Sharing Ilmu

Sharing for useful things

How To Configure ACL (Access Control List) in Linux Centos/RedHat

When you using linux system with single user, the standard linux permission may be enough for use in working daily. But if the linux system is used by multiple user, you must have a right permission for securely access share directories or files.  For that, you can use ACL (Access Control List) in your system so that the some different user of group can be have same permissions on the directories/files.

getfacl command used for check acl status in certaining directories/files and setfacl command that use for setting/modify acl in directories/files.

For example when implement ACL, if you have one share directories with some group and some user you can use acl for secure directories.

First create two new group with name as  IT and STAFF.

# groupadd IT

# groupadd STAFF

 

Check on /etc/group for make sure new group success to create.

As the shown image above, group IT with GroupID 1001 and STAFF with GID 1002.

 

Create some users (it1,it2) with IT as supplementary group and users (staff1,staff2) with STAFF as suppementary group.

# useradd -G 1001 it1

# useradd -G 1001 it2

# useradd -G 1002 staff1

# useradd -G 1002 staff2

Check on /etc/group , as the shown image bellow it1 and it2 users has including in IT group, while staff1 and staff2 users has including in STAFF group.

Change password for users with the password as redhat

# passwd it1

# passwd it2

# passwd staff1

# passwd staff2

 

Create new directory namely WorkingDir

# mkdir /WorkingDir

then check acl  status on WorkingDir directory

As shown image above, by default the WorkingDir directory is owned by root user and group. And then in those directory we will to configure acl so that the IT and STAFF group can be have Read/Write permissions on those directory.

Check again acl status on WorkingDir

As the shown image above the IT and STAFF group have a Read/Write access to /WorkingDir directory.  But that only applied for existing files/directory in those /WorkingDir. You must configure default acl so that those group can be have default permission access to WorkingDir directory.

# setfacl -m d:g:IT:rwX /WorkingDir

# setfacl -m d:g:STAFF:rwX /WorkingDir

Exit from root then login to users (it1,it2,staff1,staff2) then test access and create new files from /WorkingDir directory.

 

As shown image bellow, users that are include on IT and STAFF groups has been permission access to /WorkingDir directory.

The last example based on configuration above, if you want add exception on the staff2 user only have read permissions you can configure with adding by user in acl.

# setfacl -m u:staff2:r– /WorkingDir

Setting for default permission too :

# setfacl -m d:u:staff2:r– /WorkingDir

Now check the configure in staff2 user

As the shown image above, the staff2 user not have permission for access /WorkingDir directory.

 

z

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>