ACLs Flashcards
What are ACLs used for?
Create granular permissions on a file/directory
How can you tell if a file/directory has an extended ACL set on it?
Denoted by a + at the end of the permissions
How do you set an ACL for a user/group on a file/directory?
setfacl -m u:{uid/username}:{r/w/x} file/directory
setfacl -m g:{gid/group}:{r/w/x} file/directory
How do you view the ACL on a file/directory?
getfacl file/directory
What is important to note when creating ACLs?
It uses the uid/gid, even if username/group is specified.
If the uid/gid of a username/group changes it will still apply to the id
What is the mask in an ACL?
Maximum permissions for the file/directory
Even if user/group has higher permissions they are limited by the mask.
How do you modify the mask on an ACL?
setfacl -m m::{r/w/x} file/directory
How do you set default ACL permissions for child items within a directory?
setfacl -d -m u:{uid/user}:{r/w/x} directory
setfacl -m d:u:{uid/user}:{r/w/x} directory
setfacl -d -m g:{gid/group}:{r/w/x} directory
setfacl -m d:g:{gid/group}:{r/w/x} directory
How do you remove default ACL permissions?
setfacl –remove-default file/directory
How do you remove an ACL for a user/group?
setfacl -x u:{uid/user} file/directory
setfacl -x g:{gid/group} file/directory
How do you remove a default ACL for a user/group?
setfacl -x d:u:{uid/user} file/directory
setfacl -x d:g:{gid/user} file/directory
How would you copy the ACL of a file/directory and apply it to another?
getfacl file/folder | setfacl –set-file=- file/folder
*–set-file= sets the file to take ACL from, the - means to take standard input that is piped to the setfacl command
What filesystems support ACLs?
ext4
xfs
What are base permissions on an ACL?
Standard user|group|other permissions
No + at end of the permissions
What is the equivalent of chmod 777 using ACL permissions?
setfacl -m u::rwx,g::rwx,o::rwx