In this article you will learn how to install and use ACL to further enchance your file permissions on a Linux system.

Installation

Let’s install ACL on a Ubuntu system. Since this is a command line tool, we’ll do the installation from the command line. And since ACL will be found in the standard repository, you won’t have to monkey with your /etc/apt/sources.list file. From the command line enter the following:

sudo apt-get install acl

Type your user password, hit the Enter key and the install, and the installation will begin and end fairly quickly. You are now ready to start with ACL.

Using ACL

Before you use the commands for ACL you actually have to mount your partition such that ACL is available. By default this is not the case. In order to set this you have to edit your /etc/fstab file. Open that file up and look for the line that mounts your data partition. In my case, this line is:

UUID=c7812a34-3ec1-4451-aace-02d122b6c454 /   ext4  errors=remount-ro 0 1

You need to edit this line to look something like:

UUID=c7812a34-3ec1-4451-aace-02d122b6c454 /   ext4 errors=remount-ro,acl 0 1

After you make this edit, save the file and then either issue the command:

sudo mount -o remount,acl /

or reboot your machine.

There are two commands you will use for ACL:

• setfacl – Set file access control list.
• getfacl – Get file access control list.

You can probably guess that the first command sets the the ACL and the second lists the ACL for the file.

Using ACL

So let’s say you have the file test and you want only two users on your system to be able to read that file, jlwallen and wookie. You want to exclude all users in the group jlwallen as well.  What you want to do is use the setfacl command like so (as the user jlwallen):

setfacl -m u:wookie:rw- test

Now when you run the command:

getfacl test

you will see something like:

# file: test

# owner: jlwallen

# group: jlwallen

user::rw-

user:wookie:rw-

group::r–

mask::rw-

other::r–

As you can see both users jlwallen and wookie can read and write to the file test, whereas all others can only read the file.

You can verify that a file has had ACL modifications done to it by using the ls command like so:

ls -l test

which should produce results like:

-rw-rw-r–+ jlwallen jlwallen

What gives this away is the “+” character.

Final thoughts

Although this is just a cursory glance as using ACL, it will get you started with gaining even further control of the security of your Linux files. We’ll revisit ACL later and take the security of Linux files even further.

A list of commands is accessible by entering ls into the form field. I think an example will illustrate the strength of yubnub; wp ghacks searches wikipedia for the term ghacks, gim ghacks searches google images for ghacks. y or g searches yahoo or google for a selected search term. That is not all of course. AM title searches amazon for the title that you enter, random 1000 returns a random number between 1 and 1000.

A good selection of commands that should be useful for most users are Jeremy’s Picks which displays a list of about 100 commands. It is possible to create your own commands. You do select a command string that is not used yet and select a url that uses variables to perform searches or operations. One example would be http://images.google.com/images?q=%s which is simply the search string for google images.

The search string that is entered is substituted with %s in this example. It is possible to create more advanced searches  with more than one parameters.