Facl:filesystem Acess Control List
Linux (and other POSIX-compatible operating systems such as UNIX) has a permission-control method called access control lists (ACLs), which is a universal paradigm outside of the allocation of permissions. For example, by default you need to confirm 3 permission groups: Owner, group, and other. Instead of using ACLs to save additional access control with file extension attributes, you can add permissions to other users or groups, not just simple "other" or groups that the owner does not exist. You can allow the specified users A, B, and C to have write permissions instead of having their entire group write permissions.
ACLs support a variety of Linux file systems, including Ext2, Ext3, Ext4, XFS, BTFRS, etc. If you are unsure whether your file system supports ACLs, refer to the documentation.
Scene: Tom,jerry two users, Tom create a file in a common directory, just want Jerry to be able to access it, and edit the change save. File sharing between users.
Installing the ACL management tool
In Centos/fedora/rhel:
Yum Install ACL
In Ubuntu/debian:
sudo Install ACL
After the installation ACL is complete, we need to activate the ACL function of our disk partition so that we can use it.
First, we check to see if the ACL function is turned on.
Vim/etc/fstab
View to/boot does not have ACL enabled and adds an ACL tag before the option to turn on the ACL's partition.
eg.
The base ACL is managed by two commands:setfacl is used to add or modify ACLs, andGetfacl is used to display ACLs that are allocated.
Getfacl
CP /etc/lsinittab Project file: inittab# owner:root# GROUP:ROOTUSER::RW-group::r--other::r--
Setfacl
-M: Set
U:uid:perm
G:gid:perm
D:u:uid:perm
D:g:gid:perm
Sets the default Access control list for a directory. This means that the newly created file in this directory will automatically inherit the Access control list permissions of the directory.
Setfacl-m U:HADOOP:RW Inittab
-X: Cancel
U:uid
G:gid
Setfacl-x U:hadoop Inittab
--mask:
under Hadoop users [[email protected] tmp]$ echo 123 >> Inittab -bash:inittab:permission denied under root user [[email protected] tmp] # setfacl -m u:hadoop:rw inittab[[email protected] tmp]# getfacl inittab#
file : inittab# owner:root# Group:rootuser :: RW -user:HADOOP:RW - group::r --MASK::RW -other::r --
After you add ACL permissions
-rw-rw-r--+ 1 root root 495 July 19:06 Inittab
Echo 123 >>Tail -3Ln -sf/lib/systemd/system/<target name>.target/etc/systemd/system/default.target#123
Allow all users in the Developteam group to have read and write access to Testfile
mkdirfile: testfile# owner:root# group:rootuser::rwxgroup::r-xother::r- -m g:developteam:rw testfile[[email protected] tmp]# getfacl testfile/file: testfile/# owner:root# group:rootuser::rwxgroup::r-xgroup:developteam:rw- mask::rwxother::r-X
User Access file permissions apply order the user process is matched as follows:
Owner--Group--> Other
Owner----facl,user--Facl,group
Linux file system access control List (FACL)