RHCSA Exam objectives: Access Lists in Linux
Sample scenario:
Setup ACL on /home directory partition, setup a test file ‘acllist.file’ in user mike’s directory and give read access to user mailer1.
To setup ACL on any directory, the file system for that directory must be mounted with ACL option.
#mount –o remount,acl /home
To verify, open /etc/fstab and check acl is enabled. For permanent ACL, add /etc/fstab entry.
Check for any ACL enabled in /home directory.
#getfacl /home/mike
To setup ACL
#setfacl –m u:winuser:rw- /home/mike/testfile
To verify ACL for that file, list all contents
-rw-rw----+ 1 mike mike 28 Jan 27 09:06 testfile
Plus(+) sign at the end of permissions means ACL is enabled.
The output of #getfacl /home/mike/testfile would be
ACL can also enabled for other users, for ex,
#setfacl -m o::--- /home/mike/testfile
This ACL denies access to testfile from all others.
(Please note if you remove ACL from a file, this doesn't affect others options. For example if others have read only permissions before ACL. And new ACL enables other users with Read/Write permissions. If you remove that particular ACL, that doesn't affect other users. You have to change manually other user settings using chmod.)
To remove ACL
#setfacl -x u:winuser /home/mike/testfile
To remove all ACL completely
#setfacl -b /home/mike/testfile
(Please note if you remove ACL from a file, this doesn't affect others options. For example if others have read only permissions before ACL. And new ACL enables other users with Read/Write permissions. If you remove that particular ACL, that doesn't affect other users. You have to change manually other user settings using chmod.)
To remove ACL
#setfacl -x u:winuser /home/mike/testfile
To remove all ACL completely
#setfacl -b /home/mike/testfile
This is excellent, so much more to the point than reading Jang's chapter on it.
ReplyDeleteYou should write a book, i'd queue up to purchase.
ReplyDelete