Shulou(Shulou.com)06/03 Report--

Linux system can set different read and write permissions for groups, users, and others, but it is not accurate enough. What if you want to set a unique permission for a particular user? And this user is not the file or directory of the group or group, how to break?

The ways to set permissions for a specific user are as follows:

[root@localhost ~] # dmesg | grep-I acl # check whether ACL can be set on the system. If the word "red" can be found below, it means no problem. [1.173259] systemd [1]: systemd 219 running in system mode. (+ PAM + AUDIT + SELINUX + IMA-APPARMOR + SMACK + SYSVINIT + UTMP + LIBCRYPTSETUP + GCRYPT + GNUTLS + 'ACL' + XZ + LZ4-SECCOMP + BLKID + KMOD + IDN) [2.487295] SGI XFS with' ACL's, security attributes, no debug enabled1, setfacl-- set ACL rules (for a single user or group)

Common options for setfacl are as follows:

-m: set subsequent ACL parameters for files and cannot be used with-x;-x: delete subsequent ACL parameters and cannot be used with-m;-b: delete all ACL setting parameters;-k: delete default ACL parameters;-R: recursively set ACL, that is, subdirectories will be applied;-d: set the default ACL parameter, which is valid only for directories. New data in this directory will refer to this default value.

Examples of settings:

[root@localhost ~] # touch acl_test1 # create a test file [root@localhost ~] # setfacl-m u:lv:rw acl_test1 # separately give the user "lv" read and write permission [root@localhost ~] # ll acl_test1 # to view file properties, with a "+" added at the end of the permission bar This is the ACL-rw-rw-r--+ 1 root root 0 September 3 08:45 acl_ Test1 [root @ localhost ~] # setfacl-m u::rwx acl_test1 # if the user is not written after u, it means that setting the master permission of the file [root@localhost ~] # ll acl_test1 # will find that the owner's permission has become rwx. -rwxrw-r--+ 1 root root 0 September 3 08:45 acl_test12, getfacl-- view the set ACL rules

The options are basically the same as setfacl. You can check the specific usage options through the man manual. The most important thing is to view the ACL rules that we set using setfacl.

Examples of use:

[root@localhost ~] # getfacl acl_test1 # use getfacl to view the set ACL permissions # file: acl_test1 # file name # owner: root # file owner # group: root # file group user::rwx # owner's permission user:lv:rw- # user's "lv" permission group::r-- # permissions for a file belonging to a group mask::rw- # valid permissions for this file by default # permissions set by a user or group must exist within the permission setting of mask to take effect other::r-- # permissions of anyone else [root@localhost ~] # ll acl_test1 # after viewing using the "ll" command Compare-rwxrw-r--+ 1 root root 0 September 3 08:45 combined use of acl_test13, setfacl and getfacl for example: # 1, the setting method for the effective permission mask [root@localhost ~] # setfacl-m MRAR acl_test1 # sets the file's permission to read only (r). [root@localhost ~] # getfacl acl_test1# View # file: acl_test1# owner: root# group: rootuser::rwxuser:lv:rw- # effective:r-- # Note as valid permission only r (read permission), even if the user is followed by w (write permission), it does not take effect group::r--mask::r-- # because here, the permissions that the user also has are valid permissions. Such as the "r" permission here. Other::r--#2, set permissions for a specific group (delete the original file Create a new acl_test1): [root@localhost ~] # setfacl-m g:mygroup:rx acl_test1# set mygroup group has rx permission [root@localhost ~] # getfacl acl_test1# View # file: acl_test1# owner: root# group: rootuser::rw-group::r--group:mygroup:r-x # here is the newly set permission mask::r-xother::r--#3, Let myuser1 always have the default permission of rx under / usr/local [root@localhost ~] # setfacl-m d:u:myuser1:rx / usr/local/# setting permission [root@localhost ~] # getfacl / usr/local/# View getfacl: Removing leading'/ 'from absolute path names# file: usr/local/# owner: root# group: rootuser::rwxgroup::r-xother::r-xdefault:user::rwxdefault:user:myuser1:r- X# this is the line. Default:group::r-xdefault:mask::r-xdefault:other::r-x#, create a directory. And check whether it inherits the default permission [root@localhost ~] # cd / usr/local/ [root@localhost local] # mkdir test [root@localhost local] # ls-ld test/ # with "+" permission Drwxr-xr-x+ 2 root root 6 September 3 09:51 test/ [root@localhost local] # getfacl test# use getfacl to view # file: test# owner: root# group: rootuser::rwxuser:myuser1:r-xgroup::r-xmask::r-xother::r-xdefault:user::rwxdefault:user:myuser1:r-x # this is the line default:group::r-xdefault:mask::r -xdefault:other::r-x# the following is to cancel some ACL rules for users [root@localhost local] # setfacl-x u:myuser1 / usr/local/ # cancel myuser1 users' ACL rules for this directory [root@localhost local] # setfacl-xd: u:myuser1 / usr/local/ # cancel recursive ACL rules [root@localhost local] # setfacl-mu _ MURUSULAR-usr/local # make it impossible for myuser1 users to use the directory Use "-" in the permission field to indicate it.

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.