1. Главная
  2. Книги
  3. Tyler Chris
  4. Fedora Linux
  5. Страница 156
Выбрать главу

On the other hand, changing the default group ACL entry affects both that entry and the mask value:

$ setfacl -m g::r test

$ ls -l test

-rw-r--r--+ 1 chris chris 0 May 6 20:52 test

$ getfacl test

# file: test

# owner: chris

# group: chris

user::rw-

user:thomas:r--

group::r--

mask::r--

other::r--  

The g::r argument is a short form for group::r.

To change multiple ACL entries at one time, separate them by commas:

$ setfacl -m u:diane:rw,u:jim:r,g::r,m::rw test

$ getfacl test

# file: test

# owner: chris

# group: chris

user::rw-

user:thomas:r--

user:diane:rw-

user:jim:r--

group::r--

mask::rw-

other::r--

To set a new ACL, discarding the previous ACL completely, use the --set argument instead of -m :

$ setfacl --set u::rw,u:diane:r,u:thomas:r,u:gord:rw,u:jim:r,m::rw,g::-,o::- test

$ getfacl test

# file: test

# owner: chris

# group: chris

user::rw-

user:thomas:r--

user:diane:r--

user:gord:rw-

user:jim:r--

group::---

mask::rw-

other::---

Note the use of - to indicate no permissions in the ACL entries for group and other .

When using --set , it is necessary to specify at least the permission for the file's owner, the file's group owner, and others, because these will be used to construct the legacy permission mode. Leaving one of those entries out results in an error message:

$ setfacl --set u:diane:r,g::- test

setfacclass="underline" test: Malformed access ACL \Quser:diane:r--,group::---,mask::r--':

Missing or wrong entry at entry 1

To remove an ACL entry, use the -x option to setfacl and specify one or more ACL entries by the type and qualifier components (leave out the permissions):

$ getfacl test

# file: test

# owner: chris

# group: chris

user::rw-

user:thomas:r--

user:diane:r--

user:gord:rw-

user:jim:r--

group::---

mask::rw-

other::---

$ setfacl -x user:gord test

$ getfacl test

# file: test

# owner: chris

# group: chris

user::rw-

user:thomas:r--

user:diane:r--

user:jim:r--

group::---

mask::r--

other::---

8.3.1.1. Setting the default ACL for new files

Each file has an access ACL , but directories can additionally have a default ACL that is used as the default for new files and subdirectories created within that directory.

The default ACL is displayed when getfacl is run with the -d option. Initially the default ACL is empty:

$ getfacl .

# file: .

# owner: chris

# group: chris

user::rwx

group::rwx

other::r-x

$ getfacl -d .

# file: .

# owner: chris

# group: chris

To set the default ACL, use the setfacl command with the -d option:

$ setfacl -d --set u::rw,u:thomas:rw,g::r,m::rw,o::- .

$ getfacl -d .

# file: .

# owner: chris

# group: chris

user::rw-

user:thomas:rw-

group::r--

mask::rw-

other::---

This ACL will then be applied automatically to new files:

$ touch trial

$ getfacl trial

# file: trial

# owner: chris

# group: chris

user::rw-

user:thomas:rw-

group::r--

mask::rw-

other::---

8.3.1.2. Copying and moving files with their ACLs

To copy an ACL when copying a file, use the -p argument to cp :

$ getfacl demo

# file: demo

# owner: chris

# group: chris

user::rw-

group::rw- #effective:r--

mask::r--

other::---

$ cp -p demo demo2

$ getfacl demo2

# file: demo2

# owner: chris

# group: chris

user::rw-

group::rw- #effective:r--

mask::r--

other::---

When moving a file (with mv ), the ACL is automatically preserved:

$ mv demo2 demo3

$ getfacl demo3

# file: demo3

~ 156 ~