Fine-Grained File Permissions
Novell Cool Solutions: Trench
By Nikanth Karthikesan
Digg This -
Posted: 14 Nov 2005
- Novell Linux Desktop
- SUSE Linux
- SUSE Linux Enterprise Server
PROBLEM: How to change permission of a particular user on a file/directory ? Using chmod you can change only access of owner, group and others. But how to get that fine grained control over access permissions? Say if you want to have access permission to a file only for you and your friend, how to do it?
SOLUTION: Using ACLs. ACL stands for Access Control Lists. It is a list of entries specifying access permission for each user or group.
Now ACLs are supported by Linux. getfacl and setfacl are the commands used in linux to manipulate the ACLs in Linux.
For example, if you are the root and you want to have access to a file, say file.txt only to you, "root" and another user, "knikanth"
step 1: chmod 0700 file.txt
The above command will change the file permissions such that only you can read, write or execute that file.
Now to add similar rights for the user, knikanth.
step 2: setfacl -m user:knikanth:rwx file.txt
This will add read, write, and execute permissions for the user "knikanth" on the file file.txt. Now only root and knikanth have r,w,x permissions on the file file.txt.
Here, the option -m stands for modify ( similarly you replace the entire ACL) followed by user:username:permissions followed by the filename.
To see the ACL of a file use getfacl.
Before using setfacl, getfacl would have returned something like:
# file: file.txt # owner: root # group: root user::rwx group::--- other::---
After using setfacl, getfacl would print something like
# file: file.txt # owner: root # group: root user::rwx user:knikanth:rwx group::--- mask::rwx other::---
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com