ts
nest
+
rocket
+
+
groovy
ฯ€
โˆˆ
+
+=
+
arch
+
composer
pytest
raspbian
nomad
+
dart
+
+
zig
+
pycharm
dynamo
+
$
+
+
xcode
+
^
sails
+
+
โˆซ
+
+
+
+
matplotlib
sse
+
+
โˆซ
+
ansible
+
rubymine
rider
c++
+
meteor
+
+
netlify
+
notepad++
qdrant
+
ansible
scala
hugging
bsd
+
npm
+
wasm
+
%
solid
โІ
+
_
>=
+
argocd
wasm
+
jquery
+
emacs
+
+
aurelia
fiber
+
+
+
Back to Blog
๐Ÿ” Setting File Access Control Lists (ACLs): Simple Guide
Alpine Linux Security Beginner

๐Ÿ” Setting File Access Control Lists (ACLs): Simple Guide

Published Jun 1, 2025

Easy tutorial for beginners to set up file access control lists in Alpine Linux. Perfect for new admins with step-by-step instructions and clear examples.

12 min read
0 views
Table of Contents

๐Ÿ” Setting File Access Control Lists (ACLs): Simple Guide

Want to control who can access your files? Iโ€™ll show you how to set up ACLs! ๐Ÿ›ก๏ธ This tutorial makes file security super easy. Even if permissions seem confusing, you can do this! ๐Ÿ˜Š

๐Ÿค” What are Access Control Lists (ACLs)?

ACLs are like advanced permission settings for your files. Think of them as detailed guest lists for your computer files!

ACLs help you:

  • ๐ŸŽฏ Give specific users exact permissions
  • ๐Ÿ‘ฅ Control group access precisely
  • ๐Ÿ”’ Keep sensitive files secure
  • ๐Ÿ“Š Set detailed file access rules

๐ŸŽฏ What You Need

Before we start, you need:

  • โœ… Alpine Linux system running
  • โœ… Root or sudo permissions
  • โœ… Files or directories to protect
  • โœ… About 30 minutes to complete

๐Ÿ“‹ Step 1: Understanding Current Permissions

Check Basic File Permissions

Letโ€™s see how your files are protected right now. This is like checking your current security setup! ๐Ÿ”

What weโ€™re doing: Examining current file permissions and ownership.

# Check permissions on important files
ls -la /home/
ls -la /etc/passwd
ls -la /var/log/

# Show numeric permissions
stat /etc/passwd

# Check who owns files
ls -ln /home/

# Display permission details
ls -la /tmp/ | head -5

What this does: ๐Ÿ“– Shows you how files are currently protected.

Example output:

โœ… File permissions displayed
โœ… Ownership information shown
โœ… Security status visible

What this means: You can see your current file security! โœ…

๐Ÿ’ก Permission Basics

Tip: Regular permissions have read, write, and execute for owner, group, and others! ๐Ÿ’ก

Note: ACLs let you be much more specific about who gets access! โš ๏ธ

๐Ÿ› ๏ธ Step 2: Installing ACL Support

Install ACL Tools

Alpine needs special tools to work with ACLs. Letโ€™s install them! ๐Ÿ“ฆ

What weโ€™re doing: Installing ACL utilities and enabling filesystem support.

# Install ACL utilities
apk add acl

# Install attribute tools (helpful for ACLs)
apk add attr

# Check if ACL support is working
which getfacl
which setfacl

# Test ACL command
getfacl --version

# Check filesystem support
mount | grep -E "(ext[234]|xfs|btrfs)"

Code explanation:

  • acl: Main package with ACL tools
  • attr: Extended attributes support
  • getfacl: Command to view ACL settings
  • setfacl: Command to change ACL settings

Expected Output:

โœ… ACL tools installed
โœ… Commands available
โœ… Filesystem supports ACLs

What this means: Your system can now use ACLs! ๐ŸŽ‰

๐Ÿ“ Step 3: Preparing Test Files

Create Practice Files

Letโ€™s create some test files to practice with. This is safe and fun! ๐ŸŽฎ

What weโ€™re doing: Creating files and directories to practice ACL settings.

# Create a test directory
mkdir /tmp/acl-test
cd /tmp/acl-test

# Create test files
echo "This is a public file" > public.txt
echo "This is a private file" > private.txt
echo "This is a group file" > group.txt

# Create test directory
mkdir testdir

# Set basic permissions
chmod 644 public.txt
chmod 600 private.txt
chmod 664 group.txt
chmod 755 testdir

# Check what we created
ls -la

What this does: Gives us files to practice ACL settings on! ๐Ÿ“‚

You should see:

โœ… Test files created
โœ… Basic permissions set
โœ… Practice environment ready

Perfect! Now we have files to work with! ๐ŸŒŸ

๐Ÿ”ง Step 4: Setting Basic ACLs

Your First ACL

Letโ€™s set your first ACL! This is where the real magic happens! โœจ

What weโ€™re doing: Adding specific user permissions using ACLs.

