Using Linux ACL for granular permission management

How to use Linux ACL to implement fine-grained permission control

In the Linux system, ACL (Access Control List) is a method used to implement fine-grained permissions control mechanism. Compared with traditional permission control methods (based on user groups and permission bits), ACL can control access permissions to files or directories in more detail, allowing administrators to set specific permissions for specific users or groups. This article will introduce how to use ACL to implement fine-grained permission control in Linux systems, and provide specific code examples.

1. Check ACL support

Before starting to use ACL, we first need to confirm whether the system supports ACL. You can check it with the following command:

$ mount | grep acl

If the output contains the word "acl", it means that the system already supports ACL. If you don't see the output, you need to enable the ACL feature in the file system.

2. Enable ACL function

To enable ACL function in the file system, you can use the following steps. Take the ext4 file system as an example:

(1) Permanently enable ACL by adjusting the /etc/fstab file

In the /etc/fstab file, find the corresponding partition line and add "acl "Options:

/dev/sda1 /mnt/data ext4 defaults,acl 0 0

(2) Remount the file system

$ mount -o remount /mnt/data

3. Set ACL permissions

(1) Basic concepts

ACL permission control Including three main types of permissions:

• Owner permissions (user)
• Group permissions (group)
• Other user permissions (other)

(2) ACL commands

Common commands to set ACL permissions include:

• setfacl: Set ACL permissions
• getfacl: Get ACL permissions

(3) Example

The following is a simple example, assuming we want to set ACL permissions on the file file.txt in the /mnt/data directory:

$ touch /mnt/data/file.txt
$ setfacl -m u:testuser:rw- /mnt/data/file.txt
$ getfacl /mnt/data/file.txt

In this example, we have given read and write permissions to the testuser user.

4. ACL permission mask

The ACL permission mask (mask) is used to limit the maximum value of ACL permissions to prevent setting too high permissions on ACL permissions. When a user sets higher permissions on a file, the permission mask will ensure that the ACL permissions are not exceeded.

(1) Set ACL permission mask

$ setfacl -m m::rw- /mnt/data/file.txt

(2) View ACL permission mask

$ getfacl /mnt/data/file.txt

5. Inherit ACL permission

in Linux system , subdirectories and files can inherit the ACL permissions of the upper directory.

(1) Set the default ACL permissions

$ setfacl -d -m u::rwx,g::r-x,o::r-x /mnt/data

(2) View the default ACL permissions

$ getfacl /mnt/data

Conclusion

Achieve fine permission control by using Linux ACL , administrators can have more detailed control over user access at the file or directory level. In actual production environments, proper use of ACLs can effectively improve system security and management efficiency. I hope this article has provided some help for you to understand ACL permission control. Welcome to continue to study and apply it in depth.

Reference materials

• Linux manpage: acl
• Red Hat Documentation: Using Access Control Lists

The above is about how to use Linux The article content of ACL implements fine-grained permission control, I hope it will be helpful to you.

The above is the detailed content of Using Linux ACL for granular permission management. For more information, please follow other related articles on the PHP Chinese website!