The setfacl command is used to add, modify, delete an ACL entry (or entries) or replace the entire Access Control List (ACL) on a file or directory. Here are a few examples.
Replaces the entire ACL via man page
--setfacl -s user:esoft:rwx,user::rwx,group::rw-,mask:r--,other:--- testfile
or its octal equivalent
--setfacl -s user:esoft:7,user::7,group::6,mask:4,other:0 testfile
Before changing ACL
# getfacl testfile
# file: testfile
# owner: root
# group: other
user::rw-
group::r-- #effective:r--
mask:r--
other:r--
# ls -l testfile
-rw-r--r-- 1 root other 0 Sep 4 23:26 testfile
After changing ACL
# setfacl -s user:esoft:rwx,user::rwx,group::rw-,mask:r--,other:--- testfile
# getfacl testfile
# file: testfile
# owner: root
# group: other
user::rwx
user:esoft:rwx #effective:r--
group::rw- #effective:r--
mask:r--
other:---
# ls -l testfile
-rwxr-----+ 1 root other 0 Sep 4 23:27 testfile
Same as above but in octal
# rm testfile
# touch testfile
# ls -l testfile
-rw-r--r-- 1 root other 0 Sep 4 23:30 testfile
# setfacl -s user:esoft:7,user::7,group::6,mask:4,other:0 testfile
# getfacl testfile
# file: testfile
# owner: root
# group: other
user::rwx
user:esoft:rwx #effective:r--
group::rw- #effective:r--
mask:r--
other:---
# ls -l testfile
-rwxr-----+ 1 root other 0 Sep 4 23:32 testfile
#######################################
Change user and mask
# setfacl -m u:esoft:6,m:6 testfile
# getfacl testfile
# file: testfile
# owner: root
# group: other
user::rwx
user:esoft:rw- #effective:rw-
group::rw- #effective:rw-
mask:rw-
other:---
Change group and mask
# setfacl -m g:other:4,m:6 testfile
# getfacl testfile
# file: testfile
# owner: root
# group: other
user::rwx
user:esoft:rw- #effective:rw-
group::rw- #effective:rw-
group:other:r-- #effective:r--
mask:rw-
other:---
Delete ACL
# setfacl -d u:esoft:6 testfile
# getfacl testfile
# file: testfile
# owner: root
# group: other
user::rwx
group::rw- #effective:rw-
group:other:r-- #effective:r--
mask:rw-
other:---
Get ACL of testfile then set (apply) to testfile1
# getfacl testfile | setfacl -f - testfile1
This blog covers Unix system administration HOWTO tips for using inline for loops, find command, Unix scripting, configuration, SQL, various Unix-based tools, and command line interface syntax. The Unix OS supports tasks such as running hardware, device drivers, peripherals and third party applications. Share tips/comments. Read the comments. But most importantly: Read Disclaimer - Read Disclaimer.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment