Acl
ACL: An access control list whose primary purpose is to add some "users" to the table and to control the behavior of those users.
Case:
There is a folder that project is created by the root user and has the following permissions on the file drwxrwx--- , and now a new user called John,root users just want John to have a readable executable permission for this folder, However, you do not want to change the original permissions for the file. At this time, Linux provides a user rights management mechanism is not enough, requires ACLs to manage the user, through the ACL we can ignore the directory/file of the original permissions, but directly to a user assigned to a directory/file permissions.
Instructions for use 1. Check if the ACL is turned on
The use of ACLs is related to partitioning, and if you want to see whether ACLs can be used, you need to see if the partition supports ACLs.
- viewing system partitions
- View a partition details dumpe2fs-h/dev/mapper/vg_www-lv_root
Indicates that the partition supports ACLs
- If a partition does not support ACLs, it needs to be re-mounted and assigned permissions
Note: In general, defaults is the one that contains ACL permissions
2. Set ACL permissions
Set permissions on the project folder for user dy
View File Permissions
3. Maximum Effective permission mask
Mask is used to specify the maximum effective permissions. The user's real permissions are given to the user's permissions and mask permissions.
Mask also affects the permissions of the owning group
4. Remove ACL permissions
# setfacl-x u: User name file name//delete permissions for the specified user
# setfacl-x G: Group name File name//delete specified user group
# setfacl-b file name//Remove all ACL permissions
5. Default ACL permissions
The default ACL permissions function is that after the parent directory specifies ACL permissions, all new files/directories created under the parent directory inherit ACL permissions from the parent directory
#setfacl-M D:u: User name: Permission file name
The learning of ACL permissions