ACL权限问题

ACL权限在Centos7默认开启，无命令则

[root@Beiqi ~]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)

[root@Beiqi ~]# yum -y install libacl acl

getfacl 文件名                查看文件的ACL权限

setfacl 选项 文件名        设置ACL权限

            -m                       设定ACL权限

            -b                         删除ACL权限

            -x：用户               删除单个用户的ACL权限

设置查看用户ACL

[root@Beiqi ~]# ls
anaconda-ks.cfg  hello.go  mail.txt  protest
[root@Beiqi ~]# setfacl -m u:beiqi:rwx protest/
[root@Beiqi ~]# getfacl protest/
# file: protest/
# owner: root
# group: root
user::rwx
user:beiqi:rwx
group::rwx
mask::rwx
other::---

设置查看递归组ACL ，-R 递归设置

[root@Beiqi ~]# setfacl -m g:gzd:rwx -R protest/
[root@Beiqi ~]# getfacl protest/
# file: protest/
# owner: root
# group: root
user::rwx
user:beiqi:rwx
group::rwx
group:gzd:rwx
mask::rwx
other::---

注意：-R只对已经存在的文件设置权限生效

最大有效权限mask 默认是rwx，不建议修改

若修改设定mask权限为rx，修改格式  m:rx  

[root@Beiqi ~]# setfacl -m m:rx protest/
[root@Beiqi ~]# getfacl protest/
# file: protest/
# owner: root
# group: root
user::rwx
user:beiqi:rwx                  #effective:r-x
group::rwx                      #effective:r-x
group:gzd:rwx                   #effective:r-x
mask::r-x
other::---

删除单个用户ACL ， -x 

[root@Beiqi ~]# setfacl -x u:beiqi protest/
[root@Beiqi ~]# getfacl protest/
# file: protest/
# owner: root
# group: root
user::rwx
group::rwx
group:gzd:rwx
mask::rwx
other::---

全部删除ACL权限

[root@Beiqi ~]# setfacl -b protest/
[root@Beiqi ~]# getfacl protest/
# file: protest/
# owner: root
# group: root
user::rwx
group::rwx
other::---