Article Title: Linux File System ACLs permission Control. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
The Linux File System provides the rwx permissions defined by the owner, owning group, and other users (other) for each type of users, and they are independent of each other. Although Linux supports the Special File Permission function of Linux, the permission control should be precise to users and groups like in Windows (for example, a file can be modified by a special user, allows a group of users to view and so on) as flexible, these are obviously not enough. Fortunately, Linux also supports ACLs permission control. In Linux, ACLs is supported in file systems such as ReiserFS, Ext2, Ext3, JFS, and XFS.
Modify the file ACL: setfacl-m u: tux: rw file allows tux to Read and Write file files.
View file ACL: getfacl file
When you use the ls-l command to view the ACL file, there will be a "+" next to it, and the group permission will change (the ACL mask permission is used ).
After an ACL is used for a file, the permission role has the following types:
Minimize ACL:
Owning user
Owning group
Other
Extended ACL:
It can contain several objects: named user (set the access permissions of individual users) and named group (set the access permissions of individual groups)
Include a mask (restrict named users and named groups permissions)
Example:
Owner user: rwx
Named user: name: rwx
Owning group: rwx
Named group: nam e: rwx
Mask: rwx
Other: rwx
Permissions defined in owner and other are always valid. other permissions may be valid or hidden.
Whether the value of the named user and named group takes effect depends on the value and the value of the mask. That is, the value must have this permission to take effect.
The value of the mask is generally the same as that of the owning group. You can modify the value of the owning group to modify the mask.
Example:
Linux-canbeing:/home/canbeing/temp # getfacl my
# File: my
# Owner: canbeing
# Group: users
User: rw-
User: canbeing: rwx # invalid tive: r-x w does not take effect
Group: r --
Mask: r-x
Other: r --
The sub-directory inherits the ACL of the parent directory.
If the parent directory has an ACL, the default permission for creating a new file or folder is not calculated based on umask, but inherited or based on command parameters.
Use setfacl-d-m u: canbeing: rw/tmp/acl_test/to grant this permission to sub-directories and files (the permission starts with default)
Linux-canbeing:/tmp/acl_test # getfacl/tmp/acl_test/
Getfacl: Removing leading '/' from absolute path names
# File: tmp/acl_test/
# Owner: root
# Group: root
User: rwx
User: canbeing: rwx
Group ::---
Mask: rwx
Other ::---
Default: user: rwx
Default: user: canbeing: rw-
Default: group ::---
Default: mask: rw-
Default: other ::---