author | Oleksandr Gavenko <gavenkoa@gmail.com> |
Sat, 10 Feb 2018 01:49:07 +0200 | |
changeset 2230 | 9e6ad6607a9e |
parent 1981 | ad12707cb8de |
permissions | -rw-r--r-- |
1841
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
1 |
.. -*- coding: utf-8; -*- |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
2 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
3 |
====== |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
4 |
ACL. |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
5 |
====== |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
6 |
.. contents:: |
1905
fba288d59662
Include only local subsections into TOC. This prevent duplication of
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1841
diff
changeset
|
7 |
:local: |
1841
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
8 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
9 |
Managing ACL permissions. |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
10 |
========================= |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
11 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
12 |
Set permission:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
13 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
14 |
$ sudo setfacl -m u:nobody:rwx ~/tmp/dir |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
15 |
$ sudo setfacl -m g:nogroup:rwx ~/tmp/dir |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
16 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
17 |
Review permissions:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
18 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
19 |
$ sudo getfacl ~/tmp/dir |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
20 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
21 |
Remove specific permissions:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
22 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
23 |
$ sudo setfacl -x u:test ~/tmp/dir |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
24 |
|
1981
ad12707cb8de
Like read/write/executable bit.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1980
diff
changeset
|
25 |
.. NOTE:: ``setfacl`` with ``-x`` key can't remove specific permission (like |
ad12707cb8de
Like read/write/executable bit.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1980
diff
changeset
|
26 |
read/write/executable bit), you should remove corresponding user or |
ad12707cb8de
Like read/write/executable bit.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1980
diff
changeset
|
27 |
group and set new or explicitly specify desired permission for user or |
ad12707cb8de
Like read/write/executable bit.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1980
diff
changeset
|
28 |
group with ``-m`` option. |
1980
dbe9a69aa2f6
``setfacl`` with ``-x`` key can't remove specific permission.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1979
diff
changeset
|
29 |
|
1841
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
30 |
Remove all ACL permissions:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
31 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
32 |
$ sudo setfacl -b ~/tmp/dir |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
33 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
34 |
Remove default ACL:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
35 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
36 |
$ sudo setfacl -k ~/tmp/dir |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
37 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
38 |
Backup and restore ACL:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
39 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
40 |
$ sudo getfacl ~/tmp/dir >~/tmp/backup.acl |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
41 |
$ sudo setfacl --restore=~/tmp/backup.acl |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
42 |
|
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
43 |
Add default ACL to directory to make ACL permission inheritance:: |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
44 |
|
1979
a39d953734da
Fix -m & -d option usage.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1959
diff
changeset
|
45 |
$ sudo setfacl -d -m u:nobody:rwx /srv/www |
1841
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
46 |
$ sudo setfacl -m u:nobody:rwx /srv/www |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
47 |
|
1959 | 48 |
or by single command:: |
49 |
||
50 |
$ sudo setfacl -m u:nobody:rwx,d:u:nobody:rwx /srv/www |
|
51 |
||
1958
154fce7a0648
To apply permission recursively.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1912
diff
changeset
|
52 |
To apply permission recursively add ``-R`` option:: |
154fce7a0648
To apply permission recursively.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1912
diff
changeset
|
53 |
|
1979
a39d953734da
Fix -m & -d option usage.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1959
diff
changeset
|
54 |
$ sudo setfacl -R -d -m u:nobody:rwx /srv/www |
1958
154fce7a0648
To apply permission recursively.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1912
diff
changeset
|
55 |
$ sudo setfacl -R -m u:nobody:rwx /srv/www |
154fce7a0648
To apply permission recursively.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1912
diff
changeset
|
56 |
|
1841
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
57 |
.. NOTE:: default ACL is set only on directories and is applied only to |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
58 |
directory children. So you should explicitly add permission to |
2aaf1f0297f9
Managing ACL permissions.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
diff
changeset
|
59 |
directory itself! |