linux setfacl getfacl 实现对 文件、文件夹添加多个组、多个用户的复杂权限控制
新增/修改用户对目录或文件访问权限setfacl -R -m u:username:rwx target-dirsetfacl -R -m u:username:rwx target-file移除用户对目录或文件访问权限setfacl -R -x u:username:rwx target-dirsetfacl -R -x u:username:rwx target-file新增/修改用户组对目录
·
新增/修改用户对目录或文件访问权限
setfacl -R -m u:username:rwx target-dir
setfacl -R -m u:username:rwx target-file
移除用户对目录或文件访问权限
setfacl -R -x u:username:rwx target-dir
setfacl -R -x u:username:rwx target-file
新增/修改用户组对目录或文件访问权限
setfacl -R -m g:groupname:rwx target-dir
setfacl -R -m g:groupname:rwx target-file
移除用户组对目录或文件访问权限
setfacl -R -x g:groupname:rwx target-dir
setfacl -R -x g:groupname:rwx target-file
查看文件、目录访问控制权限
[root@localhost /]# getfacl file-data/
# file: file-data/
# owner: root
# group: root
user::rwx
user:nginx:r-x
user:yeqiang:rwx
group::r-x
mask::rwx
other::---
附件
[root@localhost nginx]# setfacl --help
setfacl 2.2.51 -- set file access control lists
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
-m, --modify=acl modify the current ACL(s) of file(s)
-M, --modify-file=file read ACL entries to modify from file
-x, --remove=acl remove entries from the ACL(s) of file(s)
-X, --remove-file=file read ACL entries to remove from file
-b, --remove-all remove all extended ACL entries
-k, --remove-default remove the default ACL
--set=acl set the ACL of file(s), replacing the current ACL
--set-file=file read ACL entries to set from file
--mask do recalculate the effective rights mask
-n, --no-mask don't recalculate the effective rights mask
-d, --default operations apply to the default ACL
-R, --recursive recurse into subdirectories
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
--restore=file restore ACLs (inverse of `getfacl -R')
--test test mode (ACLs are not modified)
-v, --version print version and exit
-h, --help this help text
[root@localhost nginx]# getfacl --help
getfacl 2.2.51 -- get file access control lists
Usage: getfacl [-aceEsRLPtpndvh] file ...
-a, --access display the file access control list only
-d, --default display the default access control list only
-c, --omit-header do not display the comment header
-e, --all-effective print all effective rights
-E, --no-effective print no effective rights
-s, --skip-base skip files that only have the base entries
-R, --recursive recurse into subdirectories
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
-t, --tabular use tabular output format
-n, --numeric print numeric user/group identifiers
-p, --absolute-names don't strip leading '/' in pathnames
-v, --version print version and exit
-h, --help this help text
更多推荐
已为社区贡献10条内容
所有评论(0)