ACL

ACL Access Control List is used for advanced permission for users and groups

In order to give ACL to directories or files the certain filesystem in which following folder or files resides has to be acl enabled.

If those filesystem have been created while the system was created then those filesystem will have ACL enabled by default.

If filesystem was created manually after the system was created then those wont be acl enabled.

To check if ACL enabled or not we follow following procedure

 

[root@nfssever ~]# tune2fs -l /dev/mapper/sysvg-optlv
tune2fs 1.41.12 (17-May-2010)
Filesystem volume name:  
Last mounted on:          /opt
Filesystem UUID:          b931b392-7e24-423b-bf3f-063de68662c4
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash
Default mount options:    user_xattr acl
Filesystem state:         clean

If you can see acl in Default mount options then acl is enabled

Now we are checking for acl permission in filesystem testlv that i created after the system was installed

 

[root@nfssever ~]# tune2fs -l /dev/mapper/datavg-testlv
tune2fs 1.41.12 (17-May-2010)
Filesystem volume name:   
Last mounted on:          
Filesystem UUID:          de8cb70d-8c7d-4f6d-9963-e4bbc8f65a54
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash
Default mount options:    (none)
Filesystem state:         clean
Errors behavior:          Continue

Here we cannot see acl enabled in Default mount options

So we got to /etc/fstab and add acl just after Defaults and remount the filesystem

/dev/mapper/datavg-testlv /test    ext4    defaults,acl        1 2

 

[root@nfssever ~]# mount -o remount /test/

now check if acl is activated

[root@nfssever ~]# mount -s
/dev/sda2 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/sysvg-homelv on /home type ext4 (rw)
/dev/mapper/sysvg-optlv on /opt type ext4 (rw)
/dev/mapper/sysvg-tmplv on /tmp type ext4 (rw)
/dev/mapper/sysvg-usrlv on /usr type ext4 (rw)
/dev/mapper/sysvg-usrlocallv on /usr/local type ext4 (rw)
/dev/mapper/sysvg-varlv on /var type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/mapper/datavg-testlv on /test type ext4  (rw,acl)

 

now you can start setting up ACL for users and groups

we have a folder called class inside /test filesystem

[root@nfssever test]# ls -l
total 28
drwxr-xr-x 3 root root  4096 Jan 16 04:03 class

the folder class is owned by root user and root group

now we will give user sruti read, write and execute permission to the folder class without  changing the original permission of user root and group root

[root@nfssever test]# setfacl -m u:sruti:rwx class

 

[root@nfssever test]# ls -l
total 28
drwxrwxr-x+ 3 root root  4096 Jan 16 04:03 class

the permission seems to be same but + seems to have been added , this means that there is acl setup in that directory

To check acl we do

[root@nfssever test]# getfacl class
# file: class
# owner: root
# group: root
user::rwx
user:sruti:rwx
group::r-x
mask::rwx
other::r-x

here we can see owner is root and has permission rwx

group is root and has permission rx

and others have rx permission,

and also user sruti has rwx permission

 

in the same way you can give group permission also

setfacl -m g:admin:rwx class

 

Leave a Reply