# group: matthew
user::rw-
group::rw-
other::r--The information listed here is standard and clear, based on what you already
know. The real power of ACLs is that you can add to them. You are not
restricted to the standard set of user, group, other. You can add multiple users
and groups with permissions specific to each.
To add the user sandra with read, write, and execute permissions to the
ACL for a file named secrets.txt, use the following:
Click here to view code image
matthew@seymour:~$ setfacl -m u:sandra:rwx secrets.txt
To remove and reset sandra’s permissions on the file to the file’s defaults,
use the following:
Click here to view code image
matthew@seymour:~$ setfacl -r u:sandra: secrets.txt
From these two examples, you can see that -m is for modify and -r is for
remove.
ACLs permit similar actions with groups and others as with a user. Instead of
the u: before the name, use a g: for groups and an o: for others, like this:
Click here to view code image
matthew@seymour:~$ setfacl -m g:groupname:rwx secrets.txt
matthew@seymour:~$ setfacl -m o:r secrets.txt
Notice that with others, there is no username or group name to include in the
commands.
A useful feature is masking, which allows you to list only the permissions that
are available, as in this example:
Click here to view code image
matthew@seymour:~$ setfacl -m m:rx secrets.txt
This limits everyone, regardless of any other settings. So, in this case, a group
may have rwx settings on the file, but the mask here says to only permit rx,
so rx will be the only settings that are available.
As an exercise, see if you can figure out the meaning of this output from
getfacl for a file named coffeecup.conf:
Click here to view code image