Set ACL entries on a file by using the setfacl command.
$ setfacl -s user::perms,group::perms,other:perms,mask:perms,acl_entry_list filename ... |
-s |
Replaces the entire ACL with the new ACL entries, if an ACL already exists on the file. |
user::perms |
Specifies the owner's permissions. |
group::perms |
Specifies the permissions for the owner's group. |
other:perms |
Specifies the permissions for users other than the owner or members of the owner's group. |
mask:perms |
Specifies the permissions for the ACL mask. The mask indicates the maximum permissions allowed for users (other than the owner) and for groups. |
acl_entry_list |
Is the list of one or more ACL entries to set for specific users and groups on the file or directory. You can also set default ACL entries on a directory. Table 51-9 and Table 51-10 show the valid ACL entries. |
filename |
File or directory on which to set the ACL entries. |
To verify that an ACL was set on the file, see "How to Check If a File Has an ACL". To verify which ACL entries were set on the file, use the getfacl command.
$ getfacl filename |
If an ACL already exists on the file, the -s option will replace the entire ACL with the new ACL entries.
The following example sets the user permissions to read/write, group permissions to read only, and other permissions to none on the ch1.doc file. In addition, the user george is given read/write permissions on the file, and the ACL mask permissions is set to read/write, which means no user or group can have execute permissions.
$ setfacl -s user::rw-,group::r--,other:---,mask:rw-, user:george:rw- ch1.doc $ ls -l total 124 -rw-r-----+ 1 nathan sysadmin 34816 Nov 11 14:16 ch1.doc -rw-r--r-- 1 nathan sysadmin 20167 Nov 11 14:16 ch2.doc -rw-r--r-- 1 nathan sysadmin 8192 Nov 11 14:16 notes $ getfacl ch1.doc # file: ch1.doc # owner: nathan # group: sysadmin user::rw- user:george:rw- #effective:rw- group::r-- #effective:r-- mask:rw- other:--- |
The following example sets the user permissions to read/write/execute, group permissions to read only, and other permissions to none on the ch2.doc file. In addition, users in the sysadmin group are given read/write permissions on the file, and the ACL mask permissions is set to read/write.
$ setfacl -s u::7,g::4,o:0,g:sysadmin:6,m:6 ch2.doc $ getfacl ch2.doc |