一、ACL的简介
权限设置根据三种身份ower、group、others,设置read、write、execute三种权限,但是没有办法针对某一用户或者某一个组来设置特定的权限需求,为了实现这一需求,提出了ACL。
ACL(Access Control List):访问控制列表,提供除传统ower、group、others的read、write、execute权限之外具体权限的设置。
1.对特定用户和文件/目录设置权限
2.对特定的组合文件/目录设置权限
3.对指定目录文件及它中新建的文件/目录设置权限
二、ACL相关命令
getfacl:get file access control lists(查看文件的ACL权限)
语法
getfacl [-aceEsRLPtpndvh] file
getfacl [-aceEsRLPtpndvh] -
常用参数
-a, --access
Display the file access control list.
-d, --default
Display the default access control list.
-c, --omit-header
Do not display the comment header
-e, --all-effective
Print all effective rights comments, even if identical to the
rights defined by the ACL entry.
-E, --no-effective
Do not print effective rights comments.
-s, --skip-base
Skip files that only have the base ACL entries
(owner, group, others).
-R, --recursive
List the ACLs of all files and directories recursively.
setfacl:set file access control lists
语法
setfacl [-bkndRLPvh] [{-m|-x} acl_spec] [{-M|-X} acl_file] file
setfacl --restore={file|-}
常用参数
-b, --remove-all
Remove all extended ACL entries. The base ACL entries of the owner,
group and others are retained.
-k, --remove-default
Remove the Default ACL. If no Default ACL exists, no warnings are
issued.
--mask
Do recalculate the effective rights mask, even if an ACL mask
entry was explicitly given.