Differences
This shows you the differences between two versions of the page.
linux_wiki:create_and_manage_access_control_lists_acls [2016/03/03 22:17] billdozor |
linux_wiki:create_and_manage_access_control_lists_acls [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Create And Manage Access Control Lists Acls ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Access Control Lists are additional permissions that allow advanced type of access beyond the standard "user, group, others" | ||
- | |||
- | ---- | ||
- | |||
- | ===== View ACLs ===== | ||
- | |||
- | Show ACL permissions | ||
- | <code bash> | ||
- | getfacl file1 | ||
- | |||
- | # file: file1 | ||
- | # owner: root | ||
- | # group: root | ||
- | user::rw- | ||
- | group::r-- | ||
- | other::r-- | ||
- | </ | ||
- | * The above is a new file created by root, with no extended ACL permissions set | ||
- | * getfacl = get file access control lists | ||
- | |||
- | ---- | ||
- | |||
- | ===== Setting ACLs ===== | ||
- | |||
- | Set ACL for the user, yoda to give him write permissions | ||
- | <code bash> | ||
- | setfacl -m u:yoda:rw file1 | ||
- | |||
- | getfacl file1 | ||
- | # file: file1 | ||
- | # owner: root | ||
- | # group: root | ||
- | user::rw- | ||
- | user: | ||
- | group::r-- | ||
- | mask::rw- | ||
- | other::r-- | ||
- | </ | ||
- | * Now, the same file with extended ACL permissions for the user, yoda | ||
- | * -m => modify | ||
- | * u:yoda:rw => user yoda, read and write permissions | ||
- | * mask = max level permissions for ACLs | ||
- | |||
- | \\ | ||
- | Notice the " | ||
- | <code bash> | ||
- | ll | ||
- | total 4 | ||
- | -rw-rw-r--+ 1 root root 0 Jul 5 16:25 file1 | ||
- | </ | ||
- | |||
- | \\ | ||
- | Update the mask (max ACL permissions) to read | ||
- | <code bash> | ||
- | setfacl -m m::r file1 | ||
- | |||
- | getfacl file1 | ||
- | # file: file1 | ||
- | # owner: root | ||
- | # group: root | ||
- | user::rw- | ||
- | user: | ||
- | group::r-- | ||
- | mask::r-- | ||
- | other::r-- | ||
- | </ | ||
- | * m::r => set mask for all to read permissions. This means that even though yoda has rw, the max anyone can have is read. | ||
- | |||
- | \\ | ||
- | Set ACL for a group | ||
- | <code bash> | ||
- | setfacl -m g:jedi:rw file1 | ||
- | |||
- | getfacl file1 | ||
- | # file: file1 | ||
- | # owner: root | ||
- | # group: root | ||
- | user::rw- | ||
- | user: | ||
- | group::r-- | ||
- | group: | ||
- | mask::rw- | ||
- | other::r-- | ||
- | </ | ||
- | * g:jedi:rw => group " | ||
- | |||
- | Set default ACL for new files/ | ||
- | <code bash> | ||
- | setfacl -m d:u::rw dir1 | ||
- | </ | ||
- | * Note: Default permissions does NOT give those permissions to dir1 itself | ||
- | |||
- | \\ | ||
- | Remove default ACLs | ||
- | <code bash> | ||
- | setfacl --remove-default dir | ||
- | </ | ||
- | * Remove all ACLs (including default): setfacl --remove-all dir | ||
- | |||
- | \\ | ||
- | Remove a single user's ACL | ||
- | <code bash> | ||
- | setfacl -x u:yoda file1 | ||
- | OR | ||
- | setfacl --remove u:yoda file1 | ||
- | </ | ||
- | |||
- | \\ | ||
- | Copy ACL from file1 and apply it to file2 | ||
- | <code bash> | ||
- | getfacl file1 | setfacl --set-file=- file2 | ||
- | </ | ||
- | * Notice the --set-file=-, | ||
- | |||
- | ---- | ||