How to Set Access Control Lists (ACL’s) and Disk Quotas for Users and Groups

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

14 Responses

  1. CHIADI says:

    Hi Gabriel,

    Thanks greatly for your this article. You’re one of the best.

    I tried to implement this in VirtualBox but with partial success – the usrquota worked perfectly but the grpquota does not, I have tried severally without success and searched online for any successful implementation of grpquota but found none.

    I would appreciate it if you go through some excerpts from my work pasted below. Could you tell why this user (udo) who is a member of testgrp group could exceed quota? I think the files created by udo (user) in that directory (/adihome/aditec) should belong to tesgrp (recursively made the directory).

    Thanks in advance.
    CHIADI

    *** Report for group quotas on device /dev/sdf1
    Block grace time: 7days; Inode grace time: 7days
                            Block limits                File limits
    Group           used    soft    hard  grace    used  soft  hard  grace
    ----------------------------------------------------------------------
    testgrp   --      20   10240   30720              2     0     0
    udo       --   11264       0       0              2     0     0
    
    
    #See line from /etc/fstab
    UUID=5f76b6a0-3c16-4cff-9620-2666456d9723       /adihome/aditec ext4    defaults,grpquota       0 0
    
    # Or see
    [[email protected] ~]$ sudo mount | grep adit
    /dev/sdf1 on /adihome/aditec type ext4 (rw,relatime,seclabel,grpquota,data=ordered)
    
    
    # see groups for user, udo
    [[email protected] ~]$ groups udo
    udo : udo testgrp mygrp
    
    #See file permissions
    [[email protected] ~]$ getfacl /adihome/aditec/
    getfacl: Removing leading '/' from absolute path names
    # file: adihome/aditec/
    # owner: root
    # group: testgrp
    user::rwx
    group::r-x
    group:testgrp:rwx
    mask::rwx
    other::r-x
    
  2. AJ says:

    This was very helpful ..thanks

  3. @Nuno,
    You raised an important point. As a general rule, you can access the contents of a directory if and only if you have execute permission on it. So yes, you were right. In the box I used to write this article, user gacanepa had been left as member of the developers group because even though I removed it, I did not log out and log back in to apply changes. My bad. Great catch!
    @Ravi,
    I’ll send you the needed correction via email.

  4. Jalal Hajigholamali says:

    Hi,

    Thanks a lot for nice and useful article

  5. Alex says:

    Great work

    • @Alex,
      Thanks for taking a minute to show your appreciation for your work. Feel free to share :).

      • gagan bajaj says:

        Gabriel I think there must be gap when we try setfacl ganacepa it is not working permission denied..pls explain

        • @gagan,
          Did you enable ACLs? Did you follow the steps outlined in this article? Please provide the exact command (complete) where you are experiencing your error and the exact message.

          • Nuno says:

            @Gabriel,

            Not working for me either :/ double checked all commands, and nothing.. I have ACL’s enabled for this file system.

            Best,
            Nuno

          • @gagan and @Nuno,
            It is working just fine for me. Please refer to this image for details: http://tinypic.com/view.php?pic=11w4whl&s=9

          • Nuno says:

            @Gabriel,

            Not working here. Could you please check if your user gacanepa is not a member of developers group? With my current settings I cant even auto complete the filename with tab, which means that I don’t have permissions even for reading the file.

          • Nuno says:

            @Gabriel,

            I think I found the problem. For this to work, I have to give execution rights to others on the parent directory test for the user to be able to read directory content independently of the ACL rule. Otherwise it doesn’t work.

            sudo chmod -R 775 /mnt/test OR sudo chmod -R 771 /mnt/test

  6. Adit Thaufan says:

    nice tips, thanks :)

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.