it? Access and Control? In this situation, there is a file utility built in Unix called ‘getfacl‘ and ‘setfacl‘.


getfacl
is a file utility for viewing the access control list information associated with a file or directory.

For a memory aid, you can think of ‘getfacl’ as “Get File ACL“.. ACL being Access Control List.

Access control lists are extended attributes added to most major file systems in the 2.6 kernel to improve ability to control the access of files. They allow permissions to be set for individual groups and users and not just the owning user, owning group, and all other users.

setfacl is a command that allows you to set the Access Control List information for a file or directory.

Access control lists are extended attributes added to most major file systems in the 2.6 kernel to improve ability to control the access of files. They allow permissions to be set for individual groups and users and not just the owning user, owning group, and all other users.

You can read man pages for both getfacl and setfacl for more information.

getfacl and setfacl example….

Here’s an example of using the basic funtion of getfacl and setfacl

# getfacl

#setfacl

setfacl -m default:user::rwx,default:group::r-x,default:other:r-x,default:mask:rwx /u06/OneSource/datapump_dbdump

setfacl -m default:user:rcodapp1:r-x,default:group:r-x,default:other:—,default:mas:rwx /u06/OneSouce/datapump_dbdump

Leave a Reply

Your email address will not be published. Required fields are marked *