$ /sbin/ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:be:00:41 brd ff:ff:ff:ff:ff:ff
inet 165.135.239.38/24 brd 165.135.239.255 scope global eth0
inet6 fe80::250:56ff:febe:41/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
[bhusal@valentine ~]$
------------------------------------------------------------------
Configure the ACL of a directory.
1. as a root
[root@valentine ~]# cd /tmp
[root@valentine tmp]# mkdir acl_test
[root@valentine tmp]# chmod 700 acl_test
[root@valentine tmp]#
2. as a normal user
[bhusal@valentine ~]$ cd /tmp/acl_test/
-bash: cd: /tmp/acl_test/: Permission denied
[bhusal@valentine ~]$
3. as a root,
[root@valentine tmp]# getfacl acl_test
# file: acl_test
# owner: root
# group: root
user::rwx
group::---
other::---
[root@valentine tmp]#
4. as a root user,
add an extended ACL using the following command as a root.
[root@valentine tmp]# setfacl -m u:bhusal:rwx acl_test/
now, display the extended ACL of the directory,
[root@valentine tmp]# getfacl acl_test
# file: acl_test
# owner: root
# group: root
user::rwx
user:bhusal:rwx
group::---
mask::rwx
other::---
[root@valentine tmp]#
5. now, try as a normal user,
[bhusal@valentine ~]$ cd /tmp/acl_test/
[bhusal@valentine acl_test]$
------------------------------------------
Configure default ACL for a directory
6. as a root,
[root@valentine acl_test]# touch without_default_acl
[root@valentine acl_test]# getfacl without_default_acl
# file: without_default_acl
# owner: root
# group: root
user::rw-
group::---
other::---
[root@valentine acl_test]#
you see, no default ACL of the parent directory was assigned to the file..
now, set the default ACL for the acl_test directory.
[root@valentine acl_test]# touch with_default_acl
[root@valentine acl_test]# getfacl with_default_acl
# file: with_default_acl
# owner: root
# group: root
user::rw-
user:bhusal:rw-
group::---
mask::rw-
other::---
[root@valentine acl_test]# ls -l
total 8
-rw-rw----+ 1 root root 0 Jun 14 15:09 with_default_acl
-rw------- 1 root root 0 Jun 14 15:07 without_default_acl
[root@valentine acl_test]#
7. Delete an ACL
[root@valentine acl_test]# setfacl -x u:bhusal with_default_acl
Display the acl,
[root@valentine acl_test]# getfacl with_default_acl
# file: with_default_acl
# owner: root
# group: root
user::rw-
group::---
mask::---
other::---
[root@valentine acl_test]#
8. now, you see the ACL for the user bhusal has been removed...
View the file attributes,
[root@valentine acl_test]# ls -l
total 8
-rw-------+ 1 root root 0 Jun 14 15:09 with_default_acl
-rw------- 1 root root 0 Jun 14 15:07 without_default_acl
[root@valentine acl_test]#
9. here, you see the extended attribute "+" still on the output.
To remove all the ACLs
[root@valentine acl_test]# setfacl -b with_default_acl
[root@valentine acl_test]# ls -l
total 8
-rw------- 1 root root 0 Jun 14 15:09 with_default_acl
-rw------- 1 root root 0 Jun 14 15:07 without_default_acl
[root@valentine acl_test]#
[root@valentine acl_test]# getfacl with_default_acl
# file: with_default_acl
# owner: root
# group: root
user::rw-
group::---
other::---
[root@valentine acl_test]#
Now, you see ACL has been removed.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:be:00:41 brd ff:ff:ff:ff:ff:ff
inet 165.135.239.38/24 brd 165.135.239.255 scope global eth0
inet6 fe80::250:56ff:febe:41/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
[bhusal@valentine ~]$
------------------------------------------------------------------
Configure the ACL of a directory.
1. as a root
[root@valentine ~]# cd /tmp
[root@valentine tmp]# mkdir acl_test
[root@valentine tmp]# chmod 700 acl_test
[root@valentine tmp]#
2. as a normal user
[bhusal@valentine ~]$ cd /tmp/acl_test/
-bash: cd: /tmp/acl_test/: Permission denied
[bhusal@valentine ~]$
3. as a root,
[root@valentine tmp]# getfacl acl_test
# file: acl_test
# owner: root
# group: root
user::rwx
group::---
other::---
[root@valentine tmp]#
4. as a root user,
add an extended ACL using the following command as a root.
[root@valentine tmp]# setfacl -m u:bhusal:rwx acl_test/
now, display the extended ACL of the directory,
[root@valentine tmp]# getfacl acl_test
# file: acl_test
# owner: root
# group: root
user::rwx
user:bhusal:rwx
group::---
mask::rwx
other::---
[root@valentine tmp]#
5. now, try as a normal user,
[bhusal@valentine ~]$ cd /tmp/acl_test/
[bhusal@valentine acl_test]$
------------------------------------------
Configure default ACL for a directory
6. as a root,
[root@valentine acl_test]# touch without_default_acl
[root@valentine acl_test]# getfacl without_default_acl
# file: without_default_acl
# owner: root
# group: root
user::rw-
group::---
other::---
[root@valentine acl_test]#
you see, no default ACL of the parent directory was assigned to the file..
now, set the default ACL for the acl_test directory.
[root@valentine acl_test]# touch with_default_acl
[root@valentine acl_test]# getfacl with_default_acl
# file: with_default_acl
# owner: root
# group: root
user::rw-
user:bhusal:rw-
group::---
mask::rw-
other::---
[root@valentine acl_test]# ls -l
total 8
-rw-rw----+ 1 root root 0 Jun 14 15:09 with_default_acl
-rw------- 1 root root 0 Jun 14 15:07 without_default_acl
[root@valentine acl_test]#
7. Delete an ACL
[root@valentine acl_test]# setfacl -x u:bhusal with_default_acl
Display the acl,
[root@valentine acl_test]# getfacl with_default_acl
# file: with_default_acl
# owner: root
# group: root
user::rw-
group::---
mask::---
other::---
[root@valentine acl_test]#
8. now, you see the ACL for the user bhusal has been removed...
View the file attributes,
[root@valentine acl_test]# ls -l
total 8
-rw-------+ 1 root root 0 Jun 14 15:09 with_default_acl
-rw------- 1 root root 0 Jun 14 15:07 without_default_acl
[root@valentine acl_test]#
9. here, you see the extended attribute "+" still on the output.
To remove all the ACLs
[root@valentine acl_test]# setfacl -b with_default_acl
[root@valentine acl_test]# ls -l
total 8
-rw------- 1 root root 0 Jun 14 15:09 with_default_acl
-rw------- 1 root root 0 Jun 14 15:07 without_default_acl
[root@valentine acl_test]#
[root@valentine acl_test]# getfacl with_default_acl
# file: with_default_acl
# owner: root
# group: root
user::rw-
group::---
other::---
[root@valentine acl_test]#
Now, you see ACL has been removed.