Not every Linux administrator knows how to deploy the access control table ACL on the file system to enhance permissions. This situation should change. Under the Basic Linux permission topic, permissions are assigned to the file owner and all file groups. Each file and directory on Linux has
Not every Linux administrator knows how to deploy the access control table ACL on the file system to enhance permissions. This situation should change.
Under the Basic Linux permission topic, permissions are assigned to the file owner and all file groups. Each file and directory on Linux has a user owner and group owner. Each Linux administrator can call the current owner list and use the ls-l command listed in Table 1 to assign permissions to them:
Table 1: display the current permission assignment in the current Linux system
- Sanders-computer:~ sandervanvugt$ ls -l
- total 24
- drwx------+ 13 sandervanvugt staff 442 Oct 20 20:17 Desktop
- drwx------+ 103 sandervanvugt staff 3502 Oct 21 08:37 Documents
- drwx------+ 289 sandervanvugt staff 9826 Oct 21 10:05 Downloads
- drwx------@ 51 sandervanvugt staff 1734 Sep 22 16:31 Library
- drwx------+ 29 sandervanvugt staff 986 Oct 9 07:59 Movies
- drwx------+ 5 sandervanvugt staff 170 May 21 23:19 Music
- drwx------+ 24 sandervanvugt staff 816 Sep 19 22:21 Pictures
- drwxr-xr-x+ 4 sandervanvugt staff 136 Apr 12 2013 Public
- drwxr-xr-x 3 sandervanvugt staff 102 Sep 22 16:31 Samsung
- -rwxr-xr-x 1 sandervanvugt staff 324 Sep 23 11:51 bart1
- -rw-r--r-- 1 sandervanvugt staff 148 Aug 14 13:12 rekenprogrammaLOG
- -rwxr-xr-x 1 sandervanvugt staff 607 Jul 3 16:59 script3
If only one owner or group is needed on the file, the default Linux permission scheme is also supported.
However, if you want to provide users in a group with control over files, the users in another group only need to read files, and others are not allowed to access files, the default permissions will not help, in this case, you need an ACL.
Linux ACL is used to find the owner of a file. Multiple users can have permissions with multiple groups. You can also set the default access control list to apply the default permissions to the new terms created in the directory.
The setfacl command uses ACL to set permissions. In Linux, the getfacl command in Table 2 shows the current ACL allocation.
It is easy to apply for permissions. For example, a Linux administrator can use setfacl-R-m g: sales: rx/groups/account to access all files in directory/groups/account.
In this command, option-R is used to pass the ACL back to all existing terms in directory/groups/account. Option-m is used to change the ACL. g indicates the group, followed by the group name and assigned permissions.
Table 2: how to use getfacl to display Linux ACL permissions
- [root@tls groups]# getfacl account/
- # file: account/
- # owner: root
- # group: account
- user::rwx
- group::rwx
- group:sales:r-x
- mask::rwx
- other::---
Do not worry about the black screen because of the getfacl command. this is automatically changed.
Default Linux ACL
The Linux ACL command sets permissions on the current file, but does not automatically do anything on the new file. Generally, if an administrator uses an ACL in a directory, they also want to apply the ACL to all new files created in the directory. This is the default ACL privilege.
Adding the default ACL is as simple as using the setfacl command before the Add option to copy. To assign permissions to all new files in the directory, deploy the following command:
- setfacl -m d:g:sales:rx /groups/account
You can also use getfacl to check the current default ACL settings, as shown in Table 3:
Table 3: Check the default Linux ACL allocation
- [root@tls groups]# getfacl account/
- # file: account/
- # owner: root
- # group: account
- user::rwx
- group::rwx
- group:sales:r-x
- mask::rwx
- other::---
- default:user::rwx
- default:group::rwx
- default:group:sales:r-x
- default:mask::rwx
- default:other::---
Once the default ACL is set, the new permission applies to all the terms created in the directory.