Setfacl: Set permissions for a specific directory

The existing Directory is shared by virtual machines and Linux, but no permission is found for each file created by calling a program.

Therefore, specifying the file or directory created in a specific directory and its sub-Directories gives the user qhfz the permission to read and write.

-R indicates recursion.-M indicates setting File ACL rules.

Setfacl-r-m D: U: qhfz: rwx/data2/resourcecase

Setfacl-r-m D: U: resourcecase: rwx/data2/resourcecase

-- Use-B to delete an ACL rule

Setfacl-r-B/data2/resourcecase

The above D: U: See the following for details, and perms corresponds to rwx:

The setfacl command can identify the following rule formats.

[D [efault]:] [U [SER]:] uid [: perms]

Specifies the permissions of the user and the permissions of the file owner (if the UID is not specified ).

[D [efault]:] G [roup]: GID [: perms]

Permission of the specified group. permissions of all groups in the file (if the GID is not specified)

[D [efault]:] M [ask] [:] [: perms]

Valid Permission mask

[D [efault]:] O [ther] [: perms]

# The perms domain is a combination of letters representing various permissions: Read: R write: W execution: X. The execution is only applicable to directories and some executable files. The perms domain can also be set to the octal format 0 ~ 7.

# Other Permissions

Usage: setfacl [-bkndrlp] {-M |-x |-X...} file... #-M |-x

-M, -- modify = ACL modify the current ACL (s) of file (s) # Set File ACL rules

-M, -- modify-file = File Read ACL entries to modify from file # change the access control list entry from the file

-X, -- remove = ACL Remove entries from the ACL (s) of file (s) # delete an object ACL rule

-X, -- remove-file = file readacl entries to remove from file # Read and delete access control list entries from files

-B, -- remove-all remove all extended ACL entries # delete all extended ACL rules. The basic ACL rules (owner, group, and others) are retained.

-K, -- remove-default remove the defaultacl # Delete the default ACL rule. If no default rule exists, no prompt is displayed.

-- Set = ACL set the ACL of file (s), replacing the current ACL.

-- Set-file = file readacl entries toset from file # Read from the file to set ACL rules.

-- Mask dorecalculate the valid tive rights mask # recalculate valid permissions, even if the ACL mask is explicitly specified.

-N, -- no-mask don 'trecalculate the valid tive rights mask # Do not recalculate valid permissions. By default, setfacl recalculates the ACL mask unless it is explicitly specified.

-D, -- default operations apply tothe defaacl ACL # sets the default ACL rule for the directory.

-R, -- Recursive recurse into subdirectories # recursively operate all files and directories.

-L, -- Logical logical walk, follow symbolic links # Trace symbolic links. By default, only symbolic link files are tracked and the symbolic link directory is skipped.

-P, -- physical walk, donotfollow symbolic links # Skip all symbolic links, including symbolic link files.

-- Restore = file restore ACLs (inverse of 'getfacl-R') # restore the backup ACL rules from the file (these files can be generated by getfacl-R ). This mechanism can be used to restore the ACL rules of the entire directory tree. This parameter cannot be executed with any other parameter except -- test.

-- Test testmode (ACLs are notmodified) # The test mode does not change the ACL rules of any files. The ACL specifications after the operation are listed.

-V, -- version print version andexit # version.

-H, -- help thishelp text # Needless to say, it must be helpful.

When the-M and-x options are used to read rules from files, setfacl accepts the format output by the getfacl command. Each row contains at least one rule. Rows starting with # are considered as comments.

Setfacl: Set permissions for a specific directory