ACL
##### #文件的访问控制 (ACL) ########
###############################
*********acl definition: ***********
Definition: Specifies that special users have special permissions on certain files
-rw-r--r--+ 1 root root 0 Jul 14:02 file1
here + means to open the table, when there is a +, the file's normal permissions expire, need to Getfacl view Ugo permissions
Getfacl file1
# File:file1 #文件名
# Owner:root #文件拥有者
# Group:root #所属组
user::rw-#文件拥有者权限
USER:LEO:RWX #特殊用户权限
group::r--#组权限
group:caiwu:r--#特殊组权限
Mask::rwx #权限掩码 (means permission cannot be exceeded here)
other::r--#其他人权限
Note: When the table is opened-rw-r--r--+ 1 normal permissions do not take effect, only mask will affect the user's permissions
**********acl Operation ***************
Getfacl Fire|dir #查看acl表格
Setfacl-m u: User: rwx file|dir #添加特殊用户
Setfacl-m g: Group: rwx File|dir #添加特殊组
Setfacl-x u: User file|dir #删除特殊用户
Setfacl-x g: Group File|dir #删除特殊组
Setfacl-b File|dir #删除acl表格
*********mask Permission Mask ***********
1.mask Permission Mask
Mask is used to give the user maximum privileges
Getfacl file
# File:file
# Owner:root
# Group:jishu
User::rwx
User:student:r-x #effective: r--# # #因为mask为r, so here the maximum permission is R
group::r--
mask::r--
Other::rwx
Can be corrupted when you change file normal permissions with chmod
Repair
Setfacl-m m:rwx file name
********acl default Permissions ************
When we need a directory for student writable, and the new subdirectory in the directory to student can also be written
The default default permissions must be set
Note: The default permissions are only valid for newly created files or directories in the directory, not for the files already created, or for the directory itself
>>>setfacl-m d:u:student:rwx hhh/#给hhh/default Permission object is student
>>>>getfacl hhh/#查看给后的权限
# file:hhh/
# Owner:root
# Group:root
User::rwx
User:student:rwx
Group::r-x
Mask::rwx
Other::r-x
Default:user::rwx#此处代表文件有了默认权限
Default:user:student:rwx
Default:group::r-x
Default:mask::rwx
Default:other::r-x
>>>touch HHH/PPPTest establishes PPP in hhh/also has default permissions
>>>getfacl ppp/
# file:ppp/
# Owner:root
# Group:root
User::rwx
User:student:rwx
Group::r-x
Mask::rwx
Other::r-x
Default:user::rwx
Default:user:student:rwx
Default:group::r-x
Default:mask::rwx
Default:other::r-x
Linux ACL access control list system collation