May 23, 2021 That's what Linux should learn
I do not know whether you find that the general permissions, special permissions, hidden permissions explained above actually have a common - permissions are set for a certain type of user. I f you want separate permission control for a specified user, you need to use the file's access control list (ACL). I n layman's terms, setting up an ACL based on a normal file or directory is actually setting permissions for a file or directory for a specified user or group of users. In addition, if an ACL is set for a directory, the file in the directory inherits its ACL, and if an ACL is set for the file, the file no longer inherits the ACL for the directory in which it is located.
To see more intuitively the powerful effect of ACL on file permission control, we first switch to the normal user and then try to enter the root administrator's home directory. Before the ACL is set for the root administrator's home directory for the average user, the results are as follows:
[root@linuxprobe ~]# su - linuxprobe Last login: Sat Mar 21 16:31:19 CST 2017 on pts/0 [linuxprobe@linuxprobe ~]$ cd /root -bash: cd: /root: Permission denied [linuxprobe@linuxprobe root]$ exit
The setfacl command is used to manage the ACL rules of the file in the format "setfacl (parameter) file name". T he ACL of a file provides special permission controls beyond the read/write/execute permissions of the owner, the group, and others, and the setfacl command allows control of read/write/execute permissions for a single user or group of users, a single file, or directory. W here -R recursive parameters are required for directory files, -m parameters are used for normal files, and -b parameters can be used if you want to delete the ACL of a file. Here's how to set the user's permissions on the /root directory:
s root@linuxprobe s.setfacl -Rm u:linuxprobe:rwx/root (root@linuxprobe s. su - linuxprobe Last login: Sat Mar 21 15:45:03 CST 2017 on pts/2017 1 linuxprobe@linuxprobe . [email protected] [email protected] linuxprobe@linuxprobe . B ut now there's the little question - how do I check the ACL on the file? T he common ls command is that you can't see the ACL table information, but you can see that the last point of the file's permissions (.) becomes a plus sign, which means that the file has an ACL set. N ow do you feel like the more you learn, the less afraid you are to say you're proficient in Linux? Such a humble point (...) even expressed such an important authority.
[root@linuxprobe ~]# ls -ld /root dr-xrwx---+ 14 root root 4096 May 4 2017 /root
The getfacl command is used to display ACL information set on the file in the format "getfacl file name". T he commands in the Linux system are so cute and rememberable. T o set up an ACL, use the setfacl command, and to view the ACL, use the getfacl command. The getfacl command is used below to display all the ACL information set up on the root administrator's home directory.
[root@linuxprobe ~]# getfacl /root getfacl: Removing leading '/' from absolute path names
# owner: root
# group: root
user::r-x
user:linuxprobe:rwx
group::r-x
mask::rwx
other::---