What is ACCESS CONTROL LIST (ACL)?

We assign permission to the specific file for provide security, but still it has some limitation just like if we set 777 permission for a file, it set for all the user, but now if we have a need that just user1 can execute the file then it will be problematic so we cannot assign different permissions for different users so ACL comes in.

Create some Users
[root@techbrown]# useradd user1
[root@techbrown]# useradd user2
[root@techbrown]# useradd user3
[root@techbrown]# passwd user1
[root@techbrown]# passwd user2
[root@techbrown]# passwd user3
After creating users we will see, how to set permission.
[root@techbrown]# touch /file.txt
[root@techbrown]# ll /file.txt
 -rw-r--r--. 1 root root 0 Aug  9 03:37 /file.txt
Now we set permission for file.txt
[root@techbrown]# setfacl -m u:user1:rwx /file.txt

setfacl -> set file access control list
m-> Modify file system
u -> user

[root@techbrown]# ll  /file.txt
 -rw-rwxr--+ 1 root root 0 Aug  9 03:37 /file.txt

+ -> this plus sign indicates that ACL is set.

[root@techbrown]# getfacl /file.txt

getfacl: Removing leading ‘/’ from absolute path names
# file: file.txt
# owner: root
# group: root
user::rw-
user:techbrown:rwx
group::r–
mask::rwx
other::r–
getfacl -> get file access control list

[root@techbrown]# setfacl   -m  u:user1:rwx , u:user2:rw , u:user3:---   /file.txt
[root@techbrown]# setfacl  -m  g:sales:rwx  /file.txt

Here we set for Group having name sales.
To remove ACL

[root@techbrown]# setfacl  -x  u:user1  /file.txt
[root@techbrown]# setfacl  -x  g:sales  /file.txt

To remove entire ACL

[root@techbrown]# setfacl –b  /file.txt

Congratulations now you have configured ACL