ACL tune2fs setfacl getfacl default acl (lesson 8)
Give permission to more than one user or group on a file or directory
Set default permissions for newly created files and directories
The acl mount option needs to be set
in XFS it's a default mount option
Use setfacl and getfacl
----------------------------------------------
ldapuser@localhost$ mkdir -p /etc/folder
Permission denied
root@localhost#setfacl -R -m u:ldapuser:rwx /etc
ldapuser@localhost$ mkdir -p /etc/folder
OK
----------------------------------------------
setfacl -m g:salex:rx /data/account
setfacl -m d:g:sales:rx /data/account #default ACL
[root@localhost kevin]# setfacl -R -m g:lisa:rx filek
[root@localhost kevin]# getfacl filek
# file: filek
# owner: kevin
# group: kevin
user::rw-
group::rw-
group:lisa:r-x
mask::rwx
other::r--
Set default permissions for newly created files and directories
The acl mount option needs to be set
/etc/fstab or systemd
tune2fs for Ext file systemsin XFS it's a default mount option
Use setfacl and getfacl
----------------------------------------------
ldapuser@localhost$ mkdir -p /etc/folder
Permission denied
root@localhost#setfacl -R -m u:ldapuser:rwx /etc
ldapuser@localhost$ mkdir -p /etc/folder
OK
----------------------------------------------
setfacl -m g:salex:rx /data/account
setfacl -m d:g:sales:rx /data/account #default ACL
[root@localhost kevin]# setfacl -R -m g:lisa:rx filek
[root@localhost kevin]# getfacl filek
# file: filek
# owner: kevin
# group: kevin
user::rw-
group::rw-
group:lisa:r-x
mask::rwx
other::r--
You should run 2 commands on directory +defaults
[root@localhost ~]# setfacl -R -m g:lisa:rw /home/kevin/dirk/
[root@localhost ~]# setfacl -m d:g:lisa:rw /home/kevin/dirk/
[root@localhost ~]# getfacl /home/kevin/filek
getfacl: Removing leading '/' from absolute path names
# file: home/kevin/filek
# owner: kevin
# group: kevin
user::rw-
group::rw-
group:lisa:r-x
mask::rwx
other::r--
[root@localhost ~]# setfacl -m u:lisa:rx /home/kevin/dirk/
[root@localhost ~]# setfacl -m u:lisa:rx /home/kevin/filek
[root@localhost ~]# su - lisa
Last login: Mon Jun 5 15:49:54 EDT 2017 on pts/1
[lisa@localhost ~]$ ll /home/kevin/
ls: cannot open directory /home/kevin/: Permission denied
[lisa@localhost ~]$ ll /home/kevin/dirk
ls: cannot access /home/kevin/dirk: Permission denied
ACL access on parent folder if there is explicit chmod deny
[root@localhost ~]# setfacl -Rm g:lisa:rx /home/kevin
[root@localhost ~]# setfacl -Rm u:lisa:rx /home/kevin
[root@localhost ~]# su - lisa
Last login: Mon Jun 5 15:54:24 EDT 2017 on pts/1
[lisa@localhost ~]$ ll /home/kevin/
total 4
drwxrwxr-x+ 2 kevin kevin 25 Jun 5 15:46 dirk
-rw-rwxr--+ 1 kevin kevin 29 Jun 5 15:43 filek
[lisa@localhost ~]$ ll /home/kevin/dirk/
total 4
-rw-rwxr--+ 1 kevin kevin 29 Jun 5 15:46 dfilekeving
[lisa@localhost ~]$ cat /home/kevin/filek
Mon Jun 5 15:43:19 EDT 2017
[lisa@localhost ~]$
[lisa@localhost ~]$ getfacl /home/kevin/dirk/
getfacl: Removing leading '/' from absolute path names
# file: home/kevin/dirk/
# owner: kevin
# group: kevin
user::rwx
user:lisa:r-x
group::rwx
group:lisa:r-x
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:lisa:rw-
default:mask::rwx
default:other::r-x
[root@localhost ~]# touch /home/kevin/dirk/fileroot
on file there is no default settings
[root@localhost ~]# getfacl /home/kevin/dirk/fileroot
getfacl: Removing leading '/' from absolute path names
# file: home/kevin/dirk/fileroot
# owner: root
# group: root
user::rw-
group::rwx #effective:rw-
group:lisa:rw-
mask::rw-
other::r--
Comments
Post a Comment