ACL refers to access control list, which refers to an access control list for files/directories. ACL is used to set user permissions on files. The functions of ACL: 1. Permissions can be set for users; 2. Permissions can be set for user groups; 3. Sub-files/directories inherit the permissions of the parent directory.
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
What is ACL
The full name of ACL is Access Control List, an access control for files/directories Control list. It provides an additional, more flexible permission management mechanism for the file system based on UGO permission management. It is designed as a complement to UNIX file permission management.
ACL allows you to set access permissions for any file/directory to any user or user group.
In Linux systems, ACL can set permissions for a single user to access files. It can also be said that in addition to setting file access permissions in the traditional way (three identities with three permissions), you can also use ACL to set it.
What is the use of ACL
Since it is used as a supplement to UGO permission management, ACL naturally needs to have capabilities that UGO cannot or is difficult to do, such as:
Permissions can be set for users
Permissions can be set for user groups
Sub-files The /directory inherits the permissions of the parent directory
Check whether ACL is supported
ACL requires the cooperation of the Linux kernel and the file system to work. Currently we can Most Linux distributions you see support it by default. But it’s best to check first:
sudo tune2fs -l /dev/sda1 |grep “Default mount options:” Default mount options: user_xattr acl
We can see that acl support has been added by default (Default mount options:).
ACL settings for ordinary files:
Add the ACL of the file
setfacl -m u:zx:--- 1243.txt (zx用户对1243.txt文件没有任何权限) setfacl -m g:zx:--- 1243.txt (zx组对1243.txt文件没有任何权限)
-m parameter indicates modify modification, u indicates settings for user user, zx user name, --- indicates set permissions Information
View the ACL permissions of the file
getfacl 1243.txt (查看文件的ACL权限信息)
Delete the ACL of the file Permissions
setfacl -x u:zx 1243.txt
After setting the ACL permissions, you can see that there is a " " in the file permission information column by viewing the file information
Remove the ACL permission information of the file:
setfacl -b 1243.txt
(Remove the ACL permission information of 1342.txt)
ACL settings for directory files
Setting ACL for directory files is to set the ACL for directory files. The created files are subject to permission control.
mask: Indicates the maximum permission range of the user
setfacl -m d:u:zx:r-- 123
d:default (set the default)
Use root in the root directory Create the 123/bbb directory file and set user zx to have read line permissions:
You can see that subsequent new 123 files will be inherited The previous bbbACL permission setting zx only has read permission
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of What is the use of linux ACL. For more information, please follow other related articles on the PHP Chinese website!