1: Introduction and opening of ACL permissions
Mainly used to solve the problem of insufficient identity. Regardless of identity (owner, group, and others); users can use ACL only if the partition where the file is located supports ACL permissions
2: Check whether the partition ACL permission is enabled
dumpe2fs -h partition; (check the partition details)
The dumper2fs command is a command to query detailed file system information of a specified partition. -h indicates that only the information in the super block is displayed, but the detailed information of the disk block group is not displayed.
df -h is used to view partition usage
The large arrow indicates the root partition
Default mount options
3: Temporarily open partition ACL permissions
mount -o remount, acl /: remount the root partition, and mount to add acl permissions (remount means to remount the root directory), the command will be invalid when restarted.
4: Permanently open partition acl permissions
vi / etc / fstab (automatically mount files when the system boots)
Add acl directly after the defaults behind the root partition, and then restart
mount -o remount / means to remount the file system and restart the system to make the changes take effect.
5: Set ACL permissions: setfacl option file name
Options: -m set ACL permissions
-x delete the specified ACL permissions
-b remove all ACL permissions
-d sets the default ACL permissions
-k remove the default ACL permissions
-R recursively set ACL permissions
groupadd creates a new group, and gpasswd adds a user to a group. These two previous articles have introduced. In the user management article, chown is the owner of the file or directory, the syntax is chown [user] [file name or directory], and chmod changes the permissions of the file and directory. The syntax is: chmod [number] [files and directories], generally like this, there are other forms, the numbers are separately expanded called binary, which correspond to the owner, the group they belong to, the permissions of others, rwx.
To grant r_x permission to user st, use the format "u: username: permission". If u is changed to g, it means user group
"+" Means ACL permission has been added
You can try to add acl permissions to the user group
6: View the acl command getfacle file name (view acl permissions)
You can try to use the st user to create the file:
Show insufficient permissions and then use exit to exit st user
7: Maximum effective authority: mask
mask is used to specify the maximum effective permissions. If I give the user ACL permissions, it is necessary to "join" with the mask permissions to get the user's real permissions. The statement to adjust the mask is (setfacl -mm: permission file name) mask does not affect the permissions of the owner, only the acl permissions and the permissions of the group to which it belongs
8: Remove ACL permissions
setfacl -xu: username file name
setfacl -xg: group name file name
setfacl -b file name (delete all ACL permissions of the file)
Use -d to delete
9: Recursive ACL permissions
Recursion is that when the parent directory sets ACL permissions, all child files and subdirectories will also have the same ACL permissions
setfacl -mu: username: permission -R directory
If the recursive abc file is not set, there is no ACL permission
If you are creating a new file at this time, then the file does not have ACL permissions
The default ACL permissions were introduced without solving this problem
10: Default ACL permissions
The role of the default ACL permissions is that if the default ACL permissions are set for the parent directory, then all new child files in the parent directory will inherit the ACL permissions of the parent directory
setfacl -md: u: username: permission directory