目标

  修改文件或目录的ACL

名词定义

• 命令setfacl

  语法：setfacl [-bkndRLP] { -m|-M|-x|-X … } file …

  选项：
  -m modify the current ACL(s) of file(s)
  -M read ACL entries to modify from file
  -x remove entries from the ACL(s) of file(s)
  -X read ACL entries to remove from file
  -b remove all extended ACL entries
  -k remove the default ACL
  -n don’t recalculate the effective rights mask
  -d operations apply to the default ACL
  -R recurse into subdirectories
  -L logical walk, follow symbolic links
  -P physical walk, do not follow symbolic links
  -v print version and exit
  -h this help text

实操演示

• 修改ACL权限

[root@sinfotek local]# setfacl -m u:sinfotek:rwx time 
[root@sinfotek local]# getfacl time 
# file: time
# owner: root
# group: root
user::rw-
user:sinfotek:rwx
group::r--
mask::rwx
other::r--

[root@sinfotek local]# ll time 
-rw-rwxr--+ 1 root root 43 9月  22 14:45 time

[root@sinfotek local]# setfacl -m d:u:sinfotek:rw /local
[root@sinfotek local]# getfacl /local/
getfacl: Removing leading '/' from absolute path names
# file: local/
# owner: root
# group: root
user::rwx
user:sinfotek:rw-
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:sinfotek:rw-
default:group::r-x
default:mask::rwx
default:other::r-x
##设置默认quan'xian