Granting rwx access to files and directories for one or more users or groups.
Inorder to enable ACLs on a file system, the filesystem must be mounted with acl mount option.Filesystems created during installation include the acl flag in their default munt option.To remount a file system eg:/ home with acl option, run the following:
mount -o remount,acl /home
To view the acl for a file use getfacl:
ls -l fork2.pl
-rwxrwx--- 1 sriram sriram 352 Aug 2 17:40 fork2.pl
getfacl /home/sriram/ fork2.pl
# file: fork2.pl
# owner: sriram
# group: sriram
user::rwx
group::rwx
other::r-x
To enable other user named "varun" to execute fork2.pl whose owner if sriram, use setfacl:
setfacl -m u:varun:rwx fork2.pl
getfacl fork2.pl
# file: fork2.pl
# owner: sriram
# group: sriram
user::rwx
user:varun:rwx
group::rwx
mask::rwx
other::---
Now, user "varun" can execute the file "fork2.pl" :
[root@localhost sriram]# su - varun
[varun@localhost sriram]$ ./fork2.pl
[varun@localhost sriram]$
Examine the permissions of fork2.pl :
[varun@localhost sriram]$ ls -l fork2.pl
-rwxrwx---+ 1 sriram sriram 352 Aug 2 17:40 fork2.pl
There is a "+" sign at the end of the permission bits indicating that fork2.pl is accessable by an non-member user.
Inorder to enable ACLs on a file system, the filesystem must be mounted with acl mount option.Filesystems created during installation include the acl flag in their default munt option.To remount a file system eg:/ home with acl option, run the following:
mount -o remount,acl /home
To view the acl for a file use getfacl:
ls -l fork2.pl
-rwxrwx--- 1 sriram sriram 352 Aug 2 17:40 fork2.pl
getfacl /home/sriram/ fork2.pl
# file: fork2.pl
# owner: sriram
# group: sriram
user::rwx
group::rwx
other::r-x
To enable other user named "varun" to execute fork2.pl whose owner if sriram, use setfacl:
setfacl -m u:varun:rwx fork2.pl
getfacl fork2.pl
# file: fork2.pl
# owner: sriram
# group: sriram
user::rwx
user:varun:rwx
group::rwx
mask::rwx
other::---
Now, user "varun" can execute the file "fork2.pl" :
[root@localhost sriram]# su - varun
[varun@localhost sriram]$ ./fork2.pl
[varun@localhost sriram]$
Examine the permissions of fork2.pl :
[varun@localhost sriram]$ ls -l fork2.pl
-rwxrwx---+ 1 sriram sriram 352 Aug 2 17:40 fork2.pl
There is a "+" sign at the end of the permission bits indicating that fork2.pl is accessable by an non-member user.
No comments:
Post a Comment