Linux RHCSA Part 22 - File System - Security - ACL, GnuPG

MarGib July 18, 2026
🌐 🇵🇱 Polski · 🇬🇧 EN
Like most operating systems, Linux has a standard file permission configuration. It also has something more. Something that allows for greater control over file access - ACL - access control lists. This topic serves as an introduction to securing file systems, directories, and more.

ACL CONFIGURATION

Step 1 - Installing the ACL package

# yum install -y acl

Step 2 - Verifying the package installation

# rpm -qa | grep acl
libacl-2.2.49-4.el6.x86_64
acl-2.2.49-4.el6.x86_64

In this chapter, we will cover enabling and configuring access control lists (ACLs), which will extend our file and directory access configuration capabilities, allowing for even greater control over system activity.

Step 3 - Before we can use ACLs, we need to check if the ACL file system has been mounted, depending on our requirements.

# mount | grep acl

Since the output returned nothing, it indicates that none of the file systems are using ACLs. This needs to be corrected. We assume that we need to extend file permission management capabilities on the /dev/hdc1 file system (/opt/backup). Let's mount this file system with the ACL option, which we do by unmounting it and mounting it again.

Step 4 - Execute the mount command with ACL

# mount –t ext4 -o acl,remount /dev/hdc1 /opt/backup/

Step 5 - If the file system was not previously mounted, we can use

# mount –t ext4 -o acl /dev/hdc1 /opt/backup

Step 6 - Verification

# mount | grep acl
/dev/hdc1 on /opt/backup type ext4 (rw,acl)

Now you can see that the ACL option is available.

Step 7 - If we want the ACL option to be available permanently, after every system reboot, we must modify the /etc/fstab file accordingly

/dev/hdc1 /opt/backup ext4 defaults,acl 1 2

Step 8 - Save and close the file

Step 9 - Commit and apply the changes

# mount -o remount /opt/backup/

Step 10 - Verify that the ACL option is enabled

# mount | grep -i acl
/dev/hdc1 on /opt/backup type ext3 (rw,acl)

From now on, this file system will work with ACLs. We will see how we can use and configure them. 

Step 1 - Let's create a test file to test ACL functionality in /opt/backup

# cd /opt/backup
# touch file1

Now, using the "getfacl" command, we will see the current ACL settings for the file.

getfacl command syntax : # getfacl [options] filename

getfacl command options :
  • -d     Display default ACLs 
  • -R     Recurse into subdirectories
Step 2 - Display ACL information for the newly created file

# getfacl file1
# file: file1
# owner: root
# group: root
user::rwgetfacl
group::r—
other::r—

So far, there is nothing special here; we only see the default ACL settings. We will use the "setfacl" command to create additional permissions for this file.

setfacl command syntax : # setfacl [options] file

setfacl command options :
  • -m         Modify ACL
  • -x          Remove ACL
  • -n          Do not recalculate the effective mask
  • -R         Recurse into subdirectories
Step 3 - Setting ACL for user01 

# setfacl -m u:user01:rwx /opt/backup/file1

Step 4 - Re-check ACL settings 

# getfacl file1
# file: file1
# owner: root
# group: root
user::rwuser:
user01:rwx
group::r—
mask::rwx
other::r—

Now you can see that read, write, and execute permissions have been added for user01. 

Step 5 - Remove ACL permissions for user01 

# setfacl -x u:user01 /opt/backup/file1

Step 6 - Verification 

# getfacl file1 
# file: file1
# owner: root
# group: root
user::rwgroup::
r—
mask::r—
other::r—

Step 7 - To remove all ACLs set on a given file, you can use the "-b" switch instead of removing them one by one 

# setfacl -b testfile

ACL settings can become very complicated if not carefully planned. You must ensure that you fully understand basic file access permissions, which is a key element of system administration. 

GnuPG

GnuPG is an Open Source solution used for encryption. The first use case for PGP was email encryption, allowing for user identity verification. The same solution also applies to file protection. You can use the "seahorse" package to secure files. 

