7th Chapter Rights Management (1) _ACL permissions

1. ACL Permissions

1.1 ACL Permissions Introduction and opening

(1) Introduction toACL permissions

①ACL is an abbreviation for Access Control list, and the main purpose is to provide local permission settings outside of the traditional owner,group,others Read,write,execute permissions. ACLs can be r,w,x for individual users, individual files, or directories , especially for use where special permissions are required.

② simply,an ACL is a way to set permissions on a file/directory for a specific user or group of users . (That is, assign the permissions of the file or directory to specific users or groups)

(2) to see if the partition ACL permission is turned on

#DF/// DF View current all partitions  grepmount options:    user_xattr ACL this, This indicates that the default partition is to support ACL permissions. Note that the-H option means that only the Super block information is displayed, not the details of the disk block group.

(3) Temporarily open partition ACL permissions

#mount-O remount,acl/dev/sda1 (re-mount the root partition and mount the Add ACL permission)

(4) Permanently turn on partition ACL permissions

#VI /etc/fstabuuid=uuid=71c20ba0-490011#Mount -O REMOUNT,ACL/DEV/SDA1  (re-mount the file system or reboot the system for the changes to take effect)

1.2 View and set ACL permissions

1.2.1 View ACL permissions the command

(1) command format:#getfacl file name //view ACL permissions

1.2.2 command to set ACL permissions

(1) command format:setfacl [options] File name

options
< Strong>-m	set ACL permissions
-x	Delete the specified ACL permissions
-b	delete all A CL permissions
-d	set default ACL permissions
-k	delete default ACL permissions
-r	recursive set ACL permissions

(2) Application examples

[[Email protected] ~]# useradd zhangsan[[email protected]~]# useradd lisi[[email protected]~]# useradd st[[email protected]~]# groupadd tgroup[[email protected]~]#mkdir/tmp/Project[[email protected]~]#Chownroot:tgroup/project/[[Email protected]~]#Chownroot:tgroup/tmp/Project[[email protected]~]#chmod 770/tmp/project//0 indicates that no other user has any permissions on the directory[[Email protected]~]# setfacl-m U:st:rx/tmp/project//The St user has the RX permission to the/tmp/project, can be viewed through ll–d/tmp/project, and a "+" sign after the directory permission, indicating that the directory has ACL permissions set. The specific ACL permission settings can be viewed through Getfacl (where-m means setting ACL permissions, u means setting permissions on the user to access the directory, G means setting ACL permissions on the user group, M is setting the maximum effective permission mask)[[Email protected]~]# Getfacl/tmp/project//view ACL permissions for/tmp/projectgetfacl:removing Leading'/'From absolute path names#file: tmp/project# owner:root# group:tgroupuser::rwxuser:st:r-Xgroup::rwxmask::rwxother::---

1.3 maximum effective permissions and remove ACL permissions

1.3.1 Maximum effective permission mask

(1) Mask permission:

The ① is used to specify the maximum effective permissions. If the user is given ACL permissions, does not mean that the user has this permission, but need and mask permission "phase" to get the user 's true permissions .

② only affects ACL permissions and the owning group permissions, but does not affect owner permissions .

(2) Modify Mask permission: #setfacl –m m:rx/tmp/project/

1.3.2 Remove ACL permissions

(1) Remove ACL permissions for the specified user: #setfacl –x u: User name File name

(2) Remove ACL permissions for the specified user group: #setfacl –x G: Group name File name

(3) Remove all ACL permissions for file: #setfacl –b file name

1.4 default ACL permissions and recursive ACL permissions

1.4.1 recursive ACL permissions

(1) recursion is the parent directory When you set ACL permissions, all sub-files and subdirectories also have the same ACL permissions .

(2) Format:#setfacl –m u: user name: Permissions –R directory name (note that the command can only follow the directory name , because there is no more files or directories under the file, there is no recursion problem.) ）

(3) Precautions:

① the recursive settings here only set ACL settings on an existing file or directory , and after the Setfacl command is executed, the newly created sub-file or subdirectory does not automatically have this ACL permission.

② to have ACL permissions automatically for new sub-files or directories, add "D" to set the default ACL permissions for the parent directory ( see example below ).

1.4.2 default ACL permissions

(1) The effect of default ACL permissions is that if ACL permissions are set on the parent directory, all new child files in the parent directory inherit ACL permissions from the parent directory.

(2) command format:#setfacl –m D:u: user name: Permission directory name (where D means default)

(3) Note: The default ACL permissions only work on the directory, and no files do not work . Because files or directories can be created under the directory, but not under the file.

7th Chapter Rights Management (1) _ACL permissions