Novell Home

Fine-Grained File Permissions

Novell Cool Solutions: Trench
By Nikanth Karthikesan

Digg This - Slashdot This

Posted: 14 Nov 2005
 

Applies to:

  • Novell Linux Desktop
  • SUSE Linux
  • SUSE Linux Enterprise Server

PROBLEM: How to change permission of a particular user on a file/directory ? Using chmod you can change only access of owner, group and others. But how to get that fine grained control over access permissions? Say if you want to have access permission to a file only for you and your friend, how to do it?

SOLUTION: Using ACLs. ACL stands for Access Control Lists. It is a list of entries specifying access permission for each user or group.

Now ACLs are supported by Linux. getfacl and setfacl are the commands used in linux to manipulate the ACLs in Linux.

For example, if you are the root and you want to have access to a file, say file.txt only to you, "root" and another user, "knikanth"

step 1: chmod 0700 file.txt

The above command will change the file permissions such that only you can read, write or execute that file.

Now to add similar rights for the user, knikanth.

step 2: setfacl -m user:knikanth:rwx file.txt

This will add read, write, and execute permissions for the user "knikanth" on the file file.txt. Now only root and knikanth have r,w,x permissions on the file file.txt.

Here, the option -m stands for modify ( similarly you replace the entire ACL) followed by user:username:permissions followed by the filename.

To see the ACL of a file use getfacl.

Before using setfacl, getfacl would have returned something like:

# file: file.txt
# owner: root
# group: root
user::rwx
group::---
other::---

After using setfacl, getfacl would print something like

# file: file.txt
# owner: root
# group: root
user::rwx
user:knikanth:rwx
group::---
mask::rwx
other::---


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell