Problem Statement
What are Access Control Lists (ACLs) in Linux?
Explanation
ACLs (Access Control Lists) extend the traditional Linux permission model by allowing specific permissions for individual users or groups beyond the single owner, group, and others. This enables fine-grained control when the basic permission model is insufficient, like granting read access to multiple specific users without creating groups.
Set ACL with setfacl: setfacl -m u:john:rw file.txt grants user john read+write access, setfacl -m g:developers:r file.txt grants developers group read access. View ACLs with getfacl file.txt. Remove with setfacl -x u:john file.txt. The -R flag applies ACLs recursively to directories.
ACL mask defines maximum permissions that can be granted to named users and groups. Default ACLs on directories set permissions for newly created files. Example: setfacl -d -m u:john:rw directory sets default ACL so files created in directory automatically give john read+write access.
Files with ACLs show '+' in ls -l output: -rw-rw-r--+ indicates ACLs are set. Not all filesystems support ACLs - ext4, XFS, and Btrfs do, but filesystem must be mounted with ACL support. Understanding ACLs is important for complex access control scenarios in enterprise environments where basic permissions are insufficient.
