┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #ls -al | grep Temp
drwxrwx---+ 2 jtz jtz 4096 12-р сар 16 19:57 Temp┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #getfacl Temp/
# file: Temp/
# owner: jtz
# group: jtz
user::rwx
group::rwx
other::---
# 语法
setfacl [option] [action/specification] file
# -m 修改
# -x 删除
# -d 默认值
# action/specification : 是指用户和组,后跟我们要设置的权限
# 在设置组 ACL 时需要在组名前加 g: (eg: g:jtz:rwx) 对于用户将 g 改为 u 即可,不过 u 为默认最后更新于
┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #setfacl -d -m jtz:rwx Temp/
# mask 有效权限掩码,此条目限制所有组和指定用户的有效权限,文件所有者和其他人不受此权限影响
┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #getfacl Temp/
# file: Temp/
# owner: jtz
# group: jtz
user::rwx
group::rwx
other::---
default:user::rwx
default:user:jtz:rwx
default:group::rwx
default:mask::rwx
default:other::---┌─[✗]─[root@parrot]─[/home/jtz/Desktop]
└──╼ #useradd fred
┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #usermod -g jtz fred
┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #cat /etc/passwd | grep 1003
jtz:x:1000:1003:JTZ:/home/jtz:/bin/bash
fred:x:1001:1003::/home/fred:/bin/sh┌─[fred@parrot]─[/home/jtz/Desktop/Temp]
└──╼ $touch test
┌─[fred@parrot]─[/home/jtz/Desktop/Temp]
└──╼ $ls -al
总用量 8
drwxrwx---+ 2 jtz jtz 4096 12-р сар 17 10:17 .
drwxr-xr-x 3 jtz jtz 4096 12-р сар 17 09:33 ..
-rw-rw----+ 1 fred jtz 0 12-р сар 17 10:17 test
┌─[fred@parrot]─[/home/jtz/Desktop/Temp]
└──╼ $getfacl test
# file: test
# owner: fred
# group: jtz
user::rw-
user:jtz:rwx #effective:rw-
group::rwx #effective:rw-
mask::rw-
other::---┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #useradd Kenny
┌─[✗]─[root@parrot]─[/home/jtz/Desktop]
└──╼ #su Kenny
$ bash
┌─[Kenny@parrot]─[/home/jtz/Desktop]
└──╼ $cd Temp/
bash: cd: Temp/: 权限不够
# 现在我们设置权限让 Kenny 可以创建文件
┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #setfacl -m Kenny:rwx Temp/
┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #getfacl Temp/
# file: Temp/
# owner: jtz
# group: jtz
user::rwx
user:Kenny:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:jtz:rwx
default:group::rwx
default:mask::rwx
default:other::---┌─[root@parrot]─[/home/jtz/Desktop]
└──╼ #cd Temp/
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #mkdir Kenny
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #chown Kenny:jtz Kenny/
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #getfacl Kenny/
# file: Kenny/
# owner: Kenny
# group: jtz
user::rwx
user:jtz:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:jtz:rwx
default:group::rwx
default:mask::rwx
default:other::---
# 现在 Kenny 用户就可以在 Kenny 文件夹中创建文件┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #setfacl -m fred:- Kenny/
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #getfacl Kenny/
# file: Kenny/
# owner: Kenny
# group: jtz
user::rwx
user:jtz:rwx
user:fred:---
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:jtz:rwx
default:group::rwx
default:mask::rwx
default:other::---
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #su fred
$ bash
┌─[fred@parrot]─[/home/jtz/Desktop/Temp]
└──╼ $cd Kenny/
bash: cd: Kenny/: 权限不够┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #setfacl -m g:jtz:- Kenny/
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #chmod g-rwx Kenny/
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #ls -al
总用量 16
drwxrwx---+ 3 jtz jtz 4096 12-р сар 17 10:35 .
drwxr-xr-x 3 jtz jtz 4096 12-р сар 17 09:33 ..
drwx------+ 2 Kenny jtz 4096 12-р сар 17 10:35 Kenny
-rw-rw----+ 1 fred jtz 0 12-р сар 17 10:17 test
┌─[root@parrot]─[/home/jtz/Desktop/Temp]
└──╼ #getfacl Kenny/
# file: Kenny/
# owner: Kenny
# group: jtz
user::rwx
user:jtz:rwx #effective:---
group::rwx #effective:---
group:jtz:---
mask::---
other::---
default:user::rwx
default:user:jtz:rwx
default:group::rwx
default:mask::rwx
default:other::---
┌─[jtz@parrot]─[~/Desktop/Temp]
└──╼ $cd Kenny/
bash: cd: Kenny/: 权限不够