# Check current ACLs (probably none yet)
getfacl public.txt

# Give a specific user read access
setfacl -m u:nobody:r public.txt

# Give another user write access
setfacl -m u:guest:rw private.txt

# Check the new ACLs
getfacl public.txt
getfacl private.txt

# Show files with ACLs (notice the + sign)
ls -la

Code explanation:

  • getfacl: Shows current ACL settings
  • setfacl -m: Modifies ACL permissions
  • u:nobody:r: Gives user โ€˜nobodyโ€™ read permission
  • u:guest:rw: Gives user โ€˜guestโ€™ read and write permission

Expected Output:

โœ… ACLs set successfully
โœ… Specific permissions assigned
โœ… Files show + indicator

What this means: You just created your first ACLs! ๐ŸŽ‰

๐Ÿ‘ฅ Step 5: Group ACLs

Setting Group Permissions

Now letโ€™s control group access with ACLs! Groups make management easier! ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ

What weโ€™re doing: Setting group-based ACL permissions for better organization.

# Give a group permission to a file
setfacl -m g:wheel:rw group.txt

# Give multiple permissions at once
setfacl -m u:nobody:r,g:users:rw testdir

# Set default ACLs for directories (affects new files)
setfacl -d -m g:wheel:rw testdir

# Check all ACL settings
getfacl group.txt
getfacl testdir

# Create a file in the directory to test defaults
touch testdir/newfile.txt
getfacl testdir/newfile.txt

What this does: Sets up group permissions and default rules! ๐Ÿ‘ฅ

You should see:

โœ… Group permissions set
โœ… Default ACLs working
โœ… New files inherit settings

Amazing! Groups and defaults are working! ๐ŸŒŸ

๐ŸŽฎ Letโ€™s Try It!

Time to test our ACL setup! This is the exciting part! ๐ŸŽฏ

What weโ€™re doing: Testing ACL permissions with different users and scenarios.

Test ACL Access

# Show detailed ACL information
echo "=== ACL Status Report ==="
for file in public.txt private.txt group.txt testdir; do
    echo "File: $file"
    getfacl $file
    echo "---"
done

# Test file access as different users
echo "=== Access Tests ==="

# Try reading as nobody user
sudo -u nobody cat public.txt 2>/dev/null && echo "โœ… nobody can read public.txt" || echo "โŒ nobody cannot read"

# Check effective permissions
getfacl --omit-header public.txt | grep "effective"

# Show ACL mask
getfacl public.txt | grep mask

Verify ACL Protection

# Create a restricted file
echo "Secret content" > secret.txt
chmod 600 secret.txt

# Add specific ACL access
setfacl -m u:guest:r secret.txt

# Test the access
ls -la secret.txt
getfacl secret.txt

# Show that ACLs override basic permissions
echo "ACL permissions can be more specific than basic permissions!"

You should see:

โœ… ACLs working correctly
โœ… Specific permissions active
โœ… Access control functioning

Incredible work! Your ACLs are protecting files! ๐ŸŒŸ

๐Ÿ“Š ACL Commands Summary Table

TaskCommandResult
๐Ÿ” View ACLsgetfacl filenameโœ… Shows current ACLs
๐Ÿ”ง Set user ACLsetfacl -m u:user:rwx fileโœ… Gives user permission
๐Ÿ‘ฅ Set group ACLsetfacl -m g:group:rw fileโœ… Gives group access
๐Ÿ—‘๏ธ Remove ACLsetfacl -x u:user fileโœ… Removes user permission

๐ŸŽฎ Practice Time!

Letโ€™s practice more advanced ACL techniques:

Example 1: Multiple User Permissions ๐ŸŸข

What weโ€™re doing: Setting ACLs for multiple users with different access levels.

# Create a shared project file
echo "Project data" > project.txt

# Give different users different permissions
setfacl -m u:alice:rw project.txt    # Alice can read and write
setfacl -m u:bob:r project.txt       # Bob can only read  
setfacl -m u:charlie:- project.txt   # Charlie has no access

# Set group permission too
setfacl -m g:developers:rw project.txt

# Check the complex ACL
getfacl project.txt

# Show effective permissions
getfacl --tabular project.txt

What this does: Creates detailed access control for a project file! ๐Ÿ“‹

Example 2: Directory ACL Inheritance ๐ŸŸก

What weโ€™re doing: Setting up directory ACLs that apply to all future files.

