test

System Administration Guide

How to Set ACL Entries on a File

  1. Set ACL entries on a file by using the setfacl command. 


    $ setfacl -s user::perms,group::perms,other:perms,mask:perms,acl_entry_list
filename ...

    -s

    Replaces the entire ACL with the new ACL entries, if an ACL already exists on the file. 

    		 
    user::perms

    Specifies the owner's permissions. 

    		 
    group::perms

    Specifies the permissions for the owner's group. 

    		 
    other:perms

    Specifies the permissions for users other than the owner or members of the owner's group. 

    		 
    mask:perms

    Specifies the permissions for the ACL mask. The mask indicates the maximum permissions allowed for users (other than the owner) and for groups. 

    acl_entry_list

    Is the list of one or more ACL entries to set for specific users and groups on the file or directory. You can also set default ACL entries on a directory. Table 51-9 and Table 51-10 show the valid ACL entries.

    filename

    File or directory on which to set the ACL entries.  

  2. To verify that an ACL was set on the file, see "How to Check If a File Has an ACL". To verify which ACL entries were set on the file, use the getfacl command. 


    $ getfacl filename
Caution - Caution -

If an ACL already exists on the file, the -s option will replace the entire ACL with the new ACL entries.

Examples--Setting ACL Entries on a File

The following example sets the user permissions to read/write, group permissions to read only, and other permissions to none on the ch1.doc file. In addition, the user george is given read/write permissions on the file, and the ACL mask permissions is set to read/write, which means no user or group can have execute permissions. 


$ setfacl -s user::rw-,group::r--,other:---,mask:rw-,
user:george:rw-
ch1.doc
$ ls -l
total 124
-rw-r-----+  1 nathan  sysadmin   34816 Nov 11 14:16 ch1.doc
-rw-r--r--   1 nathan  sysadmin   20167 Nov 11 14:16 ch2.doc
-rw-r--r--   1 nathan  sysadmin    8192 Nov 11 14:16 notes
$ getfacl ch1.doc
# file: ch1.doc
# owner: nathan
# group: sysadmin
user::rw-
user:george:rw-    #effective:rw-
group::r--         #effective:r--
mask:rw-
other:---

The following example sets the user permissions to read/write/execute, group permissions to read only, and other permissions to none on the ch2.doc file. In addition, users in the sysadmin group are given read/write permissions on the file, and the ACL mask permissions is set to read/write.


$ setfacl -s u::7,g::4,o:0,g:sysadmin:6,m:6 ch2.doc 
$ getfacl ch2.doc