Table of Contents
1. Check ACL support
2. Enable ACL function
(1) Permanently enable ACL by adjusting the /etc/fstab file
(2) Remount the file system
3. Set ACL permissions
(1) Basic concepts
(2) ACL commands
(3) Example
4. ACL permission mask
(1) Set ACL permission mask
(2) View ACL permission mask
5. Inherit ACL permission
(1) Set the default ACL permissions
(2) View the default ACL permissions
Conclusion
Reference materials
Home Operation and Maintenance Linux Operation and Maintenance Using Linux ACL for granular permission management

Using Linux ACL for granular permission management

Feb 25, 2024 pm 11:27 PM
linux Permissions acl

如何使用Linux ACL实现精细的权限控制

How to use Linux ACL to implement fine-grained permission control

In the Linux system, ACL (Access Control List) is a method used to implement fine-grained permissions control mechanism. Compared with traditional permission control methods (based on user groups and permission bits), ACL can control access permissions to files or directories in more detail, allowing administrators to set specific permissions for specific users or groups. This article will introduce how to use ACL to implement fine-grained permission control in Linux systems, and provide specific code examples.

1. Check ACL support

Before starting to use ACL, we first need to confirm whether the system supports ACL. You can check it with the following command:

$ mount | grep acl
Copy after login

If the output contains the word "acl", it means that the system already supports ACL. If you don't see the output, you need to enable the ACL feature in the file system.

2. Enable ACL function

To enable ACL function in the file system, you can use the following steps. Take the ext4 file system as an example:

(1) Permanently enable ACL by adjusting the /etc/fstab file

In the /etc/fstab file, find the corresponding partition line and add "acl "Options:

/dev/sda1 /mnt/data ext4 defaults,acl 0 0
Copy after login

(2) Remount the file system

$ mount -o remount /mnt/data
Copy after login

3. Set ACL permissions

(1) Basic concepts

ACL permission control Including three main types of permissions:

  • Owner permissions (user)
  • Group permissions (group)
  • Other user permissions (other)

(2) ACL commands

Common commands to set ACL permissions include:

  • setfacl: Set ACL permissions
  • getfacl: Get ACL permissions

(3) Example

The following is a simple example, assuming we want to set ACL permissions on the file file.txt in the /mnt/data directory:

$ touch /mnt/data/file.txt
$ setfacl -m u:testuser:rw- /mnt/data/file.txt
$ getfacl /mnt/data/file.txt
Copy after login

In this example, we have given read and write permissions to the testuser user.

4. ACL permission mask

The ACL permission mask (mask) is used to limit the maximum value of ACL permissions to prevent setting too high permissions on ACL permissions. When a user sets higher permissions on a file, the permission mask will ensure that the ACL permissions are not exceeded.

(1) Set ACL permission mask

$ setfacl -m m::rw- /mnt/data/file.txt
Copy after login

(2) View ACL permission mask

$ getfacl /mnt/data/file.txt
Copy after login

5. Inherit ACL permission

in Linux system , subdirectories and files can inherit the ACL permissions of the upper directory.

(1) Set the default ACL permissions

$ setfacl -d -m u::rwx,g::r-x,o::r-x /mnt/data
Copy after login

(2) View the default ACL permissions

$ getfacl /mnt/data
Copy after login

Conclusion

Achieve fine permission control by using Linux ACL , administrators can have more detailed control over user access at the file or directory level. In actual production environments, proper use of ACLs can effectively improve system security and management efficiency. I hope this article has provided some help for you to understand ACL permission control. Welcome to continue to study and apply it in depth.

Reference materials

  • Linux manpage: acl
  • Red Hat Documentation: Using Access Control Lists

The above is about how to use Linux The article content of ACL implements fine-grained permission control, I hope it will be helpful to you.

The above is the detailed content of Using Linux ACL for granular permission management. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to use docker desktop How to use docker desktop Apr 15, 2025 am 11:45 AM

How to use Docker Desktop? Docker Desktop is a tool for running Docker containers on local machines. The steps to use include: 1. Install Docker Desktop; 2. Start Docker Desktop; 3. Create Docker image (using Dockerfile); 4. Build Docker image (using docker build); 5. Run Docker container (using docker run).

How to view the docker process How to view the docker process Apr 15, 2025 am 11:48 AM

Docker process viewing method: 1. Docker CLI command: docker ps; 2. Systemd CLI command: systemctl status docker; 3. Docker Compose CLI command: docker-compose ps; 4. Process Explorer (Windows); 5. /proc directory (Linux).

What to do if the docker image fails What to do if the docker image fails Apr 15, 2025 am 11:21 AM

Troubleshooting steps for failed Docker image build: Check Dockerfile syntax and dependency version. Check if the build context contains the required source code and dependencies. View the build log for error details. Use the --target option to build a hierarchical phase to identify failure points. Make sure to use the latest version of Docker engine. Build the image with --t [image-name]:debug mode to debug the problem. Check disk space and make sure it is sufficient. Disable SELinux to prevent interference with the build process. Ask community platforms for help, provide Dockerfiles and build log descriptions for more specific suggestions.

What computer configuration is required for vscode What computer configuration is required for vscode Apr 15, 2025 pm 09:48 PM

VS Code system requirements: Operating system: Windows 10 and above, macOS 10.12 and above, Linux distribution processor: minimum 1.6 GHz, recommended 2.0 GHz and above memory: minimum 512 MB, recommended 4 GB and above storage space: minimum 250 MB, recommended 1 GB and above other requirements: stable network connection, Xorg/Wayland (Linux)

vscode cannot install extension vscode cannot install extension Apr 15, 2025 pm 07:18 PM

The reasons for the installation of VS Code extensions may be: network instability, insufficient permissions, system compatibility issues, VS Code version is too old, antivirus software or firewall interference. By checking network connections, permissions, log files, updating VS Code, disabling security software, and restarting VS Code or computers, you can gradually troubleshoot and resolve issues.

Can vscode be used for mac Can vscode be used for mac Apr 15, 2025 pm 07:36 PM

VS Code is available on Mac. It has powerful extensions, Git integration, terminal and debugger, and also offers a wealth of setup options. However, for particularly large projects or highly professional development, VS Code may have performance or functional limitations.

What is vscode What is vscode for? What is vscode What is vscode for? Apr 15, 2025 pm 06:45 PM

VS Code is the full name Visual Studio Code, which is a free and open source cross-platform code editor and development environment developed by Microsoft. It supports a wide range of programming languages ​​and provides syntax highlighting, code automatic completion, code snippets and smart prompts to improve development efficiency. Through a rich extension ecosystem, users can add extensions to specific needs and languages, such as debuggers, code formatting tools, and Git integrations. VS Code also includes an intuitive debugger that helps quickly find and resolve bugs in your code.

How to back up vscode settings and extensions How to back up vscode settings and extensions Apr 15, 2025 pm 05:18 PM

How to back up VS Code configurations and extensions? Manually backup the settings file: Copy the key JSON files (settings.json, keybindings.json, extensions.json) to a safe location. Take advantage of VS Code synchronization: enable synchronization with your GitHub account to automatically back up all relevant settings and extensions. Use third-party tools: Back up configurations with reliable tools and provide richer features such as version control and incremental backups.

See all articles