Linux File System ACLs permission Control

Article Title: Linux File System ACLs permission Control. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The Linux File System provides the rwx permissions defined by the owner, owning group, and other users (other) for each type of users, and they are independent of each other. Although Linux supports the Special File Permission function of Linux, the permission control should be precise to users and groups like in Windows (for example, a file can be modified by a special user, allows a group of users to view and so on) as flexible, these are obviously not enough. Fortunately, Linux also supports ACLs permission control. In Linux, ACLs is supported in file systems such as ReiserFS, Ext2, Ext3, JFS, and XFS.

Modify the file ACL: setfacl-m u: tux: rw file allows tux to Read and Write file files.

View file ACL: getfacl file

When you use the ls-l command to view the ACL file, there will be a "+" next to it, and the group permission will change (the ACL mask permission is used ).

After an ACL is used for a file, the permission role has the following types:

Minimize ACL:

Owning user

Owning group

Other

Extended ACL:

It can contain several objects: named user (set the access permissions of individual users) and named group (set the access permissions of individual groups)

Include a mask (restrict named users and named groups permissions)

Example:

Owner user: rwx

Named user: name: rwx

Owning group: rwx

Named group: nam e: rwx

Mask: rwx

Other: rwx

Permissions defined in owner and other are always valid. other permissions may be valid or hidden.

Whether the value of the named user and named group takes effect depends on the value and the value of the mask. That is, the value must have this permission to take effect.

The value of the mask is generally the same as that of the owning group. You can modify the value of the owning group to modify the mask.

Example:

Linux-canbeing:/home/canbeing/temp # getfacl my

# File: my

# Owner: canbeing

# Group: users

User: rw-

User: canbeing: rwx # invalid tive: r-x w does not take effect

Group: r --

Mask: r-x

Other: r --

The sub-directory inherits the ACL of the parent directory.

If the parent directory has an ACL, the default permission for creating a new file or folder is not calculated based on umask, but inherited or based on command parameters.

Use setfacl-d-m u: canbeing: rw/tmp/acl_test/to grant this permission to sub-directories and files (the permission starts with default)

Linux-canbeing:/tmp/acl_test # getfacl/tmp/acl_test/

Getfacl: Removing leading '/' from absolute path names

# File: tmp/acl_test/

# Owner: root

# Group: root

User: rwx

User: canbeing: rwx

Group ::---

Mask: rwx

Other ::---

Default: user: rwx

Default: user: canbeing: rw-

Default: group ::---

Default: mask: rw-

Default: other ::---