ACL
ACL stands for active control list. This is the part of the file that allows you to choose who specificly can assess the file not just the user or group who created it. this is incredibly useful for keeping that guy in the office out of your files.
GETFACL
the getfacl command is the command used to show you what acls are already used in the files it should look like this:
a # file: my_stuff
b #owner: jjohnson
c #group: root
d user: :rwx
e user:steve:---
f group: :r-x
g mask: :r-x
h other: :r-x
as you can see line a shows the file name line b and c show the owner and the group and the last lines show what the specified groups or users can and cannot do for instance Steve cannot do anything to this file so he can't look through my stuff.
SETFACL
now how do you add acls to a file? you use setfacl
say for instance your new intern john is looking into your important_stuff folder
what you do is use:
setfacl
with the modify option command
setfacl -m
then you add the acl
setfacl -m u:john:0
lastly you add the file name
setfacl -m u:john:0 important_stuff
hit enter and you have successfully kept intern john out of the important stuff folder.
