Acess Control List
Access Control List (ACL) is a more flexible and fine-grained permission management mechanism, used to define and control the access permissions of file system objects. Compared to traditional file permission systems, ACL provides more detailed permission control, allowing you to set specific permissions for different users and user groups, no longer limited to the traditional three roles (Owner, Group, Others).
Installation
If not installed, you can use the following command.
sudo apt-get install aclGetfacl
Get the access control list of a file
getfacl - get file access control listsUsage Example
Get the ACL information of the foo file.
getfacl foo# file: foo
# owner: kuga
# group: kuga
user::rw-
group::rw-
other::r--Setfacl
Set the access control list of a file.
setfacl - set file access control listsSpecify User Authorization
The soda user adds read and write permissions to the foo file.
setfacl -m u:soda:rw foogetfacl foo# file: foo
# owner: kuga
# group: kuga
user::rw-
user:soda:rw-
group::rw-
mask::rw-
other::r--Specify Group Authorization
The soda group adds read and write permissions to the foo file.
setfacl -m g:soda:rw foogetfacl foo# file: foo
# owner: kuga
# group: kuga
user::rw-
user:soda:rw-
group::rw-
group:soda:rw-
mask::rw-
other::r--Other Authorization
Add read and write permissions to the foo file for others.
setfacl -m o::rw foogetfacl foo# file: foo
# owner: kuga
# group: kuga
user::rw-
user:soda:rw-
group::rw-
group:soda:rw-
mask::rw-
other::rw-Authorization Modification
The command is in the form of override.
setfacl -m o::r fooother::rw- will become other::r--.
Clear Authorization
setfacl -m u:soda:- foosetfacl -m o::- foouser:soda:---
other::---Delete Authorization
setfacl -x u:soda foosetfacl -m g:soda fooThe two lines user:soda and group:soda will be deleted.
End of Line +
For files using ACL, there will be a + sign after the permission column.
-rw-rw-r--+