Mercurial Mercurial > tips / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
acl.rst
author Oleksandr Gavenko <gavenkoa@gmail.com>
Sat, 10 Feb 2018 01:36:16 +0200
changeset 2229 1a0b6597e594
parent 1981 ad12707cb8de
permissions -rw-r--r--
Mark block quot in HTMLe.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1841
2aaf1f0297f9 Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff changeset 
     1
 
.. -*- coding: utf-8; -*-
2aaf1f0297f9 Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff changeset 
     2
 












2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




     3


======













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




     4


 ACL.













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




     5


======













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




     6


.. contents::








1905






fba288d59662
Include only local subsections into TOC. This prevent duplication of



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1841

diff
changeset




     7


   :local:








1841






2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




     8














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




     9


Managing ACL permissions.













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    10


=========================













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    11














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    12


Set permission::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    13














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    14


  $ sudo setfacl -m u:nobody:rwx ~/tmp/dir













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    15


  $ sudo setfacl -m g:nogroup:rwx ~/tmp/dir













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    16














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    17


Review permissions::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    18














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    19


  $ sudo getfacl ~/tmp/dir













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    20














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    21


Remove specific permissions::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    22














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    23


  $ sudo setfacl -x u:test ~/tmp/dir













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    24









1981






ad12707cb8de
Like read/write/executable bit.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1980

diff
changeset




    25


.. NOTE:: ``setfacl`` with ``-x`` key can't remove specific permission (like













ad12707cb8de
Like read/write/executable bit.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1980

diff
changeset




    26


          read/write/executable bit), you should remove corresponding user or













ad12707cb8de
Like read/write/executable bit.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1980

diff
changeset




    27


          group and set new or explicitly specify desired permission for user or













ad12707cb8de
Like read/write/executable bit.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1980

diff
changeset




    28


          group with ``-m`` option.








1980






dbe9a69aa2f6
``setfacl`` with ``-x`` key can't remove specific permission.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1979

diff
changeset




    29









1841






2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    30


Remove all ACL permissions::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    31














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    32


  $ sudo setfacl -b ~/tmp/dir













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    33














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    34


Remove default ACL::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    35














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    36


  $ sudo setfacl -k ~/tmp/dir













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    37














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    38


Backup and restore ACL::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    39














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    40


  $ sudo getfacl ~/tmp/dir >~/tmp/backup.acl













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    41


  $ sudo setfacl --restore=~/tmp/backup.acl













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    42














2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    43


Add default ACL to directory to make ACL permission inheritance::













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    44









1979






a39d953734da
Fix -m & -d option usage.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1959

diff
changeset




    45


  $ sudo setfacl -d -m u:nobody:rwx /srv/www








1841






2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    46


  $ sudo setfacl -m u:nobody:rwx /srv/www













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    47









1959






669ef988764d
by single command



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1958

diff
changeset




    48


or by single command::













669ef988764d
by single command



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1958

diff
changeset




    49














669ef988764d
by single command



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1958

diff
changeset




    50


  $ sudo setfacl -m u:nobody:rwx,d:u:nobody:rwx /srv/www













669ef988764d
by single command



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1958

diff
changeset




    51









1958






154fce7a0648
To apply permission recursively.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1912

diff
changeset




    52


To apply permission recursively add ``-R`` option::













154fce7a0648
To apply permission recursively.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1912

diff
changeset




    53









1979






a39d953734da
Fix -m & -d option usage.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1959

diff
changeset




    54


  $ sudo setfacl -R -d -m u:nobody:rwx /srv/www








1958






154fce7a0648
To apply permission recursively.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1912

diff
changeset




    55


  $ sudo setfacl -R -m u:nobody:rwx /srv/www













154fce7a0648
To apply permission recursively.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 
1912

diff
changeset




    56









1841






2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    57


.. NOTE:: default ACL is set only on directories and is applied only to













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    58


          directory children. So you should explicitly add permission to













2aaf1f0297f9
Managing ACL permissions.



Oleksandr Gavenko <gavenkoa@gmail.com>


parents: 

diff
changeset




    59


          directory itself!















tips