Step 1 - Installing the package 

# yum install –y seahorse

Step 2 - Verifying installation 

# rpm -qa | grep seahorse
seahorse-2.28.1-4.el6.x86_64

Before we start using file protection, we need to generate the appropriate private key with which we will encrypt documents. You will also need a public key for decryption. 

Step 3 - Generating keys 

# gpg —key-gen

Once the keys are generated, you can start encrypting files. 
Facebook X E-mail

Comments

Dodaj komentarz

Explore

Labels

automation 12 news 11 Anthropic 10 Windows 10 browsers 10 Automation 9 Opera 9 Security 9 Technology 9 AI ethics 8 facebook 8 web applications 8 LLM 7 OpenAI 7 Software 7 chrome 7 coaching 7 curiosities 7 technology 7 www 7 Docker 6 Microsoft 6 Mind 6 Programming 6 Red Hat 6 Web browser 6 cybersecurity 6 entertainment 6 new technologies 6 ChatGPT 5 Claude AI 5 Configuration 5 Cybersecurity 5 God 5 Productivity 5 algorithms 5 books 5 machine learning 5 networking 5 AI 2026 4 AI agents 4 CentOS 4 Claude 4 IT security 4 LVM 4 Open Source 4 Ubuntu 4 Vivaldi 4 Windows 10 4 Windows system administration 4 applications 4 containers 4 future of technology 4 future of work 4 health 4 n8n 4 network 4 open source 4 people 4 photography 4 programming 4 psychology 4 security 4 system administration 4 trivia 4 AI safety 3 Administration 3 Android 3 BIG DATA 3 Business 3 FIFA 3 Firefox 3 Google projects 3 Homelab 3 Kubernetes 3 Local AI 3 Personal Development 3 Personal Finance 3 Privacy 3 Programs 3 Python 3 bash 3 communication 3 computer science 3 extensions 3 faith 3 games 3 good movie 3 help 3 human 3 interesting websites 3 interface 3 language models 3 macOS 3 media 3 mindfulness 3 money 3 open-source 3 opensource 3 personal competencies 3 personal development 3 privacy 3 reading 3 religion 3 tools 3 virtualization 3 web browser 3 websites 3 AGI 2 AI Act 2 AI assistant 2 AI at work 2 Asus 2 AutoGen 2 Career 2 Centos 2 Cloud 2 Codex 2 Debian 2 Debugging 2 DevOps 2 Docker Machine 2 Drones 2 Education 2 Fable 2 Free Red Hat 2 GDPR 2 GPT-4 2 Guide 2 Hardware 2 Intel 2 Intelligence 2 Japan 2 JavaScript 2 Job Market 2 Kernel 2 Linux kernel 2 Machine Learning 2 Medicine 2 Mythos 2 Navy SEALs 2 Netflix 2 Performance 2 Poland 2 Psychology 2 Puppeteer 2 RAID 2 RHEL7 2 RSS 2 Rocky Linux 2 Rust 2 Sakana AI 2 Self-hosting 2 Servers 2 Software Engineering 2 Ubuntu Server 2 Windows administration 2 Windows errors 2 ansible 2 better life 2 brain 2 brain-computer interfaces 2 chat 2 children 2 cloud storage 2 communicator 2 communities 2 computer intelligence 2 computers 2 conferences 2 creativity 2 critical thinking 2 curl 2 cyberattacks 2 data 2 death 2 developer tools 2 documentary 2 earning 2 emotions 2 file storage 2 file system 2 fix 2 free application 2 free courses 2 free knowledge from the internet 2 free training 2 future of AI 2 future skills 2 genius 2 hacker 2 investments 2 kernel 2 labor market 2 learning 2 local AI 2 mental health 2 mind manipulation 2 mind