ACL (Access Control Lists) allow for more granular permission settings beyond the traditional Unix file permission system. With ACLs, permissions can be set for individual users or groups, and inheritance can be specified for directories.
dnf -y install acl
XFS, the default filesystem on CentOS Stream 9, supports ACLs out of the box.
To set ACLs, use the setfacl command. For example, to grant read access to the user cent on the file /home/test.txt:
setfacl -m u:cent:r /home/test.txt
To apply ACLs recursively to a directory:
setfacl -R -m u:cent:r /home/testdir
To set ACLs for a group:
setfacl -m g:security:rw /home/testfile.txt
To remove ACLs:
setfacl -b /home/test.txt
setfacl -x u:cent /home/testfile.txt
To set default ACLs on a directory:
setfacl -d -m u:cent:r-x /home/testdir
To remove default ACLs:
setfacl -k /home/testdir
To apply ACLs from a configuration file:
setfacl --restore=acl.txt
total 8
drwx------. 2 cent cent 83 Jan 13 10:52 cent
drwxr-xr-x. 3 root root 57 Jan 13 09:52 nfsshare
drwx------. 2 redhat redhat 83 Jan 13 10:52 redhat
drwxr-x---+ 2 root root 42 Jan 13 11:01 testdir
-rw-rw----+ 1 root root 21 Jan 13 10:59 testfile.txt
-rwxr-----+ 1 root root 10 Jan 13 10:50 test.txt