acls

Links

Linux uses Extended Attributes for ACLs.
getfacl
setfacl
Introduction and examples (help.ubuntu.com)
- acl(5) -- Access Control Lists
Examples: wiki.kaspersandberg.com
Access Control Lists (linuxgazette #152)
Reference: POSIX Access Control Lists on Linux

Snippets

# Ensure you have getfacl/setfacl available
sudo aptitude install -y acl

# Copy ACL entries from file1 to file2
# -b/--remove-all: First, remove any existing extended attributes
#                  Preferred to -k/--remove-default which removes
#                  the default ACL if it exists.
# -n/--no-mask: Do not recalculate the mask.  Just keep whatever was specified.
# -M: Like -m, but read from a file which matches the format of getfacl output.
setfacl -b -n -M <(getfacl file1) file2

# List extended attributes
getfacl .zshrc

# Clear out extended attributes
setfacl -b .zshrc  # Prefer this to -k which removes everything

# Set a default ACL on a directory so that files created
# inside it inherit those ACLs
setfacl -m default:user:www-data:rx dir1
setfacl -m d:u:www-data:rx dir1  # short form

# Recursively grant permissions to a user
setfacl -R -m u:chirayu:rwX,d:u:chirayu:rwX /opt/local/encap


# Misc
getfacl .zshrc
## # file: .zshrc
## # owner: chirayu
## # group: chirayu
## user::rw-
## group::r--
## other::---

setfacl -m u:www-data:r .zshrc

ls -l .zshrc  # Listing with have a '+' at the end of permissions to indicate the presence of extended attributes
## -rw-r-----+ 1 chirayu chirayu 9835 Jan 18 00:09 .zshrc

getfacl .zshrc
## # file: .zshrc
## # owner: chirayu
## # group: chirayu
## user::rw-
## user:www-data:r--
## group::r--
## mask::r--
## other::---