The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
POSIX Access Control Lists (ACLs) provide a richer access control
model than traditional UNIX Discretionary Access Control (DAC)
that sets read, write, and execute permissions for the owner,
group, and all other system users. You can configure ACLs that
define access rights for more than just a single user or group,
and specify rights for programs, processes, files, and
directories. If you set a default ACL on a directory, its
descendents inherit the same rights automatically. The kernel
provides ACL support for ext3
,
ext4
, and NFS-exported file systems.
The following are examples of setting and displaying ACLs for directories and files.
Grant read access to a file or directory by a user.
# setfacl -m u:user
:r file
Display the name, owner, group, and ACL for a file or directory.
# getfacl file
Remove write access to a file for all groups and users by modifying the effective rights mask rather than the ACL.
# setfacl -m m::rx file
Remove the entry for a group from the ACL of a file.
# setfacl -x g:group
file
Copy the ACL of file f1
to file
f2
.
# getfacl f1
| setfacl --set-file=- f2
Promote the ACL settings of a directory to default ACL settings that can be inherited.
# getfacl --access dir
| setfacl -d -M- dir
For more information on how to manage ACLs, see the
setfacl(1)
and getfacl(1)
manual pages.