Using Facl in a Linux system to implement the owning group that creates a file that inherits the permissions of the parent directory under the directory

In a Linux system, you can use Setfacl to create files or subdirectories under the directory and inherit permissions from the parent directory.

The following root with the ordinary user user1. Under directory/mnt

[[email protected] mnt]# setfacl -m u:user1:rwx share         //add ower = user1&nbsp to the directory, and give rwx  the right root. [[email protected] mnt]# setfacl -d -m  u:user1:rwx share     //adds default ACL permissions for the directory, and the directories and files created under this directory inherit this permission information [[email protected] mnt]#[[email protected]  mnt]#[[email protected] mnt]# getfacl share         //View Share's Facl information # file: share# owner: root# group: rootuser::rwxuser :user1:rwx                             //  at this time User1 can have write permission to share group:: r-xmask::rwxother::r-xdefault:user::rwx                          //the default subdirectory or file permissions information default:user:user1:rwxdefault:group::r-xdefault:mask::rwxdefault:other::r-x[[email  Protected] mnt]# cd share/[[email protected] share]# ls[[email protected]  share]# touch roota[[email protected] share]# touch rootb[[email  protected] share]# mkdir rootdir1[[email protected] share]# mkdir rootdir2[ [email protected] share]# lsroota  rootb  rootdir1  rootdir2[[ email protected] share]# getfacl roota# file: roota# owner: root#  group: rootuser::rw-user:user1:rwx                    #effective: Rw-       group: :r-x                        #effective:r--mask::rw-other::r--[[email protected] share]# getfacl rootdiragetfacl:  Rootdira: no such file or directory[[email protected] share]# getfacl  rootdirrootdir1/ rootdir2/[[email protected] share]# getfacl rootdir1#  File: rootdir1# owner: root# group: rootuser::rwxuser:user1:rwxgroup::r-xmask:: rwxother::r-xdefault:user::rwxdefault:user:user1:rwxdefault:group::r-xdefault:mask::rwxdefault:other::r-x[[ Email protected] share] #现在用user1   Enter this directory to detect permissions:

[Email protected] share]$

[Email protected] share]$

[Email protected] share]$

[email protected] share]$ LL

Total 8

-rw-rw-r--+ 1 root root 0 Nov 22:52 Roota

-rw-rw-r--+ 1 root root 0 Nov 22:52 ROOTB

drwxrwxr-x+ 2 root root 6 Nov 22:52 Rootdir1

drwxrwxr-x+ 2 root root 6 Nov 22:52 Rootdir2

[email protected] share]$ Touch User1a

[email protected] share]$ Touch User1dir1

[[email protected] share]$ Getfacl user1a//View New file permissions

# File:user1a

# Owner:user1

# Group:user1

user::rw-

USER:USER1:RWX #effective: rw-

Group::r-x #effective: r--

mask::rw-

other::r--

[[Email protected] share]$ RM Roota//Try to delete the file created by root, successfully

[[Email protected] share]$ RM rootdir1//Try to delete the directory created by Root, successfully

Rm:cannot Remove Arootdir1a:is a directory

[Email protected] share]$ RM rootdir1-r

[email protected] share]$ LL

Total 4

-rw-rw-r--+ 1 root root 0 Nov 22:52 ROOTB

drwxrwxr-x+ 2 root root 6 Nov 22:52 Rootdir2

-rw-rw-r--+ 1 user1 user1 0 Nov 22:57 User1a

-rw-rw-r--+ 1 user1 user1 0 Nov 22:57 User1dir1

[Email protected] share]$

Therefore, when there is a need to do the root of the inheritance operation, you can use this side to achieve.

In the new RHEL7, there will be new tools chacl similar to Setfacl.

This article from "Sea Boundless" blog, reproduced please contact the author!

Using Facl in a Linux system to implement the owning group that creates a file that inherits the permissions of the parent directory under the directory