ACL is introduced in the ext3 file system. It is not available in ext2. ACL overcomes a major restriction in the permission and ownership access control mechanism: it allows multiple user owners and multiple group owners.
While ACL support is compiled in most modern Linux kernels, it may not be enabled. In other words, even if a Linux system is using ext3, you may not be able to utilize ACLs.
To enable ACL, the file system must be mounted with the acl option. You can examine /etc/fstab to see if your file systems have acl enabled. For example, you may find a line that original reads as the following:
This means that the special block device /dev/mapper/vg0-home is mounted as the directory /home. More importantly, it is an ext3 file system, and mounted with the default settings. Change the defaults to acl to enable ACL.
After you make changes to /etc/fstab, there will be no change to the file system until you either remount or reboot. To remount a file system with ACL, you can execute the following command:
With ACL enabled, you can now explore what you can do with it. Let us start with commmands that we already know.
If a file is queried using ls, it returns the default user owner and group owner. However, using the commend getfacl, it returns the default ownerships as well as any added ownerships.
Use setfacl to manage ownership. For example, this command adds a new group ownership to a file:
Note that the commands cp and mv automatically extends to copy and move the ACLs of a file.
Refer to the man page of getfacl and setfacl for more options of using those commands.