Table of Contents

  1. Introduction
  2. Why Traditional Permissions Fall Short
  3. What Are ACLs and When to Use Them
  4. Basic ACL Commands: getfacl and setfacl
  5. Real-World Examples
  6. Removing and Managing ACLs
  7. Best Practices
  8. Summary

1. Introduction

In Linux, we usually use chmod and chown to manage file permissions. That works well when you just need to give access to one user and one group. But what if you need to give access to multiple users or different groups on the same file?

That's where ACLs (Access Control Lists) come in. They allow you to control file access in a much more detailed way.

2. Why Traditional Permissions Fall Short

Standard permissions only allow:

  • One owner (user)
  • One group

Let’s say you want to:

  • Give read-only access to one user
  • Allow full access to another user
  • And block a group from accessing the file

You can’t do this with just chmod.

ACLs solve this problem easily.

3. What Are ACLs and When to Use Them

ACL stands for Access Control List. It gives you the ability to assign file permissions to multiple users or groups not just the owner and one group.

When should you use ACLs?

  • When files need to be shared between many users
  • When group permissions are not enough
  • In team or project folders with different roles

4. Basic ACL Commands: getfacl and setfacl

Here are the two main commands:

Check current ACLs 

getfacl filename

Give read permission to a user 

setfacl -m u:john:r-- filename

Give write access to a group 

setfacl -m g:developers:rw- filename

Set default ACLs on a directory (for new files) 

setfacl -d -m u:john:r-- /project-folder

This means every new file in /project-folder will automatically give john read access.

5. Real-World Examples

Example 1: Give read access to alice on a log file 

setfacl -m u:alice:r-- /var/log/custom.log

Example 2: Block write access for group interns 

setfacl -m g:interns:r-- /project/data.txt

Example 3: Make sure all new files in a folder are readable by user sam 

setfacl -d -m u:sam:r-- /reports

6. Removing and Managing ACLs

Remove specific ACL entry 

setfacl -x u:john filename

Remove all ACLs and go back to normal permissions 

setfacl -b filename

This is useful if you want to reset everything.

7. Best Practices

  • Use ACLs only when standard permissions are not enough
  • Keep it simple, don’t overuse ACLs
  • Document special permissions so your team knows who has access
  • Use getfacl regularly to check what’s set

8. Summary

ACLs help you give very specific permissions to different users or groups. They're great when you need more control than chmod or chown can offer.

If you’re working in teams or managing shared files, knowing ACLs is a very useful skill.

Try them out and remember, Linux gives you the tools. It’s up to you to use them wisely.