Access Control List(ACL)

hrcxf

Access Control List(ACL)
符号：+
getfacl filenames
setfacl –m(modify) acl_entries
setfacl –s(replace) acl_entries
setfacl –d(delete) acl_entries

acl_entries： u[ser]::perm – Sets the permissions for the file owner.
                                  g[roup]::perm– Sets the permissions for the owner’s group.

                                  o[ther]:perm – Sets the permissions for users other than the
owner or members of the owner’s group.

                                  u[ser]:UID:perm or u[ser]:username:perm – Sets the
permissions for a specific user. The username must exist in the /etc/passwd file.

                                  g[roup]:GID:perm or g[roup]:groupname:perm – Sets the permissions for a specific group. The groupname must exist in the /etc/group file.

                                  m[ask]:perm – Sets the ACL mask. The mask entry indicates the maximum permissions allowed for all users, except the owner, and for all groups. The mask is a quick way to change permissions for all the users and groups.

1、删除
setfacl -d ACL_entry filename(s)
setfacl -d ACL_entry,ACL_entry filename(s)
eg：# setfacl -d u:user8 file.txt

2、替换
setfacl -s u::perm,g::perm,o:perm,m:perm,[u:UID],[g: GID] filename(s)
# setfacl -s user::rw-,group::r--,other:---,mask:rw-,user:user8:rw- file.txt
# getfacl file.txt
# file: file.txt
# owner: user1
# group: class
user::rw-user:
user8:rw- #effective:rw-group::
r-- #effective:r--
mask:rw-other:---

# setfacl -s u::7,g::4,o:0,m:4,u:user8:7 file.txt
# getfacl file.txt
# file: file.txt
# owner: user1
# group: class
user::rwx
user:user8:rwx #effective:r--
group::r-- #effective:r--
mask:r--
other:---

3、修改
setfacl -m acl_entry,acl_entry filename1 [filename2 ...]
# setfacl -m user:user8:6 file.txt
# getfacl file.txt
# file: file.txt
# owner: user1
# group: class
user::rwx
user::user8:rw- #effective:r--
group::r- #effective:r--
mask:r--
other:---

# setfacl -m m:6 file.txt
# getfacl file.txt
# file: file.txt
# owner: user1
# group: class
user::rwx
user::user8:rw- #effective:rw-group::
r- #effective:r--
mask:rw-other:---
# ls -l file.txt
-rwxr-----+ 1 user1 class 167 Apr 18 11:13 file.txt

4、补充
a、可以对一目录进行操作
b、使一个目录下所有的文件和子目录都更改acl权限
#find ./ -name “*” –exec setfacl –m <yourfacl>; {} \;

david10000

ok

不过细微之处有错误

hrcxf

还请指点！！