Site logo

Dev Kraken

Arch Linux: Setting ACLs for Proper File Permissions

When working on a shared directory in Arch Linux, it's essential to ensure that all users who need access have the correct permissions. Access Control Lists (ACLs) allow you to set fine-grained permissions for different users and groups. In this blog post, we'll walk through setting up ACLs so that new files and directories automatically inherit the correct permissions.

setting-acls-in-arch

Setting ACLs in Arch Linux for Proper File Permissions

When working on a shared directory in Arch Linux, it's essential to ensure that all users who need access have the correct permissions. Access Control Lists (ACLs) allow you to set fine-grained permissions for different users and groups. In this blog post, we'll walk through setting up ACLs so that new files and directories automatically inherit the correct permissions.

Prerequisites

Before we start, make sure you have ACL support installed and enabled on your filesystem.

Install ACL Support

sudo pacman -S acl

Enable ACL Support

Most modern Linux filesystems (like ext4) have ACL support enabled by default. If not, you might need to remount the filesystem with ACL support. You can add acl to the options in /etc/fstab and remount the filesystem.

Set Permissions for Existing Files and Directories

To set the ACLs for an existing directory and ensure all files and subdirectories within it inherit the permissions:

sudo setfacl -R -m u:devkraken:rwx /srv/http/dir-name
sudo setfacl -R -m g:http:rwx /srv/http/dir-name

Set Default ACLs for New Files and Directories

To ensure that new files and directories created within the dir-name directory automatically inherit the correct permissions:

sudo setfacl -d -m u:devkraken:rwx /srv/http/dir-name
sudo setfacl -d -m g:http:rwx /srv/http/dir-name

Verify ACLs

You can verify the ACLs using the getfacl command:

getfacl /srv/http/dir-name

The output should look like this:

# file: srv/http/dir-name
# owner: http
# group: http
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:devkraken:rwx
default:group::rwx
default:other::r-x

Creating a New File to Test Inherited Permissions


To verify that the settings are applied correctly, create a new file in the dir-name directory:

touch /srv/http/dir-name/newfile.txt

Then check the permissions of the new file:

getfacl /srv/http/dir-name/newfile.txt

The output should show:

# file: srv/http/dir-name/newfile.txt
# owner: devkraken
# group: http
user::rwx
user:devkraken:rwx
group::rwx
other::r-x

This indicates that the new file has inherited the correct permissions for the devkraken user and the http group.

Conclusion


By setting the default ACLs, you ensure that any new files or directories created within the dir-name directory will automatically have the specified permissions. This approach helps maintain consistent access control for shared directories in a multi-user environment.