How to set permissions for specific users
Learn how to use
setfacl to fine-tuned files and folders access permissions for specific users.
acl package) lets you to restrict access permissions for a user or group. These permissions need to be more restrictive than those you set with
chmod, therefore it’s a useful way to restrict read, write or execute permissions for specific users or groups.
Let’s assume that we have this folder and file permissions:
$ ls -ld drwxr-xr-x 2 ricardo ricardo 4096 nov 6 12:11 . $ ls -l total 4 -rw-r--r-- 1 ricardo ricardo 5 nov 6 12:11 test.txt
Any user can read
test.txt because the folder is readable and executable for everyone and
test.txt is readable for everyone. We don’t want a user called “juan” to be able to read the file. We can use
setfacl to achieve this:
# run as root or with sudo setfacl -m u:juan:- test.txt
Structure for the
setfacl command is:
- Set permissions for a user:
setfacl -m u:<user>:<permissions> <file or folder>
- Set permissions for a group:
setfacl -m g:<group>:<permissions> <file or folder>
- Remove an entry:
setfacl -x u:<user> <file or folder>
<permissions> are the same you use in
x. If you put
-, this means the user/group doesn’t have any permissions on the file/folder.
setfacl -m u:juan:rw file.txt
setfacl -m g:team:rx folder
You can get the permissions for a file or folder with
$ getfacl test.txt # file: test.txt # owner: ricardo # group: ricardo user::rw- user:juan:--- group::r-- mask::r-- other::r--
If you have any suggestion, feel free to contact me via social media or email.