磁盘ACL功能:[root@szm Desktop]# dumpe2fs /dev/sda1 | grep -i acl
dumpe2fs 1.41.12 (17-May-2010)
Default mount options: user_xattr acl ---------------已经开启
[root@szm Desktop]# tune2fs -l /dev/sda1 | grep -i acl
Default mount options: user_xattr acl ---------------方法二查看
开启ACL功能: [root@szm Desktop]# tune2fs -o acl /dev/sda1
方法二:修改/etc/fstab文件 defaults,acl
方法三:mount -o remount,acl /mnt/sda1
[root@szm Desktop]# setfacl --help
setfacl 2.2.49 -- set file access control lists
Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ...
-m, --modify=acl modify the current ACL(s) of file(s)
-M, --modify-file=file read ACL entries to modify from file
-x, --remove=acl remove entries from the ACL(s) of file(s)
-X, --remove-file=file read ACL entries to remove from file
-b, --remove-all remove all extended ACL entries
-k, --remove-default remove the default ACL
--set=acl set the ACL of file(s), replacing the current ACL
--set-file=file read ACL entries to set from file
--mask do recalculate the effective rights mask
-n, --no-mask don't recalculate the effective rights mask--不重新计算有效权限
-d, --default operations apply to the default ACL
-R, --recursive recurse into subdirectories----递归设置ACL权限包括子目录
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
--restore=file restore ACLs (inverse of `getfacl -R')
--test test mode (ACLs are not modified)
-v, --version print version and exit
-h, --help this help text
[root@szm acl]# setfacl -m u:user2:w fstab(Username:Permission)
[root@szm acl]# getfacl --help
getfacl 2.2.49 -- get file access control lists
Usage: getfacl [-aceEsRLPtpndvh] file ...
-a, --access display the file access control list only
-d, --default display the default access control list only
-c, --omit-header do not display the comment header
-e, --all-effective print all effective rights
-E, --no-effective print no effective rights
-s, --skip-base skip files that only have the base entries
-R, --recursive recurse into subdirectories---递归显示指定目录内的acl权限
-L, --logical logical walk, follow symbolic links
-P, --physical physical walk, do not follow symbolic links
-t, --tabular use tabular output format
-n, --numeric print numeric user/group identifiers
-p, --absolute-names don't strip leading '/' in pathnames
-v, --version print version and exit
-h, --help this help text
[root@szm acl]# getfacl fstab
# file: fstab
# owner: root
# group: root
user::rw-
user:user2:-w ------------刚才写入的权限
group::r--
mask::rw-
other::r--
[root@szm acl]# setfacl -m g:sgid:w fstab
[root@szm acl]# getfacl fstab
# file: fstab
# owner: root
# group: root
user::rw-
user:user2:-w-
group::r--
group:sgid:-w-
mask::rw-
other::r--
| 注意:mask称为生效权限(Effective Permission),如果一个文件的“生效权限”是“r--”,如果用户设置的ACL权限为“rwx”,实际有效的权限还是mask控制的“生效权限”值“r--” |
设置文件的mast为只读: [root@szm acl]# setfacl -m m:r fstab
[root@szm acl]# getfacl fstab
# file: fstab
# owner: root
# group: root
user::rw-
user:user2:-w- #effective:---
group::r--
group:sgid:-w- #effective:---
mask::r--
other::r--
设置User3的默认权限: [root@szm acl]# setfacl -m d:u:user3:rwx .
[root@szm acl]# getfacl .
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:user3:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
[user3@szm acl]$ mkdir user2
[user3@szm acl]$ mkdir user2.txt
[user3@szm acl]$ getfacl user2
# file: user2
# owner: user3
# group: user3
user::rwx
user:user3:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:user3:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
[user3@szm acl]$ getfacl user2.txt
# file: user2.txt
# owner: user3
# group: user3
user::rwx
user:user3:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:user3:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
删除ACL权限:
[root@szm acl]# getfacl fstab
# file: fstab
# owner: root
# group: root
user::rw-
user:user2:-w- #effective:---
group::r--
group:sgid:-w- #effective:---
mask::r--
other::r--
[root@szm acl]# setfacl -x u:user2 fstab
[root@szm acl]# getfacl fstab
# file: fstab
# owner: root
# group: root
user::rw-
group::r--
group:sgid:-w-
mask::rw-
other::r--
| 注意:把ACL文件复制到不具有ACL功能的分区中,文件的ACL功能将会取消 |