Note: This is an RHCSA 7 exam objective.
When basic file permissions are not enough, you can use ACL.
ACL stands for Access Control Lists.
However, before doing this, you have to check if the partition permits ACLs. To check that ACLs work, type:
# mount /dev/mapper/vg_root-lv_root on / type ext4 (rw)
In this case, you have to edit the /etc/fstab file, add “,acl” after the defaults or rw option and, then, remount the partition:
# mount -o remount /
To allow read/write access to the user bob on the file called f (-m for modify, u for user, rw- for read/write access), type:
# setfacl -m u:bob:rw- f
To request access control list status on the same file f, type:
# getfacl f # file: f # owner: root # group: root user::rw- user:bob:rw- group::r-- mask::rw- other::r--
To remove permissions allowed to the user bob (-x for remove, u for user), type:
# setfacl -x u:bob f
To remove all the ACLs on a file called f (-b for remove-all), type:
# setfacl -b f
To allow read/execute permissions to the group called team on a directory dir and all the files inside (-R for recursive, -m for modify, g for group, r-x for read/execute access), type:
# setfacl -R -m g:team:r-x dir
To get the result, type:
# getfacl dir # file: dir # owner: root # group: root user::rwx group::r-x group:team:r-x mask::r-x other::r-x
You can watch Ralph Nyberg‘s video about Configuring ACLs (18min/2015). Also, the setfacl man page is a good source of information.