Setting Access ACLs

There are two types of ACLs: access ACLs and default ACLs. An access ACL
is the access control list for a specific file or directory. A default ACL can only
be associated with a directory; if a file within the directory does not have an
access ACL, it uses the rules of the default ACL for the directory. Default ACLs
are optional. ACLs can be configured:

  • Per user
  • Per group
  • Via the effective rights mask
  • For users not in the user group for the file
The setfacl utility sets ACLs for files and directories. Use the -m option to add or
modify the ACL of a file or directory:

  • setfacl -m
Rules () must be specified in the following formats. Multiple rules can
be specified in the same command if they are separated by commas.
u::
Sets the access ACL for a user. The user name or UID may be specified. The
user may be any valid user on the system.

g::
Sets the access ACL for a group. The group name or GID may be specified.
The group may be any valid group on the system.

m:
Sets the effective rights mask. The mask is the union of all permissions of the
owning group and all of the user and group entries.

o:
Sets the access ACL for users other than the ones in the group for the file.

White space is ignored. Permissions () must be a combination of the
characters r, w, and x for read, write, and execute. If a file or directory already
has an ACL, and the setfacl command is used, the additional rules are added to
the existing ACL or the existing rule is modified.
For example, to give read and write permissions to user andrius:

  • setfacl -m u:andrius:rw /project/somefile
To remove all the permissions for a user, group, or others, use the -x option and
do not specify any permission (s):

Comments

Post a Comment

Popular posts from this blog

A-Z Index of the Apple OS X command line

The tcsh command shell of Darwin (the open source core of OSX) alias Create an alias alloc List used and free memory awk Find and Replace text within file(s) basename Convert a full pathname to just a folder path bash Bourne-Again SHell (Linux) bless Set volume bootability and startup disk options. break Exit from a loop cal Display a calendar case Conditionally perform a command cat Display the contents of a file cd Change Directory chflags Change a file or folder's flags. chgrp Change group ownership chmod Change access permissions chown Change file owner and group chroot Run a command with a different root directory cksum Print CRC checksum and byte counts clear Clear terminal screen cmp Compare two files comm Compare two sorted files line by line complete Edit a command completion [word/pattern/list] continue Resume the next iteration of a loop cp ...
Read more

Archiving File Systems With ACLs

Warning The tar and dump commands do not backup ACLs. The star utility is similar to the tar utility in that it can be used to generate archives of files. The star package is required to use this utility. The command line options for Star are as follows
Read more

A-Z Index of the Linux BASH command line

alias Create an alias apropos Search Help manual pages (man -k) awk Find and Replace text, database sort/validate/index break Exit from a loop builtin Run a shell builtin bzip2 Compress or decompress named file(s) cal Display a calendar case Conditionally perform a command cat Display the contents of a file cd Change Directory cfdisk Partition table manipulator for Linux chgrp Change group ownership chmod Change access permissions chown Change file owner and group chroot Run a command with a different root directory cksum Print CRC checksum and byte counts clear Clear terminal screen cmp Compare two files comm Compare two sorted files line by line command Run a command - ignoring shell functions continue Resume the next iteration of a loop cp Copy one or more files to another location cron Daemon to execute scheduled commands crontab Schedule a command to run at a later time c...
Read more