Linux特殊的文件控制权限FACL

Posted 2020-10-09 mvpbang

　　对文件设置特殊的权限，FACL（File Access Control List）

---

 

ACL简介

基本ACL操作

getfacl  查看文件权限      setfacl  设定acl权限

设置file的ACL权限

[root@mvpbang tmp]# setfacl -m u:ftp:rwx 1.sh 
[root@mvpbang tmp]# 
[root@mvpbang tmp]# ll 1.sh 
-rw-rwxr--+ 1 ftp ftp 67 Sep 17 16:12 1.sh   #文件详情多个+
[root@mvpbang tmp]# getfacl 1.sh 
# file: 1.sh
# owner: ftp
# group: ftp
user::rw-
user:ftp:rwx     #多个附属的ftp的权限
group::r--
mask::rwx
other::r--

setfacl命令参数

[root@mvp tmp]# setfacl -h
setfacl 2.2.49 -- set file access control lists
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
  -m, --modify=acl        modify the current ACL(s) of file(s)
  -M, --modify-file=file  read ACL entries to modify from file
  -x, --remove=acl        remove entries from the ACL(s) of file(s)
  -X, --remove-file=file  read ACL entries to remove from file
  -b, --remove-all        remove all extended ACL entries
  -k, --remove-default    remove the default ACL
      --set=acl           set the ACL of file(s), replacing the current ACL
      --set-file=file     read ACL entries to set from file
      --mask              do recalculate the effective rights mask
  -n, --no-mask           don\'t recalculate the effective rights mask
  -d, --default           operations apply to the default ACL
  -R, --recursive         recurse into subdirectories
  -L, --logical           logical walk, follow symbolic links
  -P, --physical          physical walk, do not follow symbolic links
      --restore=file      restore ACLs (inverse of `getfacl -R\')
      --test              test mode (ACLs are not modified)
  -v, --version           print version and exit
  -h, --help              this help text