Granting Explicit ACL Access to a File on Linux

Say there is a file, openui/open-webui/webui.db, and you want to have write access to it without using sudo.

The most reliable way is to not use various chown and chmod commands, but instead use setfacl, which is available on Debian via apt install acl.

To first check the permissions, run namei,

$ namei -mo openui/open-webui/webui.db
f: openui/open-webui/webui.db
 drwxrwxr-x rik rik openui
 drwxrwxr-x 777 rik open-webui
                     webui.db - Permission denied

It looks like permissions to enter the openui/open-webui dir are missing. This can be fixed by setting read, write, and execute permissions for $USER to the dir,

$ sudo setfacl -m "u:$USER:rwx" openui/open-webui/

Now namei shows,

$ namei -mo openui/open-webui/webui.db
f: openui/open-webui/webui.db
 drwxrwxr-x rik rik openui
 drwxrwxr-x 777 rik open-webui
 -rw-rwxr-- 777 rik webui.db

This shows that admin user has rw permissions, the user 777 has rwx permissions, and other users have only r permissions. Trying to write from other users to the database will throw an "attempt to write a readonly database" sqlite error.

To fix this,

$ sudo setfacl -m "u:$USER:rw" openui/open-webui/webui.db