Linux how to use the setfacl command to create a permission file

setfacl is a command to set the file access control list under Linux, can be used to create files, can inherit the permissions of the directory, some functions are similar to the chmod command, the following small series will introduce you Linux uses the setfacl command to create a permission file method, let's learn together.

below user1 ordinary users to root. In the directory /mnt

[root@RedHat-7 mnt]# setfacl -m u:user1:rwx share //Add ower = user1 to the directory and give the root of rwx.

[root@redhat-7 mnt]# setfacl -d -mu:user1:rwx share //Add default acl permissions to the directory, create directories and files in this directory will inherit this permission information

[root@redhat-7 mnt]#

[root@redhat-7 mnt]#

[root@redhat-7 mnt]# getfacl share //View share facl Information

# file: share

# owner: root

# group: root

user::rwx

user:user1 :rwx //User1 can have write access to share at this time

group::rx

mask::rwx

other::rx

default :user::rwx //Permission information for the default subdirectory or file

default:user:user1:rwx

default:group::rx

default:mask: :rwx

default:other::rx

[root@redhat-7 mnt]# cd share/

[root@redhat-7 share]# ls

[root@redhat-7 share]# touch roota

[root@redhat-7 share]# touch Rootb

[root@redhat-7 share]# mkdir rootdir1

[root@redhat-7 share]# mkdir rootdir2

[root@redhat-7 share]# Ls

roota rootb rootdir1 rootdir2

[root@redhat-7 share]# getfacl roota

# file: roota

# owner: root

# group: root

user::rw-

user:user1:rwx #effective:rw-

group::rx #effective:r- -

mask::rw-

other::r--

[root@redhat-7 share]# getfacl rootdira

getfacl: rootdira : No such file or directory

[root@redhat-7 share]# getfacl rootdir

rootdir1/rootdir2/

[root@redhat-7 share]# getfacl rootdir1

# file: rootdir1

# owner: root

# group: root

user::rwx

user:user1: Rwx

group::rx

mask::rwx

other:: Rx

default:user::rwx

default:user:user1:rwx

default:group::rx

default:mask::rwx

default:other::rx

[root@redhat-7 share]#

Now use user1 to enter this directory to detect permissions:

[ User1@redhat-7 share]$

[user1@redhat-7 share]$

[user1@redhat-7 share]$

[user1@redhat-7 Share]$ ll

total 8

-rw-rw-r--+ 1 root root 0 Nov 19 22:52 roota

-rw-rw-r- -+ 1 root root 0 Nov 19 22:52 rootb

drwxrwxr-x+ 2 root root 6 Nov 19 22:52 rootdir1

drwxrwxr-x+ 2 root root 6 Nov 19 22:52 rootdir2

[user1@redhat-7 share]$ touch user1a

[user1@redhat-7 share]$ touch user1dir1

[user1@redhat-7 share]$ getfacl User1a //View permissions for new files

# file: user1a

# owner: user1

# group: user1

User::rw-

user:user1:rwx #effective:rw-

group::rx #effective:r--

mask::rw-

other::r--

[user1@redhat-7 share]$ rm roota //Try to delete the file created by root, successful

[user1@redhat-7 share ]$ rm rootdir1 //Try to delete the directory created by root, successful

rm: cannot remove arootdir1a: Is a directory

[user1@redhat-7 share]$ rm rootdir1 -r

[user1@redhat-7 share]$ ll

total 4

-rw-rw-r--+ 1 root root 0 Nov 19 22:52 rootb

drwxrwxr-x+ 2 root root 6 Nov 19 22:52 rootdir2

-rw-rw-r--+ 1 user1 user1 0 Nov 19 22:57 user1a

-rw- Rw-r--+ 1 user1 user1 0 Nov 19 22:57 user1dir1

[user1@redhat-7 share]$

So, when there is a requirement to do the inheritance of the root , you can use this side to achieve.

In the new rhel7, there will be a new tool chacl similar to setfacl .

The above is the introduction of Linux using the setfacl command to create a permission file, because the created file inherits the permissions of the parent directory, so it is convenient to use at some time, of course, the setfacl command has other usages.