Access control lists (ACL) allow us to fine-tune access control in systematic manner.
With the help of ACLs, permissions can be defined more flexibly than with the traditional permission .
Traditional Linux access permissions for files and directories consist of setting a combination of read, write, and execute permissions for all
owner,group,others. Access control lists (ACLs) provide a finer-grained access control mechanism than these traditional Linux access permissions.
u:name:permissions: Sets the access ACL for a user (username or UID)
g:name:permissions: Sets the access ACL for the group (group name or GID)
m:permissions: Sets the effective rights mask. This is the union of all permissions of the owning group and all of the user and group entries.
o:permissions: Sets the access ACL for everyone else (others)
# install plugins
$ sudo apt-get install acl -y
Use the setfacl utility to add or modify one or more rules in a file’s ACL. The syntax is:
$ setfacl -m [rules] [files]
$ setfacl -m u:oracle:rwx foldername
List of commands for setting up ACL :
1) To add permission for user
setfacl -m "u:user:permissions" /path/to/file
2) To add permissions for a group
setfacl -m "g:group:permissions" /path/to/file
3) To allow all files or directories to inherit ACL entries from the directory it is within
setfacl -dm "entry" /path/to/dir
4) To remove a specific entry
setfacl -x "entry" /path/to/file
setfacl –x u:oracle <filename>
5) To remove all entries
setfacl -b path/to/file
setfacl –b <filename>
6) To create default ACL entries, specify the -d option when setting ACL using the setfacl command.
setfacl -d -m {u, g}:<name>:[r, w, x] <directory>
7) Deleting default access control lists on directories.
setfacl -k <directory>
8) To remove default ACL entries in a directory and all subdirectories, you would have to use a recursive option (-R)
setfacl -kR <directory>
No comments:
Post a Comment