警告
本文最后更新于 2019-04-11,文中内容可能已过时。
ACL(Access Control List) 权限控制主要目的是提供传统的 owner、group、other 的 read、wirte、execute 权限之外的具体权限设置,可以针对单一用户或组来设置特定的权限。
我们可以通过命令来设置单个用户対文件(或文件夹)的读取权限。
安装 acl
使用命令
1
2
3
4
5
|
## Ubuntu
sudo apt install acl
## CentOS
sudo yum install acl
|
主要功能
getfacl: 查看权限
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
getfacl -h
getfacl 2.2.52 -- get file access control lists
Usage: getfacl [-aceEsRLPtpndvh] file ...
-a, --access display the file access control list only
-d, --default display the default access control list only
-c, --omit-header do not display the comment header
-e, --all-effective print all effective rights
-E, --no-effective print no effective rights
-s, --skip-base skip files that only have the base entries
-R, --recursive recurse into subdirectories
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
-t, --tabular use tabular output format
-n, --numeric print numeric user/group identifiers
-p, --absolute-names don't strip leading '/' in pathnames
-v, --version print version and exit
-h, --help this help tex
cd ~/Documents
getfacl Documents
# file: Documents
# owner: william
# group: william
user::rwx
group::r-x
other::r-x
|
setfacl: 设置权限
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
setfacl -h
setfacl 2.2.52 -- set file access control lists
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
-m, --modify=acl modify the current ACL(s) of file(s)
-M, --modify-file=file read ACL entries to modify from file
-x, --remove=acl remove entries from the ACL(s) of file(s)
-X, --remove-file=file read ACL entries to remove from file
-b, --remove-all remove all extended ACL entries
-k, --remove-default remove the default ACL
--set=acl set the ACL of file(s), replacing the current ACL
--set-file=file read ACL entries to set from file
--mask do recalculate the effective rights mask
-n, --no-mask don't recalculate the effective rights mask
-d, --default operations apply to the default ACL
-R, --recursive recurse into subdirectories
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
--restore=file restore ACLs (inverse of `getfacl -R')
--test test mode (ACLs are not modified)
-v, --version print version and exit
-h, --help this help text
|
对于某个特定的用户,我们想要分配文件读取权限,可以执行
1
|
setfacl -R -m u:trader:rwx /data/ChinaStocks
|
-R
:対目录下所有文件递归执行修改
-m
:执行修改权限的命令(modify)
u:trader:rwx
:针对用户(u:trader
)执行权限设置(:rwx
)