Last active
February 1, 2018 03:46
-
-
Save jason-idk/d136433df2eab69f43c6751889062e51 to your computer and use it in GitHub Desktop.
Just some notes on file access control lists...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| All About FACLs on Linux... (POSIX) Cheat Sheet and Examples… | |
| Viewing ACLs for file: | |
| root@server # getfacl /tmp/test | |
| # file: test —> File name | |
| # owner: root —> Owner of file | |
| # group: root —> Group owner of file | |
| user::rw- —> Standard file permissions for owner | |
| user:john:rw- —> First ACL given to user John | |
| user:sam:rwx —> Second ACL given to user Sam | |
| group::r-- —> Standard group permissions for owner | |
| mask::rwx —> Maximum effective permissions for everyone. (see #effective:perms) you can modify this to limit everyones permissions. | |
| other:--- | |
| Precedence: | |
| IF you are the OWNER or GROUP of the original permissions of the file, you MUST use these. | |
| Setting FACLs (User): | |
| root@server# setfacl -m u:john:rw /tmp/test | |
| (-m modify) u:(user):rw(permissions) /path/to/file | |
| Setting FACLs (Group): | |
| root@server# setfacl -m g:admins:rw /tmp/test | |
| (-m modify) g:(group):rw(permissions) /path/to/file | |
| Setting Multiple FACLs: | |
| root@server# setfacl -m u:john:rw,g:admins:rw /path/to/file | |
| (-m modify) u:(user):rw(permissions),g:(group):rw(permissions) /path/to/file | |
| Setting Default FACL for directory: | |
| root@server# setfacl -m d:u:john:rw /accounts | |
| (Now everything created within this directory will have a default of which was specified above) | |
| root@server# getfacl /accounts | |
| # file: accounts/ | |
| # owner: root | |
| # group: root | |
| user::rwx | |
| group::r-x | |
| other::r-x | |
| default:user::rwx —> This is the permissions for the actual file (Not ACL) | |
| default:user:john:rw- —> This is the default we set above. | |
| default:group::r-x —> This is the default for the actual group owner (Not ACL) | |
| default:mask::rwx | |
| default:other::r-x | |
| ** Any file s created within /accounts will be given the default FACL specified above. ** | |
| Removing ACLs: | |
| root@server# setfacl -x u:john /tmp/test | |
| (-x remove) u:(user) /path/to/file * This will not affect any other users with FACLs set * | |
| root@server# setfacl -b /tmp/test | |
| (This will remove ALL FACLs for /tmp/test) | |
| Backing up ACLs: | |
| root@server# cd /accounts | |
| root@server# getfacl -R * > accounts_facl (backup FACLs recursively for /accounts/*) | |
| -R (recursive) * > (save to) accounts_facl (file name) | |
| Restoring ACLs: | |
| root@server# setfacl --restore=accounts_facl |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment