There are two type of ACLs
The user and group access permissions for all kinds of file system objects (files and directories) are determined by means of access ACLs
Default ACLs can only be applied to directories. They determine the permissions a file system object inherits from its parent directory
when it is created.
Structure of ACL entries
ACL can be divided into two classes according to the structure.ie minimal ACL and extended ACL.A minimal ACL simply comprises the entries for types owner,owning group and other similar to conventional permissions for files and directories.An extended ACL should contain a mask entry and may contain several entries for the named user and named group.
setfacl and getfacl are the utilities used in Linux to manage ACL.
Basic setfacl command structure is,
-m option is used to add/modify ACL entries.
-x is used to remove permissions for user
eg: setfacl -x u:testuser /testfile
This will remove all permissions for testuser in /testfile.
Scenario: Need to assign read,write and execute permissions to user john and to additional group marketing for directory /SALE
setfacl -m user:john:rwx,group:marketing:rwx /SALE
Setting Default ACL
For setting default ACL we are using -d before rule.
setfacl -m -d user:john:rw /SALE
Remove all extended ACL entries. The base ACL entries of the owner, group and others are retained.
Remove the Default ACL.
If no Default ACL exists, no warnings are issued.
Do not recalculate the effective rights mask. The default behavior of setfacl is to recalculate the ACL mask entry, unless a mask entry was explicitly given. The mask entry is set to the union of all permissions of the owning group, and all named user and group entries. (These are exactly the entries affected by the mask entry).
Do recalculate the effective rights mask, even if an ACL mask entry was explicitly given. (See the -n option.)
All operations apply to the Default ACL. Regular ACL entries in the input set are promoted to Default ACL entries. Default ACL entries in the nput set are discarded. (A warning is issued if that happens).
Restore a permission backup created by ‘getfacl -R’ or similar. All permissions of a complete directory subtree are restored using this mechanism. If the input contains owner comments or group comments, and setfacl is run by root, the owner and owning group of all files are restored as well. This option cannot be mixed with other options except ‘–test’.
Instead of changing the ACLs of any files, the resulting ACLs are listed.
Apply operations to all files and directories recursively. This option cannot be mixed with ‘–restore’.
Logical walk, follow symbolic links. The default behavior is to follow symbolic link arguments, and to skip symbolic links encountered in sub directories. This option cannot be mixed with ‘–restore’.
Physical walk, skip all symbolic links. This also skips symbolic link arguments. This option cannot be mixed with ‘–restore’.
- What is your reaction?
- powered by Verysign
1 Distro Oracle Linux 8 Update 4 maintains compatibility with Red Hat Enterprise Lin...
2 Tutorial How to add a raw disk for Oracle ASM
3 Tutorial Migrating CentOS 6, 7 and 8 to Oracle Linux or CentOS Stream 8
4 Tutorial Oracle Linux: a better alternative to CentOS
5 Distro Oracle Linux 8.2 - publicly available ISO image
- powered by Verysign