+
−.. -*- coding: utf-8; -*-
+
−
+
−======
+
− ACL.
+
−======
+
−.. contents::
+
−   :local:
+
−
+
−Managing ACL permissions.
+
−=========================
+
−
+
−Set permission::
+
−
+
−  $ sudo setfacl -m u:nobody:rwx ~/tmp/dir
+
−  $ sudo setfacl -m g:nogroup:rwx ~/tmp/dir
+
−
+
−Review permissions::
+
−
+
−  $ sudo getfacl ~/tmp/dir
+
−
+
−Remove specific permissions::
+
−
+
−  $ sudo setfacl -x u:test ~/tmp/dir
+
−
+
−.. NOTE:: ``setfacl`` with ``-x`` key can't remove specific permission (like
+
−          read/write/executable bit), you should remove corresponding user or
+
−          group and set new or explicitly specify desired permission for user or
+
−          group with ``-m`` option.
+
−
+
−Remove all ACL permissions::
+
−
+
−  $ sudo setfacl -b ~/tmp/dir
+
−
+
−Remove default ACL::
+
−
+
−  $ sudo setfacl -k ~/tmp/dir
+
−
+
−Backup and restore ACL::
+
−
+
−  $ sudo getfacl ~/tmp/dir >~/tmp/backup.acl
+
−  $ sudo setfacl --restore=~/tmp/backup.acl
+
−
+
−Add default ACL to directory to make ACL permission inheritance::
+
−
+
−  $ sudo setfacl -d -m u:nobody:rwx /srv/www
+
−  $ sudo setfacl -m u:nobody:rwx /srv/www
+
−
+
−or by single command::
+
−
+
−  $ sudo setfacl -m u:nobody:rwx,d:u:nobody:rwx /srv/www
+
−
+
−To apply permission recursively add ``-R`` option::
+
−
+
−  $ sudo setfacl -R -d -m u:nobody:rwx /srv/www
+
−  $ sudo setfacl -R -m u:nobody:rwx /srv/www
+
−
+
−.. NOTE:: default ACL is set only on directories and is applied only to
+
−          directory children. So you should explicitly add permission to
+
−          directory itself!