LINUX Extra Privilege Control ACL

  
ACL is an abbreviation of Access Control List. The main purpose is to provide permission settings other than the traditional OWNER, GROUP, OTHER read, wirite, execute permissions. ACL can set R, W, and X permissions for a document and directory. Getfacl: Gets the ACL setting item of a document or directory.

setfacl: Sets the ACL item for a document or directory.

Example:
##Create a file [jimistephen@localhost acl]$ touch acl_test##List file attributes, permissions [jimistephen@localhost acl]$ ll acl_test-rw-rw-r- -. 1 jimistephen jimistephen 0 Mar 10 08:21 acl_test#Permission to modify the document [jimistephen@localhost acl]$ setfacl -mu:jimi:rx acl_test#View the modified permissions [jimistephen@localhost acl]$ ll acl_test-rw- Rwxr--+ 1 jimistephen jimistephen 0 Mar 10 08:21 acl_test## When modifying permissions, there is no user list representing the owner of the file. [jimistephen@localhost acl]$ setfacl -m u::rwx acl_test[jimistephen@localhost acl]$ ll acl_test-rwxrwxr--+ 1 jimistephen jimistephen 0 Mar 10 08:21 acl_test# Get file information and permissions. [jimistephen@localhost acl]$ getfacl acl_test# file: acl_test #filename# owner: jimistephen #file owner# group: jimistephen #file attribute user group user::rwx #file owner's permission user:jimi:rx # Permissions set for a specific user jimi permissions r, xgroup::rw- #File group permissions: mask::rwx #file default effective permissions other::r-- #Others have additional permissions :#This just changed the permissions of the current directory setfacl -mu:myuser1:rx /srv/projecta#If you want to implement all the files and directories under this directory, you can use the following settings: setfacl -md:u:myuser1:rx /srv/projecta

Copyright © Windows knowledge All Rights Reserved