What happens if Kenny tries to create a file? You may be able to guess that because kenny is not in the accounting group, he won’t have permission. rw-rw-+ 1 fred accounting 0 Jan 8 17:51 test What if Fred creates a file in that directory? $ touch testĭrwxrwx-+ 2 accounting accounting 18 Jan 8 17:51. # getfacl: Removing leading '/' from absolute path names So, to set the default ACL for this directory, we would execute: # setfacl -d -m accounting:rwx /accountingĪfter which we can now see the default ACL info for that directory: # getfacl /accounting In this case, we would use the option -d (defaults). The 'action' would be -m (modify) or -x (remove), and the specification would be the user or group followed by the permissions we want to set. The syntax for setting an ACL looks like this: setfacl file So, let's start by adding a default ACL: Setting an ACL In this case, that's to be expected, because I just created this directory in the lab and haven't done anything other than assigning ownership. We can see that right now, there are no ACLs on this directory because the only permissions listed are for the user, group, and other. Getfacl: Removing leading '/' from absolute path names
We can view the current ACL using the getfacl command: # getfacl /accounting They let us "tack on" access for other users or groups. This type of situation is what Linux Access Control Lists (ACLs) were intended to resolve.ĪCLs allow us to apply a more specific set of permissions to a file or directory without (necessarily) changing the base ownership and permissions. This situation can be tricky because, with regular permissions, each file and directory can have only one user and group owner at a time. What if you have an accounting intern (Kenny) who needs to be able to read certain files (or even just the files owned by Fred, his manager)? Or maybe people in the sales department also need access to the accounting owner’s files to create invoices for Fred’s team in order to bill customers, but you don’t want the sales team to see the other reports that Fred's team generates. However, that's outside the scope of this discussion. Note: You can also use special permissions to control settings like who actually owns new files created in that directory, as well as the sticky bit which controls whether members of the group can delete each other's files. So, we might change the permissions to this: drwxrwx- 2 accounting accounting 12 Jan 8 15:13.
Others (users not in the accounting department) can, however, see and execute what’s in there, which some might think is a bad idea. The accounting service user (the user owner) can read and write to the directory, and members of the accounting group (or owner group) can read and write. You might set these permissions to: drwxrwxr-x 2 accounting accounting 12 Jan 8 15:13 Say that you have a directory where files from the accounting department live. These levels of access are often adequate in many cases. With these permissions, we can grant three (actually five, but we’ll get to that in a minute) types of access: The Linux filesystem gives us three types of permissions. Linux system administration skills assessment.A guide to installing applications on Linux.
#List file details linux download#
0 kommentar(er)
