Basic ACL settings for Red Hat Linux 7
1. ACL introduction:
The Access Control List (ACL) is the command List of the vro and vswitch interfaces. It is used to Control incoming and outgoing packets on the port. ACL applies to all routing protocols, such as IP, IPX, and AppleTalk.
2. How to view the permission list:
[Bkjia @ foundation2 Desktop] $ ls-l file
-Rw-r --. 1 root kiosk 0 Nov 7 09:19 file
If this parameter is set to ".", it indicates that this user does not have the permission list.
If this parameter is set to "+", the permission list exists.
First, add the permission list to the file.
And the ll command shows that the permission list is available.
You can use the getfacl command to view more detailed permissions.
[Root @ localhost Desktop] # setfacl-m u: student: rwx file
[Root @ localhost Desktop] # ll
Total 4
-Rw-rwxr -- + 1 root 0 Nov 9 11: 11 file
[Root @ localhost Desktop] # getfa
Getfacl getfattr
[Root @ localhost Desktop] # getfacl file
# File: file
# Owner: root
# Group: root
User: rw-
User: student: rwx
Group: r --
Mask: rwx
Other: r --
So what are these representatives?
[Root @ localhost Desktop] $ getfacl file
# File: file name
# Owner: root file owner
# Group: all groups of kiosk files
User: rw-file user permission
User: student: specific user permissions of the rwx File
Group: rw-all group Permissions
Mask: The maximum permission for a specific rwx user to take effect.
Other: r -- others' Permissions
3. How to Set acl Permissions
There is a set method, so the following is a summary of some of my set methods
Setfacl-m <u | g | m >:< username | groupname>: Permission filename acl setting method
Setfacl-B filname: delete the file permission list. All files are deleted at once, and no + number is available.
Setfacl-x <u | g>: <username | groupname> filename deletes a specific user or group with a specific permission
Iv. Default acl Permissions
The default permission is used by the Directory to grant this permission to all new files in the directory.
Setfacl-m d: <u | g | o >:< username | group>: rwx directory
Set the default permission. This permission does not take effect on the directory itself and only applies to the content (newly created)
[Root @ localhost/] # mkdir/xp
[Root @ localhost/] # setfacl-m d: u: student: rwx/xp
[Root @ localhost/] # getfacl/xp
Getfacl: Removing leading '/' from absolute path names
# File: xp
# Owner: root
# Group: root
User: rwx
Group: r-x
Other: r-x
Default: user: rwx
Default: user: student: rwx
Default: group: r-x
Default: mask: rwx
Default: other: r-x
[Root @ localhost xp] # touch file
[Root @ localhost xp] # ll
Total 4
-Rw-r -- + 1 root 0 Nov 9 15:25 file
[Root @ localhost xp] # cat file
[Root @ localhost xp] #
The above shows that other has only r permissions for it.
Next, we will use the student user to check whether the permission has been set just now (Remember, the file created only after the permission is added)
[Root @ localhost xp] # su-student
Last login: Mon Nov 9 15:24:51 EST 2015 on pts/0
[Student @ localhost ~] $ Cd/xp
[Student @ localhost xp] $ echo hello, world> file
[Student @ localhost xp] $ cat file
Hello, world
The operation is successful, but it only works for the newly created file. The previous operations are not affected.
Setfacl-x d: <u | g | o >:< username | group> directory
Revoking a default permission in the directory
Setfacl-B directory
Delete A File Permission list
[Root @ localhost xp] # setfacl-x d: u: student file
[Root @ localhost xp] # getfacl file
# File: file
# Owner: root
# Group: root
User: rw-
User: student: rwx # valid tive: rw-
Group: r-x # valid tive: r --
Mask: rw-
Other: r --
[Root @ localhost xp] # setfacl-B file
[Root @ localhost xp] # ll
Total 4
-Rw-r --. 1 root 12 Nov 9 :30 file