programming 2 mobile 2 mobile apps 2 mobile phones 2 motivation 2 movie 2 multimedia 2 neurotechnology 2 operating systems 2 partitions 2 performance 2 personal thoughts 2 philosophy 2 photos 2 plugin 2 podcast 2 prompt 2 regulations 2 self-development 2 shell 2 social media 2 software 2 technological innovations 2 technology addiction 2 terminal 2 torrent 2 trick 2 users 2 wealth 2 weather 2 web 2 wisdom 2 youtube 2 (Treści etykiet nie zostały podane w treści wejściowej) 1 120B models 1 2026 photography market 1 21st Century Skills 1 2FA 1 2nm processors 1 3D printing 1 5 GHz 1 6 GHz 1 64 bit 1 7 1 ACT therapy 1 AF_ALG 1 AGAT 1 AI API key theft 1 AI Agents 1 AI Frameworks 1 AI Governance 1 AI History 1 AI Safety 1 AI addiction 1 AI agent attack 1 AI autonomy 1 AI benchmarks 1 AI censorship 1 AI chatbots 1 AI collaboration 1 AI cyber threats 1 AI cybersecurity 1 AI future 1 AI governance 1 AI in Linux 1 AI in art 1 AI in education 1 AI in healthcare 1 AI in industry 1 AI in school 1 AI in science 1 AI in sports 1 AI integration 1 AI interaction 1 AI on mobile devices 1 AI optimization 1 AI regulation 1 AI security 1 AI superchips 1 AI threats 1 AI tool attacks 1 AI tools 1 AI workflows 1 AIMP 1 AMD ROCm 1 AMLD6 1 API 1 API key protection 1 AWS 1 Acquisition 1 Agentjacking 1 Alan Watts 1 Alexander Gerst 1 Alfred 1 AlmaLinux 1 Alpine Linux 1 Amazon Kuiper 1 Andrej Karpathy 1 Anonymous 1 Apache 1 Apple 1 Apple 2025 1 Apple Silicon 1 Aria AI 1 Audacity 4 1 AutoJack 1 Azure 1 BCI 1 Backstage 1 Banking 1 Bash 1 Bazel 1 Bible 1 Big Data 1 Bill Warner 1 Biotechnology 1 Black Mirror 1 Blackwell B100 1 Blockchain 1 Bonding 1 Bono 1 Business and Finance 1 C++ 1 CCPA 1 CPU 1 CUA 1 CUDA 1 CVE-2026 1 Career Development 1 Chat GPT 1 Chemtrails 1 ChildOnlineSafety 1 Claude 3.5 Sonnet 1 Claude Cowork 1 Claude Fable 1 Claude Sonnet 5 1 Coaching 1 Computer-Using Agent 1 Constitutional AI 1 Copilot 1 Copilot for Finance 1 Couching 1 CrewAI 1 Cryptocurrencies 1 Cyberbullying 1 DFS 1 DMA 1 DNS 1 DORA 1 DSA 1 Dario Amodei 1 Darwin 1 Data Science 1 Deep Learning 1 Deep Reading 1 DeepSeek 1 Deepseek 1 Deluge 1 Devin AI 1 Diagnostics 1 Digitalization 1 Distributions 1 Docker containers 1 Drivers 1 Dystrybucje 1 E2EE 1 E2EE vulnerabilities 1 EA GAMES 1 EA SPORTS 1 Earth AI 1 Economics 1 Email 1 Emigration 1 Enterprise Linux 1 Entrepreneurship 1 Epicureanism 1 Error 1 European Funds 1 European Union 1 European technology 1 Excel 1 FIFA 16 1 Facebook 1 Fact-checking 1 Fake News 1 Flannel 1 Flynn Effect 1 Football 1 Formoza 1 Foundation 1 Free 1 Free Software 1 Free software 1 Fugu Ultra 1 Future 1 Future of Finance 1 Future of Work 1 GLM-5.2 1 GPT 1 GPT-4.5 1 GPT-Live 1 GPU Cloud 1 GROM 1 GRUB 1 GUI 1 Gemini 1 Gemma 4 1 Generation Z 1 GhostLock 1 GitHub 1 GitOps 1 Golden Gate 1 Google Assistant 1 Google DeepMind 1 Google Gemma 4 12B 1 Google Research 1 Google activity 1 GoogleFamilyLink 1 Goose 1 Got Talent 1 Gregory Kurtzer 1 Guides 1 HTML 1 Hardware Requirements 