Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux:access-control-lists [2017/10/27 17:12] – created michael | linux:access-control-lists [2019/03/07 13:51] (current) – michael | ||
---|---|---|---|
Line 13: | Line 13: | ||
'' | '' | ||
- | ---- | ||
===== Viewing ACLs ===== | ===== Viewing ACLs ===== | ||
- | ---- | + | <WRAP center box 100%> |
+ | |||
+ | '' | ||
+ | < | ||
+ | # getfacl /tmp/test | ||
+ | </ | ||
+ | |||
+ | <sxh plain; gutter: false;> | ||
+ | # file: test | ||
+ | # owner: root | ||
+ | # group: root | ||
+ | user::rw- | ||
+ | user: | ||
+ | user: | ||
+ | group::r-- | ||
+ | mask::rwx | ||
+ | other:--- | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Notice the 3 different user: lines. The first line lists the standard file permissions of the owner of the file. The 2 other user permissions are the individual permission for the user john and sam. The mask field here only applies to the additional permissions we have given to the user and groups. If the mask is set to rwx the read, write and execute permissions will be granted to additional user/ | ||
+ | |||
+ | |||
+ | <WRAP center box 100%> | ||
+ | **File with no ACLs** | ||
+ | |||
+ | '' | ||
+ | < | ||
+ | # getfacl test | ||
+ | </ | ||
+ | |||
+ | <sxh plain; gutter: false;> | ||
+ | # file: test | ||
+ | # owner: root | ||
+ | # group: root | ||
+ | user::rw- | ||
+ | group:: | ||
+ | other:: | ||
+ | </ | ||
+ | </ | ||
===== Creating and Managing FACLs ===== | ===== Creating and Managing FACLs ===== | ||
+ | The '' | ||
+ | < | ||
- | ---- | + | * The **-m** option tells setfacl to modify ACLs on the file(s) mentioned in command line. Instead of user john we can have a group to have a specific permission on the file : < |
+ | * FACLs for multiple user and groups can also be set with single command : < | ||
===== Default FACLs on directories ===== | ===== Default FACLs on directories ===== | ||
+ | Default ACLs are only created on directories. When you set default ACLs on directories, | ||
+ | **To create a default FACL on a directory: | ||
- | ---- | + | < |
+ | <WRAP center box 100%> | ||
+ | < | ||
+ | # getfacl accounts/ | ||
+ | </ | ||
+ | |||
+ | <sxh plain; gutter: false;> | ||
+ | # file: accounts/ | ||
+ | # owner: root | ||
+ | # group: root | ||
+ | user::rwx | ||
+ | group::r-x | ||
+ | other::r-x | ||
+ | default: | ||
+ | default: | ||
+ | default: | ||
+ | default: | ||
+ | default: | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ''// | ||
+ | |||
+ | <WRAP center box 100%> | ||
+ | < | ||
+ | # touch / | ||
+ | </ | ||
+ | |||
+ | <sxh plain; gutter: false;> | ||
+ | # getfacl test | ||
+ | # file: test | ||
+ | # owner: root | ||
+ | # group: root | ||
+ | user::rw- | ||
+ | user: | ||
+ | group:: | ||
+ | mask::rw- | ||
+ | other::r-- | ||
+ | </ | ||
+ | </ | ||
===== Removing FACLs ===== | ===== Removing FACLs ===== | ||
+ | '' | ||
+ | < | ||
+ | '' | ||
+ | |||
+ | ''< | ||
+ | |||
+ | < | ||
- | ---- | ||
===== Backing up the FACLs ===== | ===== Backing up the FACLs ===== | ||
- | ---- | + | Many a times, the backup software may not copy the metadata related to the FACL on the files. In that case you may want to backup the FACL information on the files. Now, the FACL on all the files in a directory (including all sub directories) can be copied in a single file. |
+ | |||
+ | < | ||
+ | # getfacl | ||
===== Restoring the FACLs ===== | ===== Restoring the FACLs ===== | ||
+ | When you restore the files in /accounts directory, you would have to restore the FACLs associated with the files in that direcotry. TO do that use the FACL backup file accounts_facl along with the –restore option : | ||
+ | < | ||
---- | ---- | ||
Quelle: https:// | Quelle: https:// |