# Create a secure directory
mkdir secure_folder
chmod 755 secure_folder

# Set default ACLs (apply to new files)
setfacl -d -m u:manager:rwx secure_folder
setfacl -d -m g:staff:r-x secure_folder
setfacl -d -m o::--- secure_folder

# Set directory ACLs too
setfacl -m u:manager:rwx secure_folder
setfacl -m g:staff:r-x secure_folder

# Test inheritance
touch secure_folder/inherited_file.txt
mkdir secure_folder/inherited_dir

# Check inheritance worked
getfacl secure_folder/inherited_file.txt
getfacl secure_folder/inherited_dir

What this does: Makes new files automatically inherit security settings! ๐Ÿ”„

๐Ÿšจ Fix Common Problems

Problem 1: ACLs not working โŒ

What happened: ACL commands fail or donโ€™t take effect. How to fix it: Check filesystem and package support!

# Check if filesystem supports ACLs
tune2fs -l /dev/sda1 | grep acl

# Remount with ACL support if needed
mount -o remount,acl /

# Check if tools are installed
which setfacl getfacl

# Install missing packages
apk add acl attr

# Test with a simple file
touch test_acl.txt
setfacl -m u:nobody:r test_acl.txt
getfacl test_acl.txt

Problem 2: Permissions not working as expected โŒ

What happened: ACL permissions donโ€™t seem to work right. How to fix it: Check the ACL mask and effective permissions!

# Check the ACL mask
getfacl filename | grep mask

# Recalculate mask if needed
setfacl -R -m m::rwx /path/to/files

# Show effective permissions
getfacl --omit-header filename | grep effective

# Reset ACLs if corrupted
setfacl -b filename  # Removes all ACLs
setfacl -k filename  # Removes default ACLs only

Donโ€™t worry! ACL problems are common and fixable! ๐Ÿ’ช

๐Ÿ’ก Advanced ACL Tips

  1. Use default ACLs ๐Ÿ“… - Set rules for new files in directories
  2. Check the mask ๐ŸŒฑ - The mask limits maximum permissions
  3. Document your ACLs ๐Ÿค - Keep track of who has access
  4. Regular audits ๐Ÿ’ช - Check ACL settings periodically

โœ… Verify ACL System Works

Letโ€™s make sure everything is working properly:

# Complete ACL system check
echo "=== ACL System Status ==="

# Check tools are installed
which setfacl >/dev/null && echo "โœ… setfacl available" || echo "โŒ setfacl missing"
which getfacl >/dev/null && echo "โœ… getfacl available" || echo "โŒ getfacl missing"

# Check filesystem support
mount | grep acl >/dev/null && echo "โœ… Filesystem ACL support" || echo "โš ๏ธ Check filesystem ACL support"

# Test basic ACL functionality
echo "=== ACL Functionality Test ==="
touch /tmp/acl_test_file
setfacl -m u:nobody:r /tmp/acl_test_file 2>/dev/null && echo "โœ… ACL setting works" || echo "โŒ ACL setting failed"
getfacl /tmp/acl_test_file | grep "user:nobody:r" >/dev/null && echo "โœ… ACL reading works" || echo "โŒ ACL reading failed"

# Clean up test
rm -f /tmp/acl_test_file

# Show ACL-enabled files
echo "=== Files with ACLs ==="
find /tmp/acl-test -type f -exec ls -la {} \; | grep "+"

Good ACL setup signs:

โœ… ACL tools installed and working
โœ… Filesystem supports ACLs
โœ… ACL settings take effect
โœ… Permissions work as expected
โœ… Files show + indicator

๐Ÿ† What You Learned

Great job! Now you can:

  • โœ… Install and configure ACL support
  • โœ… Set user-specific file permissions
  • โœ… Configure group ACL permissions
  • โœ… Create default ACLs for directories
  • โœ… View and manage existing ACLs
  • โœ… Troubleshoot ACL problems

๐ŸŽฏ Whatโ€™s Next?

Now you can try:

  • ๐Ÿ“š Setting up complex multi-user file sharing
  • ๐Ÿ› ๏ธ Creating automated ACL management scripts
  • ๐Ÿค Implementing enterprise security policies
  • ๐ŸŒŸ Building secure collaborative workspaces!

Remember: Every security expert started with basic file permissions. Youโ€™re building real system security skills! ๐ŸŽ‰

Keep practicing and youโ€™ll become an access control expert! ๐Ÿ’ซ