📚 Table of Contents
- Cast:
- Cue the Laugh Track... and Enter ACLs!
- What Are ACLs?
- Step 1: Enable ACLs on a Filesystem (if needed)
- Step 2: Set a File ACL
- Step 3: Check That It Worked
- Step 4: Remove an ACL Entry
- Bonus: Default ACLs for Directories
- ACL Summary Cheat Sheet
- Moral of the Episode
🎬 Cast:
Dan – The old-school sysadmin. Thinks chmod is the answer to everything.
Jess – The energetic junior admin who just finished an online RHEL 9 course and uses emojis in commit messages.
Clippy the Shell Script – A talking bash script that pops up with unsolicited advice.
🧠 Cue the Laugh Track... and Enter ACLs!
ACLs (Access Control Lists) are the RHEL 9 answer to the age-old question:
“How do I give specific users specific permissions without turning the file system into a spaghetti mess?”
🎩 What Are ACLs?
In sitcom terms, ACLs are like backstage passes. Even if the main list (traditional permissions) says “no entry,” you can slip someone in with a special pass.
🔧 Step 1: Enable ACLs on a Filesystem (if needed)
Usually, RHEL 9 has ACLs enabled by default. But if you're working with older mounts or partitions, Bob might have to check.
If you don’t see acl, remount with it:
Clippy: 💬 “Looks like you’re trying to unlock advanced permissions. Would you like help with that?”
📂 Step 2: Set a File ACL
Jess creates a secret file, now give Dan read access:
Translation:
setfacl — Set a fancy ACL.
-m — Modify.
u:Dan:r — Give user Dan read access.
🔍 Step 3: Check That It Worked
You’ll see something like:
Dan: (staring at the screen)
"What’s with this ‘mask’ line? This a masquerade ball now?"
Jess:
"No, Bob. The mask is like the 'maximum allowed' permissions for all users and groups in the ACL. If the mask says no, nobody dances!"
🧹 Step 4: Remove an ACL Entry
Uh-oh. Dan forwarded the file to marketing. Time to revoke his special powers:
📁 Bonus: Default ACLs for Directories
Jess wants every file in /shared/folder to be readable by intern Alfie.
That’s d: for default. Now every new file in that directory comes with Bobbie’s backstage pass included.
🎉 ACL Summary Cheat Sheet
Command Description
setfacl -m u:username:perm file Give user specific access
getfacl file Show ACL entries
setfacl -x u:username file Remove user’s ACL access
setfacl -b file Remove all ACLs
setfacl -m d:u:username:perm dir Set default ACL for directory
Clippy: 💬 “Don’t forget — ACLs only make sense if you remember who has access. Audit wisely!”
Bob:
"Well... I guess even I can admit this ACL thing’s not bad. Just don’t tell SELinux, it’ll get jealous."
[Audience laughter]
[End credits roll. Theme song: “Permission to Laugh” by chmod +x and the Executables]
📚 Moral of the Episode
ACLs in RHEL 9 give you finer control over file permissions. They’re especially useful when basic user/group/other permission models just won’t cut it.
So next time someone from accounting wants read access to one file — don't rage, just setfacl.
