How to set permissions for specific users
Learn how to use setfacl to fine-tuned files and folders access permissions for specific users.
setfacl (from acl package) lets you to restrict access permissions for a user or group. These permissions need to be more restrictive than those you set with chmod, therefore it’s a useful way to restrict read, write or execute permissions for specific users or groups.
Example
Let’s assume that we have this folder and file permissions:
$ ls -ld
drwxr-xr-x 2 ricardo ricardo 4096 nov 6 12:11 .
$ ls -l
total 4
-rw-r--r-- 1 ricardo ricardo 5 nov 6 12:11 test.txt
Any user can read test.txt because the folder is readable and executable for everyone and test.txt is readable for everyone. We don’t want a user called “juan” to be able to read the file. We can use setfacl to achieve this:
# run as root or with sudo
setfacl -m u:juan:- test.txt
Command structure
Structure for the setfacl command is:
- Set permissions for a user:
setfacl -m u:<user>:<permissions> <file or folder> - Set permissions for a group:
setfacl -m g:<group>:<permissions> <file or folder> - Remove an entry:
setfacl -x u:<user> <file or folder>
<permissions> are the same you use in chmod: r, w and x. If you put -, this means the user/group doesn’t have any permissions on the file/folder.
setfacl -m u:juan:rw file.txt
setfacl -m g:team:rx folder
getfacl
You can get the permissions for a file or folder with getfacl:
$ getfacl test.txt
# file: test.txt
# owner: ricardo
# group: ricardo
user::rw-
user:juan:---
group::r--
mask::r--
other::r--
If you have any suggestion, feel free to contact me via social media or email.
Latest tutorials and articles:
Featured content:
