Table of Contents
Introduction to chacl command
In Linux, files and directories have permissions for the owner of the file, the group associated with the file, and other users of the system. But these permissions have limitations as different permissions cannot be configured for different users. For example, you might need to provide read/write access to user A and read-only permission to user B and user C. Therefore, Access Control Lists (ACLs) were implemented. ACL provides a more flexible permission mechanism for the file system.
You can use setfacl command to set access control lists (ACLs) of files and directories and getfacl command to get file access control lists.
For more information : 15+ setfacl & getfacl command examples in Linux [Cheat Sheet]
In this article, you will learn to use chacl command in Linux. chacl command is used to change the access control list (ACL) of a file or directory.
Syntax to use chacl command
The syntax for chacl command is as follows:
$ chacl [option] acl pathname
Some important options in chacl command are:
- -b: Indicates that there are two ACLs to change, the file access ACL and the directory default ACL
- -d: Set only the default ACL of a directory
- -R: Remove the file access ACL only
- -D: Remove directory default ACL only
- -B: Remove all ACLs
- -l: Lists the access ACL and the default ACL of the specified files or directories
- -r: Set the access ACL recursively
Understanding ACL Entry
Each ACL entry includes comma-separated clauses in the form of tag:name:perm
.
tag can be:
user
oru
: indicates that the entry is a user ACL entry.group
org
: indicates that the entry is a group ACL entry.other
oro
: indicates that the entry is other ACL entry.mask
orm
: indicates that the entry is a mask ACL entry. It indicates the maximum permissions allowed for users (other than the owner) and for groups. For example, the mask entrym:r--
indicates that users and groups can have only read permission, even if they are given write/execute permissions.
name is a string which is the user or group name for the ACL entry. A null name in a user or group ACL entry indicates the file's owner or file's group.
perm is the string rwx
where each of the entries can be replaced by a -
indicating no access of that type. For example, you have to use r-x
for read and execute, --x
for execute-only, rw-
for read and write, etc.
The following is an example of a minimum ACL entry where the file's owner will have rwx
(read, write, execute), file's group will have r-x
(read and execute), and others have read-only access to the file.
u::rwx,g::r-x,o::r--
An ACL entry which is not a minimum specifies a user or group other than the file's owner or owner's group. Such entries must contain a mask entry.
u::rwx,g::r-x,o::r--,u:bob:r--,m::r-x
Different examples to use chacl command
1. Change the ACL of a file
You can view the current ACL of a file using the getfacl
command.
The first three lines indicate the file name, owner, and owning group. The file user has rwx
permission, the group has r-x
permisision, and others have r--
permission.
Now, let's change the ACL of a file Employment_Rate.csv
. The following command changes the ACL of a Employment_Rate.csv
, such that the file user will have rw-
access. the group will have r--
access, and others will have ---
access.
$ chacl u::rw-,g::r--,o::--- Employment_Rate.csv
Sample Output:
In the following example, the file user will have rwx
access but the user deepak
will have r--
access only. The filegroup will have r-x
access but the group computer
will have r--
access only.
$ chacl u::rwx,g::r-x,o::r--,u:deepak:r--,g:computer:r--,m::r-x Employment_Rate.csv
Sample Output:
2. Remove the ACL of a file
The -R
option can be used to remove the ACL of a file only.
$ chack -R file
Sample Output:
3. Change the ACL of a directory
You can change the ACL of a directory by specifying the directory instead of a file.
$ chacl u::rw-,g::r--,o::--- directory
Sample Output:
4. Set the default ACL of a directory
You can set the default ACL of a directory using the -d
option.
$ chacl -d u::rwx,g::rw-,o::r-- Documents
Sample Output:
5. Remove the default ACL of a directory
You can remove the default ACL of a directory using the -D
option.
$ chacl -D Documents
Sample Output:
6. List the ACL of a file or directory
You can list the access ACL of a file or directory using the -l
option. It also displays the default ACL of the specified files or directories.
$ chacl -l file
Sample Output:
6. Remove all ACLs of a file or directory
The -B
option removes all ACLs of a file or directory.
$ chacl -B file
7. Set the access ACL recursively
The -r
option changes the access ACL of a directory recursively. It means that the content of the directory will also have the same ACL.
$ chacl -r u::rwx,g::rw-,o::r-- directory
Sample Output:
As you can see, the ACL of a file and sub-directory inside the directory is also changed.
8. Change two ACLs
The -b
option indicates that there are two ACLs to change. The first is the file access ACL and the second is the directory default ACL.
$ chacl -b acl dacl directory
Sample Output:
Conclusion
We hope this tutorial helps you to understand how to change ACLs of a file or directory using the chacl command on Linux. If you have any confusion on the chacl command, please let us know in the comment section below.
What’s Next
15+ setfacl & getfacl command examples in Linux [Cheat Sheet]
Know impacts of chmod 777 command [Be Cautious]
Further Reading