4-4 Create and Manage Access Control Lists (ACLs)

Question 1

ACL means

Answer 1

File access control lists (ACLs) are intended to give finer-grained control over specific file permissions. Named users and named groups that have a UID and GID can take advantage or be assigned to ACLs. ACLs are added in addition to the regular permissions that already existent on a file. The file system has to be mounted with ACL option enabled; not all systems support ACLs.

Question 2

When ACLs are set on a file or directory using the chmod command, it only updates the masks and not the permissions.

Answer 2

what does that answer/question to this one mean?????

Question 3

ls -l

-rw-rw-r–+ 1 root root 45 Mar 2 17:01 1.txt

Answer 3

ACLs are set on the directory or file if ls permissions end with a +

Question 4

what are

Extended ACL Entries

Answer 4

Extended ACL entries are those that contain named groups users or more than the minimum ACLs

Question 5

what are

Base/Minimum ACL Entries

Answer 5

Base/minimum ACL entries are the original ACL entries on a file that contains ACL entries for the owner, group, and other

Question 6

Is ACL always available on a system?

Answer 6

File systems must be enabled and mounted with ACL support in order for ACLs to work. By default the XFS and EXT4 file systems ON RED HAT 7 have ACL support enabled.

Question 7

setfacl -m g:namedgroup:rw file

Answer 7

et the named group permissions to rw for a file

Question 8

setfacl -m g::rw file

Answer 8

Set the group owner permission to rw for a file

Question 9

setfacl -m u::rw file

Answer 9

Set the user owner permissions to rw for a file

Question 10

setfacl -m o::rw file

Answer 10

Set “other” permissions on a file

Question 11

you can denote -

Answer 11

In order to remove ACL permissions on a file

Question 12

setfacl -m o::rw,u::rw file

Answer 12

Multiple ACL entries can be specified by separating the entries with a comma

Question 13

setfacl -m o::rw,u::rw file

Answer 13

Multiple ACL entries can be specified by separating the entries with a comma

Question 14

setfacl -x g:groupname file
setfacl –remove-all [file/dir]

use -R for recursion

Answer 14

Remove a named group entry from a file’s ACL

Question 15

getfacl file1 | setfacl –set-file=- file2

Take the ACL from file1 as standard input for setfacl command. The - at the end of –set-
file=- represents the use of standard input (stdin).

Answer 15

Copying ACLs from One File to Another

Question 16

Setting Default ACLs

Answer 16

Directories can have default ACLs that les will inherit when new les are created inside of the directory. Default ACLs on a directory ONLY provide support for inheritance; they are not the ACLs that are enforced on a directory. Thus, you will also have to set regular base/extended ACLs on the directory

Question 17

setfacl -m d:u:nameduser:rx dir1

Notice the d for “default”; all else is the same as when setting default permissions

Answer 17

Set a default named user on directory dir1

Question 18

setfacl –remove-default directory

Answer 18

Delete all default ACLs on a directory

Question 19

getfacl file1

Answer 19

display a file’s acl info including base/minimum ACL entries

the permissions shown by ls -l are also shown here as the base minimum acl

Question 20

meaning of

setfacl -m u:user:rw file

Answer 20

setfacl -m u:theuser:rw file
-m means modify
u: means user, as in the next bit is the user to be added to acl (to be able to access) that file
:rw means user will have access to read and write regarding that file

‘theuser’ maps to uid, so if deleted and new of same name is made, it will have to be re-added as it maps to user

Question 21

‘mask:’ in getfacl file1

setfacl -m m::r file1
the m: will set file1’s acl mask(maximum permission) to read

to set to none use -
setfacl -m m::- 1.txt

setfacl on file will reset mask
chmod on file will reset mask

Answer 21

‘mask’ shows the maximum permissions, if working with masks set after setting acl because acl will reset it, acl can be set with a flag that says not to change mask

chmod if used on file will also changes file’s acl mask

Question 22

setfacl -d -m u::rw dir1

getfacl dir1
‘default:’

setfacl –remove-default dir1

getfacl dir1

Answer 22

Set default acl permissions that inherit to all files and directories made inside of it
use -R on directories to set defaults recursively

check default acl permissions

remove default permissions (not set to zero, but remove)

Question 23

setfacl -x d:u:theuser dir1

Answer 23

remove user ‘the’ user’s default permissions in acl

Question 24

setfacl -m u::rw dir1

Answer 24

by not specifying a user (or group when g:) to add to acl list, it will set regular permissions, see ls -l

will change base level acl user permissions in getfacl