In this tutorial we’ll go over the basics of ACLs and employ them in a fictional office scenario.

What Are ACLs?

Access Control Lists (ACLs) supplement thestandard file system permissions model on Linux and Unix.

Toolbar on the Kubuntu Focus Ir14 with the mouse hovering over the Konsole Terminal.

Hannah Stryker / How-To Geek

They also do neat things like automatically applying permissions to new files and directories.

But first, let’s cover some basic Linux file system permissions concepts in which ACLs work alongside.

Now that we understand users, I can introduce you to “groups.”

A terminal window showing standard file permissions of a sample file on Linux.

Groups are pretty easy to understandthey’re simply collections of existing users.

You then assign permission for the resource to the group, instead of each individual user.

This makes administration easier and more streamlined.

A terminal window showing file listing output on Debian.

OK, let’s talk about files and directories.

These are the resources we care about granting and protecting access to.

Each entity may have a combination of read, write and execute (r/w/x) permissions assigned.

A terminal window showing output of tune2fs command, and acl default mount option circled.

Keep that in mind when looking at output such as this as it may be confusing at first.

Note that theroot usercan modify any file on the system, regardless of ownership.

This approach to file system permissions works well for most at-home and standalone setups.

A terminal window showing getfacl command and its output on a file.

How about an example?

You’ve additionally granted group ownership of this file to the accounting group.

Now you’ve received a request to grant read access to the user named lumberg.

A terminal window showing getfacl command and its output.

Let’s assume you’re using the standard permissions model.

Here are a few (futile) ideas for completing this request:

What to do?

Well, youcouldjust take an early lunch break.

A terminal window showing ls command output with ACL entry flag.

However, let’s instead employ ACLs!

Checking for ACL Support on Your System

Most modern Linux distributions support ACLs out-of-the-box.

To verify on ext2/3/4 file systems, use tune2fs.

A terminal window showing the setfacl command modifying a file’s ACL entry.

The minimum ACL comprises the standard permissions for the owner, owning group and all other users.

We’ll use it to complete the request above by granting the lumberg user read access to report.pdf.

Default ACLs

Default ACLs only apply to directories (folders).

A terminal window showing output of getfacl command on our sample file.

Access control lists are great for when you want to take your file system permissions to the next level.

A terminal window showing setfacl command to set permissions, then getfacl to show them.