Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how Linux administrators use ACL to set up collective permissions". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Not every Linux administrator knows how to deploy the access control table ACL on the file system to enhance permissions. Now this situation should be changed.

Under the basic Linux permissions topic, permissions are assigned to file owners, file ownership groups, and so on. Each file and directory on the Linux system has a user owner and group owner. Each Linux administrator can call the current owner list and assign permissions to them using the ls-l command listed in Table 1:

Table 1: show current permission assignments on current Linux systems

Sanders-computer:~ sandervanvugt$$ ls-l total 24 drwx-+ 13 sandervanvugt staff 442Oct 20 20:17 Desktop drwx-+ 103 sandervanvugt staff 3502 Oct 21 08:37 Documents drwx-+ 289 sandervanvugt staff 9826 Oct 21 10:05 Downloads drwx-@ 51 sandervanvugt staff 1734 Sep 22 16:31 Library drwx-+ 29 sandervanvugt staff 986 Oct 9 07:59 Movies drwx-+ 5 sandervanvugt staff 170 May 21 23:19 Music drwx -+ 24 sandervanvugt staff 816 Sep 19 22:21 Pictures drwxr-xr-x+ 4 sandervanvugt staff 136Apr 12 2013 Public drwxr-xr-x 3 sandervanvugt staff 2013 Sep 22 16:31 Samsung-rwxr-xr-x 1 sandervanvugt staff 324 Sep 23 11:51 bart1-rw-r--r-- 1 sandervanvugt staff 148Aug 14 13:12 rekenprogrammaLOG-rwxr-xr-x 1 sandervanvugt staff 607 Jul 3 16:59 script3

If only one owner or group is needed on the file, the default Linux permission scheme is also available.

However, if you need to give one group of users control of the file, the other group only needs to read the file, and the other group is not allowed to access the file, then the default permissions will not help, and you need ACL.

Linux ACL finds a trustee for the file, allowing multiple users and groups to have permissions. You can also set the default access control list and use the default permissions for new terms created in the directory.

The setfacl command uses ACL to set permissions. The Linux system shows the current ACL allocation through the getfacl command in Table 2.

It's easy to apply for permission. For example, Linux administrators can use setfacl-R-m g:sales:rx / groups/account if they want sales team members in the organization to access all the files in directory / groups/account.

In this command, the option-R is used to return ACL to all existing terms in directory / groups/account. The option-m is used to change the group represented by the ACL,g, followed by the group's name and assigned permissions.

Table 2: how to display the permissions of Linux ACL with getfacl

[root@tls groups] # getfacl account/ # file: account/ # owner: root # group: account user::rwx group::rwx group:sales:r-x mask::rwx other::

Don't worry about a black screen because of the getfacl command, this is an automatic change.

Default Linux ACL

The Linux ACL command sets permissions on the current file, but does not automatically do anything on the new file. In general, if an administrator uses ACL in a directory, they also want ACL to apply to all new files created in the directory. This is the privilege of the default ACL.

Adding the default ACL is as simple as copying the previous setfacl command with the add option. To assign permissions to all new files in the directory, deploy the following command:

Setfacl-m d:g:sales:rx / groups/account

You can also use getfacl to check the current default ACL settings, as shown in Table 3:

Table 3: check the default Linux ACL allocation

[root@tls groups] # getfacl account/ # file: account/ # owner: root # group: account user::rwx group::rwx group:sales:r-x mask::rwx other::--- default:user::rwx default:group::rwx default:group:sales:r-x default:mask::rwx default:other::

Once the default ACL is set, the new permissions will apply to all terms created in the directory.

This is the end of "how Linux administrators use ACL to set up collective permissions". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.