Call me a dinosaur, but I really liked the ability of the Andrew File System to give fine tuned control of access to directories. It allowed you to grant other users administrator rights, as well as rights to only insert files, or only delete files, etc. However, I digress.
The purpose of this post is provide a concise ‘cheat sheet’ on the commands needed to use Linux Access Control Lists (ACLs) with the
Show permissions for a file/directory
getfacl Afile Adirectory
Grant a user read, write and execute permissions to a file/directory
setfacl -m UserID:rwx Adirectory Afile
Grant a user only read and execute (traverse) permissions to a file (directory)
setfacl -m UserID:rx Adirectory Afile
Grant a user read, write and execute permissions, recursively, to a directory
setfacl -R -m UserID:rwx Adirectory
Set the default permissions for a directory, so that any new files or directories created in that directory inherit those permissions.
setfacl -m d:UserID:rwx Adirectory
Set both the permissions and default permissions at the same time.
setfacl -m UserID:rwx,d:UserID:rwx Adirectory
Remove the permissions for user
setfacl -x UserID Adirectory
Need to remove default permissions separately, or can combine it
setfacl -x d:UserID Adirectory
setfacl -x UserID,d:UserID Adirectory
In a draconian fashion, over-rule all other permission settings on this file/directory, and ensure no one has write permissions (set ‘mask’)
setfacl -m m::w Adirectory Afile