Linux command
acl 命令
文件
复制后可按需替换文件名、目录或参数。
常用示例
View the ACL
getfacl [path/to/file]
Set read and write permissions
setfacl -m u:[username]:rw [path/to/file]
Set permissions for a group
setfacl -m g:[groupname]:rx [path/to/directory]
Remove ACL entry
setfacl -x u:[username] [path/to/file]
Remove all ACL entries
setfacl -b [path/to/file]
Set default ACL
setfacl -d -m u:[username]:rwx [path/to/directory]
Apply ACL recursively
setfacl -R -m u:[username]:rx [path/to/directory]
Copy ACL from one file to another
getfacl [source_file] | setfacl --set-file=- [target_file]
说明
Access Control Lists (ACLs) extend the traditional Unix permission model, allowing fine-grained permissions for multiple users and groups on a single file or directory. While standard permissions support only owner, group, and others, ACLs can specify distinct access rights for any number of named users and groups. The getfacl command displays ACL entries, while setfacl modifies them. ACL entries follow the format type:name:permissions where type is u (user), g (group), o (other), or m (mask), name identifies the user or group, and permissions are combinations of r (read), w (write), and x (execute). Default ACLs on directories determine the initial ACL for new files created within. The ACL mask entry limits the effective permissions granted to named users and groups.
参数
- -m _acl_spec_
- Modify the ACL by adding or updating entries.
- -x _acl_spec_
- Remove specified ACL entries.
- -b
- Remove all extended ACL entries.
- -d
- Apply operations to the default ACL (for directories).
- -R
- Apply recursively to directories and their contents.
- -k
- Remove the default ACL.
- --set _acl_spec_
- Replace the entire ACL with the specified entries.
- --set-file _file_
- Read ACL entries from a file (use - for stdin).
- -n
- Do not recalculate the effective rights mask.
FAQ
What is the acl command used for?
Access Control Lists (ACLs) extend the traditional Unix permission model, allowing fine-grained permissions for multiple users and groups on a single file or directory. While standard permissions support only owner, group, and others, ACLs can specify distinct access rights for any number of named users and groups. The getfacl command displays ACL entries, while setfacl modifies them. ACL entries follow the format type:name:permissions where type is u (user), g (group), o (other), or m (mask), name identifies the user or group, and permissions are combinations of r (read), w (write), and x (execute). Default ACLs on directories determine the initial ACL for new files created within. The ACL mask entry limits the effective permissions granted to named users and groups.
How do I run a basic acl example?
Run `getfacl [path/to/file]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -m _acl_spec_ do in acl?
Modify the ACL by adding or updating entries.