ACL in linux

Go to solution
Manoj Sivan
Regular Advisor

ACL in linux

Hi Experts,

Can any one help me on this.

I want to give previlage to user1 to access user2's home directory using ACL. Both are in different groups. or is there a better way?

Please help.

Thanks in advance

Manoj Sivan
Steven E. Protter
Exalted Contributor

Re: ACL in linux


groupadd theguys
# We create a group for both users.
usermod -G theguys user1
usermod -G theguys user2

chmod g+rwx /home/user1
chmod g+rwx /home/user2

chgrp theguys /home/user1
chgrp thegusy /home/user2

Its much simpler.

Since the users are in the same group they can access each others home directory

There are lots of ways to get this task complete.

Steven E Protter
Owner of ISN Corporation
Ralph Grothe
Honored Contributor

Re: ACL in linux

You can enable ACLs on an Ext[23] filesystem easily if your kernel supports them

Note, most distros' vanilla kernels do support ACLs.
You could simply try modprobe the acl driver,
or refer to your distro's config file

e.g. on my RHEL 4.3 box

# grep ACL /boot/config-2.6.9-5.ELsmp

# lvcreate -n lv_acl_support -L 128m vgrootX
Logical volume "lv_acl_support" created
# mkfs.ext3 -q /dev/vgrootX/lv_acl_support
max_blocks 134217728, rsv_groups = 16384, rsv_gdb = 256
inode.i_blocks = 3074, i_size = 67383296
# tune2fs -o acl /dev/vgrootX/lv_acl_support
tune2fs 1.35 (28-Feb-2004)
# mkdir -p /mnt/acl_fs
# mount -t ext3 -o acl /dev/vgrootX/lv_acl_support /mnt/acl_fs
# grep acl /etc/mtab
/dev/mapper/vgrootX-lv_acl_support /mnt/acl_fs ext3 rw,acl 0 0

You can also tuen2fs -o acl an existing ext filesystem, even if mounted I would assume, and mount -o remount,acl it online.

Then lookup and setup ACLs on files on that mount at your heart's content
(see man of getfacl and setfacl)

Madness, thy name is system administration
Ivan Ferreira
Honored Contributor

Re: ACL in linux

I suggest you to use the Steven E. Protter option or a similar variation, thus, to avoid system complexity that could derivate to less security.

Also, remember that not all backup tools can save ACLs.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Andrew Cowan
Honored Contributor

Re: ACL in linux


I also agree that SEP's solution, while less ellegant, is easier and safer. The problem with ACL's is that you need to educate your user's to understand them.

A simple "ls -l" should append a plus-sign to the permissions string, however you need to use "getfacl" and "setfacl" in order to see all the permissions information.

I know it's old, but see: for more information.
Mike Stroyan
Honored Contributor

Re: ACL in linux

There is one tweak that can make SEPs solution a little more liveable.
If user1 and user2 only have "theguys" as secondary groups then files they create won't belong to group "theguys". That means that they may have access to each other's home directories but be unable to read the files in them.

Adding a set-group-id bit on a directory in an ext2/ext3 filesystem will cause new files to be created in that directory with their group set to the same group as the directory. (And new directories under that directory will be created with the set-group-id bit on so the effect propagates downward.)

chmod g+rwxs /home/user1
chmod g+rwxs /home/user2

Andrea Rossi
Frequent Advisor

Re: ACL in linux

setfacl -Rx g:mygroup:rwx mydir
getfacl -R mydir

remenber to backup acl! most backup utils don't.