📘
Linux
  • Ãœmumi mÉ™lumat
  • REDHAT
    • Redhat Administration 1 (RH124)
      • Linux komandası nÉ™dir?
      • Chapter 3
      • Chapter 4
      • Chapter 5
      • Chapter 6
      • Chapter 7
      • Chapter 8
      • Chapter 9
      • Chapter 10
      • Chapter 11
      • Chapter 12
      • Chapter 13
      • Chapter 14
      • Chapter 15
      • Chapter 16
    • Redhat Administration 2 (RH134)
      • Chapter 1
      • Chapter 2
      • Chapter 3
      • Chapter 4
      • Chapter 5
      • Chapter 6
      • Chapter 7
      • Chapter 8
      • Chapter 9
      • Chapter 10
      • Chapter 11
      • Chapter 11
      • Chapter 12
    • Tasks
      • Test and inspect current network configuration with command-line utilities
        • ip-connection
        • DNS resolver /etc/resolv.conf
      • Selinux
      • Archive files
      • Logical volumes
      • Filesystem permissions
      • Yum software package manager
      • NFS exports
      • describe users and groups
      • user account operations
      • storage partitions
      • attaching filesystem
      • reset root password
      • Cronjob
      • find and locate
      • grep and sed
      • maintain time
      • network-accept/reject
      • performance tuning
      • network addressing/routing
      • managing swap
      • automounter
    • Book tasks:
      • Comprehensive reviews:
    • Custom exam practise:
  • Linux security benchmarks
  • Extend ubuntu storage
  • nfs share on ubuntu
  • IPtables
  • SH
Powered by GitBook
On this page

Was this helpful?

  1. REDHAT
  2. Redhat Administration 2 (RH134)

Chapter 4

Controlling access to files with ACLS

getfacl Command

  • getfacl: Displays the Access Control List (ACL) for a file or directory.

    bashCopy codegetfacl file

setfacl Command

  • setfacl: Modifies the ACL of a file or directory.

    bashCopy codesetfacl options file

setfacl Examples

  1. Set ACL for a user with read and execute permissions if the file is a directory (otherwise read-only):

    bashCopy codesetfacl -m u:name:rX file

    • u:name: Specify the user.

    • rX: Read and execute permission (execute only if the file is a directory).

  2. Set ACL for a group with read and write permissions:

    bashCopy codesetfacl -m g:name:rw file

    • g:name: Specify the group.

    • rw: Read and write permissions.

  3. Remove all permissions for others:

    bashCopy codesetfacl -m o::- file

    • o::-: No permissions for others.

  4. Set multiple ACL entries for user, group, and others:

    bashCopy codesetfacl -m u::rwx,g:consultants:rX,o::- file

    • u::rwx: User has read, write, and execute permissions.

    • g:consultants:rX: Group 'consultants' has read and execute permissions.

    • o::-: No permissions for others.

  5. Copy ACLs from one file to another:

    bashCopy codegetfacl file-A | setfacl --set-file=- file-B

    • getfacl file-A: Get ACL of file-A.

    • setfacl --set-file=- file-B: Apply the ACL of file-A to file-B.

  6. Set the mask for the ACL:

    bashCopy codesetfacl -m m::r file

    • m::r: Set the mask to read-only.

  7. Recursively set ACL for a user with read and execute permissions on a directory and its contents:

    bashCopy codesetfacl -R -m u:name:rX directory

    • -R: Recursive.

    • u:name:rX: User has read and execute permissions.

  8. Remove ACL entries for a user and a group:

    bashCopy codesetfacl -x u:name,g:name file

    • -x u:name,g:name: Remove ACL entries for the specified user and group.

  9. Remove all ACL entries:

    bashCopy codesetfacl -b file

    • -b: Remove all ACL entries.

  10. Set default ACL for a user with read and execute permissions on a directory:

    bashCopy codesetfacl -m d:u:name:rx directory

    • d:u:name:rx: Default ACL for the specified user with read and execute permissions.

  11. Remove default ACL for a user:

    bashCopy codesetfacl -x d:u:name directory

    • -x d:u:name: Remove default ACL for the specified user.

  12. Recursively set ACL for a group with read, write, and execute permissions on a directory and its contents:

    bashCopy codesetfacl -Rm g:consultants:rwX /shares/content

    • -Rm: Recursive with the mask.

    • g:consultants:rwX: Group 'consultants' has read, write, and execute permissions.

  13. Recursively remove ACL for a user:

    bashCopy codesetfacl -Rm u:consultant1:- /shares/content

    • u:consultant1:-: Remove all permissions for 'consultant1'.

  14. Set default ACL for a group with read, write, and execute permissions on a directory:

    bashCopy codesetfacl -m d:g:consultants:rwx /shares/content

    • d:g:consultants:rwx: Default ACL for the group 'consultants' with full permissions.

  15. Set default ACL for a user with no permissions on a directory:

    bashCopy codesetfacl -m d:u:consultant1:- /shares/content

    • d:u:consultant1:-: Default ACL for 'consultant1' with no permissions.

  16. Recursively set ACL for a group with read, write, and execute permissions on a directory and its contents:

    bashCopy codesetfacl -Rm g:contractors:rwX /shares/cases

    • g:contractors:rwX: Group 'contractors' has read, write, and execute permissions.

  17. Recursively set ACL for a user with read and execute permissions on a directory and its contents:

    bashCopy codesetfacl -Rm u:contractor3:rX /shares/cases

    • u:contractor3:rX: User 'contractor3' has read and execute permissions.

  18. Set default ACL for a group with read, write, and execute permissions on a directory:

    bashCopy codesetfacl -m d:g:contractors:rwx /shares/cases

    • d:g:contractors:rwx: Default ACL for 'contractors' with full permissions.

  19. Set default ACL for a user with read and execute permissions on a directory:

    bashCopy codesetfacl -m d:u:contractor3:rx /shares/cases

    • d:u:contractor3:rx: Default ACL for 'contractor3' with read and execute permissions

PreviousChapter 3NextChapter 5

Last updated 10 months ago

Was this helpful?