Granting Granular File Access with POSIX Access Control Lists
Permissions & Security (Chmod/Chown/ACLs/SELinux/AppArmor)
Granting Granular File Access with POSIX Access Control Lists
🧩 The Challenge
Standard Linux permissions only allow setting rights for a single owner, a single group, and others, making it impossible to grant specific access to multiple users without creating messy custom groups.
💡 The Fix
Use POSIX Access Control Lists to define individual permissions for specific users or groups on a file or directory without altering standard ownership.
setfacl -m u:username:rw /path/to/file
getfacl /path/to/file
⚙️ Why It Works
The setfacl command modifies the extended attribute set of the inode, allowing the kernel to check against a secondary list of access rules before denying or granting requests.
🚀 Pro-Tip: Use the -R flag with setfacl to apply these specific user permissions recursively across an entire directory tree.
Linux Tips & Tricks | © ngelinux.com | 7/7/2026
