# setfacl -m d:o:rwx /etc/apache2/sites-available/ Configuring ACL for group To set a default ACL, add ' d:' before the rule and specify a directory instead of a file name. rw-rwxr-+ 1 root root 1.4K Dec 7 19:07 Configuring Default ACLsĭefault ACL can only be configured for a directory. Now, all the files have ACL values under ‘/etc/apache2/sites-available/’ directory: # ls -lh /etc/apache2/sites-available/ Now, run the getfacl command to view the new ACL values for the below directory: # getfacl /etc/apache2/sites-available/ # setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ In the below example we will be going to assigen a rwxaccess to magi user to the folder ‘/etc/apache2/sites-available/’. Run the setfacl command with below format to set ACL on the given folder recursively. rw-rwxr-+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/nf Configuring ACL on folders Make a note: ACL configured files or directories shows a 'plus (+)' sign after the file or folder permissions as shown below: # ls -lh /etc/apache2/nf For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). Now, run the getfacl command to view the new ACL values as shown below. -m: modify the current ACL(s) of file(s).In the below example we are going to give a rwx access to ‘magi’ user to the ‘/etc/apache2/nf’ file: # setfacl -m u:magi:rwx /etc/apache2/nf Run the ‘setfacl’ command with below format to set ACL on the given file. Thus, we will configure Access Control Lists (ACLs) for him to gain access to the file. # getfacl /etc/apache2/nfĮxample scenario: We have user magi and he wants to modify the nf file, which is owned by root user. Make a note, when you run getfacl command on non ACL file’s or folder’s, it wont show additional user and it masks the parameter values. To check the default ACL values for a file or directory, use the getfacl command followed by ‘/path/to/file’ or ‘/path/to/folder’. We can now see the ACL option on /dev/sdb1 partition. The above output clearly shows that ACL is not enabled for /dev/sdb1 partition. Run tune2fs command to check whether ACL is enabled or not for a specific partition in Linux: # tune2fs -l /dev/sdb1 | grep options It displays, the file name, owner & group of the file, and ACL permissions (user, group, other & default). Getfacl stands for ‘get file access control lists’, which is used to view Access Control Lists (ACLs) for files and directories. It is used to set Access Control Lists (ACLs) for files and directories. Setfacl stands for ‘set file access control lists’. ACL can be easily managed by setfacl & getfacl commands. It allows you to set permissions to individual users or groups even if these do not correspond to the original owner or the owning group. It is designed to assist with UNIX file permissions. What is ACL?ĪCL stands for Access Control List (ACL) which provides an additional and more flexible permissions mechanism for file systems. However, for more complex scenarios ACLs can be used as an extension to the traditional file permission concept. This can’t be implemented with the standard Linux access permission. Let’s, assume that you wanted to allow only one person from the group to be able to write to that file. Folders -> 755 -> drwxr-xr-x (User has Read, Write & Execute access, Group & Others have Read & Execute access)įor example: By default users can access & edit their own home directory files, and also can access associated group files.Files -> 644 -> -rw-r–r– (User has Read & Write access, Group & Others have Read only access).However, this has its limitations and does not allow you to set flexible permissions for users.īy default Linux has following access permissions for files & directories. These permissions can be set using the ‘ chmod‘ command. Traditional Linux access permissions for files and directories consists of setting a combination of read, write, and execute permissions for the “owner”, “group”, and “others” of the file or directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |