Access Control List
ACL
Access Control List (ACL) is a more flexible and fine-grained permission management mechanism, used to define and control the access permissions of file system objects. Compared to traditional file permission systems, ACL provides more detailed permission control, allowing you to set specific permissions for different users and user groups, no longer limited to the traditional three roles (Owner, Group, Others).
Installation
If not installed, you can use the following command.
Getfacl
Get the access control list of a file
Usage Example
Get the ACL information of the foo file.
Setfacl
Set the access control list of a file.
Specify User Authorization
The soda user adds read and write permissions to the foo file.
Specify Group Authorization
The soda group adds read and write permissions to the foo file.
Other Authorization
Add read and write permissions to the foo file for others.
Authorization Modification
The command is in the form of override.
other::rw-
will become other::r--
.
Clear Authorization
Delete Authorization
The two lines user:soda
and group:soda
will be deleted.
End of Line +
For files using ACL, there will be a + sign after the permission column.
RBAC
About 7-8 years ago, I once encountered a management interface for ACL, which was later changed to RBAC.