HOWTO install Filesystem ACLs (Linux v2.4.20 and up)

Multiple SINGLE users can access a file without requiring them to be in some group.

The traditional Unix access permissions scheme was the read-write-execute bits for user-group-others mask. To make a file available to, say, three single users, you would either have to go a very open way (à la chmod 777) or create a new group with those three users in it. If you had a lot of cross-references, you would soon end up with hundreds of groups. And by default, a user can only be a member in at most 32 supplementary (also called "secondary") groups.

The soultion to this problem are ACLs which, as the already imply, use lists to say who can do what. Just look at this:

$ getfacl project2501
# file: project2501
# owner: root
# group: root

Aside from that you may not know what this means, I can say that the users root, daemon and jengelh can read and write to this file. Group members and others may also read, BTW (with the standard Unix access permission algorithm). You could not realize this three-user-access without a group with the traditional Unix way. So here goes: How do I make ACLs available?


ACLs should be enabled by default on all filesystems so that there is no need to recompile the kernel. (In the past it was deactivated.)

Make sure you have the latest packages of: acl, attr, libacl and libattr, as well as (of course) coreutils.

fstab adjustments

After booting the new kernel, edit /etc/fstab and add the "acl" parameter to the options field:

/dev/hdc1 /home jfs defaults,usrquota,grpquota,acl 0 0

It may happen that filesystems do not accept the acl option, either because they do not support ACLs at all, or because ACLs are always enabled (as is the case with xfs). Save fstab, exit the editor and remount the filesystem to enable ACLs:

# mount /home -o remount

You can now begin on using ACLs. For more information see the setfacl and getfacl manpages.