Linux file system access control List (FACL)

Source: Internet
Author: User

Facl:filesystem Acess Control List

Linux (and other POSIX-compatible operating systems such as UNIX) has a permission-control method called access control lists (ACLs), which is a universal paradigm outside of the allocation of permissions. For example, by default you need to confirm 3 permission groups: Owner, group, and other. Instead of using ACLs to save additional access control with file extension attributes, you can add permissions to other users or groups, not just simple "other" or groups that the owner does not exist. You can allow the specified users A, B, and C to have write permissions instead of having their entire group write permissions.

ACLs support a variety of Linux file systems, including Ext2, Ext3, Ext4, XFS, BTFRS, etc. If you are unsure whether your file system supports ACLs, refer to the documentation.

Scene: Tom,jerry two users, Tom create a file in a common directory, just want Jerry to be able to access it, and edit the change save. File sharing between users.

Installing the ACL management tool

In Centos/fedora/rhel:

Yum Install ACL

In Ubuntu/debian:

sudo Install ACL

After the installation ACL is complete, we need to activate the ACL function of our disk partition so that we can use it.

First, we check to see if the ACL function is turned on.

Vim/etc/fstab

View to/boot does not have ACL enabled and adds an ACL tag before the option to turn on the ACL's partition.

eg.

The base ACL is managed by two commands:setfacl is used to add or modify ACLs, andGetfacl is used to display ACLs that are allocated.

Getfacl

CP /etc/lsinittab  Project  file: inittab# owner:root# GROUP:ROOTUSER::RW-group::r--other::r--

Setfacl
-M: Set
U:uid:perm
G:gid:perm

D:u:uid:perm
D:g:gid:perm

Sets the default Access control list for a directory. This means that the newly created file in this directory will automatically inherit the Access control list permissions of the directory.
Setfacl-m U:HADOOP:RW Inittab
-X: Cancel
U:uid
G:gid
Setfacl-x U:hadoop Inittab

--mask:

  under Hadoop users [[email protected] tmp]$  echo  123  >> Inittab -bash:inittab:permission denied under root user [[email protected] tmp] # setfacl -m u:hadoop:rw inittab[[email protected] tmp]# getfacl inittab# 
     file  : inittab# owner:root# Group:rootuser :: RW -user:HADOOP:RW   - group::r --MASK::RW -other::r -- 
After you add ACL permissions

-rw-rw-r--+ 1 root root 495 July 19:06 Inittab

Echo 123 >>Tail -3Ln -sf/lib/systemd/system/<target name>.target/etc/systemd/system/default.target#123

Allow all users in the Developteam group to have read and write access to Testfile

mkdirfile: testfile# owner:root# group:rootuser::rwxgroup::r-xother::r-  -m g:developteam:rw testfile[[email protected] tmp]# getfacl testfile/file: testfile/# owner:root# group:rootuser::rwxgroup::r-xgroup:developteam:rw-  mask::rwxother::r-X

User Access file permissions apply order the user process is matched as follows:
Owner--Group--> Other
Owner----facl,user--Facl,group

Linux file system access control List (FACL)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.