1 Health Intelligence 1 Hygge 1 IAM 1 IBM 1 IDE 1 IDE security 1 IQ 1 ISIS 1 ISS 1 IT 1 IT automation 1 IT costs 1 IT history 1 Innovation 1 Intelligent email 1 Internet Browser 1 Internet browser 1 InternetEducation 1 Interview 1 Islam 1 Islamic State 1 Jacquard 1 Jboss 1 Jellyfin 1 JetBrains Marketplace 1 Jetson Thor price 1 Joel Pearson 1 Kali Linux 1 Karen Hao 1 Khan Academy 1 Kodi 1 Kylian Mbappé 1 LLM Deployment 1 Labor Market 1 LangChain 1 Legal regulations 1 LibreOffice 1 Linus Torvalds 1 Linux 7.3 1 Linux automation 1 Linux diagnostics 1 Linux for business 1 Linux system tools 1 Linux task management 1 Linux task scheduling 1 Logs 1 Londoners 1 MAS 1 MCP 1 MFA 1 MLX 1 Maps 1 MarGib_Film 1 Marek Jankowski 1 Mars helicopter 1 Material Design 1 Matt Pocock 1 Microsoft 365 1 Military 1 Mindfulness 1 Mistral AI 1 Miłosz Brzeziński 1 Model Context Protocol 1 Monitoring 1 MrBallen 1 Multi-Agent Systems 1 My take 1 NATO 1 NIS2 1 NTFS 1 NVIDIA 1 NVIDIA Blackwell 1 NVIDIA Jetson Thor 1 National security 1 Neural Networks 1 New 1 Nginx 1 No comment 1 Node.js 1 Non-profit 1 Notion 1 Nvidia 1 Odysseus 1 OneTrust 1 OpenSSL 1 Opera Air 1 Opera Neon 1 Opera Touch 1 Operating Systems 1 P2P 1 PARP 1 PDF conversion 1 PDF editor 1 PDF merging 1 Pac-Man 1 Pekao S.A 1 Peperclips 1 Perceptron 1 Personal development 1 Philosophy 1 Photoshop 1 Playwright 1 Plex 1 Poland 2026 1 Poles 1 Polish universities 1 PostgreSQL 1 PowerShell 1 Preview 1 Project Maven 1 Project TANGO 1 Proton Drive 1 Proxmox 1 PyTorch 1 Qt Creator 1 Quick Actions 1 Quotes 1 RHEL 1 RHEL8 1 RHSCA 1 Raspberry PI 1 Raspberry Pi 1 Raspbian 1 Raycast 1 Red Hat 8 1 Red Hat Enterprise Linux Developer Suite 1 RedHat 8 1 Regex 1 Robo-advisors 1 SMEs 1 SUSE 1 SafeInternet 1 SaferInternetDay 1 Safety 1 Sakana Fugu 1 Search 1 Sector 3.0 Festival 1 Security Auditing 1 September 23 2017 1 Server Administration 1 Signal 1 Smart City 1 Snip. 1 Social Media 1 Soli 1 Solo Projects 1 Solopreneurship 1 Something from myself 1 Sound 1 Sovereign AI 1 Sport 1 Spotify 1 Stacher.IO 1 Stacher.IO installation 1 Starlink 1 Steam Deck 1 Stoicism 1 SysAdmin 1 System Administration 1 Tech 1 Tech Weekly 1 Telegram 1 TensorFlow 1 The Shack 1 Time Management 1 Tips 1 Tokenomics 1 Tools 1 Tribler 1 Tutorial 1 U.S. 1 U.S. government 1 U2 1 UI testing 1 USB 1 UV 1 Ubuntu 26.04 1 VentuSky 1 VirtualBox 1 Virtualization 1 WBC 1 WSL 3 1 WWDC 2026 1 WWDC26 1 Warsaw 1 Weave 1 Web Scraping 1 Websites 1 WhatsApp 1 Wi-Fi 6 1 Wi-Fi 6E 1 Wi-Fi channels 1 Windows update 1 Work 1 Workflow 1 World Cup 1 World Cup 2026 1 World Cup AI 1 World Wide Web 1 X-Files 1 X-files 1 YouTube 1 Yuval Noah Harari 1 ZUS 1 ZenFone 1 Zero-Touch OAuth 1 Zorin OS 1 a drop of motivation 1 about this blog 1 academic fraud 1 account security 1 achieving goals 1 ad blocking 1 addiction 1 administrator 1 agent systems 1 aids 1 ampere altra 1 analog photography 1 animations 1 application prototyping 1 arm servers 1 arm64 1 assertiveness 1 astronomy 