SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Sponsor:

Would you like to sponsor this site?
Or buy me a beer?:


Recently Changed Pages:

View All Pages
View All Q Pages


View All Tags


Sign up for Q to post comments.





WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Terms And Conditions for Q users


Pages with comments

PageDateDiscussionTags
2019/06/22 10:36 1 Comment
2019/03/15 16:02 1 Comment
2019/03/15 16:02 1 Comment
2019/03/15 16:02 3 Comments
2017/04/20 15:28 1 Comment
2017/04/20 15:23 1 Comment
2017/04/19 14:44 1 Comment
2017/04/17 20:10 1 Comment
2017/04/17 20:07 1 Comment
2017/04/17 19:58 1 Comment
2017/04/17 19:52 1 Comment

View All Comments

redhatacl

Red Hat ACL or Extended Permissions

The filesystems ext2/3/4 also support more complex file permissions called ACLs. I will not cover that deeply, just enough to get you going.

Enabling ACLs

If you want to use ACLs you should mount the filesystem with an extra option. The installer enables all ext4 filesystems that are created during the installation with this option, so newly created filesystems miss this option. The option is called acl.

You can use the tune2fs command to set the default mount options:

tune2fs -o acl,user_xattr /dev/vgsrv/home

Or remove it from the default options:

tune2fs -o ^acl /dev/vgsrv/home

See ACL

You can recognize there are ACLs on a file with ls. The last character of the permissions command will be shown as a +.

You can use getfacl to see the ACL:

[root@localhost ~]# ls -l /permissions/
total 4
-rw-rw-r--+ 1 root root 0 Apr 12 12:28 file1
[root@localhost ~]# getfacl /permissions/file1
getfacl: Removing leading '/' from absolute path names
# file: permissions/file1
# owner: root
# group: root
user::rw-
group::r--
group:sjoerdhooft:rw-
mask::rw-
other::r--
Note that user:: group:: and other:: refer to the original user,group and other permissions of the file.

Set ACL

You can set an ACL using setfacl,

This is how I've added the private group of user sjoerdhooft to file1 as displayed above:

setfacl -m g:sjoerdhooft:rw /permissions/file1

This is an example to add an ACL for a user:

setfacl -m -u:sjoerdhooft:rw /permissions/file1

This is an example to remove the ACL permissions:

setfacl -x -u:sjoerdhooft /permissions/file1

This is an example to change(remove) the normal other permissions:

setfacl -m -o::- /permissions/file1

Set Default ACLs

You can also set a default ACL so all newly created files in a directory receive the permission you set (add d: for default to the command):

setfacl -m d:u:sjoerdhooft:rw /permissions

And if you also want all existing files in the directory to receive the permissions, including files in subdirectories set the recursive option as well:

setfacl -m d:g:sjoerdhooft:rw -R /permissions

Resources

If you want more information see:

[root@localhost ~]# man -k acl
acl                  (5)  - Access Control Lists
chacl                (1)  - change the access control list of a file or directory
getfacl              (1)  - get file access control lists
.k5login [k5login]   (5)  - Kerberos V5 acl file for host access
setfacl              (1)  - set file access control lists
You could leave a comment if you were logged in.
redhatacl.txt · Last modified: 2014/04/13 09:27 by sjoerd