ACL default permissions and recursive permissions in Linux

a recursive permission

Permission recursion will overflow permissions, so it is very dangerous

Recursion means that when the parent directory sets ACL permissions, all existing sub-files and sub-directories will also have the same ACL permissions. It has no effect on newly created subdirectories and files.

setfacl -mu:username:permissions -R directory name

Recursive permissions can only be given to directories, not files

 

Two-authority recursive combat

[root @ localhost home] # cd av

[root @ localhost av] # touch cangls

[root @ localhost av] # touch bols

[root @ localhost av] # cd ..

[root@localhost home]# setfacl -m u:lw:rx -R av

[root @ localhost home] # cd av

[root @ localhost av] # ll

total 8

-rw-r-xr--+ 1 root root 0 Aug 5 14:10 bols

-rw-r-xr--+ 1 root root 0 Aug 5 14:10 cangls

[root @ localhost av] # getfacl bols

# file: bols

# owner: root

# group: root

user::rw-

user:lw:r-x

group::r--

mask::r-x

other::r--

[root @ localhost av] # touch cde

[root @ localhost av] # ll

total 8

-rw-r-xr--+ 1 root root 0 Aug 5 14:10 bols

-rw-r-xr--+ 1 root root 0 Aug 5 14:10 cangls

-rw-r--r--. 1 root root 0 Aug 5 14:22 cde

 

Three default ACL permissions

The function of the default ACL permission is that if the default ACL permission is set for the parent directory, all newly created sub-files in the parent directory will inherit the ACL permission of the parent directory.

setfacl -md:u:username:permissions directory

 

Four actual combat

[root @ localhost av] # cd ..

[root@localhost home]# setfacl -m d:u:lw:rx -R av

[root @ localhost home] # getfacl av

# file: av

# owner: tony

# group: stu

user::rwx

user:lw:r-x

group::rwx

mask::rwx

other::---

default:user::rwx

default:user:lw:r-x

default:group::rwx

default:mask::rwx

default:other::---

 

[root @ localhost home] # cd av

[root@localhost av]# touch def

[root @ localhost av] # ll def

-rw-rw----+ 1 root root 0 Aug 5 14:28 def

[root@localhost av]# getfacl def

# file: def

# owner: root

# group: root

user::rw-

user:lw:r-x #effective:r--

group::rwx #effective:rw-

mask::rw-

other::---

 

[root @ localhost av] # ll

total 12

-rw-r-xr--+ 1 root root 0 Aug 5 14:10 bols

-rw-r-xr--+ 1 root root 0 Aug 5 14:10 cangls

-rw-r--r--. 1 root root 0 Aug 5 14:22 cde

-rw-rw----+ 1 root root 0 Aug 5 14:28 def