$ sudo modprobe loop $ dd if=/dev/zero of=file bs=1k count=100 $ sudo losetup /dev/loop0 file $ sudo mkfs.ext3 /dev/loop0 $ sudo mkdir /mnt/loop $ sudo mount -o rw,acl /dev/loop0 /mnt/loop/ $ sudo chown neo.neo -R /mnt/loop $ cd /mnt/loop/
18.9.1. getfacl - get file access control lists
UGO
$ touch file $ ls -l file -rw-r--r-- 1 neo neo 0 2008-12-22 15:28 file
ACL
$ getfacl file # file: file # owner: neo # group: neo user::rw- group::r-- other::r--
display the default access control list only
neo@netkiller:/mnt/loop$ getfacl dir # file: dir # owner: neo # group: neo user::rwx group::r-x other::r-x default:user::rwx default:user:svnroot:rw- default:group::r-x default:group:nagios:rw- default:mask::rwx default:other::r-x neo@netkiller:/mnt/loop$ getfacl -d dir # file: dir # owner: neo # group: neo user::rwx user:svnroot:rw- group::r-x group:nagios:rw- mask::rwx other::r-x
recurse into subdirectories
$ getfacl -R dir # file: dir # owner: neo # group: neo user::rwx group::r-x other::r-x default:user::rwx default:user:svnroot:rw- default:group::r-x default:group:nagios:rw- default:mask::rwx default:other::r-x # file: dir/file1 # owner: neo # group: neo user::rw- user:svnroot:rw- group::r-x #effective:r-- group:nagios:rw- mask::rw- other::r--
18.9.2. setfacl - set file access control lists
18.9.2.1. set
add a user svnroot to file
neo@netkiller:/mnt/loop$ setfacl -m u:svnroot:rw file
if you can see a '+' at last, it's successed
$ ls -l file -rw-rw-r--+ 1 neo neo 0 2008-12-22 15:44 file
let me see acl.
neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- user:svnroot:rw- group::r-- mask::rw- other::r--
add a user cvsroot to file again
neo@netkiller:/mnt/loop$ setfacl -m u:cvsroot:rw file neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- user:cvsroot:rw- user:svnroot:rw- group::r-- mask::rw- other::r--
add a user and group for that
neo@netkiller:/mnt/loop$ setfacl -m u:gnump3d:rwx,g:nagios:r file neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- user:gnump3d:rwx user:cvsroot:rw- user:svnroot:rw- group::r-- group:nagios:r-- mask::rwx other::r--
modify the current ACL(s) of file(s)
neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- user:svnroot:rw- group::r-- mask::rw- other::r-- neo@netkiller:/mnt/loop$ setfacl -m u:svnroot:r-x file neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- user:svnroot:r-x group::r-- mask::r-x other::r--
18.9.2.2. default
neo@netkiller:/mnt/loop$ setfacl -d -m u:svnroot:rw dir/ neo@netkiller:/mnt/loop$ getfacl dir/ # file: dir # owner: neo # group: neo user::rwx group::r-x other::r-x default:user::rwx default:user:svnroot:rw- default:group::r-x default:mask::rwx default:other::r-x neo@netkiller:/mnt/loop$ setfacl -d -m g:nagios:rw dir/ neo@netkiller:/mnt/loop$ getfacl dir/ # file: dir # owner: neo # group: neo user::rwx group::r-x other::r-x default:user::rwx default:user:svnroot:rw- default:group::r-x default:group:nagios:rw- default:mask::rwx default:other::r-x
the file1 will inherit acl by default.
neo@netkiller:/mnt/loop$ touch dir/file1 neo@netkiller:/mnt/loop$ getfacl dir/file1 # file: dir/file1 # owner: neo # group: neo user::rw- user:svnroot:rw- group::r-x #effective:r-- group:nagios:rw- mask::rw- other::r--
18.9.2.3. remove
remove entries from the ACL(s) of file(s)
neo@netkiller:/mnt/loop$ setfacl -x u:cvsroot file neo@netkiller:/mnt/loop$ setfacl -x g:nagios file neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- user:gnump3d:rwx user:svnroot:rw- group::r-- mask::rwx other::r--
remove all extended ACL entries
neo@netkiller:/mnt/loop$ setfacl -b file neo@netkiller:/mnt/loop$ getfacl file # file: file # owner: neo # group: neo user::rw- group::r-- other::r--
18.9.2.4. backup and restore
backup
$ getfacl -R dir > dir.acl
restore
$ setfacl --restore dir.acl
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
时间: 2024-08-03 15:59:53