To remove a user named ‘user’ access from a file/directory with full access to ‘other’.
# setfacl -m u:user:- /path/to/file_or_directory
The same can be done for a group named ‘groupname’; change u to g.
# setfacl -m g:groupname:- /path/to/file_or_directory
Check the permission with getfacl.
# getfacl /path/to/file_or_directory # file: example/ # owner: root # group: root user::rwx user:example:--- <--- user permission is set to none group::rwx group:groupname:--- <--- groupname permission is set to none mask::rwx other::rwx <--- other has full access
The Access Control List ACL is processed in the following sequence.
Permission->ACL->SElinux
If the directory is set to 777, but the ACL for a user/group permission is set to -, then that specific user/group will not have access to the directory.
