Access Control List
🔗Linux ACL - Access Control List
🔗Commands
setfacl
getfacl
🔗ACL
🔗Permission
- Comma separated entry. - Each entry consists of type, value and permissions, separated by colon. - type is one of `u` (user), `g` (group), `o` (other), `m` (mask) - value is the user name or uid for `u`, group name or gid for `g`, nothing for `o` - permissions is the combination of `r` (read), `w` (write) and `e` (execute) - if value is empty, then means all users/groups - if no read permission is to granted, the replace `r` with `-` for read char - if no write permission is to granted, the replace `w` with `-` for read char - if no execute permission is to granted, the replace `x` with `-` for read char - `-` in value can be ommited, if at least one of `r`, `w` and `x` is present: `r-x` => `rx` - at least one `-` in value must be present if none of `r`, `w` and `x` is present: `---` => `-` - e.g., `u:wb:rwx`, `u::rwx`
🔗File & Directory ACL
🔗User ACL
- For all users: `u::rwx` - For user with username 'aaa': `u:aaa:rwx` - For user with uid '2000': `u:2000:rwx`
🔗Group ACL
- For all groups: `g::rwx` - For group with group name 'aaa': `g:aaa:rwx` - For group with group id '2000': `g:2000:rwx`
🔗Other ACL
- For other users: `o::rwx`
🔗Mask acl
- The effective acl is the intersection of given acl and mask acl - e.g., if `m::r-x` and `u:wb:rwx`, the the effective acl for wb is `u:wb:r-x`
🔗Default acl
For directory, newly create files can inherited from the parent directory if default acl set for the parent directory.
🔗Set ACL - setfacl
🔗Add ACL Entry
setfacl -m 'u:wb:rwx,g:wb:r-x' a.file
🔗Remove ACL Entry
setfacl -x 'u:wb:rwx,g:wb:r-x' a.file
🔗Override Existing ACL Entries
setfacl --set 'u:wb:rwx,g:wb:r-x:o::r--' a.file
🔗Clear ACL Entries
setfacl -b a.file
🔗Apply ACL Recursively
setfacl -R -m 'u:wb:rwx,g:wb:r-x' a.file
🔗Change Default ACL
setfacl -d -m 'u:wb:rwx,g:wb:r-x' a.file
🔗Get ACL - getfacl
getfacl a.file