Access Control Lists

From MyWiki
Revision as of 13:05, 31 March 2015 by George2 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

To set an access control list on a single file or directory is relatively simple, but most often it is required to set acls on all files and folders within a directory structure. In non acl parlance the set froup id setting is used to define that the group id is inherited from a folder to a folder created underneath it. In acls the "default" acl does the same thing. We need to ensure that

To set the default facl on a directory:
setfacl -m user::rwx,group::rwx,other:---,mask:rwx,default:user::rwx,default:group::rwx,default:other:---,default:mask:rwx <Directory name>
This configures the directory to propagate by inheritance any acls added to it for users

To add users to acls in a directory structure with inheritance all of the directories in the folder structure must have a "default acl" set. After cd'ing into the relevant directory run the following
find . -type d -exec setfacl -m user::rwx,group::rwx,other:---,mask:rwx,default:user::rwx,default:group::rwx,default:other:---,default:mask:rwx {} \;
Having now set the default acls on all of the directories in the structure we need to add an entry for a particular user as follows
find . -type d -exec setfacl -m user:my01user:rwx,default:user:my01user:rwx {} \;
Now we need to do the same for files
find . -type f -exec setfacl -m user:my01user:rwx {} \;


Linux facls
setfacl -dm u::rwx,g::rwx,o::r /shared/directory - ensure all newly created files are group writeable

Retrieved from "https://wiki.twig.es/index.php?title=Access_Control_Lists&oldid=1802"