Linux under ACL detailed

1. What is an ACL

ACLs are the main purpose of access Control List to provide specific permission settings other than the traditional owner,group,others Read,write,execute permissions

ACLs can be r,w,x for a single user, a single file, or a directory, and may help in situations where special permissions are required.

For example, a file that does not allow a single user to access it. Or just let a user access

2. Use of ACLS

ACLs use two commands to manipulate them
Getfacl: Viewing ACL settings for a file/directory
Setfacl: Setting ACL settings for a file/directory

Use of 2.1 Getfacl

Getfacl: Viewing ACL settings for a file/directory

Getfacl + path to file or directory

Use of 2.2 Setfacl

Setfacl: Setting ACL settings for a file/directory

-M: Set subsequent ACL parameters (set additional ACLs)
-x: Remove subsequent ACL parameters (remove additional ACLs)
-B: Remove all ACL parameters
-K: Remove default ACL parameters
-R: Recursively set ACLs, including subdirectories
-D: Set default ACL

3. Configuring ACLs for Files

Problem:

Oldboy.txt file wants Oldboy user to have read and write access to this file

www user can only read other users do not have permissions

Oldboy.txt

3.1 Creating an environment

Create three test users first [email protected]-50 Oldboy]#Useradd Oldboy[[email protected] Oldboy]#Useradd www[[email protected] Oldboy]#Useradd LH[[email protected] Oldboy]#touch oldboy.txt creating test Files[[email protected] Oldboy]#ll oldboy.txt View default permissions-rw-r--r--1 root root 0 8 19:42Oldboy.txt[[email protected]-50 Oldboy]#getfacl oldboy.txt view ACL permissions#File:oldboy.txt#Owner:root#Group:rootuser::rw-Group::r--Other::r--

3.2 Configuring other users without permissions

chmod 640 Oldboy.txt reach other users do not have permission LH here represents the other user  so use LH user test

[[email protected] Oldboy]#chmod 640 oldboy.txt Change permissions to another user without permission[[email protected] Oldboy]#ll Oldboy.txt Check has been modified-rw-r-----1 root root 0 8 19:42oldboy.txt Login LH user test [[email protected]-50 ~]$ ll/oldboy/LH User cannot see oldboy.txt this file total20-rw-r--r--1 root root 8 17:09Ett.txt-rw-r-----. 1 root root 292 6 13:51ID.txt-rw-r--r--1 root root 6 13:37Info.txt-rw-r--r--1 root root 6 12:51Nginx.log-rw-r-----1 root root 0 8 19:42OLDBOY.TXTD-wxr-xr-x 2 Oldboy oldboy 4096 7 13:01 test

3.3 Configuring Oldboy Users

Setfacl-m U:OLDBOY:RW Oldboy.txt

-m means configuring additional ACLs  

: RW  means to configure RW (read and Write permission)  

-M U:OLDBOY:RW  so even up here means that the additional Oldboy users are given the RW permission  after configuration can getfacl view

exit to root user to modify Oldboy permissions [[email protected]-50 Oldboy] # setfacl-m U:OLDBOY:RW oldboy.txt [[email protected] Oldboy] #  #  file:oldboy.txt#  owner:root#  group:rootUser:: rw-user:oldboy:rw-group::r--mask::rw-Other::--- into the Oldboy user test  [[email protected]-50 oldboy]$ vim oldboy.txt   can be read can be modified

3.4 Configuring WWW Users

continue to exit to the root user to modify the permissions of www [[email protected]-50 Oldboy]#setfacl-m u:www:r oldboy.txt Modify the permissions of the WWW user to make it readable[[email protected] Oldboy]#Getfacl oldboy.txt#File:oldboy.txt#Owner:root#Group:rootuser::rw-USER:OLDBOY:RW-User:www:r--Group::r--MASK::RW-Other ::---Access to www rights [[email protected]-50 ~]$ vim/oldboy/oldboy.txt use vim to enter edit mode at the bottom will display the red character warning:changing a readonly file (to modify a read-only document) here to complete all

Linux under ACL detailed