Linux File System ACLs permission Control

The Linux File System provides the rwx permissions defined by the owner, owning group, and other users (other) for each type of users, and they are independent of each other. Although Linux supports the special file permissions of LinuxPermission control can be precise to users and groups (for example, allowing a file to be modified by a special user and allowing users in a group to view the permissions ).These are obviously not enough. Fortunately, Linux also supports ACLs permission control. In Linux, ACLs is supported in file systems such as ReiserFS, Ext2, Ext3, JFS, and XFS.

Modify the file ACL: setfacl-m u: tux: rw file allows tux to Read and Write file files.
View file ACL: getfacl file

When you use the ls-l command to view the ACL file, there will be a "+" next to it, and the group permission will change (the ACL mask permission is used ).

After an ACL is used for a file, the permission role has the following types:
Minimize ACL:
Owning user
Owning group
Other
Extended ACL:
It can contain several objects: named user (Set access permissions for individual users), Named group (Set access permissions for individual groups)
Contains a mask (Restrict named users and named groups Permissions)

Example:
OwnerUser: rwx
Named userUser: name: rwx
Owning groupGroup: rwx
Named groupGroup: nam e: rwx
MaskMask: rwx
OtherOther: rwx

Permissions defined in owner and other are always valid. other permissions may be valid or hidden.
Check whether the values of named user and named group take effect.The value corresponds to the "and" value of the mask.That is, the mask must have this permission to take effect.
The value of the mask is generally the same as that of the owning group.You can modify the value of the owning group to modify the mask.
Example:
Linux-canbeing:/home/canbeing/temp # getfacl my
# File: my
# Owner: canbeing
# Group: users
User: rw-
User: canbeing: rwx # valid tive: r-xW does not take effect
Group: r --
Mask: r-x
Other: r --

The sub-directory inherits the ACL of the parent directory.
If the parent directory has an ACL, the default permission for creating a new file or folder is not calculated based on umask, but inherited or based on command parameters.
Use setfacl-d-m u: canbeing: rw/tmp/acl_test/to grant this permission to sub-directories and files (the permission starts with default)
Linux-canbeing:/tmp/acl_test # getfacl/tmp/acl_test/
Getfacl: Removing leading '/' from absolute path names
# File: tmp/acl_test/
# Owner: root
# Group: root
User: rwx
User: canbeing: rwx
Group ::---
Mask: rwx
Other ::---
Default: user: rwx
Default: user: canbeing: rw-
Default: group ::---
Default: mask: rw-
Default: other ::---

Article from: http://www.cnblogs.com/flashlm/