Using Facl in a Linux system to implement the owning group that creates a file that inherits the permissions of the parent directory under the directory

Source: Internet
Author: User


In a Linux system, you can use Setfacl to create files or subdirectories under the directory and inherit permissions from the parent directory.


The following root with the ordinary user user1. Under directory/mnt

[[email protected] mnt]# setfacl -m u:user1:rwx share         //add ower = user1&nbsp to the directory, and give rwx  the right root. [[email protected] mnt]# setfacl -d -m  u:user1:rwx share     //adds default ACL permissions for the directory, and the directories and files created under this directory inherit this permission information [[email protected] mnt]#[[email protected]  mnt]#[[email protected] mnt]# getfacl share         //View Share's Facl information # file: share# owner: root# group: rootuser::rwxuser :user1:rwx                             //  at this time User1 can have write permission to share group:: r-xmask::rwxother::r-xdefault:user::rwx                          //the default subdirectory or file permissions information default:user:user1:rwxdefault:group::r-xdefault:mask::rwxdefault:other::r-x[[email  Protected] mnt]# cd share/[[email protected] share]# ls[[email protected]  share]# touch roota[[email protected] share]# touch rootb[[email  protected] share]# mkdir rootdir1[[email protected] share]# mkdir rootdir2[ [email protected] share]# lsroota  rootb  rootdir1  rootdir2[[ email protected] share]# getfacl roota# file: roota# owner: root#  group: rootuser::rw-user:user1:rwx                    #effective: Rw-       group: :r-x                        #effective:r--mask::rw-other::r--[[email protected] share]# getfacl rootdiragetfacl:  Rootdira: no such file or directory[[email protected] share]# getfacl  rootdirrootdir1/ rootdir2/[[email protected] share]# getfacl rootdir1#  File: rootdir1# owner: root# group: rootuser::rwxuser:user1:rwxgroup::r-xmask:: rwxother::r-xdefault:user::rwxdefault:user:user1:rwxdefault:group::r-xdefault:mask::rwxdefault:other::r-x[[ Email protected] share] #现在用user1   Enter this directory to detect permissions:

[Email protected] share]$

[Email protected] share]$

[Email protected] share]$

[email protected] share]$ LL

Total 8

-rw-rw-r--+ 1 root root 0 Nov 22:52 Roota

-rw-rw-r--+ 1 root root 0 Nov 22:52 ROOTB

drwxrwxr-x+ 2 root root 6 Nov 22:52 Rootdir1

drwxrwxr-x+ 2 root root 6 Nov 22:52 Rootdir2

[email protected] share]$ Touch User1a

[email protected] share]$ Touch User1dir1

[[email protected] share]$ Getfacl user1a//View New file permissions

# File:user1a

# Owner:user1

# Group:user1

user::rw-

USER:USER1:RWX #effective: rw-

Group::r-x #effective: r--

mask::rw-

other::r--


[[Email protected] share]$ RM Roota//Try to delete the file created by root, successfully

[[Email protected] share]$ RM rootdir1//Try to delete the directory created by Root, successfully

Rm:cannot Remove Arootdir1a:is a directory

[Email protected] share]$ RM rootdir1-r

[email protected] share]$ LL

Total 4

-rw-rw-r--+ 1 root root 0 Nov 22:52 ROOTB

drwxrwxr-x+ 2 root root 6 Nov 22:52 Rootdir2

-rw-rw-r--+ 1 user1 user1 0 Nov 22:57 User1a

-rw-rw-r--+ 1 user1 user1 0 Nov 22:57 User1dir1

[Email protected] share]$


Therefore, when there is a need to do the root of the inheritance operation, you can use this side to achieve.


In the new RHEL7, there will be new tools chacl similar to Setfacl.

This article from "Sea Boundless" blog, reproduced please contact the author!

Using Facl in a Linux system to implement the owning group that creates a file that inherits the permissions of the parent directory under the directory

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.