Skip to main content

Access Control List

 


Access control list:


What is ACL?


• It provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.


Use of ACL:


• Think of the scenario in which particular user is not the member of the group created by you but still you want to give some read or wite access how can you do it without making user the member of the group here comes in picture ACL, ACL helps us to do this trick.


•basically ACLs are used to make the flexible permission mechanism in Linux. from Linux man pages ACLS are used to define more fine grained discretionary access rights for files and

directories.


•commands to assign and remove ACL permissions are: setfacl and getfacl


List of the commands for setting up ACL:

1. to add permission for user:

setfacl -m u:user:rwx  /path of file


2. To add permission for the group:

setfacl -m g:group:rw   /path of file


3. To allow all files or directories to inherit ACL entries from the directory it is within: 

setfacl -Rm "entry" /path to directory


4. To remove the specific entry:

 setfacl -x u:user /path to file


5. To remove all entries 

setfacl -b /path to file


Note:


• As you assign the ACL permissions to file/directory it adds + sign at the end of the permission


• Setting w permission with ACL does not allow to remove the file


getfacl file1: gives the owner and group info of the file, also gives the permission info of the file.


setfacl -m u:spathan:rw  /tmp/file1: gives spathan user the rw permission to file1 file.


setfacl -m g:admins:rw /tmp/file1: gives the members of the admins group the rw permission to file1


setfacl -x u:spathan /tmp/file1: removes the specific permissions given to spathan user on file1


setfacl -b /tmp/file1: removes all the permissions given to any specific user or group on file1.



Comments

Post a Comment

Popular posts from this blog

Linux basic commands

 Linux basic commands: du  -sh  *  |  sort  -h  -r   |  head  -n  40  :    list out first 40 files in the directory that are taking more space in the directory.  cd : change directory Is-l listing the items in long listing format  pwd : print working directory Is-I format: type :no of links:owner : group:size :month :day :time :name cd/: go to/directory whoami: tells us by which username we are logged in. touch jerry: creates the file named jerry in present working directory. cp jerry lex: copy the content of jerry file and paste it to lex file. vi text1: creates the file text1 and open it in vi editor mkdir superman: creates the directory called superman mkdir abc def  : creates 2 folder in one command. touch filename wont work in /etc/ folder if logged in by normal account. man cp: shows manual for cp command. echo "india is my country"> file1 puts the text in file1. rm filename: remove the filename  mv lex luther renames the file from lex to luther  mv luther /h
Post a Comment
Read more

patching tasks

 Patching a Linux system is a critical task to ensure that the system remains secure, stable, and up-to-date with the latest features and fixes. Here’s a comprehensive guide to the tasks involved in Linux patching: 1. Pre-Patching Preparation Backup System : Ensure you have a full system backup, including critical data, configuration files, and applications. Test the backup to verify its integrity. Check Disk Space : Verify that you have enough disk space, particularly on /var , /tmp , and /boot partitions. Review Current Patch Level : Determine the current patch level and installed packages using package management tools like yum , apt , dpkg , or rpm . Check System Logs : Review system logs to identify any issues that might affect the patching process. Test in a Staging Environment : If possible, apply patches in a staging environment that mirrors production to identify potential issues. Notify Stakeholders : Inform stakeholders about the scheduled maintenance window and expected do
Post a Comment
Read more