Use LinuxACL to set the send group permission

Not every Linux administrator knows how to deploy the access control table ACL on the file system to enhance permissions. This situation should change. Under the Basic Linux permission topic, permissions are assigned to the file owner and all file groups. Each file and directory on Linux has

Not every Linux administrator knows how to deploy the access control table ACL on the file system to enhance permissions. This situation should change.

Under the Basic Linux permission topic, permissions are assigned to the file owner and all file groups. Each file and directory on Linux has a user owner and group owner. Each Linux administrator can call the current owner list and use the ls-l command listed in Table 1 to assign permissions to them:

Table 1: display the current permission assignment in the current Linux system

 
 

  
  
Sanders-computer:~ sandervanvugt$ ls -l 
  
  
total 24 
  
  
drwx------+ 13 sandervanvugt staff  442 Oct 20 20:17 Desktop 
  
  
drwx------+ 103 sandervanvugt staff 3502 Oct 21 08:37 Documents 
  
  
drwx------+ 289 sandervanvugt staff 9826 Oct 21 10:05 Downloads 
  
  
drwx------@ 51 sandervanvugt staff 1734 Sep 22 16:31 Library 
  
  
drwx------+ 29 sandervanvugt staff  986 Oct 9 07:59 Movies 
  
  
drwx------+  5 sandervanvugt staff  170 May 21 23:19 Music 
  
  
drwx------+ 24 sandervanvugt staff  816 Sep 19 22:21 Pictures 
  
  
drwxr-xr-x+  4 sandervanvugt staff  136 Apr 12 2013 Public 
  
  
drwxr-xr-x  3 sandervanvugt staff  102 Sep 22 16:31 Samsung 
  
  
-rwxr-xr-x  1 sandervanvugt staff  324 Sep 23 11:51 bart1 
  
  
-rw-r--r--  1 sandervanvugt staff  148 Aug 14 13:12 rekenprogrammaLOG 
  
  
-rwxr-xr-x  1 sandervanvugt staff  607 Jul 3 16:59 script3 
 
 

If only one owner or group is needed on the file, the default Linux permission scheme is also supported.

However, if you want to provide users in a group with control over files, the users in another group only need to read files, and others are not allowed to access files, the default permissions will not help, in this case, you need an ACL.

Linux ACL is used to find the owner of a file. Multiple users can have permissions with multiple groups. You can also set the default access control list to apply the default permissions to the new terms created in the directory.

The setfacl command uses ACL to set permissions. In Linux, the getfacl command in Table 2 shows the current ACL allocation.

It is easy to apply for permissions. For example, a Linux administrator can use setfacl-R-m g: sales: rx/groups/account to access all files in directory/groups/account.

In this command, option-R is used to pass the ACL back to all existing terms in directory/groups/account. Option-m is used to change the ACL. g indicates the group, followed by the group name and assigned permissions.

Table 2: how to use getfacl to display Linux ACL permissions

 
 

  
  
[root@tls groups]# getfacl account/ 
  
  
# file: account/ 
  
  
# owner: root 
  
  
# group: account 
  
  
user::rwx 
  
  
group::rwx 
  
  
group:sales:r-x 
  
  
mask::rwx 
  
  
other::--- 
 
 

Do not worry about the black screen because of the getfacl command. this is automatically changed.

Default Linux ACL

The Linux ACL command sets permissions on the current file, but does not automatically do anything on the new file. Generally, if an administrator uses an ACL in a directory, they also want to apply the ACL to all new files created in the directory. This is the default ACL privilege.

Adding the default ACL is as simple as using the setfacl command before the Add option to copy. To assign permissions to all new files in the directory, deploy the following command:

 
 

  
  
setfacl -m d:g:sales:rx /groups/account 
 
 

You can also use getfacl to check the current default ACL settings, as shown in Table 3:

Table 3: Check the default Linux ACL allocation

 
 

  
  
[root@tls groups]# getfacl account/ 
  
  
# file: account/ 
  
  
# owner: root 
  
  
# group: account 
  
  
user::rwx 
  
  
group::rwx 
  
  
group:sales:r-x 
  
  
mask::rwx 
  
  
other::--- 
  
  
default:user::rwx 
  
  
default:group::rwx 
  
  
default:group:sales:r-x 
  
  
default:mask::rwx 
  
  
default:other::--- 
 
 

Once the default ACL is set, the new permission applies to all the terms created in the directory.