Users with Unix experience will be familiar with the use of chmod to control the level of access for myself, those in my Unix group (typically others in my department), and all other users of the system. This is a simple but limited form of access control, and at NYU is now deprecated (for access control -
chmod is still used to set execute permissions) in favor of Access Control Lists.An access control list (or ACL) gives per-file, per-directory and per-user control over who can read, write and execute files. You can see the ACL for a file or directory with the
To modify permissions for files or directories, use
setfacl. For a detailed description, see '
man setfacl'. In the example below, I give read permission on
dummy.txt to user
For setting execute permission on files - useful for scripts, and for allowing directories to be entered -
chmod is still used.
getfacl you will notice, in most cases, that the ACL is just like the chmod-based permissions: in the example below I have read and write permission and nobody else has any permissions at all.
setfacl as above to give permissions to a specific user, you see an extra line in the
You can see it with '
ls -l' too: the '
+' in the last column of the permissions field indicates that this file has detailed access permissions via ACLs:
As well as setting permissions on the specific file you want to share, you must also set permissions "r" and "x" on the directory it is in and it's parent directories, all the way back to your $SCRATCH (or $HOME, etc) directory.
-m switch means "modify". Its opposite is
-x for "remove all permissions":