一 最大有效ACL权限mask
mask是用来指定最大有效权限的。如果给用户赋予了ACL权限,是需要和mask的权限“相与”才能得到用户的真正权限。
[root@localhost home]# getfacl av/
# file: av/
# owner: tony
# group: stu
user::rwx
user:lw:r-x
group::rwx
mask::rwx
other::---
二修改最大有效权限
setfacl -m m:rx 文件名
设定mask权限为r-x。使用“m:权限”格式
[root@localhost home]# setfacl -m u:lw:rwx /home/av
[root@localhost home]# getfacl av
# file: av
# owner: tony
# group: stu
user::rwx
user:lw:rwx
group::rwx
mask::rwx
other::---
[root@localhost home]# setfacl -m m:rx av
[root@localhost home]# getfacl av
# file: av
# owner: tony
# group: stu
user::rwx
user:lw:rwx #effective:r-x
group::rwx #effective:r-x
mask::r-x
other::---
三 删除ACL权限
四 实战
[root@localhost home]# setfacl -m u:tony:rx av
[root@localhost home]# getfacl av
# file: av
# owner: tony
# group: stu
user::rwx
user:tony:r-x
user:lw:rwx
group::rwx
mask::rwx
other::---
[root@localhost home]# setfacl -x u:lw av
[root@localhost home]# getfacl av
# file: av
# owner: tony
# group: stu
user::rwx
user:tony:r-x
group::rwx
mask::rwx
other::---
[root@localhost home]# setfacl -b av
[root@localhost home]# getfacl av
# file: av
# owner: tony
# group: stu
user::rwx
group::rwx
other::---