Shulou(Shulou.com)06/01 Report--

This article mainly shows you "what is the use of ACL in Linux", the content is simple and clear, hoping to help you solve your doubts, the following let the editor lead you to study and learn "what is the use of ACL in Linux" this article.

What is ACL?

The full name of ACL is Access Control List (access Control list), an access control list for files / directories. It provides an additional and more flexible rights management mechanism for the file system on the basis of UGO rights management. It is designed as a supplement to UNIX file rights management.

ACL allows you to set access to any file / directory to any user or group.

What's the use of ACL?

Since it is a supplement to UGO rights management, ACL naturally needs to have skills that UGO cannot or is difficult to do, such as:

1. Permissions can be set for users

two。 Permissions can be set for user groups

3. The child file / directory inherits the permissions of the parent directory

Check if ACL is supported

ACL requires the cooperation of the Linux kernel and file system to work, and most of the Linux distributions we see today are supported by default. But it's best to check it out first:

Sudo tune2fs-l / dev/sda1 | grep "Default mount options:" Default mount options: user_xattr acl

We can see that acl support has been added by default (Default mount options:).

How to set up ACL

We can use the setfacl and getfacl commands to set or observe the acl permissions of the file / directory.

Setfacl

There are not many parameters, so they are listed directly:

Setfacl [- bkRd] [{- m |-x} acl parameter] File / directory name-m: configure the following acl parameter for files / directories and cannot be used with-x;-x: delete subsequent acl parameters, which cannot be used with-m;-b: remove all ACL configuration parameters;-k: remove the default ACL parameter;-R: recursively configure acl -d: configure the "default acl parameter", which is valid only for directories. Data created in this directory will refer to this default value.

Getfacl

Getfacl file / directory name

Example

Set permissions for the user

First create a test file, test, and then view its default permissions:

Touch testll test-rw-r--r-- 1 root root 0 May 28 09:04 testgetfacl test# file: test# owner: root# group: rootuser::rw-group::r--other::r-

Set permissions for apache users to read and write to execute test files:

Setfacl-m u:apache:rwx test

View the changes in the properties of the test file:

Ll test-rw-rwxr--+ 1 root root 0 May 28 09:04 test

The permission part has more than one "+", and it is different from the original (644).

View the changes in ACL permissions:

Getfacl test...user:apache:rwx...mask::rwx...

There are more user:apache:rwx and mask::rwx than before, and user apache already has permission to read, write and execute the test file.

Set permissions for user groups

It's almost the same as the setting for users, just replace the lowercase u with the lowercase g.

The child file / directory inherits the permissions of the parent directory

This is a great example that allows us to create child files or subfolders that inherit the permission settings of the parent folder!

Mkdir mydirll-d mydirdrwxr-xr-x 2 root root 4096 May 28 09:35 mydirsetfacl-m d:u:apache:rwx mydir

Note that parameter d plays a decisive role here.

View the changes in the following properties:

Getfacl mydir...default:user::rwxdefault:user:apache:rwxdefault:group::r-xdefault:mask::rwxdefault:other::r-x

With more entries starting with default, try creating a new file under mydir:

Touch mydir/abcgetfacl mydir/abc...user:apache:rwx # effective:rw-group::r-x # effective:r--mask::rw-...

OK, which looks good, apache users can read and write to this file by default.

The above is all the content of this article "what is the use of ACL in Linux?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.