1 at one-time tasks 1 at vs cron 1 atd daemon 1 audio 1 audio editing 1 authenticity in art 1 authorization 1 autofs 1 automateit 1 automation security 1 automation system attack 1 autonomous cars 1 awareness 1 aws graviton 1 bank 1 bash on windows 1 bat files 1 batch 1 battery 1 beliefs 1 beta 1 better living 1 better quality 1 big data 1 bin/bash 1 biodiversity 1 blocking 1 blogger 1 body language 1 bookmarks 1 boot 1 bootable usb 1 boxing 1 browser automation 1 business intelligence 1 c# 1 cache 1 calc 1 campaign 1 cards 1 centralized platforms 1 chemistry 1 child psychology 1 children's emotional development 1 city design 1 clearance 1 cli tools 1 climate change 1 clothing industry 1 cloud 1 cmd 1 code editor 1 cognitive abilities 1 cognitive psychology 1 coldplay 1 command history 1 command line 1 command prompt 1 commando training 1 comments 1 compliance 1 compliance automation 1 compliance tools 1 computer interaction 1 computer performance 1 concentration 1 configuration management 1 conntrack 1 console 1 conspiracy 1 conspiracy theories 1 controversial 1 converter 1 corporate world 1 cost optimization 1 courage 1 courses 1 courses for free 1 cron 1 cryptography 1 cynics 1 dark mode 1 data security 1 database 1 datasette 1 date and time 1 deep brain stimulation 1 deep learning 1 democracy 1 desertification 1 design patterns 1 design systems 1 developers 1 digital addiction 1 digital clothing 1 digital competencies 1 digital detox 1 digital education 1 digital ethics 1 digital hygiene 1 digital manipulation 1 digitalization 1 disqus 1 document 1 document conversion 1 document signing 1 dreams 1 drop of motivation 1 drought 1 dubai 1 dying 1 e-book 1 eBPF 1 ecology 1 economy 1 ecosystem restoration 1 edge computing 1 elections 1 encryption 1 end of the world 1 end of world 1 end-to-end encryption 1 energy 1 energy efficiency 1 environment and health 1 ethical AI 1 evolution 1 excel 1 exploitation 1 extreme 1 fdisk 1 file sharing 1 file size 1 film zone 1 flash drive 1 flat earth 1 flying 1 food 1 football 1 for sale 1 format change 1 free 1 free software 1 friend location 1 ftp 1 future of architecture 1 future of education 1 future of energy 1 future of humanity 1 future of medicine 1 future of the brain 1 future of the internet 1 future of transport 1 game 1 geoengineering 1 global connectivity 1 google chat 1 graphics 1 graphics editors 1 growing up 1 hacking 1 happiness 1 hard-link 1 hashing 1 hedonic adaptation 1 helion 1 history 1 hobby 1 home hosting 1 homelab 1 hostname 1 hostnamectl 1 how many people live on earth 1 humanity 1 humor 1 hybrid cloud 1 iOS 1 iPhone 18 Pro 1 iPhone launch 1 iftop 1 image generation 1 immortality 1 influencer criticism 1 information manipulation 1 infrastructure 1 infrastructure scalability 1 innovation 1 installation 1 integrations 1 intelligence 1 internet applications 1 investigative journalism 1 investing 1 jailbreaking 1 javascript 1 job market 1 kernel security 1 keyboard shortcuts 1 