[GRLUG] setfacl/getfacl [Was: update change ownership/permissions?]
Adam Tauno Williams
awilliam at whitemice.org
Sat Feb 16 09:09:08 EST 2013
On Fri, 2013-02-15 at 21:21 -0500, Adam Tauno Williams wrote:
> Eric Beversluis <ebever at researchintegration.org> wrote:
>
> >Is setfacl something new?
>
> A decade or so, so yea. It has a man page. Ext3/ext4 supports real
> object acls - way better than owner-group-world.
setfcl -m u:awilliam:rwx this-file
The "-m" means modify, then "u" for user / "g" for group [since, sadly
UNIX still can't flatten the namespace], then the permissions [same as
you'd use for chmod]. This creates an ACE in the ACL for the named
object. You can set as many ACEs on an object as you want.
A "+" will appear if in ls if the object has an ACL.
-rw-r-xr--+ 1 awilliam users 8087 Nov 16 10:51 RandomNames.txt
-rw-r--r-- 1 awilliam users 16117 Feb 11 16:57 Samba4.txt
Use setfacl -x u/g:name to delete an ACE.
getfacl will display the contents of the ACL
awilliam at linux-nysu:~> getfacl RandomNames.txt
# file: RandomNames.txt
# owner: awilliam
# group: users
user::rw-
user:mwilliam:r-x
group::r--
mask::r-x
other::r--
See that every object really has at least three ACEs in its ACL - they
represent the 'traditional' UNIX permissions.
Mostly the blunderbuss system permission reset, etc... scripts leave
ACLs alone.
--
Adam Tauno Williams GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
More information about the grlug
mailing list