Use of the file control list commands setfacl and getfacl

The following requirements apply to the use of the file control list commands setfacl and getfacl. the setfacl command can be used to enable a group of users to write, read, and execute, while a group of users to write and execute, another group of users can only read linux rwxoracle wxuplook r. Step 2: add six users linux01, linux02, oracle01, oracle02, uplook01, uplook02 [plain] [root @ serv01 learning] # useradd linux01 [root @ serv01 learning] # useradd linux02 [root @ serv01 learning] # useradd oracle01 [root @ serv01 learning] # useradd oracle02 [root @ serv01 learning] # useradd uplook01 [root @ serv01 lear Ning] # useradd uplook02 Step 2 set the password [plain] [root @ serv01 learning] # passwd linux01 [root @ serv01 learning] # passwd linux02 [root @ serv01 learning] # passwd oracle01 [root @ serv01 learning] # passwd oracle02 [root @ serv01 learning] # passwd uplook01 [root @ serv01 learning] # add three groups of oracle, linux, and uplook [plain] [root @ serv01 learning] # groupadd oracle [root @ serv01 learning] # groupadd linux [root @ Serv01 learning] # groupadd uplook Step 4 view the permissions of the data Directory [plain] [root @ serv01 learning] # ll data-d drwxr-xr-x. 2 root 4096 Sep 20 23: 31 data Step 5 implementation function '[plain] [root @ serv01 learning] # setfacl-m u: linux01: rwx data/[root @ serv01 learning] # setfacl-m u: linux02: rwx data/[root @ serv01 learning] # setfacl-m u: oracle01: rwx data/[root @ serv01 learning] # setfacl-m u: oracle02: rwx data/[root @ serv01 learning] # Setfacl-m u: oracle01: wx data/[root @ serv01 learning] # setfacl-m u: oracle02: wx data/[root @ serv01 learning] # setfacl-m u: uplook01: r data/[root @ serv01 learning] # setfacl-m u: uplook02: r data/# View data directory permissions [root @ serv01 learning] # getfacl data # file: data # owner: root # group: root user: rwx user: linux01: rwx user: linux02: rwx user: oracle01:-wx user: oracle02:-wx user: uplook01: r -- user: uplook02: r -- Group: r-x mask: rwx other :: r-x # view the permissions of the data Directory again [root @ serv01 learning] # ll data/-d drwxrwxr-x + 2 root 4096 Sep 20 data/step 6 verification [plain] # Log On As A linux01 user, found to be writable to the data DIRECTORY, readable, executable [root @ larrywen/] # ssh linux01@192.168.1.11 linux01@192.168.1.11's password: welcome to zhink learn [linux01 @ serv01 learning] $ cd data [linux01 @ serv01 data] $ ll total 0 [linux01 @ serv01 data] $ touch file [linux01 @ serv01 Data] $ ls file # oracle01 user login, found that the data directory can be written, executable, no read permission [root @ larrywen/] # sshoracle01@192.168.1.11 [oracle01 @ serv01 ~] $ Cd/home/learning/data/[oracle01 @ serv01 data] $ ll ls: cannot open directory.: Permissiondenied [oracle01 @ serv01 data] $ touch file2 [oracle01 @ serv01 data] $ rm-f file2 # Log On As an uplook01 user, found the permission to read the data directory value [root @ larrywen/] # sshuplook01@192.168.1.11 uplook01@192.168.1.11's password: Welcome to zhink learn [uplook01 @ serv01 ~] $ Cd/home/learning/data-bash: cd:/home/learning/data: Permissiondenied [uplook01 @ serv01 ~] $ Cat/home/learning/data/test.txt cat:/home/learning/data/test.txt: Permission denied [uplook01 @ serv01 ~] $ Ls/home/learning/data/ls: cannot access/home/learning/data/file: Permission denied ls: cannot access/home/learning/data/test.txt: permission denied file test.txt Step 7 assign permissions in group form [plain] # modify the Six users created to the corresponding group, such as linux01 and linux02 to the linux Group, similarly, [root @ serv01 learning] # usermod-g linuxlinux01 [root @ serv01 learning] # usermod-g linuxlinux02 [root @ serv01 learning] # usermod-g oracleoracle01 [root @ serv01 learning] # usermod-g oracleoracle02 [root @ serv01 learning] # usermod-g uplookuplook01 [root @ serv01 learning] # usermod-g uplookuplookuplook02 # assign permissions in groups [root @ serv01 learning] # setfacl-mg: linux: rwx data/[root @ serv01 learning] # setfacl-m g: oracle: wxdata/[root @ serv01 learning] # setfacl-mg: uplook: r data/[root @ serv01 learning] # getfacl data # file: data # owner: root # group: root user: rwx user: linux01: rwx user: linux02: rwx user: oracle01:-wx user: oracle02:-wx user: uplook01: r -- user: uplook02: r -- group: r-x group: oracle:-wx group: linux: rwx group: uplook: r -- mask: rwx other :: other use methods of r-x 3 setfacl [plain] # obtain file Permission control [root @ serv01 learning] # getfacl data # file: data # owner: root # group: root user:: rwx user: linux01: rwx user: linux02: rwx user: oracle01:-wx user: oracle02:-wx user: uplook01: r -- user: uplook02: r -- group :: r-x group: oracle:-wx group: linux: rwx group: uplook: r -- mask: rwx other :: r-x # modify the mask m parameter [root @ serv01 learning] # setfacl-m: rdata/[root @ serv01 learning] # getfacl data # file: data # owner: root # group: root user: rwx user: linux01: rwx # valid tive: r -- user: linux02: rwx # valid tive: r -- user: oracle01:-wx # valid tive: --- user: oracle02:-wx # valid tive: --- user: uplook01: r -- user: uplook02: r -- group: r-x # valid tive: r -- group: oracle: -wx # valid tive: --- group: linux: rwx # valid tive: r -- group: uplook: r -- mask: r -- other :: r-x # Set the m parameter of the mask value [root @ serv01 learning] # setfacl-m: rwxdata/[root @ serv01 learning] # getfacl data/# file: data/# owner: root # group: root user: rwx user: linux01: rwx user: linux02: rwx user: oracle01:-wx user: oracle02:-wx user: uplook01: r -- user: uplook02: r -- group: r-x group: oracle:-wx group: linux: rwx group: uplook: r -- mask: rwx other :: r-x # revoke permissions-x [root @ serv01 learning] # setfacl-x g: linuxdata/[root @ serv01 learning] # getfacl data/# file: data/# owner: root # group: root user: rwx user: linux01: rwx user: linux02: rwx user: oracle01:-wx user: oracle02:-wx user: uplook01: r -- user: uplook02: r -- group: r-x group: oracle:-wx group: uplook: r -- mask: rwx other :: r-x # Remove all file Permission control-B [root @ serv01 learning] # setfacl-B data/[root @ serv01 learning] # getfacl data/# file: data/# owner: root # group: root user: rwx group: r-x other: r-x setfacl-m ug: user group: rwx data/setfacl-m: rwx data/setfacl-x ug: user group data/setfacl-B data/getfacl data/# The File Permission can be copied, use getfacl and setfacl to control [root @ larrywen soft] # setfacl -- help setfacl 2.2.49 -- set file access controllists Usage: setfacl [-bkndRLP] {-m |-M |-x |-X ...} file... -m, -- modify = acl modify the currentACL (s) of file (s)-M, -- modify-file = file read ACL entries tomodify from file-x, -- remove = acl remove entries fromthe ACL (s) of file (s)-X, -- remove-file = file read ACL entries toremove from file-B, -- remove-all remove all extendedACL entries-k, -- remove-default remove the defaultACL -- set = acl set the ACL offile (s ), replacing the current ACL -- set-file = file read ACLentries to set from file -- mask do recalculatethe valid tive rights mask-n, -- no-mask don't recalculate theeffective rights mask-d, -- default operations apply tothe default ACL-R, -- recursive recurse implements subdirectories-L, -- logical walk, followsymbolic links-P, -- physical walk, do notfollow symbolic links -- restore = file restore ACLs (inverse of 'getfacl-R') -- test mode (ACLs are not modified)-v, -- version print version andexit-h, -- help this help text [root @ serv01 test] # touch aa01.txt [root @ serv01 test] # getfacl aa01.txt # file: aa01.txt # owner: root # group: root user :: rw-group: r -- other: r -- [root @ serv01 test] # setfacl-m g: linux: rwxaa01.txt [root @ serv01 test] # getfacl aa01.txt # file: aa01.txt # owner: root # group: root user: rw-group: r -- group: linux: rwx mask: rwx other :: r -- [root @ serv01 test] # touch bb01.txt [root @ serv01 test] # getfacl bb01.txt # file: bb01.txt # owner: root # group: root user: rw-group :: r -- other: r -- [root @ serv01 test] # getfacl aa01.txt | setfacl -- set-file =-bb01.txt [root @ serv01 test] # getfacl bb01.txt # file: bb01.txt # owner: root # group: root user: rw-group: r -- group: linux: rwx mask: rwx other: r --