kuba wojewódzki 1 light 1 linux kernel 1 livepatch 1 login 1 logs 1 loop-audit 1 loop-cost 1 loop-init 1 macOS Sequoia 1 magic 1 make life harder 1 making money 1 malicious JetBrains plugins 1 malware in IDE 1 markdown 1 markitdown 1 material design 1 media streaming 1 medicine 1 meditation 1 memory 1 message security 1 messenger 1 meteorology 1 microsoft 1 microtargeting 1 military ethics 1 mobile applications 1 mobile photography 1 model interpretability 1 modern technologies 1 monorepo 1 mounting 1 mp3 player 1 multimedia tools 1 multimodality 1 music 1 music player 1 mysteries 1 n8n security 1 national defense 1 nature conservation 1 net use 1 nethogs 1 network monitoring 1 network resources 1 network security 1 neurobiology 1 neuroenhancement 1 neuroplasticity 1 neuropsychology 1 new life 1 new player 1 new things 1 nftables 1 office 1 onboarding 1 one-time cron 1 onestep4red 1 online 1 online courses 1 online privacy 1 outage 1 overstimulation 1 package manager 1 paper clips 1 paradox of the fulfilled dream 1 parenting 1 parents 1 parted 1 password 1 password change 1 password policy 1 password recovery 1 password security 1 passwords 1 pdf 1 penetration testing 1 perseverance 1 personal data 1 phishing 1 php 1 plagiarism detection 1 plague 1 player 1 poison 1 police 1 predictions 1 privilege escalation 1 processes 1 productivity 1 productivity tools 1 promissory notes 1 protection 1 ps 1 python 1 questions 1 radar 1 raspberry pi 5 1 real-time AI 1 red 1 relax 1 relaxation 1 remote work 1 renewable energy sources 1 reportage 1 rest 1 risk 1 robotaxi 1 root 1 router 1 routing 1 runlevel 1 satellite data 1 satellite internet 1 science 1 scientific facts 1 scientific research 1 scraping 1 screen 1 screenshot 1 self-hosting 1 series 1 settings 1 shadow AI 1 show 1 skills 1 skydive 1 sleep 1 small big company 1 smart clothing 1 smartphone 1 smartphones 1 social engineering 1 society 1 software engineering 1 space 1 space technology 1 special forces 1 sport 1 sports 1 spreadsheet 1 sqlite 1 stalking 1 statistics 1 streaming 1 sub-millimeter sensor 1 success 1 symbolic link 1 syngrapha 1 sysctl 1 system acceleration 1 system diagnostics 1 system kernel 1 systemd 1 tablet 1 talk show 1 tcpdump 1 technical documentation 1 technology ethics 1 technology future 1 technology regulations 1 television 1 terrorism 1 testing 1 the world in numbers 1 theology and science 1 threats 1 time management 1 time travel 1 timelapse 1 tips 1 traditional photography 1 tutorials 1 two-factor authentication 1 ubuntu 1 udev 1 upbringing 1 updates 1 user interface 1 video conversion 1 violence in the military 1 viral 1 virtualbox 1 walking 1 walking meetings 1 water retention 1 weather forecasting 1 webmaster 1 wellbeing 1 wind energy 1 wind turbine optimization 1 windows automation 1 wireless network 1 word processing 1 work 1 work automation 1 world 1 world cup 2026 1 world wide web 1 you are a miracle 1 yum 1 zeitgeist 1

Blog archive

Table of contents