Shulou(Shulou.com)06/01 Report--

What this article shares to you is about how to use ACL to set up collective permissions in Linux. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Table 1: show current permission assignments on current Linux systems

Sanders-computer:~ sandervanvugt$$ ls-l total 24 drwx-+ 13 sandervanvugt staff 442Oct 20 20:17 Desktop drwx-+ 103 sandervanvugt staff 3502 Oct 21 08:37 Documents drwx-+ 289 sandervanvugt staff 9826 Oct 21 10:05 Downloads drwx-@ 51 sandervanvugt staff 1734 Sep 22 16:31 Library drwx-+ 29 sandervanvugt staff 986 Oct 9 07:59 Movies drwx-+ 5 sandervanvugt staff 170 May 21 23:19 Music drwx -+ 24 sandervanvugt staff 816 Sep 19 22:21 Pictures drwxr-xr-x+ 4 sandervanvugt staff 136Apr 12 2013 Public drwxr-xr-x 3 sandervanvugt staff 2013 Sep 22 16:31 Samsung-rwxr-xr-x 1 sandervanvugt staff 324 Sep 23 11:51 bart1-rw-r--r-- 1 sandervanvugt staff 148Aug 14 13:12 rekenprogrammaLOG-rwxr-xr-x 1 sandervanvugt staff 607 Jul 3 16:59 script3

If only one owner or group is needed on the file, the default Linux permission scheme is also available.

However, if you need to give one group of users control of the file, the other group only needs to read the file, and the other group is not allowed to access the file, then the default permissions will not help, and you need ACL.

Linux ACL finds a trustee for the file, allowing multiple users and groups to have permissions. You can also set the default access control list and use the default permissions for new terms created in the directory.

The setfacl command uses ACL to set permissions. The Linux system shows the current ACL allocation through the getfacl command in Table 2.

It's easy to apply for permission. For example, Linux administrators can use setfacl-R-m g:sales:rx / groups/account if they want sales team members in the organization to access all the files in directory / groups/account.

In this command, the option-R is used to return ACL to all existing terms in directory / groups/account. The option-m is used to change the group represented by the ACL,g, followed by the group's name and assigned permissions.

Table 2: how to display the permissions of Linux ACL with getfacl

[root@tls groups] # getfacl account/ # file: account/ # owner: root # group: account user::rwx group::rwx group:sales:r-x mask::rwx other::

Don't worry about a black screen because of the getfacl command, this is an automatic change.

Default Linux ACL

The Linux ACL command sets permissions on the current file, but does not automatically do anything on the new file. In general, if an administrator uses ACL in a directory, they also want ACL to apply to all new files created in the directory. This is the privilege of the default ACL.

Adding the default ACL is as simple as copying the previous setfacl command with the add option. To assign permissions to all new files in the directory, deploy the following command:

Setfacl-m d:g:sales:rx / groups/account

You can also use getfacl to check the current default ACL settings, as shown in Table 3:

Table 3: check the default Linux ACL allocation

[root@tls groups] # getfacl account/ # file: account/ # owner: root # group: the above is how to use ACL to set the collective permission in Linux. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.