ACL in RHEL7/Cent OS 7

In this post we are going to securing files and directories using ACL in RHEL7/Cent OS 7.

In this post we are going to see how to secure files and directories using ACL.

As first step need to check kernel compatibility for ACL using below command.

[[email protected] ~]# grep -i acl /boot/config*

Above output will says that this kernel is compatible with ACL access since we could see all are marked as yes POSIX_ACL=y. 

If it is set as N. Than we need to rebuild the kernel.

Next need to install the packages.

Required packages for ACL:




Now install all the above three packages using yum:

Link to see how to configure yum locally click here

[[email protected] ~]# yum -y install nfs4-acl* acl libacl

Will assign read, write and execute permission to files and directories using ACL and will mention characters ugo/rwx  in commands for permissions respectively.

Now will see a example which will help us to understand clearly.

Create three users and one group respectively like below.

[[email protected] ~]# useradd lbcuser1
[[email protected] ~]# useradd lbcuser2
[[email protected] ~]# useradd lbcuser3
[[email protected] ~]# groupadd lbcgroup
[[email protected] ~]# passwd lbcuser1
Changing password for user lbcuser1.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.

Above screen password has been generated for only lbcuser1.Same like that need to set password for other 2 users.

Now add the lbcgroup group as secondry group for lbcuser1 and lbcuser2 users.

[[email protected] ~]# usermod -aG lbcgroup lbcuser1
[[email protected] ~]# usermod -aG lbcgroup lbcuser2

Create a directory and a file inside of that directory to assign and check permissions using acl.

[[email protected] ~]# mkdir /tmp/data
[[email protected] ~]# touch /tmp/data/testfile.txt

Now change the group as lbcgroup to the file like below.

[[email protected] ~]# chown :lbcgroup /tmp/data/testfile.txt
[[email protected] ~]# ll /tmp/data/testfile.txt
-rw-r--r--. 1 root lbcgroup 0 Dec 15 21:14 /tmp/data/testfile.txt

set the permission 770 using chmod command to the testfile.txt.

Now we can login as lbcuser1 and lbcuser2 and than will try to insert content in testfile.txt.

Sure both users can able to insert content in the file. Because, both users and files group is same(lbcgroup).

[[email protected] ~]# su lbcuser1
[[email protected] root]$ echo "My name is lbcuser1..." > /tmp/data/testfile.txt
[[email protected] root]$ exit
[[email protected] ~]# su lbcuser2
[[email protected] root]$ echo "My name is lbcuser2..." > /tmp/data/testfile.txt
[[email protected] root]$ exit
[[email protected] ~]#

and now will try to insert content as lbcuser3. It will give error. Since, its not the owner and member of lbcgroup for that file.

[[email protected] ~]# su lbcuser3
[[email protected] root]$ echo "My name is lbcuser3..." > /tmp/data/testfile.txt
bash: /tmp/data/testfile.txt: Permission denied

So, now will provide read and write permission using ACL without adding the lbcuser3 in lbcgroup and will check it again to insert content into the file.

[[email protected] ~]# setfacl -R -m u:lbcuser3:rw /tmp/data/testfile.txt
[[email protected] ~]# su lbcuser3
[[email protected] root]$ echo "My name is lbcuser3..." > /tmp/data/testfile.txt
[[email protected] root]$ cat /tmp/data/testfile.txt
My name is lbcuser3...

Since we user single > symbol to redirect the echo command out into the file, its showing our last content which is “My name is lbcuser3…”

To set permission for group will use in above command where we used and groupname where we given username like below.

[[email protected] ~]# setfacl -R -m g:lbcgroup:rw /tmp/data/testfile.txt

To check the existing ACL permission of a file use getfacl command.

[[email protected] ~]# getfacl /tmp/data/testfile.txt
getfacl: Removing leading '/' from absolute path names
# file: tmp/data/testfile.txt
# owner: root
# group: lbcgroup

Same like file will set permission to directory as well.

Command to set permission for directory:

below command will help us to set read permission alone for other users which is not owner/group of the directory.

[[email protected] ~]# setfacl -m d:o:r /tmp/data
[[email protected] ~]# getfacl /tmp/data
getfacl: Removing leading '/' from absolute path names
# file: tmp/data
# owner: root
# group: root


6 thoughts on “ACL in RHEL7/Cent OS 7”

  1. I have learned some new issues from your website about desktops. Another thing I’ve always believed is that computer systems have become something that each home must have for several reasons. They provide convenient ways in which to organize households, pay bills, go shopping, study, listen to music and perhaps watch tv series. An innovative solution to complete every one of these tasks has been a laptop. These personal computers are mobile ones, small, powerful and lightweight.

  2. Pingback: essayforme
  3. Pingback: essayforme
  4. Excellent post. I was checking continuously this blog and I am impressed!
    Extremely helpful info specially the last part :
    ) I care for such info much. I was looking for this particular info for a long time.
    Thank you and good luck.

  5. travel gadgets

    Which country is kentucky located \ Video
    Which country is kentucky located Which country is kentucky located Which country is kentucky located WAVERLY HILLS SANATORIUM Louisville, Kentucky HAUNTING OF AMERICA by Troy Taylor — Includes the First Definitive Account of Waverly Hills! HAUNTED LOUISVILLE History & Hauntings of the Derby City by Robert W. Parker HAUNTED LOUISVILLE 2: BEYOND DOWNTOWN by Robert W. Parker MYSTERIOUS KENTUCKY The History, Mystery & Unexplained of the Bluegrass State by B.M. Nunnelly THE GHOST HUNTER’S GUIDEBOOK The Essential Guide to Paranormal Research by Troy Taylor During the 1800s and early 1900s, America was ravaged by a deadly disease known by many …
    The post Which country is kentucky located \ Video appeared first on Real Estate.

    Italy Business

  6. painting kitchen cabinets

    Assicurazione auto aziendale and Video
    #Auto #Aziendali: #chi #paga #in #caso #di #Sinistro, #Codice #Azienda Assicurazione auto aziendale Auto Aziendali: chi paga in caso di Sinistro Le modifiche al Codice della Strada prevedono che chiunque disponga di auto aziendali per piu 30 giorni debba registrarsi alla Motorizzazione, vediamo perche. Sappiamo tutti che la polizza Rca e necessaria in caso di sinistro stradale, ma cosa avviene quando ad essere incidentate sono le auto aziendali? I danni alle auto aziendali non sono affatto rari secondo quanto riportato nell’ultimo sondaggio Zurich Connect sulle Pmi italiane ed e per questo che le aziende devono premunirsi al fine di limitare …
    The post Assicurazione auto aziendale and Video appeared first on Pharma.
    ремонт квартир под ключ квадратный метр
    firstpremiercard login
    first premier login
    webreg ucsd
    firestone credit card login
    src jail view
    firstpremiercard login
    lasd inmate locator
    lasd inmate search
    first premier login
    www walmartcareers com
    firestone credit card login
    lasd inmate
    walmart job application
    ucsd tritonlink
    home depot careers
    homedepot com
    walgreens topixРё-alle-detrazioni-per-i-figli-a-carico-tutte-le-misure-per-le-famiglie-il-sole-24-ore-detrazioni-figli-a-carico/

Leave a Reply

Your email address will not be published. Required fields are marked *